Module index

Module ida_expr

IDA Plugin SDK API wrapper: expr

Global variables

delete macros at the end of compilation
allow calls of only thread-safe functions
allow program labels in the script
requires open database
does not return. the interpreter may clean up its state before calling it.
thread safe function. may be called
var HF_MAX
HF_MAX = 8
IDC script extension.
return single index (i2 is ignored)
copy the result to the input var (v)
dereference until we get a non 'VT_REF'
dereference only once, do not loop
Floating point (see 'idc_value_t::e' )
Function (see 'idc_value_t::funcidx' )
var VT_INT64
Integer (see 'idc_value_t::num' )
var VT_OBJ
Object (see idc_value_t::obj)
void *
var VT_REF
var VT_STR
String (see qstr() and similar functions)
Function with arbitrary number of arguments. The actual number of arguments will be passed in 'idc_value_t::num' . This value should not be used for 'idc_value_t' .
var eExecThrow
See return value of 'idc_func_t' .


def add_idc_class(*args) ‑> idc_class_t *
Create a new IDC class.
add_idc_class(name, super=None) -> idc_class_t *
name: name of the new class (C++: const char *)
super: the base class for the new class. if the new class is
not based on any other class, pass NULL (C++: const idc_class_t *)
return: pointer to the created class. If such a class already exists,
a pointer to it will be returned. Pointers to other existing classes may be invalidated by this call.
def add_idc_func(name, fp, args, defvals=(), flags=0)
Extends the IDC language by exposing a new IDC function that is backed up by a Python function
name: IDC function name to expose
fp: Python callable that will receive the arguments and return a tuple.
args: Arguments. A tuple of idaapi.VT_XXX constants
defvals: default argument values (optional)
flags: IDC function flags. A combination of EXTFUN_XXX constants (optional)
return: Boolean
def add_idc_gvar(*args) ‑> idc_value_t *
Add global IDC variable.
add_idc_gvar(name) -> idc_value_t
name: name of the global variable (C++: const char *)
return: pointer to the created variable or existing variable. NB: the
returned pointer is valid until a new global var is added.
def compile_idc_file(*args) ‑> qstring *
compile_idc_file(nonnul_line) -> str
nonnul_line: char const *
def compile_idc_snippet(*args) ‑> qstring *
Compile text with IDC statements.
compile_idc_snippet(func, text, resolver=None, only_safe_funcs=False) -> str
func: name of the function to create out of the snippet (C++:
const char *)
text: text to compile (C++: const char *)
resolver: callback object to get values of undefined variables
This object will be called if IDC function contains references to undefined variables. May be NULL. (C++: idc_resolver_t *)
only_safe_funcs: if true, any calls to functions without
EXTFUN_SAFE flag will lead to a compilation error. (C++: bool)
retval: true - ok
retval: false - error, see errbuf
def compile_idc_text(*args) ‑> qstring *
compile_idc_text(nonnul_line) -> str
nonnul_line: char const *
def copy_idcv(*args) ‑> error_t
Copy 'src' to 'dst'. For idc objects only a reference is copied.
copy_idcv(dst, src) -> error_t
dst (C++: idc_value_t *)
src (C++: const idc_value_t &)
def create_idcv_ref(*args) ‑> bool
Create a variable reference. Currently only references to global variables can be created.
create_idcv_ref(ref, v) -> bool
ref: ptr to the result (C++: idc_value_t *)
v: variable to reference (C++: const idc_value_t *)
return: success
def deep_copy_idcv(*args) ‑> error_t
Deep copy an IDC object. This function performs deep copy of idc objects. If 'src' is not an object, 'copy_idcv()' will be called
deep_copy_idcv(dst, src) -> error_t
dst (C++: idc_value_t *)
src (C++: const idc_value_t &)
def del_idc_func(name)
Unregisters the specified IDC function
name: IDC function name to unregister
return: Boolean
def del_idcv_attr(*args) ‑> error_t
Delete an object attribute.
del_idcv_attr(obj, attr) -> error_t
obj: variable that holds an object reference (C++: idc_value_t
attr: attribute name (C++: const char *)
return: error code, eOk on success
def deref_idcv(*args) ‑> idc_value_t *
Dereference a 'VT_REF' variable.
deref_idcv(v, vref_flags) -> idc_value_t
v: variable to dereference (C++: idc_value_t *)
vref_flags: Dereference IDC variable flags (C++: int)
return: pointer to the dereference result or NULL. If returns NULL,
qerrno is set to eExecBadRef "Illegal variable reference"
def eval_expr(*args) ‑> qstring *
Compile and calculate an expression.
eval_expr(rv, where, line) -> str
rv: pointer to the result (C++: idc_value_t *)
where: the current linear address in the addressing space of
the program being disassembled. If will be used to resolve names of local variables etc. if not applicable, then should be BADADDR . (C++: ea_t)
line: the expression to evaluate (C++: const char *)
retval: true - ok
retval: false - error, see errbuf
def eval_idc_expr(*args) ‑> qstring *
Same as 'eval_expr()' , but will always use the IDC interpreter regardless of the currently installed extlang.
eval_idc_expr(rv, where, line) -> str
rv (C++: idc_value_t *)
where (C++: ea_t) line: char const *
def exec_idc_script(*args) ‑> qstring *
Compile and execute IDC function(s) from file.
exec_idc_script(result, path, func, args, argsnum) -> str
result: ptr to idc_value_t to hold result of the function. If
execution fails, this variable will contain the exception information. You may pass NULL if you are not interested in the returned value. (C++: idc_value_t *)
path: text file containing text of IDC functions (C++: const
char *)
func: function name to execute (C++: const char *)
args: array of parameters (C++: const idc_value_t)
argsnum: number of parameters to pass to 'fname' This number
should be equal to number of parameters the function expects. (C++: size_t)
retval: true - ok
retval: false - error, see errbuf
def exec_system_script(*args) ‑> bool
Compile and execute "main" function from system file.
exec_system_script(file, complain_if_no_file=True) -> bool
file: file name with IDC function(s). The file will be searched
using get_idc_filename() . (C++: const char *)
complain_if_no_file: 1: display warning if the file is not
found 0: don't complain if file doesn't exist (C++: bool)
retval: 1 - ok, file is compiled and executed
retval: 0 - failure, compilation or execution error, warning is
def find_idc_class(*args) ‑> idc_class_t *
Find an existing IDC class by its name.
find_idc_class(name) -> idc_class_t *
name: name of the class (C++: const char *)
return: pointer to the class or NULL. The returned pointer is valid
until a new call to add_idc_class()
def find_idc_func(*args) ‑> qstring *
find_idc_func(prefix, n=0) -> str
prefix (C++: const char *)
n (C++: int)
def find_idc_gvar(*args) ‑> idc_value_t *
Find an existing global IDC variable by its name.
find_idc_gvar(name) -> idc_value_t
name: name of the global variable (C++: const char *)
return: pointer to the variable or NULL. NB: the returned pointer is
valid until a new global var is added. FIXME: it is difficult to use this function in a thread safe manner
def first_idcv_attr(*args) ‑> char const *
first_idcv_attr(obj) -> char const *
obj (C++: const idc_value_t *)
def free_idcv(*args) ‑> void
Free storage used by 'VT_STR' / 'VT_OBJ' IDC variables. After this call the variable has a numeric value 0
v (C++: idc_value_t *)
def get_idc_filename(*args) ‑> char const *
Get full name of IDC file name. Search for file in list of include directories, IDCPATH directory and system directories.
get_idc_filename(file) -> str
file: file name without full path (C++: const char *)
return: NULL is file not found. otherwise returns pointer to buf
def get_idcv_attr(*args) ‑> error_t
Get an object attribute.
get_idcv_attr(res, obj, attr, may_use_getattr=False) -> error_t
res: buffer for the attribute value (C++: idc_value_t *)
obj: variable that holds an object reference. if obj is NULL it
searches global variables, then user functions (C++: const idc_value_t *)
attr: attribute name (C++: const char *)
may_use_getattr: may call getattr functions to calculate the
attribute if it does not exist (C++: bool)
return: error code, eOk on success
def get_idcv_class_name(*args) ‑> qstring *
Retrieves the IDC object class name.
get_idcv_class_name(obj) -> str
obj: class instance variable (C++: const idc_value_t *)
return: error code, eOk on success
def get_idcv_slice(*args) ‑> error_t
Get slice.
get_idcv_slice(res, v, i1, i2, flags=0) -> error_t
res: output variable that will contain the slice (C++:
idc_value_t *)
v: input variable (string or object) (C++: const idc_value_t
i1: slice start index (C++: uval_t)
i2: slice end index (excluded) (C++: uval_t)
flags: IDC variable slice flags or 0 (C++: int)
return: eOk if success
def idcv_float(*args) ‑> error_t
Convert IDC variable to a floating point.
idcv_float(v) -> error_t
v (C++: idc_value_t *)
def idcv_int64(*args) ‑> error_t
Convert IDC variable to a 64bit number.
idcv_int64(v) -> error_t
v (C++: idc_value_t *)
return: v = 0 if impossible to convert to int64
def idcv_long(*args) ‑> error_t
Convert IDC variable to a long (32/64bit) number.
idcv_long(v) -> error_t
v (C++: idc_value_t *)
return: v = 0 if impossible to convert to long
def idcv_num(*args) ‑> error_t
Convert IDC variable to a long number.
idcv_num(v) -> error_t
v (C++: idc_value_t *)
return: v = 0 if IDC variable = "false" string v = 1 if IDC
variable = "true" string v = number if IDC variable is number or string containing a number eTypeConflict if IDC variable = empty string
def idcv_object(*args) ‑> error_t
Create an IDC object. The original value of 'v' is discarded (freed).
idcv_object(v, icls=None) -> error_t
v: variable to hold the object. any previous value will be
cleaned (C++: idc_value_t *)
icls: ptr to the desired class. NULL means "object" class this
ptr must be returned by add_idc_class() or find_idc_class() (C++: const idc_class_t *)
return: always eOk
def idcv_string(*args) ‑> error_t
Convert IDC variable to a text string.
idcv_string(v) -> error_t
v (C++: idc_value_t *)
def last_idcv_attr(*args) ‑> char const *
last_idcv_attr(obj) -> char const *
obj (C++: const idc_value_t *)
def move_idcv(*args) ‑> error_t
Move 'src' to 'dst'. This function is more effective than copy_idcv since it never copies big amounts of data.
move_idcv(dst, src) -> error_t
dst (C++: idc_value_t *)
src (C++: idc_value_t *)
def next_idcv_attr(*args) ‑> char const *
next_idcv_attr(obj, attr) -> char const *
obj (C++: const idc_value_t *)
attr (C++: const char *)
def prev_idcv_attr(*args) ‑> char const *
prev_idcv_attr(obj, attr) -> char const *
obj (C++: const idc_value_t *)
attr (C++: const char *)
def print_idcv(*args) ‑> qstring *
Get text representation of 'idc_value_t' .
print_idcv(v, name=None, indent=0) -> str
v (C++: const idc_value_t &)
name (C++: const char *)
indent (C++: int)
def py_add_idc_func(*args) ‑> bool
py_add_idc_func(name, fp_ptr, args, defvals, flags) -> bool
name: char const * fp_ptr: size_t args: char const * defvals: idc_values_t const & flags: int
def py_get_call_idc_func(*args) ‑> size_t
py_get_call_idc_func() -> size_t
def pyw_convert_defvals(*args) ‑> bool
pyw_convert_defvals(out, py_seq) -> bool
out: idc_values_t * py_seq: PyObject *
def pyw_register_idc_func(*args) ‑> size_t
pyw_register_idc_func(name, args, py_fp) -> size_t
name: char const * args: char const * py_fp: PyObject *
def pyw_unregister_idc_func(*args) ‑> bool
pyw_unregister_idc_func(ctxptr) -> bool
ctxptr: size_t
def set_header_path(*args) ‑> bool
Set or append a header path. IDA looks for the include files in the appended header paths, then in the ida executable directory.
set_header_path(path, add) -> bool
path: list of directories to add (separated by ';') may be
NULL, in this case nothing is added (C++: const char *)
add: true: append. false: remove old paths. (C++: bool)
retval: true - success
retval: false - no memory
def set_idcv_attr(*args) ‑> error_t
Set an object attribute.
set_idcv_attr(obj, attr, value, may_use_setattr=False) -> error_t
obj: variable that holds an object reference. if obj is NULL
then it tries to modify a global variable with the attribute name (C++: idc_value_t *)
attr: attribute name (C++: const char *)
value: new attribute value (C++: const idc_value_t &)
may_use_setattr: may call setattr functions for the class (C++:
return: error code, eOk on success
def set_idcv_slice(*args) ‑> error_t
Set slice.
set_idcv_slice(v, i1, i2, _in, flags=0) -> error_t
v: variable to modify (string or object) (C++: idc_value_t *)
i1: slice start index (C++: uval_t)
i2: slice end index (excluded) (C++: uval_t) in: idc_value_t const &
flags: IDC variable slice flags or 0 (C++: int)
return: eOk on success
def swap_idcvs(*args) ‑> void
Swap 2 variables.
swap_idcvs(v1, v2)
v1 (C++: idc_value_t *)
v2 (C++: idc_value_t *)
def throw_idc_exception(*args) ‑> error_t
Create an idc execution exception object. This helper function can be used to return an exception from C++ code to IDC. In other words this function can be called from 'idc_func_t()' callbacks. Sample usage: if ( !ok ) return throw_idc_exception(r, "detailed error msg");
throw_idc_exception(r, desc) -> error_t
r: object to hold the exception object (C++: idc_value_t *)
desc: exception description (C++: const char *)
return: eExecThrow


class highlighter_cbs_t (*args)
Proxy of C++ highlighter_cbs_t class.
__init__(self) -> highlighter_cbs_t
self: PyObject *


def cur_block_state(self, *args) ‑> int32
cur_block_state(self) -> int32
def prev_block_state(self, *args) ‑> int32
prev_block_state(self) -> int32
def set_block_state(self, *args) ‑> void
set_block_state(self, arg0)
arg0: int32
def set_style(self, *args) ‑> void
set_style(self, arg0, arg1, arg2)
arg0: int32 arg1: int32 arg2: enum syntax_highlight_style
class idc_global_t (*args)
Proxy of C++ idc_global_t class.
__init__(self) -> idc_global_t
n: char const *

Instance variables

var name
idc_global_t_name_get(self) -> qstring *
var value
idc_global_t_value_get(self) -> idc_value_t
class idc_value_t (*args)
Proxy of C++ idc_value_t class.
__init__(self, n=0) -> idc_value_t
n: sval_t
__init__(self, r) -> idc_value_t
r: idc_value_t const &
__init__(self, _str) -> idc_value_t
_str: char const *

Instance variables

var e
idc_value_t_e_get(self) -> fpvalue_t
var funcidx
idc_value_t_funcidx_get(self) -> int
var i64
idc_value_t_i64_get(self) -> int64
var num
idc_value_t_num_get(self) -> sval_t
var obj
idc_value_t_obj_get(self) -> idc_object_t *
var pvoid
idc_value_t_pvoid_get(self) -> void *
var reserve
idc_value_t_reserve_get(self) -> uchar [sizeof(qstring)]
var str
var vtype
idc_value_t_vtype_get(self) -> char


def c_str(self, *args) ‑> char const *
def clear(self, *args) ‑> void
See 'free_idcv()'
def create_empty_string(self, *args) ‑> void
def is_convertible(self, *args) ‑> bool
Convertible types are 'VT_LONG' , 'VT_FLOAT' , 'VT_INT64' , and 'VT_STR' .
def is_integral(self, *args) ‑> bool
Does value represent a whole number?
def is_zero(self, *args) ‑> bool
Does value represent the integer 0?
def qstr(self, *args) ‑> qstring const &
def set_float(self, *args) ‑> void
set_float(self, f)
f: fpvalue_t const &
def set_int64(self, *args) ‑> void
set_int64(self, v)
v: int64
def set_long(self, *args) ‑> void
set_long(self, v)
v: sval_t
def set_pvoid(self, *args) ‑> void
set_pvoid(self, p)
p: void *
def set_string(self, *args) ‑> void
set_string(self, _str, len)
_str: char const * len: size_t
set_string(self, _str)
_str: char const *
def swap(self, *args) ‑> void
Set this = r and v = this.
swap(self, v)
v (C++: idc_value_t &)
def u_str(self, *args) ‑> uchar const *
class idc_values_t (*args)
Proxy of C++ qvector< idc_value_t > class.
__init__(self) -> idc_values_t
x: qvector< idc_value_t > const &


def at(self, *args) ‑> idc_value_t const &
at(self, _idx) -> idc_value_t
_idx: size_t
def back(self)
def begin(self, *args) ‑> qvector< idc_value_t >::const_iterator
begin(self) -> idc_value_t
begin(self) -> idc_value_t
def capacity(self, *args) ‑> size_t
capacity(self) -> size_t
def clear(self, *args) ‑> void
def empty(self, *args) ‑> bool
empty(self) -> bool
def end(self, *args) ‑> qvector< idc_value_t >::const_iterator
end(self) -> idc_value_t
end(self) -> idc_value_t
def erase(self, *args) ‑> qvector< idc_value_t >::iterator
erase(self, it) -> idc_value_t
it: qvector< idc_value_t >::iterator
erase(self, first, last) -> idc_value_t
first: qvector< idc_value_t >::iterator last: qvector< idc_value_t >::iterator
def extract(self, *args) ‑> idc_value_t *
extract(self) -> idc_value_t
def front(self)
def grow(self, *args) ‑> void
grow(self, x=idc_value_t())
x: idc_value_t const &
def inject(self, *args) ‑> void
inject(self, s, len)
s: idc_value_t * len: size_t
def insert(self, *args) ‑> qvector< idc_value_t >::iterator
insert(self, it, x) -> idc_value_t
it: qvector< idc_value_t >::iterator x: idc_value_t const &
def pop_back(self, *args) ‑> void
def push_back(self, *args) ‑> idc_value_t &
push_back(self, x)
x: idc_value_t const &
def qclear(self, *args) ‑> void
def reserve(self, *args) ‑> void
reserve(self, cnt)
cnt: size_t
def resize(self, *args) ‑> void
resize(self, _newsize, x)
_newsize: size_t x: idc_value_t const &
resize(self, _newsize)
_newsize: size_t
def size(self, *args) ‑> size_t
size(self) -> size_t
def swap(self, *args) ‑> void
swap(self, r)
r: qvector< idc_value_t > &
def truncate(self, *args) ‑> void