Module index

Module ida_idaapi

IDA Plugin SDK API wrapper: idaapi

Global variables

var BADADDR
BADADDR = 4294967295
var BADSEL
BADSEL = 4294967295
var HBF_CALL_WITH_NEW_EXEC
HBF_CALL_WITH_NEW_EXEC = 1
var HBF_VOLATILE_METHOD_SET
HBF_VOLATILE_METHOD_SET = 2
var NW_CLOSEIDB
Notify when the database is closed. Its callback is of the form: def notify_when_callback(nw_code)
var NW_INITIDA
Notify when the IDA starts. Its callback is of the form: def notify_when_callback(nw_code)
var NW_OPENIDB
Notify when the database is opened. Its callback is of the form: def notify_when_callback(nw_code, is_old_database)
var NW_REMOVE
Use this flag with other flags to uninstall a notifywhen callback
var NW_TERMIDA
Notify when the IDA terminates. Its callback is of the form: def notify_when_callback(nw_code)
var PLUGIN_DBG
PLUGIN_DBG = 32
var PLUGIN_DRAW
PLUGIN_DRAW = 2
var PLUGIN_FIX
PLUGIN_FIX = 128
var PLUGIN_HIDE
PLUGIN_HIDE = 16
var PLUGIN_KEEP
PLUGIN_KEEP = 2
var PLUGIN_MOD
PLUGIN_MOD = 1
var PLUGIN_MULTI
PLUGIN_MULTI = 256
var PLUGIN_OK
PLUGIN_OK = 1
var PLUGIN_PROC
PLUGIN_PROC = 64
var PLUGIN_SEG
PLUGIN_SEG = 4
var PLUGIN_SKIP
PLUGIN_SKIP = 0
var PLUGIN_UNL
PLUGIN_UNL = 8
var PY_ICID_BYREF
byref object
var PY_ICID_INT64
int64 object
var PY_ICID_OPAQUE
opaque object
var SEEK_CUR
SEEK_CUR = 1
var SEEK_END
SEEK_END = 2
var SEEK_SET
SEEK_SET = 0
var SIZE_MAX
SIZE_MAX = 18446744073709551615
var ST_OVER_DEBUG_SEG
step tracing will be disabled when IP is in a debugger segment
var ST_OVER_LIB_FUNC
step tracing will be disabled when IP is in a library function
var has_mbcs
has_mbcs = False
var uses_swig_builtins
uses_swig_builtins = False

Functions

def IDAPython_ExecScript(path, g, print_error=True)
Run the specified script.
def IDAPython_ExecSystem(cmd)
Executes a command with popen().
def IDAPython_FormatExc(etype, value=None, tb=None, limit=None)
This function is used to format an exception given the values returned by a PyErr_Fetch()
def IDAPython_LoadProcMod(path, g, print_error=True)
Load processor module.
def IDAPython_UnLoadProcMod(script, g, print_error=True)
Unload processor module.
def as_UTF16(s)
Convenience function to convert a string into appropriate unicode format
def as_cstr(val)
Returns a C str from the passed value. The passed value can be of type refclass (returned by a call to buffer() or byref()) It scans for the first \x00 and returns the string value up to that point.
def as_int32(v)
Returns a number as a signed int32 number
def as_signed(v, nbits=32)
Returns a number as signed. The number of bits are specified by the user. The MSB holds the sign.
def as_uint32(v)
Returns a number as an unsigned int32 number
def as_unicode(s)
Convenience function to convert a string into appropriate unicode format
def copy_bits(v, s, e=-1)
Copy bits from a value
v: the value
s: starting bit (0-based)
e: ending bit
def disable_script_timeout(*args) ‑> void
disable_script_timeout()
Disables the script timeout and hides the script wait box. Calling L{set_script_timeout} will not have any effects until the script is compiled and executed again
return: None
def enable_extlang_python(*args) ‑> void
enable_extlang_python(enable)
Enables or disables Python extlang. When enabled, all expressions will be evaluated by Python.
enable: Set to True to enable, False otherwise
def enable_python_cli(*args) ‑> void
enable_python_cli(enable)
enable: bool
def format_basestring(*args) ‑> PyObject *
format_basestring(_in) -> PyObject *
_in: PyObject *
def get_inf_structure(*args) ‑> idainfo *
get_inf_structure() -> idainfo
Returns the global variable 'inf' (an instance of idainfo structure, see ida.hpp)
def loader_input_t_from_capsule(*args) ‑> loader_input_t *
loader_input_t_from_capsule(pycapsule) -> loader_input_t
pycapsule: PyObject *
def loader_input_t_from_fp(*args) ‑> loader_input_t *
loader_input_t_from_fp(fp) -> loader_input_t
fp: FILE *
def loader_input_t_from_linput(*args) ‑> loader_input_t *
loader_input_t_from_linput(linput) -> loader_input_t
linput: linput_t *
def notify_when(when, callback)
Register a callback that will be called when an event happens.
when: one of NW_XXXX constants
callback: This callback prototype varies depending on the 'when' parameter:
The general callback format:
def notify_when_callback(nw_code)
In the case of NW_OPENIDB:
def notify_when_callback(nw_code, is_old_database)
return: Boolean
def parse_command_line3(*args) ‑> PyObject *
parse_command_line3(cmdline) -> PyObject *
cmdline: char const *
def pycim_get_tcustom_control(*args) ‑> TWidget *
pycim_get_widget(_self) -> TWidget *
self: PyObject *
def pycim_get_tform(*args) ‑> TWidget *
pycim_get_widget(_self) -> TWidget *
self: PyObject *
def pycim_get_widget(*args) ‑> TWidget *
pycim_get_widget(_self) -> TWidget *
self: PyObject *
def pycim_view_close(*args) ‑> void
pycim_view_close(_self)
self: PyObject *
def pygc_create_groups(*args) ‑> PyObject *
pygc_create_groups(_self, groups_infos) -> PyObject *
self: PyObject * groups_infos: PyObject *
def pygc_delete_groups(*args) ‑> PyObject *
pygc_delete_groups(_self, groups, new_current) -> PyObject *
self: PyObject * groups: PyObject * new_current: PyObject *
def pygc_refresh(*args) ‑> void
pygc_refresh(_self)
self: PyObject *
def pygc_set_groups_visibility(*args) ‑> PyObject *
pygc_set_groups_visibility(_self, groups, expand, new_current) -> PyObject *
self: PyObject * groups: PyObject * expand: PyObject * new_current: PyObject *
def replfun(func)
def require(modulename, package=None)
Load, or reload a module.
When under heavy development, a user's tool might consist of multiple modules. If those are imported using the standard 'import' mechanism, there is no guarantee that the Python implementation will re-read and re-evaluate the module's Python code. In fact, it usually doesn't. What should be done instead is 'reload()'-ing that module.
This is a simple helper function that will do just that: In case the module doesn't exist, it 'import's it, and if it does exist, 'reload()'s it.
The importing module (i.e., the module calling require()) will have the loaded module bound to its globals(), under the name 'modulename'. (If require() is called from the command line, the importing module will be '__main__'.)
For more information, see: <>
def set_script_timeout(*args) ‑> int
set_script_timeout(timeout) -> int
Changes the script timeout value. The script wait box dialog will be hidden and shown again when the timeout elapses. See also L{disable_script_timeout}.
timeout: This value is in seconds.
If this value is set to zero then the script will never timeout.
return: Returns the old timeout value
def struct_unpack(buffer, signed=False, offs=0)
Unpack a buffer given its length and offset using struct.unpack_from(). This function will know how to unpack the given buffer by using the lookup table '__struct_unpack_table' If the buffer is of unknown length then None is returned. Otherwise the unpacked value is returned.

Classes

class IDAPython_displayhook

Methods

def displayhook(self, item)
def format_item(self, num_printer, storage, item)
def format_seq(self, num_printer, storage, item, opn, cls)
class PyIdc_cvt_int64__ (v)
Helper class for explicitly representing VT_INT64 values

Ancestors

class PyIdc_cvt_refclass__ (v)
Helper class for representing references to immutable objects

Ancestors

Methods

def cstr(self)
Returns the string as a C string (up to the zero termination)
class loader_input_t (*args)
Proxy of C++ loader_input_t class.
A helper class to work with linput_t related functions. This class is also used by file loaders scripts.
__init__(self, pycapsule=None) -> loader_input_t
Closes the file

Static methods

def from_capsule(*args) ‑> loader_input_t *
from_capsule(pycapsule) -> loader_input_t
pycapsule: PyObject *
def from_fp(*args) ‑> loader_input_t *
from_fp(fp) -> loader_input_t
A static method to construct an instance from a FILE*
def from_linput(*args) ‑> loader_input_t *
from_linput(linput) -> loader_input_t
linput: linput_t *

Methods

def close(self, *args) ‑> void
close(self)
def file2base(self, *args) ‑> int
file2base(self, pos, ea1, ea2, patchable) -> int
Load portion of file into the database This function will include (ea1..ea2) into the addressing space of the program (make it enabled)
li: pointer ot input source
pos: position in the file
param (ea1..ea2): range of destination linear addresses
patchable: should the kernel remember correspondance of
file offsets to linear addresses.
return: 1-ok,0-read error, a warning is displayed
def filename(self, *args) ‑> PyObject *
filename(self) -> PyObject *
def get_byte(self, *args) ‑> PyObject *
get_byte(self) -> PyObject *
Reads a single byte from the file. Returns None if EOF or the read byte
def get_linput(self, *args) ‑> linput_t *
get_linput(self) -> linput_t *
def gets(self, *args) ‑> PyObject *
gets(self, len) -> PyObject *
Reads a line from the input file. Returns the read line or None
def getz(self, *args) ‑> PyObject *
getz(self, sz, fpos=-1) -> PyObject *
Returns a zero terminated string at the given position
sz: maximum size of the string
fpos: if != -1 then seek will be performed before reading
return: The string or None on failure.
def open(self, *args) ‑> bool
open(self, filename, remote=False) -> bool
Opens a file (or a remote file)
return: Boolean
def open_memory(self, *args) ‑> bool
open_memory(self, start, size=0) -> bool
Create a linput for process memory (By internally calling idaapi.create_memory_linput()) This linput will use dbg->read_memory() to read data
start: starting address of the input
size: size of the memory range to represent as linput
if unknown, may be passed as 0
def opened(self, *args) ‑> bool
opened(self) -> bool
Checks if the file is opened or not
def read(self, *args) ‑> PyObject *
read(self, size) -> PyObject *
Reads from the file. Returns the buffer or None
def readbytes(self, *args) ‑> PyObject *
readbytes(self, size, big_endian) -> PyObject *
Similar to read() but it respect the endianness
def seek(self, *args) ‑> int64
seek(self, pos, whence=SEEK_SET) -> int64
Set input source position
return: the new position (not 0 as fseek!)
def set_linput(self, *args) ‑> void
set_linput(self, linput)
Links the current loader_input_t instance to a linput_t instance
def size(self, *args) ‑> int64
size(self) -> int64
def tell(self, *args) ‑> int64
tell(self) -> int64
Returns the current position
class object_t (**kwds)
Helper class used to initialize empty objects
class plugin_t
Base class for all scripted plugins.

Ancestors

class plugmod_t
Base class for all scripted multi-plugins.

Ancestors

class py_clinked_object_t (lnk=None)
This is a utility and base class for C linked objects

Ancestors

Subclasses

Instance variables

Returns the C link as a PyObject
Returns the C link pointer as a number

Methods

def assign(self, other)
Overwrite me. This method allows you to assign an instance contents to anothers
return: Boolean
def copy(self)
Returns a new copy of this class
class pyidc_cvt_helper__ (cvt_id, value)
This is a special helper object that helps detect which kind of object is this python object wrapping and how to convert it back and from IDC. This object is characterized by its special attribute and its value

Subclasses

Instance variables

var value
class pyidc_opaque_object_t
This is the base class for all Python<->IDC opaque objects

Subclasses