Module index

Module ida_search

IDA Plugin SDK API wrapper: search

Global variables

var SEARCH_BRK
return 'BADADDR' if the search was cancelled.
var SEARCH_CASE
case-sensitive search (case-insensitive otherwise)
var SEARCH_DEF
find_reg_access: search for a definition (write access)
var SEARCH_DOWN
search towards higher addresses
var SEARCH_IDENT
search for an identifier (text search). it means that the characters before and after the match cannot be is_visible_char().
var SEARCH_NEXT
skip the starting address when searching. this bit is useful only for 'search()' , 'bin_search2()' , 'find_reg_access()' . find_.. functions skip the starting address automatically.
var SEARCH_NOBRK
do not test if the user clicked cancel to interrupt the search
var SEARCH_NOSHOW
do not display the search progress/refresh screen
var SEARCH_REGEX
regular expressions in search string (supported only for the text search)
var SEARCH_UNICODE
SEARCH_UNICODE = 64
var SEARCH_UP
search towards lower addresses
var SEARCH_USE
find_reg_access: search for a use (read access)

Functions

def find_binary(*args) ‑> ea_t
find_binary(arg1, arg2, arg3, arg4, arg5) -> ea_t
Deprecated. Please use ida_bytes.bin_search() instead.
def find_code(*args) ‑> ea_t
Find next code address.
find_code(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def find_data(*args) ‑> ea_t
Find next data address.
find_data(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def find_defined(*args) ‑> ea_t
Find next ea that is the start of an instruction or data.
find_defined(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def find_error(*args) ‑> int *
Find next error or problem.
find_error(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def find_imm(*args) ‑> int *
Find next immediate operand with the given value.
find_imm(ea, sflag, search_value) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
search_value (C++: uval_t)
def find_not_func(*args) ‑> ea_t
Find next code address that does not belong to a function.
find_not_func(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def find_notype(*args) ‑> int *
Find next operand without any type info.
find_notype(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def find_reg_access(*args) ‑> ea_t
Find access to a register.This function does not care about the control flow and probes all instructions in the specified range, starting from START_EA. Only direct references to registers are detected. Function calls and system traps are ignored.
find_reg_access(out, start_ea, end_ea, regname, sflag) -> ea_t
out: pointer to the output buffer. must be non-null. upon
success contains info about the found register. upon failed search for a read access out->range contains the info about the non-redefined parts of the register. (C++: struct reg_access_t *)
start_ea: starting address (C++: ea_t)
end_ea: ending address. BADADDR means that the end limit is
missing. otherwise, if the search direction is SEARCH_UP, END_EA must be lower than START_EA. (C++: ea_t)
regname: the register to search for. (C++: const char *)
sflag: combination of Search flags bits. (C++: int)
return: the found address. BADADDR if not found or error.
def find_suspop(*args) ‑> int *
Find next suspicious operand.
find_suspop(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def find_text(*args) ‑> ea_t
See 'search()'
find_text(start_ea, y, x, ustr, sflag) -> ea_t
start_ea (C++: ea_t)
y (C++: int)
x (C++: int)
ustr (C++: const char *)
sflag (C++: int)
def find_unknown(*args) ‑> ea_t
Find next unexplored address.
find_unknown(ea, sflag) -> ea_t
ea (C++: ea_t)
sflag (C++: int)
def search_down(*args) ‑> bool
Is the 'SEARCH_DOWN' bit set?
search_down(sflag) -> bool
sflag (C++: int)