Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Python>help(idc)
- Help on module idc:
- NAME
- idc - IDC compatibility module
- FILE
- c:\program files\ida 7.0\python\idc.py
- DESCRIPTION
- This file contains IDA built-in function declarations and internal bit
- definitions. Each byte of the program has 32-bit flags (low 8 bits keep
- the byte value). These 32 bits are used in get_full_flags/get_flags functions.
- This file is subject to change without any notice.
- Future versions of IDA may use other definitions.
- CLASSES
- exceptions.Exception(exceptions.BaseException)
- DeprecatedIDCError
- class DeprecatedIDCError(exceptions.Exception)
- | Exception for deprecated function calls
- |
- | Method resolution order:
- | DeprecatedIDCError
- | exceptions.Exception
- | exceptions.BaseException
- | __builtin__.object
- |
- | Data descriptors defined here:
- |
- | __weakref__
- | list of weak references to the object (if defined)
- |
- | ----------------------------------------------------------------------
- | Methods inherited from exceptions.Exception:
- |
- | __init__(...)
- | x.__init__(...) initializes x; see help(type(x)) for signature
- |
- | ----------------------------------------------------------------------
- | Data and other attributes inherited from exceptions.Exception:
- |
- | __new__ = <built-in method __new__ of type object>
- | T.__new__(S, ...) -> a new object with type S, a subtype of T
- |
- | ----------------------------------------------------------------------
- | Methods inherited from exceptions.BaseException:
- |
- | __delattr__(...)
- | x.__delattr__('name') <==> del x.name
- |
- | __getattribute__(...)
- | x.__getattribute__('name') <==> x.name
- |
- | __getitem__(...)
- | x.__getitem__(y) <==> x[y]
- |
- | __getslice__(...)
- | x.__getslice__(i, j) <==> x[i:j]
- |
- | Use of negative indices is not supported.
- |
- | __reduce__(...)
- |
- | __repr__(...)
- | x.__repr__() <==> repr(x)
- |
- | __setattr__(...)
- | x.__setattr__('name', value) <==> x.name = value
- |
- | __setstate__(...)
- |
- | __str__(...)
- | x.__str__() <==> str(x)
- |
- | __unicode__(...)
- |
- | ----------------------------------------------------------------------
- | Data descriptors inherited from exceptions.BaseException:
- |
- | __dict__
- |
- | args
- |
- | message
- FUNCTIONS
- AddSeg(startea, endea, base, use32, align, comb)
- AddStrucMember = add_struc_member(sid, name, offset, flag, typeid, nbytes, target=-1, tdelta=0, reftype=2L)
- Add structure member
- @param sid: structure type ID
- @param name: name of the new member
- @param offset: offset of the new member
- -1 means to add at the end of the structure
- @param flag: type of the new member. Should be one of
- FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
- @param typeid: if isStruc(flag) then typeid specifies the structure id for the member
- if is_off0(flag) then typeid specifies the offset base.
- if is_strlit(flag) then typeid specifies the string type (STRTYPE_...).
- if is_stroff(flag) then typeid specifies the structure id
- if is_enum(flag) then typeid specifies the enum id
- if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16)
- Otherwise typeid should be -1.
- @param nbytes: number of bytes in the new member
- @param target: target address of the offset expr. You may specify it as
- -1, ida will calculate it itself
- @param tdelta: offset target delta. usually 0
- @param reftype: see REF_... definitions
- @note: The remaining arguments are allowed only if is_off0(flag) and you want
- to specify a complex offset expression
- @return: 0 - ok, otherwise error code (one of STRUC_ERROR_*)
- ApplyType = apply_type(ea, py_type, flags=1)
- Apply the specified type to the address
- @param ea: the address of the object
- @param py_type: typeinfo tuple (type, fields) as get_tinfo() returns
- or tuple (name, type, fields) as parse_decl() returns
- or None
- if specified as None, then the
- item associated with 'ea' will be deleted.
- @param flags: combination of TINFO_... constants or 0
- @return: Boolean
- AutoMark(ea, qtype)
- Plan to analyze an address
- ClearTraceFile = clear_trace(filename)
- Clear the current trace buffer
- CompileEx(inp, isfile)
- #--------------------------------------------------------------------------
- # Compatibility macros (non-auto-generated part)
- EVAL_FAILURE(code)
- Check the result of eval_idc() for evaluation failures
- @param code: result of eval_idc()
- @return: True if there was an evaluation error
- Eval = eval_idc(expr)
- Evaluate an IDC expression
- @param expr: an expression
- @return: the expression value. If there are problems, the returned value will be "IDC_FAILURE: xxx"
- where xxx is the error description
- @note: Python implementation evaluates IDC only, while IDC can call other registered languages
- FindBinary = find_binary(ea, flag, searchstr, radix=16)
- @param ea: start address
- @param flag: combination of SEARCH_* flags
- @param searchstr: a string as a user enters it for Search Text in Core
- @param radix: radix of the numbers (default=16)
- @return: ea of result or BADADDR if not found
- @note: Example: "41 42" - find 2 bytes 41h,42h (radix is 16)
- GetCommentEx(ea, repeatable)
- Get regular indented comment
- @param ea: linear address
- @param repeatable: 1 to get the repeatable comment, 0 to get the normal comment
- @return: string or None if it fails
- GetDisasm(ea)
- Get disassembly line
- @param ea: linear address of instruction
- @return: "" - could not decode instruction at the specified location
- @note: this function may not return exactly the same mnemonics
- as you see on the screen.
- GetDouble(ea)
- Get value of a floating point number (8 bytes)
- This function assumes number stored using IEEE format
- and in the same endianness as integers.
- @param ea: linear address
- @return: double
- GetFlags = get_full_flags(ea)
- Get internal flags
- @param ea: linear address
- @return: 32-bit value of internal flags. See start of IDC.IDC file
- for explanations.
- GetFloat(ea)
- Get value of a floating point number (4 bytes)
- This function assumes number stored using IEEE format
- and in the same endianness as integers.
- @param ea: linear address
- @return: float
- GetLocalType(ordinal, flags)
- Retrieve a local type declaration
- @param flags: any of PRTYPE_* constants
- @return: local type as a C declaration or ""
- GetManyBytes = get_bytes(ea, size, use_dbg=False)
- Return the specified number of bytes of the program
- @param ea: linear address
- @param size: size of buffer in normal 8-bit bytes
- @param use_dbg: if True, use debugger memory, otherwise just the database
- @return: None on failure
- otherwise a string containing the read bytes
- GetString = get_strlit_contents(ea, length=-1, strtype=0)
- Get string contents
- @param ea: linear address
- @param length: string length. -1 means to calculate the max string length
- @param strtype: the string type (one of STRTYPE_... constants)
- @return: string contents or empty string
- LoadFile(filepath, pos, ea, size)
- Load file into IDA database
- @param filepath: path to input file
- @param pos: position in the file
- @param ea: linear address to load
- @param size: number of bytes to load
- @return: 0 - error, 1 - ok
- MakeFunction(start, end=18446744073709551615L)
- MakeVar(ea)
- Mark the location as "variable"
- @param ea: address to mark
- @return: None
- @note: All that IDA does is to mark the location as "variable".
- Nothing else, no additional analysis is performed.
- This function may disappear in the future.
- Message = msg(message)
- Display an UTF-8 string in the message window
- The result of the stringification of the arguments
- will be treated as an UTF-8 string.
- @param message: message to print (formatting is done in Python)
- This function can be used to debug IDC scripts
- NextHead = next_head(ea, maxea=18446744073709551615L)
- Get next defined item (instruction or data) in the program
- @param ea: linear address to start search from
- @param maxea: the search will stop at the address
- maxea is not included in the search range
- @return: BADADDR - no (more) defined items
- ParseTypes = parse_decls(inputtype, flags=0)
- Parse type declarations
- @param inputtype: file name or C declarations (depending on the flags)
- @param flags: combination of PT_... constants or 0
- @return: number of parsing errors (0 no errors)
- PrevHead = prev_head(ea, minea=0)
- Get previous defined item (instruction or data) in the program
- @param ea: linear address to start search from
- @param minea: the search will stop at the address
- minea is included in the search range
- @return: BADADDR - no (more) defined items
- ProcessUiAction = process_ui_action(name, flags=0)
- Invokes an IDA UI action by name
- @param name: Command name
- @param flags: Reserved. Must be zero
- @return: Boolean
- ResumeProcess = resume_process()
- SaveBase = save_database(idbname, flags=0)
- Save current database to the specified idb file
- @param idbname: name of the idb file. if empty, the current idb
- file will be used.
- @param flags: combination of ida_loader.DBFL_... bits or 0
- SaveFile(filepath, pos, ea, size)
- Save from IDA database to file
- @param filepath: path to output file
- @param pos: position in the file
- @param ea: linear address to save from
- @param size: number of bytes to save
- @return: 0 - error, 1 - ok
- SendDbgCommand = send_dbg_command(cmd)
- Sends a command to the debugger module and returns the output string.
- An exception will be raised if the debugger is not running or the current debugger does not export
- the 'send_dbg_command' IDC command.
- SetMemberType = set_member_type(sid, member_offset, flag, typeid, nitems, target=-1, tdelta=0, reftype=2L)
- Change structure member type
- @param sid: structure type ID
- @param member_offset: offset of the member
- @param flag: new type of the member. Should be one of
- FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
- @param typeid: if isStruc(flag) then typeid specifies the structure id for the member
- if is_off0(flag) then typeid specifies the offset base.
- if is_strlit(flag) then typeid specifies the string type (STRTYPE_...).
- if is_stroff(flag) then typeid specifies the structure id
- if is_enum(flag) then typeid specifies the enum id
- if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16)
- Otherwise typeid should be -1.
- @param nitems: number of items in the member
- @param target: target address of the offset expr. You may specify it as
- -1, ida will calculate it itself
- @param tdelta: offset target delta. usually 0
- @param reftype: see REF_... definitions
- @note: The remaining arguments are allowed only if is_off0(flag) and you want
- to specify a complex offset expression
- @return: !=0 - ok.
- SetPrcsr(processor)
- SetType(ea, newtype)
- Set type of function/variable
- @param ea: the address of the object
- @param newtype: the type string in C declaration form.
- Must contain the closing ';'
- if specified as an empty string, then the
- item associated with 'ea' will be deleted.
- @return: 1-ok, 0-failed.
- SizeOf(typestr)
- Returns the size of the type. It is equivalent to IDC's sizeof().
- Use name, tp, fld = idc.parse_decl() ; SizeOf(tp) to retrieve the size
- @return: -1 if typestring is not valid otherwise the size of the type
- UMessage = msg(message)
- Display an UTF-8 string in the message window
- The result of the stringification of the arguments
- will be treated as an UTF-8 string.
- @param message: message to print (formatting is done in Python)
- This function can be used to debug IDC scripts
- WriteExe(filepath)
- WriteMap(filepath)
- WriteTxt(filepath, ea1, ea2)
- add_auto_stkpnt(func_ea, ea, delta)
- Add automatical SP register change point
- @param func_ea: function start
- @param ea: linear address where SP changes
- usually this is the end of the instruction which
- modifies the stack pointer (insn.ea+insn.size)
- @param delta: difference between old and new values of SP
- @return: 1-ok, 0-failed
- add_bpt(ea, size=0, bpttype=12)
- Add a new breakpoint
- @param ea: any address in the process memory space:
- @param size: size of the breakpoint (irrelevant for software breakpoints):
- @param bpttype: type of the breakpoint (one of BPT_... constants)
- @return: success
- @note: Only one breakpoint can exist at a given address.
- add_cref(From, To, flowtype)
- add_default_til(name)
- Load a type library
- @param name: name of type library.
- @return: 1-ok, 0-failed.
- add_dref(From, To, drefType)
- Create Data Ref
- add_entry(ordinal, ea, name, makecode)
- Add entry point
- @param ordinal: entry point number
- if entry point doesn't have an ordinal
- number, 'ordinal' should be equal to 'ea'
- @param ea: address of the entry point
- @param name: name of the entry point. If null string,
- the entry point won't be renamed.
- @param makecode: if 1 then this entry point is a start
- of a function. Otherwise it denotes data bytes.
- @return: 0 - entry point with the specifed ordinal already exists
- 1 - ok
- add_enum(idx, name, flag)
- Add a new enum type
- @param idx: serial number of the new enum.
- If another enum with the same serial number
- exists, then all enums with serial
- numbers >= the specified idx get their
- serial numbers incremented (in other words,
- the new enum is put in the middle of the list of enums).
- If idx >= get_enum_qty() or idx == idaapi.BADNODE
- then the new enum is created at the end of
- the list of enums.
- @param name: name of the enum.
- @param flag: flags for representation of numeric constants
- in the definition of enum.
- @return: id of new enum or BADADDR
- add_enum_member(enum_id, name, value, bmask)
- Add a member of enum - a symbolic constant
- @param enum_id: id of enum
- @param name: name of symbolic constant. Must be unique in the program.
- @param value: value of symbolic constant.
- @param bmask: bitmask of the constant
- ordinary enums accept only ida_enum.DEFMASK as a bitmask
- all bits set in value should be set in bmask too
- @return: 0-ok, otherwise error code (one of ENUM_MEMBER_ERROR_*)
- add_func(start, end=18446744073709551615L)
- Create a function
- @param start: function bounds
- @param end: function bounds
- If the function end address is BADADDR, then
- IDA will try to determine the function bounds
- automatically. IDA will define all necessary
- instructions to determine the function bounds.
- @return: !=0 - ok
- @note: an instruction should be present at the start address
- add_hidden_range(start, end, description, header, footer, color)
- Hide a range
- Hidden ranges - address ranges which can be replaced by their descriptions
- @param start: range start
- @param end: range end
- @param description: description to display if the range is collapsed
- @param header: header lines to display if the range is expanded
- @param footer: footer lines to display if the range is expanded
- @param color: RGB color code (-1 means default color)
- @returns: !=0 - ok
- add_idc_hotkey(hotkey, idcfunc)
- Add hotkey for IDC function
- @param hotkey: hotkey name ('a', "Alt-A", etc)
- @param idcfunc: IDC function name
- @return: None
- add_segm_ex(startea, endea, base, use32, align, comb, flags)
- Create a new segment
- @param startea: linear address of the start of the segment
- @param endea: linear address of the end of the segment
- this address will not belong to the segment
- 'endea' should be higher than 'startea'
- @param base: base paragraph or selector of the segment.
- a paragraph is 16byte memory chunk.
- If a selector value is specified, the selector should be
- already defined.
- @param use32: 0: 16bit segment, 1: 32bit segment, 2: 64bit segment
- @param align: segment alignment. see below for alignment values
- @param comb: segment combination. see below for combination values.
- @param flags: combination of ADDSEG_... bits
- @return: 0-failed, 1-ok
- add_sourcefile(ea1, ea2, filename)
- Mark a range of address as belonging to a source file
- An address range may belong only to one source file.
- A source file may be represented by several address ranges.
- @param ea1: linear address of start of the address range
- @param ea2: linear address of end of the address range
- @param filename: name of source file.
- @return: 1-ok, 0-failed.
- @note: IDA can keep information about source files used to create the program.
- Each source file is represented by a range of addresses.
- A source file may contains several address ranges.
- add_struc(index, name, is_union)
- Define a new structure type
- @param index: index of new structure type
- If another structure has the specified index,
- then index of that structure and all other
- structures will be incremented, freeing the specifed
- index. If index is == -1, then the biggest index
- number will be used.
- See get_first_struc_idx() for the explanation of
- structure indices and IDs.
- @param name: name of the new structure type.
- @param is_union: 0: structure
- 1: union
- @return: -1 if can't define structure type because of
- bad structure name: the name is ill-formed or is
- already used in the program.
- otherwise returns ID of the new structure type
- add_struc_member(sid, name, offset, flag, typeid, nbytes, target=-1, tdelta=0, reftype=2L)
- Add structure member
- @param sid: structure type ID
- @param name: name of the new member
- @param offset: offset of the new member
- -1 means to add at the end of the structure
- @param flag: type of the new member. Should be one of
- FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
- @param typeid: if isStruc(flag) then typeid specifies the structure id for the member
- if is_off0(flag) then typeid specifies the offset base.
- if is_strlit(flag) then typeid specifies the string type (STRTYPE_...).
- if is_stroff(flag) then typeid specifies the structure id
- if is_enum(flag) then typeid specifies the enum id
- if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16)
- Otherwise typeid should be -1.
- @param nbytes: number of bytes in the new member
- @param target: target address of the offset expr. You may specify it as
- -1, ida will calculate it itself
- @param tdelta: offset target delta. usually 0
- @param reftype: see REF_... definitions
- @note: The remaining arguments are allowed only if is_off0(flag) and you want
- to specify a complex offset expression
- @return: 0 - ok, otherwise error code (one of STRUC_ERROR_*)
- add_user_stkpnt(ea, delta)
- Add user-defined SP register change point.
- @param ea: linear address where SP changes
- @param delta: difference between old and new values of SP
- @return: 1-ok, 0-failed
- append_func_tail(funcea, ea1, ea2)
- Append a function chunk to the function
- @param funcea: any address in the function
- @param ea1: start of function tail
- @param ea2: end of function tail
- @return: 0 if failed, 1 if success
- @note: If a chunk exists at the specified addresses, it must have exactly
- the specified boundaries
- apply_type(ea, py_type, flags=1)
- Apply the specified type to the address
- @param ea: the address of the object
- @param py_type: typeinfo tuple (type, fields) as get_tinfo() returns
- or tuple (name, type, fields) as parse_decl() returns
- or None
- if specified as None, then the
- item associated with 'ea' will be deleted.
- @param flags: combination of TINFO_... constants or 0
- @return: Boolean
- ask_seg(defval, prompt)
- Ask the user to enter a segment value
- @param defval: the default value. This value
- will appear in the dialog box.
- @param prompt: the prompt to display in the dialog box
- @return: the entered segment selector or BADSEL.
- ask_yn(defval, prompt)
- Ask the user a question and let him answer Yes/No/Cancel
- @param defval: the default answer. This answer will be selected if the user
- presses Enter. -1:cancel,0-no,1-ok
- @param prompt: the prompt to display in the dialog box
- @return: -1:cancel,0-no,1-ok
- atoa(ea)
- Convert address value to a string
- Return address in the form 'seg000:1234'
- (the same as in line prefixes)
- @param ea: address to format
- atol(s)
- attach_process(pid, event_id)
- Attach the debugger to a running process
- @param pid: PID of the process to attach to. If NO_PROCESS, a dialog box
- will interactively ask the user for the process to attach to.
- @param event_id: reserved, must be -1
- @return:
- - -2: impossible to find a compatible process
- - -1: impossible to attach to the given process (process died, privilege
- needed, not supported by the debugger plugin, ...)
- - 0: the user cancelled the attaching to the process
- - 1: the debugger properly attached to the process
- @note: See the important note to the step_into() function
- auto_mark_range(start, end, queuetype)
- Plan to perform an action in the future.
- This function will put your request to a special autoanalysis queue.
- Later IDA will retrieve the request from the queue and process
- it. There are several autoanalysis queue types. IDA will process all
- queries from the first queue and then switch to the second queue, etc.
- auto_unmark(start, end, queuetype)
- Remove range of addresses from a queue.
- auto_wait()
- Process all entries in the autoanalysis queue
- Wait for the end of autoanalysis
- @note: This function will suspend execution of the calling script
- till the autoanalysis queue is empty.
- batch(batch)
- Enable/disable batch mode of operation
- @param batch: batch mode
- 0 - ida will display dialog boxes and wait for the user input
- 1 - ida will not display dialog boxes, warnings, etc.
- @return: old balue of batch flag
- begin_type_updating(utp)
- Begin type updating. Use this function if you
- plan to call AddEnumConst or similar type modification functions
- many times or from inside a loop
- @param utp: one of UTP_xxxx consts
- @return: None
- byte_value(F)
- Get byte value from flags
- Get value of byte provided that the byte is initialized.
- This macro works ok only for 8-bit byte machines.
- calc_gtn_flags(fromaddr, ea)
- Calculate flags for get_name() function
- @param fromaddr: the referring address. May be BADADDR.
- @param ea: linear address
- @return: success
- call_system(command)
- Execute an OS command.
- @param command: command line to execute
- @return: error code from OS
- @note:
- IDA will wait for the started program to finish.
- In order to start the command in parallel, use OS methods.
- For example, you may start another program in parallel using
- "start" command.
- can_exc_continue()
- Can it continue after EXCEPTION event?
- @return: boolean
- check_bpt(ea)
- Check a breakpoint
- @param ea: address in the process memory space
- @return: one of BPTCK_... constants
- choose_func(title)
- Ask the user to select a function
- Arguments:
- @param title: title of the dialog box
- @return: -1 - user refused to select a function
- otherwise returns the selected function start address
- clear_trace(filename)
- Clear the current trace buffer
- create_align(ea, count, align)
- Convert the current item to an alignment directive
- @param ea: linear address
- @param count: number of bytes to convert
- @param align: 0 or 1..32
- if it is 0, the correct alignment will be calculated
- by the kernel
- @return: 1-ok, 0-failure
- create_array(name)
- Create array.
- @param name: The array name.
- @return: -1 in case of failure, a valid array_id otherwise.
- create_byte(ea)
- Convert the current item to a byte
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_custom_data(ea, size, dtid, fid)
- Convert the item at address to custom data.
- @param ea: linear address.
- @param size: custom data size in bytes.
- @param dtid: data type ID.
- @param fid: data format ID.
- @return: 1-ok, 0-failure
- create_data(ea, flags, size, tid)
- Create a data item at the specified address
- @param ea: linear address
- @param flags: FF_BYTE..FF_PACKREAL
- @param size: size of item in bytes
- @param tid: for FF_STRUCT the structure id
- @return: 1-ok, 0-failure
- create_double(ea)
- Convert the current item to a double floating point (8 bytes)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_dword(ea)
- Convert the current item to a double word (4 bytes)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_float(ea)
- Convert the current item to a floating point (4 bytes)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_insn(ea)
- Create an instruction at the specified address
- @param ea: linear address
- @return: 0 - can not create an instruction (no such opcode, the instruction
- would overlap with existing items, etc) otherwise returns length of the
- instruction in bytes
- create_oword(ea)
- Convert the current item to an octa word (16 bytes/128 bits)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_pack_real(ea)
- Convert the current item to a packed real (10 or 12 bytes)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_qword(ea)
- Convert the current item to a quadro word (8 bytes)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_strlit(ea, endea)
- Create a string.
- This function creates a string (the string type is determined by the
- value of get_inf_attr(INF_STRTYPE))
- @param ea: linear address
- @param endea: ending address of the string (excluded)
- if endea == BADADDR, then length of string will be calculated
- by the kernel
- @return: 1-ok, 0-failure
- @note: The type of an existing string is returned by get_str_type()
- create_struct(ea, size, strname)
- Convert the current item to a structure instance
- @param ea: linear address
- @param size: structure size in bytes. -1 means that the size
- will be calculated automatically
- @param strname: name of a structure type
- @return: 1-ok, 0-failure
- create_tbyte(ea)
- Convert the current item to a tbyte (10 or 12 bytes)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_word(ea)
- Convert the current item to a word (2 bytes)
- @param ea: linear address
- @return: 1-ok, 0-failure
- create_yword(ea)
- Convert the current item to a ymm word (32 bytes/256 bits)
- @param ea: linear address
- @return: 1-ok, 0-failure
- define_exception(code, name, desc, flags)
- Add exception handling information
- @param code: exception code
- @param name: exception name
- @param desc: exception description
- @param flags: exception flags (combination of EXC_...)
- @return: failure description or ""
- define_local_var(start, end, location, name)
- Create a local variable
- @param start: start of address range for the local variable
- @param end: end of address range for the local variable
- @param location: the variable location in the "[bp+xx]" form where xx is
- a number. The location can also be specified as a
- register name.
- @param name: name of the local variable
- @return: 1-ok, 0-failure
- @note: For the stack variables the end address is ignored.
- If there is no function at 'start' then this function.
- will fail.
- del_array_element(tag, array_id, idx)
- Delete an array element.
- @param tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
- @param array_id: The array ID.
- @param idx: Index of an element.
- @return: 1 in case of success, 0 otherwise.
- del_bpt(ea)
- Delete breakpoint
- @param ea: any address in the process memory space:
- @return: success
- del_cref(From, To, undef)
- Unmark exec flow 'from' 'to'
- @param undef: make 'To' undefined if no more references to it
- @returns: 1 - planned to be made undefined
- del_dref(From, To)
- Unmark Data Ref
- del_enum(enum_id)
- Delete enum type
- @param enum_id: id of enum
- @return: None
- del_enum_member(enum_id, value, serial, bmask)
- Delete a member of enum - a symbolic constant
- @param enum_id: id of enum
- @param value: value of symbolic constant.
- @param serial: serial number of the constant in the
- enumeration. See op_enum() for for details.
- @param bmask: bitmask of the constant ordinary enums accept
- only ida_enum.DEFMASK as a bitmask
- @return: 1-ok, 0-failed
- del_extra_cmt(ea, n)
- Delete an extra comment line
- @param ea: linear address
- @param n: number of anterior additional line (0..MAX_ITEM_LINES)
- @return: None
- To delete anterior line #n use (E_PREV + n)
- To delete posterior line #n use (E_NEXT + n)
- del_fixup(ea)
- Delete fixup information
- @param ea: address to delete fixup information about
- @return: None
- del_func(ea)
- Delete a function
- @param ea: any address belonging to the function
- @return: !=0 - ok
- del_hash_string(hash_id, key)
- Delete a hash element.
- @param hash_id: The hash ID.
- @param key: Key of an element
- @return: 1 upon success, 0 otherwise.
- del_hidden_range(ea)
- Delete a hidden range
- @param ea: any address belonging to the hidden range
- @returns: != 0 - ok
- del_idc_hotkey(hotkey)
- Delete IDC function hotkey
- @param hotkey: hotkey code to delete
- del_items(ea, flags=0, size=1)
- Convert the current item to an explored item
- @param ea: linear address
- @param flags: combination of DELIT_* constants
- @param size: size of the range to undefine
- @return: None
- del_segm(ea, flags)
- Delete a segment
- @param ea: any address in the segment
- @param flags: combination of SEGMOD_* flags
- @return: boolean success
- del_selector(sel)
- Delete a selector
- @param sel: the selector number to delete
- @return: None
- @note: if the selector is found, it will be deleted
- del_source_linnum(ea)
- Delete information about source line number
- @param ea: linear address
- @return: None
- del_sourcefile(ea)
- Delete information about the source file
- @param ea: linear address belonging to the source file
- @return: NULL - source file information is not found
- otherwise returns pointer to file name
- del_stkpnt(func_ea, ea)
- Delete SP register change point
- @param func_ea: function start
- @param ea: linear address
- @return: 1-ok, 0-failed
- del_struc(sid)
- Delete a structure type
- @param sid: structure type ID
- @return: 0 if bad structure type ID is passed
- 1 otherwise the structure type is deleted. All data
- and other structure types referencing to the
- deleted structure type will be displayed as array
- of bytes.
- del_struc_member(sid, member_offset)
- Delete structure member
- @param sid: structure type ID
- @param member_offset: offset of the member
- @return: != 0 - ok.
- @note: IDA allows 'holes' between members of a
- structure. It treats these 'holes'
- as unnamed arrays of bytes.
- delete_all_segments()
- Delete all segments, instructions, comments, i.e. everything
- except values of bytes.
- delete_array(array_id)
- Delete array, by its ID.
- @param array_id: The ID of the array to delete.
- demangle_name(name, disable_mask)
- demangle_name a name
- @param name: name to demangle
- @param disable_mask: a mask that tells how to demangle the name
- it is a good idea to get this mask using
- get_inf_attr(INF_SHORT_DN) or get_inf_attr(INF_LONG_DN)
- @return: a demangled name
- If the input name cannot be demangled, returns None
- detach_process()
- Detach the debugger from the debugged process.
- @return: success
- diff_trace_file(filename)
- Diff current trace buffer against given trace
- @param filename: trace file
- enable_bpt(ea, enable)
- Enable/disable breakpoint
- @param ea: any address in the process memory space
- @return: success
- @note: Disabled breakpoints are not written to the process memory
- enable_tracing(trace_level, enable)
- Enable step tracing
- @param trace_level: what kind of trace to modify
- @param enable: 0: turn off, 1: turn on
- @return: success
- end_type_updating(utp)
- End type updating. Refreshes the type system
- at the end of type modification operations
- @param utp: one of ida_typeinf.UTP_xxxx consts
- @return: None
- error(format)
- Display a fatal message in a message box and quit IDA
- @param format: message to print
- eval_idc(expr)
- Evaluate an IDC expression
- @param expr: an expression
- @return: the expression value. If there are problems, the returned value will be "IDC_FAILURE: xxx"
- where xxx is the error description
- @note: Python implementation evaluates IDC only, while IDC can call other registered languages
- exit_process()
- Stop the debugger
- Kills the currently debugger process and returns to the disassembly mode
- @return: success
- expand_struc(sid, offset, delta, recalc)
- Expand or shrink a structure type
- @param id: structure type ID
- @param offset: offset in the structure
- @param delta: how many bytes to add or remove
- @param recalc: recalculate the locations where the structure
- type is used
- @return: != 0 - ok
- fclose(handle)
- fgetc(handle)
- filelength(handle)
- find_binary(ea, flag, searchstr, radix=16)
- @param ea: start address
- @param flag: combination of SEARCH_* flags
- @param searchstr: a string as a user enters it for Search Text in Core
- @param radix: radix of the numbers (default=16)
- @return: ea of result or BADADDR if not found
- @note: Example: "41 42" - find 2 bytes 41h,42h (radix is 16)
- find_code(ea, flag)
- find_data(ea, flag)
- find_defined(ea, flag)
- find_func_end(ea)
- Determine a new function boundaries
- @param ea: starting address of a new function
- @return: if a function already exists, then return its end address.
- If a function end cannot be determined, the return BADADDR
- otherwise return the end address of the new function
- find_imm(ea, flag, value)
- find_selector(val)
- Find a selector which has the specifed value
- @param val: value to search for
- @return: the selector number if found,
- otherwise the input value (val & 0xFFFF)
- @note: selector values are always in paragraphs
- find_suspop(ea, flag)
- # returns BADADDR - not found
- find_text(ea, flag, y, x, searchstr)
- @param ea: start address
- @param flag: combination of SEARCH_* flags
- @param y: number of text line at ea to start from (0..MAX_ITEM_LINES)
- @param x: coordinate in this line
- @param searchstr: search string
- @return: ea of result or BADADDR if not found
- find_unknown(ea, flag)
- first_func_chunk(funcea)
- Get the first function chunk of the specified function
- @param funcea: any address in the function
- @return: the function entry point or BADADDR
- @note: This function returns the first (main) chunk of the specified function
- fopen(f, mode)
- #----------------------------------------------------------------------------
- # F I L E I / O
- #----------------------------------------------------------------------------
- force_bl_call(ea)
- Force BL instruction to be a call
- @param ea: address of the BL instruction
- @return: 1-ok, 0-failed
- force_bl_jump(ea)
- Some ARM compilers in Thumb mode use BL (branch-and-link)
- instead of B (branch) for long jumps, since BL has more range.
- By default, IDA tries to determine if BL is a jump or a call.
- You can override IDA's decision using commands in Edit/Other menu
- (Force BL call/Force BL jump) or the following two functions.
- Force BL instruction to be a jump
- @param ea: address of the BL instruction
- @return: 1-ok, 0-failed
- form(format, *args)
- fprintf(handle, format, *args)
- fputc(byte, handle)
- fseek(handle, offset, origin)
- ftell(handle)
- func_contains(func_ea, ea)
- Does the given function contain the given address?
- @param func_ea: any address belonging to the function
- @param ea: linear address
- @return: success
- gen_file(filetype, path, ea1, ea2, flags)
- Generate an output file
- @param filetype: type of output file. One of OFILE_... symbols. See below.
- @param path: the output file path (will be overwritten!)
- @param ea1: start address. For some file types this argument is ignored
- @param ea2: end address. For some file types this argument is ignored
- @param flags: bit combination of GENFLG_...
- @returns: number of the generated lines.
- -1 if an error occured
- OFILE_EXE: 0-can't generate exe file, 1-ok
- gen_flow_graph(outfile, title, ea1, ea2, flags)
- Generate a flow chart GDL file
- @param outfile: output file name. GDL extension will be used
- @param title: graph title
- @param ea1: beginning of the range to flow chart
- @param ea2: end of the range to flow chart.
- @param flags: combination of CHART_... constants
- @note: If ea2 == BADADDR then ea1 is treated as an address within a function.
- That function will be flow charted.
- gen_simple_call_chart(outfile, title, flags)
- Generate a function call graph GDL file
- @param outfile: output file name. GDL extension will be used
- @param title: graph title
- @param flags: combination of CHART_GEN_GDL, CHART_WINGRAPH, CHART_NOLIBFUNCS
- generate_disasm_line(ea, flags)
- Get disassembly line
- @param ea: linear address of instruction
- @param flags: combination of the GENDSM_ flags, or 0
- @return: "" - could not decode instruction at the specified location
- @note: this function may not return exactly the same mnemonics
- as you see on the screen.
- get_array_element(tag, array_id, idx)
- Get value of array element.
- @param tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
- @param array_id: The array ID.
- @param idx: Index of an element.
- @return: Value of the specified array element. Note that
- this function may return char or long result. Unexistent
- array elements give zero as a result.
- get_array_id(name)
- Get array array_id, by name.
- @param name: The array name.
- @return: -1 in case of failure (i.e., no array with that
- name exists), a valid array_id otherwise.
- get_bmask_cmt(enum_id, bmask, repeatable)
- Get bitmask comment (only for bitfields)
- @param enum_id: id of enum
- @param bmask: bitmask of the constant
- @param repeatable: type of comment, 0-regular, 1-repeatable
- @return: comment attached to bitmask or None
- get_bmask_name(enum_id, bmask)
- Get bitmask name (only for bitfields)
- @param enum_id: id of enum
- @param bmask: bitmask of the constant
- @return: name of bitmask or None
- get_bookmark(slot)
- Get marked position
- @param slot: slot number: 1..1024 if the specifed value is <= 0
- range, IDA will ask the user to select slot.
- @return: BADADDR - the slot doesn't contain a marked address
- otherwise returns the marked address
- get_bookmark_desc(slot)
- Get marked position comment
- @param slot: slot number: 1..1024
- @return: None if the slot doesn't contain a marked address
- otherwise returns the marked address comment
- get_bpt_attr(ea, bptattr)
- Get the characteristics of a breakpoint
- @param ea: any address in the breakpoint range
- @param bptattr: the desired attribute code, one of BPTATTR_... constants
- @return: the desired attribute value or -1
- get_bpt_ea(n)
- Get breakpoint address
- @param n: number of breakpoint, is in range 0..get_bpt_qty()-1
- @return: address of the breakpoint or BADADDR
- get_bpt_qty()
- Get number of breakpoints.
- @return: number of breakpoints
- get_bpt_tev_ea(tev)
- Return the address of the specified TEV_BPT event
- @param tev: event number
- get_bytes(ea, size, use_dbg=False)
- Return the specified number of bytes of the program
- @param ea: linear address
- @param size: size of buffer in normal 8-bit bytes
- @param use_dbg: if True, use debugger memory, otherwise just the database
- @return: None on failure
- otherwise a string containing the read bytes
- get_call_tev_callee(tev)
- Return the address of the callee for the specified event
- @param tev: event number
- get_cmt(ea, repeatable)
- Get regular indented comment
- @param ea: linear address
- @param repeatable: 1 to get the repeatable comment, 0 to get the normal comment
- @return: string or None if it fails
- get_color(ea, what)
- Get item color
- @param ea: address of the item
- @param what: type of the item (one of CIC_* constants)
- @return: color code in RGB (hex 0xBBGGRR)
- get_curline()
- Get the disassembly line at the cursor
- @return: string
- get_current_thread()
- Get current thread ID
- @return: -1 if failure
- get_db_byte(ea)
- Get one byte (8-bit) of the program at 'ea' from the database even if the debugger is active
- @param ea: linear address
- @return: byte value. If the byte has no value then 0xFF is returned.
- @note: If the current byte size is different from 8 bits, then the returned value may have more 1's.
- To check if a byte has a value, use is_loaded()
- get_debugger_event_cond()
- Return the debugger event condition
- get_entry(ordinal)
- Retrieve entry point address
- @param ordinal: entry point number
- it is returned by GetEntryPointOrdinal()
- @return: BADADDR if entry point doesn't exist
- otherwise entry point address.
- If entry point address is equal to its ordinal
- number, then the entry point has no ordinal.
- get_entry_name(ordinal)
- Retrieve entry point name
- @param ordinal: entry point number, ass returned by GetEntryPointOrdinal()
- @return: entry point name or None
- get_entry_ordinal(index)
- Retrieve entry point ordinal number
- @param index: 0..get_entry_qty()-1
- @return: 0 if entry point doesn't exist
- otherwise entry point ordinal
- get_entry_qty()
- Retrieve number of entry points
- @returns: number of entry points
- get_enum(name)
- Get enum ID by the name of enum
- Arguments:
- name - name of enum
- returns: ID of enum or -1 if no such enum exists
- get_enum_cmt(enum_id, repeatable)
- Get comment of enum
- @param enum_id: ID of enum
- @param repeatable: 0:get regular comment
- 1:get repeatable comment
- @return: comment of enum
- get_enum_flag(enum_id)
- Get flag of enum
- @param enum_id: ID of enum
- @return: flags of enum. These flags determine representation
- of numeric constants (binary,octal,decimal,hex)
- in the enum definition. See start of this file for
- more information about flags.
- Returns 0 if enum_id is bad.
- get_enum_idx(enum_id)
- Get serial number of enum by its ID
- @param enum_id: ID of enum
- @return: (0..get_enum_qty()-1) or -1 if error
- get_enum_member(enum_id, value, serial, bmask)
- Get id of constant
- @param enum_id: id of enum
- @param value: value of constant
- @param serial: serial number of the constant in the
- enumeration. See op_enum() for details.
- @param bmask: bitmask of the constant
- ordinary enums accept only ida_enum.DEFMASK as a bitmask
- @return: id of constant or -1 if error
- get_enum_member_bmask(const_id)
- Get bit mask of symbolic constant
- @param const_id: id of symbolic constant
- @return: bitmask of constant or 0
- ordinary enums have bitmask = -1
- get_enum_member_by_name(name)
- Get member of enum - a symbolic constant ID
- @param name: name of symbolic constant
- @return: ID of constant or -1
- get_enum_member_cmt(const_id, repeatable)
- Get comment of a constant
- @param const_id: id of const
- @param repeatable: 0:get regular comment, 1:get repeatable comment
- @return: comment string
- get_enum_member_enum(const_id)
- Get id of enum by id of constant
- @param const_id: id of symbolic constant
- @return: id of enum the constant belongs to.
- -1 if const_id is bad.
- get_enum_member_name(const_id)
- Get name of a constant
- @param const_id: id of const
- Returns: name of constant
- get_enum_member_value(const_id)
- Get value of symbolic constant
- @param const_id: id of symbolic constant
- @return: value of constant or 0
- get_enum_name(enum_id)
- Get name of enum
- @param enum_id: ID of enum
- @return: name of enum or empty string
- get_enum_qty()
- Get number of enum types
- @return: number of enumerations
- get_enum_size(enum_id)
- Get size of enum
- @param enum_id: ID of enum
- @return: number of constants in the enum
- Returns 0 if enum_id is bad.
- get_enum_width(enum_id)
- Get width of enum elements
- @param enum_id: ID of enum
- @return: size of enum elements in bytes
- (0 if enum_id is bad or the width is unknown).
- get_event_bpt_hea()
- Get hardware address for BREAKPOINT event
- @return: hardware address
- get_event_ea()
- Get ea for debug event
- @return: ea
- get_event_exc_code()
- Get exception code for EXCEPTION event
- @return: exception code
- get_event_exc_ea()
- Get address for EXCEPTION event
- @return: adress of exception
- get_event_exc_info()
- Get info for EXCEPTION event
- @return: info string
- get_event_exit_code()
- Get exit code for debug event
- @return: exit code for PROCESS_EXIT, THREAD_EXIT events
- get_event_id()
- Get ID of debug event
- @return: event ID
- get_event_info()
- Get debug event info
- @return: event info: for LIBRARY_UNLOAD (unloaded library name)
- for INFORMATION (message to display)
- get_event_module_base()
- Get module base for debug event
- @return: module base
- get_event_module_name()
- Get module name for debug event
- @return: module name
- get_event_module_size()
- Get module size for debug event
- @return: module size
- get_event_pid()
- Get process ID for debug event
- @return: process ID
- get_event_tid()
- Get type ID for debug event
- @return: type ID
- get_extra_cmt(ea, n)
- Get extra comment line
- @param ea: linear address
- @param n: number of line (0..MAX_ITEM_LINES)
- MAX_ITEM_LINES is defined in IDA.CFG
- To get anterior line #n use (E_PREV + n)
- To get posterior line #n use (E_NEXT + n)
- @return: extra comment line string
- get_fchunk_attr(ea, attr)
- Get a function chunk attribute
- @param ea: any address in the chunk
- @param attr: one of: FUNCATTR_START, FUNCATTR_END, FUNCATTR_OWNER, FUNCATTR_REFQTY
- @return: desired attribute or -1
- get_fchunk_referer(ea, idx)
- Get a function chunk referer
- @param ea: any address in the chunk
- @param idx: referer index (0..get_fchunk_attr(FUNCATTR_REFQTY))
- @return: referer address or BADADDR
- get_first_bmask(enum_id)
- Get first bitmask in the enum (bitfield)
- @param enum_id: id of enum (bitfield)
- @return: the smallest bitmask of constant or -1
- no bitmasks are defined yet
- All bitmasks are sorted by their values
- as unsigned longs.
- get_first_cref_from(From)
- Get first code xref from 'From'
- get_first_cref_to(To)
- Get first code xref to 'To'
- get_first_dref_from(From)
- Get first data xref from 'From'
- get_first_dref_to(To)
- Get first data xref to 'To'
- get_first_enum_member(enum_id, bmask)
- Get first constant in the enum
- @param enum_id: id of enum
- @param bmask: bitmask of the constant (ordinary enums accept only ida_enum.DEFMASK as a bitmask)
- @return: value of constant or idaapi.BADNODE no constants are defined
- All constants are sorted by their values as unsigned longs.
- get_first_fcref_from(From)
- Get first xref from 'From'
- get_first_fcref_to(To)
- Get first xref to 'To'
- get_first_hash_key(hash_id)
- Get the first key in the hash.
- @param hash_id: The hash ID.
- @return: the key, 0 otherwise.
- get_first_index(tag, array_id)
- Get index of the first existing array element.
- @param tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
- @param array_id: The array ID.
- @return: -1 if the array is empty, otherwise index of first array
- element of given type.
- get_first_member(sid)
- Get offset of the first member of a structure
- @param sid: structure type ID
- @return: -1 if bad structure type ID is passed,
- ida_idaapi.BADADDR if structure has no members,
- otherwise returns offset of the first member.
- @note: IDA allows 'holes' between members of a
- structure. It treats these 'holes'
- as unnamed arrays of bytes.
- @note: Union members are, in IDA's internals, located
- at subsequent byte offsets: member 0 -> offset 0x0,
- member 1 -> offset 0x1, etc...
- get_first_module()
- Enumerate process modules
- @return: first module's base address or None on failure
- get_first_seg()
- Get first segment
- @return: address of the start of the first segment
- BADADDR - no segments are defined
- get_first_struc_idx()
- Get index of first structure type
- @return: BADADDR if no structure type is defined
- index of first structure type.
- Each structure type has an index and ID.
- INDEX determines position of structure definition
- in the list of structure definitions. Index 1
- is listed first, after index 2 and so on.
- The index of a structure type can be changed any
- time, leading to movement of the structure definition
- in the list of structure definitions.
- ID uniquely denotes a structure type. A structure
- gets a unique ID at the creation time and this ID
- can't be changed. Even when the structure type gets
- deleted, its ID won't be resued in the future.
- get_fixup_target_dis(ea)
- Get fixup target displacement
- @param ea: address to get information about
- @return: 0 - no fixup at the specified address
- otherwise returns fixup target displacement
- get_fixup_target_flags(ea)
- Get fixup target flags
- @param ea: address to get information about
- @return: 0 - no fixup at the specified address
- otherwise returns fixup target flags
- get_fixup_target_off(ea)
- Get fixup target offset
- @param ea: address to get information about
- @return: BADADDR - no fixup at the specified address
- otherwise returns fixup target offset
- get_fixup_target_sel(ea)
- Get fixup target selector
- @param ea: address to get information about
- @return: BADSEL - no fixup at the specified address
- otherwise returns fixup target selector
- get_fixup_target_type(ea)
- Get fixup target type
- @param ea: address to get information about
- @return: 0 - no fixup at the specified address
- otherwise returns fixup type
- get_forced_operand(ea, n)
- Get manually entered operand string
- @param ea: linear address
- @param n: number of operand:
- 0 - the first operand
- 1 - the second operand
- @return: string or None if it fails
- get_frame_args_size(ea)
- Get size of arguments in function frame which are purged upon return
- @param ea: any address belonging to the function
- @return: Size of function arguments in bytes.
- If the function doesn't have a frame, return 0
- If the function does't exist, return -1
- get_frame_id(ea)
- Get ID of function frame structure
- @param ea: any address belonging to the function
- @return: ID of function frame or None In order to access stack variables
- you need to use structure member manipulaion functions with the
- obtained ID.
- get_frame_lvar_size(ea)
- Get size of local variables in function frame
- @param ea: any address belonging to the function
- @return: Size of local variables in bytes.
- If the function doesn't have a frame, return 0
- If the function does't exist, return None
- get_frame_regs_size(ea)
- Get size of saved registers in function frame
- @param ea: any address belonging to the function
- @return: Size of saved registers in bytes.
- If the function doesn't have a frame, return 0
- This value is used as offset for BP (if FUNC_FRAME is set)
- If the function does't exist, return None
- get_frame_size(ea)
- Get full size of function frame
- @param ea: any address belonging to the function
- @returns: Size of function frame in bytes.
- This function takes into account size of local
- variables + size of saved registers + size of
- return address + size of function arguments
- If the function doesn't have a frame, return size of
- function return address in the stack.
- If the function does't exist, return 0
- get_full_flags(ea)
- Get internal flags
- @param ea: linear address
- @return: 32-bit value of internal flags. See start of IDC.IDC file
- for explanations.
- get_func_attr(ea, attr)
- Get a function attribute
- @param ea: any address belonging to the function
- @param attr: one of FUNCATTR_... constants
- @return: BADADDR - error otherwise returns the attribute value
- get_func_cmt(ea, repeatable)
- Retrieve function comment
- @param ea: any address belonging to the function
- @param repeatable: 1: get repeatable comment
- 0: get regular comment
- @return: function comment string
- get_func_flags(ea)
- Retrieve function flags
- @param ea: any address belonging to the function
- @return: -1 - function doesn't exist otherwise returns the flags
- get_func_name(ea)
- Retrieve function name
- @param ea: any address belonging to the function
- @return: null string - function doesn't exist
- otherwise returns function name
- get_func_off_str(ea)
- Convert address to 'funcname+offset' string
- @param ea: address to convert
- @return: if the address belongs to a function then return a string
- formed as 'name+offset' where 'name' is a function name
- 'offset' is offset within the function else return null string
- get_hash_long(hash_id, key)
- Gets the long value of a hash element.
- @param hash_id: The hash ID.
- @param key: Key of an element.
- @return: the 32bit or 64bit value of the element, or 0 if no such
- element.
- get_hash_string(hash_id, key)
- Gets the string value of a hash element.
- @param hash_id: The hash ID.
- @param key: Key of an element.
- @return: the string value of the element, or None if no such
- element.
- get_idb_path()
- Get IDB full path
- This function returns full path of the current IDB database
- get_inf_attr(offset)
- get_input_file_path()
- Get input file path
- This function returns the full path of the file being disassembled
- get_item_end(ea)
- Get address of the end of the item (instruction or data)
- @param ea: linear address
- @return: address past end of the item at 'ea'
- get_item_head(ea)
- Get starting address of the item (instruction or data)
- @param ea: linear address
- @return: the starting address of the item
- if the current address is unexplored, returns 'ea'
- get_item_size(ea)
- Get size of instruction or data item in bytes
- @param ea: linear address
- @return: 1..n
- get_last_bmask(enum_id)
- Get last bitmask in the enum (bitfield)
- @param enum_id: id of enum
- @return: the biggest bitmask or -1 no bitmasks are defined yet
- All bitmasks are sorted by their values as unsigned longs.
- get_last_enum_member(enum_id, bmask)
- Get last constant in the enum
- @param enum_id: id of enum
- @param bmask: bitmask of the constant (ordinary enums accept only ida_enum.DEFMASK as a bitmask)
- @return: value of constant or idaapi.BADNODE no constants are defined
- All constants are sorted by their values
- as unsigned longs.
- get_last_hash_key(hash_id)
- Get the last key in the hash.
- @param hash_id: The hash ID.
- @return: the key, 0 otherwise.
- get_last_index(tag, array_id)
- Get index of last existing array element.
- @param tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
- @param array_id: The array ID.
- @return: -1 if the array is empty, otherwise index of first array
- element of given type.
- get_last_member(sid)
- Get offset of the last member of a structure
- @param sid: structure type ID
- @return: -1 if bad structure type ID is passed,
- ida_idaapi.BADADDR if structure has no members,
- otherwise returns offset of the last member.
- @note: IDA allows 'holes' between members of a
- structure. It treats these 'holes'
- as unnamed arrays of bytes.
- @note: Union members are, in IDA's internals, located
- at subsequent byte offsets: member 0 -> offset 0x0,
- member 1 -> offset 0x1, etc...
- get_last_struc_idx()
- Get index of last structure type
- @return: BADADDR if no structure type is defined
- index of last structure type.
- See get_first_struc_idx() for the explanation of
- structure indices and IDs.
- get_local_tinfo(ordinal)
- Get local type information as 'typeinfo' object
- @param ordinal: slot number (1...NumberOfLocalTypes)
- @return: None on failure, or (type, fields, name) tuple.
- get_manual_insn(ea)
- Get manual representation of instruction
- @param ea: linear address
- @note: This function returns value set by set_manual_insn earlier.
- get_member_cmt(sid, member_offset, repeatable)
- Get comment of a member
- @param sid: structure type ID
- @param member_offset: member offset. The offset can be
- any offset in the member. For example,
- is a member is 4 bytes long and starts
- at offset 2, then 2,3,4,5 denote
- the same structure member.
- @param repeatable: 1: get repeatable comment
- 0: get regular comment
- @return: None if bad structure type ID is passed
- or no such member in the structure
- otherwise returns comment of the specified member.
- get_member_flag(sid, member_offset)
- Get type of a member
- @param sid: structure type ID
- @param member_offset: member offset. The offset can be
- any offset in the member. For example,
- is a member is 4 bytes long and starts
- at offset 2, then 2,3,4,5 denote
- the same structure member.
- @return: -1 if bad structure type ID is passed
- or no such member in the structure
- otherwise returns type of the member, see bit
- definitions above. If the member type is a structure
- then function GetMemberStrid() should be used to
- get the structure type id.
- get_member_id(sid, member_offset)
- @param sid: structure type ID
- @param member_offset:. The offset can be
- any offset in the member. For example,
- is a member is 4 bytes long and starts
- at offset 2, then 2,3,4,5 denote
- the same structure member.
- @return: -1 if bad structure type ID is passed or there is
- no member at the specified offset.
- otherwise returns the member id.
- get_member_name(sid, member_offset)
- Get name of a member of a structure
- @param sid: structure type ID
- @param member_offset: member offset. The offset can be
- any offset in the member. For example,
- is a member is 4 bytes long and starts
- at offset 2, then 2,3,4,5 denote
- the same structure member.
- @return: None if bad structure type ID is passed
- or no such member in the structure
- otherwise returns name of the specified member.
- get_member_offset(sid, member_name)
- Get offset of a member of a structure by the member name
- @param sid: structure type ID
- @param member_name: name of structure member
- @return: -1 if bad structure type ID is passed
- or no such member in the structure
- otherwise returns offset of the specified member.
- @note: Union members are, in IDA's internals, located
- at subsequent byte offsets: member 0 -> offset 0x0,
- member 1 -> offset 0x1, etc...
- get_member_qty(sid)
- Get number of members of a structure
- @param sid: structure type ID
- @return: -1 if bad structure type ID is passed otherwise
- returns number of members.
- @note: Union members are, in IDA's internals, located
- at subsequent byte offsets: member 0 -> offset 0x0,
- member 1 -> offset 0x1, etc...
- get_member_size(sid, member_offset)
- Get size of a member
- @param sid: structure type ID
- @param member_offset: member offset. The offset can be
- any offset in the member. For example,
- is a member is 4 bytes long and starts
- at offset 2, then 2,3,4,5 denote
- the same structure member.
- @return: None if bad structure type ID is passed,
- or no such member in the structure
- otherwise returns size of the specified
- member in bytes.
- get_member_strid(sid, member_offset)
- Get structure id of a member
- @param sid: structure type ID
- @param member_offset: member offset. The offset can be
- any offset in the member. For example,
- is a member is 4 bytes long and starts
- at offset 2, then 2,3,4,5 denote
- the same structure member.
- @return: -1 if bad structure type ID is passed
- or no such member in the structure
- otherwise returns structure id of the member.
- If the current member is not a structure, returns -1.
- get_min_spd_ea(func_ea)
- Return the address with the minimal spd (stack pointer delta)
- If there are no SP change points, then return BADADDR.
- @param func_ea: function start
- @return: BADDADDR - no such function
- get_module_name(base)
- Get process module name
- @param base: the base address of the module
- @return: required info or None
- get_module_size(base)
- Get process module size
- @param base: the base address of the module
- @return: required info or -1
- get_name(ea, gtn_flags=0)
- Get name at the specified address
- @param ea: linear address
- @param gtn_flags: how exactly the name should be retrieved.
- combination of GN_ bits
- @return: "" - byte has no name
- get_name_ea(fromaddr, name)
- Get linear address of a name
- @param fromaddr: the referring address. Allows to retrieve local label
- addresses in functions. If a local name is not found,
- then address of a global name is returned.
- @param name: name of program byte
- @return: address of the name (BADADDR - no such name)
- @note: Dummy names (like byte_xxxx where xxxx are hex digits) are parsed by this
- function to obtain the address. The database is not consulted for them.
- get_name_ea_simple(name)
- Get linear address of a name
- @param name: name of program byte
- @return: address of the name
- BADADDR - No such name
- get_next_bmask(enum_id, value)
- Get next bitmask in the enum (bitfield)
- @param enum_id: id of enum
- @param value: value of the current bitmask
- @return: value of a bitmask with value higher than the specified
- value. -1 if no such bitmasks exist.
- All bitmasks are sorted by their values
- as unsigned longs.
- get_next_cref_from(From, current)
- Get next code xref from
- get_next_cref_to(To, current)
- Get next code xref to 'To'
- get_next_dref_from(From, current)
- Get next data xref from 'From'
- get_next_dref_to(To, current)
- Get next data xref to 'To'
- get_next_enum_member(enum_id, value, bmask)
- Get next constant in the enum
- @param enum_id: id of enum
- @param bmask: bitmask of the constant ordinary enums accept only ida_enum.DEFMASK as a bitmask
- @param value: value of the current constant
- @return: value of a constant with value higher than the specified
- value. idaapi.BADNODE no such constants exist.
- All constants are sorted by their values as unsigned longs.
- get_next_fchunk(ea)
- Get next function chunk
- @param ea: any address
- @return: the starting address of the next function chunk or BADADDR
- @note: This function enumerates all chunks of all functions in the database
- get_next_fcref_from(From, current)
- Get next xref from
- get_next_fcref_to(To, current)
- Get next xref to 'To'
- get_next_fixup_ea(ea)
- Find next address with fixup information
- @param ea: current address
- @return: BADADDR - no more fixups otherwise returns the next
- address with fixup information
- get_next_func(ea)
- Find next function
- @param ea: any address belonging to the function
- @return: BADADDR - no more functions
- otherwise returns the next function start address
- get_next_hash_key(hash_id, key)
- Get the next key in the hash.
- @param hash_id: The hash ID.
- @param key: The current key.
- @return: the next key, 0 otherwise
- get_next_index(tag, array_id, idx)
- Get index of the next existing array element.
- @param tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
- @param array_id: The array ID.
- @param idx: Index of the current element.
- @return: -1 if no more elements, otherwise returns index of the
- next array element of given type.
- get_next_module(base)
- Enumerate process modules
- @param base: previous module's base address
- @return: next module's base address or None on failure
- get_next_offset(sid, offset)
- Get next offset in a structure
- @param sid: structure type ID
- @param offset: current offset
- @return: -1 if bad structure type ID is passed,
- ida_idaapi.BADADDR if no (more) offsets in the structure,
- otherwise returns next offset in a structure.
- @note: IDA allows 'holes' between members of a
- structure. It treats these 'holes'
- as unnamed arrays of bytes.
- This function returns a member offset or a hole offset.
- It will return size of the structure if input
- 'offset' belongs to the last member of the structure.
- @note: Union members are, in IDA's internals, located
- at subsequent byte offsets: member 0 -> offset 0x0,
- member 1 -> offset 0x1, etc...
- get_next_seg(ea)
- Get next segment
- @param ea: linear address
- @return: start of the next segment
- BADADDR - no next segment
- get_next_struc_idx(index)
- Get index of next structure type
- @param index: current structure index
- @return: BADADDR if no (more) structure type is defined
- index of the next structure type.
- See get_first_struc_idx() for the explanation of
- structure indices and IDs.
- get_numbered_type_name(ordinal)
- Retrieve a local type name
- @param ordinal: slot number (1...NumberOfLocalTypes)
- returns: local type name or None
- get_operand_type(ea, n)
- Get type of instruction operand
- @param ea: linear address of instruction
- @param n: number of operand:
- 0 - the first operand
- 1 - the second operand
- @return: any of o_* constants or -1 on error
- get_operand_value(ea, n)
- Get number used in the operand
- This function returns an immediate number used in the operand
- @param ea: linear address of instruction
- @param n: the operand number
- @return: value
- operand is an immediate value => immediate value
- operand has a displacement => displacement
- operand is a direct memory ref => memory address
- operand is a register => register number
- operand is a register phrase => phrase number
- otherwise => -1
- get_ordinal_qty()
- Get number of local types + 1
- @return: value >= 1. 1 means that there are no local types.
- get_original_byte(ea)
- Get original value of program byte
- @param ea: linear address
- @return: the original value of byte before any patch applied to it
- get_prev_bmask(enum_id, value)
- Get prev bitmask in the enum (bitfield)
- @param enum_id: id of enum
- @param value: value of the current bitmask
- @return: value of a bitmask with value lower than the specified
- value. -1 no such bitmasks exist.
- All bitmasks are sorted by their values as unsigned longs.
- get_prev_enum_member(enum_id, value, bmask)
- Get prev constant in the enum
- @param enum_id: id of enum
- @param bmask : bitmask of the constant
- ordinary enums accept only ida_enum.DEFMASK as a bitmask
- @param value: value of the current constant
- @return: value of a constant with value lower than the specified
- value. idaapi.BADNODE no such constants exist.
- All constants are sorted by their values as unsigned longs.
- get_prev_fchunk(ea)
- Get previous function chunk
- @param ea: any address
- @return: the starting address of the function chunk or BADADDR
- @note: This function enumerates all chunks of all functions in the database
- get_prev_fixup_ea(ea)
- Find previous address with fixup information
- @param ea: current address
- @return: BADADDR - no more fixups otherwise returns the
- previous address with fixup information
- get_prev_func(ea)
- Find previous function
- @param ea: any address belonging to the function
- @return: BADADDR - no more functions
- otherwise returns the previous function start address
- get_prev_hash_key(hash_id, key)
- Get the previous key in the hash.
- @param hash_id: The hash ID.
- @param key: The current key.
- @return: the previous key, 0 otherwise
- get_prev_index(tag, array_id, idx)
- Get index of the previous existing array element.
- @param tag: Tag of array, specifies one of two array types: AR_LONG, AR_STR
- @param array_id: The array ID.
- @param idx: Index of the current element.
- @return: -1 if no more elements, otherwise returns index of the
- previous array element of given type.
- get_prev_offset(sid, offset)
- Get previous offset in a structure
- @param sid: structure type ID
- @param offset: current offset
- @return: -1 if bad structure type ID is passed,
- ida_idaapi.BADADDR if no (more) offsets in the structure,
- otherwise returns previous offset in a structure.
- @note: IDA allows 'holes' between members of a
- structure. It treats these 'holes'
- as unnamed arrays of bytes.
- This function returns a member offset or a hole offset.
- It will return size of the structure if input
- 'offset' is bigger than the structure size.
- @note: Union members are, in IDA's internals, located
- at subsequent byte offsets: member 0 -> offset 0x0,
- member 1 -> offset 0x1, etc...
- get_prev_struc_idx(index)
- Get index of previous structure type
- @param index: current structure index
- @return: BADADDR if no (more) structure type is defined
- index of the presiouvs structure type.
- See get_first_struc_idx() for the explanation of
- structure indices and IDs.
- get_process_state()
- Get debugged process state
- @return: one of the DBG_... constants (see below)
- get_processes()
- Take a snapshot of running processes and return their description.
- @return: -1:network error, 0-failed, 1-ok
- get_qword(ea)
- Get value of program quadro word (8 bytes)
- @param ea: linear address
- @return: the value of the quadro word. If failed, returns -1
- get_reg_value(name)
- Get register value
- @param name: the register name
- @note: The debugger should be running. otherwise the function fails
- the register name should be valid.
- It is not necessary to use this function to get register values
- because a register name in the script will do too.
- @return: register value (integer or floating point)
- get_ret_tev_return(tev)
- Return the return address for the specified event
- @param tev: event number
- get_root_filename()
- Get input file name
- This function returns name of the file being disassembled
- get_screen_ea()
- Get linear address of cursor
- get_segm_attr(segea, attr)
- Get segment attribute
- @param segea: any address within segment
- @param attr: one of SEGATTR_... constants
- get_segm_by_sel(base)
- Get segment by segment base
- @param base: segment base paragraph or selector
- @return: linear address of the start of the segment or BADADDR
- if no such segment
- get_segm_end(ea)
- Get end address of a segment
- @param ea: any address in the segment
- @return: end of segment (an address past end of the segment)
- BADADDR - the specified address doesn't belong to any segment
- get_segm_name(ea)
- Get name of a segment
- @param ea: any address in the segment
- @return: "" - no segment at the specified address
- get_segm_start(ea)
- Get start address of a segment
- @param ea: any address in the segment
- @return: start of segment
- BADADDR - the specified address doesn't belong to any segment
- get_source_linnum(ea)
- Get source line number
- @param ea: linear address
- @return: number of line in the source file or -1
- get_sourcefile(ea)
- Get name of source file occupying the given address
- @param ea: linear address
- @return: NULL - source file information is not found
- otherwise returns pointer to file name
- get_sp_delta(ea)
- Get modification of SP made by the instruction
- @param ea: end address of the instruction
- i.e.the last address of the instruction+1
- @return: Get modification of SP made at the specified location
- If the specified location doesn't contain a SP change point, return 0
- Otherwise return delta of SP modification
- get_spd(ea)
- Get current delta for the stack pointer
- @param ea: end address of the instruction
- i.e.the last address of the instruction+1
- @return: The difference between the original SP upon
- entering the function and SP for the specified address
- get_sreg(ea, reg)
- Get value of segment register at the specified address
- @param ea: linear address
- @param reg: name of segment register
- @return: the value of the segment register or -1 on error
- @note: The segment registers in 32bit program usually contain selectors,
- so to get paragraph pointed to by the segment register you need to
- call sel2para() function.
- get_step_trace_options()
- Get step current tracing options
- @return: a combination of ST_... constants
- get_str_type(ea)
- Get string type
- @param ea: linear address
- @return: One of STRTYPE_... constants
- get_strlit_contents(ea, length=-1, strtype=0)
- Get string contents
- @param ea: linear address
- @param length: string length. -1 means to calculate the max string length
- @param strtype: the string type (one of STRTYPE_... constants)
- @return: string contents or empty string
- get_struc_by_idx(index)
- Get structure ID by structure index
- @param index: structure index
- @return: BADADDR if bad structure index is passed otherwise returns structure ID.
- @note: See get_first_struc_idx() for the explanation of structure indices and IDs.
- get_struc_cmt(sid, repeatable)
- Get structure type comment
- @param sid: structure type ID
- @param repeatable: 1: get repeatable comment
- 0: get regular comment
- @return: None if bad structure type ID is passed
- otherwise returns comment.
- get_struc_id(name)
- Get structure ID by structure name
- @param name: structure type name
- @return: BADADDR if bad structure type name is passed
- otherwise returns structure ID.
- get_struc_idx(sid)
- Get structure index by structure ID
- @param sid: structure ID
- @return: BADADDR if bad structure ID is passed
- otherwise returns structure index.
- See get_first_struc_idx() for the explanation of
- structure indices and IDs.
- get_struc_name(sid)
- Get structure type name
- @param sid: structure type ID
- @return: None if bad structure type ID is passed
- otherwise returns structure type name.
- get_struc_qty()
- Get number of defined structure types
- @return: number of structure types
- get_struc_size(sid)
- Get size of a structure
- @param sid: structure type ID
- @return: 0 if bad structure type ID is passed
- otherwise returns size of structure in bytes.
- get_tev_ea(tev)
- Return the address of the specified event
- @param tev: event number
- get_tev_mem(tev, idx)
- Return the blob of memory pointed to by 'index', for the specified event
- Note: this requires that the tracing options have been set to record pieces of memory for instruction events
- @param tev: event number
- @param idx: memory address index
- get_tev_mem_ea(tev, idx)
- Return the address of the blob of memory pointed to by 'index' for the specified event
- Note: this requires that the tracing options have been set to record pieces of memory for instruction events
- @param tev: event number
- @param idx: memory address index
- get_tev_mem_qty(tev)
- Return the number of blobs of memory recorded, for the specified event
- Note: this requires that the tracing options have been set to record pieces of memory for instruction events
- @param tev: event number
- get_tev_qty()
- Return the total number of recorded events
- get_tev_reg(tev, reg)
- Return the register value for the specified event
- @param tev: event number
- @param reg: register name (like EAX, RBX, ...)
- get_tev_tid(tev)
- Return the thread id of the specified event
- @param tev: event number
- get_tev_type(tev)
- Return the type of the specified event (TEV_... constants)
- @param tev: event number
- get_thread_qty()
- Get number of threads.
- @return: number of threads
- get_tinfo(ea)
- Get type information of function/variable as 'typeinfo' object
- @param ea: the address of the object
- @return: None on failure, or (type, fields) tuple.
- get_trace_file_desc(filename)
- Get the trace description of the given binary trace file
- @param filename: trace file
- get_type(ea)
- Get type of function/variable
- @param ea: the address of the object
- @return: type string or None if failed
- get_wide_byte(ea)
- Get value of program byte
- @param ea: linear address
- @return: value of byte. If byte has no value then returns 0xFF
- If the current byte size is different from 8 bits, then the returned value
- might have more 1's.
- To check if a byte has a value, use is_loaded()
- get_wide_dword(ea)
- Get value of program double word (4 bytes)
- @param ea: linear address
- @return: the value of the double word. If failed returns -1
- get_wide_word(ea)
- Get value of program word (2 bytes)
- @param ea: linear address
- @return: the value of the word. If word has no value then returns 0xFFFF
- If the current byte size is different from 8 bits, then the returned value
- might have more 1's.
- get_xref_type()
- Return type of the last xref obtained by
- [RD]first/next[B0] functions.
- @return: constants fl_* or dr_*
- getn_enum(idx)
- Get ID of the specified enum by its serial number
- @param idx: number of enum (0..get_enum_qty()-1)
- @return: ID of enum or -1 if error
- getn_thread(idx)
- Get the ID of a thread
- @param idx: number of thread, is in range 0..get_thread_qty()-1
- @return: -1 if failure
- guess_type(ea)
- Guess type of function/variable
- @param ea: the address of the object, can be the structure member id too
- @return: type string or None if failed
- hasName(F)
- hasUserName(F)
- has_value(F)
- here()
- # Convenience functions:
- idadir()
- Get IDA directory
- This function returns the directory where IDA.EXE resides
- import_type(idx, type_name)
- Copy information from type library to database
- Copy structure, union, or enum definition from the type library
- to the IDA database.
- @param idx: the position of the new type in the list of
- types (structures or enums) -1 means at the end of the list
- @param type_name: name of type to copy
- @return: BADNODE-failed, otherwise the type id (structure id or enum id)
- isBin0(F)
- isBin1(F)
- isDec0(F)
- isDec1(F)
- isExtra(F)
- isHex0(F)
- isHex1(F)
- isOct0(F)
- isOct1(F)
- isRef(F)
- is_align(F)
- is_bf(enum_id)
- Is enum a bitfield?
- @param enum_id: id of enum
- @return: 1-yes, 0-no, ordinary enum
- is_byte(F)
- is_char0(F)
- is_char1(F)
- is_code(F)
- is_data(F)
- is_defarg0(F)
- is_defarg1(F)
- is_double(F)
- is_dword(F)
- is_enum0(F)
- is_enum1(F)
- is_event_handled()
- Is the debug event handled?
- @return: boolean
- is_float(F)
- is_flow(F)
- is_head(F)
- is_loaded(ea)
- Is the byte initialized?
- is_manual0(F)
- is_manual1(F)
- is_mapped(ea)
- is_off0(F)
- is_off1(F)
- is_oword(F)
- is_pack_real(F)
- is_qword(F)
- is_seg0(F)
- is_seg1(F)
- is_stkvar0(F)
- is_stkvar1(F)
- is_strlit(F)
- is_stroff0(F)
- is_stroff1(F)
- is_struct(F)
- is_tail(F)
- is_tbyte(F)
- is_union(sid)
- Is a structure a union?
- @param sid: structure type ID
- @return: 1: yes, this is a union id
- 0: no
- @note: Unions are a special kind of structures
- is_unknown(F)
- is_valid_trace_file(filename)
- Check the given binary trace file
- @param filename: trace file
- is_word(F)
- jumpto(ea)
- Move cursor to the specifed linear address
- @param ea: linear address
- load_and_run_plugin(name, arg)
- Load and run a plugin
- @param name: The plugin name is a short plugin name without an extension
- @param arg: integer argument
- @return: 0 if could not load the plugin, 1 if ok
- load_debugger(dbgname, use_remote)
- Load the debugger
- @param dbgname: debugger module name Examples: win32, linux, mac.
- @param use_remote: 0/1: use remote debugger or not
- @note: This function is needed only when running idc scripts from the command line.
- In other cases IDA loads the debugger module automatically.
- load_trace_file(filename)
- Load a previously recorded binary trace file
- @param filename: trace file
- loadfile(filepath, pos, ea, size)
- ltoa(n, radix)
- make_array(ea, nitems)
- Create an array.
- @param ea: linear address
- @param nitems: size of array in items
- @note: This function will create an array of the items with the same type as
- the type of the item at 'ea'. If the byte at 'ea' is undefined, then
- this function will create an array of bytes.
- move_segm(ea, to, flags)
- Move a segment to a new address
- This function moves all information to the new address
- It fixes up address sensitive information in the kernel
- The total effect is equal to reloading the segment to the target address
- @param ea: any address within the segment to move
- @param to: new segment start address
- @param flags: combination MFS_... constants
- @returns: MOVE_SEGM_... error code
- msg(message)
- Display an UTF-8 string in the message window
- The result of the stringification of the arguments
- will be treated as an UTF-8 string.
- @param message: message to print (formatting is done in Python)
- This function can be used to debug IDC scripts
- next_addr(ea)
- Get next address in the program
- @param ea: linear address
- @return: BADADDR - the specified address in the last used address
- next_func_chunk(funcea, tailea)
- Get the next function chunk of the specified function
- @param funcea: any address in the function
- @param tailea: any address in the current chunk
- @return: the starting address of the next function chunk or BADADDR
- @note: This function returns the next chunk of the specified function
- next_head(ea, maxea=18446744073709551615L)
- Get next defined item (instruction or data) in the program
- @param ea: linear address to start search from
- @param maxea: the search will stop at the address
- maxea is not included in the search range
- @return: BADADDR - no (more) defined items
- next_not_tail(ea)
- Get next not-tail address in the program
- This function searches for the next displayable address in the program.
- The tail bytes of instructions and data are not displayable.
- @param ea: linear address
- @return: BADADDR - no (more) not-tail addresses
- op_bin(ea, n)
- Convert an operand of the item (instruction or data) to a binary number
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- @return: 1-ok, 0-failure
- @note: the data items use only the type of the first operand
- op_chr(ea, n)
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- op_dec(ea, n)
- Convert an operand of the item (instruction or data) to a decimal number
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- op_enum(ea, n, enumid, serial)
- Convert operand to a symbolic constant
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- @param enumid: id of enumeration type
- @param serial: serial number of the constant in the enumeration
- The serial numbers are used if there are more than
- one symbolic constant with the same value in the
- enumeration. In this case the first defined constant
- get the serial number 0, then second 1, etc.
- There could be 256 symbolic constants with the same
- value in the enumeration.
- op_flt(ea, n)
- Convert operand to a floating-point number
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- @return: 1-ok, 0-failure
- op_hex(ea, n)
- Convert an operand of the item (instruction or data) to a hexadecimal number
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- op_man(ea, n, opstr)
- Specify operand represenation manually.
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- @param opstr: a string represenation of the operand
- @note: IDA will not check the specified operand, it will simply display
- it instead of the orginal representation of the operand.
- op_num(ea, n)
- Convert operand to a number (with default number base, radix)
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- op_oct(ea, n)
- Convert an operand of the item (instruction or data) to an octal number
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- op_offset(ea, n, reftype, target, base, tdelta)
- Convert operand to a complex offset expression
- This is a more powerful version of op_plain_offset() function.
- It allows to explicitly specify the reference type (off8,off16, etc)
- and the expression target with a possible target delta.
- The complex expressions are represented by IDA in the following form:
- target + tdelta - base
- If the target is not present, then it will be calculated using
- target = operand_value - tdelta + base
- The target must be present for LOW.. and HIGH.. reference types
- @param ea: linear address of the instruction/data
- @param n: number of operand to convert (the same as in op_plain_offset)
- @param reftype: one of REF_... constants
- @param target: an explicitly specified expression target. if you don't
- want to specify it, use -1. Please note that LOW... and
- HIGH... reference type requre the target.
- @param base: the offset base (a linear address)
- @param tdelta: a displacement from the target which will be displayed
- in the expression.
- @return: success (boolean)
- op_offset_high16(ea, n, target)
- Convert operand to a high offset
- High offset is the upper 16bits of an offset.
- This type is used by TMS320C6 processors (and probably by other
- RISC processors too)
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- @param target: the full value (all 32bits) of the offset
- op_plain_offset(ea, n, base)
- Convert operand to an offset
- (for the explanations of 'ea' and 'n' please see op_bin())
- Example:
- ========
- seg000:2000 dw 1234h
- and there is a segment at paragraph 0x1000 and there is a data item
- within the segment at 0x1234:
- seg000:1234 MyString db 'Hello, world!',0
- Then you need to specify a linear address of the segment base to
- create a proper offset:
- op_plain_offset(["seg000",0x2000],0,0x10000);
- and you will have:
- seg000:2000 dw offset MyString
- Motorola 680x0 processor have a concept of "outer offsets".
- If you want to create an outer offset, you need to combine number
- of the operand with the following bit:
- Please note that the outer offsets are meaningful only for
- Motorola 680x0.
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- @param base: base of the offset as a linear address
- If base == BADADDR then the current operand becomes non-offset
- op_seg(ea, n)
- Convert operand to a segment expression
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- op_stkvar(ea, n)
- Convert operand to a stack variable
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- op_stroff(ea, n, strid, delta)
- Convert operand to an offset in a structure
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- @param strid: id of a structure type
- @param delta: struct offset delta. usually 0. denotes the difference
- between the structure base and the pointer into the structure.
- parse_decl(inputtype, flags)
- Parse type declaration
- @param inputtype: file name or C declarations (depending on the flags)
- @param flags: combination of PT_... constants or 0
- @return: None on failure or (name, type, fields) tuple
- parse_decls(inputtype, flags=0)
- Parse type declarations
- @param inputtype: file name or C declarations (depending on the flags)
- @param flags: combination of PT_... constants or 0
- @return: number of parsing errors (0 no errors)
- patch_byte(ea, value)
- Change value of a program byte
- If debugger was active then the debugged process memory will be patched too
- @param ea: linear address
- @param value: new value of the byte
- @return: 1 if the database has been modified,
- 0 if either the debugger is running and the process' memory
- has value 'value' at address 'ea',
- or the debugger is not running, and the IDB
- has value 'value' at address 'ea already.
- patch_dbg_byte(ea, value)
- Change a byte in the debugged process memory only
- @param ea: address
- @param value: new value of the byte
- @return: 1 if successful, 0 if not
- patch_dword(ea, value)
- Change value of a double word
- @param ea: linear address
- @param value: new value of the double word
- @return: 1 if the database has been modified,
- 0 if either the debugger is running and the process' memory
- has value 'value' at address 'ea',
- or the debugger is not running, and the IDB
- has value 'value' at address 'ea already.
- patch_qword(ea, value)
- Change value of a quad word
- @param ea: linear address
- @param value: new value of the quad word
- @return: 1 if the database has been modified,
- 0 if either the debugger is running and the process' memory
- has value 'value' at address 'ea',
- or the debugger is not running, and the IDB
- has value 'value' at address 'ea already.
- patch_word(ea, value)
- Change value of a program word (2 bytes)
- @param ea: linear address
- @param value: new value of the word
- @return: 1 if the database has been modified,
- 0 if either the debugger is running and the process' memory
- has value 'value' at address 'ea',
- or the debugger is not running, and the IDB
- has value 'value' at address 'ea already.
- plan_and_wait(sEA, eEA, final_pass=True)
- Perform full analysis of the range
- @param sEA: starting linear address
- @param eEA: ending linear address (excluded)
- @param final_pass: make the final pass over the specified range
- @return: 1-ok, 0-Ctrl-Break was pressed.
- plan_to_apply_idasgn(name)
- Load (plan to apply) a FLIRT signature file
- @param name: signature name without path and extension
- @return: 0 if could not load the signature file, !=0 otherwise
- prev_addr(ea)
- Get previous address in the program
- @param ea: linear address
- @return: BADADDR - the specified address in the first address
- prev_head(ea, minea=0)
- Get previous defined item (instruction or data) in the program
- @param ea: linear address to start search from
- @param minea: the search will stop at the address
- minea is included in the search range
- @return: BADADDR - no (more) defined items
- prev_not_tail(ea)
- Get previous not-tail address in the program
- This function searches for the previous displayable address in the program.
- The tail bytes of instructions and data are not displayable.
- @param ea: linear address
- @return: BADADDR - no (more) not-tail addresses
- print_decls(ordinals, flags)
- Print types in a format suitable for use in a header file
- @param ordinals: comma-separated list of type ordinals
- @param flags: combination of PDF_... constants or 0
- @return: string containing the type definitions
- print_insn_mnem(ea)
- Get instruction mnemonics
- @param ea: linear address of instruction
- @return: "" - no instruction at the specified location
- @note: this function may not return exactly the same mnemonics
- as you see on the screen.
- print_operand(ea, n)
- Get operand of an instruction or data
- @param ea: linear address of the item
- @param n: number of operand:
- 0 - the first operand
- 1 - the second operand
- @return: the current text representation of operand or ""
- process_config_line(directive)
- Parse one or more ida.cfg config directives
- @param directive: directives to process, for example: PACK_DATABASE=2
- @note: If the directives are erroneous, a fatal error will be generated.
- The settings are permanent: effective for the current session and the next ones
- process_ui_action(name, flags=0)
- Invokes an IDA UI action by name
- @param name: Command name
- @param flags: Reserved. Must be zero
- @return: Boolean
- put_bookmark(ea, lnnum, x, y, slot, comment)
- Mark position
- @param ea: address to mark
- @param lnnum: number of generated line for the 'ea'
- @param x: x coordinate of cursor
- @param y: y coordinate of cursor
- @param slot: slot number: 1..1024
- if the specifed value is not within the
- range, IDA will ask the user to select slot.
- @param comment: description of the mark. Should be not empty.
- @return: None
- qexit(code)
- Stop execution of IDC program, close the database and exit to OS
- @param code: code to exit with.
- @return: -
- qsleep(milliseconds)
- qsleep the specified number of milliseconds
- This function suspends IDA for the specified amount of time
- @param milliseconds: time to sleep
- read_dbg_byte(ea)
- Get value of program byte using the debugger memory
- @param ea: linear address
- @return: The value or None on failure.
- read_dbg_dword(ea)
- Get value of program double-word using the debugger memory
- @param ea: linear address
- @return: The value or None on failure.
- read_dbg_memory(ea, size)
- Read from debugger memory.
- @param ea: linear address
- @param size: size of data to read
- @return: data as a string. If failed, If failed, throws an exception
- Thread-safe function (may be called only from the main thread and debthread)
- read_dbg_qword(ea)
- Get value of program quadro-word using the debugger memory
- @param ea: linear address
- @return: The value or None on failure.
- read_dbg_word(ea)
- Get value of program word using the debugger memory
- @param ea: linear address
- @return: The value or None on failure.
- read_selection_end()
- Get end address of the selected range
- @return: BADADDR - the user has not selected an range
- read_selection_start()
- Get start address of the selected range
- returns BADADDR - the user has not selected an range
- readlong(handle, mostfirst)
- readshort(handle, mostfirst)
- readstr(handle)
- rebase_program(delta, flags)
- Rebase the whole program by 'delta' bytes
- @param delta: number of bytes to move the program
- @param flags: combination of MFS_... constants
- it is recommended to use MSF_FIXONCE so that the loader takes
- care of global variables it stored in the database
- @returns: error code MOVE_SEGM_...
- recalc_spd(cur_ea)
- Recalculate SP delta for an instruction that stops execution.
- @param cur_ea: linear address of the current instruction
- @return: 1 - new stkpnt is added, 0 - nothing is changed
- refresh_debugger_memory()
- refresh_idaview_anyway debugger memory
- Upon this call IDA will forget all cached information
- about the debugged process. This includes the segmentation
- information and memory contents (register cache is managed
- automatically). Also, this function refreshes exported name
- from loaded DLLs.
- You must call this function before using the segmentation
- information, memory contents, or names of a non-suspended process.
- This is an expensive call.
- refresh_idaview_anyway()
- refresh_idaview_anyway all disassembly views
- refresh_lists()
- refresh_idaview_anyway all list views (names, functions, etc)
- remove_fchunk(funcea, tailea)
- Remove a function chunk from the function
- @param funcea: any address in the function
- @param tailea: any address in the function chunk to remove
- @return: 0 if failed, 1 if success
- rename_array(array_id, newname)
- Rename array, by its ID.
- @param id: The ID of the array to rename.
- @param newname: The new name of the array.
- @return: 1 in case of success, 0 otherwise
- rename_entry(ordinal, name)
- Rename entry point
- @param ordinal: entry point number
- @param name: new name
- @return: !=0 - ok
- resume_process()
- resume_thread(tid)
- Resume thread
- @param tid: thread id
- @return: -1:network error, 0-failed, 1-ok
- retrieve_input_file_md5()
- Return the MD5 hash of the input binary file
- @return: MD5 string or None on error
- rotate_byte(x, count)
- rotate_dword(x, count)
- rotate_left(value, count, nbits, offset)
- Rotate a value to the left (or right)
- @param value: value to rotate
- @param count: number of times to rotate. negative counter means
- rotate to the right
- @param nbits: number of bits to rotate
- @param offset: offset of the first bit to rotate
- @return: the value with the specified field rotated
- all other bits are not modified
- rotate_word(x, count)
- run_to(ea)
- Execute the process until the given address is reached.
- If no process is active, a new process is started.
- See the important note to the step_into() function
- @return: success
- save_database(idbname, flags=0)
- Save current database to the specified idb file
- @param idbname: name of the idb file. if empty, the current idb
- file will be used.
- @param flags: combination of ida_loader.DBFL_... bits or 0
- save_trace_file(filename, description)
- Save current trace to a binary trace file
- @param filename: trace file
- @param description: trace description
- savefile(filepath, pos, ea, size)
- sel2para(sel)
- Get a selector value
- @param sel: the selector number
- @return: selector value if found
- otherwise the input value (sel)
- @note: selector values are always in paragraphs
- select_thread(tid)
- Select the given thread as the current debugged thread.
- @param tid: ID of the thread to select
- @return: success
- @note: The process must be suspended to select a new thread.
- selector_by_name(segname)
- Get segment by name
- @param segname: name of segment
- @return: segment selector or BADADDR
- send_dbg_command(cmd)
- Sends a command to the debugger module and returns the output string.
- An exception will be raised if the debugger is not running or the current debugger does not export
- the 'send_dbg_command' IDC command.
- set_array_long(array_id, idx, value)
- Sets the long value of an array element.
- @param array_id: The array ID.
- @param idx: Index of an element.
- @param value: 32bit or 64bit value to store in the array
- @return: 1 in case of success, 0 otherwise
- set_array_params(ea, flags, litems, align)
- Set array representation format
- @param ea: linear address
- @param flags: combination of AP_... constants or 0
- @param litems: number of items per line. 0 means auto
- @param align: element alignment
- - -1: do not align
- - 0: automatic alignment
- - other values: element width
- @return: 1-ok, 0-failure
- set_array_string(array_id, idx, value)
- Sets the string value of an array element.
- @param array_id: The array ID.
- @param idx: Index of an element.
- @param value: String value to store in the array
- @return: 1 in case of success, 0 otherwise
- set_bmask_cmt(enum_id, bmask, cmt, repeatable)
- Set bitmask comment (only for bitfields)
- @param enum_id: id of enum
- @param bmask: bitmask of the constant
- @param cmt: comment
- repeatable - type of comment, 0-regular, 1-repeatable
- @return: 1-ok, 0-failed
- set_bmask_name(enum_id, bmask, name)
- Set bitmask name (only for bitfields)
- @param enum_id: id of enum
- @param bmask: bitmask of the constant
- @param name: name of bitmask
- @return: 1-ok, 0-failed
- set_bpt_attr(address, bptattr, value)
- modifiable characteristics of a breakpoint
- @param address: any address in the breakpoint range
- @param bptattr: the attribute code, one of BPTATTR_* constants
- BPTATTR_CND is not allowed, see set_bpt_cond()
- @param value: the attibute value
- @return: success
- set_bpt_cond(ea, cnd, is_lowcnd=0)
- Set breakpoint condition
- @param ea: any address in the breakpoint range
- @param cnd: breakpoint condition
- @param is_lowcnd: 0 - regular condition, 1 - low level condition
- @return: success
- set_cmt(ea, comment, rptble)
- Set an indented regular comment of an item
- @param ea: linear address
- @param comment: comment string
- @param rptble: is repeatable?
- @return: None
- set_color(ea, what, color)
- Set item color
- @param ea: address of the item
- @param what: type of the item (one of CIC_* constants)
- @param color: new color code in RGB (hex 0xBBGGRR)
- @return: success (True or False)
- set_debugger_event_cond(cond)
- Set the debugger event condition
- set_debugger_options(opt)
- Get/set debugger options
- @param opt: combination of DOPT_... constants
- @return: old options
- set_default_sreg_value(ea, reg, value)
- Set default segment register value for a segment
- @param ea: any address in the segment
- if no segment is present at the specified address
- then all segments will be affected
- @param reg: name of segment register
- @param value: default value of the segment register. -1-undefined.
- set_enum_bf(enum_id, flag)
- Set bitfield property of enum
- @param enum_id: id of enum
- @param flag: flags
- - 1: convert to bitfield
- - 0: convert to ordinary enum
- @return: 1-ok,0-failed
- set_enum_cmt(enum_id, cmt, repeatable)
- Set comment of enum
- @param enum_id: id of enum
- @param cmt: new comment for the enum
- @param repeatable: is the comment repeatable?
- - 0:set regular comment
- - 1:set repeatable comment
- @return: 1-ok,0-failed
- set_enum_flag(enum_id, flag)
- Set flag of enum
- @param enum_id: id of enum
- @param flag: flags for representation of numeric constants
- in the definition of enum.
- @return: 1-ok,0-failed
- set_enum_idx(enum_id, idx)
- Give another serial number to a enum
- @param enum_id: id of enum
- @param idx: new serial number.
- If another enum with the same serial number
- exists, then all enums with serial
- numbers >= the specified idx get their
- serial numbers incremented (in other words,
- the new enum is put in the middle of the list of enums).
- If idx >= get_enum_qty() then the enum is
- moved to the end of the list of enums.
- @return: comment string
- set_enum_member_cmt(const_id, cmt, repeatable)
- Set a comment of a symbolic constant
- @param const_id: id of const
- @param cmt: new comment for the constant
- @param repeatable: is the comment repeatable?
- 0: set regular comment
- 1: set repeatable comment
- @return: 1-ok, 0-failed
- set_enum_member_name(const_id, name)
- Rename a member of enum - a symbolic constant
- @param const_id: id of const
- @param name: new name of constant
- @return: 1-ok, 0-failed
- set_enum_name(enum_id, name)
- Rename enum
- @param enum_id: id of enum
- @param name: new name of enum
- @return: 1-ok,0-failed
- set_enum_width(enum_id, width)
- Set width of enum elements
- @param enum_id: id of enum
- @param width: element width in bytes (0-unknown)
- @return: 1-ok, 0-failed
- set_fchunk_attr(ea, attr, value)
- Set a function chunk attribute
- @param ea: any address in the chunk
- @param attr: only FUNCATTR_START, FUNCATTR_END, FUNCATTR_OWNER
- @param value: desired value
- @return: 0 if failed, 1 if success
- set_fixup(ea, fixuptype, fixupflags, targetsel, targetoff, displ)
- Set fixup information
- @param ea: address to set fixup information about
- @param fixuptype: fixup type. see get_fixup_target_type()
- for possible fixup types.
- @param fixupflags: fixup flags. see get_fixup_target_flags()
- for possible fixup types.
- @param targetsel: target selector
- @param targetoff: target offset
- @param displ: displacement
- @return: none
- set_flag(off, bit, value)
- #--------------------------------------------------------------------------
- set_frame_size(ea, lvsize, frregs, argsize)
- Make function frame
- @param ea: any address belonging to the function
- @param lvsize: size of function local variables
- @param frregs: size of saved registers
- @param argsize: size of function arguments
- @return: ID of function frame or -1
- If the function did not have a frame, the frame
- will be created. Otherwise the frame will be modified
- set_func_attr(ea, attr, value)
- Set a function attribute
- @param ea: any address belonging to the function
- @param attr: one of FUNCATTR_... constants
- @param value: new value of the attribute
- @return: 1-ok, 0-failed
- set_func_cmt(ea, cmt, repeatable)
- Set function comment
- @param ea: any address belonging to the function
- @param cmt: a function comment line
- @param repeatable: 1: get repeatable comment
- 0: get regular comment
- set_func_end(ea, end)
- Change function end address
- @param ea: any address belonging to the function
- @param end: new function end address
- @return: !=0 - ok
- set_func_flags(ea, flags)
- Change function flags
- @param ea: any address belonging to the function
- @param flags: see get_func_flags() for explanations
- @return: !=0 - ok
- set_hash_long(hash_id, key, value)
- Sets the long value of a hash element.
- @param hash_id: The hash ID.
- @param key: Key of an element.
- @param value: 32bit or 64bit value to store in the hash
- @return: 1 in case of success, 0 otherwise
- set_hash_string(hash_id, key, value)
- Sets the string value of a hash element.
- @param hash_id: The hash ID.
- @param key: Key of an element.
- @param value: string value to store in the hash
- @return: 1 in case of success, 0 otherwise
- set_ida_state(status)
- Change IDA indicator.
- @param status: new status
- @return: the previous status.
- set_inf_attr(offset, value)
- set_local_type(ordinal, input, flags)
- Parse one type declaration and store it in the specified slot
- @param ordinal: slot number (1...NumberOfLocalTypes)
- -1 means allocate new slot or reuse the slot
- of the existing named type
- @param input: C declaration. Empty input empties the slot
- @param flags: combination of PT_... constants or 0
- @return: slot number or 0 if error
- set_manual_insn(ea, insn)
- Specify instruction represenation manually.
- @param ea: linear address
- @param insn: a string represenation of the operand
- @note: IDA will not check the specified instruction, it will simply
- display it instead of the orginal representation.
- set_member_cmt(sid, member_offset, comment, repeatable)
- Change structure member comment
- @param sid: structure type ID
- @param member_offset: offset of the member
- @param comment: new comment of the structure member
- @param repeatable: 1: change repeatable comment
- 0: change regular comment
- @return: != 0 - ok
- set_member_name(sid, member_offset, name)
- Change structure member name
- @param sid: structure type ID
- @param member_offset: offset of the member
- @param name: new name of the member
- @return: != 0 - ok.
- set_member_type(sid, member_offset, flag, typeid, nitems, target=-1, tdelta=0, reftype=2L)
- Change structure member type
- @param sid: structure type ID
- @param member_offset: offset of the member
- @param flag: new type of the member. Should be one of
- FF_BYTE..FF_PACKREAL (see above) combined with FF_DATA
- @param typeid: if isStruc(flag) then typeid specifies the structure id for the member
- if is_off0(flag) then typeid specifies the offset base.
- if is_strlit(flag) then typeid specifies the string type (STRTYPE_...).
- if is_stroff(flag) then typeid specifies the structure id
- if is_enum(flag) then typeid specifies the enum id
- if is_custom(flags) then typeid specifies the dtid and fid: dtid|(fid<<16)
- Otherwise typeid should be -1.
- @param nitems: number of items in the member
- @param target: target address of the offset expr. You may specify it as
- -1, ida will calculate it itself
- @param tdelta: offset target delta. usually 0
- @param reftype: see REF_... definitions
- @note: The remaining arguments are allowed only if is_off0(flag) and you want
- to specify a complex offset expression
- @return: !=0 - ok.
- set_name(ea, name, flags=0)
- Rename an address
- @param ea: linear address
- @param name: new name of address. If name == "", then delete old name
- @param flags: combination of SN_... constants
- @return: 1-ok, 0-failure
- set_processor_type(processor, level)
- Change current processor
- @param processor: name of processor in short form.
- run 'ida ?' to get list of allowed processor types
- @param level: the request leve:
- - SETPROC_IDB set processor type for old idb
- - SETPROC_LOADER set processor type for new idb;
- if the user has specified a compatible processor,
- return success without changing it.
- if failure, call loader_failure()
- - SETPROC_LOADER_NON_FATAL
- the same as SETPROC_LOADER but non-fatal failures
- - SETPROC_USER set user-specified processor
- used for -p and manual processor change at later time
- set_reg_value(value, name)
- Set register value
- @param name: the register name
- @param value: new register value
- @note: The debugger should be running
- It is not necessary to use this function to set register values.
- A register name in the left side of an assignment will do too.
- set_remote_debugger(hostname, password, portnum)
- Set remote debugging options
- @param hostname: remote host name or address if empty, revert to local debugger
- @param password: password for the debugger server
- @param portnum: port number to connect (-1: don't change)
- @return: nothing
- set_root_filename(path)
- Set input file name
- This function updates the file name that is stored in the database
- It is used by the debugger and other parts of IDA
- Use it when the database is moved to another location or when you
- use remote debugging.
- @param path: new input file path
- set_segm_addressing(ea, bitness)
- Change segment addressing
- @param ea: any address in the segment
- @param bitness: 0: 16bit, 1: 32bit, 2: 64bit
- @return: success (boolean)
- set_segm_alignment(ea, alignment)
- Change alignment of the segment
- @param ea: any address in the segment
- @param alignment: new alignment of the segment (one of the sa... constants)
- @return: success (boolean)
- set_segm_attr(segea, attr, value)
- Set segment attribute
- @param segea: any address within segment
- @param attr: one of SEGATTR_... constants
- @note: Please note that not all segment attributes are modifiable.
- Also some of them should be modified using special functions
- like set_segm_addressing, etc.
- set_segm_class(ea, segclass)
- Change class of the segment
- @param ea: any address in the segment
- @param segclass: new class of the segment
- @return: success (boolean)
- set_segm_combination(segea, comb)
- Change combination of the segment
- @param segea: any address in the segment
- @param comb: new combination of the segment (one of the sc... constants)
- @return: success (boolean)
- set_segm_name(ea, name)
- Change name of the segment
- @param ea: any address in the segment
- @param name: new name of the segment
- @return: success (boolean)
- set_segm_type(segea, segtype)
- Set segment type
- @param segea: any address within segment
- @param segtype: new segment type:
- @return: !=0 - ok
- set_segment_bounds(ea, startea, endea, flags)
- Change segment boundaries
- @param ea: any address in the segment
- @param startea: new start address of the segment
- @param endea: new end address of the segment
- @param flags: combination of SEGMOD_... flags
- @return: boolean success
- set_selector(sel, value)
- Set a selector value
- @param sel: the selector number
- @param value: value of selector
- @return: None
- @note: ida supports up to 4096 selectors.
- if 'sel' == 'val' then the selector is destroyed because
- it has no significance
- set_source_linnum(ea, lnnum)
- Set source line number
- @param ea: linear address
- @param lnnum: number of line in the source file
- @return: None
- set_step_trace_options(options)
- Set step current tracing options.
- @param options: combination of ST_... constants
- set_storage_type(start_ea, end_ea, stt)
- Set storage type
- @param start_ea: starting address
- @param end_ea: ending address
- @param stt: new storage type, one of STT_VA and STT_MM
- @returns: 0 - ok, otherwise internal error code
- set_struc_cmt(sid, comment, repeatable)
- Change structure comment
- @param sid: structure type ID
- @param comment: new comment of the structure
- @param repeatable: 1: change repeatable comment
- 0: change regular comment
- @return: != 0 - ok
- set_struc_idx(sid, index)
- Change structure index
- @param sid: structure type ID
- @param index: new index of the structure
- @return: != 0 - ok
- @note: See get_first_struc_idx() for the explanation of
- structure indices and IDs.
- set_struc_name(sid, name)
- Change structure name
- @param sid: structure type ID
- @param name: new name of the structure
- @return: != 0 - ok
- set_tail_owner(tailea, funcea)
- Change the function chunk owner
- @param tailea: any address in the function chunk
- @param funcea: the starting address of the new owner
- @return: False if failed, True if success
- @note: The new owner must already have the chunk appended before the call
- set_target_assembler(asmidx)
- Set target assembler
- @param asmidx: index of the target assembler in the array of
- assemblers for the current processor.
- @return: 1-ok, 0-failed
- set_trace_file_desc(filename, description)
- Update the trace description of the given binary trace file
- @param filename: trace file
- @description: trace description
- split_sreg_range(ea, reg, value, tag=2)
- Set value of a segment register.
- @param ea: linear address
- @param reg: name of a register, like "cs", "ds", "es", etc.
- @param value: new value of the segment register.
- @param tag: of SR_... constants
- @note: IDA keeps tracks of all the points where segment register change their
- values. This function allows you to specify the correct value of a segment
- register if IDA is not able to find the corrent value.
- start_process(path, args, sdir)
- Launch the debugger
- @param path: path to the executable file.
- @param args: command line arguments
- @param sdir: initial directory for the process
- @return: -1-failed, 0-cancelled by the user, 1-ok
- @note: For all args: if empty, the default value from the database will be used
- See the important note to the step_into() function
- step_into()
- Execute one instruction in the current thread.
- Other threads are kept suspended.
- @return: success
- @note: You must call wait_for_next_event() after this call
- in order to find out what happened. Normally you will
- get the STEP event but other events are possible (for example,
- an exception might occur or the process might exit).
- This remark applies to all execution control functions.
- The event codes depend on the issued command.
- step_over()
- Execute one instruction in the current thread,
- but without entering into functions
- Others threads keep suspended.
- See the important note to the step_into() function
- @return: success
- step_until_ret()
- Execute instructions in the current thread until
- a function return instruction is reached.
- Other threads are kept suspended.
- See the important note to the step_into() function
- @return: success
- strlen(s)
- strstr(s1, s2)
- substr(s, x1, x2)
- suspend_process()
- Suspend the running process
- Tries to suspend the process. If successful, the PROCESS_SUSPEND
- debug event will arrive (see wait_for_next_event)
- @return: success
- @note: To resume a suspended process use the wait_for_next_event function.
- See the important note to the step_into() function
- suspend_thread(tid)
- Suspend thread
- @param tid: thread id
- @return: -1:network error, 0-failed, 1-ok
- @note: Suspending a thread may deadlock the whole application if the suspended
- was owning some synchronization objects.
- take_memory_snapshot(only_loader_segs)
- Take memory snapshot of the debugged process
- @param only_loader_segs: 0-copy all segments to idb
- 1-copy only SFL_LOADER segments
- to_ea(seg, off)
- Return value of expression: ((seg<<4) + off)
- toggle_bnot(ea, n)
- Toggle the bitwise not operator for the operand
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- toggle_sign(ea, n)
- Change sign of the operand
- @param ea: linear address
- @param n: number of operand
- - 0 - the first operand
- - 1 - the second, third and all other operands
- - -1 - all operands
- update_extra_cmt(ea, n, line)
- Set or update extra comment line
- @param ea: linear address
- @param n: number of additional line (0..MAX_ITEM_LINES)
- @param line: the line to display
- @return: None
- @note: IDA displays additional lines from number 0 up to the first unexisting
- additional line. So, if you specify additional line #150 and there is no
- additional line #149, your line will not be displayed. MAX_ITEM_LINES is
- defined in IDA.CFG
- To set anterior line #n use (E_PREV + n)
- To set posterior line #n use (E_NEXT + n)
- update_hidden_range(ea, visible)
- Set hidden range state
- @param ea: any address belonging to the hidden range
- @param visible: new state of the range
- @return: != 0 - ok
- validate_idb_names()
- check consistency of IDB name records
- @return: number of inconsistent name records
- value_is_float(var)
- value_is_func(var)
- value_is_int64(var)
- value_is_long(var)
- value_is_pvoid(var)
- value_is_string(var)
- # List of built-in functions
- # --------------------------
- #
- # The following conventions are used in this list:
- # 'ea' is a linear address
- # 'success' is 0 if a function failed, 1 otherwise
- # 'void' means that function returns no meaningful value (always 0)
- #
- # All function parameter conversions are made automatically.
- #
- # ----------------------------------------------------------------------------
- # M I S C E L L A N E O U S
- # ----------------------------------------------------------------------------
- wait_for_next_event(wfne, timeout)
- Wait for the next event
- This function (optionally) resumes the process
- execution and wait for a debugger event until timeout
- @param wfne: combination of WFNE_... constants
- @param timeout: number of seconds to wait, -1-infinity
- @return: debugger event codes, see below
- warning(message)
- Display a message in a message box
- @param message: message to print (formatting is done in Python)
- This function can be used to debug IDC scripts
- The user will be able to hide messages if they appear twice in a row on
- the screen
- write_dbg_memory(ea, data)
- Write to debugger memory.
- @param ea: linear address
- @param data: string to write
- @return: number of written bytes (-1 - network/debugger error)
- Thread-safe function (may be called only from the main thread and debthread)
- writelong(handle, dword, mostfirst)
- writeshort(handle, word, mostfirst)
- writestr(handle, s)
- xtol(s)
- DATA
- ABI_8ALIGN4 = 1
- ABI_BIGARG_ALIGN = 4
- ABI_HARD_FLOAT = 32
- ABI_PACK_STKARGS = 2
- ABI_SET_BY_USER = 64
- ABI_STACK_LDBL = 8
- ABI_STACK_VARARGS = 16
- ADDSEG_FILLGAP = 16
- ADDSEG_NOSREG = 1
- ADDSEG_NOTRUNC = 4
- ADDSEG_OR_DIE = 2
- ADDSEG_QUIET = 8
- ADDSEG_SPARSE = 32
- AF2_ANORET = 16384
- AF2_CHKUNI = 262144
- AF2_DATOFF = 4194304
- AF2_DOCODE = 1073741824
- AF2_DODATA = 536870912
- AF2_DOEH = 1
- AF2_FTAIL = 256
- AF2_HFLIRT = 67108864
- AF2_JUMPTBL = 4
- AF2_PURDAT = 8
- AF2_REGARG = 2048
- AF2_SIGCMT = 16777216
- AF2_SIGMLT = 33554432
- AF2_STKARG = 1024
- AF2_TRFUNC = 65536
- AF2_VERSP = 8192
- AF_ANORET = 16384
- AF_ASCII = 131072
- AF_CHKUNI = 262144
- AF_CODE = 1
- AF_DATOFF = 4194304
- AF_DOCODE = 1073741824
- AF_DODATA = 536870912
- AF_DREFOFF = 1048576
- AF_FINAL = 2147483648L
- AF_FIXUP = 524288
- AF_FLIRT = 8388608
- AF_FTAIL = 256
- AF_HFLIRT = 67108864
- AF_IMMOFF = 2097152
- AF_JFUNC = 134217728
- AF_JUMPTBL = 4
- AF_LVAR = 512
- AF_MARKCODE = 2
- AF_MEMFUNC = 32768
- AF_NULLSUB = 268435456
- AF_PROC = 128
- AF_PROCPTR = 64
- AF_PURDAT = 8
- AF_REGARG = 2048
- AF_SIGCMT = 16777216
- AF_SIGMLT = 33554432
- AF_STKARG = 1024
- AF_STRLIT = 131072
- AF_TRACE = 4096
- AF_TRFUNC = 65536
- AF_UNK = 32
- AF_USED = 16
- AF_VERSP = 8192
- APPT_16BIT = 128
- APPT_1THREAD = 32
- APPT_32BIT = 256
- APPT_CONSOLE = 1
- APPT_DRIVER = 16
- APPT_GRAPHIC = 2
- APPT_LIBRARY = 8
- APPT_MTHREAD = 64
- APPT_PROGRAM = 4
- AP_ALLOWDUPS = 1L
- AP_ARRAY = 8L
- AP_IDXBASEMASK = 240L
- AP_IDXBIN = 48L
- AP_IDXDEC = 0L
- AP_IDXHEX = 16L
- AP_IDXOCT = 32L
- AP_INDEX = 4L
- AP_SIGNED = 2L
- ARGV = []
- AR_LONG = 65L
- AR_STR = 83L
- ASCF_AUTO = 2
- ASCF_COMMENT = 16
- ASCF_GEN = 1
- ASCF_SAVECASE = 32
- ASCF_SERIAL = 4
- ASCSTR_C = 0
- ASCSTR_LEN2 = 1
- ASCSTR_LEN4 = 2
- ASCSTR_PASCAL = 4
- ASCSTR_TERMCHR = 0
- ASCSTR_ULEN2 = 9
- ASCSTR_ULEN4 = 13
- ASCSTR_UNICODE = 1
- AU_CODE = 20
- AU_FINAL = 200
- AU_LIBF = 60
- AU_PROC = 30
- AU_UNK = 10
- AU_USED = 40
- BADADDR = 18446744073709551615L
- BADSEL = 18446744073709551615L
- BPLT_ABS = 0
- BPLT_REL = 1
- BPLT_SYM = 2
- BPTATTR_COND = 6
- BPTATTR_COUNT = 4
- BPTATTR_EA = 1
- BPTATTR_FLAGS = 5
- BPTATTR_SIZE = 2
- BPTATTR_TYPE = 3
- BPTCK_ACT = 2
- BPTCK_NO = 0
- BPTCK_NONE = -1
- BPTCK_YES = 1
- BPT_BRK = 1
- BPT_DEFAULT = 12
- BPT_ENABLED = 8
- BPT_EXEC = 8
- BPT_LOWCND = 16
- BPT_RDWR = 3
- BPT_SOFT = 4
- BPT_TRACE = 2
- BPT_TRACEON = 32
- BPT_TRACE_BBLK = 256
- BPT_TRACE_FUNC = 128
- BPT_TRACE_INSN = 64
- BPT_UPDMEM = 4
- BPT_WRITE = 1
- BPU_1B = 1
- BPU_2B = 2
- BPU_4B = 4
- BREAKPOINT = 16
- CHART_GEN_GDL = 16384
- CHART_NOLIBFUNCS = 1024
- CHART_PRINT_NAMES = 4096
- CHART_WINGRAPH = 32768
- CIC_FUNC = 2
- CIC_ITEM = 1
- CIC_SEGM = 3
- COMP_BC = 2
- COMP_BP = 8
- COMP_GNU = 6
- COMP_MASK = 15
- COMP_MS = 1
- COMP_UNK = 0
- COMP_VISAGE = 7
- COMP_WATCOM = 3
- DBFL_BAK = 4
- DBG_ERROR = -1
- DBG_TIMEOUT = 0
- DEFCOLOR = 4294967295L
- DELIT_DELNAMES = 2
- DELIT_EXPAND = 1
- DELIT_SIMPLE = 0
- DEMNAM_CMNT = 0
- DEMNAM_FIRST = 8
- DEMNAM_GCC3 = 4
- DEMNAM_NAME = 1
- DEMNAM_NONE = 2
- DOPT_BPT_MSGS = 16
- DOPT_ENTRY_BPT = 4096
- DOPT_EXCDLG = 24576
- DOPT_INFO_BPT = 512
- DOPT_INFO_MSGS = 256
- DOPT_LIB_BPT = 128
- DOPT_LIB_MSGS = 64
- DOPT_LOAD_DINFO = 32768
- DOPT_REAL_MEMORY = 1024
- DOPT_REDO_STACK = 2048
- DOPT_SEGM_MSGS = 1
- DOPT_START_BPT = 2
- DOPT_THREAD_BPT = 8
- DOPT_THREAD_MSGS = 4
- DOUNK_DELNAMES = 2
- DOUNK_EXPAND = 1
- DOUNK_SIMPLE = 0
- DSTATE_NOTASK = 0
- DSTATE_RUN = 1
- DSTATE_RUN_WAIT_ATTACH = 2
- DSTATE_RUN_WAIT_END = 3
- DSTATE_SUSP = -1
- DT_TYPE = 4026531840L
- ENUM_MEMBER_ERROR_ENUM = 3
- ENUM_MEMBER_ERROR_ILLV = 5
- ENUM_MEMBER_ERROR_MASK = 4
- ENUM_MEMBER_ERROR_NAME = 1
- ENUM_MEMBER_ERROR_VALUE = 2
- EXCDLG_ALWAYS = 24576
- EXCDLG_NEVER = 0
- EXCDLG_UNKNOWN = 8192
- EXCEPTION = 64
- EXC_BREAK = 1
- EXC_HANDLE = 2
- E_NEXT = 2000
- E_PREV = 1000
- FF_0CHAR = 3145728L
- FF_0ENUM = 8388608L
- FF_0FOP = 9437184L
- FF_0NUMB = 6291456L
- FF_0NUMD = 2097152L
- FF_0NUMH = 1048576L
- FF_0NUMO = 7340032L
- FF_0OFF = 5242880L
- FF_0SEG = 4194304L
- FF_0STK = 11534336L
- FF_0STRO = 10485760L
- FF_0VOID = 0L
- FF_1CHAR = 50331648L
- FF_1ENUM = 134217728L
- FF_1FOP = 150994944L
- FF_1NUMB = 100663296L
- FF_1NUMD = 33554432L
- FF_1NUMH = 16777216L
- FF_1NUMO = 117440512L
- FF_1OFF = 83886080L
- FF_1SEG = 67108864L
- FF_1STK = 184549376L
- FF_1STRO = 167772160L
- FF_1VOID = 0L
- FF_ALIGN = 2952790016L
- FF_ANYNAME = 49152
- FF_ASCI = 1342177280L
- FF_BYTE = 0L
- FF_CODE = 1536L
- FF_COMM = 2048
- FF_DATA = 1024L
- FF_DOUBLE = 2415919104L
- FF_DWORD = 536870912L
- FF_DWRD = 536870912L
- FF_FLOAT = 2147483648L
- FF_FLOW = 65536
- FF_FUNC = 268435456L
- FF_IMMD = 1073741824L
- FF_IVL = 256L
- FF_JUMP = 2147483648L
- FF_LABL = 32768
- FF_LINE = 8192
- FF_NAME = 16384
- FF_OWORD = 1879048192L
- FF_OWRD = 1879048192L
- FF_PACKREAL = 2684354560L
- FF_QWORD = 805306368L
- FF_QWRD = 805306368L
- FF_REF = 4096
- FF_STRLIT = 1342177280L
- FF_STRU = 1610612736L
- FF_STRUCT = 1610612736L
- FF_TAIL = 512L
- FF_TBYT = 1073741824L
- FF_TBYTE = 1073741824L
- FF_UNK = 0L
- FF_VAR = 524288
- FF_WORD = 268435456L
- FIXUPF_CREATED = 8
- FIXUPF_EXTDEF = 2
- FIXUPF_REL = 1
- FIXUPF_UNUSED = 4
- FIXUP_BYTE = 13
- FIXUP_CREATED = 8
- FIXUP_CUSTOM = 32768
- FIXUP_EXTDEF = 2
- FIXUP_HI16 = 7
- FIXUP_HI8 = 6
- FIXUP_LOW16 = 9
- FIXUP_LOW8 = 8
- FIXUP_OFF16 = 1
- FIXUP_OFF32 = 4
- FIXUP_OFF64 = 12
- FIXUP_OFF8 = 13
- FIXUP_PTR32 = 3
- FIXUP_PTR48 = 5
- FIXUP_REL = 1
- FIXUP_SEG16 = 2
- FIXUP_SELFREL = 0
- FIXUP_UNUSED = 4
- FT_AIXAR = 24
- FT_AOUT = 20
- FT_AR = 16
- FT_BIN = 2
- FT_COFF = 10
- FT_COM = 23
- FT_COM_OLD = 1
- FT_DRV = 3
- FT_ELF = 18
- FT_EXE = 22
- FT_EXE_OLD = 0
- FT_HEX = 5
- FT_LE = 8
- FT_LOADER = 17
- FT_LX = 7
- FT_MACHO = 25
- FT_MEX = 6
- FT_NLM = 9
- FT_OMF = 12
- FT_OMFLIB = 15
- FT_PE = 11
- FT_PRC = 21
- FT_SREC = 13
- FT_W32RUN = 19
- FT_WIN = 4
- FT_ZIP = 14
- FUNCATTR_ARGSIZE = 48
- FUNCATTR_COLOR = 64
- FUNCATTR_END = 8
- FUNCATTR_FLAGS = 16
- FUNCATTR_FPD = 56
- FUNCATTR_FRAME = 24
- FUNCATTR_FRREGS = 40
- FUNCATTR_FRSIZE = 32
- FUNCATTR_OWNER = 24
- FUNCATTR_REFQTY = 32
- FUNCATTR_START = 0
- FUNC_BOTTOMBP = 256
- FUNC_FAR = 2
- FUNC_FRAME = 16
- FUNC_HIDDEN = 64
- FUNC_LIB = 4
- FUNC_NORET = 1
- FUNC_NORET_PENDING = 512
- FUNC_PURGED_OK = 16384
- FUNC_SP_READY = 1024
- FUNC_STATIC = 8
- FUNC_TAIL = 32768
- FUNC_THUNK = 128
- FUNC_USERFAR = 32
- GENDSM_FORCE_CODE = 1
- GENDSM_MULTI_LINE = 2
- GENFLG_ASMINC = 64
- GENFLG_ASMTYPE = 16
- GENFLG_GENHTML = 32
- GENFLG_IDCTYPE = 8
- GENFLG_MAPDMNG = 4
- GENFLG_MAPLOC = 8
- GENFLG_MAPNAME = 2
- GENFLG_MAPSEG = 1
- GN_COLORED = 2
- GN_DEMANGLED = 4
- GN_ISRET = 128
- GN_LOCAL = 64
- GN_LONG = 32
- GN_NOT_ISRET = 256
- GN_SHORT = 16
- GN_STRICT = 8
- GN_VISIBLE = 1
- IDA_STATUS_READY = 0
- IDA_STATUS_THINKING = 1
- IDA_STATUS_WAITING = 2
- IDA_STATUS_WORK = 3
- IDCHK_ARG = -1
- IDCHK_KEY = -2
- IDCHK_MAX = -3
- IDCHK_OK = 0
- INFFL_ALLASM = 2
- INFFL_AUTO = 1
- INFFL_CHKOPS = 32
- INFFL_GRAPH_VIEW = 128
- INFFL_LOADIDC = 4
- INFFL_NMOPS = 64
- INFFL_NOUSER = 8
- INFFL_READONLY = 16
- INFORMATION = 512
- INF_ABIBITS = 268
- INF_AF = 40
- INF_AF2 = 44
- INF_APPCALL_OPTIONS = 272
- INF_APPTYPE = 36
- INF_ASMTYPE = 38
- INF_BASEADDR = 48
- INF_BINPREF = 214
- INF_BORDER = 213
- INF_CHANGE_COUNTER = 28
- INF_CMTFLAG = 212
- INF_COMMENT = 203
- INF_COMPILER = 256
- INF_DATATYPES = 248
- INF_DEMNAMES = 200
- INF_END_PRIVRANGE = 168
- INF_FILETYPE = 32
- INF_GENFLAGS = 22
- INF_HIGH_OFF = 144
- INF_INDENT = 202
- INF_LENXREF = 206
- INF_LFLAGS = 24
- INF_LISTNAMES = 201
- INF_LONG_DN = 196
- INF_LOW_OFF = 136
- INF_MAIN = 96
- INF_MARGIN = 204
- INF_MAXREF = 152
- INF_MAX_AUTONAME_LEN = 188
- INF_MAX_EA = 112
- INF_MIN_EA = 104
- INF_MODEL = 257
- INF_NAMELEN = 188
- INF_NAMETYPE = 190
- INF_NETDELTA = 176
- INF_OMAX_EA = 128
- INF_OMIN_EA = 120
- INF_OSTYPE = 34
- INF_OUTFLAGS = 208
- INF_PREFFLAG = 216
- INF_PROCNAME = 6
- INF_REFCMTS = 186
- INF_SHORT_DN = 192
- INF_SIZEOF_ALGN = 261
- INF_SIZEOF_BOOL = 259
- INF_SIZEOF_ENUM = 260
- INF_SIZEOF_INT = 258
- INF_SIZEOF_LDBL = 265
- INF_SIZEOF_LLONG = 264
- INF_SIZEOF_LONG = 263
- INF_SIZEOF_SHORT = 262
- INF_SPECSEGS = 39
- INF_START_CS = 64
- INF_START_EA = 80
- INF_START_IP = 72
- INF_START_PRIVRANGE = 160
- INF_START_SP = 88
- INF_START_SS = 56
- INF_STRLIT_BREAK = 218
- INF_STRLIT_FLAGS = 217
- INF_STRLIT_PREF = 224
- INF_STRLIT_SERNUM = 240
- INF_STRLIT_ZEROES = 219
- INF_STRTYPE = 220
- INF_TYPE_XREFS = 185
- INF_VERSION = 4
- INF_XREFNUM = 184
- INF_XREFS = 187
- LFLG_64BIT = 4
- LFLG_COMPRESS = 1024
- LFLG_DBG_NOPATH = 128
- LFLG_FLAT_OFF32 = 16
- LFLG_IS_DLL = 8
- LFLG_KERNMODE = 2048
- LFLG_MSF = 32
- LFLG_PACK = 512
- LFLG_PC_FLAT = 2
- LFLG_PC_FPP = 1
- LFLG_SNAPSHOT = 256
- LFLG_WIDE_HBF = 64
- LIBRARY_LOAD = 128
- LIBRARY_UNLOAD = 256
- LN_AUTO = 4
- LN_NORMAL = 1
- LN_PUBLIC = 2
- LN_WEAK = 8
- MAXADDR = 18374686479671623680L
- MOVE_SEGM_CHUNK = -4
- MOVE_SEGM_IDP = -3
- MOVE_SEGM_LOADER = -5
- MOVE_SEGM_ODD = -6
- MOVE_SEGM_OK = 0
- MOVE_SEGM_PARAM = -1
- MOVE_SEGM_ROOM = -2
- MSF_FIXONCE = 8
- MSF_LDKEEP = 4
- MSF_NOFIX = 2
- MSF_SILENT = 1
- MS_0TYPE = 15728640L
- MS_1TYPE = 251658240L
- MS_CLS = 1536L
- MS_CODE = 4026531840L
- MS_COMM = 1046528
- MS_VAL = 255L
- NEF_CODE = 256
- NEF_FILL = 16
- NEF_FIRST = 128
- NEF_FLAT = 1024
- NEF_IMPS = 32
- NEF_MAN = 8
- NEF_NAME = 4
- NEF_RELOAD = 512
- NEF_RSCS = 2
- NEF_SEGS = 1
- NM_EA = 6
- NM_EA4 = 7
- NM_EA8 = 8
- NM_NAM_EA = 5
- NM_NAM_OFF = 2
- NM_PTR_EA = 4
- NM_PTR_OFF = 1
- NM_REL_EA = 3
- NM_REL_OFF = 0
- NM_SERIAL = 10
- NM_SHORT = 9
- NOTASK = -2
- OFILE_ASM = 4
- OFILE_DIF = 5
- OFILE_EXE = 1
- OFILE_IDC = 2
- OFILE_LST = 3
- OFILE_MAP = 0
- OFLG_GEN_ASSUME = 512
- OFLG_GEN_NULL = 16
- OFLG_GEN_ORG = 256
- OFLG_GEN_TRYBLKS = 1024
- OFLG_LZERO = 128
- OFLG_PREF_SEG = 64
- OFLG_SHOW_AUTO = 4
- OFLG_SHOW_PREF = 32
- OFLG_SHOW_VOID = 2
- OPND_OUTER = 128
- OSTYPE_MSDOS = 1
- OSTYPE_NETW = 8
- OSTYPE_OS2 = 4
- OSTYPE_WIN = 2
- PDF_DEF_BASE = 4
- PDF_DEF_FWD = 2
- PDF_HEADER_CMT = 8
- PDF_INCL_DEPS = 1
- PREF_FNCOFF = 2
- PREF_SEGADR = 1
- PREF_STACK = 4
- PROCESS_ATTACH = 4096
- PROCESS_DETACH = 8192
- PROCESS_EXIT = 2
- PROCESS_START = 1
- PROCESS_SUSPEND = 16384
- PRTYPE_1LINE = 0
- PRTYPE_MULTI = 1
- PRTYPE_PRAGMA = 4
- PRTYPE_TYPE = 2
- PT_FILE = 1
- PT_HIGH = 128
- PT_LOWER = 256
- PT_PAK1 = 16
- PT_PAK16 = 80
- PT_PAK2 = 32
- PT_PAK4 = 48
- PT_PAK8 = 64
- PT_PAKDEF = 0
- PT_SILENT = 2
- REFINFO_NOBASE = 128
- REFINFO_PASTEND = 32
- REFINFO_RVA = 16
- REFINFO_SIGNEDOP = 512
- REFINFO_SUBTRACT = 256
- REF_HIGH16 = 6L
- REF_HIGH8 = 5L
- REF_LOW16 = 4L
- REF_LOW8 = 3L
- REF_OFF16 = 1L
- REF_OFF32 = 2L
- REF_OFF64 = 9L
- REF_OFF8 = 10L
- REF_VHIGH = 7L
- REF_VLOW = 8L
- SEARCH_CASE = 4
- SEARCH_DOWN = 1
- SEARCH_NEXT = 2
- SEARCH_NOBRK = 16
- SEARCH_NOSHOW = 32
- SEARCH_REGEX = 8
- SEARCH_UP = 0
- SEGATTR_ALIGN = 40
- SEGATTR_BITNESS = 43
- SEGATTR_COLOR = 188
- SEGATTR_COMB = 41
- SEGATTR_CS = 64
- SEGATTR_DS = 80
- SEGATTR_END = 8
- SEGATTR_ES = 56
- SEGATTR_FLAGS = 44
- SEGATTR_FS = 88
- SEGATTR_GS = 96
- SEGATTR_ORGBASE = 32
- SEGATTR_PERM = 42
- SEGATTR_SEL = 48
- SEGATTR_SS = 72
- SEGATTR_START = 0
- SEGATTR_TYPE = 184
- SEGDEL_KEEP = 2
- SEGDEL_PERM = 1
- SEGDEL_SILENT = 4
- SEGMOD_KEEP = 2
- SEGMOD_KILL = 1
- SEGMOD_SILENT = 4
- SEG_ABSSYM = 10
- SEG_BSS = 9
- SEG_CODE = 2
- SEG_COMM = 11
- SEG_DATA = 3
- SEG_GRP = 6
- SEG_IMEM = 12
- SEG_IMP = 4
- SEG_NORM = 0
- SEG_NULL = 7
- SEG_UNDF = 8
- SEG_XTRN = 1
- SETPROC_ALL = 2
- SETPROC_COMPAT = 0
- SETPROC_FATAL = 1
- SETPROC_IDB = 0
- SETPROC_LOADER = 1
- SETPROC_LOADER_NON_FATAL = 2
- SETPROC_USER = 3
- SFL_COMORG = 1
- SFL_DEBUG = 8
- SFL_HIDDEN = 4
- SFL_HIDETYPE = 32
- SFL_LOADER = 16
- SFL_OBOK = 2
- SIZE_MAX = 18446744073709551615L
- SN_AUTO = 32
- SN_CHECK = 0
- SN_LOCAL = 512
- SN_NOCHECK = 1
- SN_NOLIST = 128
- SN_NON_AUTO = 64
- SN_NON_PUBLIC = 4
- SN_NON_WEAK = 16
- SN_NOWARN = 256
- SN_PUBLIC = 2
- SN_WEAK = 8
- SR_auto = 3
- SR_autostart = 4
- SR_inherit = 1
- SR_user = 2
- STEP = 32
- STRF_AUTO = 2
- STRF_COMMENT = 16
- STRF_GEN = 1
- STRF_SAVECASE = 32
- STRF_SERIAL = 4
- STRLYT_PASCAL1 = 1
- STRLYT_PASCAL2 = 2
- STRLYT_PASCAL4 = 3
- STRLYT_SHIFT = 6
- STRLYT_TERMCHR = 0
- STRTYPE_C = 0
- STRTYPE_C16 = 1
- STRTYPE_C_16 = 1
- STRTYPE_C_32 = 2
- STRTYPE_LEN2 = 128
- STRTYPE_LEN2_16 = 129
- STRTYPE_LEN4 = 192
- STRTYPE_LEN4_16 = 193
- STRTYPE_PASCAL = 64
- STRTYPE_PASCAL_16 = 65
- STRTYPE_TERMCHR = 0
- STRUC_ERROR_MEMBER_NAME = -1
- STRUC_ERROR_MEMBER_OFFSET = -2
- STRUC_ERROR_MEMBER_SIZE = -3
- STRUC_ERROR_MEMBER_STRUCT = -5
- STRUC_ERROR_MEMBER_TINFO = -4
- STRUC_ERROR_MEMBER_UNIVAR = -6
- STRUC_ERROR_MEMBER_VARLAST = -7
- STRWIDTH_1B = 0
- STRWIDTH_2B = 1
- STRWIDTH_4B = 2
- STT_MM = 1
- STT_VA = 0
- ST_ALREADY_LOGGED = 4
- ST_OVER_DEBUG_SEG = 1
- ST_OVER_LIB_FUNC = 2
- ST_SKIP_LOOPS = 8
- SW_ALLCMT = 2
- SW_LINNUM = 8
- SW_NOCMT = 4
- SW_RPTCMT = 1
- SW_SEGXRF = 1
- SW_XRFFNC = 4
- SW_XRFMRK = 2
- SW_XRFVAL = 8
- SYSCALL = 1024
- TEV_BPT = 4
- TEV_CALL = 2
- TEV_EVENT = 6
- TEV_INSN = 1
- TEV_MEM = 5
- TEV_NONE = 0
- TEV_RET = 3
- THREAD_EXIT = 8
- THREAD_START = 4
- TINFO_DEFINITE = 1
- TINFO_DELAYFUNC = 2
- TINFO_GUESSED = 0
- TRACE_FUNC = 2
- TRACE_INSN = 1
- TRACE_STEP = 0
- UTP_ENUM = 0
- UTP_STRUCT = 1
- WFNE_ANY = 1
- WFNE_CONT = 8
- WFNE_NOWAIT = 16
- WFNE_SILENT = 4
- WFNE_SUSP = 2
- WINMESSAGE = 2048
- WORDMASK = 18446744073709551615L
- XREF_USER = 32
- __EA64__ = True
- __X64__ = True
- dr_I = 5
- dr_O = 1
- dr_R = 3
- dr_T = 4
- dr_W = 2
- fl_CF = 16
- fl_CN = 17
- fl_F = 21
- fl_JF = 18
- fl_JN = 19
- o_cond = 14L
- o_crb = 12L
- o_creg = 11L
- o_creglist = 10L
- o_crf = 11L
- o_crreg = 10L
- o_dbreg = 9L
- o_dcr = 13L
- o_displ = 4L
- o_far = 6L
- o_fpreg = 11L
- o_fpreglist = 12L
- o_idpspec0 = 8L
- o_idpspec1 = 9L
- o_idpspec2 = 10L
- o_idpspec3 = 11L
- o_idpspec4 = 12L
- o_idpspec5 = 13L
- o_imm = 5L
- o_mem = 2L
- o_mmxreg = 12L
- o_near = 7L
- o_phrase = 3L
- o_reg = 1L
- o_reglist = 9L
- o_shmbme = 10L
- o_spr = 8L
- o_text = 13L
- o_trreg = 8L
- o_twofpr = 9L
- o_void = 0L
- o_xmmreg = 13L
- saAbs = 0
- saGroup = 7
- saRel32Bytes = 8
- saRel4K = 6
- saRel64Bytes = 9
- saRelByte = 1
- saRelDble = 5
- saRelPage = 4
- saRelPara = 3
- saRelQword = 10
- saRelWord = 2
- scCommon = 6
- scPriv = 0
- scPub = 2
- scPub2 = 4
- scPub3 = 7
- scStack = 5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
