Module ida_auto

IDA Plugin SDK API wrapper: auto

Classes
	auto_display_t Proxy of C++ auto_display_t class.

Functions

auto_apply_tail(tail_ea, parent_ea)
Plan to apply the tail_ea chunk to the parent

auto_apply_type(caller, callee)
Plan to apply the callee's type to the calling point.

auto_cancel(ea1, ea2)
Remove an address range (ea1..ea2) from queues 'AU_CODE' , 'AU_PROC' , 'AU_USED' .

ea_t

auto_get(type, lowEA, highEA)
Retrieve an address from queues regarding their priority.

bool

auto_is_ok()
Are all queues empty? (i.e.

auto_make_code(ea)
Plan to make code.

auto_make_proc(ea)
Plan to make code&function.

auto_mark(ea, type)
Put single address into a queue.

auto_mark_range(start, end, type)
Put range of addresses into a queue.

int

auto_recreate_insn(ea)
Try to create instruction

auto_unmark(start, end, type)
Remove range of addresses from a queue.

bool

auto_wait()
Process everything in the queues and return true.

ssize_t

auto_wait_range(ea1, ea2)
Process everything in the specified range and return true.

bool

enable_auto(enable)
Temporarily enable/disable autoanalyzer.

get_auto_display(auto_display)
Get structure which holds the autoanalysis indicator contents.

atype_t

get_auto_state()
Get current state of autoanalyzer.

bool

is_auto_enabled()
Get autoanalyzer state.

bool

may_create_stkvars()
Is it allowed to create stack variables automatically?.

bool

may_trace_sp()
Is it allowed to trace stack pointer automatically?.

ea_t

peek_auto_queue(low_ea, type)
Peek into a queue 'type' for an address not lower than 'low_ea'.

int

plan_and_wait(ea1, ea2, final_pass=True)
Analyze the specified range.

plan_ea(ea)
Plan to perform reanalysis.

plan_range(sEA, eEA)
Plan to perform reanalysis.

reanalyze_callers(ea, noret)
Plan to reanalyze callers of the specified address.

revert_ida_decisions(ea1, ea2)
Delete all analysis info that IDA generated for for the given range.

atype_t

set_auto_state(new_state)
Set current state of autoanalyzer.

idastate_t

set_ida_state(st)
Change IDA status indicator value

show_addr(ea)
Show an address on the autoanalysis indicator.

show_auto(ea, type=AU_NONE)
Change autoanalysis indicator value.

Variables
	AU_CHLB = `90`
	AU_CODE = `20`
	AU_FCHUNK = `38`
	AU_FINAL = `200`
	AU_LBF2 = `70`
	AU_LBF3 = `80`
	AU_LIBF = `60`
	AU_NONE = `0`
	AU_PROC = `30`
	AU_TAIL = `35`
	AU_TYPE = `50`
	AU_UNK = `10`
	AU_USED = `40`
	AU_WEAK = `25`
	SWIG_PYTHON_LEGACY_BOOL = `1`
	__package__ = `None`
	cvar = `??`
	st_Ready = `0`
	st_Think = `1`
	st_Waiting = `2`
	st_Work = `3`

Function Details

auto_apply_tail(tail_ea, parent_ea)

Plan to apply the tail_ea chunk to the parent

Parameters:

tail_ea - linear address of start of tail (C++: ea_t)
parent_ea - linear address within parent. If BADADDR, automatically try to find parent via xrefs. (C++: ea_t)

auto_apply_type(caller, callee)

Plan to apply the callee's type to the calling point.

Parameters:

caller, (C++ - ea_t)
callee, (C++ - ea_t)

auto_cancel(ea1, ea2)

Remove an address range (ea1..ea2) from queues 'AU_CODE' , 'AU_PROC' , 'AU_USED' . To remove an address range from other queues use 'auto_unmark()' function. 'ea1' may be higher than 'ea2', the kernel will swap them in this case. 'ea2' doesn't belong to the range.

Parameters:

ea1, (C++ - ea_t)
ea2, (C++ - ea_t)

auto_get(type, lowEA, highEA)

Retrieve an address from queues regarding their priority. Returns 'BADADDR' if no addresses not lower than 'lowEA' and less than 'highEA' are found in the queues. Otherwise *type will have queue type.

Parameters:

type, (C++ - atype_t *)
lowEA, (C++ - ea_t)
highEA, (C++ - ea_t)

Returns: ea_t

auto_is_ok()

Are all queues empty? (i.e. has autoanalysis finished?).

Returns: bool

auto_make_code(ea)

Plan to make code.

Parameters:

ea, (C++ - ea_t)

auto_make_proc(ea)

Plan to make code&function.

Parameters:

ea, (C++ - ea_t)

auto_mark(ea, type)

Put single address into a queue. Queues keep addresses sorted.

Parameters:

ea, (C++ - ea_t)
type, (C++ - atype_t)

auto_mark_range(start, end, type)

Put range of addresses into a queue. 'start' may be higher than 'end', the kernel will swap them in this case. 'end' doesn't belong to the range.

Parameters:

start, (C++ - ea_t)
end, (C++ - ea_t)
type, (C++ - atype_t)

auto_recreate_insn(ea)

Try to create instruction

Parameters:

ea - linear address of callee (C++: ea_t)

Returns: int

the length of the instruction or 0

auto_unmark(start, end, type)

Remove range of addresses from a queue. 'start' may be higher than 'end', the kernel will swap them in this case. 'end' doesn't belong to the range.

Parameters:

start, (C++ - ea_t)
end, (C++ - ea_t)
type, (C++ - atype_t)

auto_wait()

Process everything in the queues and return true.

Returns: bool: false if the user clicked cancel. (the wait box must be displayed by the caller if desired)

auto_wait_range(ea1, ea2)

Process everything in the specified range and return true.

Parameters:

ea1, (C++ - ea_t)
ea2, (C++ - ea_t)

Returns: ssize_t

number of autoanalysis steps made. -1 if the user clicked cancel. (the wait box must be displayed by the caller if desired)

enable_auto(enable)

Temporarily enable/disable autoanalyzer. Not user-facing, but rather because IDA sometimes need to turn AA on/off regardless of inf.s_genflags:INFFL_AUTO

Parameters:

enable, (C++ - bool)

Returns: bool

old state

get_auto_display(auto_display)

Get structure which holds the autoanalysis indicator contents.

Parameters:

auto_display, (C++ - auto_display_t *)

get_auto_state()

Get current state of autoanalyzer. If auto_state == 'AU_NONE' , IDA is currently not running the analysis (it could be temporarily interrupted to perform the user's requests, for example).

Returns: atype_t

may_create_stkvars()

Is it allowed to create stack variables automatically?. This function should be used by IDP modules before creating stack vars.

Returns: bool

may_trace_sp()

Is it allowed to trace stack pointer automatically?. This function should be used by IDP modules before tracing sp.

Returns: bool

peek_auto_queue(low_ea, type)

Peek into a queue 'type' for an address not lower than 'low_ea'. Do not remove address from the queue.

Parameters:

low_ea, (C++ - ea_t)
type, (C++ - atype_t)

Returns: ea_t

the address or BADADDR

plan_and_wait(ea1, ea2, final_pass=True)

Analyze the specified range. Try to create instructions where possible. Make the final pass over the specified range if specified. This function doesn't return until the range is analyzed.

Parameters:

ea1, (C++ - ea_t)
ea2, (C++ - ea_t)
final_pass, (C++ - bool)

Returns: int

plan_ea(ea)

Plan to perform reanalysis.

Parameters:

ea, (C++ - ea_t)

plan_range(sEA, eEA)

Plan to perform reanalysis.

Parameters:

sEA, (C++ - ea_t)
eEA, (C++ - ea_t)

reanalyze_callers(ea, noret)

Plan to reanalyze callers of the specified address. This function will add to 'AU_USED' queue all instructions that call (not jump to) the specified address.

Parameters:

ea - linear address of callee (C++: ea_t)
noret - !=0: the callee doesn't return, mark to undefine subsequent instructions in the caller. 0: do nothing. (C++: bool)

revert_ida_decisions(ea1, ea2)

Delete all analysis info that IDA generated for for the given range.

Parameters:

ea1, (C++ - ea_t)
ea2, (C++ - ea_t)

set_auto_state(new_state)

Set current state of autoanalyzer.

Parameters:

new_state - new state of autoanalyzer (C++: atype_t)

Returns: atype_t

previous state

set_ida_state(st)

Change IDA status indicator value

Parameters:

st - - new indicator status (C++: idastate_t)

Returns: idastate_t

old indicator status

show_addr(ea)

Show an address on the autoanalysis indicator. The address is displayed in the form " @:12345678".

Parameters:

ea - - linear address to display (C++: ea_t)

show_auto(ea, type=AU_NONE)

Change autoanalysis indicator value.

Parameters:

ea - linear address being analyzed (C++: ea_t)
type - autoanalysis type (see Autoanalysis queues ) (C++: atype_t)