Module ida_bytes

IDA Plugin SDK API wrapper: bytes

Classes
	data_format_t Proxy of C++ data_format_t class.
	data_type_t Proxy of C++ data_type_t class.
	hidden_range_t Proxy of C++ hidden_range_t class.

Functions

add_byte(ea, value)
Add a value to one byte of the program.

add_dword(ea, value)
Add a value to one dword of the program.

bool

add_hidden_range(ea1, ea2, description, header, footer, color)
Mark a range of addresses as hidden.

bool

add_mapping(_from, to, size)
IDA supports memory mapping.

add_qword(ea, value)
Add a value to one qword of the program.

add_word(ea, value)
Add a value to one word of the program.

flags_t

align_flag()
Get a flags_t representing an alignment directive.

bool

append_cmt(ea, str, rptble)
Append to an indented comment.

bool

attach_custom_data_format(dtid, dfid)
Attach the data format to the data type.

flags_t

bin_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'

ea_t

bin_search(start_ea, end_ea, image, imask, step, flags)

flags_t

byte_flag()
Get a flags_t representing a byte.

int

bytesize(ea)
Get number of bytes required to store a byte at the given address.

int

calc_def_align(ea, mina, maxa)
Calculate default alignment.

flags_t

calc_dflags(f, force)

int

calc_max_align(endea)
Returns: 0..32.

ea_t

calc_max_item_end(ea, how=15)
Calculate maximal reasonable end address of a new item.

int

calc_min_align(length)
Returns: 1..32.

bool

can_define_item(ea, length, flags)
Can define item (instruction/data) of the specified 'length', starting at 'ea'?if there is an item starting at 'ea', this function ignores itthis function converts to unexplored all encountered data items with fixup information.

error_t

change_storage_type(start_ea, end_ea, stt)
Change flag storage type for address range.

flags_t

char_flag()
see 'Bits: instruction operand types'

asize_t

chunk_size(ea)
Get size of the contiguous address block containing 'ea'.

ea_t

chunk_start(ea)
Get start of the contiguous address block containing 'ea'.

bool

clr_lzero(ea, n)
Clear lzero bit.

bool

clr_op_type(ea, n)
Remove operand representation information.

flags_t

code_flag()
'FF_CODE'

bool

create_16bit_data(ea, length)
Convert to 16-bit quantity (take byte size into account)

bool

create_32bit_data(ea, length)
Convert to 32-bit quantity (take byte size into account)

bool

create_align(ea, length, alignment)
Alignment: 0 or 2..32.

bool

create_byte(ea, length, force=False)
Convert to byte.

bool

create_custdata(ea, length, dtid, fid, force=False)
Convert to custom data type.

bool

create_data(ea, dataflag, size, tid)
Convert to data (byte, word, dword, etc).

bool

create_double(ea, length, force=False)
Convert to double.

bool

create_dword(ea, length, force=False)
Convert to dword.

bool

create_float(ea, length, force=False)
Convert to float.

bool

create_oword(ea, length, force=False)
Convert to octaword/xmm word.

bool

create_packed_real(ea, length, force=False)
Convert to packed decimal real.

bool

create_qword(ea, length, force=False)
Convert to quadword.

bool

create_strlit(start, len, strtype)
Convert to string literal and give a meaningful name.

bool

create_struct(ea, length, tid, force=False)
Convert to struct.

bool

create_tbyte(ea, length, force=False)
Convert to tbyte.

bool

create_word(ea, length, force=False)
Convert to word.

bool

create_yword(ea, length, force=False)
Convert to ymm word.

bool

create_zword(ea, length, force=False)
Convert to zmm word.

flags_t

cust_flag()
Get a flags_t representing custom type data.

flags_t

custfmt_flag()
see 'Bits: instruction operand types'

flags_t

dec_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'

bool

del_hidden_range(ea)
Delete hidden range.

bool

del_items(ea, flags=0, nbytes=1, may_destroy=None)
Convert item (instruction/data) to unexplored bytes.

del_mapping(ea)
Delete memory mapping range.

del_value(ea)
Delete byte value from flags.

bool

detach_custom_data_format(dtid, dfid)
Detach the data format from the data type.

error_t

disable_flags(start_ea, end_ea)
Deallocate flags for address range.

flags_t

double_flag()
Get a flags_t representing a double.

flags_t

dword_flag()
Get a flags_t representing a double word.

error_t

enable_flags(start_ea, end_ea, stt)
Allocate flags for address range.

flags_t

enum_flag()
see 'Bits: instruction operand types'

bool

equal_bytes(ea, image, mask, len, sense_case)
Compare 'len' bytes of the program starting from 'ea' with 'image'.

bool

f_has_cmt(f, arg2)

bool

f_has_dummy_name(f, arg2)
Does the current byte have dummy (auto-generated, with special prefix) name?

bool

f_has_extra_cmts(f, arg2)

bool

f_has_name(f, arg2)
Does the current byte have non-trivial (non-dummy) name?

bool

f_has_user_name(F, arg2)
Does the current byte have user-specified name?

bool

f_has_xref(f, arg2)
Does the current byte have cross-references to it?

bool

f_is_align(F, arg2)
See 'is_align()'

bool

f_is_byte(F, arg2)
See 'is_byte()'

bool

f_is_code(F, arg2)
Does flag denote start of an instruction?

bool

f_is_custom(F, arg2)
See 'is_custom()'

bool

f_is_data(F, arg2)
Does flag denote start of data?

bool

f_is_double(F, arg2)
See 'is_double()'

bool

f_is_dword(F, arg2)
See 'is_dword()'

bool

f_is_float(F, arg2)
See 'is_float()'

bool

f_is_head(F, arg2)
Does flag denote start of instruction OR data?

bool

f_is_not_tail(F, arg2)
Does flag denote tail byte?

bool

f_is_oword(F, arg2)
See 'is_oword()'

bool

f_is_pack_real(F, arg2)
See 'is_pack_real()'

bool

f_is_qword(F, arg2)
See 'is_qword()'

bool

f_is_strlit(F, arg2)
See 'is_strlit()'

bool

f_is_struct(F, arg2)
See 'is_struct()'

bool

f_is_tail(F, arg2)
Does flag denote tail byte?

bool

f_is_tbyte(F, arg2)
See 'is_tbyte()'

bool

f_is_word(F, arg2)
See 'is_word()'

bool

f_is_yword(F, arg2)
See 'is_yword()'

ea_t

find_byte(sEA, size, value, bin_search_flags)
Find forward a byte with the specified value (only 8-bit value from the database).

ea_t

find_byter(sEA, size, value, bin_search_flags)
Find reverse a byte with the specified value (only 8-bit value from the database).

int

find_custom_data_format(name)
Get id of a custom data format.

int

find_custom_data_type(name)
Get id of a custom data type.

flags_t

float_flag()
Get a flags_t representing a float.

flags_t

flt_flag()
see 'Bits: instruction operand types'

ea_t

free_chunk(bottom, size, step)
Search for a hole in the addressing space of the program.

uint32

get_16bit(ea)
Get 16bits of the program at 'ea'.

uint32

get_32bit(ea)
Get not more than 32bits of the program at 'ea'.

uint64

get_64bit(ea)
Get not more than 64bits of the program at 'ea'.

PyObject *

get_8bit(ea, v, nbit)

uchar

get_byte(ea)
Get one byte (8-bit) of the program at 'ea'.

PyObject *

get_bytes(ea, size, gmb_flags=0x01)
Get the specified number of bytes of the program.

PyObject *

get_bytes_and_mask(ea, size, gmb_flags=0x01)
Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.

str

get_cmt(ea, rptble)
Get an indented comment.

data_format_t

get_custom_data_format(dfid)
Get definition of a registered custom data format.

int

get_custom_data_formats(out, dtid)
Get list of attached custom data formats for the specified data type.

data_type_t

get_custom_data_type(dtid)
Get definition of a registered custom data type.

int

get_custom_data_types(out, min_size=0, max_size=BADADDR)
Get list of registered custom data type ids.

asize_t

get_data_elsize(ea, F, ti=None)
Get size of data type specified in flags 'F'.

bool

get_data_value(v, ea, size)
Get the value at of the item at 'ea'.

uchar

get_db_byte(ea)
Get one byte (8-bit) of the program at 'ea' from the database.

int

get_default_radix()
Get default base of number for the current processor.

uint32

get_dword(ea)
Get one dword (32-bit) of the program at 'ea'.

enum_t

get_enum_id(ea, n)
Get enum id of 'enum' operand.

hidden_range_t

get_first_hidden_range()
Get pointer to the first hidden range.

flags_t

get_flags(ea)
get flags with 'FF_IVL' & 'MS_VAL' .

flags_t

get_flags_by_size(size)
Get flags from size (in bytes).

flags_t

get_flags_ex(ea, how)
Get flags for the specified address, extended form.

str

get_forced_operand(ea, n)
Get forced operand.

asize_t

get_full_data_elsize(ea, F, ti=None)
Get full size of data type specified in flags 'F'.

flags_t

get_full_flags(ea)
Get flags value for address 'ea'.

hidden_range_t

get_hidden_range(ea)
Get pointer to hidden range structure, in: linear address.

int

get_hidden_range_num(ea)
Get number of a hidden range.

int

get_hidden_range_qty()
Get number of hidden ranges.

ea_t

get_item_end(ea)
Get the end address of the item at 'ea'.

flags_t

get_item_flag(_from, n, ea, appzero)
Get flag of the item at 'ea' even if it is a tail byte of some array or structure.

ea_t

get_item_head(ea)
Get the start address of the item at 'ea'.

asize_t

get_item_size(ea)
Get size of item (instruction/data) in bytes.

hidden_range_t

get_last_hidden_range()
Get pointer to the last hidden range.

str

get_manual_insn(ea)
Retrieve the user-specified string for the manual instruction.

bool

get_mapping(n)
Get memory mapping range by its number.

size_t

get_mappings_qty()
Get number of mappings.

size_t

get_max_strlit_length(ea, strtype, options=0)
Determine maximum length of string literal.

hidden_range_t

get_next_hidden_range(ea)
Get pointer to next hidden range.

PyObject *

get_octet(ea, v, nbit)
Get 8 bits of the program at 'ea'.

opinfo_t

get_opinfo(buf, ea, n, flags)
Get additional information about an operand representation.

flags_t

get_optype_flags0(F)
Get flags for first operand.

flags_t

get_optype_flags1(F)
Get flags for second operand.

uint64

get_original_byte(ea)
Get original byte value (that was before patching).

uint64

get_original_dword(ea)
Get original dword (that was before patching) This function works for wide byte processors too.

uint64

get_original_qword(ea)
Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too.

uint64

get_original_word(ea)
Get original word value (that was before patching).

str

get_predef_insn_cmt(ins)
Get predefined comment.

hidden_range_t

get_prev_hidden_range(ea)
Get pointer to previous hidden range.

uint64

get_qword(ea)
Get one qword (64-bit) of the program at 'ea'.

int

get_radix(F, n)
Get radix of the operand, in: flags.

PyObject *

get_strlit_contents(ea, py_len, type, flags=0)
Get bytes contents at location, possibly converted.

int

get_stroff_path(path, delta, ea, n)
Get struct path of operand.

uint64

get_wide_byte(ea)
Get one wide byte of the program at 'ea'.

uint64

get_wide_dword(ea)
Get two wide words (4 'bytes') of the program at 'ea'.

uint64

get_wide_word(ea)
Get one wide word (2 'byte') of the program at 'ea'.

ushort

get_word(ea)
Get one word (16-bit) of the program at 'ea'.

bool

get_zero_ranges(zranges, range)
Return set of ranges with zero initialized bytes.

hidden_range_t

getn_hidden_range(n)
Get pointer to hidden range structure, in: number of hidden range.

bool

has_any_name(F)
Does the current byte have any name?

bool

has_auto_name(F)
Does the current byte have auto-generated (no special prefix) name?

bool

has_cmt(F)
Does the current byte have an indented comment?

bool

has_dummy_name(F)
Does the current byte have dummy (auto-generated, with special prefix) name?

bool

has_extra_cmts(F)
Does the current byte have additional anterior or posterior lines?

bool

has_immd(F)
Has immediate value?

bool

has_name(F)
Does the current byte have non-trivial (non-dummy) name?

bool

has_user_name(F)
Does the current byte have user-specified name?

bool

has_value(F)
Do flags contain byte value?

bool

has_xref(F)
Does the current byte have cross-references to it?

flags_t

hex_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'

bool

is_align(F)
'FF_ALIGN'

bool

is_attached_custom_data_format(dtid, dfid)

bool

is_bnot(ea, F, n)
Should we negate the operand?.

bool

is_byte(F)
'FF_BYTE'

bool

is_char(F, n)
is character constant?

bool

is_char0(F)
Is the first operand character constant? (example: push 'a')

bool

is_char1(F)
Is the second operand character constant? (example: mov al, 'a')

bool

is_code(F)
Does flag denote start of an instruction?

bool

is_custfmt(F, n)
is custom data format?

bool

is_custfmt0(F)
Does the first operand use a custom data representation?

bool

is_custfmt1(F)
Does the second operand use a custom data representation?

bool

is_custom(F)
'FF_CUSTOM'

bool

is_data(F)
Does flag denote start of data?

bool

is_defarg(F, n)
is defined?

bool

is_defarg0(F)
Is the first operand defined? Initially operand has no defined representation.

bool

is_defarg1(F)
Is the second operand defined? Initially operand has no defined representation.

bool

is_double(F)
'FF_DOUBLE'

bool

is_dword(F)
'FF_DWORD'

bool

is_enum(F, n)
is enum?

bool

is_enum0(F)
Is the first operand a symbolic constant (enum member)?

bool

is_enum1(F)
Is the second operand a symbolic constant (enum member)?

bool

is_float(F)
'FF_FLOAT'

bool

is_float0(F)
Is the first operand a floating point number?

bool

is_float1(F)
Is the second operand a floating point number?

bool

is_flow(F)
Does the previous instruction exist and pass execution flow to the current byte?

bool

is_fltnum(F, n)
is floating point number?

bool

is_forced_operand(ea, n)
Is operand manually defined?.

bool

is_func(F)
Is function start?

bool

is_head(F)
Does flag denote start of instruction OR data?

bool

is_invsign(ea, F, n)
Should sign of n-th operand inverted during output?.

bool

is_loaded(ea)
Does the specified address have a byte value (is initialized?)

bool

is_lzero(ea, n)
Display leading zeroes in operands.

bool

is_manual(F, n)
is forced operand? (use 'is_forced_operand()' )

bool

is_manual_insn(ea)
Is the instruction overridden?

bool

is_mapped(ea)
Is the specified address 'ea' present in the program?

bool

is_not_tail(F)
Does flag denote tail byte?

bool

is_numop(F, n)
is number (bin, oct, dec, hex)?

bool

is_numop0(F)
Is the first operand a number (i.e.

bool

is_numop1(F)
Is the second operand a number (i.e.

bool

is_off(F, n)
is offset?

bool

is_off0(F)
Is the first operand offset? (example: push offset xxx)

bool

is_off1(F)
Is the second operand offset? (example: mov ax, offset xxx)

bool

is_oword(F)
'FF_OWORD'

bool

is_pack_real(F)
'FF_PACKREAL'

bool

is_qword(F)
'FF_QWORD'

bool

is_same_data_type(F1, F2)
Do the given flags specify the same data type?

bool

is_seg(F, n)
is segment?

bool

is_seg0(F)
Is the first operand segment selector? (example: push seg seg001)

bool

is_seg1(F)
Is the second operand segment selector? (example: mov dx, seg dseg)

bool

is_stkvar(F, n)
is stack variable?

bool

is_stkvar0(F)
Is the first operand a stack variable?

bool

is_stkvar1(F)
Is the second operand a stack variable?

bool

is_strlit(F)
'FF_STRLIT'

bool

is_stroff(F, n)
is struct offset?

bool

is_stroff0(F)
Is the first operand an offset within a struct?

bool

is_stroff1(F)
Is the second operand an offset within a struct?

bool

is_struct(F)
'FF_STRUCT'

bool

is_suspop(ea, F, n)
is suspicious operand?

bool

is_tail(F)
Does flag denote tail byte?

bool

is_tbyte(F)
'FF_TBYTE'

bool

is_unknown(F)
Does flag denote unexplored byte?

int

is_varsize_item(ea, F, ti=None, itemsize=None)
Is the item at 'ea' variable size?.

bool

is_word(F)
'FF_WORD'

bool

is_yword(F)
'FF_YWORD'

bool

is_zword(F)
'FF_ZWORD'

bool

leading_zero_important(ea, n)
Check if leading zeroes are important.

int

nbits(ea)
Get number of bits in a byte at the given address.

ea_t

next_addr(ea)
Get next address in the program (i.e.

ea_t

next_chunk(ea)
Get the first address of next contiguous chunk in the program.

ea_t

next_head(ea, maxea)
Get start of next defined item.

ea_t

next_inited(ea, maxea)
Find the next initialized address.

ea_t

next_not_tail(ea)
Get address of next non-tail byte.

ea_t

next_that(ea, maxea, callable)
Find next address with a flag satisfying the function 'testf'.

ea_t

next_unknown(ea, maxea)
Similar to 'next_that()' , but will find the next address that is unexplored.

flags_t

num_flag()
Get number of default base (bin, oct, dec, hex)

flags_t

oct_flag()
Get number flag of the base, regardless of current processor - better to use 'num_flag()'

flags_t

off_flag()
see 'Bits: instruction operand types'

bool

op_adds_xrefs(F, n)
Should processor module create xrefs from the operand?.

bool

op_bin(ea, n)
set op type to 'bin_flag()'

bool

op_chr(ea, n)
set op type to 'char_flag()'

bool

op_custfmt(ea, n, fid)
Set custom data format for operand (fid-custom data format id)

bool

op_dec(ea, n)
set op type to 'dec_flag()'

bool

op_enum(ea, n, id, serial)
Set operand representation to be 'enum_t'.

bool

op_flt(ea, n)
set op type to 'flt_flag()'

bool

op_hex(ea, n)
set op type to 'hex_flag()'

bool

op_num(ea, n)
set op type to 'num_flag()'

bool

op_oct(ea, n)
set op type to 'oct_flag()'

bool

op_seg(ea, n)
Set operand representation to be 'segment'.

bool

op_stkvar(ea, n)
Set operand representation to be 'stack variable'.

bool

op_stroff(insn, n, path, path_len, delta)
Set operand representation to be 'struct offset'.

flags_t

oword_flag()
Get a flags_t representing a octaword.

flags_t

packreal_flag()
Get a flags_t representing a packed decimal real.

bool

patch_byte(ea, x)
Patch a byte of the program.

patch_bytes(ea, buf)
Patch the specified number of bytes of the program.

bool

patch_dword(ea, x)
Patch a dword of the program.

bool

patch_qword(ea, x)
Patch a qword of the program.

bool

patch_word(ea, x)
Patch a word of the program.

ea_t

prev_addr(ea)
Get previous address in the program.

ea_t

prev_chunk(ea)
Get the last address of previous contiguous chunk in the program.

ea_t

prev_head(ea, minea)
Get start of previous defined item.

ea_t

prev_inited(ea, minea)
Find the previous initialized address.

ea_t

prev_not_tail(ea)
Get address of previous non-tail byte.

ea_t

prev_that(ea, minea, callable)
Find previous address with a flag satisfying the function 'testf'.do not pass 'is_unknown()' to this function to find unexplored bytes It will fail under the debugger.

ea_t

prev_unknown(ea, minea)
Similar to 'prev_that()' , but will find the previous address that is unexplored.

PyObject *

print_strlit_type(strtype, flags=0)
Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.

bool

put_byte(ea, x)
Set value of one byte of the program.

put_bytes(ea, buf)
Modify the specified number of bytes of the program.

put_dword(ea, x)
Set value of one dword of the program.

put_qword(ea, x)
Set value of one qword (8 bytes) of the program.

put_word(ea, x)
Set value of one word of the program.

flags_t

qword_flag()
Get a flags_t representing a quad word.

int

register_custom_data_format(py_df)
Registers a custom data format with a given data type.

int

register_custom_data_type(py_dt)
Registers a custom data type.

register_data_types_and_formats(formats)
Registers multiple data types and formats at once.

bool

revert_byte(ea)
Revert patched byte

flags_t

seg_flag()
see 'Bits: instruction operand types'

bool

set_cmt(ea, comm, rptble)
Set an indented comment.

bool

set_forced_operand(ea, n, op)
Set forced operand.

bool

set_immd(ea)
Set 'has immediate operand' flag.

bool

set_lzero(ea, n)
Set toggle lzero bit.

set_manual_insn(ea, manual_insn)
Set manual instruction string.

bool

set_op_type(ea, type, n)
(internal function) change representation of operand(s).

bool

set_opinfo(ea, n, flag, ti, suppress_events=False)
Set additional information about an operand representation.

flags_t

stkvar_flag()
see 'Bits: instruction operand types'

flags_t

strlit_flag()
Get a flags_t representing a string literal.

flags_t

stroff_flag()
see 'Bits: instruction operand types'

flags_t

stru_flag()
Get a flags_t representing a struct.

flags_t

tbyte_flag()
Get a flags_t representing a tbyte.

bool

toggle_bnot(ea, n)
Toggle binary negation of operand.

bool

toggle_lzero(ea, n)

bool

toggle_sign(ea, n)
Toggle sign of n-th operand.

bool

unregister_custom_data_format(dfid)
Unregisters a custom data format

bool

unregister_custom_data_type(dtid)
Unregisters a custom data type.

unregister_data_types_and_formats(formats)
As opposed to register_data_types_and_formats(), this function unregisters multiple data types and formats at once.

bool

update_hidden_range(ha)
Update hidden range information in the database.

ea_t

use_mapping(ea)
Translate address according to current mappings.

int

visit_patched_bytes(ea1, ea2, py_callable)
Enumerates patched bytes in the given range and invokes a callable

flags_t

word_flag()
Get a flags_t representing a word.

flags_t

yword_flag()
Get a flags_t representing a ymm word.

flags_t

zword_flag()
Get a flags_t representing a zmm word.

Variables
	ALOPT_IGNCLT = `4`
	ALOPT_IGNHEADS = `1`
	ALOPT_IGNPRINT = `2`
	ALOPT_MAX4K = `8`
	BIN_SEARCH_BACKWARD = `16`
	BIN_SEARCH_CASE = `1`
	BIN_SEARCH_FORWARD = `0`
	BIN_SEARCH_INITED = `4`
	BIN_SEARCH_NOBREAK = `2`
	BIN_SEARCH_NOCASE = `0`
	BIN_SEARCH_NOSHOW = `8`
	DELIT_DELNAMES = `2`
	DELIT_EXPAND = `1`
	DELIT_KEEPFUNC = `32`
	DELIT_NOCMT = `16`
	DELIT_NOTRUNC = `4`
	DELIT_NOUNAME = `8`
	DELIT_SIMPLE = `0`
	DTP_NODUP = `1`
	DT_TYPE = `-268435456`
	FF_0CHAR = `3145728`
	FF_0CUST = `13631488`
	FF_0ENUM = `8388608`
	FF_0FLT = `12582912`
	FF_0FOP = `9437184`
	FF_0NUMB = `6291456`
	FF_0NUMD = `2097152`
	FF_0NUMH = `1048576`
	FF_0NUMO = `7340032`
	FF_0OFF = `5242880`
	FF_0SEG = `4194304`
	FF_0STK = `11534336`
	FF_0STRO = `10485760`
	FF_0VOID = `0`
	FF_1CHAR = `50331648`
	FF_1CUST = `218103808`
	FF_1ENUM = `134217728`
	FF_1FLT = `201326592`
	FF_1FOP = `150994944`
	FF_1NUMB = `100663296`
	FF_1NUMD = `33554432`
	FF_1NUMH = `16777216`
	FF_1NUMO = `117440512`
	FF_1OFF = `83886080`
	FF_1SEG = `67108864`
	FF_1STK = `184549376`
	FF_1STRO = `167772160`
	FF_1VOID = `0`
	FF_ALIGN = `-1342177280`
	FF_ANYNAME = `49152`
	FF_BNOT = `262144`
	FF_BYTE = `0`
	FF_CODE = `1536`
	FF_COMM = `2048`
	FF_CUSTOM = `-805306368`
	FF_DATA = `1024`
	FF_DOUBLE = `-1879048192`
	FF_DWORD = `536870912`
	FF_FLOAT = `-2147483648`
	FF_FLOW = `65536`
	FF_FUNC = `268435456`
	FF_IMMD = `1073741824`
	FF_IVL = `256`
	FF_JUMP = `2147483648`
	FF_LABL = `32768`
	FF_LINE = `8192`
	FF_NAME = `16384`
	FF_OWORD = `1879048192`
	FF_PACKREAL = `-1610612736`
	FF_QWORD = `805306368`
	FF_REF = `4096`
	FF_SIGN = `131072`
	FF_STRLIT = `1342177280`
	FF_STRUCT = `1610612736`
	FF_TAIL = `512`
	FF_TBYTE = `1073741824`
	FF_UNK = `0`
	FF_UNUSED = `524288`
	FF_WORD = `268435456`
	FF_YWORD = `-536870912`
	FF_ZWORD = `-268435456`
	GFE_VALUE = `1`
	GMB_READALL = `1`
	GMB_WAITBOX = `2`
	ITEM_END_FIXUP = `1`
	ITEM_END_INITED = `2`
	ITEM_END_NAME = `4`
	ITEM_END_XREF = `8`
	MS_0TYPE = `15728640`
	MS_1TYPE = `251658240`
	MS_CLS = `1536`
	MS_CODE = `4026531840`
	MS_COMM = `1046528`
	MS_VAL = `255`
	OPND_ALL = `15`
	OPND_MASK = `15`
	OPND_OUTER = `128`
	PBSENC_ALL = `-1`
	PBSENC_DEF1BPU = `0`
	PSTF_ENC = `8`
	PSTF_HOTKEY = `4`
	PSTF_TBRIEF = `1`
	PSTF_TINLIN = `2`
	PSTF_TMASK = `3`
	PSTF_TNORM = `0`
	STRCONV_ESCAPE = `1`
	STRCONV_INCLLEN = `4`
	STRCONV_REPLCHAR = `2`
	SWIG_PYTHON_LEGACY_BOOL = `1`
	__package__ = `None`

Function Details

add_byte(ea, value)

Add a value to one byte of the program. This function works for wide byte processors too.

Parameters:

ea - linear address (C++: ea_t)
value - byte value (C++: uint32)

add_dword(ea, value)

Add a value to one dword of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}this function works incorrectly if \ph{nbits} > 16

Parameters:

ea - linear address (C++: ea_t)
value - byte value (C++: uint64)

add_hidden_range(ea1, ea2, description, header, footer, color)

Mark a range of addresses as hidden. The range will be created in the invisible state with the default color

Parameters:

ea1 - linear address of start of the address range (C++: ea_t)
ea2 - linear address of end of the address range (C++: ea_t)
description - range parameters (C++: const char *)
header - range parameters (C++: const char *)
footer - range parameters (C++: const char *)
color, (C++ - bgcolor_t)

Returns: bool

success

add_mapping(_from, to, size)

IDA supports memory mapping. References to the addresses from the mapped range use data and meta-data from the mapping range.You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add memory mapping range.

Parameters:

_from - start of the mapped range (nonexistent address) (C++: ea_t)
to - start of the mapping range (existent address) (C++: ea_t)
size - size of the range (C++: asize_t)

Returns: bool

success

add_qword(ea, value)

Add a value to one qword of the program. This function does not work for wide byte processors. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea - linear address (C++: ea_t)
value - byte value (C++: uint64)

add_word(ea, value)

Add a value to one word of the program. This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea - linear address (C++: ea_t)
value - byte value (C++: uint64)

append_cmt(ea, str, rptble)

Append to an indented comment. Creates a new comment if none exists. Appends a newline character and the specified string otherwise.

Parameters:

ea - linear address (C++: ea_t)
str - comment string to append (C++: const char *)
rptble - append to repeatable comment? (C++: bool)

Returns: bool

success

attach_custom_data_format(dtid, dfid)

Attach the data format to the data type.

Parameters:

dtid - data type id that can use the data format. 0 means all standard data types. Such data formats can be applied to any data item or instruction operands. For instruction operands, the data_format_t::value_size check is not performed by the kernel. (C++: int)
dfid - data format id (C++: int)

Returns: bool

bytesize(ea)

Get number of bytes required to store a byte at the given address.

Parameters:

ea, (C++ - ea_t)

Returns: int

calc_def_align(ea, mina, maxa)

Calculate default alignment.

Parameters:

ea, (C++ - ea_t)
mina, (C++ - int)
maxa, (C++ - int)

Returns: int

calc_max_align(endea)

Returns: 0..32.

Parameters:

endea, (C++ - ea_t)

Returns: int

calc_max_item_end(ea, how=15)

Calculate maximal reasonable end address of a new item. This function will limit the item with the current segment bounds.

Parameters:

ea - linear address (C++: ea_t)
how - when to stop the search. A combination of Item end search flags (C++: int)

Returns: ea_t

end of new item. If it is not possible to create an item, it will return 'ea'.

calc_min_align(length)

Returns: 1..32.

Parameters:

length, (C++ - asize_t)

Returns: int

can_define_item(ea, length, flags)

Can define item (instruction/data) of the specified 'length', starting
at 'ea'?if there is an item starting at 'ea', this function ignores
itthis function converts to unexplored all encountered data items with
fixup information. Should be fixed in the future.a new item would
cross segment boundariesa new item would overlap with existing items
(except items specified by 'flags')

@param ea (C++: ea_t)
@param length (C++: asize_t)
@param flags: if not 0, then the kernel will ignore the data types
              specified by the flags and destroy them. For example:
              1000 dw 5                  1002 db 5 ; undef
              1003 db 5 ; undef                  1004 dw 5
              1006 dd 5                    can_define_item(1000, 6, 0)
              - false because of dw at 1004    can_define_item(1000,
              6, word_flag()) - true, word at 1004 is destroyed (C++:
              flags_t)
@return: 1-yes, 0-no

Returns: bool

change_storage_type(start_ea, end_ea, stt)

Change flag storage type for address range.

Parameters:

start_ea - should be lower than end_ea. (C++: ea_t)
end_ea - does not belong to the range. (C++: ea_t)
stt - storage_type_t (C++: storage_type_t)

Returns: error_t

error code

chunk_size(ea)

Get size of the contiguous address block containing 'ea'.

Parameters:

ea, (C++ - ea_t)

Returns: asize_t

0 if 'ea' doesn't belong to the program.

chunk_start(ea)

Get start of the contiguous address block containing 'ea'.

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

BADADDR if 'ea' doesn't belong to the program.

clr_lzero(ea, n)

Clear lzero bit.

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

clr_op_type(ea, n)

Remove operand representation information. (set operand representation to be 'undefined')

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, -1) (C++: int)

Returns: bool

success

create_16bit_data(ea, length)

Convert to 16-bit quantity (take byte size into account)

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)

Returns: bool

create_32bit_data(ea, length)

Convert to 32-bit quantity (take byte size into account)

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)

Returns: bool

create_align(ea, length, alignment)

Alignment: 0 or 2..32. If it is 0, is will be calculated.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
alignment, (C++ - int)

Returns: bool

create_byte(ea, length, force=False)

Convert to byte.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_custdata(ea, length, dtid, fid, force=False)

Convert to custom data type.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
dtid, (C++ - int)
fid, (C++ - int)
force, (C++ - bool)

Returns: bool

create_data(ea, dataflag, size, tid)

Convert to data (byte, word, dword, etc). This function may be used to create arrays.

Parameters:

ea - linear address (C++: ea_t)
dataflag - type of data. Value of function byte_flag() , word_flag() , etc. (C++: flags_t)
size - size of array in bytes. should be divisible by the size of one item of the specified type. for variable sized items it can be specified as 0, and the kernel will try to calculate the size. (C++: asize_t)
tid - type id. If the specified type is a structure, then tid is structure id. Otherwise should be BADNODE . (C++: tid_t)

Returns: bool

success

create_double(ea, length, force=False)

Convert to double.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_dword(ea, length, force=False)

Convert to dword.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_float(ea, length, force=False)

Convert to float.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_oword(ea, length, force=False)

Convert to octaword/xmm word.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_packed_real(ea, length, force=False)

Convert to packed decimal real.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_qword(ea, length, force=False)

Convert to quadword.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_strlit(start, len, strtype)

Convert to string literal and give a meaningful name. 'start' may be higher than 'end', the kernel will swap them in this case

Parameters:

start - starting address (C++: ea_t)
len - length of the string in bytes. if 0, then get_max_strlit_length() will be used to determine the length (C++: size_t)
strtype - string type. one of String type codes (C++: int32)

Returns: bool

success

create_struct(ea, length, tid, force=False)

Convert to struct.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
tid, (C++ - tid_t)
force, (C++ - bool)

Returns: bool

create_tbyte(ea, length, force=False)

Convert to tbyte.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_word(ea, length, force=False)

Convert to word.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_yword(ea, length, force=False)

Convert to ymm word.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

create_zword(ea, length, force=False)

Convert to zmm word.

Parameters:

ea, (C++ - ea_t)
length, (C++ - asize_t)
force, (C++ - bool)

Returns: bool

del_hidden_range(ea)

Delete hidden range.

Parameters:

ea - any address in the hidden range (C++: ea_t)

Returns: bool

success

del_items(ea, flags=0, nbytes=1, may_destroy=None)

Convert item (instruction/data) to unexplored bytes. The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function

Parameters:

ea - any address within the first item to delete (C++: ea_t)
flags - combination of Unexplored byte conversion flags (C++: int)
nbytes - number of bytes in the range to be undefined (C++: asize_t)
may_destroy - optional routine invoked before deleting a head item. If callback returns false then item has not to be deleted and operation fails (C++: may_destroy_cb_t *)

Returns: bool

true on sucessful operation, otherwise false

del_mapping(ea)

Delete memory mapping range.

Parameters:

ea - any address in the mapped range (C++: ea_t)

del_value(ea)

Delete byte value from flags. The corresponding byte becomes uninitialized.

Parameters:

ea, (C++ - ea_t)

detach_custom_data_format(dtid, dfid)

Detach the data format from the data type. Unregistering a custom data type detaches all attached data formats, no need to detach them explicitly. You still need unregister them. Unregistering a custom data format detaches it from all attached data types.

Parameters:

dtid - data type id to detach data format from (C++: int)
dfid - data format id to detach (C++: int)

Returns: bool

disable_flags(start_ea, end_ea)

Deallocate flags for address range. Exit with an error message if not enough disk space (this may occur too).

Parameters:

start_ea - should be lower than end_ea. (C++: ea_t)
end_ea - does not belong to the range. (C++: ea_t)

Returns: error_t

0 if ok, otherwise return error code

enable_flags(start_ea, end_ea, stt)

Allocate flags for address range. This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.

Parameters:

start_ea - should be lower than end_ea. (C++: ea_t)
end_ea - does not belong to the range. (C++: ea_t)
stt - storage_type_t (C++: storage_type_t)

Returns: error_t

0 if ok, otherwise an error code

equal_bytes(ea, image, mask, len, sense_case)

Compare 'len' bytes of the program starting from 'ea' with 'image'.

Parameters:

ea - linear address (C++: ea_t)
image - bytes to compare with (C++: const uchar *)
mask - array of 1/0 bytes, it's length is 'len'. 1 means to perform the comparison of the corresponding byte. 0 means not to perform. if mask == NULL, then all bytes of 'image' will be compared. if mask == SKIP_FF_MASK then 0xFF bytes will be skipped (C++: const uchar *)
len - length of block to compare in bytes. (C++: size_t)
sense_case - case-sensitive comparison? (C++: bool)

Returns: bool

f_has_dummy_name(f, arg2)

Does the current byte have dummy (auto-generated, with special prefix) name?

Parameters:

f, (C++ - flags_t)

Returns: bool

f_has_name(f, arg2)

Does the current byte have non-trivial (non-dummy) name?

Parameters:

f, (C++ - flags_t)

Returns: bool

f_has_user_name(F, arg2)

Does the current byte have user-specified name?

Parameters:

F, (C++ - flags_t)

Returns: bool

f_has_xref(f, arg2)

Does the current byte have cross-references to it?

Parameters:

f, (C++ - flags_t)

Returns: bool

f_is_align(F, arg2)

See 'is_align()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_byte(F, arg2)

See 'is_byte()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_code(F, arg2)

Does flag denote start of an instruction?

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_custom(F, arg2)

See 'is_custom()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_data(F, arg2)

Does flag denote start of data?

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_double(F, arg2)

See 'is_double()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_dword(F, arg2)

See 'is_dword()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_float(F, arg2)

See 'is_float()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_head(F, arg2)

Does flag denote start of instruction OR data?

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_not_tail(F, arg2)

Does flag denote tail byte?

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_oword(F, arg2)

See 'is_oword()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_pack_real(F, arg2)

See 'is_pack_real()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_qword(F, arg2)

See 'is_qword()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_strlit(F, arg2)

See 'is_strlit()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_struct(F, arg2)

See 'is_struct()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_tail(F, arg2)

Does flag denote tail byte?

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_tbyte(F, arg2)

See 'is_tbyte()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_word(F, arg2)

See 'is_word()'

Parameters:

F, (C++ - flags_t)

Returns: bool

f_is_yword(F, arg2)

See 'is_yword()'

Parameters:

F, (C++ - flags_t)

Returns: bool

find_byte(sEA, size, value, bin_search_flags)

Find forward a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 4, 5, and 6

Parameters:

sEA - linear address (C++: ea_t)
size - number of bytes to inspect (C++: asize_t)
value - value to find (C++: uchar)
bin_search_flags - combination of Search flags (C++: int)

Returns: ea_t

address of byte or BADADDR

find_byter(sEA, size, value, bin_search_flags)

Find reverse a byte with the specified value (only 8-bit value from the database). example: ea=4 size=3 will inspect addresses 6, 5, and 4

Parameters:

sEA - the lower address of the search range (C++: ea_t)
size - number of bytes to inspect (C++: asize_t)
value - value to find (C++: uchar)
bin_search_flags - combination of Search flags (C++: int)

Returns: ea_t

address of byte or BADADDR

find_custom_data_format(name)

Get id of a custom data format.

Parameters:

name - name of the custom data format (C++: const char *)

Returns: int

id or -1

find_custom_data_type(name)

Get id of a custom data type.

Parameters:

name - name of the custom data type (C++: const char *)

Returns: int

id or -1

free_chunk(bottom, size, step)

Search for a hole in the addressing space of the program.

Parameters:

bottom - address to start searching (C++: ea_t)
size - size of desired block (C++: asize_t)
step - bit mask for the start of hole (0xF would align hole to a paragraph). if 'step' is negative, the bottom address with be aligned. otherwise the kernel will try to use it as is and align it only when the hole is too small. (C++: int32)

Returns: ea_t

start of the hole or BADADDR

get_16bit(ea)

Get 16bits of the program at 'ea'.

Parameters:

ea, (C++ - ea_t)

Returns: uint32

1 byte (getFullByte()) if the current processor has 16-bit byte, otherwise return get_word()

get_32bit(ea)

Get not more than 32bits of the program at 'ea'.

Parameters:

ea, (C++ - ea_t)

Returns: uint32

32 bit value, depending on \ph{nbits}: if ( nbits <= 8 ) return get_dword(ea); if ( nbits <= 16) return get_wide_word(ea); return get_wide_byte(ea);

get_64bit(ea)

Get not more than 64bits of the program at 'ea'.

Parameters:

ea, (C++ - ea_t)

Returns: uint64

64 bit value, depending on \ph{nbits}: if ( nbits <= 8 ) return get_qword(ea); if ( nbits <= 16) return get_wide_dword(ea); return get_wide_byte(ea);

get_byte(ea)

Get one byte (8-bit) of the program at 'ea'. This function works only for 8bit byte processors.

Parameters:

ea, (C++ - ea_t)

Returns: uchar

get_bytes(ea, size, gmb_flags=0x01)

Get the specified number of bytes of the program.

Parameters:

ea - program address
size - number of bytes to return

Returns: PyObject *

the bytes (as a str), or None in case of failure

get_bytes_and_mask(ea, size, gmb_flags=0x01)

Get the specified number of bytes of the program, and a bitmask specifying what bytes are defined and what bytes are not.

Parameters:

ea - program address
size - number of bytes to return

Returns: PyObject *

a tuple (bytes, mask), or None in case of failure. Both 'bytes' and 'mask' are 'str' instances.

get_cmt(ea, rptble)

Get an indented comment.

Parameters:

ea - linear address. may point to tail byte, the function will find start of the item (C++: ea_t)
rptble - get repeatable comment? (C++: bool)

Returns: str

size of comment or -1

get_custom_data_format(dfid)

Get definition of a registered custom data format.

Parameters:

dfid - data format id (C++: int)

Returns: data_format_t

data format definition or NULL

get_custom_data_formats(out, dtid)

Get list of attached custom data formats for the specified data type.

Parameters:

out - buffer for the output. may be NULL (C++: intvec_t *)
dtid - data type id (C++: int)

Returns: int

number of returned custom data formats. if error, returns -1

get_custom_data_type(dtid)

Get definition of a registered custom data type.

Parameters:

dtid - data type id (C++: int)

Returns: data_type_t

data type definition or NULL

get_custom_data_types(out, min_size=0, max_size=BADADDR)

Get list of registered custom data type ids.

Parameters:

out - buffer for the output. may be NULL (C++: intvec_t *)
min_size - minimum value size (C++: asize_t)
max_size - maximum value size (C++: asize_t)

Returns: int

number of custom data types with the specified size limits

get_data_elsize(ea, F, ti=None)

Get size of data type specified in flags 'F'.

Parameters:

ea - linear address of the item (C++: ea_t)
F - flags (C++: flags_t)
ti - additional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be NULL). If specified as NULL, will be automatically retrieved from the database (C++: const opinfo_t *)

Returns: asize_t

byte : 1 word : 2 etc...

get_data_value(v, ea, size)

Get the value at of the item at 'ea'. This function works with entities up to sizeof(ea_t) (bytes, word, etc)

Parameters:

v - pointer to the result. may be NULL (C++: uval_t *)
ea - linear address (C++: ea_t)
size - size of data to read. If 0, then the item type at 'ea' will be used (C++: asize_t)

Returns: bool

success

get_db_byte(ea)

Get one byte (8-bit) of the program at 'ea' from the database. Works even if the debugger is active. See also 'get_dbg_byte()' to read the process memory directly. This function works only for 8bit byte processors.

Parameters:

ea, (C++ - ea_t)

Returns: uchar

get_default_radix()

Get default base of number for the current processor.

Returns: int: 2, 8, 10, 16

get_dword(ea)

Get one dword (32-bit) of the program at 'ea'. This function takes into account order of bytes specified in \inf{is_be()} This function works only for 8bit byte processors.

Parameters:

ea, (C++ - ea_t)

Returns: uint32

get_enum_id(ea, n)

Get enum id of 'enum' operand.

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, -1) (C++: int)

Returns: enum_t

id of enum or BADNODE

get_first_hidden_range()

Get pointer to the first hidden range.

Returns: hidden_range_t: ptr to hidden range or NULL

get_flags(ea)

get flags with 'FF_IVL' & 'MS_VAL' . It is much slower under remote debugging because the kernel needs to read the process memory.

Parameters:

ea, (C++ - ea_t)

Returns: flags_t

get_flags_by_size(size)

Get flags from size (in bytes). Supported sizes: 1, 2, 4, 8, 16, 32. For other sizes returns 0

Parameters:

size, (C++ - size_t)

Returns: flags_t

get_flags_ex(ea, how)

Get flags for the specified address, extended form.

Parameters:

ea, (C++ - ea_t)
how, (C++ - int)

Returns: flags_t

get_forced_operand(ea, n)

Get forced operand.

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, 2) (C++: int)

Returns: str

size of forced operand or -1

get_full_data_elsize(ea, F, ti=None)

Get full size of data type specified in flags 'F'. takes into account processors with wide bytes e.g. returns 2 for a byte element with 16-bit bytes

Parameters:

ea, (C++ - ea_t)
F, (C++ - flags_t)
ti, (C++ - const opinfo_t *)

Returns: asize_t

get_full_flags(ea)

Get flags value for address 'ea'.

Parameters:

ea, (C++ - ea_t)

Returns: flags_t

0 if address is not present in the program

get_hidden_range(ea)

Get pointer to hidden range structure, in: linear address.

Parameters:

ea - any address in the hidden range (C++: ea_t)

Returns: hidden_range_t

get_hidden_range_num(ea)

Get number of a hidden range.

Parameters:

ea - any address in the hidden range (C++: ea_t)

Returns: int

number of hidden range (0.. get_hidden_range_qty() -1)

get_item_end(ea)

Get the end address of the item at 'ea'. The returned address doesn't belong to the current item. Unexplored bytes are counted as 1 byte entities.

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

get_item_flag(_from, n, ea, appzero)

Get flag of the item at 'ea' even if it is a tail byte of some array or structure. This function is used to get flags of structure members or array elements.

Parameters:

_from - linear address of the instruction which refers to 'ea' (C++: ea_t)
n - number of operand which refers to 'ea' (C++: int)
ea - the referenced address (C++: ea_t)
appzero - append a struct field name if the field offset is zero? meaningful only if the name refers to a structure. (C++: bool)

Returns: flags_t

flags or 0 (if failed)

get_item_head(ea)

Get the start address of the item at 'ea'. If there is no current item, then 'ea' will be returned (see definition at the end of 'bytes.hpp' source)

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

get_item_size(ea)

Get size of item (instruction/data) in bytes. Unexplored bytes have length of 1 byte. This function never returns 0.

Parameters:

ea, (C++ - ea_t)

Returns: asize_t

get_last_hidden_range()

Get pointer to the last hidden range.

Returns: hidden_range_t: ptr to hidden range or NULL

get_manual_insn(ea)

Retrieve the user-specified string for the manual instruction.

Parameters:

ea - linear address of the instruction or data item (C++: ea_t)

Returns: str

size of manual instruction or -1

get_mapping(n)

Get memory mapping range by its number.

Parameters:

n - number of mapping range (0.. get_mappings_qty() -1) (C++: size_t)

Returns: bool

false if the specified range doesn't exist, otherwise returns from , to , size

get_max_strlit_length(ea, strtype, options=0)

Determine maximum length of string literal.

Parameters:

ea - starting address (C++: ea_t)
strtype - string type. one of String type codes (C++: int32)
options - combination of string literal length options (C++: int)

Returns: size_t

length of the string in octets (octet==8bit)

get_next_hidden_range(ea)

Get pointer to next hidden range.

Parameters:

ea - any address in the program (C++: ea_t)

Returns: hidden_range_t

ptr to hidden range or NULL if next hidden range doesn't exist

get_octet(ea, v, nbit)

Get 8 bits of the program at 'ea'. The main usage of this function is
to iterate range of bytes. Here is an example:

uint64 v;
int nbit = 0;
for ( ... ) {
  uchar byte = get_octet(&ea, &v, &nbit);
  ...
}

'ea' is incremented each time when a new byte is read. In the above
example, it will be incremented in the first loop iteration.

@param ea (C++: ea_t *)
@param v (C++: uint64  *)
@param nbit (C++: int *)

Returns: PyObject *

get_opinfo(buf, ea, n, flags)

Get additional information about an operand representation.

Parameters:

buf - buffer to receive the result. may not be NULL (C++: opinfo_t *)
ea - linear address of item (C++: ea_t)
n - number of operand, 0 or 1 (C++: int)
flags - flags of the item (C++: flags_t)

Returns: opinfo_t

NULL if no additional representation information

get_optype_flags0(F)

Get flags for first operand.

Parameters:

F, (C++ - flags_t)

Returns: flags_t

get_optype_flags1(F)

Get flags for second operand.

Parameters:

F, (C++ - flags_t)

Returns: flags_t

get_original_byte(ea)

Get original byte value (that was before patching). This function works for wide byte processors too.

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_original_dword(ea)

Get original dword (that was before patching) This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_original_qword(ea)

Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_original_word(ea)

Get original word value (that was before patching). This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_predef_insn_cmt(ins)

Get predefined comment.

Parameters:

ins - current instruction information (C++: const insn_t &)

Returns: str

size of comment or -1

get_prev_hidden_range(ea)

Get pointer to previous hidden range.

Parameters:

ea - any address in the program (C++: ea_t)

Returns: hidden_range_t

ptr to hidden range or NULL if previous hidden range doesn't exist

get_qword(ea)

Get one qword (64-bit) of the program at 'ea'. This function takes into account order of bytes specified in \inf{is_be()} This function works only for 8bit byte processors.

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_radix(F, n)

Get radix of the operand, in: flags. If the operand is not a number, returns 'get_default_radix()'

Parameters:

F - flags (C++: flags_t)
n - number of operand (0, 1, -1) (C++: int)

Returns: int

2, 8, 10, 16

get_strlit_contents(ea, py_len, type, flags=0)

Get bytes contents at location, possibly converted. It works even if the string has not been created in the database yet.

Note that this will <b>always</b> return a simple string of bytes (i.e., a 'str' instance), and not a string of unicode characters.

If you want auto-conversion to unicode strings (that is: real strings), you should probably be using the idautils.Strings class.

Parameters:

ea - linear address of the string
len - length of the string in bytes (including terminating 0)
type - type of the string. Represents both the character encoding, <u>and</u> the 'type' of string at the given location.
flags - combination of STRCONV_..., to perform output conversion.

Returns: PyObject *

a bytes-filled str object.

get_stroff_path(path, delta, ea, n)

Get struct path of operand.

Parameters:

path - buffer for structure path (strpath). see nalt.hpp for more info. (C++: tid_t *)
delta - struct offset delta (C++: adiff_t *)
ea - linear address (C++: ea_t)
n - number of operand (0, 1, -1) (C++: int)

Returns: int

length of strpath

get_wide_byte(ea)

Get one wide byte of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view.

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_wide_dword(ea)

Get two wide words (4 'bytes') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in \inf{is_be()}this function works incorrectly if \ph{nbits} > 16

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_wide_word(ea)

Get one wide word (2 'byte') of the program at 'ea'. Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea, (C++ - ea_t)

Returns: uint64

get_word(ea)

Get one word (16-bit) of the program at 'ea'. This function takes into account order of bytes specified in \inf{is_be()} This function works only for 8bit byte processors.

Parameters:

ea, (C++ - ea_t)

Returns: ushort

get_zero_ranges(zranges, range)

Return set of ranges with zero initialized bytes. The returned set includes only big zero initialized ranges (at least >1KB). Some zero initialized byte ranges may be not included. Only zero bytes that use the sparse storage method (STT_MM) are reported.

Parameters:

zranges - pointer to the return value. cannot be NULL (C++: rangeset_t *)
range - the range of addresses to verify. can be NULL - means all ranges (C++: const range_t *)

Returns: bool

true if the result is a non-empty set

getn_hidden_range(n)

Get pointer to hidden range structure, in: number of hidden range.

Parameters:

n - number of hidden range, is in range 0.. get_hidden_range_qty() -1 (C++: int)

Returns: hidden_range_t

has_any_name(F)

Does the current byte have any name?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_auto_name(F)

Does the current byte have auto-generated (no special prefix) name?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_cmt(F)

Does the current byte have an indented comment?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_dummy_name(F)

Does the current byte have dummy (auto-generated, with special prefix) name?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_extra_cmts(F)

Does the current byte have additional anterior or posterior lines?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_immd(F)

Has immediate value?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_name(F)

Does the current byte have non-trivial (non-dummy) name?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_user_name(F)

Does the current byte have user-specified name?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_value(F)

Do flags contain byte value?

Parameters:

F, (C++ - flags_t)

Returns: bool

has_xref(F)

Does the current byte have cross-references to it?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_align(F)

'FF_ALIGN'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_bnot(ea, F, n)

Should we negate the operand?. \ash{a_bnot} should be defined in the idp module in order to work with this function

Parameters:

ea, (C++ - ea_t)
F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_byte(F)

'FF_BYTE'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_char(F, n)

is character constant?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_char0(F)

Is the first operand character constant? (example: push 'a')

Parameters:

F, (C++ - flags_t)

Returns: bool

is_char1(F)

Is the second operand character constant? (example: mov al, 'a')

Parameters:

F, (C++ - flags_t)

Returns: bool

is_code(F)

Does flag denote start of an instruction?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_custfmt(F, n)

is custom data format?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_custfmt0(F)

Does the first operand use a custom data representation?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_custfmt1(F)

Does the second operand use a custom data representation?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_custom(F)

'FF_CUSTOM'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_data(F)

Does flag denote start of data?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_defarg(F, n)

is defined?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_defarg0(F)

Is the first operand defined? Initially operand has no defined representation.

Parameters:

F, (C++ - flags_t)

Returns: bool

is_defarg1(F)

Is the second operand defined? Initially operand has no defined representation.

Parameters:

F, (C++ - flags_t)

Returns: bool

is_double(F)

'FF_DOUBLE'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_dword(F)

'FF_DWORD'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_enum(F, n)

is enum?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_enum0(F)

Is the first operand a symbolic constant (enum member)?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_enum1(F)

Is the second operand a symbolic constant (enum member)?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_float(F)

'FF_FLOAT'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_float0(F)

Is the first operand a floating point number?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_float1(F)

Is the second operand a floating point number?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_flow(F)

Does the previous instruction exist and pass execution flow to the current byte?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_fltnum(F, n)

is floating point number?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_forced_operand(ea, n)

Is operand manually defined?.

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, 2) (C++: int)

Returns: bool

is_func(F)

Is function start?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_head(F)

Does flag denote start of instruction OR data?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_invsign(ea, F, n)

Should sign of n-th operand inverted during output?. allowed values of n: 0-first operand, 1-other operands

Parameters:

ea, (C++ - ea_t)
F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_loaded(ea)

Does the specified address have a byte value (is initialized?)

Parameters:

ea, (C++ - ea_t)

Returns: bool

is_lzero(ea, n)

Display leading zeroes in operands. The global switch for the leading zeroes is in \inf{s_genflags} The leading zeroes doesn't work if the octal numbers start with 0 Display leading zeroes? (takes into account \inf{s_genflags})

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

is_manual(F, n)

is forced operand? (use 'is_forced_operand()' )

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_manual_insn(ea)

Is the instruction overridden?

Parameters:

ea - linear address of the instruction or data item (C++: ea_t)

Returns: bool

is_mapped(ea)

Is the specified address 'ea' present in the program?

Parameters:

ea, (C++ - ea_t)

Returns: bool

is_not_tail(F)

Does flag denote tail byte?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_numop(F, n)

is number (bin, oct, dec, hex)?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_numop0(F)

Is the first operand a number (i.e. binary, octal, decimal or hex?)

Parameters:

F, (C++ - flags_t)

Returns: bool

is_numop1(F)

Is the second operand a number (i.e. binary, octal, decimal or hex?)

Parameters:

F, (C++ - flags_t)

Returns: bool

is_off(F, n)

is offset?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_off0(F)

Is the first operand offset? (example: push offset xxx)

Parameters:

F, (C++ - flags_t)

Returns: bool

is_off1(F)

Is the second operand offset? (example: mov ax, offset xxx)

Parameters:

F, (C++ - flags_t)

Returns: bool

is_oword(F)

'FF_OWORD'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_pack_real(F)

'FF_PACKREAL'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_qword(F)

'FF_QWORD'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_same_data_type(F1, F2)

Do the given flags specify the same data type?

Parameters:

F1, (C++ - flags_t)
F2, (C++ - flags_t)

Returns: bool

is_seg(F, n)

is segment?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_seg0(F)

Is the first operand segment selector? (example: push seg seg001)

Parameters:

F, (C++ - flags_t)

Returns: bool

is_seg1(F)

Is the second operand segment selector? (example: mov dx, seg dseg)

Parameters:

F, (C++ - flags_t)

Returns: bool

is_stkvar(F, n)

is stack variable?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_stkvar0(F)

Is the first operand a stack variable?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_stkvar1(F)

Is the second operand a stack variable?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_strlit(F)

'FF_STRLIT'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_stroff(F, n)

is struct offset?

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_stroff0(F)

Is the first operand an offset within a struct?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_stroff1(F)

Is the second operand an offset within a struct?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_struct(F)

'FF_STRUCT'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_suspop(ea, F, n)

is suspicious operand?

Parameters:

ea, (C++ - ea_t)
F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

is_tail(F)

Does flag denote tail byte?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_tbyte(F)

'FF_TBYTE'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_unknown(F)

Does flag denote unexplored byte?

Parameters:

F, (C++ - flags_t)

Returns: bool

is_varsize_item(ea, F, ti=None, itemsize=None)

Is the item at 'ea' variable size?.

Parameters:

ea - linear address of the item (C++: ea_t)
F - flags (C++: flags_t)
ti - additional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be NULL). If specified as NULL, will be automatically retrieved from the database (C++: const opinfo_t *)
itemsize - if not NULL and the item is varsize, itemsize will contain the calculated item size (for struct types, the minimal size is returned) (C++: asize_t *)

Returns: int

is_word(F)

'FF_WORD'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_yword(F)

'FF_YWORD'

Parameters:

F, (C++ - flags_t)

Returns: bool

is_zword(F)

'FF_ZWORD'

Parameters:

F, (C++ - flags_t)

Returns: bool

leading_zero_important(ea, n)

Check if leading zeroes are important.

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

nbits(ea)

Get number of bits in a byte at the given address.

Parameters:

ea, (C++ - ea_t)

Returns: int

\ph{dnbits()} if the address doesn't belong to a segment, otherwise the result depends on the segment type

next_addr(ea)

Get next address in the program (i.e. next address which has flags).

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

BADADDR if no such address exist.

next_chunk(ea)

Get the first address of next contiguous chunk in the program.

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

BADADDR if next chunk doesn't exist.

next_head(ea, maxea)

Get start of next defined item.

Parameters:

ea - begin search at this address (C++: ea_t)
maxea - not included in the search range (C++: ea_t)

Returns: ea_t

BADADDR if none exists.

next_inited(ea, maxea)

Find the next initialized address.

Parameters:

ea, (C++ - ea_t)
maxea, (C++ - ea_t)

Returns: ea_t

next_not_tail(ea)

Get address of next non-tail byte.

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

BADADDR if none exists.

next_that(ea, maxea, callable)

Find next address with a flag satisfying the function 'testf'. Start searching from address 'ea'+1 and inspect bytes up to 'maxea'. maxea is not included in the search range.

Parameters:

callable - a Python callable with the following prototype: callable(flags). Return True to stop enumeration.

Returns: ea_t

the found address or BADADDR.

next_unknown(ea, maxea)

Similar to 'next_that()' , but will find the next address that is unexplored.

Parameters:

ea, (C++ - ea_t)
maxea, (C++ - ea_t)

Returns: ea_t

op_adds_xrefs(F, n)

Should processor module create xrefs from the operand?. Currently 'offset' and 'structure offset' operands create xrefs

Parameters:

F, (C++ - flags_t)
n, (C++ - int)

Returns: bool

op_bin(ea, n)

set op type to 'bin_flag()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

op_chr(ea, n)

set op type to 'char_flag()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

op_custfmt(ea, n, fid)

Set custom data format for operand (fid-custom data format id)

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)
fid, (C++ - int)

Returns: bool

op_dec(ea, n)

set op type to 'dec_flag()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

op_enum(ea, n, id, serial)

Set operand representation to be 'enum_t'. If applied to unexplored bytes, converts them to 16/32bit word data

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, -1) (C++: int)
id - id of enum (C++: enum_t)
serial - the serial number of the constant in the enumeration, usually 0. the serial numbers are used if the enumeration contains several constants with the same value (C++: uchar)

Returns: bool

success

op_flt(ea, n)

set op type to 'flt_flag()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

op_hex(ea, n)

set op type to 'hex_flag()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

op_num(ea, n)

set op type to 'num_flag()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

op_oct(ea, n)

set op type to 'oct_flag()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

op_seg(ea, n)

Set operand representation to be 'segment'. If applied to unexplored bytes, converts them to 16/32bit word data

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, -1) (C++: int)

Returns: bool

success

op_stkvar(ea, n)

Set operand representation to be 'stack variable'. Should be applied to an instruction within a function. Should be applied after creating a stack var using 'insn_t::create_stkvar()' .

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, -1) (C++: int)

Returns: bool

success

op_stroff(insn, n, path, path_len, delta)

Set operand representation to be 'struct offset'. If applied to unexplored bytes, converts them to 16/32bit word data

Parameters:

insn - the instruction (C++: const insn_t &)
n - number of operand (0, 1, -1) (C++: int)
path - structure path (strpath). see nalt.hpp for more info. (C++: const tid_t *)
path_len - length of the structure path (C++: int)
delta - struct offset delta. usually 0. denotes the difference between the structure base and the pointer into the structure. (C++: adiff_t)

Returns: bool

success

Example: Python> Python> ins = ida_ua.insn_t() Python> if ida_ua.decode_insn(ins, some_address): Python> path_len = 1 Python> path = ida_pro.tid_array(path_len) Python> path[0] = ida_struct.get_struc_id("my_stucture_t") Python> ida_bytes.op_stroff(ins, 0, path.cast(), path_len, 0) Python>

patch_byte(ea, x)

Patch a byte of the program. The original value of the byte is saved and can be obtained by 'get_original_byte()' . This function works for wide byte processors too.

Parameters:

ea, (C++ - ea_t)
x, (C++ - uint64)

Returns: bool

patch_bytes(ea, buf)

Patch the specified number of bytes of the program. Original values of bytes are saved and are available with get_original...() functions. See also 'put_bytes()' .

Parameters:

ea - linear address (C++: ea_t)
buf - buffer with new values of bytes (C++: const void *)

patch_dword(ea, x)

Patch a dword of the program. The original value of the dword is saved and can be obtained by 'get_original_dword()' . This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea, (C++ - ea_t)
x, (C++ - uint64)

Returns: bool

patch_qword(ea, x)

Patch a qword of the program. The original value of the qword is saved and can be obtained by 'get_original_qword()' . This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea, (C++ - ea_t)
x, (C++ - uint64)

Returns: bool

patch_word(ea, x)

Patch a word of the program. The original value of the word is saved and can be obtained by 'get_original_word()' . This function works for wide byte processors too. This function takes into account order of bytes specified in \inf{is_be()}

Parameters:

ea, (C++ - ea_t)
x, (C++ - uint64)

Returns: bool

prev_addr(ea)

Get previous address in the program.

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

BADADDR if no such address exist.

prev_chunk(ea)

Get the last address of previous contiguous chunk in the program.

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

BADADDR if previous chunk doesn't exist.

prev_head(ea, minea)

Get start of previous defined item.

Parameters:

ea - begin search at this address (C++: ea_t)
minea - included in the search range (C++: ea_t)

Returns: ea_t

BADADDR if none exists.

prev_inited(ea, minea)

Find the previous initialized address.

Parameters:

ea, (C++ - ea_t)
minea, (C++ - ea_t)

Returns: ea_t

prev_not_tail(ea)

Get address of previous non-tail byte.

Parameters:

ea, (C++ - ea_t)

Returns: ea_t

BADADDR if none exists.

prev_that(ea, minea, callable)

Find previous address with a flag satisfying the function 'testf'.do not pass 'is_unknown()' to this function to find unexplored bytes It will fail under the debugger. To find unexplored bytes, use 'prev_unknown()' .

Parameters:

ea - start searching from this address - 1. (C++: ea_t)
minea - included in the search range. (C++: ea_t)

Returns: ea_t

the found address or BADADDR .

prev_unknown(ea, minea)

Similar to 'prev_that()' , but will find the previous address that is unexplored.

Parameters:

ea, (C++ - ea_t)
minea, (C++ - ea_t)

Returns: ea_t

print_strlit_type(strtype, flags=0)

Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.

Parameters:

strtype - the string type (C++: int32)
flags - or'ed PSTF_* constants (C++: int)

Returns: PyObject *

length of generated text

put_byte(ea, x)

Set value of one byte of the program. This function modifies the database. If the debugger is active then the debugged process memory is patched too.The original value of the byte is completely lost and can't be recovered by the 'get_original_byte()' function. See also 'put_dbg_byte()' to write to the process memory directly when the debugger is active. This function can handle wide byte processors.

Parameters:

ea - linear address (C++: ea_t)
x - byte value (C++: uint64)

Returns: bool

true if the database has been modified

put_bytes(ea, buf)

Modify the specified number of bytes of the program. This function does not save the original values of bytes. See also 'patch_bytes()' .

Parameters:

ea - linear address (C++: ea_t)
buf - buffer with new values of bytes (C++: const void *)

put_dword(ea, x)

Set value of one dword of the program. This function takes into account order of bytes specified in \inf{is_be()} This function works for wide byte processors too.the original value of the dword is completely lost and can't be recovered by the 'get_original_dword()' function.

Parameters:

ea - linear address (C++: ea_t)
x - dword value (C++: uint64)

put_qword(ea, x)

Set value of one qword (8 bytes) of the program. This function takes into account order of bytes specified in \inf{is_be()} This function DOESN'T works for wide byte processors.

Parameters:

ea - linear address (C++: ea_t)
x - qword value (C++: uint64)

put_word(ea, x)

Set value of one word of the program. This function takes into account order of bytes specified in \inf{is_be()} This function works for wide byte processors too.The original value of the word is completely lost and can't be recovered by the 'get_original_word()' function. ea - linear address x - word value

Parameters:

ea, (C++ - ea_t)
x, (C++ - uint64)

register_custom_data_format(py_df)

Registers a custom data format with a given data type.

Parameters:

df - an instance of data_format_t

Returns: int

< 0 if failed to register > 0 data format id

register_custom_data_type(py_dt)

Registers a custom data type.

Parameters:

dt - an instance of the data_type_t class

Returns: int

< 0 if failed to register > 0 data type id

register_data_types_and_formats(formats)

Registers multiple data types and formats at once.
To register one type/format at a time use register_custom_data_type/register_custom_data_format

It employs a special table of types and formats described below:

The 'formats' is a list of tuples. If a tuple has one element then it is the format to be registered with dtid=0
If the tuple has more than one element, then tuple[0] is the data type and tuple[1:] are the data formats. For example:
many_formats = [
  (pascal_data_type(), pascal_data_format()),
  (simplevm_data_type(), simplevm_data_format()),
  (makedword_data_format(),),
  (simplevm_data_format(),)
]
The first two tuples describe data types and their associated formats.
The last two tuples describe two data formats to be used with built-in data types.
The data format may be attached to several data types. The id of the
data format is stored in the first data_format_t object. For example:
assert many_formats[1][1] != -1
assert many_formats[2][0] != -1
assert many_formats[3][0] == -1

revert_byte(ea)

Revert patched byte

Parameters:

ea, (C++ - ea_t)

Returns: bool

set_cmt(ea, comm, rptble)

Set an indented comment.

Parameters:

ea - linear address (C++: ea_t)
comm - comment string NULL: do nothing (return 0) "" : delete comment (C++: const char *)
rptble - is repeatable? (C++: bool)

Returns: bool

success

set_forced_operand(ea, n, op)

Set forced operand.

Parameters:

ea - linear address (C++: ea_t)
n - number of operand (0, 1, 2) (C++: int)
op - text of operand NULL: do nothing (return 0) "" : delete forced operand (C++: const char *)

Returns: bool

success

set_immd(ea)

Set 'has immediate operand' flag. Returns true if the 'FF_IMMD' bit was not set and now is set

Parameters:

ea, (C++ - ea_t)

Returns: bool

set_lzero(ea, n)

Set toggle lzero bit.

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

set_manual_insn(ea, manual_insn)

Set manual instruction string.

Parameters:

ea - linear address of the instruction or data item (C++: ea_t)
manual_insn - "" - delete manual string. NULL - do nothing (C++: const char *)

set_op_type(ea, type, n)

(internal function) change representation of operand(s).

Parameters:

ea - linear address (C++: ea_t)
type - new flag value (should be obtained from char_flag() , num_flag() and similar functions) (C++: flags_t)
n - number of operand (0, 1, -1) (C++: int)

Returns: bool

set_opinfo(ea, n, flag, ti, suppress_events=False)

Set additional information about an operand representation. This function is a low level one. Only the kernel should use it.

Parameters:

ea - linear address of the item (C++: ea_t)
n - number of operand, 0 or 1 (C++: int)
flag - flags of the item (C++: flags_t)
ti - additional representation information (C++: const opinfo_t *)
suppress_events - do not generate changing_op_type and op_type_changed events (C++: bool)

Returns: bool

success

toggle_bnot(ea, n)

Toggle binary negation of operand. also see 'is_bnot()'

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

toggle_sign(ea, n)

Toggle sign of n-th operand. allowed values of n: 0-first operand, 1-other operands

Parameters:

ea, (C++ - ea_t)
n, (C++ - int)

Returns: bool

unregister_custom_data_format(dfid)

Unregisters a custom data format

Parameters:

dfid - data format id

Returns: bool

Boolean

unregister_custom_data_type(dtid)

Unregisters a custom data type.

Parameters:

dtid - the data type id

Returns: bool

Boolean

update_hidden_range(ha)

Update hidden range information in the database. You cannot use this function to change the range boundaries

Parameters:

ha - range to update (C++: const hidden_range_t *)

Returns: bool

success

use_mapping(ea)

Translate address according to current mappings.

Parameters:

ea - address to translate (C++: ea_t)

Returns: ea_t

translated address

visit_patched_bytes(ea1, ea2, py_callable)

Enumerates patched bytes in the given range and invokes a callable

Parameters:

ea1 - start address
ea2 - end address
callable - a Python callable with the following prototype: callable(ea, fpos, org_val, patch_val). If the callable returns non-zero then that value will be returned to the caller and the enumeration will be interrupted.

Returns: int

Zero if the enumeration was successful or the return value of the callback if enumeration was interrupted.