Module ida_frame

Add automatic SP register change point.

Parameters:

• pfn - pointer to function. may be NULL. (C++: func_t *)
• ea - linear address where SP changes. usually this is the end of the instruction which modifies the stack pointer (\cmd{ea}+\cmd{size}) (C++: ea_t)
• delta - difference between old and new values of SP (C++: sval_t)

Returns: bool

success

Add function frame.

Parameters:

• pfn - pointer to function structure (C++: func_t *)
• frsize - size of function local variables (C++: sval_t)
• frregs - size of saved registers (C++: ushort)
• argsize - size of function arguments range which will be purged upon return. this parameter is used for __stdcall and __pascal calling conventions. for other calling conventions please pass 0. (C++: asize_t)

Returns: bool

Define a register variable.

Parameters:

• pfn - function in which the definition will be created (C++: func_t *)
• ea1 - range of addresses within the function where the definition will be used (C++: ea_t)
• ea2 - range of addresses within the function where the definition will be used (C++: ea_t)
• canon - name of a general register (C++: const char *)
• user - user-defined name for the register (C++: const char *)
• cmt - comment for the definition (C++: const char *)

Returns: int

Register variable error codes

Add user-defined SP register change point.

Parameters:

• ea - linear address where SP changes (C++: ea_t)
• delta - difference between old and new values of SP (C++: sval_t)

Returns: bool

success

Build automatic stack variable name.

Parameters:

• pfn - pointer to function (can't be NULL!) (C++: const func_t *)
• v - value of variable offset (C++: sval_t)

Returns: str

length of stack variable name or -1

Fill 'out' with a list of all the xrefs made from function 'pfn', to the argument or variable 'mptr' in 'pfn's stack frame.

Parameters:

• out - the list of xrefs to fill. (C++: xreflist_t *)
• pfn - the function to scan. (C++: func_t *)
• mptr - the argument/variable in pfn's stack frame. (C++: const member_t *)

Calculate offset of stack variable in the frame structure.

Parameters:

• pfn - pointer to function (can't be NULL!) (C++: func_t *)
• insn - the instruction (C++: const insn_t &)
• n - number of operand: (0.. UA_MAXOP -1) -1 if error, return BADADDR (C++: int)

Returns: ea_t

BADADDR if some error (issue a warning if stack frame is bad)

Define/redefine a stack variable.

Parameters:

• pfn - pointer to function (C++: func_t *)
• name - variable name, NULL means autogenerate a name (C++: const char *)
• off - offset of the stack variable in the frame. negative values denote local variables, positive - function arguments. (C++: sval_t)
• flags - variable type flags ( byte_flag() for a byte variable, for example) (C++: flags_t)
• ti - additional type information (like offsets, structs, etc) (C++: const opinfo_t *)
• nbytes - number of bytes occupied by the variable (C++: asize_t)

Returns: bool

success

Delete a function frame.

Parameters:

• pfn - pointer to function structure (C++: func_t *)

Returns: bool

success

Delete a register variable definition.

Parameters:

• pfn - function in question (C++: func_t *)
• ea1 - range of addresses within the function where the definition holds (C++: ea_t)
• ea2 - range of addresses within the function where the definition holds (C++: ea_t)
• canon - name of a general register (C++: const char *)

Returns: int

Register variable error codes

Delete SP register change point.

Parameters:

• pfn - pointer to function. may be NULL. (C++: func_t *)
• ea - linear address (C++: ea_t)

Returns: bool

success

find_regvar(pfn, ea, canon) -> regvar_t

Find a register variable definition (powerful version). One of 'canon' and 'user' should be NULL. If both 'canon' and 'user' are NULL it returns the first regvar definition in the range.

Parameters:

• pfn - function in question (C++: func_t *)
• ea1 - range of addresses to search. ea1==BADADDR means the entire function (C++: ea_t)
• ea2 - range of addresses to search. ea1==BADADDR means the entire function (C++: ea_t)
• canon - name of a general register (C++: const char *)
• user - user-defined name for the register (C++: const char *)

Returns: regvar_t

NULL-not found, otherwise ptr to regvar_t

Get starting address of arguments section.

Parameters:

• pfn, (C++ - const func_t *)

Returns: ea_t

Get start address of local variables section.

Parameters:

• pfn, (C++ - const func_t *)

Returns: ea_t

Get starting address of return address section.

Parameters:

• pfn, (C++ - const func_t *)

Returns: ea_t

Get starting address of saved registers section.

Parameters:

• pfn, (C++ - const func_t *)

Returns: ea_t

Get effective difference between the initial and current values of ESP. This function returns the sp-diff used by the instruction. The difference between 'get_spd()' and 'get_effective_spd()' is present only for instructions like "pop [esp+N]": they modify sp and use the modified value.

Parameters:

• pfn - pointer to function. may be NULL. (C++: func_t *)
• ea - linear address (C++: ea_t)

Returns: sval_t

0 or the difference, usually a negative number

get_frame(ea) -> struc_t *

Get pointer to function frame.

Parameters:

• pfn - pointer to function structure (C++: const func_t *)

Returns: struc_t

Get offsets of the frame part in the frame.

Parameters:

• range - pointer to the output buffer with the frame part start/end(exclusive) offsets, can't be NULL (C++: range_t *)
• pfn - pointer to function structure, can't be NULL (C++: const func_t *)
• part - frame part (C++: frame_part_t)

Get size of function return address.

Parameters:

• pfn - pointer to function structure, can't be NULL (C++: const func_t *)

Returns: int

Get full size of a function frame. This function takes into account size of local variables + size of saved registers + size of return address + number of purged bytes. The purged bytes correspond to the arguments of the functions with __stdcall and __fastcall calling conventions.

Parameters:

• pfn - pointer to function structure, may be NULL (C++: const func_t *)

Returns: asize_t

size of frame in bytes or zero

Get function by its frame id.this function works only with databases created by IDA > 5.6

Parameters:

• frame_id - id of the function frame (C++: tid_t)

Returns: ea_t

start address of the function or BADADDR

Get modification of SP made at the specified location

Parameters:

• pfn - pointer to function. may be NULL. (C++: func_t *)
• ea - linear address (C++: ea_t)

Returns: sval_t

0 if the specified location doesn't contain a SP change point. otherwise return delta of SP modification.

Get difference between the initial and current values of ESP.

Parameters:

• pfn - pointer to function. may be NULL. (C++: func_t *)
• ea - linear address of an instruction (C++: ea_t)

Returns: sval_t

0 or the difference, usually a negative number. returns the sp-diff before executing the instruction.

Get pointer to stack variable

Parameters:

• op - reference to instruction operand
• v - immediate value in the operand (usually op.addr)

Returns: PyObject *

• None on failure
• tuple(member_t, actval) where actval: actual value used to fetch stack variable

Is there a register variable definition?

Parameters:

• pfn - function in question (C++: func_t *)
• ea - current address (C++: ea_t)

Returns: bool

Does the given offset lie within the arguments section?

Parameters:

• pfn, (C++ - const func_t *)
• frameoff, (C++ - uval_t)

Returns: bool

Does the given offset lie within the local variables section?

Parameters:

• pfn, (C++ - const func_t *)
• frameoff, (C++ - uval_t)

Returns: sval_t

Recalculate SP delta for an instruction that stops execution. The next instruction is not reached from the current instruction. We need to recalculate SP for the next instruction.This function will create a new automatic SP register change point if necessary. It should be called from the emulator (emu.cpp) when auto_state == 'AU_USED' if the current instruction doesn't pass the execution flow to the next instruction.

Parameters:

• cur_ea - linear address of the current instruction (C++: ea_t)

Returns: bool

Rename a register variable.

Parameters:

• pfn - function in question (C++: func_t *)
• v - variable to rename (C++: regvar_t *)
• user - new user-defined name for the register (C++: const char *)

Returns: int

Register variable error codes

Set size of function frame. Note: The returned size may not include all stack arguments. It does so only for __stdcall and __fastcall calling conventions. To get the entire frame size for all cases use get_struc_size(get_frame(pfn)).

Parameters:

• pfn - pointer to function structure (C++: func_t *)
• frsize - size of function local variables (C++: asize_t)
• frregs - size of saved registers (C++: ushort)
• argsize - size of function arguments that will be purged from the stack upon return (C++: asize_t)

Returns: bool

success

Set the number of purged bytes for a function or data item (funcptr). This function will update the database and plan to reanalyze items referencing the specified address. It works only for processors with 'PR_PURGING' bit in 16 and 32 bit modes.

Parameters:

• ea - address of the function of item (C++: ea_t)
• nbytes - number of purged bytes (C++: int)
• override_old_value - may overwrite old information about purged bytes (C++: bool)

Returns: bool

success

Set comment for a register variable.

Parameters:

• pfn - function in question (C++: func_t *)
• v - variable to rename (C++: regvar_t *)
• cmt - new comment (C++: const char *)

Returns: int

Register variable error codes

Convert struct offsets into fp-relative offsets. This function converts the offsets inside the 'struc_t' object into the frame pointer offsets (for example, EBP-relative).

Parameters:

• pfn, (C++ - func_t *)
• soff, (C++ - uval_t)

Returns: sval_t

Update frame pointer delta.

Parameters:

• pfn - pointer to function structure (C++: func_t *)
• fpd - new fpd value. cannot be bigger than the local variable range size. (C++: asize_t)

Returns: bool

success