Module ida_funcs

Add a new function. If the function end address is 'BADADDR' , then IDA will try to determine the function bounds by calling find_func_bounds(..., 'FIND_FUNC_DEFINE' ).

Parameters:

• ea1 - start address (C++: ea_t)
• ea2 - end address (C++: ea_t)

Returns: bool

success

Add a new function. If the fn->end_ea is 'BADADDR' , then IDA will try to determine the function bounds by calling find_func_bounds(..., 'FIND_FUNC_DEFINE' ).

Parameters:

• pfn - ptr to filled function structure (C++: func_t *)

Returns: bool

success

Append a new tail chunk to the function definition. If the tail already exists, then it will simply be added to the function tail list Otherwise a new tail will be created and its owner will be set to be our function If a new tail cannot be created, then this function will fail.

Parameters:

• pfn, (C++ - func_t *)
• ea1 - start of the tail. If a tail already exists at the specified address it must start at 'ea1' (C++: ea_t)
• ea2 - end of the tail. If a tail already exists at the specified address it must end at 'ea2'. If specified as BADADDR, IDA will determine the end address itself. (C++: ea_t)

Returns: bool

Apply a signature file to the specified address.

Parameters:

• signame - short name of signature file (the file name without path) (C++: const char *)
• ea - address to apply the signature (C++: ea_t)
• is_startup - if set, then the signature is treated as a startup one for startup signature ida doesn't rename the first function of the applied module. (C++: bool)

Returns: int

Library function codes

Apply a startup signature file to the specified address.

Parameters:

• ea - address to apply the signature to; usually \inf{start_ea} (C++: ea_t)
• startup - the name of the signature file without path and extension (C++: const char *)

Returns: bool

true if successfully applied the signature

Calculate function size. This function takes into account all fragments of the function.

Parameters:

• pfn - ptr to function structure (C++: func_t *)

Returns: asize_t

Get state of a signature in the list of planned signatures

Parameters:

• n - number of signature in the list (0.. get_idasgn_qty() -1) (C++: int)

Returns: int

state of signature or IDASGN_BADARG

Calculate target of a thunk function.

Parameters:

• pfn - pointer to function (may not be NULL) (C++: func_t *)

Returns: ea_t

the target function or BADADDR

Delete a function.

Parameters:

• ea - any address in the function entry chunk (C++: ea_t)

Returns: bool

success

Remove signature from the list of planned signatures.

Parameters:

• n - number of signature in the list (0.. get_idasgn_qty() -1) (C++: int)

Returns: int

IDASGN_OK , IDASGN_BADARG , IDASGN_APPLIED

Determine the boundaries of a new function. This function tries to find the start and end addresses of a new function. It calls the module with \ph{func_bounds} in order to fine tune the function boundaries.

Parameters:

• nfn - structure to fill with information \ nfn->start_ea points to the start address of the new function. (C++: func_t *)
• flags - Find function bounds flags (C++: int)

Returns: int

Find function bounds result codes

Does the given function contain the given address?

Parameters:

• pfn, (C++ - func_t *)
• ea, (C++ - ea_t)

Returns: bool

Does the function return?. To calculate the answer, 'FUNC_NORET' flag and is_noret() are consulted The latter is required for imported functions in the .idata section. Since in .idata we have only function pointers but not functions, we have to introduce a special flag for them.

Parameters:

• callee, (C++ - ea_t)

Returns: bool

Get number of the the current signature.

Returns: int

0..n-1

Get pointer to function chunk structure by address.

Parameters:

• ea - any address in a function chunk (C++: ea_t)

Returns: func_t

ptr to a function chunk or NULL. This function may return a function entry as well as a function tail.

Get ordinal number of a function chunk in the global list of function chunks.

Parameters:

• ea - any address in the function chunk (C++: ea_t)

Returns: int

number of function chunk (0.. get_fchunk_qty() -1). -1 means 'no function chunk at the specified address'.

Get pointer to function structure by address.

Parameters:

• ea - any address in a function (C++: ea_t)

Returns: func_t

ptr to a function or NULL. This function returns a function entry chunk.

Get function bitness (which is equal to the function segment bitness). pfn==NULL => returns 0

Parameters:

• pfn, (C++ - const func_t *)

Returns: int

Get number of bits in the function addressing.

Parameters:

• pfn, (C++ - const func_t *)

Returns: int

Get number of bytes in the function addressing.

Parameters:

• pfn, (C++ - const func_t *)

Returns: int

Get the containing tail chunk of 'ea'.

Parameters:

• pfn, (C++ - func_t *)
• ea, (C++ - ea_t)

Returns: int

Get function comment.

Parameters:

• pfn - ptr to function structure (C++: const func_t *)
• repeatable - get repeatable comment? (C++: bool)

Returns: str

size of comment or -1 In fact this function works with function chunks too.

Get function name.

Parameters:

• ea - any address in the function (C++: ea_t)

Returns: str

length of the function name

Get ordinal number of a function.

Parameters:

• ea - any address in the function (C++: ea_t)

Returns: int

number of function (0.. get_func_qty() -1). -1 means 'no function at the specified address'.

Get function ranges.

Parameters:

• ranges - buffer to receive the range info (C++: rangeset_t *)
• pfn - ptr to function structure (C++: func_t *)

Returns: ea_t

end address of the last function range (BADADDR-error)

Get information about a signature in the list. It returns: (name of signature, names of optional libraries)

See also: get_idasgn_desc_with_matches

Parameters:

• n - number of signature in the list (0..get_idasgn_qty()-1)

Returns: PyObject *

None on failure or tuple(signame, optlibs)

Get information about a signature in the list. It returns: (name of signature, names of optional libraries, number of matches)

Parameters:

• n - number of signature in the list (0..get_idasgn_qty()-1)

Returns: PyObject *

None on failure or tuple(signame, optlibs, nmatches)

Get number of signatures in the list of planned and applied signatures.

Returns: int

0..n

Get full description of the signature by its short name.

Parameters:

• name - short name of a signature (C++: const char *)

Returns: str

size of signature description or -1

Get pointer to the next function chunk in the global list.

Parameters:

• ea - any address in the program (C++: ea_t)

Returns: func_t

ptr to function chunk or NULL if next function chunk doesn't exist

Get pointer to the next function.

Parameters:

• ea - any address in the program (C++: ea_t)

Returns: func_t

ptr to function or NULL if next function doesn't exist

Get pointer to the previous function chunk in the global list.

Parameters:

• ea - any address in the program (C++: ea_t)

Returns: func_t

ptr to function chunk or NULL if previous function chunk doesn't exist

Get pointer to the previous function.

Parameters:

• ea - any address in the program (C++: ea_t)

Returns: func_t

ptr to function or NULL if previous function doesn't exist

Get pointer to function chunk structure by number.

Parameters:

• n - number of function chunk, is in range 0.. get_fchunk_qty() -1 (C++: int)

Returns: func_t

ptr to a function chunk or NULL. This function may return a function entry as well as a function tail.

Get pointer to function structure by number.

Parameters:

• n - number of function, is in range 0.. get_func_qty() -1 (C++: size_t)

Returns: func_t

ptr to a function or NULL. This function returns a function entry chunk.

Is the function visible (event after considering 'SCF_SHHID_FUNC' )?

Parameters:

• pfn, (C++ - func_t *)

Returns: bool

Does function describe a function entry chunk?

Parameters:

• pfn, (C++ - const func_t *)

Returns: bool

Is the function pointer locked?

Parameters:

• pfn, (C++ - const func_t *)

Returns: bool

Does function describe a function tail chunk?

Parameters:

• pfn, (C++ - const func_t *)

Returns: bool

Do two addresses belong to the same function?

Parameters:

• ea1, (C++ - ea_t)
• ea2, (C++ - ea_t)

Returns: bool

Is the function visible (not hidden)?

Parameters:

• pfn, (C++ - func_t *)

Returns: bool

Lock function pointer Locked pointers are guaranteed to remain valid until they are unlocked. Ranges with locked pointers cannot be deleted or moved.

Parameters:

• pfn, (C++ - const func_t *)
• lock, (C++ - bool)

Add a signature file to the list of planned signature files.

Parameters:

• fname - file name. should not contain directory part. (C++: const char *)

Returns: int

0 if failed, otherwise number of planned (and applied) signatures

Reanalyze a function. This function plans to analyzes all chunks of the given function. Optional parameters (ea1, ea2) may be used to narrow the analyzed range.

Parameters:

• pfn - pointer to a function (C++: func_t *)
• ea1 - start of the range to analyze (C++: ea_t)
• ea2 - end of range to analyze (C++: ea_t)
• analyze_parents - meaningful only if pfn points to a function tail. if true, all tail parents will be reanalyzed. if false, only the given tail will be reanalyzed. (C++: bool)

Plan to reanalyze noret flag. This function does not remove FUNC_NORET if it is already present. It just plans to reanalysis.

Parameters:

• ea, (C++ - ea_t)

Returns: bool

Remove a function tail. If the tail belongs only to one function, it will be completely removed. Otherwise if the function was the tail owner, the first function using this tail becomes the owner of the tail.

Parameters:

• pfn, (C++ - func_t *)
• tail_ea, (C++ - ea_t)

Returns: bool

Set function comment. This function works with function chunks too.

Parameters:

• pfn - ptr to function structure (C++: const func_t *)
• cmt - comment string, may be multiline (with ' '). Use empty str ("") to delete comment (C++: const char *)
• repeatable - set repeatable comment? (C++: bool)

Returns: bool

Move function chunk end address.

Parameters:

• ea - any address in the function (C++: ea_t)
• newend - new end address of the function (C++: ea_t)

Returns: bool

success

Give a meaningful name to function if it consists of only 'jump' instruction.

Parameters:

• pfn - pointer to function (may be NULL) (C++: func_t *)
• oldname - old name of function. if old name was in "j_..." form, then we may discard it and set a new name. if oldname is not known, you may pass NULL. (C++: const char *)

Returns: int

success

Move function chunk start address.

Parameters:

• ea - any address in the function (C++: ea_t)
• newstart - new end address of the function (C++: ea_t)

Returns: int

Function move result codes

Signal a non-returning instruction. This function can be used by the processor module to tell the kernel about non-returning instructions (like call exit). The kernel will perform the global function analysis and find out if the function returns at all. This analysis will be done at the first call to 'func_does_return()'

Parameters:

• insn_ea, (C++ - ea_t)
• noret, (C++ - bool)

Returns: bool

true if the instruction 'noret' flag has been changed

Set a function as the possessing function of a function tail. The function should already refer to the tail (after append_func_tail).

Parameters:

• fnt, (C++ - func_t *)
• func_start, (C++ - ea_t)

Returns: bool

Set visibility of function.

Parameters:

• pfn, (C++ - func_t *)
• visible, (C++ - bool)

Apply the currently loaded signature file to the specified address. If a library function is found, then create a function and name it accordingly.

Parameters:

• ea - any address in the program (C++: ea_t)

Returns: int

Library function codes

Update information about a function in the database ( 'func_t' ). You must not change the function start and end addresses using this function. Use 'set_func_start()' and 'set_func_end()' for it.

Parameters:

• pfn - ptr to function structure (C++: func_t *)

Returns: bool

success