Module ida_ua

IDA Plugin SDK API wrapper: ua

Classes
	insn_t Proxy of C++ insn_t class.
	op_t Proxy of C++ op_t class.
	operands_array Proxy of C++ wrapped_array_t< op_t,8 > class.
	outctx_base_t Proxy of C++ outctx_base_t class.
	outctx_t Proxy of C++ outctx_t class.

Functions

ea_t

calc_dataseg(insn, n=-1, rgnum=-1)
Get data segment for the instruction operand.

bool

can_decode(ea)
Can the bytes at address 'ea' be decoded as instruction?

bool

construct_macro(insn, enable, build_macro)
See ua.hpp's construct_macro().

int

create_insn(ea, out=None)
Create an instruction at the specified address.

outctx_base_t

create_outctx(ea, F=0, suspop=0)
Create a new output context.

int

decode_insn(out, ea)
Analyze the specified address and fill 'out'.

PyObject *

decode_preceding_insn(out, ea)
Decodes the preceding instruction.

ea_t

decode_prev_insn(out, ea)
Decode previous instruction if it exists, fill 'out'.

int

get_dtype_by_size(size)
Get 'op_t::dtype' from size.

flags_t

get_dtype_flag(dtype)
Get flags for 'op_t::dtype' field.

size_t

get_dtype_size(dtype)
Get size of opt_::dtype field.

PyObject *

get_immvals(ea, n, F=0)
Get immediate values at the specified address.

int

get_lookback()
Number of instructions to look back.

PyObject *

get_printable_immvals(ea, n, F=0)
Get immediate ready-to-print values at the specified address

ea_t

guess_table_address(insn)
Guess the jump table address (ibm pc specific)

asize_t

guess_table_size(insn, jump_table)
Guess the jump table size.

insn_add_cref(insn, to, opoff, type)

insn_add_dref(insn, to, opoff, type)

ea_t

insn_add_off_drefs(insn, x, type, outf)

bool

insn_create_stkvar(insn, x, v, flags)

insn_t

insn_t__from_ptrval__(ptrval)

bool

is_floating_dtype(dtype)
Is a floating type operand?

ea_t

map_code_ea(insn, addr, opnum)
map_code_ea(insn, op) -> ea_t

ea_t

map_data_ea(insn, addr, opnum=-1)
map_data_ea(insn, op) -> ea_t

ea_t

map_ea(insn, op, iscode)
map_ea(insn, addr, opnum, iscode) -> ea_t

op_t

op_t__from_ptrval__(ptrval)

outctx_base_t

outctx_base_t__from_ptrval__(ptrval)

outctx_t

outctx_t__from_ptrval__(ptrval)

str

print_insn_mnem(ea)
Print instruction mnemonics.

str

print_operand(ea, n, getn_flags=0, newtype=None)
Generate text representation for operand #n.

str

ua_mnem(ea)
Print instruction mnemonics.

Variables
	BINOPSTATE_DONE = `524288`
	BINOPSTATE_GO = `262144`
	BINOPSTATE_NONE = `0`
	COMMSTATE_DONE = `512`
	COMMSTATE_GO = `256`
	COMMSTATE_NONE = `0`
	CTXF_BINOP_STATE = `786432`
	CTXF_CMT_STATE = `768`
	CTXF_CODE = `4`
	CTXF_DBLIND_OPND = `131072`
	CTXF_DEMANGLED_LABEL = `4096`
	CTXF_DEMANGLED_OK = `16384`
	CTXF_GEN_CMT = `128`
	CTXF_GEN_XREFS = `16`
	CTXF_LABEL_OK = `8192`
	CTXF_MAIN = `1`
	CTXF_MULTI = `2`
	CTXF_NORMAL_LABEL = `2048`
	CTXF_OUTCTX_T = `65536`
	CTXF_OVSTORE_PRNT = `32768`
	CTXF_STACK = `8`
	CTXF_VOIDS = `1024`
	CTXF_XREF_STATE = `96`
	DEFAULT_INDENT = `65535`
	FCBF_CONT = `1`
	FCBF_DELIM = `8`
	FCBF_ERR_REPL = `2`
	FCBF_FF_LIT = `4`
	GH_BYTESEX_HAS_HIGHBYTE = `16`
	GH_PRINT_ALL = `15`
	GH_PRINT_ALL_BUT_BYTESEX = `11`
	GH_PRINT_ASM = `2`
	GH_PRINT_BYTESEX = `4`
	GH_PRINT_HEADER = `8`
	GH_PRINT_PROC = `1`
	GH_PRINT_PROC_AND_ASM = `3`
	GH_PRINT_PROC_ASM_AND_BYTESEX = `7`
	INSN_64BIT = `4`
	INSN_MACRO = `1`
	INSN_MODMAC = `2`
	MAKELINE_BINPREF = `1`
	MAKELINE_NONE = `0`
	MAKELINE_STACK = `4`
	MAKELINE_VOID = `2`
	OF_NO_BASE_DISP = `128`
	OF_NUMBER = `16`
	OF_OUTER_DISP = `64`
	OF_SHOW = `8`
	OOFS_IFSIGN = `0`
	OOFS_NEEDSIGN = `2`
	OOFS_NOSIGN = `1`
	OOFW_16 = `32`
	OOFW_24 = `48`
	OOFW_32 = `64`
	OOFW_64 = `80`
	OOFW_8 = `16`
	OOFW_IMM = `0`
	OOF_ADDR = `128`
	OOF_ANYSERIAL = `4096`
	OOF_NOBNOT = `1024`
	OOF_NUMBER = `8`
	OOF_OUTER = `256`
	OOF_SIGNED = `4`
	OOF_SIGNMASK = `3`
	OOF_SPACES = `2048`
	OOF_WIDTHMASK = `112`
	OOF_ZSTROFF = `512`
	PACK_FORM_DEF = `32`
	STKVAR_VALID_SIZE = `1`
	SWIG_PYTHON_LEGACY_BOOL = `1`
	XREFSTATE_DONE = `64`
	XREFSTATE_GO = `32`
	XREFSTATE_NONE = `0`
	__package__ = `None`
	cvar = `??`
	dt_bitfild = `12`
	dt_byte = `0`
	dt_byte16 = `8`
	dt_byte32 = `16`
	dt_byte64 = `17`
	dt_code = `9`
	dt_double = `4`
	dt_dword = `2`
	dt_float = `3`
	dt_fword = `11`
	dt_half = `18`
	dt_ldbl = `15`
	dt_packreal = `6`
	dt_qword = `7`
	dt_string = `13`
	dt_tbyte = `5`
	dt_unicode = `14`
	dt_void = `10`
	dt_word = `1`
	o_displ = `4`
	o_far = `6`
	o_idpspec0 = `8`
	o_idpspec1 = `9`
	o_idpspec2 = `10`
	o_idpspec3 = `11`
	o_idpspec4 = `12`
	o_idpspec5 = `13`
	o_imm = `5`
	o_mem = `2`
	o_near = `7`
	o_phrase = `3`
	o_reg = `1`
	o_void = `0`

Function Details

calc_dataseg(insn, n=-1, rgnum=-1)

Get data segment for the instruction operand. 'opnum' and 'rgnum' are meaningful only if the processor has segment registers.

Parameters:

insn, (C++ - const insn_t &)
n, (C++ - int)
rgnum, (C++ - int)

Returns: ea_t

can_decode(ea)

Can the bytes at address 'ea' be decoded as instruction?

Parameters:

ea - linear address (C++: ea_t)

Returns: bool

whether or not the contents at that address could be a valid instruction

create_insn(ea, out=None)

Create an instruction at the specified address. This function checks if an instruction is present at the specified address and will try to create one if there is none. It will fail if there is a data item or other items hindering the creation of the new instruction. This function will also fill the 'out' structure.

Parameters:

ea - linear address (C++: ea_t)
out - the resulting instruction (C++: insn_t *)

Returns: int

the length of the instruction or 0

create_outctx(ea, F=0, suspop=0)

Create a new output context. To delete it, just use "delete pctx"

Parameters:

ea, (C++ - ea_t)
F, (C++ - flags_t)
suspop, (C++ - int)

Returns: outctx_base_t

decode_insn(out, ea)

Analyze the specified address and fill 'out'. This function does not modify the database. It just tries to interpret the specified address as an instruction and fills the 'out' structure.

Parameters:

out - the resulting instruction (C++: insn_t *)
ea - linear address (C++: ea_t)

Returns: int

the length of the (possible) instruction or 0

decode_preceding_insn(out, ea)

Decodes the preceding instruction. Please check ua.hpp / decode_preceding_insn()

Parameters:

ea - current ea
out - instruction storage

Returns: PyObject *

tuple(preceeding_ea or BADADDR, farref = Boolean)

decode_prev_insn(out, ea)

Decode previous instruction if it exists, fill 'out'.

Parameters:

out - the resulting instruction (C++: insn_t *)
ea - the address to decode the previous instruction from (C++: ea_t)

Returns: ea_t

the previous instruction address ( BADADDR -no such insn)

get_dtype_by_size(size)

Get 'op_t::dtype' from size.

Parameters:

size, (C++ - asize_t)

Returns: int

get_dtype_flag(dtype)

Get flags for 'op_t::dtype' field.

Parameters:

dtype, (C++ - op_dtype_t)

Returns: flags_t

get_dtype_size(dtype)

Get size of opt_::dtype field.

Parameters:

dtype, (C++ - op_dtype_t)

Returns: size_t

get_immvals(ea, n, F=0)

Get immediate values at the specified address. This function decodes instruction at the specified address or inspects the data item. It finds immediate values and copies them to 'out'. This function will store the original value of the operands in 'out', unless the last bits of 'F' are "...0 11111111", in which case the transformed values (as needed for printing) will be stored instead.

Parameters:

ea - address to analyze (C++: ea_t)
n - number of operand (0.. UA_MAXOP -1), -1 means all operands (C++: int)
F - flags for the specified address (C++: flags_t)

Returns: PyObject *

number of immediate values (0..2* UA_MAXOP )

get_lookback()

Number of instructions to look back. This variable is not used by the kernel. Its value may be specified in ida.cfg: LOOKBACK = <number>. IDP may use it as you like it. (TMS module uses it)

Returns: int

get_printable_immvals(ea, n, F=0)

Get immediate ready-to-print values at the specified address

Parameters:

ea - address to analyze (C++: ea_t)
n - number of operand (0.. UA_MAXOP -1), -1 means all operands (C++: int)
F - flags for the specified address (C++: flags_t)

Returns: PyObject *

number of immediate values (0..2* UA_MAXOP )

guess_table_address(insn)

Guess the jump table address (ibm pc specific)

Parameters:

insn, (C++ - const insn_t &)

Returns: ea_t

guess_table_size(insn, jump_table)

Guess the jump table size.

Parameters:

insn, (C++ - const insn_t &)
jump_table, (C++ - ea_t)

Returns: asize_t

is_floating_dtype(dtype)

Is a floating type operand?

Parameters:

dtype, (C++ - op_dtype_t)

Returns: bool

map_code_ea(insn, addr, opnum)

map_code_ea(insn, op) -> ea_t

Map a code address. This function takes into account the segment translations.

Parameters:

insn - the current instruction (C++: const insn_t &)
addr - the referenced address to map (C++: ea_t)
opnum - operand number (C++: int)

Returns: ea_t

map_data_ea(insn, addr, opnum=-1)

map_data_ea(insn, op) -> ea_t

Map a data address.

Parameters:

insn - the current instruction (C++: const insn_t &)
addr - the referenced address to map (C++: ea_t)
opnum - operand number (C++: int)

Returns: ea_t

print_insn_mnem(ea)

Print instruction mnemonics.

Parameters:

ea - linear address of the instruction (C++: ea_t)

Returns: str

success

print_operand(ea, n, getn_flags=0, newtype=None)

Generate text representation for operand #n. This function will generate the text representation of the specified operand (includes color codes.)

Parameters:

ea - the item address (instruction or data) (C++: ea_t)
n - operand number (0,1,2...). meaningful only for instructions (C++: int)
getn_flags, (C++ - int)
newtype - if specified, print the operand using the specified type (C++: struct printop_t *)

Returns: str

success

ua_mnem(ea)

Print instruction mnemonics.

Parameters:

ea - linear address of the instruction (C++: ea_t)

Returns: str

success