IDA C++ SDK 9.2
Loading...
Searching...
No Matches
bytes.hpp File Reference

Contains functions that deal with individual byte characteristics. More...

Go to the source code of this file.

Classes

struct  octet_generator_t
 Get 8 bits of the program at 'ea'. More...
struct  data_type_t
 Information about a data type. More...
struct  data_format_t
 Information about a data format. More...
struct  compiled_binpat_t
struct  hidden_range_t
 Hidden ranges - address ranges which can be replaced by their descriptions. More...

Typedefs

typedef bool idaapi testf_t(flags64_t flags, void *ud)
 Flag tester - see next_that(), prev_that()
typedef bool idaapi may_destroy_cb_t(ea_t)
 del_items' callback function
typedef qvector< compiled_binpat_tcompiled_binpat_vec_t

Functions

idaman error_t ida_export enable_flags (ea_t start_ea, ea_t end_ea, storage_type_t stt)
 Allocate flags for address range.
idaman error_t ida_export disable_flags (ea_t start_ea, ea_t end_ea)
 Deallocate flags for address range.
idaman error_t ida_export change_storage_type (ea_t start_ea, ea_t end_ea, storage_type_t stt)
 Change flag storage type for address range.
idaman ea_t ida_export next_addr (ea_t ea)
 Get next address in the program (i.e.
idaman ea_t ida_export prev_addr (ea_t ea)
 Get previous address in the program.
idaman ea_t ida_export next_chunk (ea_t ea)
 Get the first address of next contiguous chunk in the program.
idaman ea_t ida_export prev_chunk (ea_t ea)
 Get the last address of previous contiguous chunk in the program.
idaman ea_t ida_export chunk_start (ea_t ea)
 Get start of the contiguous address block containing 'ea'.
idaman asize_t ida_export chunk_size (ea_t ea)
 Get size of the contiguous address block containing 'ea'.
idaman ea_t ida_export find_free_chunk (ea_t start, asize_t size, asize_t alignment)
 Search for a hole in the addressing space of the program.
idaman ea_t ida_export next_that (ea_t ea, ea_t maxea, testf_t *testf, void *ud=nullptr)
 Find next address with a flag satisfying the function 'testf'.
ea_t idaapi next_unknown (ea_t ea, ea_t maxea)
 Similar to next_that(), but will find the next address that is unexplored.
idaman ea_t ida_export prev_that (ea_t ea, ea_t minea, testf_t *testf, void *ud=nullptr)
 Find previous address with a flag satisfying the function 'testf'.
ea_t idaapi prev_unknown (ea_t ea, ea_t minea)
 Similar to prev_that(), but will find the previous address that is unexplored.
idaman ea_t ida_export prev_head (ea_t ea, ea_t minea)
 Get start of previous defined item.
idaman ea_t ida_export next_head (ea_t ea, ea_t maxea)
 Get start of next defined item.
idaman ea_t ida_export prev_not_tail (ea_t ea)
 Get address of previous non-tail byte.
idaman ea_t ida_export next_not_tail (ea_t ea)
 Get address of next non-tail byte.
ea_t adjust_visea (ea_t ea)
 Adjust the address and get the nearest visible address.
idaman ea_t ida_export prev_visea (ea_t ea)
 Get previous visible address.
idaman ea_t ida_export next_visea (ea_t ea)
 Get next visible address.
bool is_first_visea (ea_t ea)
 Is an address the first visible address?
bool is_last_visea (ea_t ea)
 Is an address the last visible address?
bool is_visible_finally (ea_t ea)
 Is the address visible on the screen (not hidden)?
ea_t idaapi get_item_head (ea_t ea)
 Get the start address of the item at 'ea'.
idaman ea_t ida_export get_item_end (ea_t ea)
 Get the end address of the item at 'ea'.
idaman ea_t ida_export calc_max_item_end (ea_t ea, int how=15)
 Calculate maximal reasonable end address of a new item.
asize_t get_item_size (ea_t ea)
 Get size of item (instruction/data) in bytes.
idaman bool ida_export is_mapped (ea_t ea)
 Is the specified address 'ea' present in the program?
idaman flags64_t ida_export get_flags_ex (ea_t ea, int how)
 Get flags for the specified address, extended form.
flags64_t idaapi get_flags32 (ea_t ea)
 Get only 32 low bits of flags.
flags64_t idaapi get_flags (ea_t ea)
 Get flags value for address 'ea'.
flags64_t idaapi get_full_flags (ea_t ea)
 Get full flags value for address 'ea'.
idaman flags64_t ida_export get_item_flag (ea_t from, int n, ea_t ea, bool appzero)
 Get flag of the item at 'ea' even if it is a tail byte of some array or structure.
idaman bool ida_export get_item_refinfo (refinfo_t *ri, ea_t ea, int n)
 Get refinfo of the item at 'ea'.
THREAD_SAFE constexpr bool idaapi has_value (flags64_t F)
 Do flags contain byte value?
idaman void ida_export del_value (ea_t ea)
 Delete byte value from flags.
idaman bool ida_export is_loaded (ea_t ea)
 Does the specified address have a byte value (is initialized?)
idaman int ida_export nbits (ea_t ea)
 Get number of bits in a byte at the given address.
int bytesize (ea_t ea)
 Get number of bytes required to store a byte at the given address.
idaman uchar ida_export get_byte (ea_t ea)
 Get one byte (8-bit) of the program at 'ea'.
idaman uchar ida_export get_db_byte (ea_t ea)
 Get one byte (8-bit) of the program at 'ea' from the database.
idaman ushort ida_export get_word (ea_t ea)
 Get one word (16-bit) of the program at 'ea'.
idaman uint32 ida_export get_dword (ea_t ea)
 Get one dword (32-bit) of the program at 'ea'.
idaman uint64 ida_export get_qword (ea_t ea)
 Get one qword (64-bit) of the program at 'ea'.
idaman uint64 ida_export get_wide_byte (ea_t ea)
 Get one wide byte of the program at 'ea'.
idaman uint64 ida_export get_wide_word (ea_t ea)
 Get one wide word (2 'byte') of the program at 'ea'.
idaman uint64 ida_export get_wide_dword (ea_t ea)
 Get two wide words (4 'bytes') of the program at 'ea'.
idaman bool ida_export get_octet (uchar *out, octet_generator_t *ogen)
idaman uint32 ida_export get_16bit (ea_t ea)
 Get 16bits of the program at 'ea'.
idaman uint32 ida_export get_32bit (ea_t ea)
 Get not more than 32bits of the program at 'ea'.
idaman uint64 ida_export get_64bit (ea_t ea)
 Get not more than 64bits of the program at 'ea'.
idaman bool ida_export get_data_value (uval_t *v, ea_t ea, asize_t size)
 Get the value at of the item at 'ea'.
idaman int ida_export visit_patched_bytes (ea_t ea1, ea_t ea2, int(idaapi *cb)(ea_t ea, qoff64_t fpos, uint64 o, uint64 v, void *ud), void *ud=nullptr)
 Visit all the patched bytes one byte at a time.
idaman uint64 ida_export get_original_byte (ea_t ea)
 Get original byte value (that was before patching).
idaman uint64 ida_export get_original_word (ea_t ea)
 Get original word value (that was before patching).
idaman uint64 ida_export get_original_dword (ea_t ea)
 Get original dword (that was before patching) This function works for wide byte processors too.
idaman uint64 ida_export get_original_qword (ea_t ea)
 Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too.
idaman bool ida_export put_byte (ea_t ea, uint64 x)
 Set value of one byte of the program.
idaman void ida_export put_word (ea_t ea, uint64 x)
 Set value of one word of the program.
idaman void ida_export put_dword (ea_t ea, uint64 x)
 Set value of one dword of the program.
idaman void ida_export put_qword (ea_t ea, uint64 x)
 Set value of one qword (8 bytes) of the program.
idaman bool ida_export patch_byte (ea_t ea, uint64 x)
 Patch a byte of the program.
idaman bool ida_export patch_word (ea_t ea, uint64 x)
 Patch a word of the program.
idaman bool ida_export patch_dword (ea_t ea, uint64 x)
 Patch a dword of the program.
idaman bool ida_export patch_qword (ea_t ea, uint64 x)
 Patch a qword of the program.
idaman bool ida_export revert_byte (ea_t ea)
 Revert patched byte.
idaman void ida_export add_byte (ea_t ea, uint32 value)
 Add a value to one byte of the program.
idaman void ida_export add_word (ea_t ea, uint64 value)
 Add a value to one word of the program.
idaman void ida_export add_dword (ea_t ea, uint64 value)
 Add a value to one dword of the program.
idaman void ida_export add_qword (ea_t ea, uint64 value)
 Add a value to one qword of the program.
idaman bool ida_export get_zero_ranges (rangeset_t *zranges, const range_t *range)
 Return set of ranges with zero initialized bytes.
idaman ssize_t ida_export get_bytes (void *buf, ssize_t size, ea_t ea, int gmb_flags=0, void *mask=nullptr)
 Get the specified number of bytes of the program into the buffer.
idaman void ida_export put_bytes (ea_t ea, const void *buf, size_t size)
 Modify the specified number of bytes of the program.
idaman void ida_export patch_bytes (ea_t ea, const void *buf, size_t size)
 Patch the specified number of bytes of the program.
THREAD_SAFE constexpr bool idaapi is_code (flags64_t F)
 Does flag denote start of an instruction?
THREAD_SAFE constexpr bool idaapi f_is_code (flags64_t F, void *)
 Does flag denote start of an instruction?
THREAD_SAFE constexpr bool idaapi is_data (flags64_t F)
 Does flag denote start of data?
THREAD_SAFE constexpr bool idaapi f_is_data (flags64_t F, void *)
 Does flag denote start of data?
THREAD_SAFE constexpr bool idaapi is_tail (flags64_t F)
 Does flag denote tail byte?
THREAD_SAFE constexpr bool idaapi f_is_tail (flags64_t F, void *)
 Does flag denote tail byte?
THREAD_SAFE constexpr bool idaapi is_not_tail (flags64_t F)
 Does flag denote tail byte?
THREAD_SAFE constexpr bool idaapi f_is_not_tail (flags64_t F, void *)
 Does flag denote tail byte?
THREAD_SAFE constexpr bool idaapi is_unknown (flags64_t F)
 Does flag denote unexplored byte?
THREAD_SAFE constexpr bool idaapi is_head (flags64_t F)
 Does flag denote start of instruction OR data?
THREAD_SAFE constexpr bool idaapi f_is_head (flags64_t F, void *)
 Does flag denote start of instruction OR data?
idaman bool ida_export del_items (ea_t ea, int flags=0, asize_t nbytes=1, may_destroy_cb_t *may_destroy=nullptr)
 Convert item (instruction/data) to unexplored bytes.
idaman bool ida_export is_manual_insn (ea_t ea)
 Is the instruction overridden?
idaman ssize_t ida_export get_manual_insn (qstring *buf, ea_t ea)
 Retrieve the user-specified string for the manual instruction.
idaman void ida_export set_manual_insn (ea_t ea, const char *manual_insn)
 Set manual instruction string.
THREAD_SAFE constexpr bool idaapi is_flow (flags64_t F)
 Does the previous instruction exist and pass execution flow to the current byte?
THREAD_SAFE constexpr bool idaapi has_extra_cmts (flags64_t F)
 Does the current byte have additional anterior or posterior lines?
THREAD_SAFE constexpr bool idaapi f_has_extra_cmts (flags64_t f, void *)
THREAD_SAFE constexpr bool idaapi has_cmt (flags64_t F)
 Does the current byte have an indented comment?
THREAD_SAFE constexpr bool idaapi f_has_cmt (flags64_t f, void *)
THREAD_SAFE constexpr bool idaapi has_xref (flags64_t F)
 Does the current byte have cross-references to it?
THREAD_SAFE constexpr bool idaapi f_has_xref (flags64_t f, void *)
 Does the current byte have cross-references to it?
THREAD_SAFE constexpr bool idaapi has_name (flags64_t F)
 Does the current byte have non-trivial (non-dummy) name?
THREAD_SAFE constexpr bool idaapi f_has_name (flags64_t f, void *)
 Does the current byte have non-trivial (non-dummy) name?
THREAD_SAFE constexpr bool idaapi has_dummy_name (flags64_t F)
 Does the current byte have dummy (auto-generated, with special prefix) name?
THREAD_SAFE constexpr bool idaapi f_has_dummy_name (flags64_t f, void *)
 Does the current byte have dummy (auto-generated, with special prefix) name?
THREAD_SAFE constexpr bool idaapi has_auto_name (flags64_t F)
 Does the current byte have auto-generated (no special prefix) name?
THREAD_SAFE constexpr bool idaapi has_any_name (flags64_t F)
 Does the current byte have any name?
THREAD_SAFE constexpr bool idaapi has_user_name (flags64_t F)
 Does the current byte have user-specified name?
THREAD_SAFE constexpr bool idaapi f_has_user_name (flags64_t F, void *)
 Does the current byte have user-specified name?
idaman bool ida_export is_invsign (ea_t ea, flags64_t F, int n)
 Should sign of n-th operand inverted during output?
idaman bool ida_export toggle_sign (ea_t ea, int n)
 Toggle sign of n-th operand.
idaman bool ida_export is_bnot (ea_t ea, flags64_t F, int n)
 Should we negate the operand?
idaman bool ida_export toggle_bnot (ea_t ea, int n)
 Toggle binary negation of operand. also see is_bnot()
idaman bool ida_export is_lzero (ea_t ea, int n)
 Display leading zeroes?
idaman bool ida_export set_lzero (ea_t ea, int n)
 Set toggle lzero bit.
idaman bool ida_export clr_lzero (ea_t ea, int n)
 Clear toggle lzero bit.
bool idaapi toggle_lzero (ea_t ea, int n)
 Toggle lzero bit.
idaman bool ida_export leading_zero_important (ea_t ea, int n)
 Check if leading zeroes are important.
constexpr int get_operand_type_shift (uint32 n)
 Get the shift in flags64_t for the nibble representing operand n's type.
constexpr flags64_t get_operand_flag (uint8 typebits, int n)
 Place operand n's type flag in the right nibble of a 64-bit flags set.
constexpr bool is_flag_for_operand (flags64_t F, uint8 typebits, int n)
 Check that the 64-bit flags set has the expected type for operand n.
THREAD_SAFE constexpr bool idaapi is_defarg0 (flags64_t F)
 Is the first operand defined? Initially operand has no defined representation.
THREAD_SAFE constexpr bool idaapi is_defarg1 (flags64_t F)
 Is the second operand defined? Initially operand has no defined representation.
THREAD_SAFE constexpr bool idaapi is_off0 (flags64_t F)
 Is the first operand offset? (example: push offset xxx)
THREAD_SAFE constexpr bool idaapi is_off1 (flags64_t F)
 Is the second operand offset? (example: mov ax, offset xxx)
THREAD_SAFE constexpr bool idaapi is_char0 (flags64_t F)
 Is the first operand character constant? (example: push 'a')
THREAD_SAFE constexpr bool idaapi is_char1 (flags64_t F)
 Is the second operand character constant? (example: mov al, 'a')
THREAD_SAFE constexpr bool idaapi is_seg0 (flags64_t F)
 Is the first operand segment selector? (example: push seg seg001)
THREAD_SAFE constexpr bool idaapi is_seg1 (flags64_t F)
 Is the second operand segment selector? (example: mov dx, seg dseg)
THREAD_SAFE constexpr bool idaapi is_enum0 (flags64_t F)
 Is the first operand a symbolic constant (enum member)?
THREAD_SAFE constexpr bool idaapi is_enum1 (flags64_t F)
 Is the second operand a symbolic constant (enum member)?
THREAD_SAFE constexpr bool idaapi is_stroff0 (flags64_t F)
 Is the first operand an offset within a struct?
THREAD_SAFE constexpr bool idaapi is_stroff1 (flags64_t F)
 Is the second operand an offset within a struct?
THREAD_SAFE constexpr bool idaapi is_stkvar0 (flags64_t F)
 Is the first operand a stack variable?
THREAD_SAFE constexpr bool idaapi is_stkvar1 (flags64_t F)
 Is the second operand a stack variable?
THREAD_SAFE constexpr bool idaapi is_float0 (flags64_t F)
 Is the first operand a floating point number?
THREAD_SAFE constexpr bool idaapi is_float1 (flags64_t F)
 Is the second operand a floating point number?
THREAD_SAFE constexpr bool idaapi is_custfmt0 (flags64_t F)
 Does the first operand use a custom data representation?
THREAD_SAFE constexpr bool idaapi is_custfmt1 (flags64_t F)
 Does the second operand use a custom data representation?
idaman bool ida_export is_numop0 (flags64_t F)
 Is the first operand a number (i.e. binary, octal, decimal or hex?)
idaman bool ida_export is_numop1 (flags64_t F)
 Is the second operand a number (i.e. binary, octal, decimal or hex?)
THREAD_SAFE constexpr flags64_t get_optype_flags0 (flags64_t F)
 Get flags for first operand.
THREAD_SAFE constexpr flags64_t get_optype_flags1 (flags64_t F)
 Get flags for second operand.
idaman bool ida_export is_defarg (flags64_t F, int n)
 is defined?
idaman bool ida_export is_off (flags64_t F, int n)
 is offset?
idaman bool ida_export is_char (flags64_t F, int n)
 is character constant?
idaman bool ida_export is_seg (flags64_t F, int n)
 is segment?
idaman bool ida_export is_enum (flags64_t F, int n)
 is enum?
idaman bool ida_export is_manual (flags64_t F, int n)
 is forced operand? (use is_forced_operand())
idaman bool ida_export is_stroff (flags64_t F, int n)
 is struct offset?
idaman bool ida_export is_stkvar (flags64_t F, int n)
 is stack variable?
idaman bool ida_export is_fltnum (flags64_t F, int n)
 is floating point number?
idaman bool ida_export is_custfmt (flags64_t F, int n)
 is custom data format?
idaman bool ida_export is_numop (flags64_t F, int n)
 is number (bin, oct, dec, hex)?
idaman bool ida_export is_suspop (ea_t ea, flags64_t F, int n)
 is suspicious operand?
idaman bool ida_export op_adds_xrefs (flags64_t F, int n)
 Should processor module create xrefs from the operand?
idaman bool ida_export set_op_type (ea_t ea, flags64_t type, int n)
 (internal function) change representation of operand(s).
idaman bool ida_export op_seg (ea_t ea, int n)
 Set operand representation to be 'segment'.
idaman bool ida_export op_enum (ea_t ea, int n, tid_t id, uchar serial=0)
 Set operand representation to be enum type If applied to unexplored bytes, converts them to 16/32bit word data.
idaman tid_t ida_export get_enum_id (uchar *serial, ea_t ea, int n)
 Get enum id of 'enum' operand.
idaman bool ida_export op_stroff (const insn_t &insn, int n, const tid_t *path, int path_len, adiff_t delta)
 Set operand representation to be 'struct offset'.
idaman bool ida_export op_based_stroff (const insn_t &insn, int n, adiff_t opval, ea_t base)
 Set operand representation to be 'struct offset' if the operand likely points to a structure member.
idaman int ida_export get_stroff_path (tid_t *path, adiff_t *delta, ea_t ea, int n)
 Get struct path of operand.
idaman bool ida_export op_stkvar (ea_t ea, int n)
 Set operand representation to be 'stack variable'.
idaman bool ida_export set_forced_operand (ea_t ea, int n, const char *op)
 Set forced operand.
idaman ssize_t ida_export get_forced_operand (qstring *buf, ea_t ea, int n)
 Get forced operand.
idaman bool ida_export is_forced_operand (ea_t ea, int n)
 Is operand manually defined?
constexpr flags64_t idaapi combine_flags (flags64_t F)
constexpr flags64_t idaapi char_flag (void)
 see FF_opbits
constexpr flags64_t idaapi off_flag (void)
 see FF_opbits
constexpr flags64_t idaapi enum_flag (void)
 see FF_opbits
constexpr flags64_t idaapi stroff_flag (void)
 see FF_opbits
constexpr flags64_t idaapi stkvar_flag (void)
 see FF_opbits
constexpr flags64_t idaapi flt_flag (void)
 see FF_opbits
constexpr flags64_t idaapi custfmt_flag (void)
 see FF_opbits
constexpr flags64_t idaapi seg_flag (void)
 see FF_opbits
idaman flags64_t ida_export num_flag (void)
 Get number of default base (bin, oct, dec, hex)
constexpr flags64_t idaapi hex_flag (void)
 Get number flag of the base, regardless of current processor - better to use num_flag()
constexpr flags64_t idaapi dec_flag (void)
 Get number flag of the base, regardless of current processor - better to use num_flag()
constexpr flags64_t idaapi oct_flag (void)
 Get number flag of the base, regardless of current processor - better to use num_flag()
constexpr flags64_t idaapi bin_flag (void)
 Get number flag of the base, regardless of current processor - better to use num_flag()
bool idaapi op_chr (ea_t ea, int n)
 set op type to char_flag()
bool idaapi op_num (ea_t ea, int n)
 set op type to num_flag()
bool idaapi op_hex (ea_t ea, int n)
 set op type to hex_flag()
bool idaapi op_dec (ea_t ea, int n)
 set op type to dec_flag()
bool idaapi op_oct (ea_t ea, int n)
 set op type to oct_flag()
bool idaapi op_bin (ea_t ea, int n)
 set op type to bin_flag()
bool idaapi op_flt (ea_t ea, int n)
 set op type to flt_flag()
idaman bool ida_export op_custfmt (ea_t ea, int n, int fid)
 Set custom data format for operand (fid-custom data format id)
idaman bool ida_export clr_op_type (ea_t ea, int n)
 Remove operand representation information.
idaman int ida_export get_default_radix (void)
 Get default base of number for the current processor.
idaman int ida_export get_radix (flags64_t F, int n)
 Get radix of the operand, in: flags.
constexpr flags64_t idaapi code_flag (void)
 #FF_CODE
constexpr flags64_t idaapi byte_flag (void)
 Get a flags64_t representing a byte.
constexpr flags64_t idaapi word_flag (void)
 Get a flags64_t representing a word.
constexpr flags64_t idaapi dword_flag (void)
 Get a flags64_t representing a double word.
constexpr flags64_t idaapi qword_flag (void)
 Get a flags64_t representing a quad word.
constexpr flags64_t idaapi oword_flag (void)
 Get a flags64_t representing a octaword.
constexpr flags64_t idaapi yword_flag (void)
 Get a flags64_t representing a ymm word.
constexpr flags64_t idaapi zword_flag (void)
 Get a flags64_t representing a zmm word.
constexpr flags64_t idaapi tbyte_flag (void)
 Get a flags64_t representing a tbyte.
constexpr flags64_t idaapi strlit_flag (void)
 Get a flags64_t representing a string literal.
constexpr flags64_t idaapi stru_flag (void)
 Get a flags64_t representing a struct.
constexpr flags64_t idaapi cust_flag (void)
 Get a flags64_t representing custom type data.
constexpr flags64_t idaapi align_flag (void)
 Get a flags64_t representing an alignment directive.
constexpr flags64_t idaapi float_flag (void)
 Get a flags64_t representing a float.
constexpr flags64_t idaapi double_flag (void)
 Get a flags64_t representing a double.
constexpr flags64_t idaapi packreal_flag (void)
 Get a flags64_t representing a packed decimal real.
THREAD_SAFE constexpr bool idaapi is_byte (flags64_t F)
 #FF_BYTE
THREAD_SAFE constexpr bool idaapi is_word (flags64_t F)
 #FF_WORD
THREAD_SAFE constexpr bool idaapi is_dword (flags64_t F)
 #FF_DWORD
THREAD_SAFE constexpr bool idaapi is_qword (flags64_t F)
 #FF_QWORD
THREAD_SAFE constexpr bool idaapi is_oword (flags64_t F)
 #FF_OWORD
THREAD_SAFE constexpr bool idaapi is_yword (flags64_t F)
 #FF_YWORD
THREAD_SAFE constexpr bool idaapi is_zword (flags64_t F)
 #FF_ZWORD
THREAD_SAFE constexpr bool idaapi is_tbyte (flags64_t F)
 #FF_TBYTE
THREAD_SAFE constexpr bool idaapi is_float (flags64_t F)
 #FF_FLOAT
THREAD_SAFE constexpr bool idaapi is_double (flags64_t F)
 #FF_DOUBLE
THREAD_SAFE constexpr bool idaapi is_pack_real (flags64_t F)
 #FF_PACKREAL
THREAD_SAFE constexpr bool idaapi is_strlit (flags64_t F)
 #FF_STRLIT
THREAD_SAFE constexpr bool idaapi is_struct (flags64_t F)
 #FF_STRUCT
THREAD_SAFE constexpr bool idaapi is_align (flags64_t F)
 #FF_ALIGN
THREAD_SAFE constexpr bool idaapi is_custom (flags64_t F)
 #FF_CUSTOM
THREAD_SAFE constexpr bool idaapi f_is_byte (flags64_t F, void *)
 See is_byte()
THREAD_SAFE constexpr bool idaapi f_is_word (flags64_t F, void *)
 See is_word()
THREAD_SAFE constexpr bool idaapi f_is_dword (flags64_t F, void *)
 See is_dword()
THREAD_SAFE constexpr bool idaapi f_is_qword (flags64_t F, void *)
 See is_qword()
THREAD_SAFE constexpr bool idaapi f_is_oword (flags64_t F, void *)
 See is_oword()
THREAD_SAFE constexpr bool idaapi f_is_yword (flags64_t F, void *)
 See is_yword()
THREAD_SAFE constexpr bool idaapi f_is_tbyte (flags64_t F, void *)
 See is_tbyte()
THREAD_SAFE constexpr bool idaapi f_is_float (flags64_t F, void *)
 See is_float()
THREAD_SAFE constexpr bool idaapi f_is_double (flags64_t F, void *)
 See is_double()
THREAD_SAFE constexpr bool idaapi f_is_pack_real (flags64_t F, void *)
 See is_pack_real()
THREAD_SAFE constexpr bool idaapi f_is_strlit (flags64_t F, void *)
 See is_strlit()
THREAD_SAFE constexpr bool idaapi f_is_struct (flags64_t F, void *)
 See is_struct()
THREAD_SAFE constexpr bool idaapi f_is_align (flags64_t F, void *)
 See is_align()
THREAD_SAFE constexpr bool idaapi f_is_custom (flags64_t F, void *)
 See is_custom()
THREAD_SAFE constexpr bool idaapi is_same_data_type (flags64_t F1, flags64_t F2)
 Do the given flags specify the same data type?
idaman flags64_t ida_export get_flags_by_size (size_t size)
 Get flags from size (in bytes).
idaman bool ida_export create_data (ea_t ea, flags64_t dataflag, asize_t size, tid_t tid)
 Convert to data (byte, word, dword, etc).
THREAD_SAFE flags64_t idaapi calc_dflags (flags64_t f, bool force)
bool idaapi create_byte (ea_t ea, asize_t length, bool force=false)
 Convert to byte.
bool idaapi create_word (ea_t ea, asize_t length, bool force=false)
 Convert to word.
bool idaapi create_dword (ea_t ea, asize_t length, bool force=false)
 Convert to dword.
bool idaapi create_qword (ea_t ea, asize_t length, bool force=false)
 Convert to quadword.
bool idaapi create_oword (ea_t ea, asize_t length, bool force=false)
 Convert to octaword/xmm word.
bool idaapi create_yword (ea_t ea, asize_t length, bool force=false)
 Convert to ymm word.
bool idaapi create_zword (ea_t ea, asize_t length, bool force=false)
 Convert to zmm word.
bool idaapi create_tbyte (ea_t ea, asize_t length, bool force=false)
 Convert to tbyte.
bool idaapi create_float (ea_t ea, asize_t length, bool force=false)
 Convert to float.
bool idaapi create_double (ea_t ea, asize_t length, bool force=false)
 Convert to double.
bool idaapi create_packed_real (ea_t ea, asize_t length, bool force=false)
 Convert to packed decimal real.
bool idaapi create_struct (ea_t ea, asize_t length, tid_t tid, bool force=false)
 Convert to struct.
bool idaapi create_custdata (ea_t ea, asize_t length, int dtid, int fid, bool force=false)
 Convert to custom data type.
idaman bool ida_export create_align (ea_t ea, asize_t length, int alignment)
 Create an alignment item.
idaman int ida_export calc_min_align (asize_t length)
 Calculate the minimal possible alignment exponent.
idaman int ida_export calc_max_align (ea_t endea)
 Calculate the maximal possible alignment exponent.
idaman int ida_export calc_def_align (ea_t ea, int mina, int maxa)
 Calculate the default alignment exponent.
idaman bool ida_export create_16bit_data (ea_t ea, asize_t length)
 Convert to 16-bit quantity (take the byte size into account)
idaman bool ida_export create_32bit_data (ea_t ea, asize_t length)
 Convert to 32-bit quantity (take the byte size into account)
idaman size_t ida_export get_max_strlit_length (ea_t ea, int32 strtype, int options=0)
 Determine maximum length of string literal.
idaman ssize_t ida_export get_strlit_contents (qstring *utf8, ea_t ea, size_t len, int32 type, size_t *maxcps=nullptr, int flags=0)
 Get contents of string literal, as UTF-8-encoded codepoints.
idaman bool ida_export create_strlit (ea_t start, size_t len, int32 strtype)
 Convert to string literal and give a meaningful name.
idaman bool ida_export print_strlit_type (qstring *out, int32 strtype, qstring *out_tooltip=nullptr, int flags=0)
 Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.
idaman opinfo_t *ida_export get_opinfo (opinfo_t *buf, ea_t ea, int n, flags64_t flags)
 Get additional information about an operand representation.
idaman bool ida_export set_opinfo (ea_t ea, int n, flags64_t flag, const opinfo_t *ti, bool suppress_events=false)
 Set additional information about an operand representation.
idaman asize_t ida_export get_data_elsize (ea_t ea, flags64_t F, const opinfo_t *ti=nullptr)
 Get size of data type specified in flags 'F'.
asize_t get_full_data_elsize (ea_t ea, flags64_t F, const opinfo_t *ti=nullptr)
 Get full size of data type specified in flags 'F'.
idaman int ida_export is_varsize_item (ea_t ea, flags64_t F, const opinfo_t *ti=nullptr, asize_t *itemsize=nullptr)
 Is the item at 'ea' variable size?
idaman asize_t ida_export get_possible_item_varsize (ea_t ea, const tinfo_t &tif)
 Return the possible size of the item at EA of type TIF if TIF is the variable structure.
idaman bool ida_export can_define_item (ea_t ea, asize_t length, flags64_t flags)
 Can define item (instruction/data) of the specified 'length', starting at 'ea'?
THREAD_SAFE bool idaapi has_immd (flags64_t F)
 Has immediate value?
THREAD_SAFE bool idaapi is_func (flags64_t F)
 Is function start?
idaman bool ida_export set_immd (ea_t ea)
 Set 'has immediate operand' flag.
idaman int ida_export register_custom_data_type (const data_type_t *dtinfo)
 Register a new data type.
idaman bool ida_export unregister_custom_data_type (int dtid)
 Unregister a data type.
idaman int ida_export register_custom_data_format (const data_format_t *dtform)
 Register a new data format.
idaman bool ida_export unregister_custom_data_format (int dfid)
 Unregister a data format.
idaman const data_type_t *ida_export get_custom_data_type (int dtid)
 Get definition of a registered custom data type.
idaman const data_format_t *ida_export get_custom_data_format (int dfid)
 Get definition of a registered custom data format.
idaman bool ida_export detach_custom_data_format (int dtid, int dfid)
 Attach the data format to the data type.
idaman bool ida_export is_attached_custom_data_format (int dtid, int dfid)
 Is the custom data format attached to the custom data type?
idaman int ida_export get_custom_data_types (intvec_t *out, asize_t min_size=0, asize_t max_size=BADADDR)
 Get list of registered custom data type ids.
idaman int ida_export get_custom_data_formats (intvec_t *out, int dtid)
 Get list of attached custom data formats for the specified data type.
idaman int ida_export find_custom_data_type (const char *name)
 Get id of a custom data type.
idaman int ida_export find_custom_data_format (const char *name)
 Get id of a custom data format.
idaman bool ida_export set_cmt (ea_t ea, const char *comm, bool rptble)
 Set an indented comment.
idaman ssize_t ida_export get_cmt (qstring *buf, ea_t ea, bool rptble)
 Get an indented comment.
idaman bool ida_export append_cmt (ea_t ea, const char *str, bool rptble)
 Append to an indented comment.
idaman ssize_t ida_export get_predef_insn_cmt (qstring *buf, const insn_t &ins)
 Get predefined comment.
idaman ea_t ida_export find_byte (ea_t sEA, asize_t size, uchar value, int bin_search_flags)
 Find forward a byte with the specified value (only 8-bit value from the database).
idaman ea_t ida_export find_byter (ea_t sEA, asize_t size, uchar value, int bin_search_flags)
 Find reverse a byte with the specified value (only 8-bit value from the database).
 DECLARE_TYPE_AS_MOVABLE (compiled_binpat_t)
idaman bool ida_export parse_binpat_str (compiled_binpat_vec_t *out, ea_t ea, const char *in, int radix, int strlits_encoding=PBSENC_DEF1BPU, qstring *errbuf=nullptr)
 Convert user-specified binary string to internal representation.
idaman ea_t ida_export bin_search (ea_t start_ea, ea_t end_ea, const compiled_binpat_vec_t &data, int flags, size_t *out_matched_idx=nullptr)
 Search for a pattern in the program.
ea_t bin_search (ea_t start_ea, ea_t end_ea, const uchar *image, const uchar *mask, size_t len, int flags)
ea_t idaapi next_inited (ea_t ea, ea_t maxea)
 Find the next initialized address.
ea_t idaapi prev_inited (ea_t ea, ea_t minea)
 Find the previous initialized address.
idaman bool ida_export equal_bytes (ea_t ea, const uchar *image, const uchar *mask, size_t len, int bin_search_flags)
 Compare 'len' bytes of the program starting from 'ea' with 'image'.
bool bytes_match_for_bin_search (uchar c1, uchar c2, const uchar *mask, int i, int bin_search_flags)
idaman ea_t ida_export find_binary (ea_t startea, ea_t endea, const char *ubinstr, int radix, int sflag, int strlits_encoding=0)
idaman bool ida_export update_hidden_range (const hidden_range_t *ha)
 Update hidden range information in the database.
idaman bool ida_export add_hidden_range (ea_t ea1, ea_t ea2, const char *description, const char *header, const char *footer, bgcolor_t color=DEFCOLOR)
 Mark a range of addresses as hidden.
idaman hidden_range_t *ida_export get_hidden_range (ea_t ea)
 Get pointer to hidden range structure, in: linear address.
idaman hidden_range_t *ida_export getn_hidden_range (int n)
 Get pointer to hidden range structure, in: number of hidden range.
idaman int ida_export get_hidden_range_qty (void)
 Get number of hidden ranges.
idaman int ida_export get_hidden_range_num (ea_t ea)
 Get number of a hidden range.
idaman hidden_range_t *ida_export get_prev_hidden_range (ea_t ea)
 Get pointer to previous hidden range.
idaman hidden_range_t *ida_export get_next_hidden_range (ea_t ea)
 Get pointer to next hidden range.
idaman hidden_range_t *ida_export get_first_hidden_range (void)
 Get pointer to the first hidden range.
idaman hidden_range_t *ida_export get_last_hidden_range (void)
 Get pointer to the last hidden range.
idaman bool ida_export del_hidden_range (ea_t ea)
 Delete hidden range.
idaman bool ida_export add_mapping (ea_t from, ea_t to, asize_t size)
 IDA supports memory mapping.
idaman void ida_export del_mapping (ea_t ea)
 Delete memory mapping range.
idaman ea_t ida_export use_mapping (ea_t ea)
 Translate address according to current mappings.
idaman size_t ida_export get_mappings_qty (void)
 Get number of mappings.
idaman bool ida_export get_mapping (ea_t *from, ea_t *to, asize_t *size, size_t n)
 Get memory mapping range by its number.
THREAD_SAFE ssize_t get_hex_string (char *buf, size_t bufsize, const uchar *bytes, size_t len)

Detailed Description

Contains functions that deal with individual byte characteristics.

Each byte of the disassembled program is represented by a 32-bit value. We will call this value 'flags'. The structure of the flags is here.

You are not allowed to inspect individual bits of flags and modify them directly. Use special functions to inspect and/or modify flags.

Flags are kept in a virtual array file (*.id1). Addresses (ea) are all 32-bit (or 64-bit) quantities.

Typedef Documentation

◆ testf_t

typedef bool idaapi testf_t(flags64_t flags, void *ud)

Flag tester - see next_that(), prev_that()

◆ may_destroy_cb_t

typedef bool idaapi may_destroy_cb_t(ea_t)

del_items' callback function

◆ compiled_binpat_vec_t

typedef qvector<compiled_binpat_t> compiled_binpat_vec_t

Function Documentation

◆ enable_flags()

idaman error_t ida_export enable_flags ( ea_t start_ea,
ea_t end_ea,
storage_type_t stt )

Allocate flags for address range.

This function does not change the storage type of existing ranges. Exit with an error message if not enough disk space.

Parameters
start_eashould be lower than end_ea.
end_eadoes not belong to the range.
sttstorage_type_t
Returns
0 if ok, otherwise an error code

◆ disable_flags()

idaman error_t ida_export disable_flags ( ea_t start_ea,
ea_t end_ea )

Deallocate flags for address range.

Exit with an error message if not enough disk space (this may occur too).

Parameters
start_eashould be lower than end_ea.
end_eadoes not belong to the range.
Returns
0 if ok, otherwise return error code

◆ change_storage_type()

idaman error_t ida_export change_storage_type ( ea_t start_ea,
ea_t end_ea,
storage_type_t stt )

Change flag storage type for address range.

Parameters
start_eashould be lower than end_ea.
end_eadoes not belong to the range.
sttstorage_type_t
Returns
error code

◆ next_addr()

idaman ea_t ida_export next_addr ( ea_t ea)

Get next address in the program (i.e.

next address which has flags).

Returns
#BADADDR if no such address exist.

◆ prev_addr()

idaman ea_t ida_export prev_addr ( ea_t ea)

Get previous address in the program.

Returns
#BADADDR if no such address exist.

◆ next_chunk()

idaman ea_t ida_export next_chunk ( ea_t ea)

Get the first address of next contiguous chunk in the program.

Returns
#BADADDR if next chunk doesn't exist.

◆ prev_chunk()

idaman ea_t ida_export prev_chunk ( ea_t ea)

Get the last address of previous contiguous chunk in the program.

Returns
#BADADDR if previous chunk doesn't exist.

◆ chunk_start()

idaman ea_t ida_export chunk_start ( ea_t ea)

Get start of the contiguous address block containing 'ea'.

Returns
#BADADDR if 'ea' doesn't belong to the program.

◆ chunk_size()

idaman asize_t ida_export chunk_size ( ea_t ea)

Get size of the contiguous address block containing 'ea'.

Returns
0 if 'ea' doesn't belong to the program.

◆ find_free_chunk()

idaman ea_t ida_export find_free_chunk ( ea_t start,
asize_t size,
asize_t alignment )

Search for a hole in the addressing space of the program.

Parameters
startAddress to start searching from
sizeSize of the desired empty range
alignmentAlignment bitmask, must be a pow2-1. (for example, 0xF would align the returned range to 16 bytes).
Returns
Start of the found empty range or #BADADDR

◆ next_that()

idaman ea_t ida_export next_that ( ea_t ea,
ea_t maxea,
testf_t * testf,
void * ud = nullptr )

Find next address with a flag satisfying the function 'testf'.

Note
do not pass is_unknown() to this function to find unexplored bytes. It will fail under the debugger. To find unexplored bytes, use next_unknown().
Parameters
eastart searching at this address + 1
maxeanot included in the search range.
testftest function to find next address
uduser data - may point to anything. it will be passed to testf.
Returns
the found address or #BADADDR.

◆ next_unknown()

ea_t idaapi next_unknown ( ea_t ea,
ea_t maxea )
inline

Similar to next_that(), but will find the next address that is unexplored.

◆ prev_that()

idaman ea_t ida_export prev_that ( ea_t ea,
ea_t minea,
testf_t * testf,
void * ud = nullptr )

Find previous address with a flag satisfying the function 'testf'.

Note
do not pass is_unknown() to this function to find unexplored bytes It will fail under the debugger. To find unexplored bytes, use prev_unknown().
Parameters
eastart searching from this address - 1.
mineaincluded in the search range.
testftest function to find previous address
uduser data - may point to anything. it will be passed to testf.
Returns
the found address or #BADADDR.

◆ prev_unknown()

ea_t idaapi prev_unknown ( ea_t ea,
ea_t minea )
inline

Similar to prev_that(), but will find the previous address that is unexplored.

◆ prev_head()

idaman ea_t ida_export prev_head ( ea_t ea,
ea_t minea )

Get start of previous defined item.

Parameters
eabegin search at this address
mineaincluded in the search range
Returns
#BADADDR if none exists.

◆ next_head()

idaman ea_t ida_export next_head ( ea_t ea,
ea_t maxea )

Get start of next defined item.

Parameters
eabegin search at this address
maxeanot included in the search range
Returns
#BADADDR if none exists.

◆ prev_not_tail()

idaman ea_t ida_export prev_not_tail ( ea_t ea)

Get address of previous non-tail byte.

Returns
#BADADDR if none exists.

◆ next_not_tail()

idaman ea_t ida_export next_not_tail ( ea_t ea)

Get address of next non-tail byte.

Returns
#BADADDR if none exists.

◆ adjust_visea()

ea_t adjust_visea ( ea_t ea)

Adjust the address and get the nearest visible address.

(i.e. an address which will appear in the disassembly)

Returns
#BADADDR only if no addresses are valid

◆ prev_visea()

idaman ea_t ida_export prev_visea ( ea_t ea)

Get previous visible address.

Returns
#BADADDR if none exists.

◆ next_visea()

idaman ea_t ida_export next_visea ( ea_t ea)

Get next visible address.

Returns
#BADADDR if none exists.

◆ is_first_visea()

bool is_first_visea ( ea_t ea)

Is an address the first visible address?

◆ is_last_visea()

bool is_last_visea ( ea_t ea)

Is an address the last visible address?

◆ is_visible_finally()

bool is_visible_finally ( ea_t ea)

Is the address visible on the screen (not hidden)?

◆ get_item_head()

ea_t idaapi get_item_head ( ea_t ea)
inline

Get the start address of the item at 'ea'.

If there is no current item, then 'ea' will be returned (see definition at the end of bytes.hpp source)

◆ get_item_end()

idaman ea_t ida_export get_item_end ( ea_t ea)

Get the end address of the item at 'ea'.

The returned address doesn't belong to the current item. Unexplored bytes are counted as 1 byte entities.

◆ calc_max_item_end()

idaman ea_t ida_export calc_max_item_end ( ea_t ea,
int how = 15 )

Calculate maximal reasonable end address of a new item.

This function will limit the item with the current segment bounds.

Parameters
ealinear address
howwhen to stop the search. A combination of Item end search flags
Returns
end of new item. If it is not possible to create an item, it will return 'ea'. If operation was cancelled by user, it will return 'ea'

◆ get_item_size()

asize_t get_item_size ( ea_t ea)
inline

Get size of item (instruction/data) in bytes.

Unexplored bytes have length of 1 byte. This function returns 0 only for BADADDR.

◆ is_mapped()

idaman bool ida_export is_mapped ( ea_t ea)

Is the specified address 'ea' present in the program?

◆ get_flags_ex()

idaman flags64_t ida_export get_flags_ex ( ea_t ea,
int how )

Get flags for the specified address, extended form.

◆ get_flags32()

flags64_t idaapi get_flags32 ( ea_t ea)
inline

Get only 32 low bits of flags.

This function returns the most commonly used bits of the flags. However, it does not return the operand info for the operands beyond the first two operands (0,1). If you need to deal with the operands (2..n), then use get_flags(). It is customary to assign the return value to the variable named "F32", to distinguish is from 64-bit flags.

Returns
0 if address is not present in the program

◆ get_flags()

flags64_t idaapi get_flags ( ea_t ea)
inline

Get flags value for address 'ea'.

The byte value is not included in the flags. This function should be used if the operand types of any operand beyond the first two operands is required. This function is more expensive to use than get_flags32()

Returns
0 if address is not present in the program

◆ get_full_flags()

flags64_t idaapi get_full_flags ( ea_t ea)
inline

Get full flags value for address 'ea'.

This function returns the byte value in the flags as well. See FF_IVL and MS_VAL. This function is more expensive to use than get_flags()

Returns
0 if address is not present in the program

◆ get_item_flag()

idaman flags64_t ida_export get_item_flag ( ea_t from,
int n,
ea_t ea,
bool appzero )

Get flag of the item at 'ea' even if it is a tail byte of some array or structure.

This function is used to get flags of structure members or array elements.

Parameters
fromlinear address of the instruction which refers to 'ea'
noperand number which refers to 'ea' or OPND_ALL for one of the operands
eathe referenced address
appzeroappend a struct field name if the field offset is zero? meaningful only if the name refers to a structure.
Returns
flags or 0 (if failed)

◆ get_item_refinfo()

idaman bool ida_export get_item_refinfo ( refinfo_t * ri,
ea_t ea,
int n )

Get refinfo of the item at 'ea'.

This function works for a regular offset operand as well as for a tail byte of a structure variable (in this case refinfo to corresponding structure member will be returned)

Parameters
[out]rirefinfo holder
eathe item address
noperand number which refers to 'ea' or OPND_ALL for one of the operands
Returns
success

◆ has_value()

THREAD_SAFE constexpr bool idaapi has_value ( flags64_t F)
inlineconstexpr

Do flags contain byte value?

◆ del_value()

idaman void ida_export del_value ( ea_t ea)

Delete byte value from flags.

The corresponding byte becomes uninitialized.

◆ is_loaded()

idaman bool ida_export is_loaded ( ea_t ea)

Does the specified address have a byte value (is initialized?)

◆ nbits()

idaman int ida_export nbits ( ea_t ea)

Get number of bits in a byte at the given address.

Returns
processor_t::dnbits() if the address doesn't belong to a segment, otherwise the result depends on the segment type

◆ bytesize()

int bytesize ( ea_t ea)
inline

Get number of bytes required to store a byte at the given address.

◆ get_byte()

idaman uchar ida_export get_byte ( ea_t ea)

Get one byte (8-bit) of the program at 'ea'.

This function works only for 8bit byte processors.

◆ get_db_byte()

idaman uchar ida_export get_db_byte ( ea_t ea)

Get one byte (8-bit) of the program at 'ea' from the database.

Works even if the debugger is active. See also get_dbg_byte() to read the process memory directly. This function works only for 8bit byte processors.

◆ get_word()

idaman ushort ida_export get_word ( ea_t ea)

Get one word (16-bit) of the program at 'ea'.

This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.

◆ get_dword()

idaman uint32 ida_export get_dword ( ea_t ea)

Get one dword (32-bit) of the program at 'ea'.

This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.

◆ get_qword()

idaman uint64 ida_export get_qword ( ea_t ea)

Get one qword (64-bit) of the program at 'ea'.

This function takes into account order of bytes specified in idainfo::is_be() This function works only for 8bit byte processors.

◆ get_wide_byte()

idaman uint64 ida_export get_wide_byte ( ea_t ea)

Get one wide byte of the program at 'ea'.

Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view.

◆ get_wide_word()

idaman uint64 ida_export get_wide_word ( ea_t ea)

Get one wide word (2 'byte') of the program at 'ea'.

Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be()

◆ get_wide_dword()

idaman uint64 ida_export get_wide_dword ( ea_t ea)

Get two wide words (4 'bytes') of the program at 'ea'.

Some processors may access more than 8bit quantity at an address. These processors have 32-bit byte organization from the IDA's point of view. This function takes into account order of bytes specified in idainfo::is_be()

Note
this function works incorrectly if processor_t::nbits > 16

◆ get_octet()

idaman bool ida_export get_octet ( uchar * out,
octet_generator_t * ogen )

◆ get_16bit()

idaman uint32 ida_export get_16bit ( ea_t ea)

Get 16bits of the program at 'ea'.

Returns
1 byte (getFullByte()) if the current processor has 16-bit byte, otherwise return get_word()

◆ get_32bit()

idaman uint32 ida_export get_32bit ( ea_t ea)

Get not more than 32bits of the program at 'ea'.

Returns
32 bit value, depending on processor_t::nbits:
  • if ( nbits <= 8 ) return get_dword(ea);
  • if ( nbits <= 16) return get_wide_word(ea);
  • return get_wide_byte(ea);

◆ get_64bit()

idaman uint64 ida_export get_64bit ( ea_t ea)

Get not more than 64bits of the program at 'ea'.

Returns
64 bit value, depending on processor_t::nbits:
  • if ( nbits <= 8 ) return get_qword(ea);
  • if ( nbits <= 16) return get_wide_dword(ea);
  • return get_wide_byte(ea);

◆ get_data_value()

idaman bool ida_export get_data_value ( uval_t * v,
ea_t ea,
asize_t size )

Get the value at of the item at 'ea'.

This function works with entities up to sizeof(ea_t) (bytes, word, etc)

Parameters
vpointer to the result. may be nullptr
ealinear address
sizesize of data to read. If 0, then the item type at 'ea' will be used
Returns
success

◆ visit_patched_bytes()

idaman int ida_export visit_patched_bytes ( ea_t ea1,
ea_t ea2,
int(idaapi *cb)(ea_t ea, qoff64_t fpos, uint64 o, uint64 v, void *ud) ,
void * ud = nullptr )

Visit all the patched bytes one byte at a time.

Parameters
ea1start linear address
ea2end linear address
cbcallback called for each found byte. if the callback returns non-zero then that value will be returned to the caller and the enumeration will be interrupted.
uduser data passed to the callback
Returns
the return value returned by the callback (if any) or zero if the enumeration was completed.

◆ get_original_byte()

idaman uint64 ida_export get_original_byte ( ea_t ea)

Get original byte value (that was before patching).

This function works for wide byte processors too.

◆ get_original_word()

idaman uint64 ida_export get_original_word ( ea_t ea)

Get original word value (that was before patching).

This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

◆ get_original_dword()

idaman uint64 ida_export get_original_dword ( ea_t ea)

Get original dword (that was before patching) This function works for wide byte processors too.

This function takes into account order of bytes specified in idainfo::is_be()

◆ get_original_qword()

idaman uint64 ida_export get_original_qword ( ea_t ea)

Get original qword value (that was before patching) This function DOESN'T work for wide byte processors too.

This function takes into account order of bytes specified in idainfo::is_be()

◆ put_byte()

idaman bool ida_export put_byte ( ea_t ea,
uint64 x )

Set value of one byte of the program.

This function modifies the database. If the debugger is active then the debugged process memory is patched too.

Note
The original value of the byte is completely lost and can't be recovered by the get_original_byte() function. See also put_dbg_byte() to write to the process memory directly when the debugger is active. This function can handle wide byte processors.
Parameters
ealinear address
xbyte value
Returns
true if the database has been modified

◆ put_word()

idaman void ida_export put_word ( ea_t ea,
uint64 x )

Set value of one word of the program.

This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too.

Note
The original value of the word is completely lost and can't be recovered by the get_original_word() function. ea - linear address x - word value

◆ put_dword()

idaman void ida_export put_dword ( ea_t ea,
uint64 x )

Set value of one dword of the program.

This function takes into account order of bytes specified in idainfo::is_be() This function works for wide byte processors too.

Parameters
ealinear address
xdword value
Note
the original value of the dword is completely lost and can't be recovered by the get_original_dword() function.

◆ put_qword()

idaman void ida_export put_qword ( ea_t ea,
uint64 x )

Set value of one qword (8 bytes) of the program.

This function takes into account order of bytes specified in idainfo::is_be() This function DOESN'T works for wide byte processors.

Parameters
ealinear address
xqword value

◆ patch_byte()

idaman bool ida_export patch_byte ( ea_t ea,
uint64 x )

Patch a byte of the program.

The original value of the byte is saved and can be obtained by get_original_byte(). This function works for wide byte processors too.

Return values
truethe database has been modified,
falsethe debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

◆ patch_word()

idaman bool ida_export patch_word ( ea_t ea,
uint64 x )

Patch a word of the program.

The original value of the word is saved and can be obtained by get_original_word(). This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

Return values
truethe database has been modified,
falsethe debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

◆ patch_dword()

idaman bool ida_export patch_dword ( ea_t ea,
uint64 x )

Patch a dword of the program.

The original value of the dword is saved and can be obtained by get_original_dword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()

Return values
truethe database has been modified,
falsethe debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

◆ patch_qword()

idaman bool ida_export patch_qword ( ea_t ea,
uint64 x )

Patch a qword of the program.

The original value of the qword is saved and can be obtained by get_original_qword(). This function DOESN'T work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()

Return values
truethe database has been modified,
falsethe debugger is running and the process' memory has value 'x' at address 'ea', or the debugger is not running, and the IDB has value 'x' at address 'ea already.

◆ revert_byte()

idaman bool ida_export revert_byte ( ea_t ea)

Revert patched byte.

Return values
truebyte was patched before and reverted now

◆ add_byte()

idaman void ida_export add_byte ( ea_t ea,
uint32 value )

Add a value to one byte of the program.

This function works for wide byte processors too.

Parameters
ealinear address
valuebyte value

◆ add_word()

idaman void ida_export add_word ( ea_t ea,
uint64 value )

Add a value to one word of the program.

This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

Parameters
ealinear address
valuebyte value

◆ add_dword()

idaman void ida_export add_dword ( ea_t ea,
uint64 value )

Add a value to one dword of the program.

This function works for wide byte processors too. This function takes into account order of bytes specified in idainfo::is_be()

Note
this function works incorrectly if processor_t::nbits > 16
Parameters
ealinear address
valuebyte value

◆ add_qword()

idaman void ida_export add_qword ( ea_t ea,
uint64 value )

Add a value to one qword of the program.

This function does not work for wide byte processors. This function takes into account order of bytes specified in idainfo::is_be()

Parameters
ealinear address
valuebyte value

◆ get_zero_ranges()

idaman bool ida_export get_zero_ranges ( rangeset_t * zranges,
const range_t * range )

Return set of ranges with zero initialized bytes.

The returned set includes only big zero initialized ranges (at least >1KB). Some zero initialized byte ranges may be not included. Only zero bytes that use the sparse storage method (STT_MM) are reported.

Parameters
zrangespointer to the return value. cannot be nullptr
rangethe range of addresses to verify. can be nullptr - means all ranges
Returns
true if the result is a non-empty set

◆ get_bytes()

idaman ssize_t ida_export get_bytes ( void * buf,
ssize_t size,
ea_t ea,
int gmb_flags = 0,
void * mask = nullptr )

Get the specified number of bytes of the program into the buffer.

If mask was specified it will contain a bitmap of initialized / uninitialized database bytes.

Parameters
ealinear address
bufbuffer to hold bytes
sizesize of buffer in normal 8-bit bytes (sizeof(buf))
gmb_flagscombination of flags for get_bytes() bits
maskbitmap of initialize/uninitialized bytes (may be nullptr; must be at least (size+7)/8)
Returns
if the user cancelled, return -1; otherwise number of read bytes.

◆ put_bytes()

idaman void ida_export put_bytes ( ea_t ea,
const void * buf,
size_t size )

Modify the specified number of bytes of the program.

This function does not save the original values of bytes. See also patch_bytes().

Parameters
ealinear address
bufbuffer with new values of bytes
sizesize of buffer in normal 8-bit bytes (sizeof(buf))

◆ patch_bytes()

idaman void ida_export patch_bytes ( ea_t ea,
const void * buf,
size_t size )

Patch the specified number of bytes of the program.

Original values of bytes are saved and are available with get_original...() functions. See also put_bytes().

Parameters
ealinear address
bufbuffer with new values of bytes
sizesize of buffer in normal 8-bit bytes (sizeof(buf))

◆ del_items()

idaman bool ida_export del_items ( ea_t ea,
int flags = 0,
asize_t nbytes = 1,
may_destroy_cb_t * may_destroy = nullptr )

Convert item (instruction/data) to unexplored bytes.

The whole item (including the head and tail bytes) will be destroyed. It is allowed to pass any address in the item to this function

Parameters
eaany address within the first item to delete
flagscombination of Unexplored byte conversion flags
nbytesnumber of bytes in the range to be undefined
may_destroyoptional routine invoked before deleting a head item. If callback returns false then item is not to be deleted and operation fails
Returns
true on sucessful operation, otherwise false

◆ is_manual_insn()

idaman bool ida_export is_manual_insn ( ea_t ea)

Is the instruction overridden?

Parameters
ealinear address of the instruction or data item

◆ get_manual_insn()

idaman ssize_t ida_export get_manual_insn ( qstring * buf,
ea_t ea )

Retrieve the user-specified string for the manual instruction.

Parameters
bufoutput buffer
ealinear address of the instruction or data item
Returns
size of manual instruction or -1

◆ set_manual_insn()

idaman void ida_export set_manual_insn ( ea_t ea,
const char * manual_insn )

Set manual instruction string.

Parameters
ealinear address of the instruction or data item
manual_insn"" - delete manual string. nullptr - do nothing

◆ leading_zero_important()

idaman bool ida_export leading_zero_important ( ea_t ea,
int n )

Check if leading zeroes are important.

◆ get_max_strlit_length()

idaman size_t ida_export get_max_strlit_length ( ea_t ea,
int32 strtype,
int options = 0 )

Determine maximum length of string literal.

If the string literal has a length prefix (e.g., STRTYPE_LEN2 has a two-byte length prefix), the length of that prefix (i.e., 2) will be part of the returned value.

Parameters
eastarting address
strtypestring type. one of String type codes
optionscombination of string literal length options
Returns
length of the string in octets (octet==8bit)

◆ get_strlit_contents()

idaman ssize_t ida_export get_strlit_contents ( qstring * utf8,
ea_t ea,
size_t len,
int32 type,
size_t * maxcps = nullptr,
int flags = 0 )

Get contents of string literal, as UTF-8-encoded codepoints.

This function returns the displayed part of the string It works even if the string has not been created in the database yet.

If 'len' is size_t(-1), it will be computed like so:

  • if a string literal is present at 'ea', get_item_size() * bytesize(ea) will be used
  • otherwise, get_max_strlit_length(..., ALOPT_IGNHEADS) will be used

About 'maxcps': this specifies a limit to the number of codepoints, not bytes in the UTF-8 output buffer. So for example although U+4e12 will use 3 bytes in the output buffer, it still counts as only 1 character – unless STRCONV_ESCAPE is used. If 'STRCONV_ESCAPE' is used, U+4e12 will be converted to the string "\u4E12", and will use 6 bytes in the output buffer and also count as 6 codepoints.

If 'STRCONV_REPLCHAR', any undecodable byte will re represented as U+FFFD, occupy 3 bytes in the output buffer, and count for 1 codepoint.

Parameters
[out]utf8output buffer
[in]ealinear address of the string
[in]lenlength of the string, in octets (octet=8bit)
[in]typetype of the string. one of String type codes
[in,out]maxcpsmaximum length of codepoints, after possible escaping, in output buffer (not counting terminating zero) on exit, will be set to 0 if string got truncated can be nullptr if not needed
[in]flagscombination of string conversion flags
Returns
length of generated text (in bytes) or -1

◆ create_strlit()

idaman bool ida_export create_strlit ( ea_t start,
size_t len,
int32 strtype )

Convert to string literal and give a meaningful name.

'start' may be higher than 'end', the kernel will swap them in this case

Parameters
startstarting address
lenlength of the string in bytes. if 0, then get_max_strlit_length() will be used to determine the length
strtypestring type. one of String type codes
Returns
success

◆ print_strlit_type()

idaman bool ida_export print_strlit_type ( qstring * out,
int32 strtype,
qstring * out_tooltip = nullptr,
int flags = 0 )

Get string type information: the string type name (possibly decorated with hotkey markers), and the tooltip.

Parameters
outthe output buffer
strtypethe string type
out_tooltipan optional output buffer for the tooltip
flagsor'ed PSTF_* constants
Returns
length of generated text

◆ get_opinfo()

idaman opinfo_t *ida_export get_opinfo ( opinfo_t * buf,
ea_t ea,
int n,
flags64_t flags )

Get additional information about an operand representation.

Parameters
bufbuffer to receive the result. may not be nullptr
ealinear address of item
nnumber of operand, 0 or 1
flagsflags of the item
Returns
nullptr if no additional representation information

◆ set_opinfo()

idaman bool ida_export set_opinfo ( ea_t ea,
int n,
flags64_t flag,
const opinfo_t * ti,
bool suppress_events = false )

Set additional information about an operand representation.

This function is a low level one. Only the kernel should use it.

Parameters
ealinear address of the item
nnumber of operand, 0 or 1 (see the note below)
flagflags of the item
tiadditional representation information
suppress_eventsdo not generate changing_op_type and op_type_changed events
Returns
success
Note
for custom formats (if is_custfmt(flag, n) is true) or for offsets (if is_off(flag, n) is true) N can be in range 0..UA_MAXOP-1 or equal to OPND_ALL. In the case of OPND_ALL the additional information about all operands will be set.

◆ get_data_elsize()

idaman asize_t ida_export get_data_elsize ( ea_t ea,
flags64_t F,
const opinfo_t * ti = nullptr )

Get size of data type specified in flags 'F'.

Parameters
ealinear address of the item
Fflags
tiadditional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be nullptr). If specified as nullptr, will be automatically retrieved from the database
Returns
  • byte : 1
  • word : 2
  • etc...

If flags doesn't specify a data, then return 1

◆ get_full_data_elsize()

asize_t get_full_data_elsize ( ea_t ea,
flags64_t F,
const opinfo_t * ti = nullptr )
inline

Get full size of data type specified in flags 'F'.

takes into account processors with wide bytes e.g. returns 2 for a byte element with 16-bit bytes

◆ is_varsize_item()

idaman int ida_export is_varsize_item ( ea_t ea,
flags64_t F,
const opinfo_t * ti = nullptr,
asize_t * itemsize = nullptr )

Is the item at 'ea' variable size?

Parameters
ealinear address of the item
Fflags
tiadditional information about the data type. For example, if the current item is a structure instance, then ti->tid is structure id. Otherwise is ignored (may be nullptr). If specified as nullptr, will be automatically retrieved from the database
itemsizeif not nullptr and the item is varsize, itemsize will contain the calculated item size (for struct types, the minimal size is returned)
Return values
1varsize item
0fixed item
-1error (bad data definition)

◆ get_possible_item_varsize()

idaman asize_t ida_export get_possible_item_varsize ( ea_t ea,
const tinfo_t & tif )

Return the possible size of the item at EA of type TIF if TIF is the variable structure.

Parameters
eathe linear address of the item
tifthe item type
Returns
the possible size
Return values
asize_t(-1)TIF is not a variable structure

◆ can_define_item()

idaman bool ida_export can_define_item ( ea_t ea,
asize_t length,
flags64_t flags )

Can define item (instruction/data) of the specified 'length', starting at 'ea'?

Note
if there is an item starting at 'ea', this function ignores it
this function converts to unexplored all encountered data items with fixup information. Should be fixed in the future.
Parameters
eastart of the range for the new item
lengthlength of the new item in bytes
flagsif not 0, then the kernel will ignore the data types specified by the flags and destroy them. For example: 
                 1000 dw 5
                 1002 db 5 ; undef
                 1003 db 5 ; undef
                 1004 dw 5
                 1006 dd 5
can_define_item(1000, 6, 0) - false because of dw at 1004
can_define_item(1000, 6, word_flag()) - true, word at 1004 is destroyed
Returns
1-yes, 0-no

This function may return 0 if:

  • a new item would cross segment boundaries
  • a new item would overlap with existing items (except items specified by 'flags')

◆ register_custom_data_type()

idaman int ida_export register_custom_data_type ( const data_type_t * dtinfo)

Register a new data type.

Parameters
dtinfodescription of the new data type
Returns
> 0 : id of the new custom data type, < 0 : error when the custom data type with the same name has already been registered
Note
dtid 0 is reserved for built-in data types.

◆ unregister_custom_data_type()

idaman bool ida_export unregister_custom_data_type ( int dtid)

Unregister a data type.

When the idb is closed, all custom data types are automatically unregistered, but since it happens too late (plugin modules could already be unloaded) one has to unregister custom data types explicitly. The ids of unregistered custom data types remain allocated and when the same name is reused to register a custom data type, it will get assigned the same id.

Parameters
dtiddata type to unregister
Return values
trueok
falseno such dtid

◆ register_custom_data_format()

idaman int ida_export register_custom_data_format ( const data_format_t * dtform)

Register a new data format.

Parameters
dtformdescription of the new data format
Returns
> 0 : id of the new custom data format, < 0 : error when the custom data format with the same name has already been registered to the data type
Note
dfid 0 is unused.

◆ unregister_custom_data_format()

idaman bool ida_export unregister_custom_data_format ( int dfid)

Unregister a data format.

See also
unregister_custom_data_type()
Parameters
dfiddata format to unregister
Return values
trueok
falseno such dfid

◆ get_custom_data_type()

idaman const data_type_t *ida_export get_custom_data_type ( int dtid)

Get definition of a registered custom data type.

Parameters
dtiddata type id
Returns
data type definition or nullptr

◆ get_custom_data_format()

idaman const data_format_t *ida_export get_custom_data_format ( int dfid)

Get definition of a registered custom data format.

Parameters
dfiddata format id
Returns
data format definition or nullptr

◆ detach_custom_data_format()

idaman bool ida_export detach_custom_data_format ( int dtid,
int dfid )

Attach the data format to the data type.

Parameters
dtiddata type id that can use the data format. 0 means all standard data types. Such data formats can be applied to any data item or instruction operands. For instruction operands, the data_format_t::value_size check is not performed by the kernel.
dfiddata format id
Return values
trueok
falseno such dtid, or no such ‘dfid’, or the data format has / already been attached to the data type

idaman bool ida_export attach_custom_data_format(int dtid, int dfid);

/ Detach the data format from the data type. / Unregistering a custom data type detaches all attached data formats, / no need to detach them explicitly. You still need unregister them. / Unregistering a custom data format detaches it from all attached data / types. /

Parameters
dtiddata type id to detach data format from /
dfiddata format id to detach /
Return values
trueok /
falseno such dtid, or no such ‘dfid’, or the data format was not attached to the data type

◆ is_attached_custom_data_format()

idaman bool ida_export is_attached_custom_data_format ( int dtid,
int dfid )

Is the custom data format attached to the custom data type?

Parameters
dtiddata type id
dfiddata format id
Returns
true or false

◆ get_custom_data_types()

idaman int ida_export get_custom_data_types ( intvec_t * out,
asize_t min_size = 0,
asize_t max_size = BADADDR )

Get list of registered custom data type ids.

Parameters
outbuffer for the output. may be nullptr
min_sizeminimum value size
max_sizemaximum value size
Returns
number of custom data types with the specified size limits

◆ get_custom_data_formats()

idaman int ida_export get_custom_data_formats ( intvec_t * out,
int dtid )

Get list of attached custom data formats for the specified data type.

Parameters
outbuffer for the output. may be nullptr
dtiddata type id
Returns
number of returned custom data formats. if error, returns -1

◆ find_custom_data_type()

idaman int ida_export find_custom_data_type ( const char * name)

Get id of a custom data type.

Parameters
namename of the custom data type
Returns
id or -1

◆ find_custom_data_format()

idaman int ida_export find_custom_data_format ( const char * name)

Get id of a custom data format.

Parameters
namename of the custom data format
Returns
id or -1

◆ set_cmt()

idaman bool ida_export set_cmt ( ea_t ea,
const char * comm,
bool rptble )

Set an indented comment.

Parameters
ealinear address
commcomment string
  • nullptr: do nothing (return 0)
  • "" : delete comment
rptbleis repeatable?
Returns
success

◆ get_cmt()

idaman ssize_t ida_export get_cmt ( qstring * buf,
ea_t ea,
bool rptble )

Get an indented comment.

Parameters
bufoutput buffer, may be nullptr
ealinear address. may point to tail byte, the function will find start of the item
rptbleget repeatable comment?
Returns
size of comment or -1

◆ append_cmt()

idaman bool ida_export append_cmt ( ea_t ea,
const char * str,
bool rptble )

Append to an indented comment.

Creates a new comment if none exists. Appends a newline character and the specified string otherwise.

Parameters
ealinear address
strcomment string to append
rptbleappend to repeatable comment?
Returns
success

◆ get_predef_insn_cmt()

idaman ssize_t ida_export get_predef_insn_cmt ( qstring * buf,
const insn_t & ins )

Get predefined comment.

Parameters
bufbuffer for the comment
inscurrent instruction information
Returns
size of comment or -1

◆ find_byte()

idaman ea_t ida_export find_byte ( ea_t sEA,
asize_t size,
uchar value,
int bin_search_flags )

Find forward a byte with the specified value (only 8-bit value from the database).

example: ea=4 size=3 will inspect addresses 4, 5, and 6

Parameters
sEAlinear address
sizenumber of bytes to inspect
valuevalue to find
bin_search_flagscombination of Search flags
Returns
address of byte or #BADADDR

◆ find_byter()

idaman ea_t ida_export find_byter ( ea_t sEA,
asize_t size,
uchar value,
int bin_search_flags )

Find reverse a byte with the specified value (only 8-bit value from the database).

example: ea=4 size=3 will inspect addresses 6, 5, and 4

Parameters
sEAthe lower address of the search range
sizenumber of bytes to inspect
valuevalue to find
bin_search_flagscombination of Search flags
Returns
address of byte or #BADADDR

◆ DECLARE_TYPE_AS_MOVABLE()

DECLARE_TYPE_AS_MOVABLE ( compiled_binpat_t )

◆ parse_binpat_str()

idaman bool ida_export parse_binpat_str ( compiled_binpat_vec_t * out,
ea_t ea,
const char * in,
int radix,
int strlits_encoding = PBSENC_DEF1BPU,
qstring * errbuf = nullptr )

Convert user-specified binary string to internal representation.

The 'in' parameter contains space-separated tokens:

- numbers (numeric base is determined by 'radix')
- if value of number fits a byte, it is considered as a byte
- if value of number fits a word, it is considered as 2 bytes
- if value of number fits a dword,it is considered as 4 bytes
- "..." string constants
- 'x' single-character constants
- ? variable bytes

Note that string constants are surrounded with double quotes.

Here are a few examples (assuming base 16):

CD 21 - bytes 0xCD, 0x21
21CD - bytes 0xCD, 0x21 (little endian ) or 0x21, 0xCD (big-endian)
"Hello", 0 - the null terminated string "Hello"
L"Hello" - 'H', 0, 'e', 0, 'l', 0, 'l', 0, 'o', 0
B8 ? ? ? ? 90 - byte 0xB8, 4 bytes with any value, byte 0x90
Parameters
[out]outa vector of compiled binary patterns, for use with bin_search()
ealinear address to convert for (the conversion depends on the address, because the number of bits in a byte depend on the segment type)
ininput text string
radixnumeric base of numbers (8,10,16)
strlits_encodingthe target encoding into which the string literals present in 'in', should be encoded. Can be any from [1, get_encoding_qty()), or the special values PBSENC_*
errbuferror buffer (can be nullptr)
Returns
false either in case of parsing error, or if at least one requested target encoding couldn't encode the string literals present in "in".

◆ bin_search() [1/2]

idaman ea_t ida_export bin_search ( ea_t start_ea,
ea_t end_ea,
const compiled_binpat_vec_t & data,
int flags,
size_t * out_matched_idx = nullptr )

Search for a pattern in the program.

Parameters
start_ealinear address, start of range to search
end_ealinear address, end of range to search (exclusive)
datathe prepared data to search for (see parse_binpat_str())
flagscombination of Search flags
out_matched_idxindex in data where the pattern was found
Returns
#BADADDR (if pressed Ctrl-Break or not found) or string address.

◆ bin_search() [2/2]

ea_t bin_search ( ea_t start_ea,
ea_t end_ea,
const uchar * image,
const uchar * mask,
size_t len,
int flags )
inline

◆ next_inited()

ea_t idaapi next_inited ( ea_t ea,
ea_t maxea )
inline

Find the next initialized address.

◆ prev_inited()

ea_t idaapi prev_inited ( ea_t ea,
ea_t minea )
inline

Find the previous initialized address.

◆ equal_bytes()

idaman bool ida_export equal_bytes ( ea_t ea,
const uchar * image,
const uchar * mask,
size_t len,
int bin_search_flags )

Compare 'len' bytes of the program starting from 'ea' with 'image'.

Parameters
ealinear address
imagebytes to compare with
maskarray of mask bytes, it's length is 'len'. if the flag BIN_SEARCH_BITMASK is passsed, 'bitwise AND' is used to compare. if not; 1 means to perform the comparison of the corresponding byte. 0 means not to perform. if mask == nullptr, then all bytes of 'image' will be compared. if mask == #SKIP_FF_MASK then 0xFF bytes will be skipped
lenlength of block to compare in bytes.
bin_search_flagscombination of Search flags
Return values
1equal
0not equal

◆ bytes_match_for_bin_search()

bool bytes_match_for_bin_search ( uchar c1,
uchar c2,
const uchar * mask,
int i,
int bin_search_flags )
inline

◆ find_binary()

idaman ea_t ida_export find_binary ( ea_t startea,
ea_t endea,
const char * ubinstr,
int radix,
int sflag,
int strlits_encoding = 0 )

◆ update_hidden_range()

idaman bool ida_export update_hidden_range ( const hidden_range_t * ha)

Update hidden range information in the database.

You cannot use this function to change the range boundaries

Parameters
harange to update
Returns
success

◆ add_hidden_range()

idaman bool ida_export add_hidden_range ( ea_t ea1,
ea_t ea2,
const char * description,
const char * header,
const char * footer,
bgcolor_t color = DEFCOLOR )

Mark a range of addresses as hidden.

The range will be created in the invisible state with the default color

Parameters
ea1linear address of start of the address range
ea2linear address of end of the address range
description,header,footerrange parameters
colorthe range color
Returns
success

◆ get_hidden_range()

idaman hidden_range_t *ida_export get_hidden_range ( ea_t ea)

Get pointer to hidden range structure, in: linear address.

Parameters
eaany address in the hidden range

◆ getn_hidden_range()

idaman hidden_range_t *ida_export getn_hidden_range ( int n)

Get pointer to hidden range structure, in: number of hidden range.

Parameters
nnumber of hidden range, is in range 0..get_hidden_range_qty()-1

◆ get_hidden_range_qty()

idaman int ida_export get_hidden_range_qty ( void )

Get number of hidden ranges.

◆ get_hidden_range_num()

idaman int ida_export get_hidden_range_num ( ea_t ea)

Get number of a hidden range.

Parameters
eaany address in the hidden range
Returns
number of hidden range (0..get_hidden_range_qty()-1)

◆ get_prev_hidden_range()

idaman hidden_range_t *ida_export get_prev_hidden_range ( ea_t ea)

Get pointer to previous hidden range.

Parameters
eaany address in the program
Returns
ptr to hidden range or nullptr if previous hidden range doesn't exist

◆ get_next_hidden_range()

idaman hidden_range_t *ida_export get_next_hidden_range ( ea_t ea)

Get pointer to next hidden range.

Parameters
eaany address in the program
Returns
ptr to hidden range or nullptr if next hidden range doesn't exist

◆ get_first_hidden_range()

idaman hidden_range_t *ida_export get_first_hidden_range ( void )

Get pointer to the first hidden range.

Returns
ptr to hidden range or nullptr

◆ get_last_hidden_range()

idaman hidden_range_t *ida_export get_last_hidden_range ( void )

Get pointer to the last hidden range.

Returns
ptr to hidden range or nullptr

◆ del_hidden_range()

idaman bool ida_export del_hidden_range ( ea_t ea)

Delete hidden range.

Parameters
eaany address in the hidden range
Returns
success

◆ add_mapping()

idaman bool ida_export add_mapping ( ea_t from,
ea_t to,
asize_t size )

IDA supports memory mapping.

References to the addresses from the mapped range use data and meta-data from the mapping range.

Note
You should set flag PR2_MAPPING in ph.flag2 to use memory mapping Add memory mapping range.
Parameters
fromstart of the mapped range (nonexistent address)
tostart of the mapping range (existent address)
sizesize of the range
Returns
success

◆ del_mapping()

idaman void ida_export del_mapping ( ea_t ea)

Delete memory mapping range.

Parameters
eaany address in the mapped range

◆ use_mapping()

idaman ea_t ida_export use_mapping ( ea_t ea)

Translate address according to current mappings.

Parameters
eaaddress to translate
Returns
translated address

◆ get_mappings_qty()

idaman size_t ida_export get_mappings_qty ( void )

Get number of mappings.

◆ get_mapping()

idaman bool ida_export get_mapping ( ea_t * from,
ea_t * to,
asize_t * size,
size_t n )

Get memory mapping range by its number.

Parameters
fromstart of the mapped range
tostart of the mapping range
sizesize of the range
nnumber of mapping range (0..get_mappings_qty()-1)
Returns
false if the specified range doesn't exist, otherwise returns from, to, size

◆ get_hex_string()

THREAD_SAFE ssize_t get_hex_string ( char * buf,
size_t bufsize,
const uchar * bytes,
size_t len )
inline