Array of micro blocks representing microcode for a decompiled function. More...

#include <hexrays.hpp>

Public Member Functions
bool	precise_defeas () const
bool	optimized () const
bool	short_display () const
bool	show_reduction () const
bool	graph_insns () const
bool	loaded_gdl () const
bool	should_beautify () const
bool	rtype_refined () const
bool	may_refine_rettype () const
bool	use_wingraph32 () const
bool	display_numaddrs () const
bool	display_valnums () const
bool	is_pattern () const
bool	is_thunk () const
bool	saverest_done () const
bool	callinfo_built () const
bool	really_alloc () const
bool	lvars_allocated () const
bool	chain_varnums_ok () const
bool	returns_fpval () const
bool	has_passregs () const
bool	generated_asserts () const
bool	propagated_asserts () const
bool	deleted_pairs () const
bool	common_stkvars_stkargs () const
bool	lvar_names_ok () const
bool	lvars_renamed () const
bool	has_over_chains () const
bool	valranges_done () const
bool	argidx_ok () const
bool	argidx_sorted () const
bool	code16_bit_removed () const
bool	has_stack_retval () const
bool	has_outlines () const
bool	is_ctr () const
bool	is_dtr () const
bool	is_cdtr () const
bool	prop_complex () const
int	get_mba_flags () const
int	get_mba_flags2 () const
void	set_mba_flags (int f)
void	clr_mba_flags (int f)
void	set_mba_flags2 (int f)
void	clr_mba_flags2 (int f)
void	clr_cdtr ()
int	calc_shins_flags () const
sval_t hexapi	stkoff_vd2ida (sval_t off) const
sval_t hexapi	stkoff_ida2vd (sval_t off) const
sval_t	argbase () const
vdloc_t hexapi	idaloc2vd (const argloc_t &loc, int width) const
argloc_t hexapi	vd2idaloc (const vdloc_t &loc, int width) const
bool	is_stkarg (const lvar_t &v) const
ssize_t	get_stkvar (udm_t udm, sval_t vd_stkoff, uval_t p_idaoff=nullptr, tinfo_t *p_frame=nullptr) const
argloc_t	get_ida_argloc (const lvar_t &v) const
bool	write_to_const_detected () const
bool	bad_call_sp_detected () const
bool	regargs_is_not_aligned () const
bool	has_bad_sp () const
	mba_t ()
	~mba_t ()
	HEXRAYS_MEMORY_ALLOCATION_FUNCS () void hexapi term()
func_t *hexapi	get_curfunc () const
bool	use_frame () const
bool	range_contains (ea_t ea) const
bool	is_snippet () const
merror_t hexapi	set_maturity (mba_maturity_t mat)
	Set maturity level.
int hexapi	optimize_local (int locopt_bits)
	Optimize each basic block locally.
merror_t hexapi	build_graph ()
	Build control flow graph.
mbl_graph_t *hexapi	get_graph ()
	Get control graph.
int hexapi	analyze_calls (int acflags)
	Analyze calls and determine calling conventions.
merror_t hexapi	optimize_global ()
	Optimize microcode globally.
void hexapi	alloc_lvars ()
	Allocate local variables.
void hexapi	dump () const
	Dump microcode to a file.
	AS_PRINTF (3, 0) void hexapi vdump_mba(bool _verify
	AS_PRINTF (3, 4) void dump_mba(bool _verify
	va_start (va, title)
	vdump_mba (_verify, title, va)
	va_end (va)
void hexapi	print (vd_printer_t &vp) const
	Print microcode to any destination.
void hexapi	verify (bool always) const
	Verify microcode consistency.
void hexapi	mark_chains_dirty ()
	Mark the microcode use-def chains dirty.
const mblock_t *	get_mblock (uint n) const
	Get basic block by its serial number.
mblock_t *	get_mblock (uint n)
mblock_t *hexapi	insert_block (int bblk)
	Insert a block in the middle of the mbl array.
mblock_t *hexapi	split_block (mblock_t blk, minsn_t start_insn)
	Split a block: insert a new one after the block, move some instructions to new block.
bool hexapi	remove_block (mblock_t *blk)
	Delete a block.
bool hexapi	remove_blocks (int start_blk, int end_blk)
mblock_t *hexapi	copy_block (mblock_t *blk, int new_serial, int cpblk_flags=3)
	Make a copy of a block.
bool hexapi	remove_empty_and_unreachable_blocks ()
	Delete all empty and unreachable blocks.
bool hexapi	merge_blocks ()
	Merge blocks.
int hexapi	for_all_ops (mop_visitor_t &mv)
	Visit all operands of all instructions.
int hexapi	for_all_insns (minsn_visitor_t &mv)
	Visit all instructions.
int hexapi	for_all_topinsns (minsn_visitor_t &mv)
	Visit all top level instructions.
mop_t *hexapi	find_mop (op_parent_info_t *ctx, ea_t ea, bool is_dest, const mlist_t &list)
	Find an operand in the microcode.
minsn_t *hexapi	create_helper_call (ea_t ea, const char helper, const tinfo_t rettype=nullptr, const mcallargs_t callargs=nullptr, const mop_t out=nullptr)
	Create a call of a helper function.
void hexapi	get_func_output_lists (mlist_t return_regs, mlist_t spoiled, const tinfo_t &type, ea_t call_ea=BADADDR, bool tail_call=false)
	Prepare the lists of registers & memory that are defined/killed by a function.
lvar_t &hexapi	arg (int n)
	Get input argument of the decompiled function.
const lvar_t &	arg (int n) const
ea_t hexapi	alloc_fict_ea (ea_t real_ea)
	Allocate a fictional address.
ea_t hexapi	map_fict_ea (ea_t fict_ea) const
	Resolve a fictional address.
const ivl_t &	get_std_region (memreg_index_t idx) const
	Get information about various memory regions.
const ivl_t &	get_lvars_region () const
const ivl_t &	get_shadow_region () const
const ivl_t &	get_args_region () const
ivl_t	get_stack_region () const
void hexapi	serialize (bytevec_t &vout) const
	Serialize mbl array into a sequence of bytes.
void hexapi	save_snapshot (const char *description)
	Create and save microcode snapshot.
mreg_t hexapi	alloc_kreg (size_t size, bool check_size=true)
	Allocate a kernel register.
void hexapi	free_kreg (mreg_t reg, size_t size)
	Free a kernel register.
merror_t hexapi	inline_func (codegen_t &cdg, int blknum, mba_ranges_t &ranges, int decomp_flags=0, int inline_flags=0)
	Inline a range.
const stkpnt_t *hexapi	locate_stkpnt (ea_t ea) const
bool hexapi	set_lvar_name (lvar_t &v, const char *name, int flagbits)
bool	set_nice_lvar_name (lvar_t &v, const char *name)
bool	set_user_lvar_name (lvar_t &v, const char *name)

Static Public Member Functions
static vdloc_t hexapi	idaloc2vd (const argloc_t &loc, int width, sval_t spd)
static argloc_t hexapi	vd2idaloc (const vdloc_t &loc, int width, sval_t spd)
static WARN_UNUSED_RESULT mba_t *hexapi	deserialize (const uchar *bytes, size_t nbytes)
	Deserialize a byte sequence into mbl array.

Public Attributes
mba_ranges_t	mbr
ea_t	entry_ea = BADADDR
ea_t	last_prolog_ea = BADADDR
ea_t	first_epilog_ea = BADADDR
int	qty = 0
	number of basic blocks
int	npurged = -1
	-1 - unknown
callcnv_t	cc = CM_CC_UNKNOWN
	calling convention
sval_t	tmpstk_size = 0
	size of the temporary stack part (which dynamically changes with push/pops)
sval_t	frsize = 0
	size of local stkvars range in the stack frame
sval_t	frregs = 0
	size of saved registers range in the stack frame
sval_t	fpd = 0
	frame pointer delta
int	pfn_flags = 0
	copy of func_t::flags
int	retsize = 0
	size of return address in the stack frame
int	shadow_args = 0
	size of shadow argument area
sval_t	fullsize = 0
	Full stack size including incoming args.
sval_t	stacksize = 0
	The maximal size of the function stack including bytes allocated for outgoing call arguments (up to retaddr)
sval_t	inargoff = 0
	offset of the first stack argument; after fix_scattered_movs() INARGOFF may be less than STACKSIZE
sval_t	minstkref = 0
	The lowest stack location whose address was taken.
ea_t	minstkref_ea = BADADDR
	address with lowest minstkref (for debugging)
sval_t	minargref = 0
	The lowest stack argument location whose address was taken This location and locations above it can be aliased It controls locations >= inargoff-shadow_args.
sval_t	spd_adjust = 0
	If sp>0, the max positive sp value.
ivlset_t	gotoff_stkvars
	stkvars that hold .got offsets. considered to be unaliasable
ivlset_t	restricted_memory
ivlset_t	aliased_memory = ALLMEM
	aliased_memory+restricted_memory=ALLMEM
mlist_t	nodel_memory
	global dead elimination may not delete references to this area
rlist_t	consumed_argregs
	registers converted into stack arguments, should not be used as arguments
mba_maturity_t	maturity = MMAT_ZERO
	current maturity level
mba_maturity_t	reqmat = MMAT_ZERO
	required maturity level
bool	final_type = false
	is the function type final? (specified by the user)
tinfo_t	idb_type
	function type as retrieved from the database
reginfovec_t	idb_spoiled
	MBA_SPLINFO && final_type: info in ida format.
mlist_t	spoiled_list
	MBA_SPLINFO && !final_type: info in vd format.
int	fti_flags = 0
	FTI_... constants for the current function.
qstring	label
	name of the function or pattern (colored)
lvars_t	vars
	local variables
intvec_t	argidx
	input arguments (indexes into 'vars')
int	retvaridx = -1
	index of variable holding the return value -1 means none
ea_t	error_ea = BADADDR
	during microcode generation holds ins.ea
qstring	error_strarg
mblock_t *	blocks = nullptr
	double linked list of blocks
mblock_t **	natural = nullptr
	natural order of blocks
ivl_with_name_t	std_ivls [6]
	we treat memory as consisting of 6 parts see memreg_index_t
hexwarns_t	notes
uchar	occurred_warns [32]
char	reserved []
const char *	title
const char va_list va	const
const char	const

Detailed Description

Array of micro blocks representing microcode for a decompiled function.

The first micro block is the entry point, the last one is the exit point. The entry and exit blocks are always empty. The exit block is generated at MMAT_LOCOPT maturity level.

Constructor & Destructor Documentation

◆ mba_t()

mba_t::mba_t ( )

◆ ~mba_t()

mba_t::~mba_t ( )

inline

Member Function Documentation

◆ precise_defeas()

bool mba_t::precise_defeas ( ) const

inline

◆ optimized()

bool mba_t::optimized ( ) const

inline

◆ short_display()

bool mba_t::short_display ( ) const

inline

◆ show_reduction()

bool mba_t::show_reduction ( ) const

inline

◆ graph_insns()

bool mba_t::graph_insns ( ) const

inline

◆ loaded_gdl()

bool mba_t::loaded_gdl ( ) const

inline

◆ should_beautify()

bool mba_t::should_beautify ( ) const

inline

◆ rtype_refined()

bool mba_t::rtype_refined ( ) const

inline

◆ may_refine_rettype()

bool mba_t::may_refine_rettype ( ) const

inline

◆ use_wingraph32()

bool mba_t::use_wingraph32 ( ) const

inline

◆ display_numaddrs()

bool mba_t::display_numaddrs ( ) const

inline

◆ display_valnums()

bool mba_t::display_valnums ( ) const

inline

◆ is_pattern()

bool mba_t::is_pattern ( ) const

inline

◆ is_thunk()

bool mba_t::is_thunk ( ) const

inline

◆ saverest_done()

bool mba_t::saverest_done ( ) const

inline

◆ callinfo_built()

bool mba_t::callinfo_built ( ) const

inline

◆ really_alloc()

bool mba_t::really_alloc ( ) const

inline

◆ lvars_allocated()

bool mba_t::lvars_allocated ( ) const

inline

◆ chain_varnums_ok()

bool mba_t::chain_varnums_ok ( ) const

inline

◆ returns_fpval()

bool mba_t::returns_fpval ( ) const

inline

◆ has_passregs()

bool mba_t::has_passregs ( ) const

inline

◆ generated_asserts()

bool mba_t::generated_asserts ( ) const

inline

◆ propagated_asserts()

bool mba_t::propagated_asserts ( ) const

inline

◆ deleted_pairs()

bool mba_t::deleted_pairs ( ) const

inline

◆ common_stkvars_stkargs()

bool mba_t::common_stkvars_stkargs ( ) const

inline

◆ lvar_names_ok()

bool mba_t::lvar_names_ok ( ) const

inline

◆ lvars_renamed()

bool mba_t::lvars_renamed ( ) const

inline

◆ has_over_chains()

bool mba_t::has_over_chains ( ) const

inline

◆ valranges_done()

bool mba_t::valranges_done ( ) const

inline

◆ argidx_ok()

bool mba_t::argidx_ok ( ) const

inline

◆ argidx_sorted()

bool mba_t::argidx_sorted ( ) const

inline

◆ code16_bit_removed()

bool mba_t::code16_bit_removed ( ) const

inline

◆ has_stack_retval()

bool mba_t::has_stack_retval ( ) const

inline

◆ has_outlines()

bool mba_t::has_outlines ( ) const

inline

◆ is_ctr()

bool mba_t::is_ctr ( ) const

inline

◆ is_dtr()

bool mba_t::is_dtr ( ) const

inline

◆ is_cdtr()

bool mba_t::is_cdtr ( ) const

inline

◆ prop_complex()

bool mba_t::prop_complex ( ) const

inline

◆ get_mba_flags()

int mba_t::get_mba_flags ( ) const

inline

◆ get_mba_flags2()

int mba_t::get_mba_flags2 ( ) const

inline

◆ set_mba_flags()

void mba_t::set_mba_flags ( int f )

inline

◆ clr_mba_flags()

void mba_t::clr_mba_flags ( int f )

inline

◆ set_mba_flags2()

void mba_t::set_mba_flags2 ( int f )

inline

◆ clr_mba_flags2()

void mba_t::clr_mba_flags2 ( int f )

inline

◆ clr_cdtr()

void mba_t::clr_cdtr ( )

inline

◆ calc_shins_flags()

int mba_t::calc_shins_flags ( ) const

inline

◆ stkoff_vd2ida()

sval_t mba_t::stkoff_vd2ida ( sval_t off ) const

inline

◆ stkoff_ida2vd()

sval_t mba_t::stkoff_ida2vd ( sval_t off ) const

inline

◆ argbase()

sval_t mba_t::argbase ( ) const

inline

◆ idaloc2vd() [1/2]

vdloc_t mba_t::idaloc2vd	(	const argloc_t &	loc,
		int	width,
		sval_t	spd )

inlinestatic

◆ idaloc2vd() [2/2]

vdloc_t mba_t::idaloc2vd	(	const argloc_t &	loc,
		int	width ) const

inline

◆ vd2idaloc() [1/2]

argloc_t mba_t::vd2idaloc	(	const vdloc_t &	loc,
		int	width,
		sval_t	spd )

inlinestatic

◆ vd2idaloc() [2/2]

argloc_t mba_t::vd2idaloc	(	const vdloc_t &	loc,
		int	width ) const

inline

◆ is_stkarg()

bool mba_t::is_stkarg ( const lvar_t & v ) const

inline

◆ get_stkvar()

ssize_t mba_t::get_stkvar	(	udm_t *	udm,
		sval_t	vd_stkoff,
		uval_t *	p_idaoff = nullptr,
		tinfo_t *	p_frame = nullptr ) const

◆ get_ida_argloc()

argloc_t mba_t::get_ida_argloc ( const lvar_t & v ) const

inline

◆ write_to_const_detected()

bool mba_t::write_to_const_detected ( ) const

inline

◆ bad_call_sp_detected()

bool mba_t::bad_call_sp_detected ( ) const

inline

◆ regargs_is_not_aligned()

bool mba_t::regargs_is_not_aligned ( ) const

inline

◆ has_bad_sp()

bool mba_t::has_bad_sp ( ) const

inline

◆ HEXRAYS_MEMORY_ALLOCATION_FUNCS()

mba_t::HEXRAYS_MEMORY_ALLOCATION_FUNCS ( )

◆ get_curfunc()

func_t * mba_t::get_curfunc ( ) const

inline

◆ use_frame()

bool mba_t::use_frame ( ) const

inline

◆ range_contains()

bool mba_t::range_contains ( ea_t ea ) const

inline

◆ is_snippet()

bool mba_t::is_snippet ( ) const

inline

◆ set_maturity()

merror_t mba_t::set_maturity ( mba_maturity_t mat )

inline

Set maturity level.

Parameters

mat	new maturity level

Returns: error code Plugins may use this function to skip some parts of the analysis. The maturity level cannot be decreased.

◆ optimize_local()

int mba_t::optimize_local ( int locopt_bits )

inline

Optimize each basic block locally.

Parameters

locopt_bits combination of Bits for optimize_local() bits

Returns: number of changes. 0 means nothing changed This function is called by the decompiler, usually there is no need to call it explicitly.

◆ build_graph()

merror_t mba_t::build_graph ( )

inline

Build control flow graph.

This function may be called only once. It calculates the type of each basic block and the adjacency list. optimize_local() calls this function if necessary. You need to call this function only before MMAT_LOCOPT.

Returns: error code

◆ get_graph()

mbl_graph_t * mba_t::get_graph ( )

inline

Get control graph.

Call build_graph() if you need the graph before MMAT_LOCOPT.

◆ analyze_calls()

int mba_t::analyze_calls ( int acflags )

inline

Analyze calls and determine calling conventions.

Parameters

acflags permitted actions that are necessary for successful detection of calling conventions. See Bits for analyze_calls()

Returns: number of calls. -1 means error.

◆ optimize_global()

merror_t mba_t::optimize_global ( )

inline

Optimize microcode globally.

This function applies various optimization methods until we reach the fixed point. After that it preallocates lvars unless reqmat forbids it.

Returns: error code

◆ alloc_lvars()

void mba_t::alloc_lvars ( )

inline

Allocate local variables.

Must be called only immediately after optimize_global(), with no modifications to the microcode. Converts registers, stack variables, and similar operands into mop_l. This call will not fail because all necessary checks were performed in optimize_global(). After this call the microcode reaches its final state.

◆ dump()

void mba_t::dump ( ) const

inline

Dump microcode to a file.

The file will be created in the directory pointed by IDA_DUMPDIR envvar. Dump will be created only if IDA is run under debugger.

◆ AS_PRINTF() [1/2]

mba_t::AS_PRINTF	(	3	,
		0	)

◆ AS_PRINTF() [2/2]

mba_t::AS_PRINTF	(	3	,
		4	)

◆ va_start()

mba_t::va_start	(	va	,
		title	)

◆ vdump_mba()

mba_t::vdump_mba	(	_verify	,
		title	,
		va	)

◆ va_end()

mba_t::va_end ( va )

◆ print()

void hexapi mba_t::print ( vd_printer_t & vp ) const

Print microcode to any destination.

Parameters

vp	print sink

◆ verify()

void hexapi mba_t::verify ( bool always ) const

Verify microcode consistency.

Parameters

always if false, the check will be performed only if ida runs under debugger If any inconsistency is discovered, an internal error will be generated. We strongly recommend you to call this function before returing control to the decompiler from your callbacks, in the case if you modified the microcode. If the microcode is inconsistent, this function will generate an internal error. We provide the source code of this function in the plugins/hexrays_sdk/verifier directory for your reference.

◆ mark_chains_dirty()

void hexapi mba_t::mark_chains_dirty ( )

Mark the microcode use-def chains dirty.

Call this function is any inter-block data dependencies got changed because of your modifications to the microcode. Failing to do so may cause an internal error.

◆ get_mblock() [1/2]

const mblock_t * mba_t::get_mblock ( uint n ) const

inline

Get basic block by its serial number.

◆ get_mblock() [2/2]

mblock_t * mba_t::get_mblock ( uint n )

inline

◆ insert_block()

mblock_t * mba_t::insert_block ( int bblk )

inline

Insert a block in the middle of the mbl array.

The very first block of microcode must be empty, it is the entry block. The very last block of microcode must be BLT_STOP, it is the exit block. Therefore inserting a new block before the entry point or after the exit block is not a good idea.

Parameters

bblk	the new block will be inserted before BBLK

Returns: ptr to the new block

◆ split_block()

mblock_t * mba_t::split_block	(	mblock_t *	blk,
		minsn_t *	start_insn )

inline

Split a block: insert a new one after the block, move some instructions to new block.

Parameters

blk	block to be split
start_insn	all instructions to be moved to new block: starting with this one up to the end

Returns: ptr to the new block

◆ remove_block()

bool mba_t::remove_block ( mblock_t * blk )

inline

Delete a block.

Parameters

blk	block to delete

Returns: true if at least one of the other blocks became empty or unreachable

◆ remove_blocks()

bool mba_t::remove_blocks	(	int	start_blk,
		int	end_blk )

inline

◆ copy_block()

mblock_t * mba_t::copy_block	(	mblock_t *	blk,
		int	new_serial,
		int	cpblk_flags = 3 )

inline

Make a copy of a block.

This function makes a simple copy of the block. It does not fix the predecessor and successor lists, they must be fixed if necessary.

Parameters

blk	block to copy
new_serial	position of the copied block
cpblk_flags	combination of Batch decompilation bits... bits

Returns: pointer to the new copy

◆ remove_empty_and_unreachable_blocks()

bool mba_t::remove_empty_and_unreachable_blocks ( )

inline

Delete all empty and unreachable blocks.

Blocks marked with MBL_KEEP won't be deleted.

◆ merge_blocks()

bool mba_t::merge_blocks ( )

inline

Merge blocks.

This function merges blocks constituting linear flow. It calls remove_empty_and_unreachable_blocks() as well.

Returns: true if changed any blocks

◆ for_all_ops()

int mba_t::for_all_ops ( mop_visitor_t & mv )

inline

Visit all operands of all instructions.

Parameters

mv	operand visitor

Returns: non-zero value returned by mv.visit_mop() or zero

◆ for_all_insns()

int mba_t::for_all_insns ( minsn_visitor_t & mv )

inline

Visit all instructions.

This function visits all instruction and subinstructions.

Parameters

mv	instruction visitor

Returns: non-zero value returned by mv.visit_mop() or zero

◆ for_all_topinsns()

int mba_t::for_all_topinsns ( minsn_visitor_t & mv )

inline

Visit all top level instructions.

Parameters

mv	instruction visitor

Returns: non-zero value returned by mv.visit_mop() or zero

◆ find_mop()

mop_t * mba_t::find_mop	(	op_parent_info_t *	ctx,
		ea_t	ea,
		bool	is_dest,
		const mlist_t &	list )

inline

Find an operand in the microcode.

This function tries to find the operand that matches LIST. Any operand that overlaps with LIST is considered as a match.

Parameters

[out]	ctx	context information for the result
	ea	desired address of the operand. BADADDR means to accept any address.
	is_dest	search for destination operand? this argument may be ignored if the exact match could not be found
	list	list of locations the correspond to the operand

Returns: pointer to the operand or nullptr.

◆ create_helper_call()

minsn_t * mba_t::create_helper_call	(	ea_t	ea,
		const char *	helper,
		const tinfo_t *	rettype = nullptr,
		const mcallargs_t *	callargs = nullptr,
		const mop_t *	out = nullptr )

inline

Create a call of a helper function.

Parameters

ea	The desired address of the instruction
helper	The helper name
rettype	The return type (nullptr or empty type means 'void')
callargs	The helper arguments (nullptr-no arguments)
out	The operand where the call result should be stored. If this argument is not nullptr, "mov helper_call(), out" will be generated. Otherwise "call helper()" will be generated. Note: the size of this operand must be equal to the RETTYPE size

Returns: pointer to the created instruction or nullptr if error

◆ get_func_output_lists()

void mba_t::get_func_output_lists	(	mlist_t *	return_regs,
		mlist_t *	spoiled,
		const tinfo_t &	type,
		ea_t	call_ea = BADADDR,
		bool	tail_call = false )

inline

Prepare the lists of registers & memory that are defined/killed by a function.

Parameters

[out]	return_regs	defined regs to return (eax,edx)
[out]	spoiled	spoiled regs (flags,ecx,mem)
	type	the function type
	call_ea	the call insn address (if known)
	tail_call	is it the tail call?

◆ arg() [1/2]

lvar_t & mba_t::arg ( int n )

inline

Get input argument of the decompiled function.

Parameters

n	argument number (0..nargs-1)

◆ arg() [2/2]

const lvar_t & mba_t::arg ( int n ) const

inline

◆ alloc_fict_ea()

ea_t mba_t::alloc_fict_ea ( ea_t real_ea )

inline

Allocate a fictional address.

This function can be used to allocate a new unique address for a new instruction, if re-using any existing address leads to conflicts. For example, if the last instruction of the function modifies R0 and falls through to the next function, it will be a tail call: LDM R0!, {R4,R7} end of the function start of another function In this case R0 generates two different lvars at the same address:

one modified by LDM
another that represents the return value from the tail call

Another example: a third-party plugin makes a copy of an instruction. This may lead to the generation of two variables at the same address. Example 3: fictional addresses can be used for new instructions created while modifying the microcode. This function can be used to allocate a new unique address for a new instruction or a variable. The fictional address is selected from an unallocated address range.

Parameters

real_ea real instruction address (BADADDR is ok too)

Returns: a unique fictional address

◆ map_fict_ea()

ea_t mba_t::map_fict_ea ( ea_t fict_ea ) const

inline

Resolve a fictional address.

This function provides a reverse of the mapping made by alloc_fict_ea().

Parameters

fict_ea fictional definition address

Returns: the real instruction address

◆ get_std_region()

const ivl_t & mba_t::get_std_region ( memreg_index_t idx ) const

inline

Get information about various memory regions.

We map the stack frame to the global memory, to some unused range.

◆ get_lvars_region()

const ivl_t & mba_t::get_lvars_region ( ) const

inline

◆ get_shadow_region()

const ivl_t & mba_t::get_shadow_region ( ) const

inline

◆ get_args_region()

const ivl_t & mba_t::get_args_region ( ) const

inline

◆ get_stack_region()

ivl_t mba_t::get_stack_region ( ) const

inline

◆ serialize()

void mba_t::serialize ( bytevec_t & vout ) const

inline

Serialize mbl array into a sequence of bytes.

◆ deserialize()

WARN_UNUSED_RESULT mba_t * mba_t::deserialize	(	const uchar *	bytes,
		size_t	nbytes )

inlinestatic

Deserialize a byte sequence into mbl array.

Parameters

bytes	pointer to the beginning of the byte sequence.
nbytes	number of bytes in the byte sequence.

Returns: new mbl array

◆ save_snapshot()

void mba_t::save_snapshot ( const char * description )

inline

Create and save microcode snapshot.

◆ alloc_kreg()

mreg_t mba_t::alloc_kreg	(	size_t	size,
		bool	check_size = true )

inline

Allocate a kernel register.

Parameters

size	size of the register in bytes
check_size	if true, only the sizes that correspond to a size of a basic type will be accepted.

Returns: allocated register. mr_none means failure.

◆ free_kreg()

void mba_t::free_kreg	(	mreg_t	reg,
		size_t	size )

inline

Free a kernel register.

If wrong arguments are passed, this function will generate an internal error.

Parameters

reg	a previously allocated kernel register
size	size of the register in bytes

◆ inline_func()

merror_t mba_t::inline_func	(	codegen_t &	cdg,
		int	blknum,
		mba_ranges_t &	ranges,
		int	decomp_flags = 0,
		int	inline_flags = 0 )

inline

Inline a range.

This function may be called only during the initial microcode generation phase.

Parameters

cdg	the codegenerator object
blknum	the block contaning the call/jump instruction to inline
ranges	the set of ranges to inline. in the case of multiple calls to inline_func(), ranges will be compared using their start addresses. if two ranges have the same address, they will be considered the same.
decomp_flags	combination of decompile() flags bits
inline_flags	combination of inline_func() flags bits

Returns: error code

◆ locate_stkpnt()

const stkpnt_t * mba_t::locate_stkpnt ( ea_t ea ) const

inline

◆ set_lvar_name()

bool mba_t::set_lvar_name	(	lvar_t &	v,
		const char *	name,
		int	flagbits )

inline

◆ set_nice_lvar_name()

bool mba_t::set_nice_lvar_name	(	lvar_t &	v,
		const char *	name )

inline

◆ set_user_lvar_name()

bool mba_t::set_user_lvar_name	(	lvar_t &	v,
		const char *	name )

inline

Member Data Documentation

◆ mbr

mba_ranges_t mba_t::mbr

◆ entry_ea

ea_t mba_t::entry_ea = BADADDR

◆ last_prolog_ea

ea_t mba_t::last_prolog_ea = BADADDR

◆ first_epilog_ea

ea_t mba_t::first_epilog_ea = BADADDR

◆ qty

int mba_t::qty = 0

number of basic blocks

◆ npurged

int mba_t::npurged = -1

-1 - unknown

◆ cc

callcnv_t mba_t::cc = CM_CC_UNKNOWN

calling convention

◆ tmpstk_size

sval_t mba_t::tmpstk_size = 0

size of the temporary stack part (which dynamically changes with push/pops)

◆ frsize

sval_t mba_t::frsize = 0

size of local stkvars range in the stack frame

◆ frregs

sval_t mba_t::frregs = 0

size of saved registers range in the stack frame

◆ fpd

sval_t mba_t::fpd = 0

frame pointer delta

◆ pfn_flags

int mba_t::pfn_flags = 0

copy of func_t::flags

◆ retsize

int mba_t::retsize = 0

size of return address in the stack frame

◆ shadow_args

int mba_t::shadow_args = 0

size of shadow argument area

◆ fullsize

sval_t mba_t::fullsize = 0

Full stack size including incoming args.

◆ stacksize

sval_t mba_t::stacksize = 0

The maximal size of the function stack including bytes allocated for outgoing call arguments (up to retaddr)

◆ inargoff

sval_t mba_t::inargoff = 0

offset of the first stack argument; after fix_scattered_movs() INARGOFF may be less than STACKSIZE

◆ minstkref

sval_t mba_t::minstkref = 0

The lowest stack location whose address was taken.

◆ minstkref_ea

ea_t mba_t::minstkref_ea = BADADDR

address with lowest minstkref (for debugging)

◆ minargref

sval_t mba_t::minargref = 0

The lowest stack argument location whose address was taken This location and locations above it can be aliased It controls locations >= inargoff-shadow_args.

◆ spd_adjust

sval_t mba_t::spd_adjust = 0

If sp>0, the max positive sp value.

◆ gotoff_stkvars

ivlset_t mba_t::gotoff_stkvars

stkvars that hold .got offsets. considered to be unaliasable

◆ restricted_memory

ivlset_t mba_t::restricted_memory

◆ aliased_memory

ivlset_t mba_t::aliased_memory = ALLMEM

aliased_memory+restricted_memory=ALLMEM

◆ nodel_memory

mlist_t mba_t::nodel_memory

global dead elimination may not delete references to this area

◆ consumed_argregs

rlist_t mba_t::consumed_argregs

registers converted into stack arguments, should not be used as arguments

◆ maturity

mba_maturity_t mba_t::maturity = MMAT_ZERO

current maturity level

◆ reqmat

mba_maturity_t mba_t::reqmat = MMAT_ZERO

required maturity level

◆ final_type

bool mba_t::final_type = false

is the function type final? (specified by the user)

◆ idb_type

tinfo_t mba_t::idb_type

function type as retrieved from the database

◆ idb_spoiled

reginfovec_t mba_t::idb_spoiled

MBA_SPLINFO && final_type: info in ida format.

◆ spoiled_list

mlist_t mba_t::spoiled_list

MBA_SPLINFO && !final_type: info in vd format.

◆ fti_flags

int mba_t::fti_flags = 0

FTI_... constants for the current function.

◆ label

qstring mba_t::label

name of the function or pattern (colored)

◆ vars

lvars_t mba_t::vars

local variables

◆ argidx

intvec_t mba_t::argidx

input arguments (indexes into 'vars')

◆ retvaridx

int mba_t::retvaridx = -1

index of variable holding the return value -1 means none

◆ error_ea

ea_t mba_t::error_ea = BADADDR

during microcode generation holds ins.ea

◆ error_strarg

qstring mba_t::error_strarg

◆ blocks

mblock_t* mba_t::blocks = nullptr

double linked list of blocks

◆ natural

mblock_t** mba_t::natural = nullptr

natural order of blocks

◆ std_ivls

ivl_with_name_t mba_t::std_ivls[6]

we treat memory as consisting of 6 parts see memreg_index_t

◆ notes

hexwarns_t mba_t::notes

mutable

◆ occurred_warns

uchar mba_t::occurred_warns[32]

mutable

◆ reserved

char mba_t::reserved[]

◆ title

const char * mba_t::title

◆ const [1/2]

const char va_list va mba_t::const

◆ const [2/2]

const char mba_t::const

Initial value:

{

va_list va

va

const tinfo_t const char va_list va

Definition hexrays.hpp:7301

The documentation for this class was generated from the following file:

ida-sdk/src/include/hexrays.hpp

Public Member Functions

Static Public Member Functions

Public Attributes

Detailed Description

Constructor & Destructor Documentation

◆ mba_t()

◆ ~mba_t()

Member Function Documentation

◆ precise_defeas()

◆ optimized()

◆ short_display()

◆ show_reduction()

◆ graph_insns()

◆ loaded_gdl()

◆ should_beautify()

◆ rtype_refined()

◆ may_refine_rettype()

◆ use_wingraph32()

◆ display_numaddrs()

◆ display_valnums()

◆ is_pattern()

◆ is_thunk()

◆ saverest_done()

◆ callinfo_built()

◆ really_alloc()

◆ lvars_allocated()

◆ chain_varnums_ok()

◆ returns_fpval()

◆ has_passregs()

◆ generated_asserts()

◆ propagated_asserts()

◆ deleted_pairs()

◆ common_stkvars_stkargs()

◆ lvar_names_ok()

◆ lvars_renamed()

◆ has_over_chains()

◆ valranges_done()

◆ argidx_ok()

◆ argidx_sorted()

◆ code16_bit_removed()

◆ has_stack_retval()

◆ has_outlines()

◆ is_ctr()

◆ is_dtr()

◆ is_cdtr()

◆ prop_complex()

◆ get_mba_flags()

◆ get_mba_flags2()

◆ set_mba_flags()

◆ clr_mba_flags()

◆ set_mba_flags2()

◆ clr_mba_flags2()

◆ clr_cdtr()

◆ calc_shins_flags()

◆ stkoff_vd2ida()

◆ stkoff_ida2vd()

◆ argbase()

◆ idaloc2vd() [1/2]

◆ idaloc2vd() [2/2]

◆ vd2idaloc() [1/2]

◆ vd2idaloc() [2/2]

◆ is_stkarg()

◆ get_stkvar()

◆ get_ida_argloc()

◆ write_to_const_detected()

◆ bad_call_sp_detected()

◆ regargs_is_not_aligned()

◆ has_bad_sp()

◆ HEXRAYS_MEMORY_ALLOCATION_FUNCS()

◆ get_curfunc()

◆ use_frame()

◆ range_contains()

◆ is_snippet()

◆ set_maturity()

◆ optimize_local()

◆ build_graph()

◆ get_graph()

◆ analyze_calls()

◆ optimize_global()

◆ alloc_lvars()