 |
IDA C++ SDK 9.2
|
|
IDA C++ SDK 9.2
|
Routines for working with functions within the disassembled program. More...
Go to the source code of this file.
Classes | |
| struct | regarg_t |
| Register argument description. More... | |
| class | func_t |
| A function is a set of continuous ranges of addresses with characteristics. More... | |
| class | lock_func |
| Helper class to lock a function pointer so it stays valid. More... | |
| class | lock_func_with_tails_t |
| class | func_tail_iterator_t |
| Class to enumerate all function tails sorted by addresses. More... | |
| class | func_item_iterator_t |
| Class to enumerate all function instructions and data sorted by addresses. More... | |
| class | func_parent_iterator_t |
| Class to enumerate all function parents sorted by addresses. More... | |
Functions | |
| idaman void ida_export | free_regarg (struct regarg_t *v) |
| DECLARE_TYPE_AS_MOVABLE (regarg_t) | |
| DECLARE_TYPE_AS_MOVABLE (func_t) | |
| bool | is_func_entry (const func_t *pfn) |
| Does function describe a function entry chunk? | |
| bool | is_func_tail (const func_t *pfn) |
| Does function describe a function tail chunk? | |
| idaman void ida_export | lock_func_range (const func_t *pfn, bool lock) |
| Lock function pointer Locked pointers are guaranteed to remain valid until they are unlocked. | |
| idaman bool ida_export | is_func_locked (const func_t *pfn) |
| Is the function pointer locked? | |
| idaman func_t *ida_export | get_func (ea_t ea) |
| Get pointer to function structure by address. | |
| idaman int ida_export | get_func_chunknum (func_t *pfn, ea_t ea) |
| Get the containing tail chunk of 'ea'. | |
| bool | func_contains (func_t *pfn, ea_t ea) |
| Does the given function contain the given address? | |
| bool | is_same_func (ea_t ea1, ea_t ea2) |
| Do two addresses belong to the same function? | |
| idaman func_t *ida_export | getn_func (size_t n) |
| Get pointer to function structure by number. | |
| idaman size_t ida_export | get_func_qty (void) |
| Get total number of functions in the program. | |
| idaman int ida_export | get_func_num (ea_t ea) |
| Get ordinal number of a function. | |
| idaman func_t *ida_export | get_prev_func (ea_t ea) |
| Get pointer to the previous function. | |
| idaman func_t *ida_export | get_next_func (ea_t ea) |
| Get pointer to the next function. | |
| idaman ea_t ida_export | get_func_ranges (rangeset_t *ranges, func_t *pfn) |
| Get function ranges. | |
| idaman ssize_t ida_export | get_func_cmt (qstring *buf, const func_t *pfn, bool repeatable) |
| Get function comment. | |
| idaman bool ida_export | set_func_cmt (const func_t *pfn, const char *cmt, bool repeatable) |
| Set function comment. | |
| idaman bool ida_export | update_func (func_t *pfn) |
| Update information about a function in the database (func_t). | |
| idaman bool ida_export | add_func_ex (func_t *pfn) |
| Add a new function. | |
| bool | add_func (ea_t ea1, ea_t ea2=BADADDR) |
| Add a new function. | |
| idaman bool ida_export | del_func (ea_t ea) |
| Delete a function. | |
| idaman int ida_export | set_func_start (ea_t ea, ea_t newstart) |
| Move function chunk start address. | |
| idaman bool ida_export | set_func_end (ea_t ea, ea_t newend) |
| Move function chunk end address. | |
| idaman void ida_export | reanalyze_function (func_t *pfn, ea_t ea1=0, ea_t ea2=BADADDR, bool analyze_parents=false) |
| Reanalyze a function. | |
| idaman int ida_export | find_func_bounds (func_t *nfn, int flags) |
| Determine the boundaries of a new function. | |
| idaman ssize_t ida_export | get_func_name (qstring *out, ea_t ea) |
| Get function name. | |
| idaman asize_t ida_export | calc_func_size (func_t *pfn) |
| Calculate function size. | |
| idaman int ida_export | get_func_bitness (const func_t *pfn) |
| Get function bitness (which is equal to the function segment bitness). | |
| int idaapi | get_func_bits (const func_t *pfn) |
| Get number of bits in the function addressing. | |
| int idaapi | get_func_bytes (const func_t *pfn) |
| Get number of bytes in the function addressing. | |
| bool | is_visible_func (func_t *pfn) |
| Is the function visible (not hidden)? | |
| bool | is_finally_visible_func (func_t *pfn) |
| Is the function visible (event after considering #SCF_SHHID_FUNC)? | |
| idaman void ida_export | set_visible_func (func_t *pfn, bool visible) |
| Set visibility of function. | |
| idaman int ida_export | set_func_name_if_jumpfunc (func_t *pfn, const char *oldname) |
| Give a meaningful name to function if it consists of only 'jump' instruction. | |
| idaman ea_t ida_export | calc_thunk_func_target (func_t *pfn, ea_t *fptr) |
| Calculate target of a thunk function. | |
| idaman bool ida_export | func_does_return (ea_t callee) |
| Does the function return? | |
| idaman bool ida_export | reanalyze_noret_flag (ea_t ea) |
| Plan to reanalyze noret flag. | |
| idaman bool ida_export | set_noret_insn (ea_t insn_ea, bool noret) |
| Signal a non-returning instruction. | |
| idaman func_t *ida_export | get_fchunk (ea_t ea) |
| Get pointer to function chunk structure by address. | |
| idaman func_t *ida_export | getn_fchunk (int n) |
| Get pointer to function chunk structure by number. | |
| idaman size_t ida_export | get_fchunk_qty (void) |
| Get total number of function chunks in the program. | |
| idaman int ida_export | get_fchunk_num (ea_t ea) |
| Get ordinal number of a function chunk in the global list of function chunks. | |
| idaman func_t *ida_export | get_prev_fchunk (ea_t ea) |
| Get pointer to the previous function chunk in the global list. | |
| idaman func_t *ida_export | get_next_fchunk (ea_t ea) |
| Get pointer to the next function chunk in the global list. | |
| idaman bool ida_export | append_func_tail (func_t *pfn, ea_t ea1, ea_t ea2) |
| Append a new tail chunk to the function definition. | |
| idaman bool ida_export | remove_func_tail (func_t *pfn, ea_t tail_ea) |
| Remove a function tail. | |
| idaman bool ida_export | set_tail_owner (func_t *fnt, ea_t new_owner) |
| Set a new owner of a function tail. | |
| DECLARE_FUNC_ITERATORS (idaman) inline THREAD_SAFE bool idaapi f_any(flags64_t | |
| Helper function to accept any address. | |
| idaman void ida_export | iterate_func_chunks (func_t *pfn, void(idaapi *func)(ea_t ea1, ea_t ea2, void *ud), void *ud=nullptr, bool include_parents=false) |
| Function to iterate function chunks (all of them including the entry chunk) | |
| idaman int ida_export | plan_to_apply_idasgn (const char *fname) |
| Add a signature file to the list of planned signature files. | |
| idaman int ida_export | apply_idasgn_to (const char *signame, ea_t ea, bool is_startup) |
| Apply a signature file to the specified address. | |
| idaman int ida_export | get_idasgn_qty (void) |
| Get number of signatures in the list of planned and applied signatures. | |
| idaman int ida_export | get_current_idasgn (void) |
| Get number of the the current signature. | |
| idaman int ida_export | calc_idasgn_state (int n) |
| Get state of a signature in the list of planned signatures. | |
| idaman int ida_export | del_idasgn (int n) |
| Remove signature from the list of planned signatures. | |
| idaman int32 ida_export | get_idasgn_desc (qstring *signame, qstring *optlibs, int n) |
| Get information about a signature in the list. | |
| idaman ssize_t ida_export | get_idasgn_title (qstring *buf, const char *name) |
| Get full description of the signature by its short name. | |
| idaman void ida_export | determine_rtl (void) |
| Determine compiler/vendor using the startup signatures. | |
| idaman bool ida_export | apply_startup_sig (ea_t ea, const char *startup) |
| Apply a startup signature file to the specified address. | |
| idaman int ida_export | try_to_add_libfunc (ea_t ea) |
| Apply the currently loaded signature file to the specified address. | |
Get prev/next address in function | |
Unlike func_item_iterator_t which always enumerates the main function chunk first, these functions respect linear address ordering. | |
| idaman ea_t ida_export | get_prev_func_addr (func_t *pfn, ea_t ea) |
| idaman ea_t ida_export | get_next_func_addr (func_t *pfn, ea_t ea) |
Functions to work with temporary register argument definitions | |
| idaman void ida_export | read_regargs (func_t *pfn) |
| idaman void ida_export | add_regarg (func_t *pfn, int reg, const tinfo_t &tif, const char *name) |
Routines for working with functions within the disassembled program.
This file also contains routines for working with library signatures (e.g. FLIRT).
Each function consists of function chunks. At least one function chunk must be present in the function definition - the function entry chunk. Other chunks are called function tails. There may be several of them for a function.
A function tail is a continuous range of addresses. It can be used in the definition of one or more functions. One function using the tail is singled out and called the tail owner. This function is considered as 'possessing' the tail. get_func() on a tail address will return the function possessing the tail. You can enumerate the functions using the tail by using func_parent_iterator_t.
Each function chunk in the disassembly is represented as an "range" (a range of addresses, see range.hpp for details) with characteristics.
A function entry must start with an instruction (code) byte.
| DECLARE_TYPE_AS_MOVABLE | ( | regarg_t | ) |
| DECLARE_TYPE_AS_MOVABLE | ( | func_t | ) |
Lock function pointer Locked pointers are guaranteed to remain valid until they are unlocked.
Ranges with locked pointers cannot be deleted or moved.
Get pointer to function structure by address.
| ea | any address in a function |
Get the containing tail chunk of 'ea'.
| -1 | means 'does not contain ea' |
| 0 | means the 'pfn' itself contains ea |
| >0 | the number of the containing function tail chunk |
Does the given function contain the given address?
| idaman func_t *ida_export getn_func | ( | size_t | n | ) |
Get pointer to function structure by number.
| n | number of function, is in range 0..get_func_qty()-1 |
| idaman size_t ida_export get_func_qty | ( | void | ) |
Get total number of functions in the program.
| idaman int ida_export get_func_num | ( | ea_t | ea | ) |
Get ordinal number of a function.
| ea | any address in the function |
Get pointer to the previous function.
| ea | any address in the program |
Get pointer to the next function.
| ea | any address in the program |
Get function ranges.
| ranges | buffer to receive the range info |
| pfn | ptr to function structure |
Get function comment.
| buf | buffer for the comment |
| pfn | ptr to function structure |
| repeatable | get repeatable comment? |
Set function comment.
This function works with function chunks too.
| pfn | ptr to function structure |
| cmt | comment string, may be multiline (with ' '). Use empty str ("") to delete comment |
| repeatable | set repeatable comment? |
Update information about a function in the database (func_t).
You must not change the function start and end addresses using this function. Use set_func_start() and set_func_end() for it.
| pfn | ptr to function structure |
Add a new function.
If the fn->end_ea is #BADADDR, then IDA will try to determine the function bounds by calling find_func_bounds(..., #FIND_FUNC_DEFINE).
| pfn | ptr to filled function structure |
Add a new function.
If the function end address is #BADADDR, then IDA will try to determine the function bounds by calling find_func_bounds(..., #FIND_FUNC_DEFINE).
| ea1 | start address |
| ea2 | end address |
Delete a function.
| ea | any address in the function entry chunk |
Move function chunk start address.
| ea | any address in the function |
| newstart | new end address of the function |
Move function chunk end address.
| ea | any address in the function |
| newend | new end address of the function |
| idaman void ida_export reanalyze_function | ( | func_t * | pfn, |
| ea_t | ea1 = 0, | ||
| ea_t | ea2 = BADADDR, | ||
| bool | analyze_parents = false ) |
Reanalyze a function.
This function plans to analyzes all chunks of the given function. Optional parameters (ea1, ea2) may be used to narrow the analyzed range.
| pfn | pointer to a function |
| ea1 | start of the range to analyze |
| ea2 | end of range to analyze |
| analyze_parents | meaningful only if pfn points to a function tail. if true, all tail parents will be reanalyzed. if false, only the given tail will be reanalyzed. |
| idaman int ida_export find_func_bounds | ( | func_t * | nfn, |
| int | flags ) |
Determine the boundaries of a new function.
This function tries to find the start and end addresses of a new function. It calls the module with processor_t::func_bounds in order to fine tune the function boundaries.
| nfn | structure to fill with information \ nfn->start_ea points to the start address of the new function. |
| flags | Find function bounds flags |
Get function name.
| out | buffer for the answer |
| ea | any address in the function |
Calculate function size.
This function takes into account all fragments of the function.
| pfn | ptr to function structure |
| idaman int ida_export get_func_bitness | ( | const func_t * | pfn | ) |
Get function bitness (which is equal to the function segment bitness).
pfn==nullptr => returns 0
| 0 | 16 |
| 1 | 32 |
| 2 | 64 |
|
inline |
Get number of bits in the function addressing.
|
inline |
Get number of bytes in the function addressing.
Is the function visible (event after considering #SCF_SHHID_FUNC)?
| idaman int ida_export set_func_name_if_jumpfunc | ( | func_t * | pfn, |
| const char * | oldname ) |
Give a meaningful name to function if it consists of only 'jump' instruction.
| pfn | pointer to function (may be nullptr) |
| oldname | old name of function. if old name was in "j_..." form, then we may discard it and set a new name. if oldname is not known, you may pass nullptr. |
Calculate target of a thunk function.
| pfn | pointer to function (may not be nullptr) |
| fptr | out: will hold address of a function pointer (if indirect jump) |
Does the function return?
To calculate the answer, #FUNC_NORET flag and is_noret() are consulted The latter is required for imported functions in the .idata section. Since in .idata we have only function pointers but not functions, we have to introduce a special flag for them.
Plan to reanalyze noret flag.
This function does not remove FUNC_NORET if it is already present. It just plans to reanalysis.
Signal a non-returning instruction.
This function can be used by the processor module to tell the kernel about non-returning instructions (like call exit). The kernel will perform the global function analysis and find out if the function returns at all. This analysis will be done at the first call to func_does_return()
Get pointer to function chunk structure by address.
| ea | any address in a function chunk |
| idaman func_t *ida_export getn_fchunk | ( | int | n | ) |
Get pointer to function chunk structure by number.
| n | number of function chunk, is in range 0..get_fchunk_qty()-1 |
| idaman size_t ida_export get_fchunk_qty | ( | void | ) |
Get total number of function chunks in the program.
| idaman int ida_export get_fchunk_num | ( | ea_t | ea | ) |
Get ordinal number of a function chunk in the global list of function chunks.
| ea | any address in the function chunk |
Get pointer to the previous function chunk in the global list.
| ea | any address in the program |
Get pointer to the next function chunk in the global list.
| ea | any address in the program |
Append a new tail chunk to the function definition.
If the tail already exists, then it will simply be added to the function tail list Otherwise a new tail will be created and its owner will be set to be our function If a new tail cannot be created, then this function will fail.
| pfn | pointer to the function |
| ea1 | start of the tail. If a tail already exists at the specified address it must start at 'ea1' |
| ea2 | end of the tail. If a tail already exists at the specified address it must end at 'ea2'. If specified as BADADDR, IDA will determine the end address itself. |
Remove a function tail.
If the tail belongs only to one function, it will be completely removed. Otherwise if the function was the tail owner, the first function using this tail becomes the owner of the tail.
| pfn | pointer to the function |
| tail_ea | any address inside the tail to remove |
Set a new owner of a function tail.
The new owner function must be already referring to the tail (after append_func_tail).
| fnt | pointer to the function tail |
| new_owner | the entry point of the new owner function |
| DECLARE_FUNC_ITERATORS | ( | idaman | ) |
Helper function to accept any address.
| idaman void ida_export iterate_func_chunks | ( | func_t * | pfn, |
| void(idaapi *func)(ea_t ea1, ea_t ea2, void *ud) | , | ||
| void * | ud = nullptr, | ||
| bool | include_parents = false ) |
Function to iterate function chunks (all of them including the entry chunk)
| pfn | pointer to the function |
| func | function to call for each chunk |
| ud | user data for 'func' |
| include_parents | meaningful only if pfn points to a function tail. if true, all tail parents will be iterated. if false, only the given tail will be iterated. |
| idaman int ida_export plan_to_apply_idasgn | ( | const char * | fname | ) |
Add a signature file to the list of planned signature files.
| fname | file name. should not contain directory part. |
Apply a signature file to the specified address.
| signame | short name of signature file (the file name without path) |
| ea | address to apply the signature |
| is_startup | if set, then the signature is treated as a startup one for startup signature ida doesn't rename the first function of the applied module. |
| idaman int ida_export get_idasgn_qty | ( | void | ) |
Get number of signatures in the list of planned and applied signatures.
| idaman int ida_export get_current_idasgn | ( | void | ) |
Get number of the the current signature.
| idaman int ida_export calc_idasgn_state | ( | int | n | ) |
Get state of a signature in the list of planned signatures.
| n | number of signature in the list (0..get_idasgn_qty()-1) |
| idaman int ida_export del_idasgn | ( | int | n | ) |
Remove signature from the list of planned signatures.
| n | number of signature in the list (0..get_idasgn_qty()-1) |
Get information about a signature in the list.
| signame | buffer for the name of the signature. (short form, only base name without the directory part will be stored). if signame == nullptr, then the name won't be returned. |
| optlibs | buffer for the names of the optional libraries if optlibs == nullptr, then the optional libraries are not returned |
| n | number of signature in the list (0..get_idasgn_qty()-1) |
Get full description of the signature by its short name.
| buf | the output buffer |
| name | short name of a signature |
Determine compiler/vendor using the startup signatures.
If determined, then appropriate signature files are included into the list of planned signature files.
Apply a startup signature file to the specified address.
| ea | address to apply the signature to; usually idainfo::start_ea |
| startup | the name of the signature file without path and extension |
| idaman int ida_export try_to_add_libfunc | ( | ea_t | ea | ) |
Apply the currently loaded signature file to the specified address.
If a library function is found, then create a function and name it accordingly.
| ea | any address in the program |