Trees       Index       Help   

Project Homepage

Module idc
[show private | hide private]
[frames | no frames]

Module idc

IDC compatibility module
Exceptions
DeprecatedIDCError Exception for deprecated function calls

Function Summary
  add_dref(From, To, drefType)
Create Data Ref
  AddCodeXref(From, To, flowtype)
  AddConstEx(enum_id, name, value, bmask)
Add a member of enum - a symbolic constant
  AddEntryPoint(ordinal, ea, name, makecode)
Add entry point
  AddEnum(idx, name, flag)
Add a new enum type
  AddHotkey(hotkey, idcfunc)
Add hotkey for IDC function
  AltOp(ea, n)
Get manually entered operand string
  AnalyseArea(sEA, eEA)
  Analysis(x)
  AnalyzeArea(sEA, eEA)
Perform full analysis of the area
  AskAddr(defval, prompt)
Ask the user to enter an address
  AskFile(forsave, mask, prompt)
Ask the user to choose a file
  AskIdent(defval, prompt)
Ask the user to enter an identifier
  AskLong(defval, prompt)
Ask the user to enter a number
  AskSeg(defval, prompt)
Ask the user to enter a segment value
  AskSelector(sel)
Get a selector value
  AskStr(defval, prompt)
Ask the user to enter a string
  AskYN(defval, prompt)
Ask the user a question and let him answer Yes/No/Cancel
  atol(str)
  AutoMark(ea, qtype)
Plan to analyze an address
  AutoMark2(start, end, queuetype)
Plan to perform an action in the future.
  AutoShow(x)
  AutoUnmark(start, end, queuetype)
Remove range of addresses from a queue.
  Batch(batch)
Enable/disable batch mode of operation
  BeginEA()
  Byte(ea)
Get value of program byte
  byteValue(F)
  ChooseFunction(title)
Ask the user to select a function
  CmtIndent(x)
  Comment(ea)
Get regular indented comment
  Compile(filename)
  del_dref(From, To)
Unmark Data Ref
  DelCodeXref(From, To, undef)
Unmark exec flow 'from' 'to'
  DelConstEx(enum_id, value, serial, bmask)
Delete a member of enum - a symbolic constant
  DelEnum(enum_id)
Delete enum type
  DelExtLnA(ea, n)
Delete an additional anterior line
  DelExtLnB(ea, n)
Delete an additional posterior line
  DelFixup(ea)
Delete fixup information
  DelFunction(ea)
Delete a function
  DelHiddenArea(ea)
Delete a hidden area
  DelHotkey(hotkey)
Delete IDC function hotkey
  DelSelector(sel)
Delete a selector
  Demangle(name, disable_mask)
Demangle a name
  Dfirst(From)
Get first data xref from 'From'
  DfirstB(To)
Get first data xref to 'To'
  Dnext(From, current)
Get next data xref from 'From'
  DnextB(To, current)
Get next data xref to 'To'
  Dword(ea)
Get value of program double word (4 bytes)
  Exec(command)
Execute an OS command.
  Exit(code)
Stop execution of IDC program, close the database and exit to OS
  ExtLinA(ea, n, line)
Specify an additional line to display before the generated ones.
  ExtLinB(ea, n, line)
Specify an additional line to display after the generated ones.
  Fatal(format)
Display a fatal message in a message box and quit IDA
  fclose(handle)
  fgetc(handle)
  filelength(handle)
  FindCode(ea, flag)
  FindData(ea, flag)
  FindExplored(ea, flag)
  FindFuncEnd(ea)
Determine a new function boundaries
  FindImmediate(ea, flag, value)
  FindSelector(val)
Find a selector which has the specifed value
  FindUnexplored(ea, flag)
  FindVoid(ea, flag)
  FirstSeg()
Get first segment
  fopen(file, mode)
  form(format, *args)
  fprintf(handle, format, *args)
  fputc(byte, handle)
  fseek(handle, offset, origin)
  ftell(handle)
  GenerateFile(type, path, ea1, ea2, flags)
Generate an output file
  GetBmaskCmt(enum_id, bmask, repeatable)
Get bitmask comment (only for bitfields)
  GetBmaskName(enum_id, bmask)
Get bitmask name (only for bitfields)
  GetCharPrm(offset)
  GetConstBmask(const_id)
Get bit mask of symbolic constant
  GetConstByName(name)
Get member of enum - a symbolic constant ID
  GetConstCmt(const_id, repeatable)
Get comment of a constant
  GetConstEnum(const_id)
Get id of enum by id of constant
  GetConstEx(enum_id, value, serial, bmask)
Get id of constant
  GetConstName(const_id)
Get name of a constant
  GetConstValue(const_id)
Get value of symbolic constant
  GetDisasm(ea)
Get disassembly line
  GetDouble(ea)
Get value of a floating point number (8 bytes)
  GetEntryOrdinal(index)
Retrieve entry point ordinal number
  GetEntryPoint(ordinal)
Retrieve entry point address
  GetEntryPointQty()
Retrieve number of entry points
  GetEnum(name)
Get enum ID by the name of enum
  GetEnumCmt(enum_id, repeatable)
Get comment of enum
  GetEnumFlag(enum_id)
Get flag of enum
  GetEnumIdx(enum_id)
Get serial number of enum by its ID
  GetEnumName(enum_id)
Get name of enum
  GetEnumQty()
Get number of enum types
  GetEnumSize(enum_id)
Get size of enum
  GetFirstBmask(enum_id)
Get first bitmask in the enum (bitfield)
  GetFirstConst(enum_id, bmask)
Get first constant in the enum
  GetFirstStrucIdx()
Get index of first structure type
  GetFixupTgtDispl(ea)
Get fixup target displacement
  GetFixupTgtOff(ea)
Get fixup target offset
  GetFixupTgtSel(ea)
Get fixup target selector
  GetFixupTgtType(ea)
Get fixup target type
  GetFlags(ea)
Get internal flags
  GetFloat(ea)
Get value of a floating point number (4 bytes)
  GetFrameSize(ea)
Get full size of function frame
  GetFunctionCmt(ea, repeatable)
Retrieve function comment
  GetFunctionFlags(ea)
Retrieve function flags
  GetFunctionName(ea)
Retrieve function name
  GetIdaDirectory()
Get IDA directory
  GetIdbPath()
Get IDB full path
  GetInputFile()
Get input file name
  GetInputFilePath()
Get input file path
  GetLastBmask(enum_id)
Get last bitmask in the enum (bitfield)
  GetLastConst(enum_id, bmask)
Get last constant in the enum
  GetLastStrucIdx()
Get index of last structure type
  GetLongPrm(offset)
  GetManualInsn(ea)
Get manual representation of instruction
  GetMnem(ea)
Get instruction mnemonics
  GetnEnum(idx)
Get ID of the specified enum by its serial number
  GetNextBmask(enum_id, value)
Get next bitmask in the enum (bitfield)
  GetNextConst(enum_id, value, bmask)
Get next constant in the enum
  GetNextFixupEA(ea)
Find next address with fixup information
  GetNextStrucIdx(index)
Get index of next structure type
  GetOperandValue(ea, n)
Get number used in the operand
  GetOpnd(ea, n)
Get operand of an instruction
  GetOpType(ea, n)
Get type of instruction operand
  GetOriginalByte(ea)
Get original value of program byte
  GetPrevBmask(enum_id, value)
Get prev bitmask in the enum (bitfield)
  GetPrevConst(enum_id, value, bmask)
Get prev constant in the enum
  GetPrevFixupEA(ea)
Find previous address with fixup information
  GetPrevStrucIdx(index)
Get index of previous structure type
  GetShortPrm(offset)
  GetStringType(ea)
Get string type
  GetStrucComment(id, repeatable)
Get structure type comment
  GetStrucId(index)
Get structure ID by structure index
  GetStrucIdByName(name)
Get structure ID by structure name
  GetStrucIdx(id)
Get structure index by structure ID
  GetStrucName(id)
Get structure type name
  GetStrucQty()
Get number of defined structure types
  GetStrucSize(id)
Get size of a structure
  GetTrueName(ea)
Get true name of program byte
  GetTrueNameEx(fromaddr, ea)
Get true name of program byte
  hasName(F)
  hasValue(F)
  here()
  HideArea(start, end, description, header, footer, color)
Hide an area
  HighVoids(x)
  Indent(x)
  isBin0(F)
  isBin1(F)
  IsBitfield(enum_id)
Is enum a bitfield?
  isChar0(F)
  isChar1(F)
  isCode(F)
  isData(F)
  isDec0(F)
  isDec1(F)
  isDefArg0(F)
  isDefArg1(F)
  isEnum0(F)
  isEnum1(F)
  isExtra(F)
  isFlow(F)
  isFop0(F)
  isFop1(F)
  isHead(F)
  isHex0(F)
  isHex1(F)
  isLoaded(ea)
  isOct0(F)
  isOct1(F)
  isOff0(F)
  isOff1(F)
  isRef(F)
  isSeg0(F)
  isSeg1(F)
  isStkvar0(F)
  isStkvar1(F)
  isStroff0(F)
  isStroff1(F)
  isTail(F)
  isUnknown(F)
  isVar(F)
  ItemEnd(ea)
Get address of the end of the item (instruction or data)
  ItemSize(ea)
Get size of instruction or data item in bytes
  Jump(ea)
Move cursor to the specifed linear address
  LineA(ea, num)
Get anterior line
  LineB(ea, num)
Get posterior line
  LocByName(name)
Get linear address of a name
  LocByNameEx(fromaddr, name)
Get linear address of a name
  LowVoids(x)
  ltoa(n, radix)
  MakeAlign(ea, count, align)
Convert the current item to an alignment directive
  MakeArray(ea, nitems)
Create an array.
  MakeByte(ea)
Convert the current item to a byte
  MakeCode(ea)
Create an instruction at the specified address
  MakeComm(ea, comment)
Set an indented regular comment of an item
  MakeDouble(ea)
Convert the current item to a double floating point (8 bytes)
  MakeDword(ea)
Convert the current item to a double word (4 bytes)
  MakeFloat(ea)
Convert the current item to a floating point (4 bytes)
  MakeFunction(start, end)
Create a function
  MakeName(ea, name)
  MakeNameEx(ea, name, flags)
Rename an address
  MakeOword(ea)
Convert the current item to a octa word (16 bytes)
  MakePackReal(ea)
Convert the current item to a packed real (10 or 12 bytes)
  MakeQword(ea)
Convert the current item to a quadro word (8 bytes)
  MakeRptCmt(ea, comment)
Set an indented repeatable comment of an item
  MakeStr(ea, endea)
Create a string.
  MakeStructEx(ea, size, strname)
Convert the current item to a structure instance
  MakeTbyte(ea)
Convert the current item to a tbyte (10 or 12 bytes)
  MakeUnkn(ea, expand)
Convert the current item to an explored item
  MakeVar(ea)
Mark the location as "variable"
  MakeWord(ea)
Convert the current item to a word (2 bytes)
  MaxEA()
  Message(msg)
Display a message in the messages window
  MinEA()
  MK_FP(seg, off)
Return value of expression: ((seg<<4) + off)
  Name(ea)
Get visible name of program byte
  NameEx(fromaddr, ea)
Get visible name of program byte
  NextAddr(ea)
Get next addresss in the program
  NextFunction(ea)
Find next function
  NextHead(ea, maxea)
Get next defined item (instruction or data) in the program
  NextNotTail(ea)
Get next not-tail address in the program This function searches for the next displayable address in the program.
  NextSeg(ea)
Get next segment
  OpAlt(ea, n, str)
Specify operand represenation manually.
  OpAlt1(ea, str)
  OpAlt2(ea, str)
  OpBinary(ea, n)
Convert an operand of the item (instruction or data) to a binary number
  OpChar(ea)
  OpChr(ea, n)
  OpDec(ea)
  OpDecimal(ea, n)
Convert an operand of the item (instruction or data) to a decimal number
  OpEnumEx(ea, n, enumid, serial)
Convert operand to a symbolic constant
  OpHex(ea, n)
Convert an operand of the item (instruction or data) to a hexadecimal number
  OpNot(ea, n)
Toggle the bitwise not operator for the operand
  OpNum(ea)
  OpNumber(ea, n)
Convert operand to a number (with default number base, radix)
  OpOctal(ea, n)
Convert an operand of the item (instruction or data) to an octal number
  OpOff(ea, n, base)
Convert operand to an offset (for the explanations of 'ea' and 'n' please see OpBinary())
  OpOffEx(ea, n, reftype, target, base, tdelta)
Convert operand to a complex offset expression This is a more powerful version of OpOff() function.
  OpOffset(ea, base)
  OpSeg(ea, n)
Convert operand to a segment expression
  OpSegment(ea)
  OpSign(ea, n)
Change sign of the operand
  OpStkvar(ea, n)
Convert operand to a stack variable
  PatchByte(ea, value)
Change value of a program byte
  PatchDword(ea, value)
Change value of a double word
  PatchWord(ea, value)
Change value of a program word (2 bytes)
  PrevAddr(ea)
Get previous addresss in the program
  PrevFunction(ea)
Find previous function
  PrevHead(ea, minea)
Get previous defined item (instruction or data) in the program
  PrevNotTail(ea)
Get previous not-tail address in the program This function searches for the previous displayable address in the program.
  readlong(handle, mostfirst)
  readshort(handle, mostfirst)
  readstr(handle)
  RenameEntryPoint(ordinal, name)
Rename entry point
  Rfirst(From)
Get first code xref from 'From'
  Rfirst0(From)
Get first xref from 'From'
  RfirstB(To)
Get first code xref to 'To'
  RfirstB0(To)
Get first xref to 'To'
  Rnext(From, current)
Get next code xref from
  Rnext0(From, current)
Get next xref from
  RnextB(To, current)
Get next code xref to 'To'
  RnextB0(To, current)
Get next xref to 'To'
  RptCmt(ea)
Get repeatable indented comment
  RunPlugin(name, arg)
Load and run a plugin
  ScreenEA()
Get linear address of cursor
  SegAddrng(ea, bitness)
Change segment addressing
  SegAlign(ea, alignment)
Change alignment of the segment
  SegBounds(ea, startea, endea, disable)
Change segment boundaries
  SegByName(segname)
Get segment by name
  SegClass(ea, segclass)
Change class of the segment
  SegComb(segea, comb)
Change combination of the segment
  SegCreate(startea, endea, base, use32, align, comb)
Create a new segment
  SegDelete(ea, disable)
Delete a segment
  SegEnd(ea)
Get end address of a segment
  SegName(ea)
Get name of a segment
  SegRename(ea, name)
Change name of the segment
  SegStart(ea)
Get start address of a segment
  SelEnd()
Get end address of the selected area
  SelStart()
Get start address of the selected area returns BADADDR - the user has not selected an area
  set_start_cs(x)
  set_start_ip(x)
  SetBmaskCmt(enum_id, bmask, cmt, repeatable)
Set bitmask comment (only for bitfields)
  SetBmaskName(enum_id, bmask, name)
Set bitmask name (only for bitfields)
  SetCharPrm(offset, value)
  SetConstCmt(const_id, cmt, repeatable)
Set a comment of a symbolic constant
  SetConstName(const_id, name)
Rename a member of enum - a symbolic constant
  SetEnumBf(enum_id, flag)
Set bitfield property of enum
  SetEnumCmt(enum_id, cmt, repeatable)
Set comment of enum
  SetEnumFlag(enum_id, flag)
Set flag of enum
  SetEnumIdx(enum_id, idx)
Give another serial number to a enum
  SetEnumName(enum_id, name)
Rename enum
  SetFixup(ea, type, targetsel, targetoff, displ)
Set fixup information
  SetFunctionCmt(ea, cmt, repeatable)
Set function comment
  SetFunctionEnd(ea, end)
Change function end address
  SetFunctionFlags(ea, flags)
Change function flags
  SetHiddenArea(ea, visible)
Set hidden area state
  SetLongPrm(offset, value)
  SetManualInsn(ea, insn)
Specify instruction represenation manually.
  SetSegmentType(segea, type)
Set segment type
  SetSelector(sel, value)
Set a selector value
  SetShortPrm(offset, value)
  SetStatus(status)
Change IDA indicator.
  StringStp(x)
  strlen(str)
  strstr(str, substr)
  substr(str, x1, x2)
  Tabs(x)
  TailDepth(x)
  Voids(x)
  Warning(msg)
Display a message in a message box
  Word(ea)
Get value of program word (2 bytes)
  writelong(handle, dword, mostfirst)
  writeshort(handle, word, mostfirst)
  writestr(handle, str)
  XrefShow(x)
  xtol(str)

Variable Summary
int FIXUP_MASK = 15                                                                    
int INF_CORESTART = 21                                                                    
int INF_FCORESIZ = 17                                                                    
int INF_OMAX_EA = 55                                                                    
int INF_OMIN_EA = 51                                                                    
int INF_SIZEOF_LLONG = 191                                                                   
int INF_SIZEOF_LONG = 190                                                                   
int INF_SIZEOF_SHORT = 189                                                                   
int INF_SPECSEGS = 77                                                                    
int INF_WIDE_HIGH_BYTE_FIRST = 72                                                                    
dict INFMAP = {128: 's_assume', 129: 's_checkarg', 130: 'star...
int MAXADDR = -16777216                                                             
int MS_CODE = -268435456                                                            
int NM_EA = 6                                                                     
int NM_EA4 = 7                                                                     
int NM_EA8 = 8                                                                     
int NM_NAM_EA = 5                                                                     
int NM_NAM_OFF = 2                                                                     
int NM_PTR_EA = 4                                                                     
int NM_PTR_OFF = 1                                                                     
int NM_REL_EA = 3                                                                     
int NM_REL_OFF = 0                                                                     
int NM_SERIAL = 10                                                                    
int NM_SHORT = 9                                                                     
int OFILE_ASM = 4                                                                     
int OFILE_DIF = 5                                                                     
int OFILE_EXE = 1                                                                     
int OFILE_IDC = 2                                                                     
int OFILE_LST = 3                                                                     
int OFILE_MAP = 0                                                                     
int OSTYPE_MSDOS = 1                                                                     
int OSTYPE_NETW = 8                                                                     
int OSTYPE_OS2 = 4                                                                     
int OSTYPE_WIN = 2                                                                     
int SEG_NORM = 0                                                                     

Function Details

add_dref(From, To, drefType)

Create Data Ref

AddConstEx(enum_id, name, value, bmask)

Add a member of enum - a symbolic constant
Parameters:
enum_id - id of enum
name - name of symbolic constant. Must be unique in the program.
value - value of symbolic constant.
bmask - bitmask of the constant ordinary enums accept only -1 as a bitmask all bits set in value should be set in bmask too
Returns:
0-ok, otherwise error code (one of CONST_ERROR_*)

AddEntryPoint(ordinal, ea, name, makecode)

Add entry point
Parameters:
ordinal - entry point number if entry point doesn't have an ordinal number, 'ordinal' should be equal to 'ea'
ea - address of the entry point
name - name of the entry point. If null string, the entry point won't be renamed.
makecode - if 1 then this entry point is a start of a function. Otherwise it denotes data bytes.
Returns:
0 - entry point with the specifed ordinal already exists 1 - ok

AddEnum(idx, name, flag)

Add a new enum type
Parameters:
idx -

serial number of the new enum. If another enum with the same serial number exists, then all enums with serial numbers >= the specified idx get their serial numbers incremented (in other words, the new enum is put in the middle of the list of enums).

If idx >= GetEnumQty() or idx == -1 then the new enum is created at the end of the list of enums.
name - name of the enum.
flag - flags for representation of numeric constants in the definition of enum.
Returns:
id of new enum or -1.

AddHotkey(hotkey, idcfunc)

Add hotkey for IDC function
Parameters:
hotkey - hotkey name ('a', "Alt-A", etc)
idcfunc - IDC function name
Returns:
None

Note: GUI version doesn't support hotkeys

AltOp(ea, n)

Get manually entered operand string
Parameters:
ea - linear address
n - number of operand: 0 - the first operand 1 - the second operand
Returns:
string or None if it fails

AnalyzeArea(sEA, eEA)

Perform full analysis of the area
Parameters:
sEA - starting linear address
eEA - ending linear address (excluded)
Returns:
1-ok, 0-Ctrl-Break was pressed.

AskAddr(defval, prompt)

Ask the user to enter an address
Parameters:
defval - the default address value. This value will appear in the dialog box.
prompt - the prompt to display in the dialog box
Returns:
the entered address or BADADDR.

AskFile(forsave, mask, prompt)

Ask the user to choose a file
Parameters:
forsave - 0: "Open" dialog box, 1: "Save" dialog box
mask - the input file mask as "*.*" or the default file name.
prompt - the prompt to display in the dialog box
Returns:
the selected file or 0.

AskIdent(defval, prompt)

Ask the user to enter an identifier
Parameters:
defval - the default identifier. This value will appear in the dialog box.
prompt - the prompt to display in the dialog box
Returns:
the entered identifier or 0.

AskLong(defval, prompt)

Ask the user to enter a number
Parameters:
defval - the default value. This value will appear in the dialog box.
prompt - the prompt to display in the dialog box
Returns:
the entered number or -1.

AskSeg(defval, prompt)

Ask the user to enter a segment value
Parameters:
defval - the default value. This value will appear in the dialog box.
prompt - the prompt to display in the dialog box
Returns:
the entered segment selector or BADSEL.

AskSelector(sel)

Get a selector value
Parameters:
sel - the selector number (16bit value)
Returns:
selector value if found otherwise the input value (sel)

Note: selector values are always in paragraphs

AskStr(defval, prompt)

Ask the user to enter a string
Parameters:
defval - the default string value. This value will appear in the dialog box.
prompt - the prompt to display in the dialog box
Returns:

the entered string or 0.

FIXME: Doublecheck the history type

AskYN(defval, prompt)

Ask the user a question and let him answer Yes/No/Cancel
Parameters:
defval - the default answer. This answer will be selected if the user presses Enter. -1:cancel,0-no,1-ok
prompt - the prompt to display in the dialog box
Returns:
-1:cancel,0-no,1-ok

AutoMark(ea, qtype)

Plan to analyze an address

AutoMark2(start, end, queuetype)

Plan to perform an action in the future. This function will put your request to a special autoanalysis queue. Later IDA will retrieve the request from the queue and process it. There are several autoanalysis queue types. IDA will process all queries from the first queue and then switch to the second queue, etc.

AutoUnmark(start, end, queuetype)

Remove range of addresses from a queue.

Batch(batch)

Enable/disable batch mode of operation
Parameters:
batch - Batch mode 0 - ida will display dialog boxes and wait for the user input 1 - ida will not display dialog boxes, warnings, etc.
Returns:
old balue of batch flag

Byte(ea)

Get value of program byte
Parameters:
ea - linear address
Returns:
value of byte. If byte has no value then returns 0xFF If the current byte size is different from 8 bits, then the returned value might have more 1's. To check if a byte has a value, use functions hasValue(GetFlags(ea))

ChooseFunction(title)

Ask the user to select a function

Arguments:
Parameters:
title - title of the dialog box
Returns:
-1 - user refused to select a function otherwise returns the selected function start address

Comment(ea)

Get regular indented comment
Parameters:
ea - linear address
Returns:
string or None if it fails

del_dref(From, To)

Unmark Data Ref

DelCodeXref(From, To, undef)

Unmark exec flow 'from' 'to'
Parameters:
undef - make 'To' undefined if no more references to it
Returns:
1 - planned to be made undefined

DelConstEx(enum_id, value, serial, bmask)

Delete a member of enum - a symbolic constant
Parameters:
enum_id - id of enum
value - value of symbolic constant.
serial - serial number of the constant in the enumeration. See OpEnumEx() for for details.
bmask - bitmask of the constant ordinary enums accept only -1 as a bitmask
Returns:
1-ok, 0-failed

DelEnum(enum_id)

Delete enum type
Parameters:
enum_id - id of enum
Returns:
None

DelExtLnA(ea, n)

Delete an additional anterior line
Parameters:
ea - linear address
n - number of anterior additioal line (0..500)
Returns:
None

DelExtLnB(ea, n)

Delete an additional posterior line
Parameters:
ea - linear address
n - number of posterior additioal line (0..500)
Returns:
None

DelFixup(ea)

Delete fixup information
Parameters:
ea - address to delete fixup information about
Returns:
None

DelFunction(ea)

Delete a function
Parameters:
ea - any address belonging to the function
Returns:
!=0 - ok

DelHiddenArea(ea)

Delete a hidden area
Parameters:
ea - any address belonging to the hidden area
Returns:
!= 0 - ok

DelHotkey(hotkey)

Delete IDC function hotkey
Parameters:
hotkey - hotkey code to delete

DelSelector(sel)

Delete a selector
Parameters:
sel - the selector number to delete
Returns:
None

Note: if the selector is found, it will be deleted

Demangle(name, disable_mask)

Demangle a name
Parameters:
name - name to demangle
disable_mask - a mask that tells how to demangle the name it is a good idea to get this mask using GetLongPrm(INF_SHORT_DN) or GetLongPrm(INF_LONG_DN)
Returns:
a demangled name If the input name cannot be demangled, returns 0

Dfirst(From)

Get first data xref from 'From'

DfirstB(To)

Get first data xref to 'To'

Dnext(From, current)

Get next data xref from 'From'

DnextB(To, current)

Get next data xref to 'To'

Dword(ea)

Get value of program double word (4 bytes)
Parameters:
ea - linear address
Returns:
the value of the double word. If double word has no value then returns 0xFFFFFFFF.

Exec(command)

Execute an OS command.
Parameters:
command - command line to execute
Returns:
error code from OS

Note: IDA will wait for the started program to finish. In order to start the command in parallel, use OS methods. For example, you may start another program in parallel using "start" command.

Exit(code)

Stop execution of IDC program, close the database and exit to OS
Parameters:
code - code to exit with.
Returns:
-

ExtLinA(ea, n, line)

Specify an additional line to display before the generated ones.
Parameters:
ea - linear address
n - number of anterior additioal line (0..MAX_ITEM_LINES)
line - the line to display
Returns:
None

Note: IDA displays additional lines from number 0 up to the first unexisting additional line. So, if you specify additional line #150 and there is no additional line #149, your line will not be displayed. MAX_ITEM_LINES is defined in IDA.CFG

ExtLinB(ea, n, line)

Specify an additional line to display after the generated ones.
Parameters:
ea - linear address
n - number of posterior additioal line (0..MAX_ITEM_LINES)
line - the line to display
Returns:
None

Note: IDA displays additional lines from number 0 up to the first unexisting additional line. So, if you specify additional line #150 and there is no additional line #149, your line will not be displayed. MAX_ITEM_LINES is defined in IDA.CFG

Fatal(format)

Display a fatal message in a message box and quit IDA
Parameters:
format - message to print

FindFuncEnd(ea)

Determine a new function boundaries
Parameters:
ea - starting address of a new function
Returns:
if a function already exists, then return its end address. If a function end cannot be determined, the return BADADDR otherwise return the end address of the new function

FindSelector(val)

Find a selector which has the specifed value
Parameters:
val - value to search for
Returns:
16bit selector number if found otherwise the input value (val & 0xFFFF)

Note: selector values are always in paragraphs

FirstSeg()

Get first segment
Returns:
address of the start of the first segment BADADDR - no segments are defined

GenerateFile(type, path, ea1, ea2, flags)

Generate an output file
Parameters:
type - type of output file. One of OFILE_... symbols. See below.
path - the output file path (will be overwritten!)
ea1 - start address. For some file types this argument is ignored
ea2 - end address. For some file types this argument is ignored
flags - bit combination of GENFLG_...
Returns:
number of the generated lines. -1 if an error occured OFILE_EXE: 0-can't generate exe file, 1-ok

GetBmaskCmt(enum_id, bmask, repeatable)

Get bitmask comment (only for bitfields)

FIXME: Check the return value
Parameters:
enum_id - id of enum
bmask - bitmask of the constant
repeatable - type of comment, 0-regular, 1-repeatable
Returns:
comment attached to bitmask if it exists. otherwise returns 0.

GetBmaskName(enum_id, bmask)

Get bitmask name (only for bitfields)
Parameters:
enum_id - id of enum
bmask - bitmask of the constant
Returns:

name of bitmask if it exists. otherwise returns 0.

FIXME: Check the return value

GetConstBmask(const_id)

Get bit mask of symbolic constant
Parameters:
const_id - id of symbolic constant
Returns:
bitmask of constant or 0 ordinary enums have bitmask = -1

GetConstByName(name)

Get member of enum - a symbolic constant ID
Parameters:
name - name of symbolic constant
Returns:

ID of constant or -1

FIXME: Need to check the return type!

GetConstCmt(const_id, repeatable)

Get comment of a constant
Parameters:
const_id - id of const
repeatable - 0:get regular comment, 1:get repeatable comment
Returns:
comment string

GetConstEnum(const_id)

Get id of enum by id of constant
Parameters:
const_id - id of symbolic constant
Returns:
id of enum the constant belongs to. -1 if const_id is bad.

GetConstEx(enum_id, value, serial, bmask)

Get id of constant
Parameters:
enum_id - id of enum
value - value of constant
serial - serial number of the constant in the enumeration. See OpEnumEx() for details.
bmask - bitmask of the constant ordinary enums accept only -1 as a bitmask
Returns:
id of constant or -1 if error

GetConstName(const_id)

Get name of a constant
Parameters:
const_id -

id of const

Returns: name of constant

GetConstValue(const_id)

Get value of symbolic constant
Parameters:
const_id - id of symbolic constant
Returns:
value of constant or 0

GetDisasm(ea)

Get disassembly line
Parameters:
ea - linear address of instruction
Returns:
"" - no instruction at the specified location

Note: this function may not return exactly the same mnemonics as you see on the screen.

GetDouble(ea)

Get value of a floating point number (8 bytes)
Parameters:
ea - linear address
Returns:
double

GetEntryOrdinal(index)

Retrieve entry point ordinal number
Parameters:
index - 0..GetEntryPointQty()-1
Returns:
0 if entry point doesn't exist otherwise entry point ordinal

GetEntryPoint(ordinal)

Retrieve entry point address
Parameters:
ordinal - entry point number it is returned by GetEntryPointOrdinal()
Returns:
-1 if entry point doesn't exist otherwise entry point address. If entry point address is equal to its ordinal number, then the entry point has no ordinal.

GetEntryPointQty()

Retrieve number of entry points
Returns:
number of entry points

GetEnum(name)

Get enum ID by the name of enum

Arguments: name - name of enum

returns: ID of enum or -1 if no such enum exists

GetEnumCmt(enum_id, repeatable)

Get comment of enum
Parameters:
enum_id - ID of enum
repeatable - 0:get regular comment 1:get repeatable comment
Returns:
comment of enum

GetEnumFlag(enum_id)

Get flag of enum
Parameters:
enum_id - ID of enum
Returns:
flags of enum. These flags determine representation of numeric constants (binary,octal,decimal,hex) in the enum definition. See start of this file for more information about flags. Returns 0 if enum_id is bad.

GetEnumIdx(enum_id)

Get serial number of enum by its ID
Parameters:
enum_id - ID of enum
Returns:
(0..GetEnumQty()-1) or -1 if error

GetEnumName(enum_id)

Get name of enum
Parameters:
enum_id - ID of enum
Returns:
name of enum or empty string

GetEnumQty()

Get number of enum types
Returns:
number of enumerations

GetEnumSize(enum_id)

Get size of enum
Parameters:
enum_id - ID of enum
Returns:
number of constants in the enum Returns 0 if enum_id is bad.

GetFirstBmask(enum_id)

Get first bitmask in the enum (bitfield)
Parameters:
enum_id - id of enum (bitfield)
Returns:
the smallest bitmask of constant or -1 no bitmasks are defined yet All bitmasks are sorted by their values as unsigned longs.

GetFirstConst(enum_id, bmask)

Get first constant in the enum
Parameters:
enum_id - id of enum
bmask - bitmask of the constant (ordinary enums accept only -1 as a bitmask)
Returns:
value of constant or -1 no constants are defined All constants are sorted by their values as unsigned longs.

GetFirstStrucIdx()

Get index of first structure type
Returns:
-1 if no structure type is defined index of first structure type. Each structure type has an index and ID. INDEX determines position of structure definition in the list of structure definitions. Index 1 is listed first, after index 2 and so on. The index of a structure type can be changed any time, leading to movement of the structure definition in the list of structure definitions. ID uniquely denotes a structure type. A structure gets a unique ID at the creation time and this ID can't be changed. Even when the structure type gets deleted, its ID won't be resued in the future.

GetFixupTgtDispl(ea)

Get fixup target displacement
Parameters:
ea - address to get information about
Returns:
-1 - no fixup at the specified address otherwise returns fixup target displacement

GetFixupTgtOff(ea)

Get fixup target offset
Parameters:
ea - address to get information about
Returns:
-1 - no fixup at the specified address otherwise returns fixup target offset

GetFixupTgtSel(ea)

Get fixup target selector
Parameters:
ea - address to get information about
Returns:
-1 - no fixup at the specified address otherwise returns fixup target selector

GetFixupTgtType(ea)

Get fixup target type
Parameters:
ea - address to get information about
Returns:
-1 - no fixup at the specified address otherwise returns fixup target type:

GetFlags(ea)

Get internal flags
Parameters:
ea - linear address
Returns:
32-bit value of internal flags. See start of IDC.IDC file for explanations.

GetFloat(ea)

Get value of a floating point number (4 bytes)
Parameters:
ea - linear address
Returns:
float

GetFrameSize(ea)

Get full size of function frame
Parameters:
ea - any address belonging to the function
Returns:
Size of function frame in bytes. This function takes into account size of local variables + size of saved registers + size of return address + size of function arguments If the function doesn't have a frame, return size of function return address in the stack. If the function does't exist, return 0

GetFunctionCmt(ea, repeatable)

Retrieve function comment
Parameters:
ea - any address belonging to the function
repeatable - 1: get repeatable comment 0: get regular comment
Returns:
function comment string

GetFunctionFlags(ea)

Retrieve function flags
Parameters:
ea - any address belonging to the function
Returns:
-1 - function doesn't exist otherwise returns the flags

GetFunctionName(ea)

Retrieve function name
Parameters:
ea - any address belonging to the function
Returns:
null string - function doesn't exist otherwise returns function name

GetIdaDirectory()

Get IDA directory

This function returns the directory where IDA.EXE resides

GetIdbPath()

Get IDB full path

This function returns full path of the current IDB database

GetInputFile()

Get input file name

This function returns name of the file being disassembled

GetInputFilePath()

Get input file path

This function returns the full path of the file being disassembled

GetLastBmask(enum_id)

Get last bitmask in the enum (bitfield)
Parameters:
enum_id - id of enum
Returns:
the biggest bitmask or -1 no bitmasks are defined yet All bitmasks are sorted by their values as unsigned longs.

GetLastConst(enum_id, bmask)

Get last constant in the enum
Parameters:
enum_id - id of enum
bmask - bitmask of the constant (ordinary enums accept only -1 as a bitmask)
Returns:
value of constant or -1 no constants are defined All constants are sorted by their values as unsigned longs.

GetLastStrucIdx()

Get index of last structure type
Returns:
-1 if no structure type is defined index of last structure type. See GetFirstStrucIdx() for the explanation of structure indices and IDs.

GetManualInsn(ea)

Get manual representation of instruction
Parameters:
ea - linear address

Note: This function returns value set by SetManualInsn earlier.

GetMnem(ea)

Get instruction mnemonics
Parameters:
ea - linear address of instruction
Returns:
"" - no instruction at the specified location

Note: this function may not return exactly the same mnemonics as you see on the screen.

GetnEnum(idx)

Get ID of the specified enum by its serial number
Parameters:
idx - number of enum (0..GetEnumQty()-1)
Returns:
ID of enum or -1 if error

GetNextBmask(enum_id, value)

Get next bitmask in the enum (bitfield)
Parameters:
enum_id - id of enum
value - value of the current bitmask
Returns:
value of a bitmask with value higher than the specified value. -1 if no such bitmasks exist. All bitmasks are sorted by their values as unsigned longs.

GetNextConst(enum_id, value, bmask)

Get next constant in the enum
Parameters:
enum_id - id of enum
value - value of the current constant
bmask - bitmask of the constant ordinary enums accept only -1 as a bitmask
Returns:
value of a constant with value higher than the specified value. -1 no such constants exist. All constants are sorted by their values as unsigned longs.

GetNextFixupEA(ea)

Find next address with fixup information
Parameters:
ea - current address
Returns:
-1 - no more fixups otherwise returns the next address with fixup information

GetNextStrucIdx(index)

Get index of next structure type
Parameters:
index - current structure index
Returns:
-1 if no (more) structure type is defined index of the next structure type. See GetFirstStrucIdx() for the explanation of structure indices and IDs.

GetOperandValue(ea, n)

Get number used in the operand

This function returns an immediate number used in the operand
Parameters:
ea - linear address of instruction
n - the operand number
Returns:
value operand is an immediate value => immediate value operand has a displacement => displacement operand is a direct memory ref => memory address operand is a register => register number operand is a register phrase => phrase number otherwise => -1

GetOpnd(ea, n)

Get operand of an instruction
Parameters:
ea - linear address of instruction
n - number of operand: 0 - the first operand 1 - the second operand
Returns:
the current text representation of operand

GetOpType(ea, n)

Get type of instruction operand
Parameters:
ea - linear address of instruction
n - number of operand: 0 - the first operand 1 - the second operand
Returns:
  • -1 bad operand number passed
  • 0 None
  • 1 General Register
  • 2 Memory Reference
  • 3 Base + Index
  • 4 Base + Index + Displacement
  • 5 Immediate
  • 6 Immediate Far Address (with a Segment Selector)

  • 7 Immediate Near Address

    PC:
  • 8 386 Trace register
  • 9 386 Debug register
  • 10 386 Control register
  • 11 FPP register

  • 12 MMX register

    8051:
  • 8 bit
  • 9 /bit

  • 10 bit

    80196:
  • 8 [intmem]
  • 9 [intmem]+
  • 10 offset[intmem]

  • 11 bit

    ARM:
  • 8 shifted register
  • 9 MLA operands
  • 10 register list (for LDM/STM)
  • 11 coprocessor register list (for CDP)

  • 12 coprocessor register (for LDC/STC)

    PPC:
  • 8 SPR
  • 9 2 FPRs
  • 10 SH & MB & ME
  • 11 CR field

  • 12 CR bit

    TMS320C5:
  • 8 bit
  • 9 bit not

  • 10 condition

    TMS320C6:

  • 8 register pair (A1:A0..B15:B14)

    Z8:
  • 8 @intmem

  • 9 @Rx

    Z80:
  • 8 condition

GetOriginalByte(ea)

Get original value of program byte
Parameters:
ea - linear address
Returns:
the original value of byte before any patch applied to it

GetPrevBmask(enum_id, value)

Get prev bitmask in the enum (bitfield)
Parameters:
enum_id - id of enum
value - value of the current bitmask
Returns:
value of a bitmask with value lower than the specified value. -1 no such bitmasks exist. All bitmasks are sorted by their values as unsigned longs.

GetPrevConst(enum_id, value, bmask)

Get prev constant in the enum
Parameters:
enum_id - id of enum
value - value of the current constant
bmask - bitmask of the constant ordinary enums accept only -1 as a bitmask
Returns:
value of a constant with value lower than the specified value. -1 no such constants exist. All constants are sorted by their values as unsigned longs.

GetPrevFixupEA(ea)

Find previous address with fixup information
Parameters:
ea - current address
Returns:
-1 - no more fixups otherwise returns the previous address with fixup information

GetPrevStrucIdx(index)

Get index of previous structure type
Parameters:
index - current structure index
Returns:
-1 if no (more) structure type is defined index of the presiouvs structure type. See GetFirstStrucIdx() for the explanation of structure indices and IDs.

GetStringType(ea)

Get string type
Parameters:
ea -

linear address

Returns one of ASCSTR_... constants

GetStrucComment(id, repeatable)

Get structure type comment
Parameters:
id - structure type ID
repeatable - 1: get repeatable comment 0: get regular comment
Returns:
null string if bad structure type ID is passed otherwise returns comment.

GetStrucId(index)

Get structure ID by structure index
Parameters:
index - structure index
Returns:
-1 if bad structure index is passed otherwise returns structure ID.

Note: See GetFirstStrucIdx() for the explanation of structure indices and IDs.

GetStrucIdByName(name)

Get structure ID by structure name
Parameters:
name - structure type name
Returns:
-1 if bad structure type name is passed otherwise returns structure ID.

GetStrucIdx(id)

Get structure index by structure ID
Parameters:
id - structure ID
Returns:
-1 if bad structure ID is passed otherwise returns structure index. See GetFirstStrucIdx() for the explanation of structure indices and IDs.

GetStrucName(id)

Get structure type name
Parameters:
id - structure type ID
Returns:
-1 if bad structure type ID is passed otherwise returns structure type name.

GetStrucQty()

Get number of defined structure types
Returns:
number of structure types

GetStrucSize(id)

Get size of a structure
Parameters:
id - structure type ID
Returns:
-1 if bad structure type ID is passed otherwise returns size of structure in bytes.

GetTrueName(ea)

Get true name of program byte

This function returns name of byte as is without any replacements.
Parameters:
ea - linear address
Returns:
"" - byte has no name

Note: This is deprecated, use GetTrueNameEx() instead.

GetTrueNameEx(fromaddr, ea)

Get true name of program byte

This function returns name of byte as is without any replacements.
Parameters:
fromaddr - the referring address. May be BADADDR. Allows to retrieve local label addresses in functions. If a local name is not found, then a global name is returned.
ea - linear address
Returns:
"" - byte has no name

HideArea(start, end, description, header, footer, color)

Hide an area

Hidden areas - address ranges which can be replaced by their descriptions
Parameters:
start - area start
end - area end
description - description to display if the area is collapsed
header - header lines to display if the area is expanded
footer - footer lines to display if the area is expanded
color - RGB color code (-1 means default color)
Returns:
!=0 - ok

IsBitfield(enum_id)

Is enum a bitfield?
Parameters:
enum_id - id of enum
Returns:
1-yes, 0-no, ordinary enum

ItemEnd(ea)

Get address of the end of the item (instruction or data)
Parameters:
ea - linear address
Returns:
address past end of the item at 'ea'

ItemSize(ea)

Get size of instruction or data item in bytes
Parameters:
ea - linear address
Returns:
1..n

Jump(ea)

Move cursor to the specifed linear address
Parameters:
ea - linear address

LineA(ea, num)

Get anterior line
Parameters:
ea - linear address
num - number of anterior line (0..MAX_ITEM_LINES) MAX_ITEM_LINES is defined in IDA.CFG
Returns:
anterior line string

LineB(ea, num)

Get posterior line
Parameters:
ea - linear address
num - number of posterior line (0..MAX_ITEM_LINES)
Returns:
posterior line string

LocByName(name)

Get linear address of a name
Parameters:
name - name of program byte
Returns:
address of the name badaddr - no such name

LocByNameEx(fromaddr, name)

Get linear address of a name
Parameters:
fromaddr - the referring address. Allows to retrieve local label addresses in functions. If a local name is not found, then address of a global name is returned.
name - name of program byte
Returns:
address of the name (BADADDR - no such name)

MakeAlign(ea, count, align)

Convert the current item to an alignment directive
Parameters:
ea - linear address
count - number of bytes to convert
align - 0 or 1..32 if it is 0, the correct alignment will be calculated by the kernel
Returns:
1-ok, 0-failure

MakeArray(ea, nitems)

Create an array.
Parameters:
ea - linear address
nitems - size of array in items

Note: This function will create an array of the items with the same type as the type of the item at 'ea'. If the byte at 'ea' is undefined, then this function will create an array of bytes.

MakeByte(ea)

Convert the current item to a byte
Parameters:
ea - linear address
Returns:
1-ok, 0-failure

MakeCode(ea)

Create an instruction at the specified address
Parameters:
ea - linear address
Returns:
0 - can not create an instruction (no such opcode, the instruction would overlap with existing items, etc) otherwise returns length of the instruction in bytes

MakeComm(ea, comment)

Set an indented regular comment of an item
Parameters:
ea - linear address
comment - comment string
Returns:
None

MakeDouble(ea)

Convert the current item to a double floating point (8 bytes)
Parameters:
ea - linear address
Returns:
1-ok, 0-failure

MakeDword(ea)

Convert the current item to a double word (4 bytes)
Parameters:
ea - linear address
Returns:
1-ok, 0-failure

MakeFloat(ea)

Convert the current item to a floating point (4 bytes)
Parameters:
ea - linear address
Returns:
1-ok, 0-failure

MakeFunction(start, end)

Create a function
Parameters:
start - function bounds
end -

function bounds

If the function end address is BADADDR, then IDA will try to determine the function bounds automatically. IDA will define all necessary instructions to determine the function bounds.
Returns:
!=0 - ok

Note: an instruction should be present at the start address

MakeNameEx(ea, name, flags)

Rename an address
Parameters:
ea - linear address
name - new name of address. If name == "", then delete old name
flags - combination of SN_... constants
Returns:
1-ok, 0-failure

MakeOword(ea)

Convert the current item to a octa word (16 bytes)
Parameters:
ea - linear address
Returns:
1-ok, 0-failure

MakePackReal(ea)

Convert the current item to a packed real (10 or 12 bytes)
Parameters:
ea - linear address
Returns:

1-ok, 0-failure

FIXME: the size needs to be adjusted to IDP.hpp

MakeQword(ea)

Convert the current item to a quadro word (8 bytes)
Parameters:
ea - linear address
Returns:
1-ok, 0-failure

MakeRptCmt(ea, comment)

Set an indented repeatable comment of an item
Parameters:
ea - linear address
comment - comment string
Returns:
None

MakeStr(ea, endea)

Create a string.

This function creates a string (the string type is determined by the value of GetLongPrm(INF_STRTYPE))
Parameters:
ea - linear address
endea - ending address of the string (excluded) if endea == BADADDR, then length of string will be calculated by the kernel
Returns:
1-ok, 0-failure

Note: The type of an existing string is returned by GetStringType()

MakeStructEx(ea, size, strname)

Convert the current item to a structure instance
Parameters:
ea - linear address
size - structure size in bytes. -1 means that the size will be calculated automatically
strname - name of a structure type
Returns:
1-ok, 0-failure

MakeTbyte(ea)

Convert the current item to a tbyte (10 or 12 bytes)
Parameters:
ea - linear address
Returns:

1-ok, 0-failure

FIXME: the size needs to be adjusted to IDP.hpp

MakeUnkn(ea, expand)

Convert the current item to an explored item
Parameters:
ea - linear address
expand -
  • 0: just undefine the current item
  • 1: undefine other instructions if the removal of the current instruction removes all references to them.

Note: functions will not be undefined even if they have no references to them

MakeVar(ea)

Mark the location as "variable"
Parameters:
ea - address to mark
Returns:
None

Note: All that IDA does is to mark the location as "variable". Nothing else, no additional analysis is performed. This function may disappear in the future.

MakeWord(ea)

Convert the current item to a word (2 bytes)
Parameters:
ea - linear address
Returns:
1-ok, 0-failure

Message(msg)

Display a message in the messages window
Parameters:
msg -

message to print (formatting is done in Python)

This function can be used to debug IDC scripts

MK_FP(seg, off)

Return value of expression: ((seg<<4) + off)

Name(ea)

Get visible name of program byte

This function returns name of byte as it is displayed on the screen. If a name contains illegal characters, IDA replaces them by the substitution character during displaying. See IDA.CFG for the definition of the substitution character.
Parameters:
ea - linear address
Returns:
"" - byte has no name

Note: This is deprecated, use NameEx() instead.

NameEx(fromaddr, ea)

Get visible name of program byte

This function returns name of byte as it is displayed on the screen. If a name contains illegal characters, IDA replaces them by the substitution character during displaying. See IDA.CFG for the definition of the substitution character.
Parameters:
fromaddr - the referring address. May be BADADDR. Allows to retrieve local label addresses in functions. If a local name is not found, then a global name is returned.
ea - linear address
Returns:
"" - byte has no name

NextAddr(ea)

Get next addresss in the program
Parameters:
ea - linear address
Returns:
BADADDR - the specified address in the last used address

NextFunction(ea)

Find next function
Parameters:
ea - any address belonging to the function
Returns:
-1 - no more functions otherwise returns the next function start address

NextHead(ea, maxea)

Get next defined item (instruction or data) in the program
Parameters:
ea - linear address to start search from
maxea - the search will stop at the address maxea is not included in the search range
Returns:
BADADDR - no (more) defined items

NextNotTail(ea)

Get next not-tail address in the program This function searches for the next displayable address in the program. The tail bytes of instructions and data are not displayable.
Parameters:
ea - linear address
Returns:
BADADDR - no (more) not-tail addresses

NextSeg(ea)

Get next segment
Parameters:
ea - linear address
Returns:
start of the next segment BADADDR - no next segment

OpAlt(ea, n, str)

Specify operand represenation manually.
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands
str - a string represenation of the operand

Note: IDA will not check the specified operand, it will simply display it instead of the orginal representation of the operand.

OpBinary(ea, n)

Convert an operand of the item (instruction or data) to a binary number
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands
Returns:
1-ok, 0-failure

Note: the data items use only the type of the first operand

OpChr(ea, n)

Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpDecimal(ea, n)

Convert an operand of the item (instruction or data) to a decimal number
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpEnumEx(ea, n, enumid, serial)

Convert operand to a symbolic constant
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands
enumid - id of enumeration type
serial - serial number of the constant in the enumeration The serial numbers are used if there are more than one symbolic constant with the same value in the enumeration. In this case the first defined constant get the serial number 0, then second 1, etc. There could be 256 symbolic constants with the same value in the enumeration.

OpHex(ea, n)

Convert an operand of the item (instruction or data) to a hexadecimal number
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpNot(ea, n)

Toggle the bitwise not operator for the operand
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpNumber(ea, n)

Convert operand to a number (with default number base, radix)
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpOctal(ea, n)

Convert an operand of the item (instruction or data) to an octal number
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpOff(ea, n, base)

Convert operand to an offset (for the explanations of 'ea' and 'n' please see OpBinary())

Example:

seg000:2000 dw 1234h

and there is a segment at paragraph 0x1000 and there is a data item within the segment at 0x1234:

seg000:1234 MyString db 'Hello, world!',0

Then you need to specify a linear address of the segment base to create a proper offset:

OpOffset(["seg000",0x2000],0,0x10000);

and you will have:

seg000:2000 dw offset MyString

Motorola 680x0 processor have a concept of "outer offsets". If you want to create an outer offset, you need to combine number of the operand with the following bit:

Please note that the outer offsets are meaningful only for Motorola 680x0.
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands
base - base of the offset as a linear address If base == BADADDR then the current operand becomes non-offset

OpOffEx(ea, n, reftype, target, base, tdelta)

Convert operand to a complex offset expression This is a more powerful version of OpOff() function. It allows to explicitly specify the reference type (off8,off16, etc) and the expression target with a possible target delta. The complex expressions are represented by IDA in the following form:

target + tdelta - base

If the target is not present, then it will be calculated using

target = operand_value - tdelta + base

The target must be present for LOW.. and HIGH.. reference types
Parameters:
ea - linear address of the instruction/data
n - number of operand to convert (the same as in OpOff)
reftype - one of REF_... constants
target - an explicitly specified expression target. if you don't want to specify it, use -1. Please note that LOW... and HIGH... reference type requre the target.
base - the offset base (a linear address)
tdelta - a displacement from the target which will be displayed in the expression.
Returns:
success (boolean)

OpSeg(ea, n)

Convert operand to a segment expression
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpSign(ea, n)

Change sign of the operand
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

OpStkvar(ea, n)

Convert operand to a stack variable
Parameters:
ea - linear address
n - number of operand
  • 0 - the first operand
  • 1 - the second, third and all other operands
  • -1 - all operands

PatchByte(ea, value)

Change value of a program byte
Parameters:
ea - linear address
value - new value of the byte
Returns:
None

PatchDword(ea, value)

Change value of a double word
Parameters:
ea - linear address
value - new value of the double word

PatchWord(ea, value)

Change value of a program word (2 bytes)
Parameters:
ea - linear address
value - new value of the word

PrevAddr(ea)

Get previous addresss in the program
Parameters:
ea - linear address
Returns:
BADADDR - the specified address in the first address

PrevFunction(ea)

Find previous function
Parameters:
ea - any address belonging to the function
Returns:
-1 - no more functions otherwise returns the previous function start address

PrevHead(ea, minea)

Get previous defined item (instruction or data) in the program
Parameters:
ea - linear address to start search from
minea - the search will stop at the address minea is included in the search range
Returns:
BADADDR - no (more) defined items

PrevNotTail(ea)

Get previous not-tail address in the program This function searches for the previous displayable address in the program. The tail bytes of instructions and data are not displayable.
Parameters:
ea - linear address
Returns:
BADADDR - no (more) not-tail addresses

RenameEntryPoint(ordinal, name)

Rename entry point
Parameters:
ordinal - entry point number
name - new name
Returns:
!=0 - ok

Rfirst(From)

Get first code xref from 'From'

Rfirst0(From)

Get first xref from 'From'

RfirstB(To)

Get first code xref to 'To'

RfirstB0(To)

Get first xref to 'To'

Rnext(From, current)

Get next code xref from

Rnext0(From, current)

Get next xref from

RnextB(To, current)

Get next code xref to 'To'

RnextB0(To, current)

Get next xref to 'To'

RptCmt(ea)

Get repeatable indented comment
Parameters:
ea - linear address
Returns:
string or None if it fails

RunPlugin(name, arg)

Load and run a plugin
Parameters:
name - The plugin name is a short plugin name without an extension
arg - integer argument
Returns:
0 if could not load the plugin, 1 if ok

ScreenEA()

Get linear address of cursor

SegAddrng(ea, bitness)

Change segment addressing
Parameters:
ea - any address in the segment
bitness - 0: 16bit, 1: 32bit, 2: 64bit
Returns:
success (boolean)

SegAlign(ea, alignment)

Change alignment of the segment
Parameters:
ea - any address in the segment
alignment - new alignment of the segment (one of the sa... constants)
Returns:
success (boolean)

SegBounds(ea, startea, endea, disable)

Change segment boundaries
Parameters:
ea - any address in the segment
startea - new start address of the segment
endea - new end address of the segment
disable - discard bytes that go out of the segment
Returns:
boolean success

SegByName(segname)

Get segment by name
Parameters:
segname - name of segment
Returns:
segment selector or BADADDR

SegClass(ea, segclass)

Change class of the segment
Parameters:
ea - any address in the segment
segclass - new class of the segment
Returns:
success (boolean)

SegComb(segea, comb)

Change combination of the segment
Parameters:
segea - any address in the segment
comb - new combination of the segment (one of the sc... constants)
Returns:
success (boolean)

SegCreate(startea, endea, base, use32, align, comb)

Create a new segment
Parameters:
startea - linear address of the start of the segment
endea - linear address of the end of the segment this address will not belong to the segment 'endea' should be higher than 'startea'
base - base paragraph or selector of the segment. a paragraph is 16byte memory chunk. If a selector value is specified, the selector should be already defined.
use32 - 0: 16bit segment, 1: 32bit segment, 2: 64bit segment
align - segment alignment. see below for alignment values
comb - segment combination. see below for combination values.
Returns:
0-failed, 1-ok

SegDelete(ea, disable)

Delete a segment
Parameters:
ea - any address in the segment
disable - 1: discard all bytes of the segment from the disassembled text 0: retain byte values
Returns:
boolean success

SegEnd(ea)

Get end address of a segment
Parameters:
ea - any address in the segment
Returns:
end of segment (an address past end of the segment) BADADDR - the specified address doesn't belong to any segment

SegName(ea)

Get name of a segment
Parameters:
ea - any address in the segment
Returns:
"" - no segment at the specified address

SegRename(ea, name)

Change name of the segment
Parameters:
ea - any address in the segment
name - new name of the segment
Returns:
success (boolean)

SegStart(ea)

Get start address of a segment
Parameters:
ea - any address in the segment
Returns:
start of segment BADADDR - the specified address doesn't belong to any segment

SelEnd()

Get end address of the selected area
Returns:
BADADDR - the user has not selected an area

SelStart()

Get start address of the selected area returns BADADDR - the user has not selected an area

SetBmaskCmt(enum_id, bmask, cmt, repeatable)

Set bitmask comment (only for bitfields)
Parameters:
enum_id - id of enum
bmask - bitmask of the constant
cmt - comment repeatable - type of comment, 0-regular, 1-repeatable
Returns:
1-ok, 0-failed

SetBmaskName(enum_id, bmask, name)

Set bitmask name (only for bitfields)
Parameters:
enum_id - id of enum
bmask - bitmask of the constant
name - name of bitmask
Returns:
1-ok, 0-failed

SetConstCmt(const_id, cmt, repeatable)

Set a comment of a symbolic constant
Parameters:
const_id - id of const
cmt - new comment for the constant
repeatable - is the comment repeatable? 0: set regular comment 1: set repeatable comment
Returns:
1-ok, 0-failed

SetConstName(const_id, name)

Rename a member of enum - a symbolic constant
Parameters:
const_id - id of const
name - new name of constant
Returns:
1-ok, 0-failed

SetEnumBf(enum_id, flag)

Set bitfield property of enum
Parameters:
enum_id - id of enum
flag - flags
  • 1: convert to bitfield
  • 0: convert to ordinary enum
Returns:
1-ok,0-failed

SetEnumCmt(enum_id, cmt, repeatable)

Set comment of enum
Parameters:
enum_id - id of enum
cmt - new comment for the enum
repeatable - is the comment repeatable?
  • 0:set regular comment
  • 1:set repeatable comment
Returns:
1-ok,0-failed

SetEnumFlag(enum_id, flag)

Set flag of enum
Parameters:
enum_id - id of enum
flag - flags for representation of numeric constants in the definition of enum.
Returns:
1-ok,0-failed

SetEnumIdx(enum_id, idx)

Give another serial number to a enum
Parameters:
enum_id - id of enum
idx -

new serial number. If another enum with the same serial number exists, then all enums with serial numbers >= the specified idx get their serial numbers incremented (in other words, the new enum is put in the middle of the list of enums).

If idx >= GetEnumQty() then the enum is moved to the end of the list of enums.
Returns:
comment string

SetEnumName(enum_id, name)

Rename enum
Parameters:
enum_id - id of enum
name - new name of enum
Returns:
1-ok,0-failed

SetFixup(ea, type, targetsel, targetoff, displ)

Set fixup information
Parameters:
ea - address to set fixup information about
type - fixup type. see GetFixupTgtType() for possible fixup types.
targetsel - target selector
targetoff - target offset
displ - displacement
Returns:
none

SetFunctionCmt(ea, cmt, repeatable)

Set function comment
Parameters:
ea - any address belonging to the function
cmt - a function comment line
repeatable - 1: get repeatable comment 0: get regular comment

SetFunctionEnd(ea, end)

Change function end address
Parameters:
ea - any address belonging to the function
end - new function end address
Returns:
!=0 - ok

SetFunctionFlags(ea, flags)

Change function flags
Parameters:
ea - any address belonging to the function
flags - see GetFunctionFlags() for explanations
Returns:
!=0 - ok

SetHiddenArea(ea, visible)

Set hidden area state
Parameters:
ea - any address belonging to the hidden area
visible - new state of the area
Returns:
!= 0 - ok

SetManualInsn(ea, insn)

Specify instruction represenation manually.
Parameters:
ea - linear address
insn - a string represenation of the operand

Note: IDA will not check the specified instruction, it will simply display it instead of the orginal representation.

SetSegmentType(segea, type)

Set segment type
Parameters:
segea - any address within segment
type - new segment type:
Returns:
!=0 - ok

SetSelector(sel, value)

Set a selector value
Parameters:
sel - 16bit selector number (should be less than 0xFFFF)
value - value of selector
Returns:
None

Note: ida supports up to 4096 selectors. if 'sel' == 'val' then the selector is destroyed because it has no significance

SetStatus(status)

Change IDA indicator.
Parameters:
status - new status
Returns:
the previous status.

Warning(msg)

Display a message in a message box
Parameters:
msg -

message to print (formatting is done in Python)

This function can be used to debug IDC scripts The user will be able to hide messages if they appear twice in a row on the screen

Word(ea)

Get value of program word (2 bytes)
Parameters:
ea - linear address
Returns:
the value of the word. If word has no value then returns 0xFFFF If the current byte size is different from 8 bits, then the returned value might have more 1's.

Variable Details

FIXUP_MASK

Type:
int
Value:
15                                                                    

INF_CORESTART

Type:
int
Value:
21                                                                    

INF_FCORESIZ

Type:
int
Value:
17                                                                    

INF_OMAX_EA

Type:
int
Value:
55                                                                    

INF_OMIN_EA

Type:
int
Value:
51                                                                    

INF_SIZEOF_LLONG

Type:
int
Value:
191                                                                   

INF_SIZEOF_LONG

Type:
int
Value:
190                                                                   

INF_SIZEOF_SHORT

Type:
int
Value:
189                                                                   

INF_SPECSEGS

Type:
int
Value:
77                                                                    

INF_WIDE_HIGH_BYTE_FIRST

Type:
int
Value:
72                                                                    

INFMAP

Type:
dict
Value:
{3: 'version',
 5: 'procname',
 13: 'lflags',
 14: 'demnames',
 128: 's_assume',
 129: 's_checkarg',
 130: 'start_ss',
 134: 'start_cs',
...

MAXADDR

Type:
int
Value:
-16777216                                                             

MS_CODE

Type:
int
Value:
-268435456                                                            

NM_EA

Type:
int
Value:
6                                                                     

NM_EA4

Type:
int
Value:
7                                                                     

NM_EA8

Type:
int
Value:
8                                                                     

NM_NAM_EA

Type:
int
Value:
5                                                                     

NM_NAM_OFF

Type:
int
Value:
2                                                                     

NM_PTR_EA

Type:
int
Value:
4                                                                     

NM_PTR_OFF

Type:
int
Value:
1                                                                     

NM_REL_EA

Type:
int
Value:
3                                                                     

NM_REL_OFF

Type:
int
Value:
0                                                                     

NM_SERIAL

Type:
int
Value:
10                                                                    

NM_SHORT

Type:
int
Value:
9                                                                     

OFILE_ASM

Type:
int
Value:
4                                                                     

OFILE_DIF

Type:
int
Value:
5                                                                     

OFILE_EXE

Type:
int
Value:
1                                                                     

OFILE_IDC

Type:
int
Value:
2                                                                     

OFILE_LST

Type:
int
Value:
3                                                                     

OFILE_MAP

Type:
int
Value:
0                                                                     

OSTYPE_MSDOS

Type:
int
Value:
1                                                                     

OSTYPE_NETW

Type:
int
Value:
8                                                                     

OSTYPE_OS2

Type:
int
Value:
4                                                                     

OSTYPE_WIN

Type:
int
Value:
2                                                                     

SEG_NORM

Type:
int
Value:
0                                                                     

   Trees       Index       Help   

Project Homepage

Generated by Epydoc 2.1 on Wed Jan 18 16:10:50 2006 http://epydoc.sf.net