#---------------------------------------------------------------------------- # T Y P E L I B R A R I E S #---------------------------------------------------------------------------- def LoadTil(name): """ Load a type library @param name: name of type library. @return: 1-ok, 0-failed. """ til = idaapi.add_til2(name, idaapi.ADDTIL_DEFAULT) if til: return 1 else: return 0 def Til2Idb(idx, type_name): """ Copy information from type library to database Copy structure, union, or enum definition from the type library to the IDA database. @param idx: the position of the new type in the list of types (structures or enums) -1 means at the end of the list @param type_name: name of type to copy @return: BADNODE-failed, otherwise the type id (structure id or enum id) """ return idaapi.import_type(idaapi.cvar.idati, idx, type_name) def GetType(ea): """ Get type of function/variable @param ea: the address of the object @return: type string or None if failed """ return idaapi.idc_get_type(ea) def SizeOf(typestr): """ Returns the size of the type. It is equivalent to IDC's sizeof(). Use name, tp, fld = idc.ParseType() ; SizeOf(tp) to retrieve the size @return: -1 if typestring is not valid otherwise the size of the type """ return idaapi.calc_type_size(idaapi.cvar.idati, typestr) def GetTinfo(ea): """ Get type information of function/variable as 'typeinfo' object @param ea: the address of the object @return: None on failure, or (type, fields) tuple. """ return idaapi.idc_get_type_raw(ea) def GetLocalTinfo(ordinal): """ Get local type information as 'typeinfo' object @param ordinal: slot number (1...NumberOfLocalTypes) @return: None on failure, or (type, fields, name) tuple. """ return idaapi.idc_get_local_type_raw(ordinal) def GuessType(ea): """ Guess type of function/variable @param ea: the address of the object, can be the structure member id too @return: type string or None if failed """ return idaapi.idc_guess_type(ea) TINFO_GUESSED = 0x0000 # this is a guessed type TINFO_DEFINITE = 0x0001 # this is a definite type TINFO_DELAYFUNC = 0x0002 # if type is a function and no function exists at ea, # schedule its creation and argument renaming to # auto-analysis otherwise try to create it immediately def ApplyType(ea, py_type, flags = TINFO_DEFINITE): """ Apply the specified type to the address @param ti: Type info. 'idaapi.cvar.idati' can be passed. @param py_type: typeinfo tuple (type, fields) as GetTinfo() returns or tuple (name, type, fields) as ParseType() returns or None if specified as None, then the item associated with 'ea' will be deleted. @param ea: the address of the object @param flags: combination of TINFO_... constants or 0 @return: Boolean """ if py_type is None: py_type = "" if isinstance(py_type, basestring) and len(py_type) == 0: pt = ("", "") else: if len(py_type) == 3: pt = py_type[1:] # skip name component else: pt = py_type return idaapi.apply_type(idaapi.cvar.idati, pt[0], pt[1], ea, flags) def SetType(ea, newtype): """ Set type of function/variable @param ea: the address of the object @param newtype: the type string in C declaration form. Must contain the closing ';' if specified as an empty string, then the item associated with 'ea' will be deleted. @return: 1-ok, 0-failed. """ if newtype is not '': pt = ParseType(newtype, 1) # silent if pt is None: # parsing failed return None else: pt = None return ApplyType(ea, pt, TINFO_DEFINITE) def ParseType(inputtype, flags): """ Parse type declaration @param inputtype: file name or C declarations (depending on the flags) @param flags: combination of PT_... constants or 0 @return: None on failure or (name, type, fields) tuple """ if len(inputtype) != 0 and inputtype[-1] != ';': inputtype = inputtype + ';' return idaapi.idc_parse_decl(idaapi.cvar.idati, inputtype, flags) def ParseTypes(inputtype, flags = 0): """ Parse type declarations @param inputtype: file name or C declarations (depending on the flags) @param flags: combination of PT_... constants or 0 @return: number of parsing errors (0 no errors) """ return idaapi.idc_parse_types(inputtype, flags) PT_FILE = 0x0001 # input if a file name (otherwise contains type declarations) PT_SILENT = 0x0002 # silent mode PT_PAKDEF = 0x0000 # default pack value PT_PAK1 = 0x0010 # #pragma pack(1) PT_PAK2 = 0x0020 # #pragma pack(2) PT_PAK4 = 0x0030 # #pragma pack(4) PT_PAK8 = 0x0040 # #pragma pack(8) PT_PAK16 = 0x0050 # #pragma pack(16) PT_HIGH = 0x0080 # assume high level prototypes # (with hidden args, etc) PT_LOWER = 0x0100 # lower the function prototypes def GetMaxLocalType(): """ Get number of local types + 1 @return: value >= 1. 1 means that there are no local types. """ return idaapi.get_ordinal_qty(idaapi.cvar.idati) def SetLocalType(ordinal, input, flags): """ Parse one type declaration and store it in the specified slot @param ordinal: slot number (1...NumberOfLocalTypes) -1 means allocate new slot or reuse the slot of the existing named type @param input: C declaration. Empty input empties the slot @param flags: combination of PT_... constants or 0 @return: slot number or 0 if error """ return idaapi.idc_set_local_type(ordinal, input, flags) def GetLocalType(ordinal, flags): """ Retrieve a local type declaration @param flags: any of PRTYPE_* constants @return: local type as a C declaration or "" """ (type, fields) = GetLocalTinfo(ordinal) if type: name = GetLocalTypeName(ordinal) return idaapi.idc_print_type(type, fields, name, flags) return "" PRTYPE_1LINE = 0x0000 # print to one line PRTYPE_MULTI = 0x0001 # print to many lines PRTYPE_TYPE = 0x0002 # print type declaration (not variable declaration) PRTYPE_PRAGMA = 0x0004 # print pragmas for alignment def GetLocalTypeName(ordinal): """ Retrieve a local type name @param ordinal: slot number (1...NumberOfLocalTypes) returns: local type name or None