function module

binaryninja.function.AdvancedFunctionAnalysisDataRequestor([func])

binaryninja.function.ArchAndAddr(arch, addr)

binaryninja.function.BasicBlockList(function)

binaryninja.function.DisassemblySettings([...])

binaryninja.function.DisassemblyTextLine(tokens)

binaryninja.function.DisassemblyTextRenderer([...])

binaryninja.function.Function([view, handle])

binaryninja.function.FunctionViewType(view_type)

binaryninja.function.HighLevelILBasicBlockList(...)

binaryninja.function.ILReferenceSource(func, ...)

binaryninja.function.LowLevelILBasicBlockList(...)

binaryninja.function.MediumLevelILBasicBlockList(...)

binaryninja.function.TagList(function)

binaryninja.function.VariableReferenceSource(...)

class AdvancedFunctionAnalysisDataRequestor(func: Function | None = None)[source]

Bases: object

Parameters:

func (Function | None) –

close() None[source]
Return type:

None

property function: Function | None
class ArchAndAddr(arch: 'architecture.Architecture', addr: int)[source]

Bases: object

Parameters:
addr: int
arch: Architecture
class BasicBlockList(function: Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction)[source]

Bases: object

Parameters:

function (Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction) –

class DisassemblySettings(handle: LP_BNDisassemblySettings | None = None)[source]

Bases: object

Parameters:

handle (LP_BNDisassemblySettings | None) –

is_option_set(option: DisassemblyOption) bool[source]
Parameters:

option (DisassemblyOption) –

Return type:

bool

set_option(option: DisassemblyOption, state: bool = True) None[source]
Parameters:
Return type:

None

property max_symbol_width: int
property width: int
class DisassemblyTextLine(tokens: List[ForwardRef('InstructionTextToken')], address: int | None = None, il_instr: Union[ForwardRef('lowlevelil.LowLevelILInstruction'), ForwardRef('mediumlevelil.MediumLevelILInstruction'), ForwardRef('highlevelil.HighLevelILInstruction'), NoneType] = None, color: Union[ForwardRef('_highlight.HighlightColor'), binaryninja.enums.HighlightStandardColor, NoneType] = None)[source]

Bases: object

Parameters:
address: int | None
highlight: HighlightColor
il_instruction: LowLevelILInstruction | MediumLevelILInstruction | HighLevelILInstruction | None
tokens: List[InstructionTextToken]
class DisassemblyTextRenderer(func: Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction | None = None, settings: DisassemblySettings | None = None, handle: BNDisassemblySettings | None = None)[source]

Bases: object

Parameters:
add_integer_token(tokens: List[InstructionTextToken], int_token: InstructionTextToken, addr: int, arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

add_stack_var_reference_tokens(tokens: List[InstructionTextToken], ref: StackVariableReference) None[source]
Parameters:
Return type:

None

add_symbol_token(tokens: List[InstructionTextToken], addr: int, size: int, operand: int | None = None) bool[source]
Parameters:
Return type:

bool

get_disassembly_text(addr: int) Generator[Tuple[DisassemblyTextLine | None, int], None, None][source]
Parameters:

addr (int) –

Return type:

Generator[Tuple[DisassemblyTextLine | None, int], None, None]

get_instruction_annotations(addr: int) List[InstructionTextToken][source]
Parameters:

addr (int) –

Return type:

List[InstructionTextToken]

get_instruction_text(addr: int) Generator[Tuple[DisassemblyTextLine | None, int], None, None][source]
Parameters:

addr (int) –

Return type:

Generator[Tuple[DisassemblyTextLine | None, int], None, None]

static is_integer_token(token: InstructionTextToken) bool[source]
Parameters:

token (InstructionTextToken) –

Return type:

bool

post_process_lines(addr: int, length: int, in_lines: str | List[str] | List[DisassemblyTextLine], indent_spaces: str = '')[source]
Parameters:
reset_deduplicated_comments() None[source]
Return type:

None

wrap_comment(lines: List[DisassemblyTextLine], cur_line: DisassemblyTextLine, comment: str, has_auto_annotations: bool, leading_spaces: str = '  ', indent_spaces: str = '') None[source]
Parameters:
Return type:

None

property arch: Architecture
property basic_block: BasicBlock | None
property function: Function
property has_data_flow: bool
property il: bool
property il_function: LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction | None
property settings: DisassemblySettings
class Function(view: BinaryView | None = None, handle: LP_BNFunction | None = None)[source]

Bases: object

Parameters:

  • view (BinaryView | None) –

  • handle (LP_BNFunction | None) –

add_tag(tag_type: str, data: str, addr: int | None = None, auto: bool = False, arch: Architecture | None = None)[source]

add_tag creates and adds a Tag object on either a function, or on an address inside of a function.

“Function tags” appear at the top of a function and are a good way to label an entire function with some information. If you include an address when you call Function.add_tag, you’ll create an “address tag”. These are good for labeling specific instructions.

For tagging arbitrary data, consider add_tag.

Parameters:

  • tag_type_name (str) – The name of the tag type for this Tag

  • data (str) – additional data for the Tag

  • addr (int) – address at which to add the tag

  • user (bool) – Whether or not a user tag

  • tag_type (str) –

  • auto (bool) –

  • arch (Architecture | None) –

Example:
>>> current_function.add_tag("Important", "I think this is the main function")
>>> current_function.add_tag("Crashes", "Nullpointer dereference", here)

Warning: For performance reasons, this function does not ensure the address you have supplied is within the function’s bounds.

add_user_code_ref(from_addr: int, to_addr: int, arch: Architecture | None = None) None[source]

add_user_code_ref places a user-defined cross-reference from the instruction at the given address and architecture to the specified target address. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use remove_user_code_ref.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • to_addr (int) – virtual address of the xref’s destination.

  • arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.add_user_code_ref(here, 0x400000)
add_user_type_field_ref(from_addr: int, name: types.QualifiedNameType, offset: int, from_arch: Architecture | None = None, size: int = 0) None[source]

add_user_type_field_ref places a user-defined type field cross-reference from the instruction at the given address and architecture to the specified type. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use remove_user_type_field_ref.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • offset (int) – offset of the field, relative to the type

  • from_arch (Architecture) – (optional) architecture of the source instruction

  • size (int) – (optional) the size of the access

Return type:

None

Example:
>>> current_function.add_user_type_field_ref(here, 'A', 0x8)
add_user_type_ref(from_addr: int, name: types.QualifiedNameType, from_arch: Architecture | None = None) None[source]

add_user_type_ref places a user-defined type cross-reference from the instruction at the given address and architecture to the specified type. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use remove_user_type_ref.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • from_arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.add_user_code_ref(here, 'A')
apply_auto_discovered_type(func_type: str | Type | TypeBuilder) None[source]
Parameters:

func_type (str | Type | TypeBuilder) –

Return type:

None

apply_imported_types(sym: CoreSymbol, type: str | Type | TypeBuilder | None = None) None[source]
Parameters:
Return type:

None

clear_all_user_var_values() None[source]

Clear all user defined variable values.

Return type:

None

clear_user_var_value(var: Variable, def_addr: int) None[source]

Clears a previously defined user variable value.

Parameters:

  • var (Variable) – Variable for which the value was informed

  • def_addr (int) – Address of the definition site of the variable

Return type:

None

create_auto_stack_var(offset: int, var_type: str | Type | TypeBuilder, name: str) None[source]
Parameters:
Return type:

None

create_auto_var(var: Variable, var_type: str | Type | TypeBuilder, name: str, ignore_disjoint_uses: bool = False) None[source]
Parameters:
Return type:

None

create_graph(graph_type: FunctionViewType | FunctionGraphType | str = FunctionGraphType.NormalFunctionGraph, settings: DisassemblySettings | None = None) CoreFlowGraph[source]
Parameters:
Return type:

CoreFlowGraph

create_user_stack_var(offset: int, var_type: str | Type | TypeBuilder, name: str) None[source]
Parameters:
Return type:

None

create_user_var(var: Variable, var_type: str | Type | TypeBuilder, name: str, ignore_disjoint_uses: bool = False) None[source]
Parameters:
Return type:

None

delete_auto_stack_var(offset: int) None[source]
Parameters:

offset (int) –

Return type:

None

delete_user_stack_var(offset: int) None[source]
Parameters:

offset (int) –

Return type:

None

delete_user_var(var: Variable) None[source]
Parameters:

var (Variable) –

Return type:

None

get_all_user_var_values() Dict[Variable, Dict[ArchAndAddr, PossibleValueSet]][source]

Returns a map of current defined user variable values.

Returns:

Map of user current defined user variable values and their definition sites.

Type:

dict of (Variable, dict of (ArchAndAddr, PossibleValueSet))

Return type:

Dict[Variable, Dict[ArchAndAddr, PossibleValueSet]]

get_basic_block_at(addr: int, arch: Architecture | None = None) BasicBlock | None[source]

get_basic_block_at returns the BasicBlock of the optionally specified Architecture arch at the given address addr.

Parameters:

  • addr (int) – Address of the BasicBlock to retrieve.

  • arch (Architecture) – (optional) Architecture of the basic block if different from the Function’s self.arch

Example:
>>> current_function.get_basic_block_at(current_function.start)
<block: x86_64@0x100000f30-0x100000f50>
Return type:

BasicBlock | None

get_block_annotations(addr: int, arch: Architecture | None = None) List[List[InstructionTextToken]][source]
Parameters:
Return type:

List[List[InstructionTextToken]]

get_call_reg_stack_adjustment(addr: int, arch: Architecture | None = None) Dict[RegisterStackName, RegisterStackAdjustmentWithConfidence][source]
Parameters:
Return type:

Dict[RegisterStackName, RegisterStackAdjustmentWithConfidence]

get_call_reg_stack_adjustment_for_reg_stack(addr: int, reg_stack: RegisterStackName | ILRegisterStack | RegisterStackIndex, arch: Architecture | None = None) RegisterStackAdjustmentWithConfidence[source]
Parameters:
Return type:

RegisterStackAdjustmentWithConfidence

get_call_stack_adjustment(addr: int, arch: Architecture | None = None) OffsetWithConfidence[source]
Parameters:
Return type:

OffsetWithConfidence

get_call_type_adjustment(addr: int, arch: Architecture | None = None) Type | None[source]
Parameters:
Return type:

Type | None

get_comment_at(addr: int) str[source]
Parameters:

addr (int) –

Return type:

str

get_constant_data(state: RegisterValueType, value: int, size: int = 0) DataBuffer[source]
Parameters:
Return type:

DataBuffer

get_constant_data_and_builtin(state: RegisterValueType, value: int, size: int = 0) Tuple[DataBuffer, BuiltinType][source]
Parameters:
Return type:

Tuple[DataBuffer, BuiltinType]

get_constants_referenced_by(addr: int, arch: Architecture | None = None) List[ConstantReference][source]
Parameters:
Return type:

List[ConstantReference]

get_constants_referenced_by_address_if_available(addr: int, arch: Architecture | None = None) List[ConstantReference][source]
Parameters:
Return type:

List[ConstantReference]

get_flags_read_by_lifted_il_instruction(i: InstructionIndex) List[FlagName][source]
Parameters:

i (InstructionIndex) –

Return type:

List[FlagName]

get_flags_written_by_lifted_il_instruction(i: InstructionIndex) List[FlagName][source]
Parameters:

i (InstructionIndex) –

Return type:

List[FlagName]

get_function_tags(auto: bool | None = None, tag_type: str | None = None) List[Tag][source]

get_function_tags gets a list of function Tags for the function.

Parameters:

  • auto (bool) – If None, gets all tags, if True, gets auto tags, if False, gets user tags

  • tag_type (str) – If None, gets all tags, otherwise only gets tags of the given type

Return type:

list(Tag)

get_hlil_var_refs(var: Variable) List[ILReferenceSource][source]

get_hlil_var_refs returns a list of ILReferenceSource objects (IL xrefs or cross-references) that reference the given variable. The variable is a local variable that can be either on the stack, in a register, or in a flag.

Parameters:

var (Variable) – Variable for which to query the xref

Returns:

List of IL References for the given variable

Return type:

list(ILReferenceSource)

Example:
>>> mlil_var = current_hlil[0].operands[0]
>>> current_function.get_hlil_var_refs(mlil_var)
get_hlil_var_refs_from(addr: int, length: int | None = None, arch: Architecture | None = None) List[VariableReferenceSource][source]

get_hlil_var_refs_from returns a list of variables referenced by code in the function func, of the architecture arch, and at the address addr. If no function is specified, references from all functions and containing the address will be returned. If no architecture is specified, the architecture of the function will be used.

Parameters:

  • addr (int) – virtual address to query for variable references

  • length (int) – optional length of query

  • arch (Architecture) – optional architecture of query

Returns:

list of variables reference sources

Return type:

list(VariableReferenceSource)

get_indirect_branches_at(addr: int, arch: Architecture | None = None) List[IndirectBranchInfo][source]
Parameters:
Return type:

List[IndirectBranchInfo]

get_instr_highlight(addr: int, arch: Architecture | None = None) HighlightColor[source]
Example:
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
>>> current_function.get_instr_highlight(here)
<color: #ff00ff>
Parameters:
Return type:

HighlightColor

get_instruction_containing_address(addr: int, arch: Architecture | None = None) int | None[source]
Parameters:
Return type:

int | None

get_int_display_type(instr_addr: int, value: int, operand: int, arch: Architecture | None = None) IntegerDisplayType[source]

Get the current text display type for an integer token in the disassembly or IL views

See also see get_int_display_type_and_typeid

Parameters:

  • instr_addr (int) – Address of the instruction or IL line containing the token

  • value (int) – value field of the InstructionTextToken object for the token, usually the constant displayed

  • operand (int) – Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token

  • arch (Architecture) – (optional) Architecture of the instruction or IL line containing the token

Return type:

IntegerDisplayType

get_int_display_type_and_typeid(instr_addr: int, value: int, operand: int, arch: ~binaryninja.architecture.Architecture | None = None) -> (<enum 'IntegerDisplayType'>, <class 'str'>)[source]

Get the current text display type for an integer token in the disassembly or IL views

Parameters:

  • instr_addr (int) – Address of the instruction or IL line containing the token

  • value (int) – value field of the InstructionTextToken object for the token, usually the constant displayed

  • operand (int) – Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token

  • arch (Architecture) – (optional) Architecture of the instruction or IL line containing the token

Return type:

(<enum ‘IntegerDisplayType’>, <class ‘str’>)

get_int_enum_display_typeid(instr_addr: int, value: int, operand: int, arch: Architecture | None = None) str[source]

Get the current text display enum type for an integer token in the disassembly or IL views.

See also see get_int_display_type_and_typeid

Parameters:

  • instr_addr (int) – Address of the instruction or IL line containing the token

  • value (int) – value field of the InstructionTextToken object for the token, usually the constant displayed

  • operand (int) – Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token

  • arch (Architecture) – (optional) Architecture of the instruction or IL line containing the token

Returns:

TypeID for the integer token

Return type:

str

get_lifted_il_at(addr: int, arch: Architecture | None = None) LowLevelILInstruction | None[source]
Parameters:
Return type:

LowLevelILInstruction | None

get_lifted_il_flag_definitions_for_use(i: InstructionIndex, flag: FlagName | ILFlag | FlagIndex) List[InstructionIndex][source]
Parameters:

  • i (InstructionIndex) –

  • flag (FlagName | ILFlag | FlagIndex) –

Return type:

List[InstructionIndex]

get_lifted_il_flag_uses_for_definition(i: InstructionIndex, flag: FlagName | ILFlag | FlagIndex) List[LowLevelILInstruction][source]
Parameters:

  • i (InstructionIndex) –

  • flag (FlagName | ILFlag | FlagIndex) –

Return type:

List[LowLevelILInstruction]

get_lifted_ils_at(addr: int, arch: Architecture | None = None) List[LowLevelILInstruction][source]

get_lifted_ils_at gets the Lifted IL Instruction(s) corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

list(LowLevelILInstruction)

Example:
>>> func = next(bv.functions)
>>> func.get_lifted_ils_at(func.start)
[<il: push(rbp)>]
get_llil_at(addr: int, arch: Architecture | None = None) LowLevelILInstruction | None[source]

get_llil_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

LowLevelILInstruction

Example:
>>> func = next(bv.functions)
>>> func.get_llil_at(func.start)
<il: push(rbp)>
get_llils_at(addr: int, arch: Architecture | None = None) List[LowLevelILInstruction][source]

get_llils_at gets the LowLevelILInstruction(s) corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

list(LowLevelILInstruction)

Example:
>>> func = next(bv.functions)
>>> func.get_llils_at(func.start)
[<il: push(rbp)>]
get_low_level_il_at(addr: int, arch: Architecture | None = None) LowLevelILInstruction | None[source]

get_low_level_il_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

LowLevelILInstruction

Example:
>>> func = next(bv.functions)
>>> func.get_low_level_il_at(func.start)
<il: push(rbp)>
get_low_level_il_exits_at(addr: int, arch: Architecture | None = None) List[int][source]
Parameters:
Return type:

List[int]

get_mlil_var_refs(var: Variable) List[ILReferenceSource][source]

get_mlil_var_refs returns a list of ILReferenceSource objects (IL xrefs or cross-references) that reference the given variable. The variable is a local variable that can be either on the stack, in a register, or in a flag. This function is related to get_hlil_var_refs(), which returns variable references collected from HLIL. The two can be different in several cases, e.g., multiple variables in MLIL can be merged into a single variable in HLIL.

Parameters:

var (Variable) – Variable for which to query the xref

Returns:

List of IL References for the given variable

Return type:

list(ILReferenceSource)

Example:
>>> mlil_var = current_mlil[0].operands[0]
>>> current_function.get_mlil_var_refs(mlil_var)
get_mlil_var_refs_from(addr: int, length: int | None = None, arch: Architecture | None = None) List[VariableReferenceSource][source]

get_mlil_var_refs_from returns a list of variables referenced by code in the function func, of the architecture arch, and at the address addr. If no function is specified, references from all functions and containing the address will be returned. If no architecture is specified, the architecture of the function will be used. This function is related to get_hlil_var_refs_from(), which returns variable references collected from HLIL. The two can be different in several cases, e.g., multiple variables in MLIL can be merged into a single variable in HLIL.

Parameters:

  • addr (int) – virtual address to query for variable references

  • length (int) – optional length of query

  • arch (Architecture) – optional architecture of query

Returns:

list of variable reference sources

Return type:

list(VariableReferenceSource)

get_parameter_at(addr: int, func_type: Type | None, i: int, arch: Architecture | None = None) RegisterValue[source]
Parameters:
Return type:

RegisterValue

get_parameter_at_low_level_il_instruction(instr: InstructionIndex, func_type: Type, i: int) RegisterValue[source]
Parameters:

  • instr (InstructionIndex) –

  • func_type (Type) –

  • i (int) –

Return type:

RegisterValue

get_reg_value_after(addr: int, reg: RegisterName | ILRegister | RegisterIndex, arch: Architecture | None = None) RegisterValue[source]

get_reg_value_after gets the value instruction address corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the instruction to query

  • reg (str) – string value of native register to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

RegisterValue

Example:
>>> current_function.get_reg_value_after(0x400dbe, 'rdi')
<undetermined>
get_reg_value_at(addr: int, reg: RegisterName | ILRegister | RegisterIndex, arch: Architecture | None = None) RegisterValue[source]

get_reg_value_at gets the value the provided string register address corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the instruction to query

  • reg (str) – string value of native register to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

RegisterValue

Example:
>>> current_function.get_reg_value_at(0x400dbe, 'rdi')
<const 0x2>
get_reg_value_at_exit(reg: RegisterName | ILRegister | RegisterIndex) RegisterValue[source]
Parameters:

reg (RegisterName | ILRegister | RegisterIndex) –

Return type:

RegisterValue

get_regs_read_by(addr: int, arch: Architecture | None = None) List[RegisterName][source]
Parameters:
Return type:

List[RegisterName]

get_regs_written_by(addr: int, arch: Architecture | None = None) List[RegisterName][source]
Parameters:
Return type:

List[RegisterName]

get_stack_contents_after(addr: int, offset: int, size: int, arch: Architecture | None = None) RegisterValue[source]
Parameters:
Return type:

RegisterValue

get_stack_contents_at(addr: int, offset: int, size: int, arch: Architecture | None = None) RegisterValue[source]

get_stack_contents_at returns the RegisterValue for the item on the stack in the current function at the given virtual address addr, stack offset offset and size of size. Optionally specifying the architecture.

Parameters:

  • addr (int) – virtual address of the instruction to query

  • offset (int) – stack offset base of stack

  • size (int) – size of memory to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

RegisterValue

Note

Stack base is zero on entry into the function unless the architecture places the return address on the stack as in (x86/x86_64) where the stack base will start at address_size

Example:
>>> current_function.get_stack_contents_at(0x400fad, -16, 4)
<range: 0x8 to 0xffffffff>
Parameters:
Return type:

RegisterValue

get_stack_var_at_frame_offset(offset: int, addr: int, arch: Architecture | None = None) Variable | None[source]
Parameters:
Return type:

Variable | None

get_stack_vars_referenced_by(addr: int, arch: Architecture | None = None) List[StackVariableReference][source]
Parameters:
Return type:

List[StackVariableReference]

get_stack_vars_referenced_by_address_if_available(addr: int, arch: Architecture | None = None) List[StackVariableReference][source]
Parameters:
Return type:

List[StackVariableReference]

get_tags_at(addr: int, arch: Architecture | None = None, auto: bool | None = None) List[Tag][source]

get_tags gets a list of Tags (but not function tags).

Parameters:

  • addr (int) – Address to get tags from.

  • auto (bool) – If None, gets all tags, if True, gets auto tags, if False, gets user tags

  • arch (Architecture | None) –

Return type:

list((Architecture, int, Tag))

get_tags_in_range(address_range: AddressRange, arch: Architecture | None = None, auto: bool | None = None) List[Tuple[Architecture, int, Tag]][source]

get_address_tags_in_range gets a list of all Tags in the function at a given address. Range is inclusive at the start, exclusive at the end.

Parameters:

  • address_range (AddressRange) – Address range from which to get tags

  • arch (Architecture) – Architecture for the block in which the Tag is located (optional)

  • auto (bool) – If None, gets all tags, if True, gets auto tags, if False, gets user tags

Returns:

A list of (arch, address, Tag) tuples

Return type:

list((Architecture, int, Tag))

get_type_tokens(settings: DisassemblySettings | None = None) List[DisassemblyTextLine][source]
Parameters:

settings (DisassemblySettings | None) –

Return type:

List[DisassemblyTextLine]

get_variable_by_name(name: str) Variable | None[source]

Get a specific variable or None if it doesn’t exist

Parameters:

name (str) –

Return type:

Variable | None

is_call_instruction(addr: int, arch: Architecture | None = None) bool[source]
Parameters:
Return type:

bool

is_var_user_defined(var: Variable) bool[source]
Parameters:

var (Variable) –

Return type:

bool

language_representation(language: str) LanguageRepresentationFunction | None[source]
Parameters:

language (str) –

Return type:

LanguageRepresentationFunction | None

language_representation_if_available(language: str) LanguageRepresentationFunction | None[source]
Parameters:

language (str) –

Return type:

LanguageRepresentationFunction | None

mark_caller_updates_required(update_type: FunctionUpdateType = FunctionUpdateType.UserFunctionUpdate) None[source]

mark_caller_updates_required indicates that callers of this function need to be reanalyzed during the next update cycle

Parameters:

update_type (FunctionUpdateType) – (optional) Desired update type

Return type:

None

mark_recent_use() None[source]
Return type:

None

mark_updates_required(update_type: FunctionUpdateType = FunctionUpdateType.UserFunctionUpdate) None[source]

mark_updates_required indicates that this function needs to be reanalyzed during the next update cycle

Parameters:

update_type (FunctionUpdateType) – (optional) Desired update type

Return type:

None

merge_vars(target: Variable, sources: List[Variable] | Variable) None[source]

merge_vars merges one or more variables in sources into the target variable. All variable accesses to the variables in sources will be rewritten to use target.

Parameters:
Return type:

None

reanalyze(update_type: FunctionUpdateType = FunctionUpdateType.UserFunctionUpdate) None[source]

reanalyze causes this function to be reanalyzed. This function does not wait for the analysis to finish.

Parameters:

update_type (FunctionUpdateType) – (optional) Desired update type

Return type:

None

Warning

If analysis_skipped is True, using this API will not trigger re-analysis. Instead, set analysis_skipped to False.

Return type:

None

Parameters:

update_type (FunctionUpdateType) –

release_advanced_analysis_data() None[source]
Return type:

None

remove_auto_address_tag(addr: int, tag: Tag, arch: Architecture | None = None) None[source]

remove_auto_address_tag removes a Tag object at a given address.

Parameters:

  • addr (int) – Address at which to add the tag

  • tag (Tag) – Tag object to be added

  • arch (Architecture) – Architecture for the block in which the Tag is added (optional)

Return type:

None

remove_auto_address_tags_of_type(addr: int, tag_type: str, arch=None)[source]

remove_auto_address_tags_of_type removes all tags at the given address of the given type.

Parameters:

  • addr (int) – Address at which to remove the tags

  • tag_type (Tag) – TagType object to match for removing

  • arch (Architecture) – Architecture for the block in which the Tags is located (optional)

Return type:

None

remove_auto_function_tag(tag: Tag) None[source]

remove_user_function_tag removes a Tag object as a function tag.

Parameters:

tag (Tag) – Tag object to be added

Return type:

None

remove_auto_function_tags_of_type(tag_type: str)[source]

remove_user_function_tags_of_type removes all function Tag objects on a function of a given type

Parameters:

tag_type (TagType) – TagType object to match for removing

Return type:

None

remove_user_address_tag(addr: int, tag: Tag, arch: Architecture | None = None) None[source]

remove_user_address_tag removes a Tag object at a given address. Since this removes a user tag, it will be added to the current undo buffer.

Parameters:

  • addr (int) – Address at which to remove the tag

  • tag (Tag) – Tag object to be added

  • arch (Architecture) – Architecture for the block in which the Tag is added (optional)

Return type:

None

remove_user_address_tags_of_type(addr: int, tag_type: str, arch=None)[source]

remove_user_address_tags_of_type removes all tags at the given address of the given type. Since this removes user tags, it will be added to the current undo buffer.

Parameters:

  • addr (int) – Address at which to remove the tag

  • tag_type (Tag) – TagType object to match for removing

  • arch (Architecture) – Architecture for the block in which the Tags is located (optional)

Return type:

None

remove_user_code_ref(from_addr: int, to_addr: int, from_arch: Architecture | None = None) None[source]

remove_user_code_ref removes a user-defined cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • to_addr (int) – virtual address of the xref’s destination.

  • from_arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.remove_user_code_ref(here, 0x400000)
remove_user_function_tag(tag: Tag) None[source]

remove_user_function_tag removes a Tag object as a function tag. Since this removes a user tag, it will be added to the current undo buffer.

Parameters:

tag (Tag) – Tag object to be added

Return type:

None

remove_user_function_tags_of_type(tag_type: str)[source]

remove_user_function_tags_of_type removes all function Tag objects on a function of a given type Since this removes user tags, it will be added to the current undo buffer.

Parameters:

tag_type (TagType) – TagType object to match for removing

Return type:

None

remove_user_type_field_ref(from_addr: int, name: types.QualifiedNameType, offset: int, from_arch: Architecture | None = None, size: int = 0) None[source]

remove_user_type_field_ref removes a user-defined type field cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • offset (int) – offset of the field, relative to the type

  • from_arch (Architecture) – (optional) architecture of the source instruction

  • size (int) – (optional) the size of the access

Return type:

None

Example:
>>> current_function.remove_user_type_field_ref(here, 'A', 0x8)
remove_user_type_ref(from_addr: int, name: types.QualifiedNameType, from_arch: Architecture | None = None) None[source]

remove_user_type_ref removes a user-defined type cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • from_arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.remove_user_type_ref(here, 'A')
request_advanced_analysis_data() None[source]
Return type:

None

request_debug_report(name: str) None[source]

request_debug_report can generate internal debug reports for a variety of analysis. Current list of possible values include:

  • mlil_translator

  • stack_adjust_graph

  • high_level_il

Parameters:

name (str) – Name of the debug report

Return type:

None

set_auto_call_reg_stack_adjustment(addr: int, adjust: Mapping[RegisterStackName, int], arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

set_auto_call_reg_stack_adjustment_for_reg_stack(addr: int, reg_stack: RegisterStackName | ILRegisterStack | RegisterStackIndex, adjust, arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

set_auto_call_stack_adjustment(addr: int, adjust: int | OffsetWithConfidence, arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

set_auto_calling_convention(value: CallingConvention) None[source]
Parameters:

value (CallingConvention) –

Return type:

None

set_auto_can_return(value: bool | BoolWithConfidence) None[source]
Parameters:

value (bool | BoolWithConfidence) –

Return type:

None

set_auto_clobbered_regs(value: List[RegisterName | ILRegister | RegisterIndex]) None[source]
Parameters:

value (List[RegisterName | ILRegister | RegisterIndex]) –

Return type:

None

set_auto_has_variable_arguments(value: bool | BoolWithConfidence) None[source]
Parameters:

value (bool | BoolWithConfidence) –

Return type:

None

set_auto_indirect_branches(source: int, branches: List[Tuple[Architecture, int]], source_arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

set_auto_inline_during_analysis(value: bool | BoolWithConfidence)[source]
Parameters:

value (bool | BoolWithConfidence) –

set_auto_instr_highlight(addr: int, color: HighlightColor | HighlightStandardColor, arch: Architecture | None = None)[source]

set_auto_instr_highlight highlights the instruction at the specified address with the supplied color

Warning

Use only in analysis plugins. Do not use in regular plugins, as colors won’t be saved to the database.

Parameters:
set_auto_parameter_vars(value: List[Variable] | Variable | ParameterVariables | None) None[source]
Parameters:

value (List[Variable] | Variable | ParameterVariables | None) –

Return type:

None

set_auto_pure(value: bool | BoolWithConfidence) None[source]
Parameters:

value (bool | BoolWithConfidence) –

Return type:

None

set_auto_reg_stack_adjustments(value: Mapping[RegisterStackName, RegisterStackAdjustmentWithConfidence])[source]
Parameters:

value (Mapping[RegisterStackName, RegisterStackAdjustmentWithConfidence]) –

set_auto_return_regs(value: RegisterSet | List[RegisterName | ILRegister | RegisterIndex]) None[source]
Parameters:

value (RegisterSet | List[RegisterName | ILRegister | RegisterIndex]) –

Return type:

None

set_auto_return_type(value: str | Type | TypeBuilder) None[source]
Parameters:

value (str | Type | TypeBuilder) –

Return type:

None

set_auto_stack_adjustment(value: int | OffsetWithConfidence) None[source]
Parameters:

value (int | OffsetWithConfidence) –

Return type:

None

set_auto_type(value: str | Type | TypeBuilder) None[source]
Parameters:

value (str | Type | TypeBuilder) –

Return type:

None

set_call_reg_stack_adjustment(addr: int, adjust: Mapping[RegisterStackName, int | RegisterStackAdjustmentWithConfidence], arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

set_call_reg_stack_adjustment_for_reg_stack(addr: int, reg_stack: RegisterStackName | ILRegisterStack | RegisterStackIndex, adjust: int | RegisterStackAdjustmentWithConfidence, arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

set_call_stack_adjustment(addr: int, adjust: int | OffsetWithConfidence, arch: Architecture | None = None)[source]
Parameters:
set_call_type_adjustment(addr: int, adjust_type: str | Type | TypeBuilder | None = None, arch: Architecture | None = None) None[source]

set_call_type_adjustment sets or removes the call type override at a call site to the given type.

Parameters:

  • addr (int) – virtual address of the call instruction to adjust

  • adjust_type (str|Type|TypeBuilder) – (optional) overridden call type, or None to remove an existing adjustment

  • arch (Architecture) – (optional) Architecture of the instruction if different from self.arch

Example:
>>> # Change the current call site to no-return
>>> target = bv.get_function_at(list(filter(lambda ref: ref.address == here, current_function.call_sites))[0].mlil.dest.value.value)
>>> ft = target.type.mutable_copy()
>>> ft.can_return = False
>>> current_function.set_call_type_adjustment(here, ft)
Return type:

None

set_comment_at(addr: int, comment: str) None[source]

set_comment_at sets a comment for the current function at the address specified

Parameters:

  • addr (int) – virtual address within the current function to apply the comment to

  • comment (str) – string comment to apply

Return type:

None

Example:
>>> current_function.set_comment_at(here, "hi")
static set_default_session_data(name: str, value) None[source]
Parameters:

name (str) –

Return type:

None

set_int_display_type(instr_addr: int, value: int, operand: int, display_type: IntegerDisplayType, arch: Architecture | None = None, enum_display_typeid=None) None[source]

Change the text display type for an integer token in the disassembly or IL views

Parameters:

  • instr_addr (int) – Address of the instruction or IL line containing the token

  • value (int) – value field of the InstructionTextToken object for the token, usually the constant displayed

  • operand (int) – Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token

  • display_type (IntegerDisplayType) – Desired display type

  • arch (Architecture) – (optional) Architecture of the instruction or IL line containing the token

  • enum_display_typeid (str) – (optional) Whenever passing EnumDisplayType to display_type, passing a type ID here will specify the Enumeration display type. Must be a valid type ID and resolve to an enumeration type.

Return type:

None

set_user_indirect_branches(source: int, branches: List[Tuple[Architecture, int]], source_arch: Architecture | None = None) None[source]
Parameters:
Return type:

None

set_user_inline_during_analysis(value: bool | BoolWithConfidence)[source]
Parameters:

value (bool | BoolWithConfidence) –

set_user_instr_highlight(addr: int, color: HighlightColor | HighlightStandardColor, arch: Architecture | None = None)[source]

set_user_instr_highlight highlights the instruction at the specified address with the supplied color

Parameters:
Example:
>>> current_function.set_user_instr_highlight(here, HighlightStandardColor.BlueHighlightColor)
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))

Warning: For performance reasons, this function does not ensure the address you have supplied is within the function’s bounds.

set_user_type(value: str | Type | TypeBuilder) None[source]
Parameters:

value (str | Type | TypeBuilder) –

Return type:

None

set_user_var_value(var: Variable, def_addr: int, value: PossibleValueSet) None[source]

set_user_var_value allows the user to specify a PossibleValueSet value for an MLIL variable at its definition site.

Warning

Setting the variable value, triggers a reanalysis of the function and allows the dataflow to compute and propagate values which depend on the current variable. This implies that branch conditions whose values can be determined statically will be computed, leading to potential branch elimination at the HLIL layer.

Parameters:

  • var (Variable) – Variable for which the value is to be set

  • def_addr (int) – Address of the definition site of the variable

  • value (PossibleValueSet) – Informed value of the variable

Return type:

None

Example:
>>> mlil_var = current_mlil[0].operands[0]
>>> def_address = 0x40108d
>>> var_value = PossibleValueSet.constant(5)
>>> current_function.set_user_var_value(mlil_var, def_address, var_value)
split_var(var: Variable) None[source]

split_var splits a variable at the definition site. The given var must be the variable unique to the definition and should be obtained by using MediumLevelILInstruction.get_split_var_for_definition at the definition site.

This function is not meant to split variables that have been previously merged. Use unmerge_vars to split previously merged variables.

Warning

Binary Ninja automatically splits all variables that the analysis determines to be safely splittable. Splitting a variable manually with split_var can cause IL and decompilation to be incorrect. There are some patterns where variables can be safely split semantically but analysis cannot determine that it is safe. This function is provided to allow variable splitting to be performed in these cases by plugins or by the user.

Parameters:

var (Variable) – variable to split

Return type:

None

unmerge_vars(target: Variable, sources: List[Variable] | Variable) None[source]

unmerge_vars undoes variable merging performed with merge_vars. The variables in sources will no longer be merged into the target variable.

Parameters:
Return type:

None

unsplit_var(var: Variable) None[source]

unsplit_var undoes variable splitting performed with split_var. The given var must be the variable unique to the definition and should be obtained by using MediumLevelILInstruction.get_split_var_for_definition at the definition site.

Parameters:

var (Variable) – variable to unsplit

Return type:

None

property address_ranges: List[AddressRange]

All of the address ranges covered by a function

property analysis_performance_info: Dict[str, int]
property analysis_skip_override: FunctionAnalysisSkipOverride

Override for skipping of automatic analysis

property analysis_skip_reason: AnalysisSkipReason

Function analysis skip reason

property analysis_skipped: bool

Whether automatic analysis was skipped for this function. Can be set to false to re-enable analysis.

property arch: Architecture

Function architecture (read-only)

property auto: bool

Whether function was automatically discovered (read-only) as a result of some creation of a ‘user’ function. ‘user’ functions may or may not have been created by a user through the or API. For instance the entry point into a function is always created a ‘user’ function. ‘user’ functions should be considered the root of auto analysis.

property basic_blocks: BasicBlockList

function.BasicBlockList of BasicBlocks in the current function (read-only)

property call_sites: List[ReferenceSource]

call_sites returns a list of possible call sites contained in this function. This includes ordinary calls, tail calls, and indirect jumps. Not all of the returned call sites are necessarily true call sites; some may simply be unresolved indirect jumps, for example.

Returns:

List of References that represent the sources of possible calls in this function

Return type:

list(ReferenceSource)

property callee_addresses: List[int]

callee_addressses returns a list of start addresses for functions that this function calls. Does not point to the actual address where the call occurs, just the start of the function that contains the reference.

Returns:

List of start address for functions that this function calls

Return type:

list(int)

property callees: List[Function]

callees returns a list of functions that this function calls This does not include the address of those calls, rather just the function objects themselves. Use call_sites to identify the location of these calls.

Returns:

List of Functions that this function calls

Return type:

list(Function)

property caller_sites: Generator[ReferenceSource, None, None]

caller_sites returns a list of ReferenceSource objects corresponding to the addresses in functions which reference this function

Returns:

List of ReferenceSource objects of the call sites to this function

Return type:

list(ReferenceSource)

property callers: List[Function]

callers returns a list of functions that call this function Does not point to the actual address where the call occurs, just the start of the function that contains the call.

Returns:

List of Functions that call this function

Return type:

list(Function)

property calling_convention: CallingConvention | None

Calling convention used by the function

property can_return: BoolWithConfidence

Whether function can return

property clobbered_regs: RegisterSet

Registers that are modified by this function

property comment: str

Gets the comment for the current function

property comments: Dict[int, str]

Dict of comments (read-only)

property components
property core_var_stack_layout: List[CoreVariable]

List of function stack variables (read-only)

property core_vars: List[CoreVariable]

List of CoreVariable objects

property global_pointer_value: RegisterValue

Discovered value of the global pointer register, if the function uses one (read-only)

property has_explicitly_defined_type: bool

Whether function has explicitly defined types (read-only)

property has_unresolved_indirect_branches: bool

Has unresolved indirect branches (read-only)

property has_user_annotations: bool

Whether the function has ever been ‘user’ modified

property has_user_type: bool

True if the function has a user-defined type

property has_variable_arguments: BoolWithConfidence

Whether the function takes a variable number of arguments

property high_level_il: HighLevelILFunction

returns HighLevelILFunction used to represent Function high level IL (read-only)

Raises:

ILException – if the high level IL could not be loaded

Return type:

HighLevelILFunction

property highest_address: int

The highest (largest) virtual address contained in a function.

property hlil: HighLevelILFunction

returns HighLevelILFunction used to represent Function high level IL (read-only)

Raises:

ILException – if the high level IL could not be loaded

Return type:

HighLevelILFunction

property hlil_if_available: HighLevelILFunction | None

Function high level IL, or None if not loaded (read-only)

property indirect_branches: List[IndirectBranchInfo]

List of indirect branches (read-only)

property inline_during_analysis: BoolWithConfidence

Whether the function’s IL should be inlined into all callers’ IL

property instructions: Generator[Tuple[List[InstructionTextToken], int], None, None]

A generator of instruction tokens and their start addresses for the current function

property is_pure: BoolWithConfidence

Whether function is pure

property is_thunk: bool

Returns True if the function starts with a Tailcall (read-only)

property lifted_il: LowLevelILFunction

returns LowLevelILFunction used to represent Function lifted IL (read-only)

Raises:

ILException – if the lifted IL could not be loaded

Return type:

LowLevelILFunction

property lifted_il_if_available: LowLevelILFunction | None

returns LowLevelILFunction used to represent lifted IL, or None if not loaded (read-only)

property llil: LowLevelILFunction

returns LowLevelILFunction used to represent Function low level IL (read-only)

Raises:

ILException – if the low level IL could not be loaded

Return type:

LowLevelILFunction

property llil_basic_blocks: Generator[LowLevelILBasicBlock, None, None]

A generator of all LowLevelILBasicBlock objects in the current function

property llil_if_available: LowLevelILFunction | None

returns LowLevelILFunction used to represent Function low level IL, or None if not loaded (read-only)

property low_level_il: LowLevelILFunction

returns LowLevelILFunction used to represent Function low level IL (read-only)

Raises:

ILException – if the low level IL could not be loaded

Return type:

LowLevelILFunction

property lowest_address: int

The lowest (smallest) virtual address contained in a function.

property mapped_medium_level_il: MediumLevelILFunction

returns MediumLevelILFunction used to represent Function mapped medium level IL (read-only)

Raises:

ILException – if the mapped medium level IL could not be loaded

Return type:

MediumLevelILFunction

property medium_level_il: MediumLevelILFunction

returns MediumLevelILFunction used to represent Function medium level IL (read-only)

Raises:

ILException – if the medium level IL could not be loaded

Return type:

MediumLevelILFunction

property merged_vars: Dict[Variable, List[Variable]]

Map of merged variables, organized by target variable (read-only). Use merge_vars and unmerge_vars to update merged variables.

property mlil: MediumLevelILFunction

returns MediumLevelILFunction used to represent Function medium level IL (read-only)

Raises:

ILException – if the medium level IL could not be loaded

Return type:

MediumLevelILFunction

property mlil_basic_blocks: Generator[MediumLevelILBasicBlock, None, None]

A generator of all MediumLevelILBasicBlock objects in the current function

property mlil_if_available: MediumLevelILFunction | None

Function medium level IL, or None if not loaded (read-only)

property mmlil: MediumLevelILFunction

returns MediumLevelILFunction used to represent Function mapped medium level IL (read-only)

Raises:

ILException – if the mapped medium level IL could not be loaded

Return type:

MediumLevelILFunction

property mmlil_if_available: MediumLevelILFunction | None

Function mapped medium level IL, or None if not loaded (read-only)

property name: str

Symbol name for the function

property needs_update: bool

Whether the function has analysis that needs to be updated (read-only)

property parameter_vars: ParameterVariables

List of variables for the incoming function parameters

property platform: Platform | None

Function platform (read-only)

property provenance

provenance returns a string representing the provenance. This portion of the API is under development. Currently the provenance information is undocumented, not persistent, and not saved to a database.

Returns:

string representation of the provenance

Return type:

str

property pseudo_c: LanguageRepresentationFunction | None
property pseudo_c_if_available: LanguageRepresentationFunction | None
property reg_stack_adjustments: Dict[RegisterStackName, RegisterStackAdjustmentWithConfidence]

Number of entries removed from each register stack after return

property return_regs: RegisterSet

Registers that are used for the return value

property return_type: Type | None

Return type of the function

property session_data: Any

Dictionary object where plugins can store arbitrary data associated with the function

property split_vars: List[Variable]

Set of variables that have been split with split_var. These variables correspond to those unique to each definition site and are obtained by using MediumLevelILInstruction.get_split_var_for_definition at the definitions.

property stack_adjustment: OffsetWithConfidence

Number of bytes removed from the stack after return

property stack_layout: List[Variable]

List of function stack variables (read-only)

property start: int

Function start address (read-only)

property symbol: CoreSymbol

Function symbol(read-only)

property tags: TagList

tags gets a TagList of all Tags in the function (but not “function tags”). Tags are returned as an iterable indexable object TagList of (arch, address, Tag) tuples.

Return type:

TagList((Architecture, int, Tag))

property too_large: bool

Whether the function is too large to automatically perform analysis (read-only)

property total_bytes: int

Total bytes of a function calculated by summing each basic_block. Because basic blocks can overlap and have gaps between them this may or may not be equivalent to a .size property.

property type: FunctionType

Function type object, can be set with either a string representing the function prototype (str(function) shows examples) or a Type object

property type_tokens: List[InstructionTextToken]

Text tokens for this function’s prototype

property unresolved_indirect_branches: List[int]

List of unresolved indirect branches (read-only)

property unresolved_stack_adjustment_graph: CoreFlowGraph | None

Flow graph of unresolved stack adjustments (read-only)

property uses_incoming_global_pointer: bool

Whether the function uses the incoming global pointer value

property vars: List[Variable]

List of function variables (read-only)

property view: BinaryView

Function view (read-only)

property workflow
class FunctionViewType(view_type: Union[ForwardRef('FunctionViewType'), binaryninja.enums.FunctionGraphType, str])[source]

Bases: object

Parameters:

view_type (FunctionGraphType) –

name: str | None
view_type: FunctionGraphType
class HighLevelILBasicBlockList(function: Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction)[source]

Bases: BasicBlockList

Parameters:

function (Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction) –

class ILReferenceSource(func: Optional[ForwardRef('Function')], arch: Optional[ForwardRef('architecture.Architecture')], address: int, il_type: FunctionGraphType, expr_id: int)[source]

Bases: object

Parameters:
static get_il_name(il_type: FunctionGraphType) str[source]
Parameters:

il_type (FunctionGraphType) –

Return type:

str

address: int
arch: Architecture | None
expr_id: int
func: Function | None
il_type: FunctionGraphType
class LowLevelILBasicBlockList(function: Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction)[source]

Bases: BasicBlockList

Parameters:

function (Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction) –

class MediumLevelILBasicBlockList(function: Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction)[source]

Bases: BasicBlockList

Parameters:

function (Function | LowLevelILFunction | MediumLevelILFunction | HighLevelILFunction) –

class TagList(function: Function)[source]

Bases: object

Parameters:

function (Function) –

class VariableReferenceSource(var: 'variable.Variable', src: ILReferenceSource)[source]

Bases: object

Parameters:
src: ILReferenceSource
var: Variable