function module

binaryninja.function.AdvancedFunctionAnalysisDataRequestor([func])

binaryninja.function.ArchAndAddr(arch, addr)

binaryninja.function.BasicBlockList(function)

binaryninja.function.DisassemblySettings([...])

binaryninja.function.DisassemblyTextLine(tokens)

binaryninja.function.DisassemblyTextRenderer([...])

binaryninja.function.Function([view, handle])

binaryninja.function.HighLevelILBasicBlockList(...)

binaryninja.function.ILReferenceSource(func, ...)

binaryninja.function.LowLevelILBasicBlockList(...)

binaryninja.function.MediumLevelILBasicBlockList(...)

binaryninja.function.TagList(function)

binaryninja.function.VariableReferenceSource(...)

class AdvancedFunctionAnalysisDataRequestor(func: Optional[Function] = None)[source]

Bases: object

Parameters:

func (Optional[Function]) –

close() None[source]
Return type:

None

property function: Optional[Function]
class ArchAndAddr(arch: 'architecture.Architecture', addr: int)[source]

Bases: object

Parameters:
addr: int
arch: Architecture
class BasicBlockList(function: Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction])[source]

Bases: object

Parameters:

function (Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction]) –

class DisassemblySettings(handle: Optional[LP_BNDisassemblySettings] = None)[source]

Bases: object

Parameters:

handle (Optional[LP_BNDisassemblySettings]) –

is_option_set(option: DisassemblyOption) bool[source]
Parameters:

option (DisassemblyOption) –

Return type:

bool

set_option(option: DisassemblyOption, state: bool = True) None[source]
Parameters:
Return type:

None

property max_symbol_width: int
property width: int
class DisassemblyTextLine(tokens: List[ForwardRef('InstructionTextToken')], address: Union[int, NoneType] = None, il_instr: Union[ForwardRef('lowlevelil.LowLevelILInstruction'), ForwardRef('mediumlevelil.MediumLevelILInstruction'), ForwardRef('highlevelil.HighLevelILInstruction'), NoneType] = None, color: Union[ForwardRef('_highlight.HighlightColor'), binaryninja.enums.HighlightStandardColor, NoneType] = None)[source]

Bases: object

Parameters:
address: Optional[int]
highlight: HighlightColor
il_instruction: Optional[Union[LowLevelILInstruction, MediumLevelILInstruction, HighLevelILInstruction]]
tokens: List[InstructionTextToken]
class DisassemblyTextRenderer(func: Optional[Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction]] = None, settings: Optional[DisassemblySettings] = None, handle: Optional[BNDisassemblySettings] = None)[source]

Bases: object

Parameters:
add_integer_token(tokens: List[InstructionTextToken], int_token: InstructionTextToken, addr: int, arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

add_stack_var_reference_tokens(tokens: List[InstructionTextToken], ref: StackVariableReference) None[source]
Parameters:
Return type:

None

add_symbol_token(tokens: List[InstructionTextToken], addr: int, size: int, operand: Optional[int] = None) bool[source]
Parameters:
Return type:

bool

get_disassembly_text(addr: int) Generator[Tuple[Optional[DisassemblyTextLine], int], None, None][source]
Parameters:

addr (int) –

Return type:

Generator[Tuple[Optional[DisassemblyTextLine], int], None, None]

get_instruction_annotations(addr: int) List[InstructionTextToken][source]
Parameters:

addr (int) –

Return type:

List[InstructionTextToken]

get_instruction_text(addr: int) Generator[Tuple[Optional[DisassemblyTextLine], int], None, None][source]
Parameters:

addr (int) –

Return type:

Generator[Tuple[Optional[DisassemblyTextLine], int], None, None]

static is_integer_token(token: InstructionTextToken) bool[source]
Parameters:

token (InstructionTextToken) –

Return type:

bool

post_process_lines(addr: int, length: int, in_lines: Union[str, List[str], List[DisassemblyTextLine]], indent_spaces: str = '')[source]
Parameters:
reset_deduplicated_comments() None[source]
Return type:

None

wrap_comment(lines: List[DisassemblyTextLine], cur_line: DisassemblyTextLine, comment: str, has_auto_annotations: bool, leading_spaces: str = '  ', indent_spaces: str = '') None[source]
Parameters:
Return type:

None

property arch: Architecture
property basic_block: Optional[BasicBlock]
property function: Function
property has_data_flow: bool
property il: bool
property il_function: Optional[Union[LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction]]
property settings: DisassemblySettings
class Function(view: Optional[BinaryView] = None, handle: Optional[LP_BNFunction] = None)[source]

Bases: object

Parameters:
add_auto_address_tag(addr: int, tag: Tag, arch: Optional[Architecture] = None) None[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

None

add_auto_function_tag(tag: Tag) None[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:

tag (Tag) –

Return type:

None

add_tag(tag_type: str, data: str, addr: Optional[int] = None, auto: bool = False, arch: Optional[Architecture] = None)[source]

create_user_address_tag creates and adds a Tag object at a given address. Since this adds a user tag, it will be added to the current undo buffer. To create tags associated with an address that is not inside of a function, use add_tag.

Parameters:

  • tag_type (str) – Tag Type name for the Tag that is created

  • data (str) – Additional data for the Tag

  • addr (int) – Address at which to add the tag. If no address is provided, this will create a function tag

  • auto (bool) – Whether to create the tag as a auto tag (True) or user tag (False)

  • arch (Architecture) – Architecture for the block in which the Tag is added (optional)

Example:

>>> current_function.add_tag("Crashes", "Might be a buffer overflow?", here)
>>>
add_user_address_tag(addr: int, tag: Tag, arch: Optional[Architecture] = None) None[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

None

add_user_code_ref(from_addr: int, to_addr: int, arch: Optional[Architecture] = None) None[source]

add_user_code_ref places a user-defined cross-reference from the instruction at the given address and architecture to the specified target address. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use remove_user_code_ref.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • to_addr (int) – virtual address of the xref’s destination.

  • arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.add_user_code_ref(here, 0x400000)
add_user_function_tag(tag: Tag) None[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:

tag (Tag) –

Return type:

None

add_user_type_field_ref(from_addr: int, name: Union[Iterable[Union[str, bytes]], str, QualifiedName], offset: int, from_arch: Optional[Architecture] = None, size: int = 0) None[source]

add_user_type_field_ref places a user-defined type field cross-reference from the instruction at the given address and architecture to the specified type. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use remove_user_type_field_ref.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • offset (int) – offset of the field, relative to the type

  • from_arch (Architecture) – (optional) architecture of the source instruction

  • size (int) – (optional) the size of the access

Return type:

None

Example:
>>> current_function.add_user_type_field_ref(here, 'A', 0x8)
add_user_type_ref(from_addr: int, name: Union[Iterable[Union[str, bytes]], str, QualifiedName], from_arch: Optional[Architecture] = None) None[source]

add_user_type_ref places a user-defined type cross-reference from the instruction at the given address and architecture to the specified type. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use remove_user_type_ref.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • from_arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.add_user_code_ref(here, 'A')
apply_auto_discovered_type(func_type: Union[str, Type, TypeBuilder]) None[source]
Parameters:

func_type (Union[str, Type, TypeBuilder]) –

Return type:

None

apply_imported_types(sym: CoreSymbol, type: Optional[Union[str, Type, TypeBuilder]] = None) None[source]
Parameters:
Return type:

None

clear_all_user_var_values() None[source]

Clear all user defined variable values.

Return type:

None

clear_user_var_value(var: Variable, def_addr: int) None[source]

Clears a previously defined user variable value.

Parameters:

  • var (Variable) – Variable for which the value was informed

  • def_addr (int) – Address of the definition site of the variable

Return type:

None

create_auto_address_tag(addr: int, type: TagType, data: str, unique: bool = False, arch: Optional[Architecture] = None) Tag[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

Tag

create_auto_function_tag(type: TagType, data: str, unique: bool = False) Tag[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

Tag

create_auto_stack_var(offset: int, var_type: Union[str, Type, TypeBuilder], name: str) None[source]
Parameters:
Return type:

None

create_auto_tag(type: TagType, data: str = '') Tag[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

Tag

create_auto_var(var: Variable, var_type: Union[str, Type, TypeBuilder], name: str, ignore_disjoint_uses: bool = False) None[source]
Parameters:
Return type:

None

create_graph(graph_type: FunctionGraphType = FunctionGraphType.NormalFunctionGraph, settings: Optional[DisassemblySettings] = None) CoreFlowGraph[source]
Parameters:
Return type:

CoreFlowGraph

create_tag(type: TagType, data: str = '', auto: bool = False) Tag[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

Tag

create_user_address_tag(addr: int, tag_type: TagType, data: str, unique: bool = False, arch: Optional[Architecture] = None) Tag[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

Tag

create_user_function_tag(type: TagType, data: str, unique: bool = False) Tag[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

Tag

create_user_stack_var(offset: int, var_type: Union[str, Type, TypeBuilder], name: str) None[source]
Parameters:
Return type:

None

create_user_tag(type: TagType, data: str = '') Tag[source]

Deprecated since version 3.4.4146: Use add_tag instead.

Parameters:
Return type:

Tag

create_user_var(var: Variable, var_type: Union[str, Type, TypeBuilder], name: str, ignore_disjoint_uses: bool = False) None[source]
Parameters:
Return type:

None

delete_auto_stack_var(offset: int) None[source]
Parameters:

offset (int) –

Return type:

None

delete_user_stack_var(offset: int) None[source]
Parameters:

offset (int) –

Return type:

None

delete_user_var(var: Variable) None[source]
Parameters:

var (Variable) –

Return type:

None

get_address_tags_at(addr: int, arch: Optional[Architecture] = None) List[Tag][source]

Deprecated since version 3.4.4146: Use get_tags_at instead.

Parameters:
Return type:

List[Tag]

get_address_tags_in_range(address_range: AddressRange, arch: Optional[Architecture] = None) List[Tuple[Architecture, int, Tag]][source]

Deprecated since version 3.4.4146: Use get_tags_in_range instead.

Parameters:
Return type:

List[Tuple[Architecture, int, Tag]]

get_address_tags_of_type(addr: int, tag_type: TagType, arch=None)[source]

Deprecated since version 3.4.4146: Use get_tags_at instead.

Parameters:
get_all_user_var_values() Dict[Variable, Dict[ArchAndAddr, PossibleValueSet]][source]

Returns a map of current defined user variable values.

Returns:

Map of user current defined user variable values and their definition sites.

Type:

dict of (Variable, dict of (ArchAndAddr, PossibleValueSet))

Return type:

Dict[Variable, Dict[ArchAndAddr, PossibleValueSet]]

get_auto_address_tags_at(addr, arch=None)[source]

Deprecated since version 3.4.4146: Use get_tags_at instead.

get_auto_address_tags_in_range(address_range: AddressRange, arch: Optional[Architecture] = None) List[Tuple[Architecture, int, Tag]][source]

Deprecated since version 3.4.4146: Use get_tags_in_range instead.

Parameters:
Return type:

List[Tuple[Architecture, int, Tag]]

get_auto_address_tags_of_type(addr: int, tag_type: TagType, arch: Optional[Architecture] = None)[source]

Deprecated since version 3.4.4146: Use get_tags_at instead.

Parameters:
get_auto_function_tags_of_type(tag_type)[source]

Deprecated since version 3.4.4146: Use get_function_tags instead.

get_basic_block_at(addr: int, arch: Optional[Architecture] = None) Optional[BasicBlock][source]

get_basic_block_at returns the BasicBlock of the optionally specified Architecture arch at the given address addr.

Parameters:

  • addr (int) – Address of the BasicBlock to retrieve.

  • arch (Architecture) – (optional) Architecture of the basic block if different from the Function’s self.arch

Example:
>>> current_function.get_basic_block_at(current_function.start)
<block: [email protected]>
Return type:

Optional[BasicBlock]

get_block_annotations(addr: int, arch: Optional[Architecture] = None) List[List[InstructionTextToken]][source]
Parameters:
Return type:

List[List[InstructionTextToken]]

get_call_reg_stack_adjustment(addr: int, arch: Optional[Architecture] = None) Dict[RegisterStackName, RegisterStackAdjustmentWithConfidence][source]
Parameters:
Return type:

Dict[RegisterStackName, RegisterStackAdjustmentWithConfidence]

get_call_reg_stack_adjustment_for_reg_stack(addr: int, reg_stack: Union[RegisterStackName, ILRegisterStack, RegisterStackIndex], arch: Optional[Architecture] = None) RegisterStackAdjustmentWithConfidence[source]
Parameters:
Return type:

RegisterStackAdjustmentWithConfidence

get_call_stack_adjustment(addr: int, arch: Optional[Architecture] = None) OffsetWithConfidence[source]
Parameters:
Return type:

OffsetWithConfidence

get_call_type_adjustment(addr: int, arch: Optional[Architecture] = None) Optional[Type][source]
Parameters:
Return type:

Optional[Type]

get_comment_at(addr: int) str[source]
Parameters:

addr (int) –

Return type:

str

get_constant_data(state: RegisterValueType, value: int, size: int = 0) DataBuffer[source]
Parameters:
Return type:

DataBuffer

get_constants_referenced_by(addr: int, arch: Optional[Architecture] = None) List[ConstantReference][source]
Parameters:
Return type:

List[ConstantReference]

get_constants_referenced_by_address_if_available(addr: int, arch: Optional[Architecture] = None) List[ConstantReference][source]
Parameters:
Return type:

List[ConstantReference]

get_flags_read_by_lifted_il_instruction(i: InstructionIndex) List[FlagName][source]
Parameters:

i (InstructionIndex) –

Return type:

List[FlagName]

get_flags_written_by_lifted_il_instruction(i: InstructionIndex) List[FlagName][source]
Parameters:

i (InstructionIndex) –

Return type:

List[FlagName]

get_function_tags(auto: Optional[bool] = None, tag_type: Optional[str] = None) List[Tag][source]

get_function_tags gets a list of function Tags for the function.

Parameters:

  • auto (bool) – If None, gets all tags, if True, gets auto tags, if False, gets user tags

  • tag_type (str) – If None, gets all tags, otherwise only gets tags of the given type

Return type:

list(Tag)

get_function_tags_of_type(tag_type)[source]

Deprecated since version 3.4.4146: Use get_function_tags instead.

get_hlil_var_refs(var: Variable) List[ILReferenceSource][source]

get_hlil_var_refs returns a list of ILReferenceSource objects (IL xrefs or cross-references) that reference the given variable. The variable is a local variable that can be either on the stack, in a register, or in a flag.

Parameters:

var (Variable) – Variable for which to query the xref

Returns:

List of IL References for the given variable

Return type:

list(ILReferenceSource)

Example:
>>> mlil_var = current_hlil[0].operands[0]
>>> current_function.get_hlil_var_refs(mlil_var)
get_hlil_var_refs_from(addr: int, length: Optional[int] = None, arch: Optional[Architecture] = None) List[VariableReferenceSource][source]

get_hlil_var_refs_from returns a list of variables referenced by code in the function func, of the architecture arch, and at the address addr. If no function is specified, references from all functions and containing the address will be returned. If no architecture is specified, the architecture of the function will be used.

Parameters:

  • addr (int) – virtual address to query for variable references

  • length (int) – optional length of query

  • arch (Architecture) – optional architecture of query

Returns:

list of variables reference sources

Return type:

list(VariableReferenceSource)

get_indirect_branches_at(addr: int, arch: Optional[Architecture] = None) List[IndirectBranchInfo][source]
Parameters:
Return type:

List[IndirectBranchInfo]

get_instr_highlight(addr: int, arch: Optional[Architecture] = None) HighlightColor[source]
Example:
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
>>> current_function.get_instr_highlight(here)
<color: #ff00ff>
Parameters:
Return type:

HighlightColor

get_instruction_containing_address(addr: int, arch: Optional[Architecture] = None) Optional[int][source]
Parameters:
Return type:

Optional[int]

get_int_display_type(instr_addr: int, value: int, operand: int, arch: Optional[Architecture] = None) IntegerDisplayType[source]

Get the current text display type for an integer token in the disassembly or IL views

Parameters:

  • instr_addr (int) – Address of the instruction or IL line containing the token

  • value (int) – value field of the InstructionTextToken object for the token, usually the constant displayed

  • operand (int) – Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token

  • arch (Architecture) – (optional) Architecture of the instruction or IL line containing the token

Return type:

IntegerDisplayType

get_lifted_il_at(addr: int, arch: Optional[Architecture] = None) Optional[LowLevelILInstruction][source]
Parameters:
Return type:

Optional[LowLevelILInstruction]

get_lifted_il_flag_definitions_for_use(i: InstructionIndex, flag: Union[FlagName, ILFlag, FlagIndex]) List[InstructionIndex][source]
Parameters:

  • i (InstructionIndex) –

  • flag (Union[FlagName, ILFlag, FlagIndex]) –

Return type:

List[InstructionIndex]

get_lifted_il_flag_uses_for_definition(i: InstructionIndex, flag: Union[FlagName, ILFlag, FlagIndex]) List[LowLevelILInstruction][source]
Parameters:

  • i (InstructionIndex) –

  • flag (Union[FlagName, ILFlag, FlagIndex]) –

Return type:

List[LowLevelILInstruction]

get_lifted_ils_at(addr: int, arch: Optional[Architecture] = None) List[LowLevelILInstruction][source]

get_lifted_ils_at gets the Lifted IL Instruction(s) corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

list(LowLevelILInstruction)

Example:
>>> func = next(bv.functions)
>>> func.get_lifted_ils_at(func.start)
[<il: push(rbp)>]
get_llil_at(addr: int, arch: Optional[Architecture] = None) Optional[LowLevelILInstruction][source]

get_llil_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

LowLevelILInstruction

Example:
>>> func = next(bv.functions)
>>> func.get_llil_at(func.start)
<il: push(rbp)>
get_llils_at(addr: int, arch: Optional[Architecture] = None) List[LowLevelILInstruction][source]

get_llils_at gets the LowLevelILInstruction(s) corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

list(LowLevelILInstruction)

Example:
>>> func = next(bv.functions)
>>> func.get_llils_at(func.start)
[<il: push(rbp)>]
get_low_level_il_at(addr: int, arch: Optional[Architecture] = None) Optional[LowLevelILInstruction][source]

get_low_level_il_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

LowLevelILInstruction

Example:
>>> func = next(bv.functions)
>>> func.get_low_level_il_at(func.start)
<il: push(rbp)>
get_low_level_il_exits_at(addr: int, arch: Optional[Architecture] = None) List[int][source]
Parameters:
Return type:

List[int]

get_mlil_var_refs(var: Variable) List[ILReferenceSource][source]

get_mlil_var_refs returns a list of ILReferenceSource objects (IL xrefs or cross-references) that reference the given variable. The variable is a local variable that can be either on the stack, in a register, or in a flag. This function is related to get_hlil_var_refs(), which returns variable references collected from HLIL. The two can be different in several cases, e.g., multiple variables in MLIL can be merged into a single variable in HLIL.

Parameters:

var (Variable) – Variable for which to query the xref

Returns:

List of IL References for the given variable

Return type:

list(ILReferenceSource)

Example:
>>> mlil_var = current_mlil[0].operands[0]
>>> current_function.get_mlil_var_refs(mlil_var)
get_mlil_var_refs_from(addr: int, length: Optional[int] = None, arch: Optional[Architecture] = None) List[VariableReferenceSource][source]

get_mlil_var_refs_from returns a list of variables referenced by code in the function func, of the architecture arch, and at the address addr. If no function is specified, references from all functions and containing the address will be returned. If no architecture is specified, the architecture of the function will be used. This function is related to get_hlil_var_refs_from(), which returns variable references collected from HLIL. The two can be different in several cases, e.g., multiple variables in MLIL can be merged into a single variable in HLIL.

Parameters:

  • addr (int) – virtual address to query for variable references

  • length (int) – optional length of query

  • arch (Architecture) – optional architecture of query

Returns:

list of variable reference sources

Return type:

list(VariableReferenceSource)

get_parameter_at(addr: int, func_type: Optional[Type], i: int, arch: Optional[Architecture] = None) RegisterValue[source]
Parameters:
Return type:

RegisterValue

get_parameter_at_low_level_il_instruction(instr: InstructionIndex, func_type: Type, i: int) RegisterValue[source]
Parameters:

  • instr (InstructionIndex) –

  • func_type (Type) –

  • i (int) –

Return type:

RegisterValue

get_reg_value_after(addr: int, reg: Union[RegisterName, ILRegister, RegisterIndex], arch: Optional[Architecture] = None) RegisterValue[source]

get_reg_value_after gets the value instruction address corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the instruction to query

  • reg (str) – string value of native register to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

RegisterValue

Example:
>>> current_function.get_reg_value_after(0x400dbe, 'rdi')
<undetermined>
get_reg_value_at(addr: int, reg: Union[RegisterName, ILRegister, RegisterIndex], arch: Optional[Architecture] = None) RegisterValue[source]

get_reg_value_at gets the value the provided string register address corresponding to the given virtual address

Parameters:

  • addr (int) – virtual address of the instruction to query

  • reg (str) – string value of native register to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

RegisterValue

Example:
>>> current_function.get_reg_value_at(0x400dbe, 'rdi')
<const 0x2>
get_reg_value_at_exit(reg: Union[RegisterName, ILRegister, RegisterIndex]) RegisterValue[source]
Parameters:

reg (Union[RegisterName, ILRegister, RegisterIndex]) –

Return type:

RegisterValue

get_regs_read_by(addr: int, arch: Optional[Architecture] = None) List[RegisterName][source]
Parameters:
Return type:

List[RegisterName]

get_regs_written_by(addr: int, arch: Optional[Architecture] = None) List[RegisterName][source]
Parameters:
Return type:

List[RegisterName]

get_stack_contents_after(addr: int, offset: int, size: int, arch: Optional[Architecture] = None) RegisterValue[source]
Parameters:
Return type:

RegisterValue

get_stack_contents_at(addr: int, offset: int, size: int, arch: Optional[Architecture] = None) RegisterValue[source]

get_stack_contents_at returns the RegisterValue for the item on the stack in the current function at the given virtual address addr, stack offset offset and size of size. Optionally specifying the architecture.

Parameters:

  • addr (int) – virtual address of the instruction to query

  • offset (int) – stack offset base of stack

  • size (int) – size of memory to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type:

RegisterValue

Note

Stack base is zero on entry into the function unless the architecture places the return address on the stack as in (x86/x86_64) where the stack base will start at address_size

Example:
>>> current_function.get_stack_contents_at(0x400fad, -16, 4)
<range: 0x8 to 0xffffffff>
Parameters:
Return type:

RegisterValue

get_stack_var_at_frame_offset(offset: int, addr: int, arch: Optional[Architecture] = None) Optional[Variable][source]
Parameters:
Return type:

Optional[Variable]

get_stack_vars_referenced_by(addr: int, arch: Optional[Architecture] = None) List[StackVariableReference][source]
Parameters:
Return type:

List[StackVariableReference]

get_stack_vars_referenced_by_address_if_available(addr: int, arch: Optional[Architecture] = None) List[StackVariableReference][source]
Parameters:
Return type:

List[StackVariableReference]

get_tags_at(addr: int, arch: Optional[Architecture] = None, auto: Optional[bool] = None) List[Tuple[Architecture, int, Tag]][source]

get_tags gets a list of Tags (but not function tags). You optionally get tags by address, range, or type, and filter by user tags. Tags are returned as a list of (arch, address, Tag) tuples.

Parameters:

  • addr (int) – Address to get tags from.

  • auto (bool) – If None, gets all tags, if True, gets auto tags, if False, gets user tags

  • arch (Optional[Architecture]) –

Return type:

list((Architecture, int, Tag))

get_tags_in_range(address_range: AddressRange, arch: Optional[Architecture] = None, auto: Optional[bool] = None) List[Tuple[Architecture, int, Tag]][source]

get_address_tags_in_range gets a list of all Tags in the function at a given address. Range is inclusive at the start, exclusive at the end.

Parameters:

  • address_range (AddressRange) – Address range from which to get tags

  • arch (Architecture) – Architecture for the block in which the Tag is located (optional)

  • auto (bool) – If None, gets all tags, if True, gets auto tags, if False, gets user tags

Returns:

A list of (arch, address, Tag) tuples

Return type:

list((Architecture, int, Tag))

get_type_tokens(settings: Optional[DisassemblySettings] = None) List[DisassemblyTextLine][source]
Parameters:

settings (Optional[DisassemblySettings]) –

Return type:

List[DisassemblyTextLine]

get_user_address_tags_at(addr, arch=None)[source]

Deprecated since version 3.4.4146: Use get_tags_at instead.

get_user_address_tags_in_range(address_range: AddressRange, arch: Optional[Architecture] = None) List[Tuple[Architecture, int, Tag]][source]

Deprecated since version 3.4.4146: Use get_tags_in_range instead.

Parameters:
Return type:

List[Tuple[Architecture, int, Tag]]

get_user_address_tags_of_type(addr: int, tag_type: TagType, arch: Optional[Architecture] = None)[source]

Deprecated since version 3.4.4146: Use get_tags_at instead.

Parameters:
get_user_function_tags_of_type(tag_type)[source]

Deprecated since version 3.4.4146: Use get_function_tags instead.

get_variable_by_name(name: str) Optional[Variable][source]

Get a specific variable or None if it doesn’t exist

Parameters:

name (str) –

Return type:

Optional[Variable]

is_call_instruction(addr: int, arch: Optional[Architecture] = None) bool[source]
Parameters:
Return type:

bool

is_var_user_defined(var: Variable) bool[source]
Parameters:

var (Variable) –

Return type:

bool

mark_caller_updates_required(update_type: FunctionUpdateType = FunctionUpdateType.UserFunctionUpdate) None[source]

mark_caller_updates_required indicates that callers of this function need to be reanalyzed during the next update cycle

Parameters:

update_type (FunctionUpdateType) – (optional) Desired update type

Return type:

None

mark_recent_use() None[source]
Return type:

None

mark_updates_required(update_type: FunctionUpdateType = FunctionUpdateType.UserFunctionUpdate) None[source]

mark_updates_required indicates that this function needs to be reanalyzed during the next update cycle

Parameters:

update_type (FunctionUpdateType) – (optional) Desired update type

Return type:

None

merge_vars(target: Variable, sources: Union[List[Variable], Variable]) None[source]

merge_vars merges one or more varibles in sources into the target variable. All variable accesses to the variables in sources will be rewritten to use target.

Parameters:
Return type:

None

reanalyze(update_type: FunctionUpdateType = FunctionUpdateType.UserFunctionUpdate) None[source]

reanalyze causes this functions to be reanalyzed. This function does not wait for the analysis to finish.

Parameters:

update_type (FunctionUpdateType) – (optional) Desired update type

Return type:

None

Warning

If analysis_skipped is True, using this API will not trigger re-analysis. Instead, set analysis_skipped to False.

Return type:

None

Parameters:

update_type (FunctionUpdateType) –

release_advanced_analysis_data() None[source]
Return type:

None

remove_auto_address_tag(addr: int, tag: Tag, arch: Optional[Architecture] = None) None[source]

remove_auto_address_tag removes a Tag object at a given address.

Parameters:

  • addr (int) – Address at which to add the tag

  • tag (Tag) – Tag object to be added

  • arch (Architecture) – Architecture for the block in which the Tag is added (optional)

Return type:

None

remove_auto_address_tags_of_type(addr: int, tag_type: str, arch=None)[source]

remove_auto_address_tags_of_type removes all tags at the given address of the given type.

Parameters:

  • addr (int) – Address at which to remove the tags

  • tag_type (Tag) – TagType object to match for removing

  • arch (Architecture) – Architecture for the block in which the Tags is located (optional)

Return type:

None

remove_auto_function_tag(tag: Tag) None[source]

remove_user_function_tag removes a Tag object as a function tag.

Parameters:

tag (Tag) – Tag object to be added

Return type:

None

remove_auto_function_tags_of_type(tag_type: str)[source]

remove_user_function_tags_of_type removes all function Tag objects on a function of a given type

Parameters:

tag_type (TagType) – TagType object to match for removing

Return type:

None

remove_user_address_tag(addr: int, tag: Tag, arch: Optional[Architecture] = None) None[source]

remove_user_address_tag removes a Tag object at a given address. Since this removes a user tag, it will be added to the current undo buffer.

Parameters:

  • addr (int) – Address at which to remove the tag

  • tag (Tag) – Tag object to be added

  • arch (Architecture) – Architecture for the block in which the Tag is added (optional)

Return type:

None

remove_user_address_tags_of_type(addr: int, tag_type: str, arch=None)[source]

remove_user_address_tags_of_type removes all tags at the given address of the given type. Since this removes user tags, it will be added to the current undo buffer.

Parameters:

  • addr (int) – Address at which to remove the tag

  • tag_type (Tag) – TagType object to match for removing

  • arch (Architecture) – Architecture for the block in which the Tags is located (optional)

Return type:

None

remove_user_code_ref(from_addr: int, to_addr: int, from_arch: Optional[Architecture] = None) None[source]

remove_user_code_ref removes a user-defined cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • to_addr (int) – virtual address of the xref’s destination.

  • from_arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.remove_user_code_ref(here, 0x400000)
remove_user_function_tag(tag: Tag) None[source]

remove_user_function_tag removes a Tag object as a function tag. Since this removes a user tag, it will be added to the current undo buffer.

Parameters:

tag (Tag) – Tag object to be added

Return type:

None

remove_user_function_tags_of_type(tag_type: str)[source]

remove_user_function_tags_of_type removes all function Tag objects on a function of a given type Since this removes user tags, it will be added to the current undo buffer.

Parameters:

tag_type (TagType) – TagType object to match for removing

Return type:

None

remove_user_type_field_ref(from_addr: int, name: Union[Iterable[Union[str, bytes]], str, QualifiedName], offset: int, from_arch: Optional[Architecture] = None, size: int = 0) None[source]

remove_user_type_field_ref removes a user-defined type field cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • offset (int) – offset of the field, relative to the type

  • from_arch (Architecture) – (optional) architecture of the source instruction

  • size (int) – (optional) the size of the access

Return type:

None

Example:
>>> current_function.remove_user_type_field_ref(here, 'A', 0x8)
remove_user_type_ref(from_addr: int, name: Union[Iterable[Union[str, bytes]], str, QualifiedName], from_arch: Optional[Architecture] = None) None[source]

remove_user_type_ref removes a user-defined type cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

Parameters:

  • from_addr (int) – virtual address of the source instruction

  • name (QualifiedName) – name of the referenced type

  • from_arch (Architecture) – (optional) architecture of the source instruction

Return type:

None

Example:
>>> current_function.remove_user_type_ref(here, 'A')
request_advanced_analysis_data() None[source]
Return type:

None

request_debug_report(name: str) None[source]

request_debug_report can generate internal debug reports for a variety of analysis. Current list of possible values include:

  • mlil_translator

  • stack_adjust_graph

  • high_level_il

Parameters:

name (str) – Name of the debug report

Return type:

None

set_auto_call_reg_stack_adjustment(addr: int, adjust: Mapping[RegisterStackName, int], arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

set_auto_call_reg_stack_adjustment_for_reg_stack(addr: int, reg_stack: Union[RegisterStackName, ILRegisterStack, RegisterStackIndex], adjust, arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

set_auto_call_stack_adjustment(addr: int, adjust: Union[int, OffsetWithConfidence], arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

set_auto_calling_convention(value: CallingConvention) None[source]
Parameters:

value (CallingConvention) –

Return type:

None

set_auto_can_return(value: Union[bool, BoolWithConfidence]) None[source]
Parameters:

value (Union[bool, BoolWithConfidence]) –

Return type:

None

set_auto_clobbered_regs(value: List[Union[RegisterName, ILRegister, RegisterIndex]]) None[source]
Parameters:

value (List[Union[RegisterName, ILRegister, RegisterIndex]]) –

Return type:

None

set_auto_has_variable_arguments(value: Union[bool, BoolWithConfidence]) None[source]
Parameters:

value (Union[bool, BoolWithConfidence]) –

Return type:

None

set_auto_indirect_branches(source: int, branches: List[Tuple[Architecture, int]], source_arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

set_auto_inline_during_analysis(value: Union[bool, BoolWithConfidence])[source]
Parameters:

value (Union[bool, BoolWithConfidence]) –

set_auto_instr_highlight(addr: int, color: Union[HighlightColor, HighlightStandardColor], arch: Optional[Architecture] = None)[source]

set_auto_instr_highlight highlights the instruction at the specified address with the supplied color

Warning

Use only in analysis plugins. Do not use in regular plugins, as colors won’t be saved to the database.

Parameters:
set_auto_parameter_vars(value: Optional[Union[List[Variable], Variable, ParameterVariables]]) None[source]
Parameters:

value (Optional[Union[List[Variable], Variable, ParameterVariables]]) –

Return type:

None

set_auto_reg_stack_adjustments(value: Mapping[RegisterStackName, RegisterStackAdjustmentWithConfidence])[source]
Parameters:

value (Mapping[RegisterStackName, RegisterStackAdjustmentWithConfidence]) –

set_auto_return_regs(value: Union[RegisterSet, List[Union[RegisterName, ILRegister, RegisterIndex]]]) None[source]
Parameters:

value (Union[RegisterSet, List[Union[RegisterName, ILRegister, RegisterIndex]]]) –

Return type:

None

set_auto_return_type(value: Union[str, Type, TypeBuilder]) None[source]
Parameters:

value (Union[str, Type, TypeBuilder]) –

Return type:

None

set_auto_stack_adjustment(value: Union[int, OffsetWithConfidence]) None[source]
Parameters:

value (Union[int, OffsetWithConfidence]) –

Return type:

None

set_auto_type(value: Union[str, Type, TypeBuilder]) None[source]
Parameters:

value (Union[str, Type, TypeBuilder]) –

Return type:

None

set_call_reg_stack_adjustment(addr: int, adjust: Mapping[RegisterStackName, Union[int, RegisterStackAdjustmentWithConfidence]], arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

set_call_reg_stack_adjustment_for_reg_stack(addr: int, reg_stack: Union[RegisterStackName, ILRegisterStack, RegisterStackIndex], adjust: Union[int, RegisterStackAdjustmentWithConfidence], arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

set_call_stack_adjustment(addr: int, adjust: Union[int, OffsetWithConfidence], arch: Optional[Architecture] = None)[source]
Parameters:
set_call_type_adjustment(addr: int, adjust_type: Optional[Union[str, Type, TypeBuilder]] = None, arch: Optional[Architecture] = None) None[source]

set_call_type_adjustment sets or removes the call type override at a call site to the given type.

Parameters:

  • addr (int) – virtual address of the call instruction to adjust

  • adjust_type (str|Type|TypeBuilder) – (optional) overridden call type, or None to remove an existing adjustment

  • arch (Architecture) – (optional) Architecture of the instruction if different from self.arch

Example:
>>> # Change the current call site to no-return
>>> target = bv.get_function_at(list(filter(lambda ref: ref.address == here, current_function.call_sites))[0].mlil.dest.value.value)
>>> ft = target.type.mutable_copy()
>>> ft.can_return = False
>>> current_function.set_call_type_adjustment(here, ft)
Return type:

None

set_comment(addr: int, comment: str) None[source]

Note

Use set_comment_at instead.

Deprecated since version 3.4.3997: Use Function.set_comment_at instead.

Parameters:

  • addr (int) –

  • comment (str) –

Return type:

None

set_comment_at(addr: int, comment: str) None[source]

set_comment_at sets a comment for the current function at the address specified

Parameters:

  • addr (int) – virtual address within the current function to apply the comment to

  • comment (str) – string comment to apply

Return type:

None

Example:
>>> current_function.set_comment_at(here, "hi")
static set_default_session_data(name: str, value) None[source]
Parameters:

name (str) –

Return type:

None

set_int_display_type(instr_addr: int, value: int, operand: int, display_type: IntegerDisplayType, arch: Optional[Architecture] = None) None[source]

Change the text display type for an integer token in the disassembly or IL views

Parameters:

  • instr_addr (int) – Address of the instruction or IL line containing the token

  • value (int) – value field of the InstructionTextToken object for the token, usually the constant displayed

  • operand (int) – Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token

  • display_type (IntegerDisplayType) – Desired display type

  • arch (Architecture) – (optional) Architecture of the instruction or IL line containing the token

Return type:

None

set_user_indirect_branches(source: int, branches: List[Tuple[Architecture, int]], source_arch: Optional[Architecture] = None) None[source]
Parameters:
Return type:

None

set_user_inline_during_analysis(value: Union[bool, BoolWithConfidence])[source]
Parameters:

value (Union[bool, BoolWithConfidence]) –

set_user_instr_highlight(addr: int, color: Union[HighlightColor, HighlightStandardColor], arch: Optional[Architecture] = None)[source]

set_user_instr_highlight highlights the instruction at the specified address with the supplied color

Parameters:
Example:
>>> current_function.set_user_instr_highlight(here, HighlightStandardColor.BlueHighlightColor)
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
set_user_type(value: Union[str, Type, TypeBuilder]) None[source]
Parameters:

value (Union[str, Type, TypeBuilder]) –

Return type:

None

set_user_var_value(var: Variable, def_addr: int, value: PossibleValueSet) None[source]

set_user_var_value allows the user to specify a PossibleValueSet value for an MLIL variable at its definition site.

Warning

Setting the variable value, triggers a reanalysis of the function and allows the dataflow to compute and propagate values which depend on the current variable. This implies that branch conditions whose values can be determined statically will be computed, leading to potential branch elimination at the HLIL layer.

Parameters:

  • var (Variable) – Variable for which the value is to be set

  • def_addr (int) – Address of the definition site of the variable

  • value (PossibleValueSet) – Informed value of the variable

Return type:

None

Example:
>>> mlil_var = current_mlil[0].operands[0]
>>> def_address = 0x40108d
>>> var_value = PossibleValueSet.constant(5)
>>> current_function.set_user_var_value(mlil_var, def_address, var_value)
split_var(var: Variable) None[source]

split_var splits a varible at the definition site. The given var must be the variable unique to the definition and should be obtained by using MediumLevelILInstruction.get_split_var_for_definition at the definition site.

This function is not meant to split variables that have been previously merged. Use unmerge_vars to split previously merged variables.

Warning

Binary Ninja automatically splits all variables that the analysis determines to be safely splittable. Splitting a variable manually with split_var can cause IL and decompilation to be incorrect. There are some patterns where variables can be safely split semantically but analysis cannot determine that it is safe. This function is provided to allow variable splitting to be performed in these cases by plugins or by the user.

Parameters:

var (Variable) – variable to split

Return type:

None

unmerge_vars(target: Variable, sources: Union[List[Variable], Variable]) None[source]

unmerge_vars undoes variable merging performed with merge_vars. The variables in sources will no longer be merged into the target variable.

Parameters:
Return type:

None

unsplit_var(var: Variable) None[source]

unsplit_var undoes varible splitting performed with split_var. The given var must be the variable unique to the definition and should be obtained by using MediumLevelILInstruction.get_split_var_for_definition at the definition site.

Parameters:

var (Variable) – variable to unsplit

Return type:

None

property address_ranges: List[AddressRange]

All of the address ranges covered by a function

property address_tags: TagList

Deprecated since version 3.4.4146: Use tags instead.

property analysis_performance_info: Dict[str, int]
property analysis_skip_override: FunctionAnalysisSkipOverride

Override for skipping of automatic analysis

property analysis_skip_reason: AnalysisSkipReason

Function analysis skip reason

property analysis_skipped: bool

Whether automatic analysis was skipped for this function. Can be set to false to re-enable analysis.

property arch: Architecture

Function architecture (read-only)

property auto: bool

Whether function was automatically discovered (read-only) as a result of some creation of a ‘user’ function. ‘user’ functions may or may not have been created by a user through the or API. For instance the entry point into a function is always created a ‘user’ function. ‘user’ functions should be considered the root of auto analysis.

property auto_address_tags: List[Tuple[Architecture, int, Tag]]

Deprecated since version 3.4.4146: Use tags instead.

property auto_function_tags

Deprecated since version 3.4.4146: Use get_function_tags instead.

property basic_blocks: BasicBlockList

function.BasicBlockList of BasicBlocks in the current function (read-only)

property call_sites: List[ReferenceSource]

call_sites returns a list of possible call sites contained in this function. This includes ordinary calls, tail calls, and indirect jumps. Not all of the returned call sites are necessarily true call sites; some may simply be unresolved indirect jumps, for example.

Returns:

List of References that represent the sources of possible calls in this function

Return type:

list(ReferenceSource)

property callee_addresses: List[int]

callee_addressses returns a list of start addresses for functions that call this function. Does not point to the actual address where the call occurs, just the start of the function that contains the reference.

Returns:

List of start addresess for Functions that call this function

Return type:

list(int)

property callees: List[Function]

callees returns a list of functions that this function calls This does not include the address of those calls, rather just the function objects themselves. Use call_sites to identify the location of these calls.

Returns:

List of Functions that this function calls

Return type:

list(Function)

property caller_sites: Generator[ReferenceSource, None, None]

caller_sites returns a list of ReferenceSource objects corresponding to the addresses in functions which reference this function

Returns:

List of ReferenceSource objects of the call sites to this function

Return type:

list(ReferenceSource)

property callers: List[Function]

callers returns a list of functions that call this function Does not point to the actual address where the call occurs, just the start of the function that contains the call.

Returns:

List of Functions that call this function

Return type:

list(Function)

property calling_convention: Optional[CallingConvention]

Calling convention used by the function

property can_return: BoolWithConfidence

Whether function can return

property clobbered_regs: RegisterSet

Registers that are modified by this function

property comment: str

Gets the comment for the current function

property comments: Dict[int, str]

Dict of comments (read-only)

property components
property core_var_stack_layout: List[CoreVariable]

List of function stack variables (read-only)

property core_vars: List[CoreVariable]

List of CoreVariable objects

property explicitly_defined_type: bool

Whether function has explicitly defined types (read-only)

Deprecated since version 3.4.4049: Use Function.has_explicitly_defined_type instead.

property function_tags: List[Tag]

Deprecated since version 3.4.4146: Use get_function_tags instead.

property function_type: FunctionType

Function type object, can be set with either a string representing the function prototype (str(function) shows examples) or a Type object

Deprecated since version 3.4.3997: Use .type instead

property global_pointer_value: RegisterValue

Discovered value of the global pointer register, if the function uses one (read-only)

property has_explicitly_defined_type: bool

Whether function has explicitly defined types (read-only)

property has_unresolved_indirect_branches: bool

Has unresolved indirect branches (read-only)

property has_user_annotations: bool

Whether the function has ever been ‘user’ modified

property has_user_type: bool

True if the function has a user-defined type

property has_variable_arguments: BoolWithConfidence

Whether the function takes a variable number of arguments

property high_level_il: HighLevelILFunction

Function high level IL (read-only)

property highest_address: int

The highest (largest) virtual address contained in a function.

property hlil: HighLevelILFunction

Function high level IL (read-only)

property hlil_if_available: Optional[HighLevelILFunction]

Function high level IL, or None if not loaded (read-only)

property indirect_branches: List[IndirectBranchInfo]

List of indirect branches (read-only)

property inline_during_analysis: BoolWithConfidence

Whether the function’s IL should be inlined into all callers’ IL

property instructions: Generator[Tuple[List[InstructionTextToken], int], None, None]

A generator of instruction tokens and their start addresses for the current function

property is_thunk: bool

Returns True if the function starts with a Tailcall (read-only)

property lifted_il: LowLevelILFunction

returns LowLevelILFunction used to represent lifted IL (read-only)

property lifted_il_if_available: Optional[LowLevelILFunction]

returns LowLevelILFunction used to represent lifted IL, or None if not loaded (read-only)

property llil: LowLevelILFunction

returns LowLevelILFunction used to represent Function low level IL (read-only)

property llil_basic_blocks: Generator[LowLevelILBasicBlock, None, None]

A generator of all LowLevelILBasicBlock objects in the current function

property llil_if_available: Optional[LowLevelILFunction]

returns LowLevelILFunction used to represent Function low level IL, or None if not loaded (read-only)

property llil_instructions: Generator[LowLevelILInstruction, None, None]

Note

Use LowLevelIlFunction.instructions instead.

Deprecated since version 3.4.3997: Use LowLevelIlFunction.instructions instead.

property low_level_il: LowLevelILFunction

returns LowLevelILFunction used to represent Function low level IL (read-only)

property lowest_address: int

The lowest (smallest) virtual address contained in a function.

property mapped_medium_level_il: MediumLevelILFunction

Function mapped medium level IL (read-only)

property medium_level_il: MediumLevelILFunction

Function medium level IL (read-only)

property merged_vars: Dict[Variable, List[Variable]]

Map of merged variables, organized by target variable (read-only). Use merge_vars and unmerge_vars to update merged variables.

property mlil: MediumLevelILFunction

Function medium level IL (read-only)

property mlil_basic_blocks: Generator[MediumLevelILBasicBlock, None, None]

A generator of all MediumLevelILBasicBlock objects in the current function

property mlil_if_available: Optional[MediumLevelILFunction]

Function medium level IL, or None if not loaded (read-only)

property mlil_instructions: Generator[MediumLevelILInstruction, None, None]

Note

Use MediumLevelIlFunction.instructions instead.

Deprecated since version 3.4.3997: Use MediumLevelIlFunction.instructions instead.

property mmlil: MediumLevelILFunction

Function mapped medium level IL (read-only)

property mmlil_if_available: Optional[MediumLevelILFunction]

Function mapped medium level IL, or None if not loaded (read-only)

property name: str

Symbol name for the function

property needs_update: bool

Whether the function has analysis that needs to be updated (read-only)

property parameter_vars: ParameterVariables

List of variables for the incoming function parameters

property platform: Optional[Platform]

Function platform (read-only)

property reg_stack_adjustments: Dict[RegisterStackName, RegisterStackAdjustmentWithConfidence]

Number of entries removed from each register stack after return

property return_regs: RegisterSet

Registers that are used for the return value

property return_type: Optional[Type]

Return type of the function

property session_data: Any

Dictionary object where plugins can store arbitrary data associated with the function

property split_vars: List[Variable]

Set of variables that have been split with split_var. These variables correspond to those unique to each definition site and are obtained by using MediumLevelILInstruction.get_split_var_for_definition at the definitions.

property stack_adjustment: OffsetWithConfidence

Number of bytes removed from the stack after return

property stack_layout: List[Variable]

List of function stack variables (read-only)

property start: int

Function start address (read-only)

property symbol: CoreSymbol

Function symbol(read-only)

property tags: TagList

tags gets a TagList of all Tags in the function (but not “function tags”). Tags are returned as an iterable indexable object TagList of (arch, address, Tag) tuples.

Return type:

TagList((Architecture, int, Tag))

property too_large: bool

Whether the function is too large to automatically perform analysis (read-only)

property total_bytes: int

Total bytes of a function calculated by summing each basic_block. Because basic blocks can overlap and have gaps between them this may or may not be equivalent to a .size property.

property type: FunctionType

Function type object, can be set with either a string representing the function prototype (str(function) shows examples) or a Type object

property type_tokens: List[InstructionTextToken]

Text tokens for this function’s prototype

property unresolved_indirect_branches: List[int]

List of unresolved indirect branches (read-only)

property unresolved_stack_adjustment_graph: Optional[CoreFlowGraph]

Flow graph of unresolved stack adjustments (read-only)

property user_address_tags

Deprecated since version 3.4.4146: Use tags instead.

property user_function_tags

Deprecated since version 3.4.4146: Use get_function_tags instead.

property vars: List[Variable]

List of function variables (read-only)

property view: BinaryView

Function view (read-only)

property workflow
class HighLevelILBasicBlockList(function: Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction])[source]

Bases: BasicBlockList

Parameters:

function (Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction]) –

class ILReferenceSource(func: Union[ForwardRef('Function'), NoneType], arch: Union[ForwardRef('architecture.Architecture'), NoneType], address: int, il_type: FunctionGraphType, expr_id: int)[source]

Bases: object

Parameters:
static get_il_name(il_type: FunctionGraphType) str[source]
Parameters:

il_type (FunctionGraphType) –

Return type:

str

address: int
arch: Optional[Architecture]
expr_id: int
func: Optional[Function]
il_type: FunctionGraphType
class LowLevelILBasicBlockList(function: Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction])[source]

Bases: BasicBlockList

Parameters:

function (Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction]) –

class MediumLevelILBasicBlockList(function: Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction])[source]

Bases: BasicBlockList

Parameters:

function (Union[Function, LowLevelILFunction, MediumLevelILFunction, HighLevelILFunction]) –

class TagList(function: Function)[source]

Bases: object

Parameters:

function (Function) –

class VariableReferenceSource(var: 'variable.Variable', src: ILReferenceSource)[source]

Bases: object

Parameters:
src: ILReferenceSource
var: Variable