Bytes
Classes:
-
ByteFlags–Byte flag constants for flag checking operations.
-
Bytes–Handles operations related to raw data access from the IDA database.
-
DataTypeFlags–Data type flags for creating data items.
-
SearchFlags–Search flags for text and pattern searching.
-
StringType–String type constants for string operations.
Bases: IntEnum
Byte flag constants for flag checking operations.
Attributes:
-
ALIGN– -
BYTE– -
CODE– -
COMM– -
DATA– -
DOUBLE– -
DWORD– -
FLOAT– -
FLOW– -
LABL– -
LINE– -
NAME– -
QWORD– -
REF– -
STRLIT– -
STRUCT– -
TAIL– -
UNK– -
WORD–
class-attribute
instance-attribute
ALIGN = FF_ALIGN
class-attribute
instance-attribute
BYTE = FF_BYTE
class-attribute
instance-attribute
CODE = FF_CODE
class-attribute
instance-attribute
COMM = FF_COMM
class-attribute
instance-attribute
DATA = FF_DATA
class-attribute
instance-attribute
DOUBLE = FF_DOUBLE
class-attribute
instance-attribute
DWORD = FF_DWORD
class-attribute
instance-attribute
FLOAT = FF_FLOAT
class-attribute
instance-attribute
FLOW = FF_FLOW
class-attribute
instance-attribute
LABL = FF_LABL
class-attribute
instance-attribute
LINE = FF_LINE
class-attribute
instance-attribute
NAME = FF_NAME
class-attribute
instance-attribute
QWORD = FF_QWORD
class-attribute
instance-attribute
REF = FF_REF
class-attribute
instance-attribute
STRLIT = FF_STRLIT
class-attribute
instance-attribute
STRUCT = FF_STRUCT
class-attribute
instance-attribute
TAIL = FF_TAIL
class-attribute
instance-attribute
UNK = FF_UNK
class-attribute
instance-attribute
WORD = FF_WORD
Bytes(database: 'Database')
Handles operations related to raw data access from the IDA database.
This class provides methods to read various data types (bytes, words, floats, etc.) from memory addresses in the disassembled binary.
Constructs a bytes handler for the given database.
Args: database: Reference to the active IDA database.
Methods:
-
check_flags–Checks if the specified flags are set at the given address.
-
find_bytes–Finds a byte pattern in memory.
-
find_immediate–Finds an immediate value in instructions.
-
find_text–Finds a text string in memory.
-
get_byte–Retrieves a single byte (8 bits) at the specified address.
-
get_cstring–Gets a C-style null-terminated string.
-
get_data_size–Gets the size of the data item at the specified address.
-
get_data_type–Gets the data type at the specified address.
-
get_data_type_from_flags–Gets the data type string from flags using ByteFlags enum.
-
get_disassembly–Retrieves the disassembly text at the specified address.
-
get_double–Retrieves a double-precision floating-point value at the specified address.
-
get_dword–Retrieves a double word (32 bits/4 bytes) at the specified address.
-
get_flags–Gets the flags for the specified address.
-
get_float–Retrieves a single-precision floating-point value at the specified address.
-
get_original_byte–Get original byte value (that was before patching).
-
get_original_bytes–Gets the original bytes before any patches by reading individual bytes.
-
get_original_dword–Get original dword value (that was before patching).
-
get_original_qword–Get original qword value (that was before patching).
-
get_original_word–Get original word value (that was before patching).
-
get_qword–Retrieves a quad word (64 bits/8 bytes) at the specified address.
-
get_string–Gets a string from the specified address.
-
get_unicode_string–Gets a Unicode string from the specified address.
-
get_word–Retrieves a word (16 bits/2 bytes) at the specified address.
-
has_any_flags–Checks if any of the specified flags are set at the given address.
-
has_user_name–Checks if the address has a user-defined name.
-
is_code–Checks if the address contains code.
-
is_data–Checks if the address contains data.
-
is_head–Checks if the address is the start of a data item.
-
is_tail–Checks if the address is part of a multi-byte data item.
-
is_unknown–Checks if the address contains unknown/undefined data.
-
make_array–Converts data at address to array type.
-
make_byte–Converts data at address to byte type.
-
make_dword–Converts data at address to double word type.
-
make_qword–Converts data at address to quad word type.
-
make_string–Converts data at address to string type.
-
make_word–Converts data at address to word type.
-
next_addr–Gets the next valid address after the specified address.
-
next_head–Gets the next head (start of data item) after the specified address.
-
patch_byte–Patch a byte of the program.
-
patch_bytes–Patch the specified number of bytes of the program.
-
patch_dword–Patch a dword of the program.
-
patch_qword–Patch a qword of the program.
-
patch_word–Patch a word of the program.
-
prev_addr–Gets the previous valid address before the specified address.
-
prev_head–Gets the previous head (start of data item) before the specified address.
-
revert_byte–Revert patched byte to its original value.
-
set_byte–Sets a byte value at the specified address.
-
set_bytes–Sets a sequence of bytes at the specified address.
-
set_dword–Sets a double word (4 bytes) value at the specified address.
-
set_flags–Sets the flags for the specified address.
-
set_qword–Sets a quad word (8 bytes) value at the specified address.
-
set_word–Sets a word (2 bytes) value at the specified address.
Attributes:
instance-attribute
m_database = database
check_flags(ea: ea_t, flag_mask: ByteFlags) -> bool
Checks if the specified flags are set at the given address.
Args: ea: The effective address. flag_mask: ByteFlags enum value(s) to check.
Returns: True if all specified flags are set, False otherwise.
find_bytes(
pattern: bytes,
start_ea: ea_t = None,
end_ea: ea_t = None,
) -> ea_t | None
Finds a byte pattern in memory.
Args: pattern: Byte pattern to search for. start_ea: Start address for search. end_ea: End address for search.
Returns: Address where pattern was found, or None if not found.
find_immediate(
value: int, start_ea: ea_t = None, end_ea: ea_t = None
) -> ea_t | None
Finds an immediate value in instructions.
Args: value: Immediate value to search for. start_ea: Start address for search. end_ea: End address for search.
Returns: Address where immediate was found, or None if not found.
find_text(
text: str,
start_ea: ea_t = None,
end_ea: ea_t = None,
flags: SearchFlags = DOWN,
) -> ea_t | None
Finds a text string in memory.
Args: text: Text to search for. start_ea: Start address for search. end_ea: End address for search. flags: Search flags (default: SearchFlags.DOWN).
Returns: Address where text was found, or None if not found.
get_byte(ea: ea_t) -> int | None
Retrieves a single byte (8 bits) at the specified address.
Args: ea: The effective address.
Returns: The byte value (0-255), or None if an error occurs.
get_cstring(
ea: ea_t, max_length: int = 1024
) -> Tuple[bool, str]
Gets a C-style null-terminated string.
Args: ea: The effective address. max_length: Maximum string length to read (default: 1024).
Returns: A pair of (success flag, string).
get_data_size(ea: ea_t) -> int
Gets the size of the data item at the specified address.
Args: ea: The effective address.
Returns: Size of the data item in bytes.
get_data_type(ea: ea_t) -> str
Gets the data type at the specified address.
Args: ea: The effective address.
Returns: String representation of the data type.
get_data_type_from_flags(flags: int) -> str
Gets the data type string from flags using ByteFlags enum.
Args: flags: Flags value to analyze.
Returns: String representation of the data type.
get_disassembly(ea: ea_t) -> str | None
Retrieves the disassembly text at the specified address.
Args: ea: The effective address.
Returns: The disassembly string, or None if an error occurs.
get_double(ea: ea_t) -> float | None
Retrieves a double-precision floating-point value at the specified address.
Args: ea: The effective address.
Returns: The double value, or None if an error occurs.
get_dword(ea: ea_t) -> int | None
Retrieves a double word (32 bits/4 bytes) at the specified address.
Args: ea: The effective address.
Returns: The dword value, or None if an error occurs.
get_flags(ea: ea_t) -> int
Gets the flags for the specified address.
Args: ea: The effective address.
Returns: Flags value.
get_float(ea: ea_t) -> float | None
Retrieves a single-precision floating-point value at the specified address.
Args: ea: The effective address.
Returns: The float value, or None if an error occurs.
get_original_byte(ea: ea_t) -> int | None
Get original byte value (that was before patching).
Args: ea: The effective address.
Returns: The original byte value, or None if an error occurs.
get_original_bytes(
ea: ea_t, size: int
) -> Tuple[bool, bytes]
Gets the original bytes before any patches by reading individual bytes.
Args: ea: The effective address. size: Number of bytes to read.
Returns: A pair of (success flag, original bytes).
get_original_dword(ea: ea_t) -> int | None
Get original dword value (that was before patching).
Args: ea: The effective address.
Returns: The original dword value, or None if an error occurs.
get_original_qword(ea: ea_t) -> int | None
Get original qword value (that was before patching).
Args: ea: The effective address.
Returns: The original qword value, or None if an error occurs.
get_original_word(ea: ea_t) -> int | None
Get original word value (that was before patching).
Args: ea: The effective address.
Returns: The original word value, or None if an error occurs.
get_qword(ea: ea_t) -> int | None
Retrieves a quad word (64 bits/8 bytes) at the specified address.
Args: ea: The effective address.
Returns: The qword value, or None if an error occurs.
get_string(
ea: ea_t, max_length: int = None
) -> Tuple[bool, str]
Gets a string from the specified address.
Args: ea: The effective address. max_length: Maximum string length to read.
Returns: A pair of (success flag, string).
get_unicode_string(
ea: ea_t, max_length: int = None
) -> Tuple[bool, str]
Gets a Unicode string from the specified address.
Args: ea: The effective address. max_length: Maximum string length to read.
Returns: A pair of (success flag, string).
get_word(ea: ea_t) -> int | None
Retrieves a word (16 bits/2 bytes) at the specified address.
Args: ea: The effective address.
Returns: The word value, or None if an error occurs.
has_any_flags(ea: ea_t, flag_mask: ByteFlags) -> bool
Checks if any of the specified flags are set at the given address.
Args: ea: The effective address. flag_mask: ByteFlags enum value(s) to check.
Returns: True if any of the specified flags are set, False otherwise.
has_user_name(ea: ea_t) -> bool
Checks if the address has a user-defined name.
Args: ea: The effective address.
Returns: True if has user name, False otherwise.
is_code(ea: ea_t) -> bool
Checks if the address contains code.
Args: ea: The effective address.
Returns: True if code, False otherwise.
is_data(ea: ea_t) -> bool
Checks if the address contains data.
Args: ea: The effective address.
Returns: True if data, False otherwise.
is_head(ea: ea_t) -> bool
Checks if the address is the start of a data item.
Args: ea: The effective address.
Returns: True if head, False otherwise.
is_tail(ea: ea_t) -> bool
Checks if the address is part of a multi-byte data item.
Args: ea: The effective address.
Returns: True if tail, False otherwise.
is_unknown(ea: ea_t) -> bool
Checks if the address contains unknown/undefined data.
Args: ea: The effective address.
Returns: True if unknown, False otherwise.
make_array(ea: ea_t, element_size: int, count: int) -> bool
Converts data at address to array type.
Args: ea: The effective address. element_size: Size of each array element. count: Number of elements.
Returns: True if successful, False otherwise.
make_byte(ea: ea_t) -> bool
Converts data at address to byte type.
Args: ea: The effective address.
Returns: True if successful, False otherwise.
make_dword(ea: ea_t) -> bool
Converts data at address to double word type.
Args: ea: The effective address.
Returns: True if successful, False otherwise.
make_qword(ea: ea_t) -> bool
Converts data at address to quad word type.
Args: ea: The effective address.
Returns: True if successful, False otherwise.
make_string(
ea: ea_t,
length: int = None,
string_type: StringType = C,
) -> bool
Converts data at address to string type.
Args: ea: The effective address. length: String length (auto-detect if None). string_type: String type (default: StringType.C).
Returns: True if successful, False otherwise.
make_word(ea: ea_t) -> bool
Converts data at address to word type.
Args: ea: The effective address.
Returns: True if successful, False otherwise.
next_addr(ea: ea_t) -> ea_t
Gets the next valid address after the specified address.
Args: ea: The effective address.
Returns: Next valid address.
next_head(ea: ea_t, max_ea: ea_t = None) -> ea_t
Gets the next head (start of data item) after the specified address.
Args: ea: The effective address. max_ea: Maximum address to search.
Returns: Address of next head, or BADADDR if not found.
patch_byte(ea: ea_t, value: int) -> bool
Patch a byte of the program. The original value is saved and can be obtained by get_original_byte().
Args: ea: The effective address. value: Byte value to patch.
Returns: True if the database has been modified, False otherwise.
patch_bytes(ea: ea_t, data: bytes) -> bool
Patch the specified number of bytes of the program. Original values are saved and available with get_original_bytes().
Args: ea: The effective address. data: Bytes to patch.
Returns: True if successful, False otherwise.
patch_dword(ea: ea_t, value: int) -> bool
Patch a dword of the program. The original value is saved and can be obtained by get_original_dword().
Args: ea: The effective address. value: Dword value to patch.
Returns: True if the database has been modified, False otherwise.
patch_qword(ea: ea_t, value: int) -> bool
Patch a qword of the program. The original value is saved and can be obtained by get_original_qword().
Args: ea: The effective address. value: Qword value to patch.
Returns: True if the database has been modified, False otherwise.
patch_word(ea: ea_t, value: int) -> bool
Patch a word of the program. The original value is saved and can be obtained by get_original_word().
Args: ea: The effective address. value: Word value to patch.
Returns: True if the database has been modified, False otherwise.
prev_addr(ea: ea_t) -> ea_t
Gets the previous valid address before the specified address.
Args: ea: The effective address.
Returns: Previous valid address.
prev_head(ea: ea_t, min_ea: ea_t = None) -> ea_t
Gets the previous head (start of data item) before the specified address.
Args: ea: The effective address. min_ea: Minimum address to search.
Returns: Address of previous head, or BADADDR if not found.
revert_byte(ea: ea_t) -> bool
Revert patched byte to its original value.
Args: ea: The effective address.
Returns: True if byte was patched before and reverted now, False otherwise.
set_byte(ea: ea_t, value: int) -> bool
Sets a byte value at the specified address.
Args: ea: The effective address. value: Byte value to set.
Returns: True if successful, False otherwise.
set_bytes(ea: ea_t, data: bytes) -> bool
Sets a sequence of bytes at the specified address.
Args: ea: The effective address. data: Bytes to write.
Returns: True if successful, False otherwise.
set_dword(ea: ea_t, value: int) -> bool
Sets a double word (4 bytes) value at the specified address.
Args: ea: The effective address. value: Double word value to set.
Returns: True if successful, False otherwise.
set_flags(ea: ea_t, flags: int) -> bool
Sets the flags for the specified address.
Args: ea: The effective address. flags: Flags to set.
Returns: True if successful, False otherwise.
set_qword(ea: ea_t, value: int) -> bool
Sets a quad word (8 bytes) value at the specified address.
Args: ea: The effective address. value: Quad word value to set.
Returns: True if successful, False otherwise.
set_word(ea: ea_t, value: int) -> bool
Sets a word (2 bytes) value at the specified address.
Args: ea: The effective address. value: Word value to set.
Returns: True if successful, False otherwise.
Bases: IntEnum
Data type flags for creating data items.
Attributes:
class-attribute
instance-attribute
BYTE = byte_flag()
class-attribute
instance-attribute
DOUBLE = double_flag()
class-attribute
instance-attribute
DWORD = dword_flag()
class-attribute
instance-attribute
FLOAT = float_flag()
class-attribute
instance-attribute
QWORD = qword_flag()
class-attribute
instance-attribute
WORD = word_flag()
Bases: IntFlag
Search flags for text and pattern searching.
Attributes:
class-attribute
instance-attribute
BRK = SEARCH_BRK
class-attribute
instance-attribute
CASE = SEARCH_CASE
class-attribute
instance-attribute
DOWN = SEARCH_DOWN
class-attribute
instance-attribute
IDENT = SEARCH_IDENT
class-attribute
instance-attribute
NOBRK = SEARCH_NOBRK
class-attribute
instance-attribute
NOSHOW = SEARCH_NOSHOW
class-attribute
instance-attribute
REGEX = SEARCH_REGEX
class-attribute
instance-attribute
UP = SEARCH_UP
Bases: IntEnum
String type constants for string operations.
Attributes:
class-attribute
instance-attribute
C = STRTYPE_C
class-attribute
instance-attribute
C16 = STRTYPE_C_16
class-attribute
instance-attribute
C32 = STRTYPE_C_32
class-attribute
instance-attribute
LEN2 = STRTYPE_LEN2
class-attribute
instance-attribute
LEN4 = STRTYPE_LEN4
class-attribute
instance-attribute
PASCAL = STRTYPE_PASCAL
class-attribute
instance-attribute
TERMCHR = STRTYPE_TERMCHR