Bytes
Classes:
-
ByteFlags–Byte flag constants for flag checking operations.
-
Bytes–Handles operations related to raw data access from the IDA database.
-
NoValueError–Raised when a read operation is attempted on an uninitialized address.
-
SearchFlags–Search flags for text and pattern searching.
-
StringType–String type constants for string operations.
-
UnsupportedValueError–Raised when a read operation is attempted on a value which has an unsupported format.
Bases: IntFlag
Byte flag constants for flag checking operations.
Attributes:
-
ALIGN–Data Type Flag: Alignment directive
-
ANYNAME–Composite Flags: Has name or dummy name?
-
BNOT–Common State Information: Bitwise negation of operands
-
BYTE–Data Type Flag: Byte
-
CODE–Item State Flags: Code?
-
COMM–Common State Information: Has comment?
-
CUSTOM–Data Type Flag: Custom data type
-
DATA–Item State Flags: Data?
-
DOUBLE–Data Type Flag: Double
-
DWORD–Data Type Flag: Double word
-
FLOAT–Data Type Flag: Float
-
FLOW–Common State Information: Exec flow from prev instruction
-
FUNC–Code-Specific Flags: Function start?
-
IMMD–Code-Specific Flags: Has immediate value?
-
IVL–Value and Initialization: Byte has value.
-
JUMP–Code-Specific Flags: Has jump table or switch_info?
-
LABL–Common State Information: Has dummy name?
-
LINE–Common State Information: Has next or prev lines?
-
MS_VAL–Value and Initialization: Mask for byte value.
-
NAME–Common State Information: Has name?
-
N_CHAR–Operand Type Flags: Char ('x')?
-
N_CUST–Operand Type Flags: Custom representation?
-
N_ENUM–Operand Type Flags: Enumeration?
-
N_FLT–Operand Type Flags: Floating point number?
-
N_FOP–Operand Type Flags: Forced operand?
-
N_NUMB–Operand Type Flags: Binary number?
-
N_NUMD–Operand Type Flags: Decimal number?
-
N_NUMH–Operand Type Flags: Hexadecimal number?
-
N_NUMO–Operand Type Flags: Octal number?
-
N_OFF–Operand Type Flags: Offset?
-
N_SEG–Operand Type Flags: Segment?
-
N_STK–Operand Type Flags: Stack variable?
-
N_STRO–Operand Type Flags: Struct offset?
-
N_VOID–Operand Type Flags: Void (unknown)?
-
OWORD–Data Type Flag: Octaword/XMM word (16 bytes)
-
PACKREAL–Data Type Flag: Packed decimal real
-
QWORD–Data Type Flag: Quad word
-
REF–Common State Information: Has references
-
SIGN–Common State Information: Inverted sign of operands
-
STRLIT–Data Type Flag: String literal
-
STRUCT–Data Type Flag: Struct variable
-
TAIL–Tail?
-
TBYTE–Data Type Flag: TByte
-
UNK–Item State Flags: Unknown?
-
UNUSED–Common State Information: Unused bit
-
WORD–Data Type Flag: Word
-
YWORD–Data Type Flag: YMM word (32 bytes)
-
ZWORD–Data Type Flag: ZMM word (64 bytes)
class-attribute
instance-attribute
ALIGN = FF_ALIGN
Data Type Flag: Alignment directive
class-attribute
instance-attribute
ANYNAME = FF_ANYNAME
Composite Flags: Has name or dummy name?
class-attribute
instance-attribute
BNOT = FF_BNOT
Common State Information: Bitwise negation of operands
class-attribute
instance-attribute
BYTE = FF_BYTE
Data Type Flag: Byte
class-attribute
instance-attribute
CODE = FF_CODE
Item State Flags: Code?
class-attribute
instance-attribute
COMM = FF_COMM
Common State Information: Has comment?
class-attribute
instance-attribute
CUSTOM = FF_CUSTOM
Data Type Flag: Custom data type
class-attribute
instance-attribute
DATA = FF_DATA
Item State Flags: Data?
class-attribute
instance-attribute
DOUBLE = FF_DOUBLE
Data Type Flag: Double
class-attribute
instance-attribute
DWORD = FF_DWORD
Data Type Flag: Double word
class-attribute
instance-attribute
FLOAT = FF_FLOAT
Data Type Flag: Float
class-attribute
instance-attribute
FLOW = FF_FLOW
Common State Information: Exec flow from prev instruction
class-attribute
instance-attribute
FUNC = FF_FUNC
Code-Specific Flags: Function start?
class-attribute
instance-attribute
IMMD = FF_IMMD
Code-Specific Flags: Has immediate value?
class-attribute
instance-attribute
IVL = FF_IVL
Value and Initialization: Byte has value.
class-attribute
instance-attribute
JUMP = FF_JUMP
Code-Specific Flags: Has jump table or switch_info?
class-attribute
instance-attribute
LABL = FF_LABL
Common State Information: Has dummy name?
class-attribute
instance-attribute
LINE = FF_LINE
Common State Information: Has next or prev lines?
class-attribute
instance-attribute
MS_VAL = MS_VAL
Value and Initialization: Mask for byte value.
class-attribute
instance-attribute
NAME = FF_NAME
Common State Information: Has name?
class-attribute
instance-attribute
N_CHAR = FF_N_CHAR
Operand Type Flags: Char ('x')?
class-attribute
instance-attribute
N_CUST = FF_N_CUST
Operand Type Flags: Custom representation?
class-attribute
instance-attribute
N_ENUM = FF_N_ENUM
Operand Type Flags: Enumeration?
class-attribute
instance-attribute
N_FLT = FF_N_FLT
Operand Type Flags: Floating point number?
class-attribute
instance-attribute
N_FOP = FF_N_FOP
Operand Type Flags: Forced operand?
class-attribute
instance-attribute
N_NUMB = FF_N_NUMB
Operand Type Flags: Binary number?
class-attribute
instance-attribute
N_NUMD = FF_N_NUMD
Operand Type Flags: Decimal number?
class-attribute
instance-attribute
N_NUMH = FF_N_NUMH
Operand Type Flags: Hexadecimal number?
class-attribute
instance-attribute
N_NUMO = FF_N_NUMO
Operand Type Flags: Octal number?
class-attribute
instance-attribute
N_OFF = FF_N_OFF
Operand Type Flags: Offset?
class-attribute
instance-attribute
N_SEG = FF_N_SEG
Operand Type Flags: Segment?
class-attribute
instance-attribute
N_STK = FF_N_STK
Operand Type Flags: Stack variable?
class-attribute
instance-attribute
N_STRO = FF_N_STRO
Operand Type Flags: Struct offset?
class-attribute
instance-attribute
N_VOID = FF_N_VOID
Operand Type Flags: Void (unknown)?
class-attribute
instance-attribute
OWORD = FF_OWORD
Data Type Flag: Octaword/XMM word (16 bytes)
class-attribute
instance-attribute
PACKREAL = FF_PACKREAL
Data Type Flag: Packed decimal real
class-attribute
instance-attribute
QWORD = FF_QWORD
Data Type Flag: Quad word
class-attribute
instance-attribute
REF = FF_REF
Common State Information: Has references
class-attribute
instance-attribute
SIGN = FF_SIGN
Common State Information: Inverted sign of operands
class-attribute
instance-attribute
STRLIT = FF_STRLIT
Data Type Flag: String literal
class-attribute
instance-attribute
STRUCT = FF_STRUCT
Data Type Flag: Struct variable
class-attribute
instance-attribute
TAIL = FF_TAIL
Tail?
class-attribute
instance-attribute
TBYTE = FF_TBYTE
Data Type Flag: TByte
class-attribute
instance-attribute
UNK = FF_UNK
Item State Flags: Unknown?
class-attribute
instance-attribute
UNUSED = FF_UNUSED
Common State Information: Unused bit
class-attribute
instance-attribute
WORD = FF_WORD
Data Type Flag: Word
class-attribute
instance-attribute
YWORD = FF_YWORD
Data Type Flag: YMM word (32 bytes)
class-attribute
instance-attribute
ZWORD = FF_ZWORD
Data Type Flag: ZMM word (64 bytes)
Bytes(database: Database)
Bases: DatabaseEntity
Handles operations related to raw data access from the IDA database.
This class provides methods to read various data types (bytes, words, floats, etc.) from memory addresses in the disassembled binary.
Args: database: Reference to the active IDA database.
Methods:
-
check_flags_at–Checks if the specified flags are set at the given address.
-
create_alignment_at–Create an alignment item.
-
create_byte_at–Creates byte data items at consecutive addresses starting from the specified address.
-
create_double_at–Creates double data items at consecutive addresses starting from the specified address.
-
create_dword_at–Creates dword data items at consecutive addresses starting from the specified address.
-
create_float_at–Creates float data items at consecutive addresses starting from the specified address.
-
create_oword_at–Creates oword data items at consecutive addresses starting from the specified address.
-
create_packed_real_at–Creates packed real data items at consecutive addresses starting
-
create_qword_at–Creates qword data items at consecutive addresses starting from the specified address.
-
create_string_at–Converts data at address to string type.
-
create_struct_at–Creates struct data items at consecutive addresses starting from the specified address.
-
create_tbyte_at–Creates tbyte data items at consecutive addresses starting from the specified address.
-
create_word_at–Creates word data items at consecutive addresses starting from the specified address.
-
create_yword_at–Creates yword data items at consecutive addresses starting from the specified address.
-
create_zword_at–Creates zword data items at consecutive addresses starting from the specified address.
-
delete_value_at–Delete value from flags. The corresponding address becomes uninitialized.
-
find_bytes_between–Finds a byte pattern in memory.
-
find_immediate_between–Finds an immediate value in instructions.
-
find_text_between–Finds a text string in memory.
-
get_all_flags_at–Gets all the full flags for the specified address.
-
get_byte_at–Retrieves a single byte (8 bits) at the specified address.
-
get_bytes_at–Gets the specified number of bytes of the program.
-
get_cstring_at–Gets a C-style null-terminated string.
-
get_data_size_at–Gets the size of the data item at the specified address.
-
get_disassembly_at–Retrieves the disassembly text at the specified address.
-
get_double_at–Retrieves a double-precision floating-point value at the specified address.
-
get_dword_at–Retrieves a double word (32 bits/4 bytes) at the specified address.
-
get_flags_at–Gets the flags for the specified address masked with IVL and MS_VAL
-
get_float_at–Retrieves a single-precision floating-point value at the specified address.
-
get_next_addr–Gets the next valid address after the specified address.
-
get_next_head–Gets the next head (start of data item) after the specified address.
-
get_original_byte_at–Get original byte value (that was before patching).
-
get_original_bytes_at–Gets the original bytes before any patches by reading individual bytes.
-
get_original_dword_at–Get original dword value (that was before patching).
-
get_original_qword_at–Get original qword value (that was before patching).
-
get_original_word_at–Get original word value (that was before patching).
-
get_prev_addr–Gets the previous valid address before the specified address.
-
get_prev_head–Gets the previous head (start of data item) before the specified address.
-
get_qword_at–Retrieves a quad word (64 bits/8 bytes) at the specified address.
-
get_string_at–Gets a string from the specified address.
-
get_word_at–Retrieves a word (16 bits/2 bytes) at the specified address.
-
has_any_flags_at–Checks if any of the specified flags are set at the given address.
-
has_user_name_at–Checks if the address has a user-defined name.
-
is_alignment_at–Checks if the address contains an alignment directive.
-
is_byte_at–Checks if the address contains a byte data type.
-
is_code_at–Checks if the address contains code.
-
is_data_at–Checks if the address contains data.
-
is_double_at–Checks if the address contains a double data type.
-
is_dword_at–Checks if the address contains a dword data type.
-
is_float_at–Checks if the address contains a float data type.
-
is_flowed_at–Does the previous instruction exist and pass execution flow to the current byte?
-
is_forced_operand_at–Is operand manually defined?
-
is_head_at–Checks if the address is the start of a data item.
-
is_manual_insn_at–Is the instruction overridden?
-
is_not_tail_at–Checks if the address is not a tail byte.
-
is_oword_at–Checks if the address contains an oword data type.
-
is_packed_real_at–Checks if the address contains a packed real data type.
-
is_qword_at–Checks if the address contains a qword data type.
-
is_string_literal_at–Checks if the address contains a string literal data type.
-
is_struct_at–Checks if the address contains a struct data type.
-
is_tail_at–Checks if the address is part of a multi-byte data item.
-
is_tbyte_at–Checks if the address contains a tbyte data type.
-
is_unknown_at–Checks if the address contains unknown/undefined data.
-
is_value_initialized_at–Check if the value at the specified address is initialized
-
is_word_at–Checks if the address contains a word data type.
-
is_yword_at–Checks if the address contains a yword data type.
-
is_zword_at–Checks if the address contains a zword data type.
-
patch_byte_at–Patch a byte of the program.
-
patch_bytes_at–Patch the specified number of bytes of the program.
-
patch_dword_at–Patch a dword of the program.
-
patch_qword_at–Patch a qword of the program.
-
patch_word_at–Patch a word of the program.
-
revert_byte_at–Revert patched byte to its original value.
-
set_byte_at–Sets a byte value at the specified address.
-
set_bytes_at–Sets a sequence of bytes at the specified address.
-
set_dword_at–Sets a double word (4 bytes) value at the specified address.
-
set_qword_at–Sets a quad word (8 bytes) value at the specified address.
-
set_word_at–Sets a word (2 bytes) value at the specified address.
Attributes:
-
database(Database) –Get the database reference, guaranteed to be non-None when called from
-
m_database–
property
database: Database
Get the database reference, guaranteed to be non-None when called from methods decorated with @check_db_open.
Returns: The active database instance.
Note: This property should only be used in methods decorated with @check_db_open, which ensures m_database is not None.
instance-attribute
m_database = database
check_flags_at(ea: ea_t, flag_mask: ByteFlags) -> bool
Checks if the specified flags are set at the given address.
Args: ea: The effective address. flag_mask: ByteFlags enum value(s) to check.
Returns: True if all specified flags are set, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
create_alignment_at(
ea: ea_t, length: int, alignment: int
) -> bool
Create an alignment item.
Args: ea: The effective address. length: Size of the item in bytes. 0 means to infer from alignment. alignment: Alignment exponent. Example: 3 means align to 8 bytes, 0 means to infer from length.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If length or alignment are invalid.
create_byte_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates byte data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating bytes. count: Number of consecutive byte elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_double_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates double data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating doubles. count: Number of consecutive double elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_dword_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates dword data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating dwords. count: Number of consecutive dword elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_float_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates float data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating floats. count: Number of consecutive float elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_oword_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates oword data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating owords. count: Number of consecutive oword elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_packed_real_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates packed real data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating packed reals. count: Number of consecutive packed real elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_qword_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates qword data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating qwords. count: Number of consecutive qword elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_string_at(
ea: ea_t,
length: Optional[int] = None,
string_type: StringType = C,
) -> bool
Converts data at address to string type.
Args: ea: The effective address. length: String length (auto-detect if None). string_type: String type (default: StringType.C).
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If length is specified but not positive.
create_struct_at(
ea: ea_t, count: int, tid: int, force: bool = False
) -> bool
Creates struct data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating structs. count: Number of consecutive struct elements to create. tid: Structure type ID. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive or tid is invalid.
Example: til = ida_typeinf.tinfo_t() ida_typeinf.parse_decl(til, None, 'struct Point {int x; int y;};', 0) til.set_named_type(None, 'my_struct') db.bytes.create_struct_at(ea, 1, til.get_tid())
create_tbyte_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates tbyte data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating tbytes. count: Number of consecutive tbyte elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_word_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates word data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating words. count: Number of consecutive word elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_yword_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates yword data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating ywords. count: Number of consecutive yword elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
create_zword_at(
ea: ea_t, count: int = 1, force: bool = False
) -> bool
Creates zword data items at consecutive addresses starting from the specified address.
Args: ea: The effective address to start creating zwords. count: Number of consecutive zword elements to create. force: Forces creation overriding an existing item if there is one.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If count is not positive.
delete_value_at(ea: ea_t) -> None
Delete value from flags. The corresponding address becomes uninitialized.
Args: ea: The effective address.
Raises: InvalidEAError: If the effective address is invalid.
find_bytes_between(
pattern: bytes,
start_ea: ea_t = None,
end_ea: ea_t = None,
) -> ea_t | None
Finds a byte pattern in memory.
Args: pattern: Byte pattern to search for. start_ea: Search start address; defaults to database minimum ea if None end_ea: Search end address; defaults to database maximum ea if None
Returns: Address where pattern was found, or None if not found.
Raises: InvalidParameterError: If pattern or interval are invalid. InvalidEAError: If start_ea or end_ea are specified but invalid.
find_immediate_between(
value: int, start_ea: ea_t = None, end_ea: ea_t = None
) -> ea_t | None
Finds an immediate value in instructions.
Args: value: Immediate value to search for. start_ea: Search start address; defaults to database minimum ea if None end_ea: Search end address; defaults to database maximum ea if None
Returns: Address where immediate was found, or None if not found.
Raises: InvalidParameterError: If value is not an integer. InvalidEAError: If start_ea or end_ea are specified but invalid.
find_text_between(
text: str,
start_ea: ea_t = None,
end_ea: ea_t = None,
flags: SearchFlags = DOWN,
) -> ea_t | None
Finds a text string in memory.
Args: text: Text to search for. start_ea: Search Start address; defaults to database minimum ea if None end_ea: Search end address; defaults to database maximum ea if None flags: Search flags (default: SearchFlags.DOWN).
Returns: Address where text was found, or None if not found.
Raises: InvalidParameterError: If text or interval are invalid. InvalidEAError: If start_ea or end_ea are specified but invalid.
get_all_flags_at(ea: ea_t) -> ByteFlags
Gets all the full flags for the specified address.
Args: ea: The effective address.
Returns: ByteFlags enum value representing the full flags.
Raises: InvalidEAError: If the effective address is invalid.
get_byte_at(
ea: ea_t, allow_uninitialized: bool = False
) -> int
Retrieves a single byte (8 bits) at the specified address.
Args: ea: The effective address. allow_uninitialized: If True, allows reading addresses with uninitialized values.
Returns: The byte value (0-255).
Raises: InvalidEAError: If the effective address is invalid. NoValueError: If allow_uninitialized is False and the address contains an uninitialized value.
get_bytes_at(ea: ea_t, size: int) -> bytes | None
Gets the specified number of bytes of the program.
Args: ea: The effective address. size: Number of bytes to read.
Returns: The bytes (as bytes object), or None in case of failure
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If size is not positive.
get_cstring_at(
ea: ea_t, max_length: int = 1024
) -> str | None
Gets a C-style null-terminated string.
Args: ea: The effective address. max_length: Maximum string length to read (default: 1024).
Returns: The string if it was successfully extracted or None in case of error
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If max_length is not positive.
get_data_size_at(ea: ea_t) -> int
Gets the size of the data item at the specified address.
Args: ea: The effective address.
Returns: Size of the data item in bytes.
Raises: InvalidEAError: If the effective address is invalid.
get_disassembly_at(
ea: ea_t, remove_tags: bool = True
) -> str | None
Retrieves the disassembly text at the specified address.
Args: ea: The effective address. remove_tags: If True, removes IDA color/formatting tags from the output.
Returns: The disassembly string, or None if an error occurs.
Raises: InvalidEAError: If the effective address is invalid.
get_double_at(
ea: ea_t, allow_uninitialized: bool = False
) -> float | None
Retrieves a double-precision floating-point value at the specified address.
Best-effort implementation that may fail on some architectures or non-standard floating-point formats.
Args: ea: The effective address. allow_uninitialized: If True, allows reading addresses with uninitialized values.
Returns: The double value, or None if an error occurs.
Raises: InvalidEAError: If the effective address is invalid. NoValueError: If allow_uninitialized is False and the address contains an uninitialized value. UnsupportedValueError: If the floating-point format is not supported
Note: Only works for standard IEEE 754 32-bit and 64-bit floats. May not work on embedded systems or architectures with custom floating-point representations.
get_dword_at(
ea: ea_t, allow_uninitialized: bool = False
) -> int
Retrieves a double word (32 bits/4 bytes) at the specified address.
Args: ea: The effective address. allow_uninitialized: If True, allows reading addresses with uninitialized values.
Returns: The dword value.
Raises: InvalidEAError: If the effective address is invalid. NoValueError: If allow_uninitialized is False and the address contains an uninitialized value.
get_flags_at(ea: ea_t) -> ByteFlags
Gets the flags for the specified address masked with IVL and MS_VAL
Args: ea: The effective address.
Returns: ByteFlags enum value representing the flags.
Raises: InvalidEAError: If the effective address is invalid.
get_float_at(
ea: ea_t, allow_uninitialized: bool = False
) -> float | None
Retrieves a single-precision floating-point value at the specified address.
Best-effort implementation that may fail on some architectures or non-standard floating-point formats.
Args: ea: The effective address. allow_uninitialized: If True, allows reading addresses with uninitialized values.
Returns: The float value, or None if an error occurs.
Raises: InvalidEAError: If the effective address is invalid. NoValueError: If allow_uninitialized is False and the address contains an uninitialized value. UnsupportedValueError: If the floating-point format is not supported
Note: Only works for standard IEEE 754 32-bit and 64-bit floats. May not work on embedded systems or architectures with custom floating-point representations.
get_next_addr(ea: ea_t) -> ea_t | None
Gets the next valid address after the specified address.
Args: ea: The effective address.
Returns: Next valid address or None.
Raises: InvalidEAError: If the effective address is invalid.
get_next_head(
ea: ea_t, max_ea: ea_t = None
) -> Optional[ea_t]
Gets the next head (start of data item) after the specified address.
Args: ea: The effective address. max_ea: Maximum address to search.
Returns: Address of next head, or None if not found.
Raises: InvalidEAError: If the effective address is invalid.
get_original_byte_at(ea: ea_t) -> int | None
Get original byte value (that was before patching).
Args: ea: The effective address.
Returns: The original byte value, or None if an error occurs.
Raises: InvalidEAError: If the effective address is invalid.
get_original_bytes_at(ea: ea_t, size: int) -> bytes | None
Gets the original bytes before any patches by reading individual bytes.
Args: ea: The effective address. size: Number of bytes to read.
Returns: The original bytes or None in case of error.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If size is not positive.
get_original_dword_at(ea: ea_t) -> int | None
Get original dword value (that was before patching).
Args: ea: The effective address.
Returns: The original dword value, or None if an error occurs.
Raises: InvalidEAError: If the effective address is invalid.
get_original_qword_at(ea: ea_t) -> int | None
Get original qword value (that was before patching).
Args: ea: The effective address.
Returns: The original qword value, or None if an error occurs.
Raises: InvalidEAError: If the effective address is invalid.
get_original_word_at(ea: ea_t) -> int | None
Get original word value (that was before patching).
Args: ea: The effective address.
Returns: The original word value, or None if an error occurs.
Raises: InvalidEAError: If the effective address is invalid.
get_prev_addr(ea: ea_t) -> ea_t | None
Gets the previous valid address before the specified address.
Args: ea: The effective address.
Returns: Previous valid address.
Raises: InvalidEAError: If the effective address is invalid.
get_prev_head(
ea: ea_t, min_ea: ea_t = None
) -> Optional[ea_t]
Gets the previous head (start of data item) before the specified address.
Args: ea: The effective address. min_ea: Minimum address to search.
Returns: Address of previous head, or None if not found.
Raises: InvalidEAError: If the effective address is invalid.
get_qword_at(
ea: ea_t, allow_uninitialized: bool = False
) -> int
Retrieves a quad word (64 bits/8 bytes) at the specified address.
Args: ea: The effective address. allow_uninitialized: If True, allows reading addresses with uninitialized values.
Returns: The qword value.
Raises: InvalidEAError: If the effective address is invalid. NoValueError: If allow_uninitialized is False and the address contains an uninitialized value.
get_string_at(
ea: ea_t, max_length: Optional[int] = None
) -> str | None
Gets a string from the specified address.
Args: ea: The effective address. max_length: Maximum string length to read.
Returns: The string if it was successfully extracted or None in case of error
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If max_length is specified but not positive.
get_word_at(
ea: ea_t, allow_uninitialized: bool = False
) -> int
Retrieves a word (16 bits/2 bytes) at the specified address.
Args: ea: The effective address. allow_uninitialized: If True, allows reading addresses with uninitialized values.
Returns: The word value.
Raises: InvalidEAError: If the effective address is invalid. NoValueError: If allow_uninitialized is False and the address contains an uninitialized value.
has_any_flags_at(ea: ea_t, flag_mask: ByteFlags) -> bool
Checks if any of the specified flags are set at the given address.
Args: ea: The effective address. flag_mask: ByteFlags enum value(s) to check.
Returns: True if any of the specified flags are set, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
has_user_name_at(ea: ea_t) -> bool
Checks if the address has a user-defined name.
Args: ea: The effective address.
Returns: True if has user name, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_alignment_at(ea: ea_t) -> bool
Checks if the address contains an alignment directive.
Args: ea: The effective address.
Returns: True if alignment type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_byte_at(ea: ea_t) -> bool
Checks if the address contains a byte data type.
Args: ea: The effective address.
Returns: True if byte type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_code_at(ea: ea_t) -> bool
Checks if the address contains code.
Args: ea: The effective address.
Returns: True if code, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_data_at(ea: ea_t) -> bool
Checks if the address contains data.
Args: ea: The effective address.
Returns: True if data, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_double_at(ea: ea_t) -> bool
Checks if the address contains a double data type.
Args: ea: The effective address.
Returns: True if double type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_dword_at(ea: ea_t) -> bool
Checks if the address contains a dword data type.
Args: ea: The effective address.
Returns: True if dword type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_float_at(ea: ea_t) -> bool
Checks if the address contains a float data type.
Args: ea: The effective address.
Returns: True if float type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_flowed_at(ea: ea_t) -> bool
Does the previous instruction exist and pass execution flow to the current byte?
Args: ea: The effective address.
Returns: True if flow, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_forced_operand_at(ea: ea_t, n: int) -> bool
Is operand manually defined?
Args: ea: The effective address. n: Operand number (0-based).
Returns: True if operand is forced, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If operand number is negative.
is_head_at(ea: ea_t) -> bool
Checks if the address is the start of a data item.
Args: ea: The effective address.
Returns: True if head, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_manual_insn_at(ea: ea_t) -> bool
Is the instruction overridden?
Args: ea: The effective address.
Returns: True if instruction is manually overridden, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_not_tail_at(ea: ea_t) -> bool
Checks if the address is not a tail byte.
Args: ea: The effective address.
Returns: True if not tail, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_oword_at(ea: ea_t) -> bool
Checks if the address contains an oword data type.
Args: ea: The effective address.
Returns: True if oword type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_packed_real_at(ea: ea_t) -> bool
Checks if the address contains a packed real data type.
Args: ea: The effective address.
Returns: True if packed real type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_qword_at(ea: ea_t) -> bool
Checks if the address contains a qword data type.
Args: ea: The effective address.
Returns: True if qword type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_string_literal_at(ea: ea_t) -> bool
Checks if the address contains a string literal data type.
Args: ea: The effective address.
Returns: True if string literal type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_struct_at(ea: ea_t) -> bool
Checks if the address contains a struct data type.
Args: ea: The effective address.
Returns: True if struct type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_tail_at(ea: ea_t) -> bool
Checks if the address is part of a multi-byte data item.
Args: ea: The effective address.
Returns: True if tail, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_tbyte_at(ea: ea_t) -> bool
Checks if the address contains a tbyte data type.
Args: ea: The effective address.
Returns: True if tbyte type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_unknown_at(ea: ea_t) -> bool
Checks if the address contains unknown/undefined data.
Args: ea: The effective address.
Returns: True if unknown, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_value_initialized_at(ea: ea_t) -> bool
Check if the value at the specified address is initialized
Args: ea: The effective address.
Returns: True if byte is loaded, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_word_at(ea: ea_t) -> bool
Checks if the address contains a word data type.
Args: ea: The effective address.
Returns: True if word type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_yword_at(ea: ea_t) -> bool
Checks if the address contains a yword data type.
Args: ea: The effective address.
Returns: True if yword type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
is_zword_at(ea: ea_t) -> bool
Checks if the address contains a zword data type.
Args: ea: The effective address.
Returns: True if zword type, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
patch_byte_at(ea: ea_t, value: int) -> bool
Patch a byte of the program. The original value is saved and can be obtained by get_original_byte_at().
Args: ea: The effective address. value: Byte value to patch.
Returns: True if the database has been modified, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid byte (0-0xFF).
patch_bytes_at(ea: ea_t, data: bytes) -> None
Patch the specified number of bytes of the program. Original values are saved and available with get_original_bytes_at().
Args: ea: The effective address. data: Bytes to patch.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If data is not bytes or is empty.
patch_dword_at(ea: ea_t, value: int) -> bool
Patch a dword of the program. The original value is saved and can be obtained by get_original_dword_at().
Args: ea: The effective address. value: Dword value to patch.
Returns: True if the database has been modified, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid dword (0-0xFFFFFFFF).
patch_qword_at(ea: ea_t, value: int) -> bool
Patch a qword of the program. The original value is saved and can be obtained by get_original_qword_at().
Args: ea: The effective address. value: Qword value to patch.
Returns: True if the database has been modified, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid qword (0-0xFFFFFFFFFFFFFFFF).
patch_word_at(ea: ea_t, value: int) -> bool
Patch a word of the program. The original value is saved and can be obtained by get_original_word_at().
Args: ea: The effective address. value: Word value to patch.
Returns: True if the database has been modified, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid word (0-0xFFFF).
revert_byte_at(ea: ea_t) -> bool
Revert patched byte to its original value.
Args: ea: The effective address.
Returns: True if byte was patched before and reverted now, False otherwise.
Raises: InvalidEAError: If the effective address is invalid.
set_byte_at(ea: ea_t, value: int) -> bool
Sets a byte value at the specified address.
Args: ea: The effective address. value: Byte value to set.
Returns: True if successful, False otherwise.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid byte (0-0xFF).
set_bytes_at(ea: ea_t, data: bytes) -> None
Sets a sequence of bytes at the specified address.
Args: ea: The effective address. data: Bytes to write.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If data is not bytes or is empty.
set_dword_at(ea: ea_t, value: int) -> None
Sets a double word (4 bytes) value at the specified address.
Args: ea: The effective address. value: Double word value to set.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid dword (0-0xFFFFFFFF).
set_qword_at(ea: ea_t, value: int) -> None
Sets a quad word (8 bytes) value at the specified address.
Args: ea: The effective address. value: Quad word value to set.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid qword (0-0xFFFFFFFFFFFFFFFF).
set_word_at(ea: ea_t, value: int) -> None
Sets a word (2 bytes) value at the specified address.
Args: ea: The effective address. value: Word value to set.
Raises: InvalidEAError: If the effective address is invalid. InvalidParameterError: If value is not a valid word (0-0xFFFF).
NoValueError(ea: ea_t)
Bases: ValueError
Raised when a read operation is attempted on an uninitialized address.
Bases: IntFlag
Search flags for text and pattern searching.
Attributes:
-
BRK–Return BADADDR if the search was cancelled.
-
CASE–Case-sensitive search (case-insensitive otherwise)
-
DOWN–Search towards higher addresses
-
IDENT–Search for an identifier (text search). It means that the
-
NOBRK–Don't test if the user interrupted the search
-
NOSHOW–Don't display the search progress/refresh screen
-
REGEX–Regular expressions in search string
-
UP–Search towards lower addresses
class-attribute
instance-attribute
BRK = SEARCH_BRK
Return BADADDR if the search was cancelled.
class-attribute
instance-attribute
CASE = SEARCH_CASE
Case-sensitive search (case-insensitive otherwise)
class-attribute
instance-attribute
DOWN = SEARCH_DOWN
Search towards higher addresses
class-attribute
instance-attribute
IDENT = SEARCH_IDENT
Search for an identifier (text search). It means that the characters before and after the match cannot be is_visible_char().
class-attribute
instance-attribute
NOBRK = SEARCH_NOBRK
Don't test if the user interrupted the search
class-attribute
instance-attribute
NOSHOW = SEARCH_NOSHOW
Don't display the search progress/refresh screen
class-attribute
instance-attribute
REGEX = SEARCH_REGEX
Regular expressions in search string
class-attribute
instance-attribute
UP = SEARCH_UP
Search towards lower addresses
Bases: IntEnum
String type constants for string operations.
Attributes:
-
C–C-style string.
-
C16–Zero-terminated 32bit chars.
-
C32–Zero-terminated 32bit chars.
-
PASCAL–Pascal-style, one-byte length prefix.
-
PASCAL_16–Pascal-style, two-byte length prefix.
-
PASCAL_32–Pascal-style, four-byte length prefix.
class-attribute
instance-attribute
C = STRTYPE_C
C-style string.
class-attribute
instance-attribute
C16 = STRTYPE_C_16
Zero-terminated 32bit chars.
class-attribute
instance-attribute
C32 = STRTYPE_C_32
Zero-terminated 32bit chars.
class-attribute
instance-attribute
PASCAL = STRTYPE_PASCAL
Pascal-style, one-byte length prefix.
class-attribute
instance-attribute
PASCAL_16 = STRTYPE_PASCAL_16
Pascal-style, two-byte length prefix.
class-attribute
instance-attribute
PASCAL_32 = STRTYPE_PASCAL_32
Pascal-style, four-byte length prefix.
UnsupportedValueError(message: str)
Bases: ValueError
Raised when a read operation is attempted on a value which has an unsupported format.