Database
Classes:
-
Database–Provides access and control over the loaded IDA database.
Database()
Provides access and control over the loaded IDA database.
Can be used as a context manager for automatic resource cleanup:
Example:
# Open and automatically close a database
with Database() as db:
if db.open("path/to/file.exe", save_on_close=True):
# Work with the database
print(f"Loaded: {db.path}")
# Database is automatically closed here
# Or use without context manager
db = Database()
if db.open("path/to/file.exe", save_on_close=True):
# Work with database
db.close() # Uses save_on_close=True automatically
Constructs a new interface to the IDA database.
Note: When running inside IDA, this refers to the currently open database. Use open() to load a new database when using IDA as a library.
Classes:
-
IdaCommandBuilder–Builder class for constructing IDA command line arguments.
Methods:
-
close–Closes the currently open database.
-
is_open–Checks if the database is loaded.
-
open–Opens a database from the specified file path.
Attributes:
-
architecture(Optional[str]) –The processor architecture.
-
base_address(Optional[ea_t]) –The image base address of this database.
-
basic_blocks(BasicBlocks) –Handler that provides access to basic block-related operations.
-
bitness(Optional[int]) –The application bitness (32/64).
-
bytes(Bytes) –Handler that provides access to byte-level memory operations.
-
comments(Comments) –Handler that provides access to user comment-related operations.
-
crc32(Optional[int]) –The CRC32 checksum of the input file.
-
current_ea(ea_t) –The current effective address (equivalent to the "screen EA" in IDA GUI).
-
entries(Entries) –Handler that provides access to entries operations.
-
events(Events) –Handler that provides access to event related operations.
-
filesize(Optional[int]) –The input file size.
-
format(Optional[str]) –The file format type.
-
functions(Functions) –Handler that provides access to function-related operations.
-
heads(Heads) –Handler that provides access to user heads operations.
-
instructions(Instructions) –Handler that provides access to instruction-related operations.
-
load_time(Optional[str]) –The database load time.
-
maximum_ea(ea_t) –The maximum effective address from this database.
-
md5(Optional[str]) –The MD5 hash of the input file.
-
metadata(Dict[str, str]) –Map of key-value metadata about the current database.
-
minimum_ea(ea_t) –The minimum effective address from this database.
-
module(Optional[str]) –The module name.
-
names(Names) –Handler that provides access to name-related operations.
-
path(Optional[str]) –The input file path.
-
save_on_close– -
segments(Segments) –Handler that provides access to memory segment-related operations.
-
sha256(Optional[str]) –The SHA256 hash of the input file.
-
signature_files(SignatureFiles) –Handler that provides access to signature file operations.
-
strings(Strings) –Handler that provides access to string-related operations.
-
types(Types) –Handler that provides access to type-related operations.
-
xrefs(Xrefs) –Handler that provides access to cross-reference (xref) operations.
property
architecture: Optional[str]
The processor architecture.
property
base_address: Optional[ea_t]
The image base address of this database.
property
basic_blocks: BasicBlocks
Handler that provides access to basic block-related operations.
property
bitness: Optional[int]
The application bitness (32/64).
property
comments: Comments
Handler that provides access to user comment-related operations.
property
crc32: Optional[int]
The CRC32 checksum of the input file.
property
writable
current_ea: ea_t
The current effective address (equivalent to the "screen EA" in IDA GUI).
property
filesize: Optional[int]
The input file size.
property
format: Optional[str]
The file format type.
property
functions: Functions
Handler that provides access to function-related operations.
property
instructions: Instructions
Handler that provides access to instruction-related operations.
property
load_time: Optional[str]
The database load time.
property
maximum_ea: ea_t
The maximum effective address from this database.
property
md5: Optional[str]
The MD5 hash of the input file.
property
metadata: Dict[str, str]
Map of key-value metadata about the current database. Dynamically built from all metadata properties.
property
minimum_ea: ea_t
The minimum effective address from this database.
property
module: Optional[str]
The module name.
property
path: Optional[str]
The input file path.
instance-attribute
save_on_close = False
property
segments: Segments
Handler that provides access to memory segment-related operations.
property
sha256: Optional[str]
The SHA256 hash of the input file.
property
signature_files: SignatureFiles
Handler that provides access to signature file operations.
IdaCommandBuilder()
Builder class for constructing IDA command line arguments.
This class provides an interface to build IDA command line arguments for passing them in the database open call.
Usage: builder = Database.IdaCommandBuilder() builder.auto_analysis(False).autonomous(True).set_loading_address(0x400000) args = builder.build_args()
Initialize the command builder with default values.
Methods:
-
add_first_pass_directive–Add a configuration directive for the first pass (-d switch).
-
add_second_pass_directive–Add a configuration directive for the second pass (-D switch).
-
auto_analysis–Control automatic analysis (-a switch).
-
build_args–Build the complete command line arguments string.
-
compress_database–Compress database to create zipped idb (-P+ switch).
-
disable_fpp_instructions–Disable FPP (Floating Point Processor) instructions (-f switch).
-
disable_mouse–Disable mouse support (-M switch).
-
empty_database–Create an empty database (-t switch).
-
load_resources–Load MS Windows exe file resources (-R switch).
-
new_database–Disassemble a new file by deleting the old database (-c switch).
-
no_pack_database–Do not pack database (-P- switch).
-
no_segmentation–Do not create segmentation (-x switch).
-
pack_database–Pack database to create unzipped idb (-P switch).
-
run_debugger–Immediately run the built-in debugger (-r### switch).
-
run_script–Execute a script file when the database is opened (-S### switch).
-
set_compiler–Set compiler in format name:abi (-C#### switch).
-
set_debug_flags–Set debug flags (-z switch).
-
set_entry_point–Set the program entry point (-i#### switch).
-
set_file_type–Interpret the input file as the specified file type (-T### switch).
-
set_jit_debugger–Set IDA as just-in-time debugger (-I# switch).
-
set_loading_address–Set the loading address (-b#### switch).
-
set_log_file–Set the name of the log file (-L#### switch).
-
set_output_database–Specify the output database path (-o#### switch).
-
set_plugin_options–Set options to pass to plugins (-O#### switch).
-
set_processor–Set the processor type (-p#### switch).
-
set_windows_directory–Specify MS Windows directory (-W### switch).
Attributes:
-
auto_analysis_enabled(bool) –Check if auto analysis is enabled.
property
auto_analysis_enabled: bool
Check if auto analysis is enabled.
Returns: True if auto analysis is enabled, False otherwise.
add_first_pass_directive(directive: str)
Add a configuration directive for the first pass (-d switch).
Configuration directives are processed at the first pass. Example: "VPAGESIZE=8192"
Args: directive: Configuration directive string.
Returns: Self for method chaining.
add_second_pass_directive(directive: str)
Add a configuration directive for the second pass (-D switch).
Configuration directives are processed at the second pass.
Args: directive: Configuration directive string.
Returns: Self for method chaining.
auto_analysis(enabled=True)
Control automatic analysis (-a switch).
Args: enabled: If False, disables auto analysis (-a). If True, enables auto analysis (-a-).
Returns: Self for method chaining.
build_args()
Build the complete command line arguments string.
Constructs the command line arguments based on all the configured options. This method processes all the settings and generates the appropriate IDA command line switches.
Returns: String containing all command line arguments separated by spaces.
compress_database()
Compress database to create zipped idb (-P+ switch).
Returns: Self for method chaining.
disable_fpp_instructions(disabled=True)
Disable FPP (Floating Point Processor) instructions (-f switch).
This option is specific to IBM PC only.
Args: disabled: True to disable FPP instructions.
Returns: Self for method chaining.
disable_mouse(disabled=True)
Disable mouse support (-M switch).
This option is for text mode only.
Args: disabled: True to disable mouse support.
Returns: Self for method chaining.
empty_database(enabled=True)
Create an empty database (-t switch).
Args: enabled: True to create an empty database.
Returns: Self for method chaining.
load_resources(enabled=True)
Load MS Windows exe file resources (-R switch).
Args: enabled: True to load Windows resources.
Returns: Self for method chaining.
new_database(enabled=True)
Disassemble a new file by deleting the old database (-c switch).
Args: enabled: True to create a new database, deleting any existing one.
Returns: Self for method chaining.
no_pack_database()
Do not pack database (-P- switch).
Note: This is not recommended. See Abort command documentation.
Returns: Self for method chaining.
no_segmentation(enabled=True)
Do not create segmentation (-x switch).
Used in pair with Dump database command. This switch affects EXE and COM format files only.
Args: enabled: True to disable segmentation.
Returns: Self for method chaining.
pack_database()
Pack database to create unzipped idb (-P switch).
Returns: Self for method chaining.
run_debugger(options: str = '')
Immediately run the built-in debugger (-r### switch).
Args: options: Debugger options string.
Returns: Self for method chaining.
run_script(script_file: str, args: List[str] = [])
Execute a script file when the database is opened (-S### switch).
The script file extension determines which extlang will run the script. Command line arguments can be passed after the script name.
The passed parameters are stored in the "ARGV" global IDC variable: - Use "ARGV.count" to determine the number of arguments - The first argument "ARGV[0]" contains the script name
Note: This switch is not available in the IDA Home edition.
Args: script_file: Path to the script file. args: List of command line arguments to pass to the script.
Returns: Self for method chaining.
set_compiler(name: str, abi: str = '')
Set compiler in format name:abi (-C#### switch).
Args: name: Compiler name. abi: Application Binary Interface (optional).
Returns: Self for method chaining.
set_debug_flags(flags)
Set debug flags (-z switch).
Debug flags can be specified as an integer or list of flag names.
Available debug flags: - drefs (0x00000001): Data references - offsets (0x00000002): Offsets - flirt (0x00000004): FLIRT signatures - idp (0x00000008): IDP module - ldr (0x00000010): Loader module - plugin (0x00000020): Plugin module - ids (0x00000040): IDS files - config (0x00000080): Config file - heap (0x00000100): Check heap - licensing (0x00000200): Licensing - demangler (0x00000400): Demangler - queue (0x00000800): Queue - rollback (0x00001000): Rollback - already_data_or_code (0x00002000): Already data or code - type_system (0x00004000): Type system - notifications (0x00008000): Show all notifications - debugger (0x00010000): Debugger - debugger_appcall (0x00020000): Debugger appcall - source_debugger (0x00040000): Source-level debugger - accessibility (0x00080000): Accessibility - network (0x00100000): Network - stack_analysis (0x00200000): Full stack analysis (simplex method) - debug_info (0x00400000): Handling of debug info (e.g. pdb, dwarf) - lumina (0x00800000): Lumina
Args: flags: Integer value or list of flag names.
Returns: Self for method chaining.
set_entry_point(address: int)
Set the program entry point (-i#### switch).
Args: address: Entry point address as hexadecimal number.
Returns: Self for method chaining.
set_file_type(file_type: str, member: str = '')
Interpret the input file as the specified file type (-T### switch).
The file type is specified as a prefix of a file type visible in the 'load file' dialog box. IDA does not display the 'load file' dialog when this option is used.
To specify archive member, put it after the colon character.
You can specify nested paths: -T
Examples: - set_file_type("ZIP", "classes.dex") -> -TZIP:classes.dex
Args: file_type: File type prefix. member: Archive member name (optional).
Returns: Self for method chaining.
set_jit_debugger(enabled=True)
Set IDA as just-in-time debugger (-I# switch).
Args: enabled: True to enable (1), False to disable (0).
Returns: Self for method chaining.
set_loading_address(address: int)
Set the loading address (-b#### switch).
Args: address: Loading address as a hexadecimal number, in paragraphs. A paragraph is 16 bytes.
Returns: Self for method chaining.
set_log_file(filename: str)
Set the name of the log file (-L#### switch).
Args: filename: Path to the log file.
Returns: Self for method chaining.
set_output_database(path: str)
Specify the output database path (-o#### switch).
This automatically implies creating a new database (-c).
Args: path: Path to the output database file.
Returns: Self for method chaining.
set_plugin_options(options: str)
Set options to pass to plugins (-O#### switch).
Note: This switch is not available in the IDA Home edition.
Args: options: Options string to pass to plugins.
Returns: Self for method chaining.
set_processor(processor_type: str)
Set the processor type (-p#### switch).
Args: processor_type: Processor type identifier.
Returns: Self for method chaining.
set_windows_directory(directory: str)
Specify MS Windows directory (-W### switch).
Args: directory: Path to Windows directory.
Returns: Self for method chaining.
close(save: Optional[bool] = None) -> None
Closes the currently open database.
Args: save: If provided, saves/discards changes accordingly. If None, uses the save_on_close setting from open().
Note: This function is available only when running IDA as a library. When running inside the IDA GUI, we have no control on the database lifecycle.
is_open() -> bool
Checks if the database is loaded.
Returns: True if a database is open, false otherwise.
open(
db_path: str,
db_args: Optional['Database.IdaCommandBuilder'] = None,
save_on_close=False,
) -> bool
Opens a database from the specified file path.
Args: db_path: Path to the input file. db_args: Command builder responsible for passing arguments to IDA kernel. save_on_close: Default behavior for saving changes on close. Used automatically when exiting context manager, but can be overridden in explicit close() calls.
Returns: True if the database was successfully opened, false otherwise.
Note: This function is available only when running IDA as a library. When running inside the IDA GUI, simply construct a Database() instance to refer to the currently open database. Use is_open() to check if a database is loaded.