function module

binaryninja.function.AdvancedFunctionAnalysisDataRequestor([func])
binaryninja.function.ConstantReference(val, ...)
binaryninja.function.DisassemblySettings([...])
binaryninja.function.DisassemblyTextLine(...)
binaryninja.function.Function(view, handle)
binaryninja.function.FunctionGraph(view, handle)
binaryninja.function.FunctionGraphBlock(handle)
binaryninja.function.FunctionGraphEdge(...)
binaryninja.function.IndirectBranchInfo(...)
binaryninja.function.InstructionBranch(...)
binaryninja.function.InstructionInfo()
binaryninja.function.InstructionTextToken(...) class InstructionTextToken is used to tell the core about the various components in the disassembly views.
binaryninja.function.LookupTableEntry(...)
binaryninja.function.PossibleValueSet(arch, ...)
binaryninja.function.RegisterInfo(...[, ...])
binaryninja.function.RegisterValue(arch, value)
binaryninja.function.StackVariableReference(...)
binaryninja.function.ValueRange(start, end, step)
binaryninja.function.Variable(func, ...[, ...])
class binaryninja.function.AdvancedFunctionAnalysisDataRequestor(func=None)[source]

Bases: object

close()[source]
function
class binaryninja.function.ConstantReference(val, size, ptr, intermediate)[source]

Bases: object

class binaryninja.function.DisassemblySettings(handle=None)[source]

Bases: object

is_option_set(option)[source]
max_symbol_width
set_option(option, state=True)[source]
width
class binaryninja.function.DisassemblyTextLine(addr, tokens)[source]

Bases: object

class binaryninja.function.Function(view, handle)[source]

Bases: object

analysis_performance_info
apply_auto_discovered_type(func_type)[source]
apply_imported_types(sym)[source]
arch

Function architecture (read-only)

auto

Whether function was automatically discovered (read-only)

basic_blocks

List of basic blocks (read-only)

can_return

Whether function can return (read-only)

comments

Dict of comments (read-only)

create_auto_stack_var(offset, var_type, name)[source]
create_auto_var(var, var_type, name, ignore_disjoint_uses=False)[source]
create_graph()[source]
create_user_stack_var(offset, var_type, name)[source]
create_user_var(var, var_type, name, ignore_disjoint_uses=False)[source]
delete_auto_stack_var(offset)[source]
delete_auto_var(var)[source]
delete_user_stack_var(offset)[source]
delete_user_var(var)[source]
explicitly_defined_type

Whether function has explicitly defined types (read-only)

function_type

Function type object

get_basic_block_at(addr, arch=None)[source]

get_basic_block_at returns the BasicBlock of the optionally specified Architecture arch at the given address addr.

Parameters:
  • addr (int) – Address of the BasicBlock to retrieve.
  • arch (Architecture) – (optional) Architecture of the basic block if different from the Function’s self.arch
Example:
>>> current_function.get_basic_block_at(current_function.start)
<block: [email protected]>
get_block_annotations(addr, arch=None)[source]
get_comment_at(addr)[source]
get_constants_referenced_by(addr, arch=None)[source]
get_flags_read_by_lifted_il_instruction(i)[source]
get_flags_written_by_lifted_il_instruction(i)[source]
get_indirect_branches_at(addr, arch=None)[source]
get_instr_highlight(addr, arch=None)[source]
Example:
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
>>> current_function.get_instr_highlight(here)
<color: #ff00ff>
get_int_display_type(instr_addr, value, operand, arch=None)[source]
get_lifted_il_at(addr, arch=None)[source]
get_lifted_il_flag_definitions_for_use(i, flag)[source]
get_lifted_il_flag_uses_for_definition(i, flag)[source]
get_low_level_il_at(addr, arch=None)[source]

get_low_level_il_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters:
  • addr (int) – virtual address of the function to be queried
  • arch (Architecture) – (optional) Architecture for the given function
Return type:

LowLevelILInstruction

Example:
>>> func = bv.functions[0]
>>> func.get_low_level_il_at(func.start)
<il: push(rbp)>
get_low_level_il_exits_at(addr, arch=None)[source]
get_parameter_at(addr, func_type, i, arch=None)[source]
get_parameter_at_low_level_il_instruction(instr, func_type, i)[source]
get_reg_value_after(addr, reg, arch=None)[source]

get_reg_value_after gets the value instruction address corresponding to the given virtual address

Parameters:
  • addr (int) – virtual address of the instruction to query
  • reg (str) – string value of native register to query
  • arch (Architecture) – (optional) Architecture for the given function
Return type:

function.RegisterValue

Example:
>>> func.get_reg_value_after(0x400dbe, 'rdi')
<undetermined>
get_reg_value_at(addr, reg, arch=None)[source]

get_reg_value_at gets the value the provided string register address corresponding to the given virtual address

Parameters:
  • addr (int) – virtual address of the instruction to query
  • reg (str) – string value of native register to query
  • arch (Architecture) – (optional) Architecture for the given function
Return type:

function.RegisterValue

Example:
>>> func.get_reg_value_at(0x400dbe, 'rdi')
<const 0x2>
get_regs_read_by(addr, arch=None)[source]
get_regs_written_by(addr, arch=None)[source]
get_stack_contents_after(addr, offset, size, arch=None)[source]
get_stack_contents_at(addr, offset, size, arch=None)[source]

get_stack_contents_at returns the RegisterValue for the item on the stack in the current function at the given virtual address addr, stack offset offset and size of size. Optionally specifying the architecture.

Parameters:
  • addr (int) – virtual address of the instruction to query
  • offset (int) – stack offset base of stack
  • size (int) – size of memory to query
  • arch (Architecture) – (optional) Architecture for the given function
Return type:

function.RegisterValue

Note

Stack base is zero on entry into the function unless the architecture places the return address on the

stack as in (x86/x86_64) where the stack base will start at address_size

Example:
>>> func.get_stack_contents_at(0x400fad, -16, 4)
<range: 0x8 to 0xffffffff>
get_stack_var_at_frame_offset(offset, addr, arch=None)[source]
get_stack_vars_referenced_by(addr, arch=None)[source]
indirect_branches

List of indirect branches (read-only)

lifted_il

returns LowLevelILFunction used to represent lifted IL (read-only)

low_level_il

returns LowLevelILFunction used to represent Function low level IL (read-only)

mark_recent_use()[source]
medium_level_il

Function medium level IL (read-only)

name

Symbol name for the function

needs_update

Whether the function has analysis that needs to be updated (read-only)

platform

Function platform (read-only)

reanalyze()[source]

reanalyze causes this functions to be reanalyzed. This function does not wait for the analysis to finish.

Return type:None
release_advanced_analysis_data()[source]
request_advanced_analysis_data()[source]
session_data

Dictionary object where plugins can store arbitrary data associated with the function

set_auto_indirect_branches(source, branches, source_arch=None)[source]
set_auto_instr_highlight(addr, color, arch=None)[source]

set_auto_instr_highlight highlights the instruction at the specified address with the supplied color

.warning:: Use only in analysis plugins. Do not use in regular plugins, as colors won’t be saved to the database.

Parameters:
  • addr (int) – virtual address of the instruction to be highlighted
  • or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting
  • arch (Architecture) – (optional) Architecture of the instruction if different from self.arch
set_auto_type(value)[source]
set_comment(addr, comment)[source]
classmethod set_default_session_data(name, value)[source]
set_int_display_type(instr_addr, value, operand, display_type, arch=None)[source]
Parameters:
set_user_indirect_branches(source, branches, source_arch=None)[source]
set_user_instr_highlight(addr, color, arch=None)[source]

set_user_instr_highlight highlights the instruction at the specified address with the supplied color

Parameters:
  • addr (int) – virtual address of the instruction to be highlighted
  • or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting
  • arch (Architecture) – (optional) Architecture of the instruction if different from self.arch
Example:
>>> current_function.set_user_instr_highlight(here, HighlightStandardColor.BlueHighlightColor)
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
set_user_type(value)[source]
stack_layout

List of function stack variables (read-only)

start

Function start (read-only)

symbol

Function symbol(read-only)

vars

List of function variables (read-only)

view

Function view (read-only)

class binaryninja.function.FunctionGraph(view, handle)[source]

Bases: object

abort()[source]
blocks

List of basic blocks in function (read-only)

complete

Whether function graph layout is complete (read-only)

function

Function for a function graph (read-only)

get_blocks_in_region(left, top, right, bottom)[source]
height

Function graph height (read-only)

horizontal_block_margin
is_option_set(option)[source]
layout(graph_type=<FunctionGraphType.NormalFunctionGraph: 0>)[source]
layout_and_wait(graph_type=<FunctionGraphType.NormalFunctionGraph: 0>)[source]
on_complete(callback)[source]
set_option(option, state=True)[source]
settings
type

Function graph type (read-only)

vertical_block_margin
width

Function graph width (read-only)

class binaryninja.function.FunctionGraphBlock(handle)[source]

Bases: object

arch

Function graph block architecture (read-only)

basic_block

Basic block associated with this part of the function graph (read-only)

end

Function graph block end (read-only)

height

Function graph block height (read-only)

lines

Function graph block list of lines (read-only)

outgoing_edges

Function graph block list of outgoing edges (read-only)

start

Function graph block start (read-only)

width

Function graph block width (read-only)

x

Function graph block X (read-only)

y

Function graph block Y (read-only)

class binaryninja.function.FunctionGraphEdge(branch_type, source, target, points)[source]

Bases: object

back_edge

Whether the edge is a back edge (end of a loop)

class binaryninja.function.IndirectBranchInfo(source_arch, source_addr, dest_arch, dest_addr, auto_defined)[source]

Bases: object

class binaryninja.function.InstructionBranch(branch_type, target=0, arch=None)[source]

Bases: object

class binaryninja.function.InstructionInfo[source]

Bases: object

add_branch(branch_type, target=0, arch=None)[source]
class binaryninja.function.InstructionTextToken(token_type, text, value=0, size=0, operand=4294967295, context=<InstructionTextTokenContext.NoTokenContext: 0>, address=0)[source]

Bases: object

class InstructionTextToken is used to tell the core about the various components in the disassembly views.

InstructionTextTokenType Description
TextToken Text that doesn’t fit into the other tokens
InstructionToken The instruction mnemonic
OperandSeparatorToken The comma or whatever else separates tokens
RegisterToken Registers
IntegerToken Integers
PossibleAddressToken Integers that are likely addresses
BeginMemoryOperandToken The start of memory operand
EndMemoryOperandToken The end of a memory operand
FloatingPointToken Floating point number
AnnotationToken For internal use only
CodeRelativeAddressToken For internal use only
StackVariableTypeToken For internal use only
DataVariableTypeToken For internal use only
FunctionReturnTypeToken For internal use only
FunctionAttributeToken For internal use only
ArgumentTypeToken For internal use only
ArgumentNameToken For internal use only
HexDumpByteValueToken For internal use only
HexDumpSkippedByteToken For internal use only
HexDumpInvalidByteToken For internal use only
HexDumpTextToken For internal use only
OpcodeToken For internal use only
StringToken For internal use only
CharacterConstantToken For internal use only
CodeSymbolToken For internal use only
DataSymbolToken For internal use only
StackVariableToken For internal use only
ImportToken For internal use only
AddressDisplayToken For internal use only
class binaryninja.function.LookupTableEntry(from_values, to_value)[source]

Bases: object

class binaryninja.function.PossibleValueSet(arch, value)[source]

Bases: object

class binaryninja.function.RegisterInfo(full_width_reg, size, offset=0, extend=<ImplicitRegisterExtend.NoExtend: 0>, index=None)[source]

Bases: object

class binaryninja.function.RegisterValue(arch, value)[source]

Bases: object

class binaryninja.function.StackVariableReference(src_operand, t, name, var, ref_ofs)[source]

Bases: object

class binaryninja.function.ValueRange(start, end, step)[source]

Bases: object

class binaryninja.function.Variable(func, source_type, index, storage, name=None, var_type=None)[source]

Bases: object

classmethod from_identifier(func, identifier, name=None, var_type=None)[source]