function module

binaryninja.function.AdvancedFunctionAnalysisDataRequestor([func])

binaryninja.function.ConstantReference(val, …)

binaryninja.function.DisassemblySettings([…])

binaryninja.function.DisassemblyTextLine(tokens)

binaryninja.function.DisassemblyTextRenderer([…])

binaryninja.function.Function([view, handle])

binaryninja.function.IndirectBranchInfo(…)

binaryninja.function.InstructionBranch(…)

binaryninja.function.InstructionInfo()

binaryninja.function.InstructionTextToken(…)

class InstructionTextToken is used to tell the core about the various components in the disassembly views.

binaryninja.function.IntrinsicInfo(inputs, …)

binaryninja.function.IntrinsicInput(type_obj)

binaryninja.function.LookupTableEntry(…)

binaryninja.function.ParameterVariables(var_list)

binaryninja.function.PossibleValueSet(arch, …)

binaryninja.function.RegisterInfo(…[, …])

binaryninja.function.RegisterStackInfo(…)

binaryninja.function.RegisterValue([arch, …])

binaryninja.function.StackVariableReference(…)

binaryninja.function.ValueRange(start, end, step)

binaryninja.function.Variable(func, …[, …])

binaryninja.function.range(*args)

A Python2 and Python3 Compatible Range Generator

class AdvancedFunctionAnalysisDataRequestor(func=None)[source]

Bases: object

close()[source]
function
class ConstantReference(val, size, ptr, intermediate)[source]

Bases: object

intermediate
pointer
size
value
class DisassemblySettings(handle=None)[source]

Bases: object

is_option_set(option)[source]
set_option(option, state=True)[source]
max_symbol_width
width
class DisassemblyTextLine(tokens, address=None, il_instr=None, color=None)[source]

Bases: object

class DisassemblyTextRenderer(func=None, settings=None, handle=None)[source]

Bases: object

add_integer_token(tokens, int_token, addr, arch=None)[source]
add_stack_var_reference_tokens(tokens, ref)[source]
add_symbol_token(tokens, addr, size, operand=None)[source]
get_disassembly_text(addr)[source]
get_instruction_annotations(addr)[source]
get_instruction_text(addr)[source]
classmethod is_integer_token(token)[source]
reset_deduplicated_comments()[source]
wrap_comment(lines, cur_line, comment, has_auto_annotations, leading_spaces=' ')[source]
arch
basic_block
function
has_data_flow
il
il_function
settings
class Function(view=None, handle=None)[source]

Bases: object

apply_auto_discovered_type(func_type)[source]
apply_imported_types(sym)[source]
create_auto_stack_var(offset, var_type, name)[source]
create_auto_var(var, var_type, name, ignore_disjoint_uses=False)[source]
create_graph(graph_type=<FunctionGraphType.NormalFunctionGraph: 0>, settings=None)[source]
create_user_stack_var(offset, var_type, name)[source]
create_user_var(var, var_type, name, ignore_disjoint_uses=False)[source]
delete_auto_stack_var(offset)[source]
delete_auto_var(var)[source]
delete_user_stack_var(offset)[source]
delete_user_var(var)[source]
get_basic_block_at(addr, arch=None)[source]

get_basic_block_at returns the BasicBlock of the optionally specified Architecture arch at the given address addr.

Parameters
  • addr (int) – Address of the BasicBlock to retrieve.

  • arch (Architecture) – (optional) Architecture of the basic block if different from the Function’s self.arch

Example
>>> current_function.get_basic_block_at(current_function.start)
<block: [email protected]>
get_block_annotations(addr, arch=None)[source]
get_call_reg_stack_adjustment(addr, arch=None)[source]
get_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, arch=None)[source]
get_call_stack_adjustment(addr, arch=None)[source]
get_comment_at(addr)[source]
get_constants_referenced_by(addr, arch=None)[source]
get_flags_read_by_lifted_il_instruction(i)[source]
get_flags_written_by_lifted_il_instruction(i)[source]
get_indirect_branches_at(addr, arch=None)[source]
get_instr_highlight(addr, arch=None)[source]
Example
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
>>> current_function.get_instr_highlight(here)
<color: #ff00ff>
get_int_display_type(instr_addr, value, operand, arch=None)[source]
get_lifted_il_at(addr, arch=None)[source]
get_lifted_il_flag_definitions_for_use(i, flag)[source]
get_lifted_il_flag_uses_for_definition(i, flag)[source]
get_low_level_il_at(addr, arch=None)[source]

get_low_level_il_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters
  • addr (int) – virtual address of the function to be queried

  • arch (Architecture) – (optional) Architecture for the given function

Return type

LowLevelILInstruction

Example
>>> func = bv.functions[0]
>>> func.get_low_level_il_at(func.start)
<il: push(rbp)>
get_low_level_il_exits_at(addr, arch=None)[source]
get_parameter_at(addr, func_type, i, arch=None)[source]
get_parameter_at_low_level_il_instruction(instr, func_type, i)[source]
get_reg_value_after(addr, reg, arch=None)[source]

get_reg_value_after gets the value instruction address corresponding to the given virtual address

Parameters
  • addr (int) – virtual address of the instruction to query

  • reg (str) – string value of native register to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type

binaryninja.function.RegisterValue

Example
>>> func.get_reg_value_after(0x400dbe, 'rdi')
<undetermined>
get_reg_value_at(addr, reg, arch=None)[source]

get_reg_value_at gets the value the provided string register address corresponding to the given virtual address

Parameters
  • addr (int) – virtual address of the instruction to query

  • reg (str) – string value of native register to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type

binaryninja.function.RegisterValue

Example
>>> func.get_reg_value_at(0x400dbe, 'rdi')
<const 0x2>
get_reg_value_at_exit(reg)[source]
get_regs_read_by(addr, arch=None)[source]
get_regs_written_by(addr, arch=None)[source]
get_stack_contents_after(addr, offset, size, arch=None)[source]
get_stack_contents_at(addr, offset, size, arch=None)[source]

get_stack_contents_at returns the RegisterValue for the item on the stack in the current function at the given virtual address addr, stack offset offset and size of size. Optionally specifying the architecture.

Parameters
  • addr (int) – virtual address of the instruction to query

  • offset (int) – stack offset base of stack

  • size (int) – size of memory to query

  • arch (Architecture) – (optional) Architecture for the given function

Return type

binaryninja.function.RegisterValue

Note

Stack base is zero on entry into the function unless the architecture places the return address on the

stack as in (x86/x86_64) where the stack base will start at address_size

Example
>>> func.get_stack_contents_at(0x400fad, -16, 4)
<range: 0x8 to 0xffffffff>
get_stack_var_at_frame_offset(offset, addr, arch=None)[source]
get_stack_vars_referenced_by(addr, arch=None)[source]
get_type_tokens(settings=None)[source]
is_call_instruction(addr, arch=None)[source]
mark_recent_use()[source]
reanalyze()[source]

reanalyze causes this functions to be reanalyzed. This function does not wait for the analysis to finish.

Return type

None

release_advanced_analysis_data()[source]
request_advanced_analysis_data()[source]
request_debug_report(name)[source]
set_auto_call_reg_stack_adjustment(addr, adjust, arch=None)[source]
set_auto_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, adjust, arch=None)[source]
set_auto_call_stack_adjustment(addr, adjust, arch=None)[source]
set_auto_calling_convention(value)[source]
set_auto_can_return(value)[source]
set_auto_clobbered_regs(value)[source]
set_auto_has_variable_arguments(value)[source]
set_auto_indirect_branches(source, branches, source_arch=None)[source]
set_auto_instr_highlight(addr, color, arch=None)[source]

set_auto_instr_highlight highlights the instruction at the specified address with the supplied color

..warning:: Use only in analysis plugins. Do not use in regular plugins, as colors won’t be saved to the database.

Parameters
  • addr (int) – virtual address of the instruction to be highlighted

  • or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting

  • arch (Architecture) – (optional) Architecture of the instruction if different from self.arch

set_auto_parameter_vars(value)[source]
set_auto_reg_stack_adjustments(value)[source]
set_auto_return_regs(value)[source]
set_auto_return_type(value)[source]
set_auto_stack_adjustment(value)[source]
set_auto_type(value)[source]
set_call_reg_stack_adjustment(addr, adjust, arch=None)[source]
set_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, adjust, arch=None)[source]
set_call_stack_adjustment(addr, adjust, arch=None)[source]
set_comment(addr, comment)[source]

Deprecated method provided for compatibility. Use set_comment_at instead.

set_comment_at(addr, comment)[source]

set_comment_at sets a comment for the current function at the address specified

Parameters
  • int (addr) – virtual address within the current function to apply the comment to

  • str (comment) – string comment to apply

Return type

None

Example
>>> current_function.set_comment_at(here, "hi")
classmethod set_default_session_data(name, value)[source]
set_int_display_type(instr_addr, value, operand, display_type, arch=None)[source]
Parameters
set_user_indirect_branches(source, branches, source_arch=None)[source]
set_user_instr_highlight(addr, color, arch=None)[source]

set_user_instr_highlight highlights the instruction at the specified address with the supplied color

Parameters
  • addr (int) – virtual address of the instruction to be highlighted

  • or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting

  • arch (Architecture) – (optional) Architecture of the instruction if different from self.arch

Example
>>> current_function.set_user_instr_highlight(here, HighlightStandardColor.BlueHighlightColor)
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
set_user_type(value)[source]
analysis_performance_info
analysis_skip_override

Override for skipping of automatic analysis

analysis_skip_reason

Function analysis skip reason

analysis_skipped

Whether automatic analysis was skipped for this function

arch

Function architecture (read-only)

auto

Whether function was automatically discovered (read-only)

basic_blocks

List of basic blocks (read-only)

callee_addresses
callees
callers
calling_convention

Calling convention used by the function

can_return

Whether function can return

clobbered_regs

Registers that are modified by this function

comment

Gets the comment for the current function

comments

Dict of comments (read-only)

explicitly_defined_type

Whether function has explicitly defined types (read-only)

function_type

Function type object

global_pointer_value

Discovered value of the global pointer register, if the function uses one (read-only)

has_variable_arguments

Whether the function takes a variable number of arguments

indirect_branches

List of indirect branches (read-only)

instructions

A generator of instruction tokens and their start addresses for the current function

lifted_il

returns LowLevelILFunction used to represent lifted IL (read-only)

llil

returns LowLevelILFunction used to represent Function low level IL (read-only)

llil_basic_blocks

A generator of all LowLevelILBasicBlock objects in the current function

llil_instructions

Deprecated method provided for compatibility. Use llil.instructions instead. Was: A generator of llil instructions of the current function

low_level_il

Deprecated property provided for compatibility. Use llil instead.

medium_level_il

Deprecated property provided for compatibility. Use mlil instead.

mlil

Function medium level IL (read-only)

mlil_basic_blocks

A generator of all MediumLevelILBasicBlock objects in the current function

mlil_instructions

Deprecated method provided for compatibility. Use mlil.instructions instead. Was: A generator of mlil instructions of the current function

name

Symbol name for the function

needs_update

Whether the function has analysis that needs to be updated (read-only)

parameter_vars

List of variables for the incoming function parameters

platform

Function platform (read-only)

reg_stack_adjustments

Number of entries removed from each register stack after return

return_regs

Registers that are used for the return value

return_type

Return type of the function

session_data

Dictionary object where plugins can store arbitrary data associated with the function

stack_adjustment

Number of bytes removed from the stack after return

stack_layout

List of function stack variables (read-only)

start

Function start (read-only)

symbol

Function symbol(read-only)

too_large

Whether the function is too large to automatically perform analysis (read-only)

type_tokens

Text tokens for this function’s prototype

unresolved_stack_adjustment_graph

Flow graph of unresolved stack adjustments (read-only)

vars

List of function variables (read-only)

view

Function view (read-only)

class IndirectBranchInfo(source_arch, source_addr, dest_arch, dest_addr, auto_defined)[source]

Bases: object

class InstructionBranch(branch_type, target=0, arch=None)[source]

Bases: object

class InstructionInfo[source]

Bases: object

add_branch(branch_type, target=0, arch=None)[source]
class InstructionTextToken(token_type, text, value=0, size=0, operand=4294967295, context=<InstructionTextTokenContext.NoTokenContext: 0>, address=0, confidence=255, typeNames=[])[source]

Bases: object

class InstructionTextToken is used to tell the core about the various components in the disassembly views.

InstructionTextTokenType

Description

TextToken

Text that doesn’t fit into the other tokens

InstructionToken

The instruction mnemonic

OperandSeparatorToken

The comma or whatever else separates tokens

RegisterToken

Registers

IntegerToken

Integers

PossibleAddressToken

Integers that are likely addresses

BeginMemoryOperandToken

The start of memory operand

EndMemoryOperandToken

The end of a memory operand

FloatingPointToken

Floating point number

AnnotationToken

For internal use only

CodeRelativeAddressToken

For internal use only

StackVariableTypeToken

For internal use only

DataVariableTypeToken

For internal use only

FunctionReturnTypeToken

For internal use only

FunctionAttributeToken

For internal use only

ArgumentTypeToken

For internal use only

ArgumentNameToken

For internal use only

HexDumpByteValueToken

For internal use only

HexDumpSkippedByteToken

For internal use only

HexDumpInvalidByteToken

For internal use only

HexDumpTextToken

For internal use only

OpcodeToken

For internal use only

StringToken

For internal use only

CharacterConstantToken

For internal use only

CodeSymbolToken

For internal use only

DataSymbolToken

For internal use only

StackVariableToken

For internal use only

ImportToken

For internal use only

AddressDisplayToken

For internal use only

classmethod get_instruction_lines(tokens, count=0)[source]

Helper method for converting between core.BNInstructionTextToken and InstructionTextToken lists

class IntrinsicInfo(inputs, outputs, index=None)[source]

Bases: object

class IntrinsicInput(type_obj, name='')[source]

Bases: object

class LookupTableEntry(from_values, to_value)[source]

Bases: object

from_values
to_value
class ParameterVariables(var_list, confidence=255)[source]

Bases: object

with_confidence(confidence)[source]
class PossibleValueSet(arch, value)[source]

Bases: object

mapping
offset
ranges
reg
table
type
value
values
class RegisterInfo(full_width_reg, size, offset=0, extend=<ImplicitRegisterExtend.NoExtend: 0>, index=None)[source]

Bases: object

class RegisterStackInfo(storage_regs, top_relative_regs, stack_top_reg, index=None)[source]

Bases: object

class RegisterValue(arch=None, value=None, confidence=255)[source]

Bases: object

classmethod constant(value)[source]
classmethod constant_ptr(value)[source]
classmethod entry_value(arch, reg)[source]
classmethod imported_address(value)[source]
classmethod return_address()[source]
classmethod stack_frame_offset(offset)[source]
classmethod undetermined()[source]
arch
confidence
is_constant
offset
reg
state
type
value
class StackVariableReference(src_operand, t, name, var, ref_ofs, size)[source]

Bases: object

name
referenced_offset
size
source_operand
type
var
class ValueRange(start, end, step)[source]

Bases: object

end
start
step
class Variable(func, source_type, index, storage, name=None, var_type=None)[source]

Bases: object

classmethod from_identifier(func, identifier, name=None, var_type=None)[source]
function
identifier
index
name
source_type
storage
type