binaryninja.lowlevelil.LowLevelILFunction

class LowLevelILFunction(arch=None, handle=None, source_func=None)[source]

class LowLevelILFunction contains the list of LowLevelILExpr objects that make up a binaryninja.function. LowLevelILExpr objects can be added to the LowLevelILFunction by calling append and passing the result of the various class methods which return LowLevelILExpr objects.

LowLevelILFlagCondition values used as parameters in the flag_condition method.

LowLevelILFlagCondition

Operator

Description

LLFC_E

==

Equal

LLFC_NE

!=

Not equal

LLFC_SLT

s<

Signed less than

LLFC_ULT

u<

Unsigned less than

LLFC_SLE

s<=

Signed less than or equal

LLFC_ULE

u<=

Unsigned less than or equal

LLFC_SGE

s>=

Signed greater than or equal

LLFC_UGE

u>=

Unsigned greater than or equal

LLFC_SGT

s>

Signed greater than

LLFC_UGT

u>

Unsigned greater than

LLFC_NEG

Negative

LLFC_POS

Positive

LLFC_O

overflow

Overflow

LLFC_NO

!overflow

No overflow

__init__(arch=None, handle=None, source_func=None)[source]

Initialize self. See help(type(self)) for accurate signature.

Methods

__init__([arch, handle, source_func])

Initialize self.

add(size, a, b[, flags])

add adds expression a to expression b potentially setting flags flags and returning an expression of size bytes.

add_carry(size, a, b, carry[, flags])

add_carry adds with carry expression a to expression b potentially setting flags flags and returning an expression of size bytes.

add_label_for_address(arch, addr)

add_label_for_address adds a low-level IL label for the given architecture arch at the given virtual address addr

add_label_list(labels)

add_label_list returns a label list expression for the given list of LowLevelILLabel objects.

add_operand_list(operands)

add_operand_list returns an operand list expression for the given list of integer operands.

and_expr(size, a, b[, flags])

and_expr bitwise and’s expression a and expression b potentially setting flags flags and returning an expression of size bytes.

append(expr)

append adds the LowLevelILExpr expr to the current LowLevelILFunction.

arith_shift_right(size, a, b[, flags])

arith_shift_right shifts arithmatic right expression a by expression b potentially setting flags flags and returning an expression of size bytes.

breakpoint()

breakpoint returns a processor breakpoint expression.

call(dest)

call returns an expression which first pushes the address of the next instruction onto the stack then jumps (branches) to the expression dest

call_stack_adjust(dest, stack_adjust)

call_stack_adjust returns an expression which first pushes the address of the next instruction onto the stack then jumps (branches) to the expression dest.

ceil(size, value[, flags])

ceil rounds a floating point value to an integer towards positive infinity

clear_indirect_branches()

compare_equal(size, a, b)

compare_equal returns comparison expression of size size checking if expression a is equal to expression b

compare_not_equal(size, a, b)

compare_not_equal returns comparison expression of size size checking if expression a is not equal to expression b

compare_signed_greater_equal(size, a, b)

compare_signed_greater_equal returns comparison expression of size size checking if expression a is signed greater than or equal to expression b

compare_signed_greater_than(size, a, b)

compare_signed_greater_than returns comparison expression of size size checking if expression a is signed greater than or equal to expression b

compare_signed_less_equal(size, a, b)

compare_signed_less_equal returns comparison expression of size size checking if expression a is signed less than or equal to expression b

compare_signed_less_than(size, a, b)

compare_signed_less_than returns comparison expression of size size checking if expression a is signed less than expression b

compare_unsigned_greater_equal(size, a, b)

compare_unsigned_greater_equal returns comparison expression of size size checking if expression a is unsigned greater than or equal to expression b

compare_unsigned_greater_than(size, a, b)

compare_unsigned_greater_than returns comparison expression of size size checking if expression a is unsigned greater than or equal to expression b

compare_unsigned_less_equal(size, a, b)

compare_unsigned_less_equal returns comparison expression of size size checking if expression a is unsigned less than or equal to expression b

compare_unsigned_less_than(size, a, b)

compare_unsigned_less_than returns comparison expression of size size checking if expression a is unsigned less than expression b

const(size, value)

const returns an expression for the constant integer value with size size

const_pointer(size, value)

const_pointer returns an expression for the constant pointer value with size size

create_graph([settings])

div_double_prec_signed(size, a, b[, flags])

div_double_prec_signed signed double precision divide using expression a as a single double precision register by expression b potentially setting flags flags and returning an expression of size bytes.

div_double_prec_unsigned(size, a, b[, flags])

div_double_prec_unsigned unsigned double precision divide using expression a as a single double precision register by expression b potentially setting flags flags and returning an expression of size bytes.

div_signed(size, a, b[, flags])

div_signed signed divide expression a by expression b potentially setting flags flags and returning an expression of size bytes.

div_unsigned(size, a, b[, flags])

div_unsigned unsigned divide expression a by expression b potentially setting flags flags and returning an expression of size bytes.

expr(operation[, a, b, c, d, size, flags])

finalize()

finalize ends the function and computes the list of basic blocks.

flag(reg)

flag returns a flag expression for the given flag name.

flag_bit(size, reg, bit)

flag_bit sets the flag named reg and size size to the constant integer value bit

flag_condition(cond[, sem_class])

flag_condition returns a flag_condition expression for the given LowLevelILFlagCondition

flag_group(sem_group)

flag_group returns a flag_group expression for the given semantic flag group

float_abs(size, value[, flags])

float_abs returns absolute value of floating point expression value of size size potentially setting flags

float_add(size, a, b[, flags])

float_add adds floating point expression a to expression b potentially setting flags flags and returning an expression of size bytes.

float_compare_equal(size, a, b)

float_compare_equal returns floating point comparison expression of size size checking if expression a is equal to expression b

float_compare_greater_equal(size, a, b)

float_compare_greater_equal returns floating point comparison expression of size size checking if expression a is greater than or equal to expression b

float_compare_greater_than(size, a, b)

float_compare_greater_than returns floating point comparison expression of size size checking if expression a is greater than or equal to expression b

float_compare_less_equal(size, a, b)

float_compare_less_equal returns floating point comparison expression of size size checking if expression a is less than or equal to expression b

float_compare_less_than(size, a, b)

float_compare_less_than returns floating point comparison expression of size size checking if expression a is less than to expression b

float_compare_not_equal(size, a, b)

float_compare_not_equal returns floating point comparison expression of size size checking if expression a is not equal to expression b

float_compare_unordered(size, a, b)

float_compare_unordered returns floating point comparison expression of size size checking if expression a is unordered relative to expression b

float_const_double(value)

float_const_double returns an expression for the double precision floating point value value

float_const_raw(size, value)

float_const_raw returns an expression for the constant raw binary floating point value value with size size

float_const_single(value)

float_const_single returns an expression for the single precision floating point value value

float_convert(size, value[, flags])

int_to_float converts floating point value of expression value to size size potentially setting flags

float_div(size, a, b[, flags])

float_div divides floating point expression a by expression b potentially setting flags flags and returning an expression of size bytes.

float_mult(size, a, b[, flags])

float_mult multiplies floating point expression a by expression b potentially setting flags flags and returning an expression of size bytes.

float_neg(size, value[, flags])

float_neg returns sign negation of floating point expression value of size size potentially setting flags

float_sqrt(size, value[, flags])

float_sqrt returns square root of floating point expression value of size size potentially setting flags

float_sub(size, a, b[, flags])

float_sub subtracts floating point expression b from expression a potentially setting flags flags and returning an expression of size bytes.

float_to_int(size, value[, flags])

float_to_int returns integer value of floating point expression value of size size potentially setting flags

float_trunc(size, value[, flags])

float_trunc rounds a floating point value to an integer towards zero

floor(size, value[, flags])

floor rounds a floating point value to an integer towards negative infinity

get_instruction_start(addr[, arch])

get_label_for_address(arch, addr)

get_label_for_address returns the LowLevelILLabel for the given Architecture arch and IL address addr.

get_mapped_medium_level_il_expr_index(expr)

get_mapped_medium_level_il_instruction_index(instr)

get_medium_level_il_expr_index(expr)

get_medium_level_il_instruction_index(instr)

get_non_ssa_instruction_index(instr)

get_ssa_flag_definition(flag_ssa)

get_ssa_flag_uses(flag_ssa)

get_ssa_flag_value(flag_ssa)

get_ssa_instruction_index(instr)

get_ssa_memory_definition(index)

get_ssa_memory_uses(index)

get_ssa_reg_definition(reg_ssa)

get_ssa_reg_uses(reg_ssa)

get_ssa_reg_value(reg_ssa)

goto(label)

goto returns a goto expression which jumps to the provided LowLevelILLabel.

if_expr(operand, t, f)

if_expr returns the if expression which depending on condition operand jumps to the LowLevelILLabel t when the condition expression operand is non-zero and f when it’s zero.

int_to_float(size, value[, flags])

int_to_float returns floating point value of integer expression value of size size potentially setting flags

intrinsic(outputs, intrinsic, params[, flags])

intrinsic return an intrinsic expression.

jump(dest)

jump returns an expression which jumps (branches) to the expression dest

load(size, addr)

load Reads size bytes from the expression addr

logical_shift_right(size, a, b[, flags])

logical_shift_right shifts logically right expression a by expression b potentially setting flags flags``and returning an expression of ``size bytes.

low_part(size, value[, flags])

low_part truncates value to size bytes

mark_label(label)

mark_label assigns a LowLevelILLabel to the current IL address.

mod_double_prec_signed(size, a, b[, flags])

mod_double_prec_signed signed double precision modulus using expression a as a single double precision register by expression b potentially setting flags flags and returning an expression of size bytes.

mod_double_prec_unsigned(size, a, b[, flags])

mod_double_prec_unsigned unsigned double precision modulus using expression a as a single double precision register by expression b potentially setting flags flags and returning an expression of size bytes.

mod_signed(size, a, b[, flags])

mod_signed signed modulus expression a by expression b potentially setting flags flags and returning an expression of size bytes.

mod_unsigned(size, a, b[, flags])

mod_unsigned unsigned modulus expression a by expression b potentially setting flags flags and returning an expression of size bytes.

mult(size, a, b[, flags])

mult multiplies expression a by expression b potentially setting flags flags and returning an expression of size bytes.

mult_double_prec_signed(size, a, b[, flags])

mult_double_prec_signed multiplies signed with double precision expression a by expression b potentially setting flags flags and returning an expression of size bytes.

mult_double_prec_unsigned(size, a, b[, flags])

mult_double_prec_unsigned multiplies unsigned with double precision expression a by expression b potentially setting flags flags and returning an expression of size bytes.

neg_expr(size, value[, flags])

neg_expr two’s complement sign negation of expression value of size size potentially setting flags

no_ret()

no_ret returns an expression halts disassembly

nop()

nop no operation, this instruction does nothing

not_expr(size, value[, flags])

not_expr bitwise inverse of expression value of size size potentially setting flags

operand(n, expr)

operand sets the operand number of the expression expr and passes back expr without modification.

or_expr(size, a, b[, flags])

or_expr bitwise or’s expression a and expression b potentially setting flags flags and returning an expression of size bytes.

pop(size)

pop reads size bytes from the stack, adjusting the stack by size.

push(size, value)

push writes size bytes from expression value to the stack, adjusting the stack by size.

reg(size, reg)

reg returns a register of size size with name reg

reg_split(size, hi, lo)

reg_split combines registers of size size with names hi and lo

reg_stack_pop(size, reg_stack)

reg_stack_pop returns the top entry of size size in register stack with name reg_stack, and removes the entry from the stack

reg_stack_push(size, reg_stack, value[, flags])

reg_stack_push pushes the expression value of size size onto the top of the register stack reg_stack

reg_stack_top_relative(size, reg_stack, entry)

reg_stack_top_relative returns a register stack entry of size size at top-relative location entry in register stack with name reg_stack

reloc_pointer(size, value)

reloc_pointer returns an expression for the constant relocated pointer value with size size

replace_expr(original, new)

replace_expr allows modification of LowLevelILExpressions but ONLY during lifting.

ret(dest)

ret returns an expression which jumps (branches) to the expression dest.

rotate_left(size, a, b[, flags])

rotate_left bitwise rotates left expression a by expression b potentially setting flags flags and returning an expression of size bytes.

rotate_left_carry(size, a, b, carry[, flags])

rotate_left_carry bitwise rotates left with carry expression a by expression b potentially setting flags flags and returning an expression of size bytes.

rotate_right(size, a, b[, flags])

rotate_right bitwise rotates right expression a by expression b potentially setting flags flags and returning an expression of size bytes.

rotate_right_carry(size, a, b, carry[, flags])

rotate_right_carry bitwise rotates right with carry expression a by expression b potentially setting flags flags and returning an expression of size bytes.

round_to_int(size, value[, flags])

round_to_int rounds a floating point value to the nearest integer

set_current_address(value[, arch])

set_current_source_block(block)

set_flag(flag, value)

set_flag sets the flag flag to the LowLevelILExpr value

set_indirect_branches(branches)

set_reg(size, reg, value[, flags])

set_reg sets the register reg of size size to the expression value

set_reg_split(size, hi, lo, value[, flags])

set_reg_split uses hi and lo as a single extended register setting hi:lo to the expression value.

set_reg_stack_top_relative(size, reg_stack, …)

set_reg_stack_top_relative sets the top-relative entry entry of size size in register stack reg_stack to the expression value

shift_left(size, a, b[, flags])

shift_left subtracts with borrow expression b from expression a potentially setting flags flags and returning an expression of size bytes.

sign_extend(size, value[, flags])

sign_extend two’s complement sign-extends the expression in value to size bytes

store(size, addr, value[, flags])

store Writes size bytes to expression addr read from expression value

sub(size, a, b[, flags])

sub subtracts expression b from expression a potentially setting flags flags and returning an expression of size bytes.

sub_borrow(size, a, b, carry[, flags])

sub_borrow subtracts with borrow expression b from expression a potentially setting flags flags and returning an expression of size bytes.

system_call()

system_call return a system call expression.

tailcall(dest)

tailcall returns an expression which jumps (branches) to the expression dest

test_bit(size, a, b)

trap(value)

trap returns a processor trap (interrupt) expression of the given integer value.

undefined()

undefined returns the undefined expression.

unimplemented()

unimplemented returns the unimplemented expression.

unimplemented_memory_ref(size, addr)

unimplemented_memory_ref a memory reference to expression addr of size size with unimplemented operation.

xor_expr(size, a, b[, flags])

xor_expr xor’s expression a with expression b potentially setting flags flags and returning an expression of size bytes.

zero_extend(size, value[, flags])

zero_extend zero-extends the expression in value to size bytes

Attributes

basic_blocks

list of LowLevelILBasicBlock objects (read-only)

current_address

Current IL Address (read/write)

instructions

A generator of llil instructions of the current llil function

mapped_medium_level_il

Medium level IL with mappings between low level IL and medium level IL.

medium_level_il

Medium level IL for this low level IL.

mlil

mmlil

non_ssa_form

Low level IL in non-SSA (default) form (read-only)

ssa_form

Low level IL in SSA form (read-only)

temp_flag_count

Number of temporary flags (read-only)

temp_reg_count

Number of temporary registers (read-only)