Data¶
The BipData objects inherit from BipElt and are used for
representing data which means everything which is not code.
BipData object can be created by calling the constructor with the
data address but in a more generic way it is possible to use the
GetElt() or GetEltByName() for recuperating them.
BipData will be create by GetElt() if IDA considered the
address as data or unknown. As they are inheriting from BipRefElt it
is possible to use the xref API through them (for access to and from them).
The most basic usage will be to recuperate or set a value using the property
value(). This property depends of the type
which can be access and modify through the type() property,
this property return and expect a BipType object. It is also possible
to access directly the BipElt.bytes() of the object.
BipData provides some static methods for accessing and
modifying data of the IDB without creating an object, in particular the
get_cstring() which allow to get a C string from an address.
Finally it is possible to iterate on all defined BipData using the
class method BipData.iter_heads.
BipData API¶
-
class
bip.base.BipData(ea=None)¶ Class for representing and manipulating data in IDA. The object of this class represent defined and unknown data, those objects can have values or not, those objects inherit from
BipElt.This class contains also static method for directly accessing and modifying the data from their address without passing by an object. This include the recuperation of string.
-
__init__(ea=None)¶ Constructor for
BipData, take the address of the data in IDA in parameter. In general it is expected to get one of those object through theGetElt()function.Parameters: ea (int) – The address of the element in IDA. If Nonethe screen address is taken.Raises: BipError – If address do not correspond to data
-
original_value¶ Property which allow to get the original value of data. This is the same as
value()getter property but for the original bytes before they were patch.
-
value¶ Property which return the value corresponding to the data of a numberable elements. This property works only if the
is_numerable()andhas_data()properties returned True. For getting value of an element which is not numerable use thebytes()property.This property is link to the type defined or guessed by IDA and it is a good idea to assure you have the proper type before using it.
Returns: An integer representing the value of the data or Noneif the data element is not numerable or do not have data.
-
__str__() <==> str(x)¶
-
is_byte¶ Property which allow to test if this object represent a byte (1 byte).
Returns: True if this data object represent a byte, False otherwise.
-
is_word¶ Property which allow to test if this object represent a word (2 bytes).
Returns: True if this data object represent a word, False otherwise.
-
is_dword¶ Property which allow to test if this object represent a dword (4 bytes).
Returns: True if this data object represent a dword, False otherwise.
-
is_qword¶ Property which allow to test if this object represent a qword (8 bytes).
Returns: True if this data object represent a qword, False otherwise.
-
is_numerable¶ Property which allow to test if this data element can be considered as a number for the
value()property.Returns: True if the data is a byte, word, dword, qword or unknwon, False otherwise.
-
type¶ Property which allow to get the type of an element. This is a wrapper for
BipType.get_at().Returns: An object which inherit from BipTypeorNoneif it was not able to guess a type.
-
classmethod
_is_this_elt(ea)¶ Class method which allow the function
GetElt()to know if this the correct type for an address. Only subclasses of an element which return True will be tested byGetElt(),BipBaseEltreturn always True except ifideltis not of the correct type.Parameters: idelt (int) – An id representing the element, typically an address. Returns: True if this is a valid class for constructing this element.
-
static
get_byte(ea=None, original=False)¶ Static method allowing to get the value of one byte at an address.
Parameters: - ea – The address at which recuperating the value. If
Nonethe screen address is used. - original – If True the value recuperated will be the original one (before a patch). Default: False.
Returns: An integer corresponding to the value at the address.
- ea – The address at which recuperating the value. If
-
static
set_byte(ea, value)¶ Static method allowing to set the value of one byte at an address.
Parameters: - ea – The address at which changing the value.
- value – The value to set at the address.
Raises: RuntimeError – If it was not possible to change the value.
-
static
get_bytes(ea, size, original=False)¶ Static method allowing to get the value of several bytes at an address.
Parameters: - ea – The address where to get the buffer. If
Nonethe screen address is used. - size – The number of bytes to get.
- original – If True the value recuperated will be the original one (before a patch). Default: False.
Returns: A byte string corresponding to the bytes at the address.
- ea – The address where to get the buffer. If
-
static
set_bytes(ea, byt)¶ Static method allowing to set the value of one byte at an address.
Parameters: - ea (int) – The address at which changing the value.
- byt (bytes) – The buffer of bytes to set at the address. If a
string is provided in python3 it will be decoded as
latin-1.
Raises: RuntimeError – If it was not possible to change one of the value.
-
static
get_word(ea=None, original=False)¶ Static method allowing to get the value of one word at an address.
Parameters: - ea – The address at which recuperating the value. If
Nonethe screen address is used. - original – If True the value recuperated will be the original one (before a patch). Default: False.
Returns: An integer corresponding to the value at the address.
- ea – The address at which recuperating the value. If
-
static
set_word(ea, value)¶ Static method allowing to set the value of one wordat an address.
Parameters: - ea – The address at which changing the value.
- value – The value to set at the address.
Raises: RuntimeError – If it was not possible to change the value.
-
static
get_dword(ea=None, original=False)¶ Static method allowing to get the value of one dword at an address.
Parameters: - ea – The address at which recuperating the value. If
Nonethe screen address is used. - original – If True the value recuperated will be the original one (before a patch). Default: False.
Returns: An integer corresponding to the value at the address.
- ea – The address at which recuperating the value. If
-
static
set_dword(ea, value)¶ Static method allowing to set the value of one dwordat an address.
Parameters: - ea – The address at which changing the value.
- value – The value to set at the address.
Raises: RuntimeError – If it was not possible to change the value.
-
static
get_qword(ea=None, original=False)¶ Static method allowing to get the value of one qword at an address.
Parameters: - ea – The address at which recuperating the value. If
Nonethe screen address is used. - original – If True the value recuperated will be the original one (before a patch). Default: False.
Returns: An integer corresponding to the value at the address.
- ea – The address at which recuperating the value. If
-
static
set_qword(ea, value)¶ Static method allowing to set the value of one qwordat an address.
Parameters: - ea – The address at which changing the value.
- value – The value to set at the address.
Raises: RuntimeError – If it was not possible to change the value.
-
static
get_cstring(ea=None, size=-1)¶ Static method for getting a C string from an address.
Parameters: - ea – The address of the string. If
Nonethe screen address is used. - size – The size of the string. If
-1(default), until a\is found.
Returns: Bytes representing the string
- ea – The address of the string. If
-
static
get_ptr(ea=None)¶ Recuperate the value of a pointer at an address. This will handle automatically the correct size of the pointer.
Parameters: ea (int) – the address at which get the pointer value. If Nonethe screen address is used.Returns: the pointer value
-