http://www.cnblogs.com/fply/p/8506225.html
创建函数
MakeFunction(start, end = idaapi.BADADDR)
删除函数
DelFunction(ea)
修数结束位置
SetFunctionEnd(ea, end)
查找下一个函数
NextFunction(ea)
上一个函数
PrevFunction(ea)
获取设置函数属性
GetFunctionAttr(ea, attr)
SetFunctionAttr(ea, attr, value)
FUNCATTR_START = 0 # function start address FUNCATTR_END = 4 # function end address FUNCATTR_FLAGS = 8 # function flags FUNCATTR_FRAME = 10 # function frame id FUNCATTR_FRSIZE = 14 # size of local variables FUNCATTR_FRREGS = 18 # size of saved registers area FUNCATTR_ARGSIZE = 20 # number of bytes purged from the stack FUNCATTR_FPD = 24 # frame pointer delta FUNCATTR_COLOR = 28 # function color code FUNCATTR_OWNER = 10 # chunk owner (valid only for tail chunks) FUNCATTR_REFQTY = 14 # number of chunk parents (valid only for tail chunks) # Redefining the constants for 64-bit if __EA64__: FUNCATTR_START = 0 FUNCATTR_END = 8 FUNCATTR_FLAGS = 16 FUNCATTR_FRAME = 18 FUNCATTR_FRSIZE = 26 FUNCATTR_FRREGS = 34 FUNCATTR_ARGSIZE = 36 FUNCATTR_FPD = 44 FUNCATTR_COLOR = 52 FUNCATTR_OWNER = 18 FUNCATTR_REFQTY = 26 _FUNCATTRMAP = { FUNCATTR_START : (True, 'startEA'), FUNCATTR_END : (True, 'endEA'), FUNCATTR_FLAGS : (False, 'flags'), FUNCATTR_FRAME : (True, 'frame'), FUNCATTR_FRSIZE : (True, 'frsize'), FUNCATTR_FRREGS : (True, 'frregs'), FUNCATTR_ARGSIZE : (True, 'argsize'), FUNCATTR_FPD : (False, 'fpd'), FUNCATTR_COLOR : (False, 'color'), FUNCATTR_OWNER : (True, 'owner'), FUNCATTR_REFQTY : (True, 'refqty') }
获取函数flag
GetFunctionFlags(ea)
SetFunctionFlags(ea, flags)
FUNC_NORET = idaapi.FUNC_NORET # function doesn't return FUNC_FAR = idaapi.FUNC_FAR # far function FUNC_LIB = idaapi.FUNC_LIB # library function FUNC_STATIC = idaapi.FUNC_STATICDEF # static function FUNC_FRAME = idaapi.FUNC_FRAME # function uses frame pointer (BP) FUNC_USERFAR = idaapi.FUNC_USERFAR # user has specified far-ness # of the function FUNC_HIDDEN = idaapi.FUNC_HIDDEN # a hidden function FUNC_THUNK = idaapi.FUNC_THUNK # thunk (jump) function FUNC_BOTTOMBP = idaapi.FUNC_BOTTOMBP # BP points to the bottom of the stack frame FUNC_NORET_PENDING = idaapi.FUNC_NORET_PENDING # Function 'non-return' analysis # must be performed. This flag is # verified upon func_does_return() FUNC_SP_READY = idaapi.FUNC_SP_READY # SP-analysis has been performed # If this flag is on, the stack # change points should not be not # modified anymore. Currently this # analysis is performed only for PC FUNC_PURGED_OK = idaapi.FUNC_PURGED_OK # 'argsize' field has been validated. # If this bit is clear and 'argsize' # is 0, then we do not known the real # number of bytes removed from # the stack. This bit is handled # by the processor module. FUNC_TAIL = idaapi.FUNC_TAIL # This is a function tail. # Other bits must be clear # (except FUNC_HIDDEN)
获取函数名
GetFunctionName(ea)
获取函数i注释
GetFunctionCmt(ea, repeatable)
SetFunctionCmt(ea, cmt, repeatable)
用户选择一个函数 与ctrl+p相同功能
ChooseFunction(title)
获取函数 地址+函数名信息
GetFuncOffset(ea)
FindFuncEnd(ea)
"""
Determine a new function boundaries
GetFrame(ea)
"""
Get ID of function frame structure
GetFrameLvarSize(ea)
GetFrameRegsSize(ea)
"""
Get size of saved registers in function frame
GetSpd(ea)
"""
Get current delta for the stack pointer
GetSpDiff(ea)
Get modification of SP made by the instruction
SetSpDiff(ea, delta):
"""
Setup modification of SP made by the instruction