# IDAPython examples ## IDAPython scripts examples The following examples demonstrate the usage of the IDAPython API in more complex scripts. ### Where can I find all the examples? IDA is shipped with examples of IDAPython scripts that perform specific tasks, useful for common situations. The full library of our examples is shipped with your IDA instance in the python/examples folder. You can find them also in the [GitHub repository](https://github.com/idapython/src). ### How to run the examples? #### Load the script via File Loader 1. Navigate to **File -> Script file...**. 2. In the new dialog, select the `.py` script you want to run and click **Open**. #### Load the script via Script command 1. Navigate to **File -> Script command...**. 2. Paste the code into *Please enter script body* field and click **Run**. #### Load the script via output window/console 1. In the output window/IDAPython console, type the following command: `exec(open("path/to/your_script.py").read())` to execute the script. ## IDAPython examples ### Category: analysis **dump\_func\_info**
Dump (some) information about the current function. **Source code** [analysis/dump\_func\_info.py](https://github.com/idapython/src/blob/master/examples/analysis/dump_func_info.py) **Category** analysis **Description** Dump some of the most interesting bits of information about the function we are currently looking at. **Uses** * ida\_funcs.FUNC\_FRAME * ida\_funcs.FUNC\_LUMINA * ida\_funcs.FUNC\_OUTLINE * ida\_funcs.FUNC\_THUNK * ida\_funcs.get\_fchunk * ida\_funcs.is\_func\_entry * ida\_funcs.is\_func\_tail * ida\_kernwin.get\_screen\_ea
### Category: core **actions**
Custom actions, with icons & tooltips **Source code** [core/actions.py](https://github.com/idapython/src/blob/master/examples/core/actions.py) **Category** core **Description** How to create user actions, that once created can be inserted in menus, toolbars, context menus, ... Those actions, when triggered, will be passed a 'context' that contains some of the most frequently needed bits of information. In addition, custom actions can determine when they want to be available (through their `ida_kernwin.action_handler_t.update` callback) **Shortcut** Ctrl+F12 **Keywords** actions ctxmenu UI\_Hooks **Uses** * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_DISASM * ida\_kernwin.SETMENU\_APP * ida\_kernwin.UI\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_menu * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.attach\_action\_to\_toolbar * ida\_kernwin.get\_widget\_type * ida\_kernwin.load\_custom\_icon * ida\_kernwin.register\_action * ida\_kernwin.unregister\_action **See also** * [add\_hotkey](#add_hotkey)
**add\_hotkey**
Triggering bits of code by pressing a shortcut **Source code** [core/add\_hotkey.py](https://github.com/idapython/src/blob/master/examples/core/add_hotkey.py) **Category** core **Description** `ida_kernwin.add_hotkey` is a simpler, but much less flexible alternative to `ida_kernwin.register_action` (though it does use the same mechanism under the hood.) It's particularly useful during prototyping, but note that the actions that are created cannot be inserted in menus, toolbars or cannot provide a custom `ida_kernwin.action_handler_t.update` callback. **Keywords** actions **Uses** * ida\_kernwin.add\_hotkey * ida\_kernwin.del\_hotkey **See also** * [actions](#actions)
**add\_idc\_hotkey**
Triggering bits of code by pressing a shortcut (older version) **Source code** [core/add\_idc\_hotkey.py](https://github.com/idapython/src/blob/master/examples/core/add_idc_hotkey.py) **Category** core **Description** This is a somewhat ancient way of registering actions & binding shortcuts. It's still here for reference, but "fresher" alternatives should be preferred. **Keywords** actions **Uses** * ida\_expr.compile\_idc\_text * ida\_kernwin.add\_idc\_hotkey **See also** * [actions](#actions) * [add\_hotkey](#add_hotkey)
**auto\_instantiate\_widget\_plugin**
Better integrating custom widgets in the desktop layout **Source code** [core/auto\_instantiate\_widget\_plugin.py](https://github.com/idapython/src/blob/master/examples/core/auto_instantiate_widget_plugin.py) **Category** core **Description** This is an example demonstrating how one can create widgets from a plugin, and have them re-created automatically at IDA startup-time or at desktop load-time. This example should be placed in the 'plugins' directory of the IDA installation, for it to work. There are 2 ways to use this example: 1. reloading an IDB, where the widget was opened * open the widget ('View > Open subview > ...') * save this IDB, and close IDA * restart IDA with this IDB => the widget will be visible 2. reloading a desktop, where the widget was opened * open the widget ('View > Open subview > ...') * save the desktop ('Windows > Save desktop...') under, say, the name 'with\_auto' * start another IDA instance with some IDB, and load that desktop => the widget will be visible **Keywords** desktop plugin UI\_Hooks **Uses** * ida\_idaapi.plugin\_t * ida\_kernwin.AST\_ENABLE\_ALWAYS * ida\_kernwin.SETMENU\_APP * ida\_kernwin.UI\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_menu * ida\_kernwin.find\_widget * ida\_kernwin.register\_action * ida\_kernwin.simplecustviewer\_t * ida\_kernwin.simplecustviewer\_t.Create
**colorize\_disassembly\_on\_the\_fly**
An easy-to-use way to colorize lines **Source code** [core/colorize\_disassembly\_on\_the\_fly.py](https://github.com/idapython/src/blob/master/examples/core/colorize_disassembly_on_the_fly.py) **Category** core **Description** This builds upon the `ida_kernwin.UI_Hooks.get_lines_rendering_info` feature, to provide a quick & easy way to colorize disassembly lines. Contrary to @colorize\_disassembly, the coloring is not persisted in the database, and will therefore be lost after the session. By triggering the action multiple times, the user can "carousel" across 4 predefined colors (and return to the "no color" state.) **Shortcut** ! **Keywords** coloring UI\_Hooks **Uses** * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.CK\_EXTRA5 * ida\_kernwin.CK\_EXTRA6 * ida\_kernwin.CK\_EXTRA7 * ida\_kernwin.CK\_EXTRA8 * ida\_kernwin.UI\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.get\_current\_viewer * ida\_kernwin.get\_custom\_viewer\_location * ida\_kernwin.get\_custom\_viewer\_place\_xcoord * ida\_kernwin.get\_widget\_title * ida\_kernwin.line\_rendering\_output\_entry\_t * ida\_kernwin.register\_action * ida\_moves.lochist\_entry\_t **See also** * [colorize\_disassembly](#colorize_disassembly)
**create\_structure\_programmatically**
Programmatically create & populate a structure **Source code** [core/create\_structure\_programmatically.py](https://github.com/idapython/src/blob/master/examples/core/create_structure_programmatically.py) **Category** core **Description** Usage of the API to create & populate a structure with members of different types. **Uses** * ida\_typeinf.BTF\_BYTE * ida\_typeinf.BTF\_DOUBLE * ida\_typeinf.BTF\_FLOAT * ida\_typeinf.BTF\_INT * ida\_typeinf.BTF\_INT128 * ida\_typeinf.BTF\_INT16 * ida\_typeinf.BTF\_INT64 * ida\_typeinf.BTF\_TBYTE * ida\_typeinf.BTF\_UINT32 * ida\_typeinf.FRB\_NUMO * ida\_typeinf.NTF\_TYPE * ida\_typeinf.PRTYPE\_DEF * ida\_typeinf.PRTYPE\_MULTI * ida\_typeinf.PRTYPE\_TYPE * ida\_typeinf.del\_named\_type * ida\_typeinf.idc\_parse\_types * ida\_typeinf.tinfo\_errstr * ida\_typeinf.tinfo\_t * ida\_typeinf.udm\_t * ida\_typeinf.udt\_type\_data\_t * ida\_typeinf.value\_repr\_t **Author** Gergely Erdelyi ()
**custom\_cli**
A custom command-line interpreter **Source code** [core/custom\_cli.py](https://github.com/idapython/src/blob/master/examples/core/custom_cli.py) **Category** core **Description** Illustrates how one can add command-line interpreters to IDA This custom interpreter doesn't actually run any code; it's there as a 'getting started'. It provides an example tab completion support. **Uses** * ida\_idaapi.NW\_CLOSEIDB * ida\_idaapi.NW\_OPENIDB * ida\_idaapi.NW\_REMOVE * ida\_idaapi.NW\_TERMIDA * ida\_idaapi.notify\_when * ida\_kernwin.cli\_t
**custom\_data\_types\_and\_formats**
Using custom data types & printers **Source code** [core/custom\_data\_types\_and\_formats.py](https://github.com/idapython/src/blob/master/examples/core/custom_data_types_and_formats.py) **Category** core **Description** IDA can be extended to support certain data types that it does not know about out-of-the-box. A 'custom data type' provide information about the type & size of a piece of data, while a 'custom data format' is in charge of formatting that data (there can be more than one format for a specific 'custom data type'.) **Uses** * ida\_bytes.data\_format\_t * ida\_bytes.data\_type\_t * ida\_bytes.find\_custom\_data\_type * ida\_bytes.get\_byte * ida\_bytes.register\_data\_types\_and\_formats * ida\_bytes.unregister\_data\_types\_and\_formats * ida\_idaapi.NW\_CLOSEIDB * ida\_idaapi.NW\_OPENIDB * ida\_idaapi.NW\_REMOVE * ida\_idaapi.NW\_TERMIDA * ida\_idaapi.notify\_when * ida\_idaapi.struct\_unpack * ida\_lines.COLSTR * ida\_lines.SCOLOR\_IMPNAME * ida\_lines.SCOLOR\_INSN * ida\_lines.SCOLOR\_NUMBER * ida\_lines.SCOLOR\_REG * ida\_nalt.get\_input\_file\_path * ida\_netnode.netnode * ida\_typeinf.tinfo\_t
**dump\_extra\_comments**
Retrieve extra comments **Source code** [core/dump\_extra\_comments.py](https://github.com/idapython/src/blob/master/examples/core/dump_extra_comments.py) **Category** core **Description** Use the `ida_lines.get_extra_cmt` API to retrieve anterior and posterior extra comments. This script registers two actions, that can be used to dump the previous and next extra comments. **Shortcuts** Ctrl+Shift+Y Ctrl+Shift+Z **Keywords** ctxmenu **Uses** * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_DISASM * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.find\_widget * ida\_kernwin.get\_screen\_ea * ida\_kernwin.register\_action * ida\_kernwin.unregister\_action * ida\_lines.E\_NEXT * ida\_lines.E\_PREV * ida\_lines.get\_extra\_cmt * ida\_view
**dump\_flowchart**
Dump function flowchart **Source code** [core/dump\_flowchart.py](https://github.com/idapython/src/blob/master/examples/core/dump_flowchart.py) **Category** core **Description** Dumps the current function's flowchart, using 2 methods: * the low-level `ida_gdl.qflow_chart_t` type * the somewhat higher-level, and slightly more pythonic `ida_gdl.FlowChart` type. **Uses** * ida\_funcs.get\_func * ida\_gdl.FlowChart * ida\_gdl.qflow\_chart\_t * ida\_kernwin.get\_screen\_ea
**dump\_selection**
Retrieve & dump current selection **Source code** [core/dump\_selection.py](https://github.com/idapython/src/blob/master/examples/core/dump_selection.py) **Category** core **Description** Shows how to retrieve the selection from a listing widget ("IDA View-A", "Hex View-1", "Pseudocode-A", ...) as two "cursors", and from there retrieve (in fact, generate) the corresponding text. After running this script: * select some text in one of the listing widgets (i.e., "IDA View-*", "Local Types", "Pseudocode-*") * press Ctrl+Shift+S to dump the selection **Shortcut** Ctrl+Shift+S **Uses** * ida\_kernwin.ACF\_HAS\_SELECTION * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_DISASM * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.BWN\_TILVIEW * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.get\_current\_viewer * ida\_kernwin.get\_viewer\_user\_data * ida\_kernwin.l\_compare2 * ida\_kernwin.linearray\_t * ida\_kernwin.read\_selection * ida\_kernwin.register\_action * ida\_kernwin.twinpos\_t * ida\_kernwin.unregister\_action * ida\_lines.tag\_remove
**extend\_idc**
Add functions to the IDC runtime from IDAPython **Source code** [core/extend\_idc.py](https://github.com/idapython/src/blob/master/examples/core/extend_idc.py) **Category** core **Description** You can add IDC functions to IDA, whose "body" consists of IDAPython statements! We'll register a 'pow' function, available to all IDC code, that when invoked will call back into IDAPython, and execute the provided function body. After running this script, try switching to the IDC interpreter (using the button on the lower-left corner of IDA) and executing `pow(3, 7)` **Uses** * ida\_expr.VT\_LONG * ida\_expr.add\_idc\_func
**find\_string**
Showcasing `ida_bytes.find_string` **Source code** [core/find\_string.py](https://github.com/idapython/src/blob/master/examples/core/find_string.py) **Category** core **Description** IDAPython's ida\_bytes.find\_string can be used to implement a simple replacement for the 'Search > Sequence of bytes...' dialog, that lets users search for sequences of bytes that compose string literals in the binary file (either in the default 1-byte-per-char encoding, or as UTF-16.) **Shortcut** Ctrl+Shift+S **Uses** * ida\_bytes.BIN\_SEARCH\_FORWARD * ida\_bytes.BIN\_SEARCH\_NOBREAK * ida\_bytes.BIN\_SEARCH\_NOSHOW * ida\_bytes.find\_string * ida\_ida.inf\_get\_max\_ea * ida\_idaapi.BADADDR * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_DISASM * ida\_kernwin.Form * ida\_kernwin.Form.ChkGroupControl * ida\_kernwin.Form.StringInput * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.get\_screen\_ea * ida\_kernwin.jumpto * ida\_kernwin.register\_action * ida\_nalt.BPU\_1B * ida\_nalt.BPU\_2B * ida\_nalt.get\_default\_encoding\_idx
**idapythonrc**
Code to be run right after IDAPython initialization **Source code** [core/idapythonrc.py](https://github.com/idapython/src/blob/master/examples/core/idapythonrc.py) **Category** core **Description** The `idapythonrc.py` file: * %APPDATA%\Hex-Rays\IDA Pro\idapythonrc.py (on Windows) * \~/.idapro/idapythonrc.py (on Linux & Mac) can contain any IDAPython code that will be run as soon as IDAPython is done successfully initializing.
**install\_user\_defined\_prefix**
Inserting information into disassembly prefixes **Source code** [core/install\_user\_defined\_prefix.py](https://github.com/idapython/src/blob/master/examples/core/install_user_defined_prefix.py) **Category** core **Description** By default, disassembly line prefixes contain segment + address information (e.g., '.text:08047718'), but it is possible to "inject" other bits of information in there, thanks to the `ida_lines.user_defined_prefix_t` helper type. **Keywords** plugin **Uses** * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t * ida\_lines.SCOLOR\_INV * ida\_lines.user\_defined\_prefix\_t
**list\_bookmarks**
List bookmarks associated to a listing **Source code** [core/list\_bookmarks.py](https://github.com/idapython/src/blob/master/examples/core/list_bookmarks.py) **Category** core **Description** This sample shows how to programmatically access the list of bookmarks placed in a listing widget (e.g., "IDA View-A", "Pseudocode-", …) using the low-level `ida_moves.bookmarks_t` type. **Shortcut** Ctrl+! **Keywords** bookmarks **Uses** * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.get\_current\_viewer * ida\_kernwin.get\_viewer\_user\_data * ida\_kernwin.get\_widget\_title * ida\_kernwin.register\_action * ida\_moves.bookmarks\_t
**list\_function\_items**
Showcases (a few of) the iterators available on a function **Source code** [core/list\_function\_items.py](https://github.com/idapython/src/blob/master/examples/core/list_function_items.py) **Category** core **Description** This demonstrates how to use some of the iterators available on the func\_t type. This example will focus on: * `func_t[.__iter__]`: the default iterator; iterates on instructions * `func_t.data_items`: iterate on data items contained within a function * `func_t.head_items`: iterate on 'heads' (i.e., addresses containing the start of an instruction, or a data item. * `func_t.addresses`: iterate on all addresses within function (code and data, beginning of an item or not) Type `help(ida_funcs.func_t)` for a full list of iterators. In addition, one can use: * `func_tail_iterator_t`: iterate on all the chunks (including the main one) of the function * `func_parent_iterator_t`: iterate on all the parent functions, that include this chunk **Keywords** funcs iterator **Uses** * ida\_bytes.get\_flags * ida\_bytes.is\_code * ida\_bytes.is\_data * ida\_bytes.is\_tail * ida\_bytes.is\_unknown * ida\_funcs.func\_tail\_iterator\_t * ida\_funcs.get\_fchunk * ida\_funcs.get\_func * ida\_funcs.get\_func\_name * ida\_kernwin.get\_screen\_ea * ida\_ua.print\_insn\_mnem
**list\_imports**
Enumerate file imports **Source code** [core/list\_imports.py](https://github.com/idapython/src/blob/master/examples/core/list_imports.py) **Category** core **Description** Using the API to enumerate file imports. **Uses** * ida\_nalt.enum\_import\_names * ida\_nalt.get\_import\_module\_name * ida\_nalt.get\_import\_module\_qty
**list\_patched\_bytes**
Enumerate patched bytes **Source code** [core/list\_patched\_bytes.py](https://github.com/idapython/src/blob/master/examples/core/list_patched_bytes.py) **Category** core **Description** Using the API to iterate over all the places in the file, that were patched using IDA. **Uses** * ida\_bytes.visit\_patched\_bytes * ida\_idaapi.BADADDR
**list\_problems**
Enumerate problems **Source code** [core/list\_problems.py](https://github.com/idapython/src/blob/master/examples/core/list_problems.py) **Category** core **Description** Using the API to list all problem\[atic situation]s that IDA encountered during analysis. **Uses** * ida\_ida.inf\_get\_min\_ea * ida\_idaapi.BADADDR * ida\_problems.PR\_ATTN * ida\_problems.PR\_BADSTACK * ida\_problems.PR\_COLLISION * ida\_problems.PR\_DECIMP * ida\_problems.PR\_DISASM * ida\_problems.PR\_FINAL * ida\_problems.PR\_HEAD * ida\_problems.PR\_ILLADDR * ida\_problems.PR\_JUMP * ida\_problems.PR\_MANYLINES * ida\_problems.PR\_NOBASE * ida\_problems.PR\_NOCMT * ida\_problems.PR\_NOFOP * ida\_problems.PR\_NONAME * ida\_problems.PR\_NOXREFS * ida\_problems.PR\_ROLLED * ida\_problems.get\_problem * ida\_problems.get\_problem\_name
**list\_segment\_functions**
List all functions (and xrefs) in segment **Source code** [core/list\_segment\_functions.py](https://github.com/idapython/src/blob/master/examples/core/list_segment_functions.py) **Category** core **Description** List all the functions in the current segment, as well as all the cross-references to them. **Keywords** xrefs **Uses** * ida\_funcs.get\_func * ida\_funcs.get\_func\_name * ida\_funcs.get\_next\_func * ida\_kernwin.get\_screen\_ea * ida\_segment.getseg * ida\_xref.xrefblk\_t **See also** * [list\_segment\_functions\_using\_idautils](#list_segment_functions_using_idautils)
**list\_segment\_functions\_using\_idautils**
List all functions (and xrefs) in segment **Source code** [core/list\_segment\_functions\_using\_idautils.py](https://github.com/idapython/src/blob/master/examples/core/list_segment_functions_using_idautils.py) **Category** core **Description** List all the functions in the current segment, as well as all the cross-references to them. Contrary to @list\_segment\_functions, this uses the somewhat higher-level `idautils` module. **Keywords** xrefs **Uses** * ida\_funcs.get\_func\_name * ida\_idaapi.BADADDR * ida\_kernwin.get\_screen\_ea * ida\_segment.getseg * idautils.CodeRefsTo * idautils.Functions **See also** * [list\_segment\_functions](#list_segment_functions)
**list\_stkvar\_xrefs**
List all xrefs to a function stack variable **Source code** [core/list\_stkvar\_xrefs.py](https://github.com/idapython/src/blob/master/examples/core/list_stkvar_xrefs.py) **Category** core **Description** Contrary to (in-memory) data & code xrefs, retrieving stack variables xrefs requires a bit more work than just using ida\_xref's first\_to(), next\_to() (or higher level utilities such as idautils.XrefsTo) **Shortcut** Ctrl+Shift+F7 **Keywords** xrefs **Uses** * ida\_bytes.get\_flags * ida\_bytes.is\_stkvar * ida\_frame.calc\_stkvar\_struc\_offset * ida\_funcs.get\_func * ida\_ida.UA\_MAXOP * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_DISASM * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.get\_current\_viewer * ida\_kernwin.get\_highlight * ida\_kernwin.get\_screen\_ea * ida\_kernwin.register\_action * ida\_typeinf.STRMEM\_NAME * ida\_typeinf.tinfo\_t * ida\_typeinf.udm\_t * ida\_ua.decode\_insn * ida\_ua.insn\_t
**list\_strings**
Retrieve the strings that are present in the IDB **Source code** [core/list\_strings.py](https://github.com/idapython/src/blob/master/examples/core/list_strings.py) **Category** core **Description** This uses `idautils.Strings` to iterate over the string literals that are present in the IDB. Contrary to @show\_selected\_strings, this will not require that the "Strings" window is opened & available. **Uses** * ida\_nalt.STRTYPE\_C * ida\_nalt.STRTYPE\_C\_16 * idautils.Strings **See also** * [show\_selected\_strings](#show_selected_strings)
**produce\_c\_file**
Decompile entire file **Source code** [core/produce\_c\_file.py](https://github.com/idapython/src/blob/master/examples/core/produce_c_file.py) **Category** core **Description** Automate IDA to perform auto-analysis on a file and, once that is done, produce a .c file containing the decompilation of all the functions in that file. Run like so: ``` ida -A "-S...path/to/produce_c_file.py" ``` where: * -A instructs IDA to run in non-interactive mode * -S holds a path to the script to run (note this is a single token; there is no space between '-S' and its path.) **Uses** * ida\_auto.auto\_wait * ida\_hexrays.VDRUN\_MAYSTOP * ida\_hexrays.VDRUN\_NEWFILE * ida\_hexrays.VDRUN\_SILENT * ida\_hexrays.decompile\_many * ida\_loader.PATH\_TYPE\_IDB * ida\_loader.get\_path * ida\_pro.qexit
**produce\_lst\_file**
Produce listing **Source code** [core/produce\_lst\_file.py](https://github.com/idapython/src/blob/master/examples/core/produce_lst_file.py) **Category** core **Description** Automate IDA to perform auto-analysis on a file and, once that is done, produce a .lst file with the disassembly. Run like so: ``` ida -A "-S...path/to/produce_lst_file.py" ``` where: * -A instructs IDA to run in non-interactive mode * -S holds a path to the script to run (note this is a single token; there is no space between '-S' and its path.) **Uses** * ida\_auto.auto\_wait * ida\_fpro.qfile\_t * ida\_ida.inf\_get\_max\_ea * ida\_ida.inf\_get\_min\_ea * ida\_loader.OFILE\_LST * ida\_loader.PATH\_TYPE\_IDB * ida\_loader.gen\_file * ida\_loader.get\_path * ida\_pro.qexit
**register\_timer**
Using timers for delayed execution **Source code** [core/register\_timer.py](https://github.com/idapython/src/blob/master/examples/core/register_timer.py) **Category** core **Description** Register (possibly repeating) timers. **Uses** * ida\_kernwin.register\_timer
**trigger\_actions\_programmatically**
Execute existing actions programmatically **Source code** [core/trigger\_actions\_programmatically.py](https://github.com/idapython/src/blob/master/examples/core/trigger_actions_programmatically.py) **Category** core **Description** It's possible to invoke any action programmatically, by using either of those two: * ida\_kernwin.execute\_ui\_requests() * ida\_kernwin.process\_ui\_action() Ideally, this script should be run through the "File > Script file..." menu, so as to keep focus on "IDA View-A" and have the 'ProcessUiActions' part work as intended. **Keywords** actions **Uses** * ida\_kernwin.ask\_yn * ida\_kernwin.execute\_ui\_requests * ida\_kernwin.msg * ida\_kernwin.process\_ui\_action
### Category: cvt64 **py\_cvt64\_sample**
This file contains the CVT64 examples. **Source code** [cvt64/py\_cvt64\_sample.py](https://github.com/idapython/src/blob/master/examples/cvt64/py_cvt64_sample.py) **Category** cvt64 **Description** For more infortmation see SDK/plugins/cvt64\_sample example **Uses** * ida\_idaapi.BADADDR * ida\_idaapi.BADADDR32 * ida\_netnode.atag * ida\_netnode.htag * ida\_netnode.stag
### Category: debugging **automatic\_steps**
Programmatically drive a debugging session **Source code** [debugging/dbghooks/automatic\_steps.py](https://github.com/idapython/src/blob/master/examples/debugging/dbghooks/automatic_steps.py) **Category** debugging **Description** Start a debugging session, step through the first five instructions. Each instruction is disassembled after execution. **Keywords** DBG\_Hooks **Uses** * ida\_dbg.DBG\_Hooks * ida\_dbg.get\_reg\_val * ida\_dbg.request\_exit\_process * ida\_dbg.request\_run\_to * ida\_dbg.request\_step\_over * ida\_dbg.run\_requests * ida\_ida.inf\_get\_start\_ip * ida\_idaapi.BADADDR * ida\_lines.generate\_disasm\_line * ida\_lines.tag\_remove
**dbg\_trace**
Using the low-level tracing hook **Source code** [debugging/dbghooks/dbg\_trace.py](https://github.com/idapython/src/blob/master/examples/debugging/dbghooks/dbg_trace.py) **Category** debugging **Description** This script demonstrates using the low-level tracing hook (ida\_dbg.DBG\_Hooks.dbg\_trace). It can be run like so: ``` ida[t].exe -B -Sdbg_trace.py -Ltrace.log file.exe ``` **Keywords** DBG\_Hooks **Uses** * GENDSM\_FORCE\_CODE * GENDSM\_REMOVE\_TAGS * NN\_call * NN\_callfi * NN\_callni * generate\_disasm\_line * ida\_dbg.DBG\_Hooks * ida\_dbg.ST\_OVER\_DEBUG\_SEG * ida\_dbg.ST\_OVER\_LIB\_FUNC * ida\_dbg.enable\_step\_trace * ida\_dbg.get\_process\_state * ida\_dbg.get\_reg\_val * ida\_dbg.get\_step\_trace\_options * ida\_dbg.load\_debugger * ida\_dbg.refresh\_debugger\_memory * ida\_dbg.request\_continue\_process * ida\_dbg.request\_enable\_step\_trace * ida\_dbg.request\_set\_step\_trace\_options * ida\_dbg.run\_requests * ida\_dbg.run\_to * ida\_dbg.set\_step\_trace\_options * ida\_dbg.wait\_for\_next\_event * ida\_ida.f\_ELF * ida\_ida.f\_MACHO * ida\_ida.f\_PE * ida\_ida.inf\_get\_filetype * ida\_ida.inf\_get\_max\_ea * ida\_ida.inf\_get\_min\_ea * ida\_ida.inf\_get\_start\_ip * ida\_pro.qexit * ida\_ua.decode\_insn * ida\_ua.insn\_t * idc.ARGV
**print\_call\_stack**
Print call stack (on Linux) **Source code** [debugging/misc/print\_call\_stack.py](https://github.com/idapython/src/blob/master/examples/debugging/misc/print_call_stack.py) **Category** debugging **Description** ``` Print the return addresses from the call stack at a breakpoint. (and print also the module and the debug name from debugger) ``` To use this example: * run `ida64` on test program `simple_appcall_linux64`, or `ida` on test program `simple_appcall_linux32`, and wait for auto-analysis to finish * put a breakpoint where you want to see the call stack * select the 'linux debugger' (either local, or remote) * start debugging * Press Shift+C at the breakpoint **Shortcut** Shift+C **Uses** * ida\_dbg.collect\_stack\_trace * ida\_dbg.get\_current\_thread * ida\_dbg.get\_module\_info * ida\_idd.call\_stack\_t * ida\_idd.modinfo\_t * ida\_kernwin.AST\_ENABLE\_ALWAYS * ida\_kernwin.action\_desc\_t * ida\_kernwin.register\_action * ida\_name.GNCN\_NOCOLOR * ida\_name.GNCN\_NOLABEL * ida\_name.GNCN\_NOSEG * ida\_name.GNCN\_PREFDBG * ida\_name.get\_nice\_colored\_name
**print\_registers**
Print all registers, for all threads **Source code** [debugging/misc/print\_registers.py](https://github.com/idapython/src/blob/master/examples/debugging/misc/print_registers.py) **Category** debugging **Description** ``` Iterate over the list of threads in the program being debugged, and dump all registers contents ``` To use this example: * run `ida64` on test program `simple_appcall_linux64`, or `ida` on test program `simple_appcall_linux32`, and wait for auto-analysis to finish * put a breakpoint somewhere in the code * select the 'linux debugger' (either local, or remote) * start debugging * Press Alt+Shift+C at the breakpoint **Shortcut** Alt+Shift+C **Uses** * ida\_dbg.get\_reg\_vals * ida\_dbg.get\_thread\_qty * ida\_dbg.getn\_thread * ida\_idd.get\_dbg * ida\_kernwin.AST\_ENABLE\_ALWAYS * ida\_kernwin.action\_desc\_t * ida\_kernwin.register\_action
**registers\_context\_menu**
Adding actions to the "registers" widget(s) **Source code** [debugging/misc/registers\_context\_menu.py](https://github.com/idapython/src/blob/master/examples/debugging/misc/registers_context_menu.py) **Category** debugging **Description** It's possible to add actions to the context menu of pretty much all widgets in IDA. This example shows how to do just that for registers-displaying widgets (e.g., "General registers") **Keywords** ctxmenu UI\_Hooks **Uses** * ida\_dbg.get\_dbg\_reg\_info * ida\_dbg.get\_reg\_val * ida\_idd.register\_info\_t * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_CPUREGS * ida\_kernwin.UI\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.get\_widget\_type * ida\_kernwin.register\_action * ida\_ua.dt\_byte * ida\_ua.dt\_dword * ida\_ua.dt\_qword * ida\_ua.dt\_word
**show\_debug\_names**
Retrieving & dumping debuggee symbols **Source code** [debugging/show\_debug\_names.py](https://github.com/idapython/src/blob/master/examples/debugging/show_debug_names.py) **Category** debugging **Description** Queries the debugger (possibly remotely) for the list of symbols that the process being debugged, provides. **Uses** * ida\_dbg.DSTATE\_SUSP * ida\_dbg.get\_process\_state * ida\_dbg.is\_debugger\_on * ida\_ida.inf\_get\_max\_ea * ida\_ida.inf\_get\_min\_ea * ida\_name.get\_debug\_names
**simple\_appcall\_linux**
Executing code into the application being debugged (on Linux) **Source code** [debugging/appcall/simple\_appcall\_linux.py](https://github.com/idapython/src/blob/master/examples/debugging/appcall/simple_appcall_linux.py) **Category** debugging **Description** Using the `ida_idd.Appcall` utility to execute code in the process being debugged. This example will run the test program and stop wherever the cursor currently is, and then perform an appcall to execute the `ref4` and `ref8` functions. To use this example: * run `ida64` on test program `simple_appcall_linux64`, or `ida` on test program `simple_appcall_linux32`, and wait for auto-analysis to finish * select the 'linux debugger' (either local, or remote) * run this script Note: the real body of code is in `simple_appcall_common.py`. **Imports** * simple\_appcall\_common **Uses** * ida\_dbg.DBG\_Hooks * ida\_dbg.run\_to * ida\_idaapi.BADADDR * ida\_idd.Appcall * ida\_idd.Appcall.byref * ida\_idd.Appcall.int64 * ida\_kernwin.get\_screen\_ea * ida\_name.get\_name\_ea * ida\_name.set\_name * ida\_typeinf.apply\_cdecl
**simple\_appcall\_win**
Executing code into the application being debugged (on Windows) **Source code** [debugging/appcall/simple\_appcall\_win.py](https://github.com/idapython/src/blob/master/examples/debugging/appcall/simple_appcall_win.py) **Category** debugging **Description** Using the `ida_idd.Appcall` utility to execute code in the process being debugged. This example will run the test program and stop wherever the cursor currently is, and then perform an appcall to execute the `ref4` and `ref8` functions. To use this example: * run `ida64` on test program `simple_appcall_win64.exe`, or `ida` on test program `simple_appcall_win32.exe`, and wait for auto-analysis to finish * select the 'windows debugger' (either local, or remote) * run this script Note: the real body of code is in `simple_appcall_common.py`. **Imports** * simple\_appcall\_common **Uses** * ida\_dbg.DBG\_Hooks * ida\_dbg.run\_to * ida\_ida.inf\_is\_64bit * ida\_idaapi.BADADDR * ida\_idd.Appcall * ida\_idd.Appcall.byref * ida\_idd.Appcall.int64 * ida\_kernwin.get\_screen\_ea * ida\_name.get\_name\_ea * ida\_name.set\_name * ida\_typeinf.apply\_cdecl
### Category: disassembly **colorize\_disassembly**
Change background colours **Source code** [core/colorize\_disassembly.py](https://github.com/idapython/src/blob/master/examples/core/colorize_disassembly.py) **Category** disassembly **Description** This illustrates the setting/retrieval of background colours using the IDC wrappers In order to do so, we'll be assigning colors to specific ranges (item, function, or segment). Those will be persisted in the database. **Keywords** coloring idc **Uses** * idc.CIC\_FUNC * idc.CIC\_ITEM * idc.CIC\_SEGM * idc.get\_color * idc.here * idc.set\_color **See also** * [colorize\_disassembly\_on\_the\_fly](#colorize_disassembly_on_the_fly)
### Category: hexrays **colorize\_pseudocode\_lines**
Interactively color certain pseudocode lines **Source code** [hexrays/colorize\_pseudocode\_lines.py](https://github.com/idapython/src/blob/master/examples/hexrays/colorize_pseudocode_lines.py) **Category** hexrays **Description** Provides an action that can be used to dynamically alter the lines background rendering for pseudocode listings (as opposed to using `ida_hexrays.cfunc_t.pseudocode[N].bgcolor`) After running this script, pressing 'M' on a line in a "Pseudocode-?" widget, will cause that line to be rendered with a special background color. **Shortcut** M **Keywords** colors UI\_Hooks **Uses** * ida\_hexrays.get\_widget\_vdui * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.CK\_EXTRA11 * ida\_kernwin.UI\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.get\_custom\_viewer\_location * ida\_kernwin.line\_rendering\_output\_entry\_t * ida\_kernwin.refresh\_custom\_viewer * ida\_kernwin.register\_action * ida\_moves.lochist\_entry\_t
**curpos\_details**
A focus on the 'curpos' hook, printing additional details about user input **Source code** [hexrays/curpos\_details.py](https://github.com/idapython/src/blob/master/examples/hexrays/curpos_details.py) **Category** hexrays **Description** Shows how user input information can be retrieved during processing of a notification triggered by that input **Keywords** Hexrays\_Hooks **Uses** * ida\_hexrays.Hexrays\_Hooks * ida\_kernwin.get\_user\_input\_event * ida\_kernwin.iek\_key\_press * ida\_kernwin.iek\_key\_release * ida\_kernwin.iek\_mouse\_button\_press * ida\_kernwin.iek\_mouse\_button\_release * ida\_kernwin.iek\_mouse\_wheel * ida\_kernwin.iek\_shortcut * ida\_kernwin.input\_event\_t **See also** * [vds\_hooks](#vds_hooks)
**decompile\_entry\_points**
Automatic decompilation of functions **Source code** [hexrays/decompile\_entry\_points.py](https://github.com/idapython/src/blob/master/examples/hexrays/decompile_entry_points.py) **Category** hexrays **Description** Attempts to load a decompiler plugin corresponding to the current architecture (and address size) right after auto-analysis is performed, and then tries to decompile the function at the first entrypoint. It is particularly suited for use with the '-S' flag, for example: idat -Ldecompile.log -Sdecompile\_entry\_points.py -c file **Uses** * ida\_auto.auto\_wait * ida\_entry.get\_entry * ida\_entry.get\_entry\_ordinal * ida\_entry.get\_entry\_qty * ida\_hexrays.decompile * ida\_hexrays.init\_hexrays\_plugin * ida\_ida.inf\_is\_64bit * ida\_idp.PLFM\_386 * ida\_idp.PLFM\_ARM * ida\_idp.PLFM\_MIPS * ida\_idp.PLFM\_PPC * ida\_idp.ph.id * ida\_kernwin.cvar.batch * ida\_kernwin.msg * ida\_loader.load\_plugin * ida\_pro.qexit * idc.get\_idb\_path
**vds1**
Decompile & print current function. **Source code** [hexrays/vds1.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds1.py) **Category** hexrays **Description** Decompile & print current function. **Uses** * ida\_funcs.get\_func * ida\_hexrays.decompile * ida\_hexrays.get\_hexrays\_version * ida\_hexrays.init\_hexrays\_plugin * ida\_kernwin.get\_screen\_ea * ida\_lines.tag\_remove
**vds10**
A custom microcode instruction optimization rule **Source code** [hexrays/vds10.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds10.py) **Category** hexrays **Description** Installs a custom microcode instruction optimization rule, to transform: ``` call !DbgRaiseAssertionFailure .0 ``` into ``` call !DbgRaiseAssertionFailure .0 ``` To see this plugin in action please use arm64\_brk.i64 **Keywords** plugin **Uses** * ida\_bytes.get\_cmt * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.mop\_str * ida\_hexrays.optinsn\_t * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t * ida\_typeinf.STI\_PCCHAR * ida\_typeinf.tinfo\_t.get\_stock
**vds11**
A custom microcode block optimization rule (resolve `goto` chains) **Source code** [hexrays/vds11.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds11.py) **Category** hexrays **Description** Installs a custom microcode block optimization rule, to transform: ``` goto L1 ... L1: goto L2 ``` into ``` goto L2 ``` In other words we fix a goto target if it points to a chain of gotos. This improves the decompiler output in some cases. **Keywords** plugin **Uses** * ida\_hexrays.getf\_reginsn * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.m\_goto * ida\_hexrays.optblock\_t * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t
**vds12**
List instruction registers **Source code** [hexrays/vds12.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds12.py) **Category** hexrays **Description** Shows a list of direct references to a register from the current instruction. **Uses** * ida\_bytes.get\_flags * ida\_bytes.is\_code * ida\_funcs.get\_func * ida\_hexrays.ACFL\_GUESS * ida\_hexrays.DECOMP\_NO\_CACHE * ida\_hexrays.DECOMP\_WARNINGS * ida\_hexrays.GCO\_DEF * ida\_hexrays.GCO\_USE * ida\_hexrays.GC\_REGS\_AND\_STKVARS * ida\_hexrays.MERR\_OK * ida\_hexrays.MMAT\_PREOPTIMIZED * ida\_hexrays.MUST\_ACCESS * ida\_hexrays.gco\_info\_t * ida\_hexrays.gen\_microcode * ida\_hexrays.get\_current\_operand * ida\_hexrays.get\_merror\_desc * ida\_hexrays.hexrays\_failure\_t * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.mba\_ranges\_t * ida\_hexrays.mlist\_t * ida\_hexrays.op\_parent\_info\_t * ida\_hexrays.voff\_t * ida\_kernwin.Choose * ida\_kernwin.get\_screen\_ea * ida\_kernwin.jumpto * ida\_kernwin.warning * ida\_lines.GENDSM\_REMOVE\_TAGS * ida\_lines.generate\_disasm\_line * ida\_pro.eavec\_t
**vds13**
Generates microcode for selection **Source code** [hexrays/vds13.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds13.py) **Category** hexrays **Description** Generates microcode for selection and dumps it to the output window. **Uses** * ida\_bytes.get\_flags * ida\_bytes.is\_code * ida\_hexrays.DECOMP\_WARNINGS * ida\_hexrays.gen\_microcode * ida\_hexrays.hexrays\_failure\_t * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.mba\_ranges\_t * ida\_hexrays.vd\_printer\_t * ida\_kernwin.read\_range\_selection * ida\_kernwin.warning * ida\_range.range\_t
**vds17**
Using the "Select offsets" widget **Source code** [hexrays/vds17.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds17.py) **Category** hexrays **Description** Registers an action opens the "Select offsets" widget (select\_udt\_by\_offset() call). This effectively repeats the functionality already available through Alt+Y. Place cursor on the union field and press Shift+T **Shortcut** Shift+T **Keywords** plugin **Uses** * ida\_hexrays.USE\_KEYBOARD * ida\_hexrays.cot\_add * ida\_hexrays.cot\_cast * ida\_hexrays.cot\_memptr * ida\_hexrays.cot\_memref * ida\_hexrays.cot\_num * ida\_hexrays.cot\_ref * ida\_hexrays.get\_hexrays\_version * ida\_hexrays.get\_widget\_vdui * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.select\_udt\_by\_offset * ida\_hexrays.ui\_stroff\_applicator\_t * ida\_hexrays.ui\_stroff\_ops\_t * ida\_idaapi.BADADDR * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.get\_custom\_viewer\_curline * ida\_kernwin.msg * ida\_kernwin.register\_action * ida\_kernwin.warning * ida\_lines.tag\_remove * ida\_typeinf.PRTYPE\_1LINE * ida\_typeinf.print\_tinfo * ida\_typeinf.remove\_pointer
**vds19**
A custom microcode instruction optimization rule (`x | ~x => -1`) **Source code** [hexrays/vds19.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds19.py) **Category** hexrays **Description** Installs a custom microcode instruction optimization rule, to transform: ``` x | ~x ``` into ``` -1 ``` To see this plugin in action please use be\_ornot\_be.idb **Keywords** plugin **Uses** * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.m\_bnot * ida\_hexrays.m\_mov * ida\_hexrays.m\_or * ida\_hexrays.minsn\_visitor\_t * ida\_hexrays.mop\_t * ida\_hexrays.optinsn\_t * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t
**vds21**
Dynamically provide a custom call type **Source code** [hexrays/vds21.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds21.py) **Category** hexrays **Description** This plugin can greatly improve decompilation of indirect calls: ``` call [eax+4] ``` For them, the decompiler has to guess the prototype of the called function. This has to be done at a very early phase of decompilation because the function prototype influences the data flow analysis. On the other hand, we do not have global data flow analysis results yet because we haven't analyzed all calls in the function. It is a chicked-and-egg problem. The decompiler uses various techniques to guess the called function prototype. While it works very well, it may fail in some cases. To fix, the user can specify the call prototype manually, using "Edit, Operand types, Set operand type" at the call instruction. This plugin illustrates another approach to the problem: if you happen to be able to calculate the call prototypes dynamically, this is how to inform the decompiler about them. **Keywords** Hexrays\_Hooks plugin **Uses** * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.m\_call * ida\_hexrays.mcallinfo\_t * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t * ida\_kernwin.msg * ida\_kernwin.warning * ida\_nalt.get\_op\_tinfo * ida\_typeinf.BT\_INT * ida\_typeinf.CM\_CC\_STDCALL * ida\_typeinf.CM\_N32\_F48 * ida\_typeinf.parse\_decl * ida\_typeinf.tinfo\_t
**vds3**
Invert if/else blocks **Source code** [hexrays/vds3.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds3.py) **Category** hexrays **Description** Registers an action that can be used to invert the `if` and `else` blocks of a `ida_hexrays.cif_t`. For example, a statement like ``` if ( cond ) { statements1; } else { statements2; } ``` will be displayed as ``` if ( !cond ) { statements2; } else { statements1; } ``` The modifications are persistent: the user can quit & restart IDA, and the changes will be present. **Shortcut** I **Keywords** ctxmenu Hexrays\_Hooks IDP\_Hooks plugin **Uses** * ida\_hexrays.CMAT\_FINAL * ida\_hexrays.CV\_FAST * ida\_hexrays.CV\_INSNS * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.ITP\_ELSE * ida\_hexrays.USE\_KEYBOARD * ida\_hexrays.VDI\_TAIL * ida\_hexrays.cexpr\_t * ida\_hexrays.cit\_if * ida\_hexrays.ctree\_visitor\_t * ida\_hexrays.get\_widget\_vdui * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.lnot * ida\_hexrays.qswap * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t * ida\_idp.IDP\_Hooks * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.register\_action * ida\_netnode.netnode **Author** EiNSTeiN\_ ()
**vds4**
Dump user-defined information **Source code** [hexrays/vds4.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds4.py) **Category** hexrays **Description** Prints user-defined information to the "Output" window. Namely: * user defined label names * user defined indented comments * user defined number formats * user defined local variable names, types, comments This script loads information from the database without decompiling anything. **Uses** * ida\_bytes.get\_radix * ida\_funcs.get\_func * ida\_hexrays.CIT\_COLLAPSED * ida\_hexrays.NF\_NEGATE * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.lvar\_uservec\_t * ida\_hexrays.restore\_user\_cmts * ida\_hexrays.restore\_user\_iflags * ida\_hexrays.restore\_user\_labels * ida\_hexrays.restore\_user\_lvar\_settings * ida\_hexrays.restore\_user\_numforms * ida\_hexrays.user\_cmts\_free * ida\_hexrays.user\_iflags\_free * ida\_hexrays.user\_labels\_free * ida\_hexrays.user\_numforms\_free * ida\_kernwin.get\_screen\_ea **Author** EiNSTeiN\_ ()
**vds5**
Show ctree graph **Source code** [hexrays/vds5.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds5.py) **Category** hexrays **Description** Registers an action that can be used to show the graph of the ctree. The current item will be highlighted in the graph. The command shortcut is `Ctrl+Shift+G`, and is also added to the context menu. To display the graph, we produce a .gdl file, and request that ida displays that using `ida_gdl.display_gdl`. **Shortcut** Ctrl+Shift+G **Keywords** ctxmenu Hexrays\_Hooks plugin **Uses** * ida\_gdl.display\_gdl * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.USE\_KEYBOARD * ida\_hexrays.cit\_asm * ida\_hexrays.cit\_goto * ida\_hexrays.cot\_helper * ida\_hexrays.cot\_memptr * ida\_hexrays.cot\_memref * ida\_hexrays.cot\_num * ida\_hexrays.cot\_obj * ida\_hexrays.cot\_ptr * ida\_hexrays.cot\_str * ida\_hexrays.cot\_var * ida\_hexrays.ctree\_parentee\_t * ida\_hexrays.get\_ctype\_name * ida\_hexrays.get\_widget\_vdui * ida\_hexrays.init\_hexrays\_plugin * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.register\_action * ida\_kernwin.warning * ida\_lines.tag\_remove * ida\_pro.str2user
**vds6**
Superficially modify the decompilation output **Source code** [hexrays/vds6.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds6.py) **Category** hexrays **Description** Modifies the decompilation output in a superficial manner, by removing some white spaces Note: this is rather crude, not quite "pythonic" code. **Keywords** Hexrays\_Hooks plugin **Uses** * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.init\_hexrays\_plugin * ida\_idaapi.PLUGIN\_HIDE * ida\_idaapi.PLUGIN\_KEEP * ida\_idaapi.plugin\_t * ida\_lines.tag\_advance * ida\_lines.tag\_skipcodes
**vds7**
Iterate a cblock_t object **Source code** [hexrays/vds7.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds7.py) **Category** hexrays **Description** Using a `ida_hexrays.ctree_visitor_t`, search for `ida_hexrays.cit_block` instances and dump them. **Keywords** Hexrays\_Hooks **Uses** * ida\_hexrays.CMAT\_BUILT * ida\_hexrays.CV\_FAST * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.cit\_block * ida\_hexrays.ctree\_visitor\_t * ida\_hexrays.init\_hexrays\_plugin **Author** EiNSTeiN\_ ()
**vds8**
Using `ida_hexrays.udc_filter_t` **Source code** [hexrays/vds8.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds8.py) **Category** hexrays **Description** Registers an action that uses a `ida_hexrays.udc_filter_t` to decompile `svc 0x900001` and `svc 0x9000F8` as function calls to `svc_exit()` and `svc_exit_group()` respectively. You will need to have an ARM + Linux IDB for this script to be usable In addition to having a shortcut, the action will be present in the context menu. **Shortcut** Ctrl+Shift+U **Keywords** ctxmenu UI\_Hooks **Uses** * ida\_allins.ARM\_svc * ida\_hexrays.get\_widget\_vdui * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.install\_microcode\_filter * ida\_hexrays.udc\_filter\_t * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.UI\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.get\_widget\_type * ida\_kernwin.register\_action
**vds\_create\_hint**
Decompiler hints **Source code** [hexrays/vds\_create\_hint.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds_create_hint.py) **Category** hexrays **Description** Handle `ida_hexrays.hxe_create_hint` notification using hooks, to return our own. If the object under the cursor is: * a function call, prefix the original decompiler hint with `==>` * a local variable declaration, replace the hint with our own in the form of `!{varname}` (where `{varname}` is replaced with the variable name) * an `if` statement, replace the hint with our own, saying "condition" **Keywords** Hexrays\_Hooks **Uses** * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.USE\_MOUSE * ida\_hexrays.VDI\_EXPR * ida\_hexrays.VDI\_LVAR * ida\_hexrays.cit\_if * ida\_hexrays.cot\_call
**vds\_hooks**
Various decompiler hooks **Source code** [hexrays/vds\_hooks.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds_hooks.py) **Category** hexrays **Description** Shows how to hook to many notifications sent by the decompiler. This plugin doesn't really accomplish anything: it just prints the parameters. The list of notifications handled below should be exhaustive, and is there to hint at what is possible to accomplish by subclassing `ida_hexrays.Hexrays_Hooks` **Keywords** Hexrays\_Hooks **Uses** * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.cfunc\_t * ida\_hexrays.lvar\_t * ida\_hexrays.vdui\_t **See also** * [curpos\_details](#curpos_details)
**vds\_modify\_user\_lvars**
Modifying local variables **Source code** [hexrays/vds\_modify\_user\_lvars.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds_modify_user_lvars.py) **Category** hexrays **Description** Use a `ida_hexrays.user_lvar_modifier_t` to modify names, comments and/or types of local variables. **Uses** * ida\_hexrays.modify\_user\_lvars * ida\_hexrays.user\_lvar\_modifier\_t * ida\_typeinf.parse\_decl * idc.here
**vds\_xrefs**
Show decompiler xrefs **Source code** [hexrays/vds\_xrefs.py](https://github.com/idapython/src/blob/master/examples/hexrays/vds_xrefs.py) **Category** hexrays **Description** Show decompiler-style Xref when the `Ctrl+X` key is pressed in the Decompiler window. * supports any global name: functions, strings, integers, ... * supports structure member. **Shortcut** Ctrl+X **Keywords** ctxmenu Hexrays\_Hooks **Uses** * ida\_funcs.get\_func\_name * ida\_hexrays.DECOMP\_GXREFS\_FORCE * ida\_hexrays.Hexrays\_Hooks * ida\_hexrays.USE\_KEYBOARD * ida\_hexrays.VDI\_EXPR * ida\_hexrays.VDI\_FUNC * ida\_hexrays.cexpr\_t * ida\_hexrays.cfunc\_t * ida\_hexrays.cinsn\_t * ida\_hexrays.decompile * ida\_hexrays.get\_widget\_vdui * ida\_hexrays.init\_hexrays\_plugin * ida\_hexrays.open\_pseudocode * ida\_hexrays.qstring\_printer\_t * ida\_idaapi.BADADDR * ida\_kernwin.AST\_DISABLE * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.PluginForm * ida\_kernwin.PluginForm.Show * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.register\_action * ida\_typeinf.PRTYPE\_1LINE * ida\_typeinf.STRMEM\_OFFSET * ida\_typeinf.print\_tinfo * ida\_typeinf.tinfo\_t * ida\_typeinf.udm\_t * idautils.Functions * idautils.XrefsTo **Author** EiNSTeiN\_ ()
### Category: idbhooks **log\_idb\_events**
Logging IDB events **Source code** [idbhooks/log\_idb\_events.py](https://github.com/idapython/src/blob/master/examples/idbhooks/log_idb_events.py) **Category** idbhooks **Description** These hooks will be notified about IDB events, and dump their information to the "Output" window **Keywords** IDB\_Hooks **Uses** * ida\_idp.IDB\_Hooks
**operand\_changed**
Notify the user when an instruction operand changes **Source code** [idbhooks/operand\_changed.py](https://github.com/idapython/src/blob/master/examples/idbhooks/operand_changed.py) **Category** idbhooks **Description** Show notifications whenever the user changes an instruction's operand, or a data item. **Keywords** IDB\_Hooks **Uses** * ida\_bytes.ALOPT\_IGNCLT * ida\_bytes.ALOPT\_IGNHEADS * ida\_bytes.get\_flags * ida\_bytes.get\_max\_strlit\_length * ida\_bytes.get\_opinfo * ida\_bytes.get\_strlit\_contents * ida\_bytes.is\_custfmt * ida\_bytes.is\_custom * ida\_bytes.is\_enum * ida\_bytes.is\_off * ida\_bytes.is\_strlit * ida\_bytes.is\_stroff * ida\_bytes.is\_struct * ida\_idp.IDB\_Hooks * ida\_nalt.STRENC\_DEFAULT * ida\_nalt.get\_default\_encoding\_idx * ida\_nalt.get\_encoding\_name * ida\_nalt.get\_str\_encoding\_idx * ida\_nalt.get\_strtype\_bpu * ida\_nalt.opinfo\_t * ida\_typeinf.get\_tid\_name * ida\_typeinf.tinfo\_t
**replay\_prototypes\_changes**
Record and replay changes in function prototypes **Source code** [idbhooks/replay\_prototypes\_changes.py](https://github.com/idapython/src/blob/master/examples/idbhooks/replay_prototypes_changes.py) **Category** idbhooks **Description** This is a sample script, that will record (in memory) all changes in functions prototypes, in order to re-apply them later. To use this script: * open an IDB (say, "test.idb") * modify some functions prototypes (e.g., by triggering the 'Y' shortcut when the cursor is placed on the first address of a function) * reload that IDB, *without saving it first* * call rpc.replay(), to re-apply the modifications. Note: 'ti\_changed' is also called for changes to the function frames, but we'll only record function prototypes changes. **Keywords** IDB\_Hooks **Uses** * ida\_funcs.get\_func * ida\_idp.IDB\_Hooks * ida\_typeinf.PRTYPE\_1LINE * ida\_typeinf.TINFO\_DEFINITE * ida\_typeinf.apply\_tinfo * ida\_typeinf.get\_idati * ida\_typeinf.tinfo\_t
### Category: idphooks **ana\_emu\_out**
Override some parts of the processor module **Source code** [idphooks/ana\_emu\_out.py](https://github.com/idapython/src/blob/master/examples/idphooks/ana_emu_out.py) **Category** idphooks **Description** Implements disassembly of BUG\_INSTR used in Linux kernel BUG() macro, which is architecturally undefined and is not disassembled by IDA's ARM module See Linux/arch/arm/include/asm/bug.h for more info **Keywords** IDP\_Hooks **Uses** * ida\_bytes.get\_wide\_dword * ida\_bytes.get\_wide\_word * ida\_idp.CUSTOM\_INSN\_ITYPE * ida\_idp.IDP\_Hooks * ida\_idp.PLFM\_ARM * ida\_idp.ph.id * ida\_idp.str2reg * ida\_segregs.get\_sreg
**assemble**
An `ida_idp.IDP_Hooks.assembly` implementation **Source code** [idphooks/assemble.py](https://github.com/idapython/src/blob/master/examples/idphooks/assemble.py) **Category** idphooks **Description** We add support for assembling the following pseudo instructions: * "zero eax" -> xor eax, eax * "nothing" -> nop **Keywords** IDP\_Hooks **Uses** * ida\_idp.IDP\_Hooks * idautils.DecodeInstruction
### Category: merge **py\_mex1**
Add merge functionality to a simple plugin, example 1 **Source code** [merge/py\_mex1.py](https://github.com/idapython/src/blob/master/examples/merge/py_mex1.py) **Category** merge **Description** This is a primitive plugin which asks user for some info and saves it for some addresses. We will add a merge functionality to plugin. An IDA plugin may have two kinds of data with permanent storage: 1. Data common for entire database (e.g. the options). To describe them we will use the idbattr\_info\_t type. 2. Data specific to a particular address. To describe them we will use the merge\_node\_info\_t type. Also, see SDK/plugins/mex1 example **Keywords** IDP\_Hooks plugin **Uses** * ida\_funcs.get\_func * ida\_ida.IDI\_ALTVAL * ida\_ida.IDI\_CSTR * ida\_ida.IDI\_SCALAR * ida\_ida.IDI\_SUPVAL * ida\_ida.idbattr\_info\_t * ida\_idaapi.BADADDR * ida\_idaapi.PLUGIN\_MOD * ida\_idaapi.PLUGIN\_MULTI * ida\_idaapi.plugin\_t * ida\_idaapi.plugmod\_t * ida\_idp.IDP\_Hooks * ida\_kernwin.Form * ida\_kernwin.Form.ChkGroupControl * ida\_kernwin.Form.StringInput * ida\_kernwin.get\_screen\_ea * ida\_merge.MERGE\_KIND\_END * ida\_merge.MERGE\_KIND\_NONE * ida\_merge.NDS\_IS\_STR * ida\_merge.NDS\_MAP\_IDX * ida\_merge.merge\_handler\_params\_t * ida\_merge.merge\_node\_info\_t * ida\_merge.moddata\_diff\_helper\_t * ida\_mergemod.create\_std\_modmerge\_handlers * ida\_netnode.BADNODE * ida\_netnode.SIZEOF\_nodeidx\_t * ida\_netnode.atag * ida\_netnode.netnode * ida\_netnode.stag
**py\_mex3**
This example uses the mex1 example and improves the user-interface for it. **Source code** [merge/py\_mex3.py](https://github.com/idapython/src/blob/master/examples/merge/py_mex3.py) **Category** merge **Description** IDA Teams uses a chooser to display the merge conflicts. To fill the chooser columns IDA Teams uses the following methods from diff\_source\_t type: * print\_diffpos\_name() * print\_diffpos\_details() and UI hints from merge\_handler\_params\_t type: * ui\_has\_details() * ui\_complex\_details() * ui\_complex\_name() In general, chooser columns are filled as following: columns.clear() NAME = print\_diffpos\_name() if ui\_complex\_name() then columns.add(split NAME by ui\_split\_char()) else columns\[0] = NAME if not ui\_complex\_details() then columns.add(print\_diffpos\_details()) Also, see SDK/plugins/mex3 example **Keywords** IDP\_Hooks plugin **Uses** * ida\_funcs.get\_func * ida\_ida.IDI\_ALTVAL * ida\_ida.IDI\_CSTR * ida\_ida.IDI\_SCALAR * ida\_ida.IDI\_SUPVAL * ida\_ida.idbattr\_info\_t * ida\_idaapi.BADADDR * ida\_idaapi.PLUGIN\_MOD * ida\_idaapi.PLUGIN\_MULTI * ida\_idaapi.plugin\_t * ida\_idaapi.plugmod\_t * ida\_idp.IDP\_Hooks * ida\_kernwin.Form * ida\_kernwin.Form.ChkGroupControl * ida\_kernwin.Form.StringInput * ida\_kernwin.get\_screen\_ea * ida\_merge.MERGE\_KIND\_END * ida\_merge.MERGE\_KIND\_NONE * ida\_merge.MH\_UI\_COLONNAME * ida\_merge.MH\_UI\_COMMANAME * ida\_merge.MH\_UI\_NODETAILS * ida\_merge.NDS\_IS\_STR * ida\_merge.NDS\_MAP\_IDX * ida\_merge.create\_nodeval\_merge\_handlers * ida\_merge.get\_ea\_diffpos\_name * ida\_merge.merge\_handler\_params\_t * ida\_merge.merge\_node\_helper\_t * ida\_merge.merge\_node\_info\_t * ida\_merge.moddata\_diff\_helper\_t * ida\_mergemod.create\_std\_modmerge\_handlers * ida\_nalt.node2ea * ida\_netnode.BADNODE * ida\_netnode.SIZEOF\_nodeidx\_t * ida\_netnode.atag * ida\_netnode.netnode * ida\_netnode.stag
### Category: pyqt **inject\_command**
Injecting commands in the "Output" window **Source code** [pyqt/inject\_command.py](https://github.com/idapython/src/blob/master/examples/pyqt/inject_command.py) **Category** pyqt **Description** This example illustrates how one can execute commands in the "Output" window, from their own widgets. A few notes: * the original, underlying `cli:Execute` action, that has to be triggered for the code present in the input field to execute and be placed in the history, requires that the input field has focus (otherwise it simply won't do anything.) * this, in turn, forces us to do "delayed" execution of that action, hence the need for a `QTimer` * the IDA/SWiG 'TWidget' type that we retrieve through `ida_kernwin.find_widget`, is not the same type as a `QtWidgets.QWidget`. We therefore need to convert it using `ida_kernwin.PluginForm.TWidgetToPyQtWidget` **Uses** * ida\_kernwin.PluginForm.TWidgetToPyQtWidget * ida\_kernwin.disabled\_script\_timeout\_t * ida\_kernwin.find\_widget * ida\_kernwin.process\_ui\_action
**paint\_over\_graph**
Custom painting on top of graph view edges **Source code** [pyqt/paint\_over\_graph.py](https://github.com/idapython/src/blob/master/examples/pyqt/paint_over_graph.py) **Category** pyqt **Description** This sample registers an action enabling painting of a recognizable string of text over horizontal nodes edge sections beyond a satisfying size threshold. In a disassembly view, open the context menu and select "Paint on edges". This should work for both graph disassembly, and proximity browser. Using an "event filter", we will intercept paint events targeted at the disassembly view, let it paint itself, and then add our own markers along. **Keywords** ctxmenu UI\_Hooks **Uses** * ida\_gdl.edge\_t * ida\_graph.get\_graph\_viewer * ida\_graph.get\_viewer\_graph * ida\_graph.point\_t * ida\_graph.viewer\_get\_gli * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_DISASM * ida\_kernwin.PluginForm.FormToPyQtWidget * ida\_kernwin.UI\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.get\_widget\_type * ida\_kernwin.register\_action * ida\_moves.graph\_location\_info\_t
**paint\_over\_navbar**
Custom painting on top of the navigation band **Source code** [pyqt/paint\_over\_navbar.py](https://github.com/idapython/src/blob/master/examples/pyqt/paint_over_navbar.py) **Category** pyqt **Description** Using an "event filter", we will intercept paint events targeted at the navigation band widget, let it paint itself, and then add our own markers on top. **Uses** * ida\_kernwin.PluginForm.FormToPyQtWidget * ida\_kernwin.get\_navband\_pixel * ida\_kernwin.open\_navband\_window * ida\_segment.get\_segm\_qty * ida\_segment.getnseg * idc.here
**populate\_pluginform\_with\_pyqt\_widgets**
Adding PyQt5 widgets into an `ida_kernwin.PluginForm` **Source code** [pyqt/populate\_pluginform\_with\_pyqt\_widgets.py](https://github.com/idapython/src/blob/master/examples/pyqt/populate_pluginform_with_pyqt_widgets.py) **Category** pyqt **Description** Using `ida_kernwin.PluginForm.FormToPyQtWidget`, this script converts IDA's own dockable widget into a type that is recognized by PyQt5, which then enables populating it with regular Qt widgets. **Uses** * ida\_kernwin.PluginForm
### Category: uihooks **func\_chooser\_coloring**
Using `ida_kernwin.UI_Hooks.get_chooser_item_attrs` to override some defaults **Source code** [uihooks/func\_chooser\_coloring.py](https://github.com/idapython/src/blob/master/examples/uihooks/func_chooser_coloring.py) **Category** uihooks **Description** Color the function in the Function window according to its size. The larger the function, the darker the color. **Keywords** UI\_Hooks **Uses** * ida\_funcs.get\_func * ida\_kernwin.UI\_Hooks * ida\_kernwin.enable\_chooser\_item\_attrs
**lines\_rendering**
Dynamically colorize lines backgrounds (or parts of them) **Source code** [uihooks/lines\_rendering.py](https://github.com/idapython/src/blob/master/examples/uihooks/lines_rendering.py) **Category** uihooks **Description** Shows how one can dynamically alter the lines background rendering (as opposed to, say, using ida\_nalt.set\_item\_color()), and also shows how that rendering can be limited to just a few glyphs, not the whole line. **Keywords** UI\_Hooks **Uses** * ida\_bytes.next\_head * ida\_idaapi.BADADDR * ida\_kernwin.CK\_EXTRA1 * ida\_kernwin.CK\_EXTRA10 * ida\_kernwin.CK\_EXTRA11 * ida\_kernwin.CK\_EXTRA12 * ida\_kernwin.CK\_EXTRA13 * ida\_kernwin.CK\_EXTRA14 * ida\_kernwin.CK\_EXTRA15 * ida\_kernwin.CK\_EXTRA16 * ida\_kernwin.CK\_EXTRA2 * ida\_kernwin.CK\_EXTRA3 * ida\_kernwin.CK\_EXTRA4 * ida\_kernwin.CK\_EXTRA5 * ida\_kernwin.CK\_EXTRA6 * ida\_kernwin.CK\_EXTRA7 * ida\_kernwin.CK\_EXTRA8 * ida\_kernwin.CK\_EXTRA9 * ida\_kernwin.CK\_TRACE * ida\_kernwin.CK\_TRACE\_OVL * ida\_kernwin.LROEF\_CPS\_RANGE * ida\_kernwin.UI\_Hooks * ida\_kernwin.get\_screen\_ea * ida\_kernwin.line\_rendering\_output\_entry\_t * ida\_kernwin.refresh\_idaview\_anyway
**log\_misc\_events**
Being notified, and logging a few UI events **Source code** [uihooks/log\_misc\_events.py](https://github.com/idapython/src/blob/master/examples/uihooks/log_misc_events.py) **Category** uihooks **Description** Hooks to be notified about certain UI events, and dump their information to the "Output" window **Keywords** UI\_Hooks **Uses** * ida\_kernwin.UI\_Hooks
**prevent\_jump**
Taking precedence over actions **Source code** [uihooks/prevent\_jump.py](https://github.com/idapython/src/blob/master/examples/uihooks/prevent_jump.py) **Category** uihooks **Description** Using `ida_kernwin.UI_Hooks.preprocess_action`, it is possible to respond to a command instead of the action that would otherwise do it. **Keywords** UI\_Hooks **Uses** * ida\_kernwin.UI\_Hooks
### Category: widgets **add\_menus**
Adding custom menus to IDA **Source code** [widgets/misc/add\_menus.py](https://github.com/idapython/src/blob/master/examples/widgets/misc/add_menus.py) **Category** widgets **Description** It is possible to add custom menus to IDA, either at the toplevel (i.e., into the menubar), or as submenus of existing menus. Notes: * the same action can be present in more than 1 menu * this example does not deal with context menus **Keywords** actions **Uses** * ida\_kernwin.AST\_ENABLE\_ALWAYS * ida\_kernwin.SETMENU\_INS * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_menu * ida\_kernwin.create\_menu * ida\_kernwin.register\_action
**askusingform**
Non-trivial uses of the `ida_kernwin.Form` helper class **Source code** [widgets/forms/askusingform.py](https://github.com/idapython/src/blob/master/examples/widgets/forms/askusingform.py) **Category** widgets **Description** How to query for complex user input, using IDA's built-in forms. Note: while this example produces full-fledged forms for complex input, simpler types of inputs might can be retrieved by using `ida_kernwin.ask_str` and similar functions. **Keywords** forms **Uses** * ida\_kernwin.Choose * ida\_kernwin.Choose.CH\_MULTI * ida\_kernwin.Form * ida\_kernwin.PluginForm.FORM\_TAB * ida\_kernwin.ask\_str
**choose**
A widget showing data in a tabular fashion **Source code** [widgets/tabular\_views/custom/choose.py](https://github.com/idapython/src/blob/master/examples/widgets/tabular_views/custom/choose.py) **Category** widgets **Description** Shows how to subclass the ida\_kernwin.Choose class to show data organized in a simple table. In addition, registers a couple actions that can be applied to it. **Keywords** actions chooser ctxmenu **Uses** * Choose * Choose.ALL\_CHANGED * Choose.CH\_CAN\_DEL * Choose.CH\_CAN\_EDIT * Choose.CH\_CAN\_INS * Choose.CH\_CAN\_REFRESH * Choose.CH\_RESTORE * Choose.NOTHING\_CHANGED * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.is\_chooser\_widget * ida\_kernwin.register\_action * ida\_kernwin.unregister\_action **See also** * [choose\_multi](#choose_multi) * [chooser\_with\_folders](#chooser_with_folders)
**choose\_multi**
A widget showing data in a tabular fashion, providing multiple selection **Source code** [widgets/tabular\_views/custom/choose\_multi.py](https://github.com/idapython/src/blob/master/examples/widgets/tabular_views/custom/choose_multi.py) **Category** widgets **Description** Similar to [choose](#choose), but with multiple selection **Keywords** actions chooser **Uses** * Choose * Choose.ALL\_CHANGED * Choose.CHCOL\_HEX * Choose.CH\_MULTI * Choose.NOTHING\_CHANGED **See also** * [choose](#choose) * [chooser\_with\_folders](#chooser_with_folders)
**chooser\_with\_folders**
A widget that can show tabular data either as a simple table, or with a tree-like structure. **Source code** [widgets/tabular\_views/custom/chooser\_with\_folders.py](https://github.com/idapython/src/blob/master/examples/widgets/tabular_views/custom/chooser_with_folders.py) **Category** widgets **Description** By adding the necessary bits to a ida\_kernwin.Choose subclass, IDA can show the otherwise tabular data, in a tree-like fashion. The important bits to enable this are: * ida\_dirtree.dirspec\_t (and my\_dirspec\_t) * ida\_kernwin.CH\_HAS\_DIRTREE * ida\_kernwin.Choose.OnGetDirTree * ida\_kernwin.Choose.OnIndexToInode **Keywords** actions chooser folders **Uses** * ida\_dirtree.DTE\_OK * ida\_dirtree.direntry\_t * ida\_dirtree.direntry\_t.BADIDX * ida\_dirtree.dirspec\_t * ida\_dirtree.dirtree\_t * ida\_dirtree.dirtree\_t.isdir * ida\_kernwin.CH\_CAN\_DEL * ida\_kernwin.CH\_CAN\_EDIT * ida\_kernwin.CH\_CAN\_INS * ida\_kernwin.CH\_HAS\_DIRTREE * ida\_kernwin.CH\_MULTI * ida\_kernwin.Choose * ida\_kernwin.Choose.ALL\_CHANGED * ida\_kernwin.Choose.CHCOL\_DRAGHINT * ida\_kernwin.Choose.CHCOL\_INODENAME * ida\_kernwin.Choose.CHCOL\_PLAIN * ida\_kernwin.ask\_str * ida\_netnode.BADNODE * ida\_netnode.netnode **See also** * [choose](#choose) * [choose\_multi](#choose_multi)
**custom\_graph\_with\_actions**
Drawing custom graphs **Source code** [widgets/graphs/custom\_graph\_with\_actions.py](https://github.com/idapython/src/blob/master/examples/widgets/graphs/custom_graph_with_actions.py) **Category** widgets **Description** Showing custom graphs, using `ida_graph.GraphViewer`. In addition, show how to write actions that can be performed on those. **Keywords** actions graph View\_Hooks **Uses** * ida\_funcs.get\_func * ida\_funcs.get\_func\_name * ida\_graph.GraphViewer * ida\_graph.get\_graph\_viewer * ida\_graph.screen\_graph\_selection\_t * ida\_graph.viewer\_get\_selection * ida\_idp.is\_call\_insn * ida\_kernwin.AST\_ENABLE\_ALWAYS * ida\_kernwin.View\_Hooks * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_dynamic\_action\_to\_popup * ida\_kernwin.get\_screen\_ea * ida\_ua.decode\_insn * ida\_ua.insn\_t * ida\_xref.XREF\_FAR * ida\_xref.xrefblk\_t
**custom\_viewer**
Create custom listings in IDA **Source code** [widgets/listings/custom\_viewer.py](https://github.com/idapython/src/blob/master/examples/widgets/listings/custom_viewer.py) **Category** widgets **Description** How to create simple listings, that will share many of the features as the built-in IDA widgets (highlighting, copy & paste, notifications, ...) In addition, creates actions that will be bound to the freshly-created widget (using `ida_kernwin.attach_action_to_popup`.) **Keywords** actions ctxmenu listing **Uses** * ida\_kernwin.AST\_ENABLE\_ALWAYS * ida\_kernwin.IK\_DELETE * ida\_kernwin.IK\_ESCAPE * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.ask\_long * ida\_kernwin.ask\_str * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.register\_action * ida\_kernwin.simplecustviewer\_t * ida\_kernwin.simplecustviewer\_t.Create * ida\_kernwin.simplecustviewer\_t.Show * ida\_kernwin.unregister\_action * ida\_lines.COLOR\_DEFAULT * ida\_lines.COLOR\_DNAME * ida\_lines.COLSTR * ida\_lines.SCOLOR\_PREFIX * ida\_lines.SCOLOR\_VOIDOP
**func\_chooser**
An alternative view over the list of functions **Source code** [widgets/tabular\_views/custom/func\_chooser.py](https://github.com/idapython/src/blob/master/examples/widgets/tabular_views/custom/func_chooser.py) **Category** widgets **Description** Partially re-implements the "Functions" widget present in IDA, with a custom widget. **Keywords** chooser functions **Uses** * ida\_funcs.get\_func\_name * ida\_kernwin.Choose * ida\_kernwin.Choose.ALL\_CHANGED * ida\_kernwin.Choose.CHCOL\_FNAME * ida\_kernwin.Choose.CHCOL\_HEX * ida\_kernwin.Choose.CHCOL\_PLAIN * ida\_kernwin.get\_icon\_id\_by\_name * idautils.Functions * idc.del\_func **See also** * [choose](#choose) * [choose\_multi](#choose_multi) * [chooser\_with\_folders](#chooser_with_folders)
**jump\_next\_comment**
Implement a "jump to next comment" action within IDA's disassembly view. **Source code** [widgets/listings/jump\_next\_comment.py](https://github.com/idapython/src/blob/master/examples/widgets/listings/jump_next_comment.py) **Category** widgets **Description** We want our action not only to find the next line containing a comment, but to also place the cursor at the right horizontal position. To find that position, we will have to inspect the text that IDA generates, looking for the start of a comment. However, we won't be looking for a comment "prefix" (e.g., "; "), as that would be too fragile. Instead, we will look for special "tags" that IDA injects into textual lines, and that bear semantic information. Those tags are primarily used for rendering (i.e., switching colors), but can also be very handy for spotting tokens of interest (registers, addresses, comments, prefixes, instruction mnemonics, ...) **Shortcut** Ctrl+Alt+C **Keywords** actions idaview **Uses** * ida\_bytes.next\_head * ida\_idaapi.BADADDR * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_DISASM * ida\_kernwin.CVNF\_LAZY * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.custom\_viewer\_jump * ida\_kernwin.get\_custom\_viewer\_location * ida\_kernwin.place\_t\_as\_idaplace\_t * ida\_kernwin.register\_action * ida\_kernwin.unregister\_action * ida\_lines.SCOLOR\_AUTOCMT * ida\_lines.SCOLOR\_ON * ida\_lines.SCOLOR\_REGCMT * ida\_lines.SCOLOR\_RPTCMT * ida\_lines.generate\_disassembly * ida\_lines.tag\_strlen * ida\_moves.lochist\_entry\_t **See also** * [save\_and\_restore\_listing\_pos](#save_and_restore_listing_pos)
**lazy\_loaded\_chooser**
**Source code** [widgets/tabular\_views/custom/lazy\_loaded\_chooser.py](https://github.com/idapython/src/blob/master/examples/widgets/tabular_views/custom/lazy_loaded_chooser.py) **Category** widgets **Description**
**save\_and\_restore\_listing\_pos**
Save, and then restore, positions in a listing **Source code** [widgets/listings/save\_and\_restore\_listing\_pos.py](https://github.com/idapython/src/blob/master/examples/widgets/listings/save_and_restore_listing_pos.py) **Category** widgets **Description** Shows how it is possible re-implement IDA's bookmark capability, using 2 custom actions: one action saves the current location, and the other restores it. Note that, contrary to actual bookmarks, this example: * remembers only 1 saved position * doesn't save that position in the IDB (and therefore cannot be restored if IDA is closed & reopened.) **Shortcuts** Ctrl+Shift+O Ctrl+Shift+S **Keywords** actions listing **Uses** * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_CUSTVIEW * ida\_kernwin.BWN\_DISASM * ida\_kernwin.BWN\_PSEUDOCODE * ida\_kernwin.BWN\_TILVIEW * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.custom\_viewer\_jump * ida\_kernwin.find\_widget * ida\_kernwin.get\_custom\_viewer\_location * ida\_kernwin.register\_action * ida\_kernwin.unregister\_action * ida\_moves.lochist\_entry\_t **See also** * [jump\_next\_comment](#jump_next_comment)
**show\_and\_hide\_waitbox**
Showing, updating & hiding the progress dialog **Source code** [widgets/waitbox/show\_and\_hide\_waitbox.py](https://github.com/idapython/src/blob/master/examples/widgets/waitbox/show_and_hide_waitbox.py) **Category** widgets **Description** Using the progress dialog (aka 'wait box') primitives. **Keywords** actions **Uses** * ida\_hexrays.decompile * ida\_kernwin.hide\_wait\_box * ida\_kernwin.replace\_wait\_box * ida\_kernwin.show\_wait\_box * ida\_kernwin.user\_cancelled * idautils.Functions
**show\_selected\_strings**
Retrieve the strings that are selected in the "Strings" window. **Source code** [widgets/tabular\_views/string\_window/show\_selected\_strings.py](https://github.com/idapython/src/blob/master/examples/widgets/tabular_views/string_window/show_selected_strings.py) **Category** widgets **Description** In IDA it's possible to write actions that can be applied even to core (i.e., "standard") widgets. The actions in this example use the action "context" to know what the current selection is. This example shows how you can either retrieve string literals data directly from the chooser (`ida_kernwin.get_chooser_data`), or by querying the IDB (`ida_bytes.get_strlit_contents`) **Shortcuts** Ctrl+Shift+K Ctrl+Shift+S **Keywords** actions ctxmenu **Uses** * ida\_bytes.get\_strlit\_contents * ida\_idaapi.BADADDR * ida\_kernwin.AST\_DISABLE\_FOR\_WIDGET * ida\_kernwin.AST\_ENABLE\_FOR\_WIDGET * ida\_kernwin.BWN\_STRINGS * ida\_kernwin.action\_desc\_t * ida\_kernwin.action\_handler\_t * ida\_kernwin.attach\_action\_to\_popup * ida\_kernwin.find\_widget * ida\_kernwin.get\_chooser\_data * ida\_kernwin.open\_strings\_window * ida\_kernwin.register\_action * ida\_kernwin.unregister\_action * ida\_strlist.get\_strlist\_item * ida\_strlist.string\_info\_t **See also** * [list\_strings](#list_strings)
**sync\_two\_graphs**
Follow the movements of a disassembly graph, in another. **Source code** [widgets/graphs/sync\_two\_graphs.py](https://github.com/idapython/src/blob/master/examples/widgets/graphs/sync_two_graphs.py) **Category** widgets **Description** Since it is possible to be notified of movements that happen take place in a widget, it's possible to "replay" those movements in another. In this case, "IDA View-B" (will be opened if necessary) will show the same contents as "IDA View-A", slightly zoomed out. **Keywords** graph idaview **Uses** * ida\_graph.GLICTL\_CENTER * ida\_graph.viewer\_fit\_window * ida\_graph.viewer\_get\_gli * ida\_graph.viewer\_set\_gli * ida\_kernwin.DP\_RIGHT * ida\_kernwin.IDAViewWrapper * ida\_kernwin.MFF\_FAST * ida\_kernwin.TCCRT\_GRAPH * ida\_kernwin.execute\_sync * ida\_kernwin.find\_widget * ida\_kernwin.get\_custom\_viewer\_place * ida\_kernwin.jumpto * ida\_kernwin.open\_disasm\_window * ida\_kernwin.set\_dock\_pos * ida\_kernwin.set\_view\_renderer\_type * ida\_moves.graph\_location\_info\_t **See also** * [wrap\_idaview](#wrap_idaview)
**wrap\_idaview**
Manipulate IDAView and graph **Source code** [widgets/idaview/wrap\_idaview.py](https://github.com/idapython/src/blob/master/examples/widgets/idaview/wrap_idaview.py) **Category** widgets **Description** This is an example illustrating how to manipulate an existing IDA-provided view (and thus possibly its graph), in Python. **Keywords** graph idaview **Uses** * ida\_graph.NIF\_BG\_COLOR * ida\_graph.NIF\_FRAME\_COLOR * ida\_graph.node\_info\_t * ida\_kernwin.IDAViewWrapper * ida\_kernwin.MFF\_FAST * ida\_kernwin.TCCRT\_FLAT * ida\_kernwin.TCCRT\_GRAPH * ida\_kernwin.execute\_sync **See also** * [custom\_graph\_with\_actions](#custom_graph_with_actions) * [sync\_two\_graphs](#sync_two_graphs)