Our IDA SDK exposes API in the form of C++ libraries and header files, allowing you to create custom processor modules and plugins, automate tasks, or integrate new features directly into IDA. Our IDA API is defined and organized by the contents of the header files, that you can browse in our IDA C++ SDK Reference.
With IDA SDK, you can develop loaders for unsupported binary formats or custom processors modules to disassemble and analyze non-standard files. What's more, you can write plugins to perform complex, automated tasks and more, allowing you to go far beyong the basic IDC scripting.
Check out our Porting Guide, which is prepared to help you migrate and adapt your existing modules and plugins from IDA 8.x to IDA 9.0.
C++ SDK Reference
Check in-depth overview of header files with extensive description of data structures and functions.
C++ SDK Getting Started
Explore this guide to introduce yourself to the core capabilities of IDA SDK.
C++ SDK Examples
Try complex examples that show the full power and and flexibility of our SDK.
Writing Plugins in C++
Learn the best practices for creating plugins with IDA SDK
The C++ SDK allows developers to create powerful plugins that can extend the IDA Pro capabilities, that enable deeper integration and more control over IDA's core functionality.
This guide will walk you through creating a basic plugin using the C++ SDK, demonstrating the structure and best practices for developing C++ plugins for IDA Pro.
Installed the lastest C++ SDK. You can get it from our Download Center in My Hex-Rays portal.
A working C++ development environment (compiler, debugger, etc.). For the Windows Visual Studio users, a plugin template has been created that can be used to create plugin solutions. It can be found in the C++ SDK with a corresponding README file.
Check the C++ SDK Reference Documentation for a comprehensive list of classes, functions, and available APIs.
Familiarize yourself with the plugin_t class and plugmod_t, that are fundamental for creating plugins using the C++ SDK.
Ensure compatibility with the latest version of IDA Pro and refer to the C++ SDK Porting Guide for any recent changes that might affect your plugin.
An IDA Pro plugin written in C++ typically involves:
A class that inherits from plugmod_t, this class will implement the actual plugin functionality.
An init() function that will return a pointer to the above mentioned class.
Flags that specify when and how the plugin should be loaded and unloaded.
Start by creating a new C++ source file for your plugin. This file will contain the main logic and define the necessary classes and methods for your plugin.
When creating a plugin, it's recommended to create an instace of the class plugin_t with specific flags and a class inheriting from plugmod_t that performs the core functionality.
Example of `implementation:
In our example:
MyPlugmod class: This class inherits from plugmod_t and overrides the run() method to perform the plugin's main functionality. The constructor and destructor provide initialization and cleanup messages.
PLUGIN exported plugin_t instance: This object sets the PLUGIN_MULTI flag to allow the plugin to be loaded multiple times if needed.
init function: This function is called by the by the kernel in order to initialize the plugin. It returns an instance of MyPlugmod.
Compile your plugin. Once your plugin code is ready, Use your C++ development environment to compile the plugin source code into a shared library (.dll on Windows, .so on Linux, or .dylib on macOS).
Install your plugin. Copy the compiled plugin binary to the plugins directory in your IDA installation folder.
Run your plugin. Execute the plugin via the specified hotkey or by selecting it from the Edit -> Plugins submenu.
IN PROGRESS
The IDA C++ SDK provides set of tools to interact with IDA Pro's disassembler, allowing you to navigate, analyze, and manipulate various elements such as functions, instructions, and data. This guide is designed to accelerate your learning curve with the IDA C++ SDK and kickstart your development journey, assuming you are already familiar with IDA Pro and its basic usage.
First, check Basics for core concepts and commonly used variables. Next, explore our Code Snippets to see examples of commonly used functions. Once you're comfortable with these, you can delve into more complex Examples that showcase advanced usage of the SDK.
You can download the latest C++ SDK Zip file from our Download Center in My Hex-Rays portal. The SDK package includes in the top-level directory a README file with instructions on how to install it on your local machine and additional README files in other directories for processor modules templates, loaders and so on.
One of the most extensivly used type is ea_t, commonly used to represent an effective address (EA) within a binary.
The IDA C++ SDK is organized into header files containing various classes and functions. Below is a short desription of commonly used IDA SDK header files:
pro.h: This is the first header included in the IDA project. It defines the most common types, functions, and data. It also contains compiler- and platform-related definitions.
ida.hpp: In this file the 'inf' structure is defined: it keeps all parameters of the disassembled file.
idp.hpp: The 'main' header file for IDP modules. Contains definition of the interface to IDP modules. The interface consists of 2 structures: processor_t - description of processor
asm_t - description of assembler
Each IDP has one processor_t and several asm_t structures.
loader.hpp: Definitions of IDP, LDR, and PLUGIN module interfaces. This file also contains:
functions to load files into the database
functions to generate output files
high level functions to work with the database (open, save, close)
ua.hpp: Functions that deal with the disassembling of program instructions. Disassembly of an instruction is made in three steps:
analysis
emulation
conversion to text
kernwin.hpp: Defines the interface between the kernel and the UI. Some string processing functions are also kept in this header.
idd.hpp: Debugger plugin API for debugger module writers. Contains definition of the interface to IDD modules.
bytes.hpp: Functions and definitions used to describe and manipulate each byte of the disassembled program. Information about the byte includes associated features (comments, names, references, etc), data types (dword, qword, string literal, etc), instruction operands, status (mapped, loaded, patched, etc), among others.
netnode.hpp: Functions that provide the lowest level public interface to the database. Modules can use this to keep some private information in the database. A description of the concept is available in the header file itself.
allins.hpp: List of instructions available from all processor modules.
auto.hpp: Auto-analysis related functions.
compress.hpp: Data compression functions.
config.hpp: Functions that deal with configuration options and files.
dbg.hpp: Contains functions to control the debugging of a process.
diskio.hpp: File I/O functions for IDA. You should not use standard C file I/O functions in modules. Use functions from this header, pro.h, and fpro.h instead.
entry.hpp: Functions that deal with entry points to the program being disassembled.
enum.hpp: Enumeration type management (assembly level types).
err.h: Thread safe functions that deal with error codes.
expr.hpp: Functions that deal with C-like expressions, external languages, and the built-in IDC language.
fixup.hpp: Functions that deal with fixup (relocation) information.
fpro.h: System independent counterparts of file I/O functions. These functions do check errors but never exit even if an error occurs. They return extended error code in qerrno variable. NOTE: You must use these functions instead of the C standard I/O functions.
frame.hpp: Routines to manipulate function stack frames, stack variables, register variables and local labels.
funcs.hpp: Routines for working with functions within the disassembled program. This file also contains routines for working with library signatures (e.g. FLIRT).
gdl.hpp: Low level graph drawing operations.
graph.hpp: Graph view management.
help.h: Help subsystem. This subsystem is not used in IDP files. We put it just in case.
ieee.h: IEEE floating point functions.
intel.hpp: Header file from the IBM PC module. For information only. It will not compile because it contains references to internal files!
lex.hpp: Tools for parsing C-like input.
lines.hpp: High level functions that deal with the generation of the disassembled text lines.
nalt.hpp: Definitions of various information kept in netnodes. These functions should not be used directly since they are very low level.
moves.hpp: Functions and classes related to location history.
name.hpp: Functions that deal with names (setting, deleting, getting, validating, etc).
offset.hpp: Functions that deal with offsets.
problems.hpp: Functions that deal with the list of problems.
prodir.h: Low level functions to find files in the file system. It is better to use enumerate_files2() from diskio.hpp.
pronet.h: Network related functions.
range.hpp: Contains the definition of the 'range_t' class. This is a base class used by many parts of IDA, such as the 'segment_t' and 'segreg_range_t' (segment register) classes.
registry.hpp: Registry related functions. IDA uses the registry to store global configuration options that must persist after IDA has been closed.
segment.hpp: Functions that deal with program segmentation.
segregs.hpp: Functions that deal with the segment registers. If your processor doesn't use segment registers, then you don't need this file.
strlist.hpp: Functions that deal with the strings list.
struct.hpp: Structure type management (assembly level types).
typeinf.hpp: Describes the type information records in IDA.
xref.hpp: Functions that deal with cross-references.
All functions usable in the modules are marked by the "ida_export" keyword.
Here are the most common namespaces to start with:
idc: This namespace provides access to IDC scripting functions via C++ SDK. It is often used for common tasks like setting comments or modifying bytes.
idati: This namespace is used for interacting with type information, such as function signatures and type definitions.
idaapi: This namespace contains core classes and functions for interacting with IDA's API, including functions for handling UI elements, plugins, and database access.
idamisc: This namespace includes utility functions for various tasks, such as working with the address space and disassembly.
Here are common functions and examples grouped by topics:
If you’re comfortable with the basics, explore advanced examples included in the SDK itself. These examples often leverage multiple modules to accomplish more sophisticated tasks.
Explore our tutorial on how to create your first custom plugin in IDA using C++.
Below is the full source code of a sample plugin. It performs a quite useful transformation of the pseudocode: replaces zeroes in pointer contexts with NULLs. A NULL immediately conveys the idea that the current expression is pointer-related. This is especially useful for unknown function arguments.
The plugin is fully automatic. It hooks to the decompiler events and waits for the pseudocode to be ready. At that moment it takes control and modifies the ctree.
The conversion is performed by the convert_zeroes() function. It visits all expressions of the ctree and checks for pointer contexts. If a expression has a pointer type, then the make_null_if_zero() function is called for it. This function checks if the expression is a zero constant and converts it if necessary.
The plugin can be turned on or off by its menu item in the Plugins submenu.
The code is short and straightforward. Use it as a template for your plugins.
\
IDA 9.0 API Changes and porting guide
The largest change is the removal of two headers:
struct.hpp
enum.hpp
The functionalities for working with user-defined types are now available in typeinf.hpp (tinfo_t class).
class member_t;
class struc_t;
struc_t is replaced by the notion of "user-defined type" (udt_type_data_t class) and member_t by dt member (udm_t class).
get_struc_qty() Rough equivalent is get_ordinal_limit() or get_ordinal_count() but note that it also includes enums and typedefs.
get_first_struc_idx()
get_last_struc_idx()
get_prev_struc_idx()
get_next_struc_idx()
Local type ordinals always start at 1 (0 is invalid ordinal) and go up to get_ordinal_limit().
get_struc_idx(tid_t id)
get_struc_by_idx(uval_t idx)
Enumerations are now manipulated via:
tinfo_t class
enum_type_data_t class
edm_t class. in typeinf.hpp
get_enum_qty(void)
getn_enum(size_t idx)
get_enum_idx(enum_t id)
get_enum(const char *name)
is_bf(enum_t id)
is_enum_hidden(enum_t id)
set_enum_hidden(enum_t id, bool hidden)
is_enum_fromtil(enum_t id)
set_enum_fromtil(enum_t id, bool fromtil)
is_ghost_enum(enum_t id)
set_enum_ghost(enum_t id, bool ghost)
get_enum_name(qstring *out, enum_t id)
get_enum_name2(qstring *out, enum_t id, int flags=0)
get_enum_name(tid_t id, int flags=0)
get_enum_width(enum_t id)
set_enum_width(enum_t id, int width)
get_enum_cmt(qstring *buf, enum_t id, bool repeatable)
get_enum_size(enum_t id)
get_enum_flag(enum_t id)
get_enum_member_by_name(const char *name)
get_enum_member_value(const_t id)
get_enum_member_enum(const_t id)
get_enum_member_bmask(const_t id)
get_enum_member(enum_t id, uval_t value, int serial, bmask_t mask)
get_first_bmask(enum_t enum_id)
get_last_bmask(enum_t enum_id)
get_next_bmask(enum_t enum_id, bmask_t bmask\)
get_prev_bmask(enum_t enum_id, bmask_t bmask)
get_first_enum_member(enum_t id, bmask_t bmask=DEFMASK)
get_last_enum_member(enum_t id, bmask_t bmask=DEFMASK)
get_next_enum_member(enum_t id, uval_t value, bmask_t bmask=DEFMASK)
get_prev_enum_member(enum_t id, uval_t value, bmask_t bmask=DEFMASK)
get_enum_member_name(qstring *out, const_t id)
get_enum_member_cmt(qstring *buf, const_t id, bool repeatable)
get_first_serial_enum_member(uchar *out_serial, enum_t id, uval_t value, bmask_t bmask)
get_last_serial_enum_member(uchar *out_serial, enum_t id, uval_t value, bmask_t bmask)
get_next_serial_enum_member(uchar *in_out_serial, const_t first_cid)
get_prev_serial_enum_member(uchar *in_out_serial, const_t first_cid)
for_all_enum_members(enum_t id, enum_member_visitor_t &cv)
ida_export get_enum_member_serial(const_t cid)
get_enum_type_ordinal(enum_t id)
set_enum_type_ordinal(enum_t id, int32 ord)
add_enum(size_t idx, const char *name, flags64_t flag)
del_enum(enum_t id)
set_enum_idx(enum_t id, size_t idx)
set_enum_bf(enum_t id, bool bf)
set_enum_name(enum_t id, const char *name)
set_enum_cmt(enum_t id, const char *cmt, bool repeatable)
set_enum_flag(enum_t id, flags64_t flag)
add_enum_member(enum_t id, const char *name, uval_t value, bmask_t bmask=DEFMASK)
del_enum_member(enum_t id, uval_t value, uchar serial, bmask_t bmask)
set_enum_member_name(const_t id, const char *name)
set_enum_member_cmt(const_t id, const char *cmt, bool repeatable)
is_one_bit_mask(bmask_t mask)
set_bmask_name(enum_t id, bmask_t bmask, const char *name)
get_bmask_name(qstring *out, enum_t id, bmask_t bmask)
set_bmask_cmt(enum_t id, bmask_t bmask, const char *cmt, bool repeatable)
get_bmask_cmt(qstring *buf, enum_t id, bmask_t bmask, bool repeatable)
idaman ea_t ida_export find_binary(ea_t startea, ea_t endea, const char *ubinstr, int radix, int sflag, int strlits_encoding=0)
bin_search2(ea_t start_ea, ea_t end_ea, const compiled_binpat_vec_t &data, int flags)
bin_search(ea_t, ea_t, const uchar *, const uchar *, size_t, int, int)
get_8bit(ea_t *ea, uint32 *v, int *nbit)
get_octet(ea_t *ea, uint64 *v, int *nbit)
free_chunk(ea_t bottom, asize_t size, int32 step)
ecreate(const char *file)
eclose(FILE *fp)
eread(FILE *fp, void *buf, size_t size)
ewrite(FILE *fp, const void *buf, size_t size)
eseek(FILE *fp, qoff64_t pos)
enumerate_files(char *answer, size_t answer_size, const char *path, const char *fname, int (idaapi*func)(const char *file,void *ud), void *ud=nullptr)
qerrcode(int new_code=-1)
idaman bool ida_export add_frame_member(const func_t *pfn, const char *name, uval_t offset, const tinfo_t &tif, const struct value_repr_t *repr=nullptr, uint etf_flags=0)
THREAD_SAFE bool is_anonymous_member_name(const char *name)
THREAD_SAFE bool is_dummy_member_name(const char *name)
idaman bool ida_export is_special_frame_member(tid_t tid)
idaman bool ida_export set_frame_member_type(const func_t *pfn, uval_t offset, const tinfo_t &tif, const struct value_repr_t *repr=nullptr, uint etf_flags=0)
idaman bool ida_export delete_frame_members(const func_t *pfn, uval_t start_offset, uval_t end_offset)
idaman sval_t ida_export calc_frame_offset(func_t *pfn, sval_t off, const insn_t *insn = nullptr, const op_t *op = nullptr)
get_frame_member_by_id(qstring *out_mname, struc_t **out_fptr, tid_t mid)
get_stkvar(sval_t *actval, const insn_t &insn, const op_t &x, sval_t v) See get_stkvar in ida_typeinf.tinfo_t
get_min_spd_ea(func_t *pfn)
delete_unreferenced_stkvars(func_t *pfn)
delete_wrong_stkvar_ops(func_t *pfn)
bool func_item_iterator_t::set_ea(ea_t _ea)
save_signatures(void)
invalidate_sp_analysis(func_t *pfn)
invalidate_sp_analysis(ea_t ea)
struct edge_t
class node_ordering_t
class control_graph_t
class edge_mapper_t
class node_bitset_t
class array_of_node_bitset_t
struct ctry_t
struct cthrow_t
struct catchexpr_t
struct ccatch_t
struct cblock_pos_t
uvlr_t max_vlr_value(int size)
uvlr_t min_vlr_svalue(int size)
uvlr_t max_vlr_svalue(int size)
bool is_unsigned_cmpop(cmpop_t cmpop)
bool is_signed_cmpop(cmpop_t cmpop)
bool is_cmpop_with_eq(cmpop_t cmpop)
bool is_cmpop_without_eq(cmpop_t cmpop)
bool was_scattered_arg() const
void set_scattered_arg()
void clr_scattered_arg()
int find_input_reg(int reg, int _size=1)
virtual bool ignore_edge(int /*src*/, int /*dst*/ ) const
void hexapi compute_dominators(array_of_node_bitset_t &domin, bool post=false) const
void hexapi compute_immediate_dominators(const array_of_node_bitset_t &domin, intvec_t &idomin, bool post=false) const
int hexapi depth_first_preorder(node_ordering_t *pre) const
int hexapi depth_first_postorder(node_ordering_t *post) const
void depth_first_postorder(node_ordering_t *post, edge_mapper_t *et) const
void depth_first_postorder_for_all_entries(node_ordering_t *post) const
intvec_t find_dead_nodes() const
void find_reaching_nodes(int n, node_bitset_t &reaching) const
bool path_exists(int m, int n) const
bool path_back(const array_of_node_bitset_t &domin, int m, int n) const
bool path_back(const edge_mapper_t &et, int m, int n) const
iterator begin() const
iterator end()
int front()
void inc(iterator &p, int n=1) const
virtual int hexapi goup(int node) const
int calc_max_exp() const
bool is_nan() const
bool was_unpaired() const
mblock_t *hexapi split_block(mblock_t *blk, minsn_t *start_insn)
merror_t hexapi inline_func(codegen_t &cdg, int blknum, mba_ranges_t &ranges, int decomp_flags=0, int inline_flags=0)
const stkpnt_t *hexapi locate_stkpnt(ea_t ea) const
void hexapi clear()
virtual const char *what() const noexcept override
bool hexapi get_member_type(const member_t *mptr, tinfo_t *type)
bool hexapi checkout_hexrays_license(bool silent)
bool get_member_type(const member_t *mptr, tinfo_t *type)
static uvlr_t max_value(int size_)
static uvlr_t min_svalue(int size_)
static uvlr_t max_svalue(int size_)
member_t *hexapi get_memptr(struc_t **p_sptr=nullptr) const
cblock_t *get_block()
bool hexapi set_strmem_type(struc_t *sptr, member_t *mptr)
bool hexapi rename_strmem(struc_t *sptr, member_t *mptr)
The new header for the IDA library
idaman int ida_export init_library(int argc = 0, char *argv[] = nullptr)
idaman int ida_export open_database(const char *file_path, bool run_auto)
idaman void ida_export close_database(bool save)
idaman int ida_export cpu2ieee(fpvalue_t *ieee_out, const void *cpu_fpval, int size)
idaman int ida_export ieee2cpu(void *cpu_fpval, const fpvalue_t &ieee_out, int size)
processor_t::has_realcvt(void) const
const op_t *procmod_t::make_op_reg(op_t *op, int reg, int8 dtype = -1) const
const op_t *procmod_t::make_op_imm(op_t *op, uval_t val, int8 dtype = -1) const
const op_t *procmod_t::make_op_displ(op_t *op, int base_reg, uval_t displ, int8 dtype = -1) const
const op_t *procmod_t::make_op_phrase(op_t *op, int base_reg, int index_reg, int8 dtype = -1) const
open_enums_window(tid_t const_id=BADADDR)
open_structs_window(tid_t id=BADADDR, uval_t offset=0)
choose_struc(const char *title)
choose_enum_by_value(const char *title, enum_t default_id, uint64 value, int nbytes, uchar *serial)
class enumplace_t
class structplace_t
bool is_ida_library(char *path, size_t pathsize, void** handle)
const tagged_line_section_t::tagged_line_section_t *nearest_before(const tagged_line_section_t &range, cpidx_t start, color_t tag=0) const
const tagged_line_section_t::tagged_line_section_t *nearest_after(const tagged_line_section_t &range, cpidx_t start, color_t tag=0) const
bool chooser_base_t::has_widget_lifecycle() const
set_user_defined_prefix(size_t width, void (idaapi *get_user_defined_prefix)(qstring *buf, ea_t ea, int lnnum, int indent, const char *line))
void jvalue_t::set_str(const char *s)
void jobj_t::put(const char *key, const jobj_t &value)
unpack_memory(void *buf, size_t size, const uchar **pptr, const uchar *end)
idaman THREAD_SAFE bool ida_export get_login_name(qstring *out)
idaman void *ida_export pipe_process(qhandle_t *read_handle, qhandle_t *write_handle, launch_process_params_t *lpp, qstring *errbuf=nullptr)
qstring bytevec_t::tohex(bool upper_case=true) const
void qlist::splice(iterator pos, qlist &other, iterator first, iterator last)
struct memory_serializer_t
regcomp(struct regex_t *preg, const char *pattern, int cflags)
regerror(int errcode, const struct regex_t *preg, char *errbuf, size_t errbuf_size)
regexec(const struct regex_t *preg, const char *str, size_t nmatch, struct regmatch_t pmatch[], int eflags)
regfree(struct regex_t *preg)
reg_finder_op_make_rfop(func_t *pfn, const insn_t &insn, const op_t &op)
void reg_value_info_t::movt(const reg_value_info_t &r, const insn_t &insn)
static int reg_finder_op_t::get_op_width(const op_t &op)
static reg_finder_op_t reg_finder_op_t::make_stkoff(sval_t stkoff, int width)
reg_load(void)
reg_flush(void)
user2bin(uchar *, uchar *, ea_t, const char *, int, bool)
find_binary(ea_t, ea_t, const char *, int, int)
set_numbered_type(til_t *ti, uint32 ordinal, int ntf_flags, const char *name, const type_t *type, const p_list *fields=nullptr, const char *cmt=nullptr, const p_list *fldcmts=nullptr, const sclass_t *sclass=nullptr)
get_ordinal_from_idb_type(const char *name, const type_t *type)
is_autosync(const char *name, const type_t *type)
is_autosync(const char *name, const tinfo_t &tif)
import_type(const til_t *til, int idx, const char *name, int flags=0)
get_udm_tid(const udm_t *udm, const char *udt_name)
struct udm_visitor_t
bool ida_export detach_tinfo_t(tinfo_t *_this)
bool stroff_as_size(int plen, const tinfo_t &tif, asize_t value)
int ida_export visit_stroff_udms(udm_visitor_t &sfv, const tid_t *path, int plen, adiff_t *disp, bool appzero)
bool is_one_bit_mask(uval_t mask)
til_t *til_t::find_base(const char *n)
void callregs_t::set_registers(reg_kind_t kind, int first_reg, int last_reg)
bool tinfo_t::get_named_type(const char *name, type_t decl_type=BTF_TYPEDEF, bool resolve=true, bool try_ordinal=true)
bool tinfo_t::get_numbered_type(uint32 ordinal, type_t decl_type=BTF_TYPEDEF, bool resolve=true)
bool tinfo_t::detach()
bool tinfo_t::is_punknown()
int tinfo_t::find_udm(uint64 offset, int strmem_flags=0) const
int tinfo_t::find_udm(const char *name, int strmem_flags=0) const
size_t tinfo_t::get_enum_nmembers() const
bool tinfo_t::is_empty_enum() const
tinfo_code_t tinfo_t::get_enum_repr(value_repr_t *repr) const
int tinfo_t::get_enum_width() const
uint64 tinfo_t::calc_enum_mask() const
tid_t tnfo_t::get_edm_tid(size_t idx) const
tinfo_t tinfo_t::get_innermost_member_type(uint64 bitoffset, uint64 *out_bitoffset=nullptr) const
bool tinfo_t::is_udm_by_til(size_t idx) const
tinfo_code_t tinfo_t::set_udm_by_til(size_t idx, bool on=true, uint etf_flags=0)
tinfo_code_t tinfo_t::set_fixed_struct(bool on=true)
tinfo_code_t tinfo_t::set_struct_size(size_t new_size)
bool tinfo_t::is_fixed_struct() const
bool tinfo_t::get_func_frame(const func_t *pfn)
bool tinfo_t::is_frame() const
ea_t tinfo_t::get_frame_func() const
ssize_t tinfo_t::get_stkvar(sval_t *actval, const insn_t &insn, const op_t *x, sval_t v)
tinfo_code_t tinfo_t::set_enum_radix(int radix, bool sign, uint etf_flags=0)
tinfo_code_t tinfo_t::set_funcarg_type(size_t index, const tinfo_t &tif, uint etf_flags=0)
tinfo_code_t tinfo_t::set_func_rettype(const tinfo_t &tif, uint etf_flags=0)
tinfo_code_t tinfo_t::del_funcargs(size_t idx1, size_t idx2, uint etf_flags=0)
tinfo_code_t tinfo_t::del_funcarg(size_t idx, uint etf_flags=0)
tinfo_code_t tinfo_t::add_funcarg(const funcarg_t &farg, uint etf_flags=0, ssize_t idx=-1)
tinfo_code_t tinfo_t::set_func_cc(cm_t cc, uint etf_flags=0)
tinfo_code_t tinfo_t::set_funcarg_loc(size_t index, const argloc_t &argloc, uint etf_flags=0)
tinfo_code_t tinfo_t::et_func_retloc(const argloc_t &argloc, uint etf_flags=0)
ssize_t func_type_data_t::find_argument(const char *name, size_t from=0, size_t to=size_t(-1)) const
tinfo_code_t enum_type_data_t::get_value_repr(value_repr_t *repr) const
uchar enum_type_data_t::get_serial(size_t index) const
uchar enum_type_data_t::get_max_serial(uint64 value) const
bool udm_t::is_retaddr() const
bool udm_t::is_savregs() const
bool udm_t::is_special_member() const
bool udm_t::is_by_til() const
void udm_t::set_retaddr(bool on=true)
void udm_t::set_savregs(bool on=true)
void udm_t::set_by_til(bool on=true)
bool udt_type_data_t::is_fixed() const
void udt_type_data_t::set_fixed(bool on=true)
The following table provide a list of IDB events that have been replaced or, in some cases, removed.
class node_ordering_t See
struct edge_t See
See also for a table providing a list a event replacement and removal.
idaman bool ida_export get_octet2(uchar *out, octet_generator_t *ogen)
idaman bool ida_export get_octet(uchar *out, octet_generator_t *ogen)
idaman bool ida_export op_enum(ea_t ea, int n, enum_t id, uchar serial=0)
idaman bool ida_export op_enum(ea_t ea, int n, tid_t id, uchar serial=0)
idaman enum_t ida_export get_enum_id(uchar *serial, ea_t ea, int n)
idaman tid_t ida_export get_enum_id(uchar *serial, ea_t ea, int n)
idaman ea_t ida_export bin_search3(size_t *out_matched_idx, ea_t start_ea, ea_t end_ea, const compiled_binpat_vec_t &data, int flags)
idaman ea_t ida_export bin_search(ea_t start_ea, ea_t end_ea, const compiled_binpat_vec_t &data, int flags, size_t *out_matched_idx=nullptr)
idaman bool ida_export dirtree_get_abspath_by_cursor2(qstring *out, const dirtree_impl_t *d, const dirtree_cursor_t &cursor, uint32 name_flags)
idaman bool ida_export dirtree_get_abspath_by_cursor(qstring *out, const dirtree_impl_t *d, const dirtree_cursor_t &cursor, uint32 name_flags)
idaman THREAD_SAFE int ida_export enumerate_files2(char *answer, size_t answer_size, const char *path, const char *fname, file_enumerator_t &fv)
idaman THREAD_SAFE int ida_export enumerate_files(char *answer, size_t answer_size, const char *path, const char *fname, file_enumerator_t &fv)
bool extlang_t::(idaapi *compile_file)(const char *file, qstring *errbuf)
bool extlang_t::(idaapi *compile_file)(const char *file, const char *requested_namespace, qstring *errbuf)
idaman struc_t *ida_export get_frame(const func_t *pfn)
idaman bool ida_export get_func_frame(tinfo_t *out, const func_t *pfn)
idaman bool ida_export define_stkvar(func_t *pfn, const char *name, sval_t off, flags64_t flags, const opinfo_t *ti, asize_t nbytes)
idaman bool ida_export define_stkvar(func_t *pfn, const char *name, sval_t off, const tinfo_t &tif, const struct value_repr_t *repr=nullptr)
idaman void ida_export build_stkvar_xrefs(xreflist_t *out, func_t *pfn, const member_t *mptr)
idaman void ida_export build_stkvar_xrefs(xreflist_t *out, func_t *pfn, uval_t start_offset, uval_t end_offset)
void hexapi save_user_labels2(ea_t func_ea, const user_labels_t *user_labels, const cfunc_t *func=nullptr)
void hexapi save_user_labels(ea_t func_ea, const user_labels_t *user_labels, const cfunc_t *func=nullptr)
user_labels_t *hexapi restore_user_labels2(ea_t func_ea, const cfunc_t *func=nullptr)
user_labels_t *hexapi restore_user_labels(ea_t func_ea, const cfunc_t *func=nullptr)
member_t *hexapi get_stkvar(uval_t *p_off=nullptr) const
ssize_t hexapi get_stkvar(udm_t *udm=nullptr, uval_t *p_off=nullptr) const
member_t *get_stkvar(uval_t *p_off) const
ssize_t get_stkvar(udm_t *udm=nullptr, uval_t *p_off=nullptr) const
member_t *get_stkvar(sval_t vd_stkoff, uval_t *poff) const
ssize_t get_stkvar(udm_t *udm, sval_t vd_stkoff, uval_t *poff=nullptr) const
const mblock_t *get_mblock(int n) const
const mblock_t *get_mblock(uint n) const
mblock_t *get_mblock(int n)
mblock_t *get_mblock(uint n)
bool hexapi combine_blocks()
bool hexapi merge_blocks()
bool cvt_to_cmp(cmpop_t *cmp, uvlr_t *val, bool strict) const
bool valrng_t::cvt_to_cmp(cmpop_t *cmp, uvlr_t *val) const
class abstract_graph_t
class drawable_graph_t
class mutable_graph_t
class interactive_graph_t
mutable_graph_t *idaapi create_mutable_graph(uval_t id)
interactive_graph_t *idaapi create_interactive_graph(uval_t id)
mutable_graph_t *idaapi create_disasm_graph(ea_t ea)
interactive_graph_t *idaapi create_disasm_graph(ea_t ea)
mutable_graph_t *idaapi create_disasm_graph(const rangevec_t &ranges)
interactive_graph_t *idaapi create_disasm_graph(const rangevec_t &ranges)
mutable_graph_t *idaapi get_viewer_graph(graph_viewer_t *gv)
interactive_graph_t *idaapi get_viewer_graph(graph_viewer_t *gv)
void idaapi set_viewer_graph(graph_viewer_t *gv, mutable_graph_t *g)
void idaapi set_viewer_graph(graph_viewer_t *gv, interactive_graph_t *g)
void idaapi delete_mutable_graph(mutable_graph_t *g)
void idaapi delete_interactive_graph(interactive_graph_t *g)
void idaapi mutable_graph_t::del_custom_layout(void)
void idaapi interactive_graph_t::del_custom_layout(void)
void idaapi mutable_graph_t::set_custom_layout(void) const
void idaapi interactive_graph_t::set_custom_layout(void) const
void idaapi mutable_graph_t::set_graph_groups(void) const
void idaapi interactive_graph_t::set_graph_groups(void) const
void idaapi mutable_graph_t::clear(void)
void idaapi interactive_graph_t::clear(void)
bool idaapi mutable_graph_t::create_digraph_layout(void)
bool idaapi interactive_graph_t::create_digraph_layout(void)
bool idaapi abstract_graph_t::create_tree_layout(void)
bool idaapi drawable_graph_t::create_tree_layout(void)
bool idaapi abstract_graph_t::create_circle_layout(point_t c, int radius)
bool idaapi drawable_graph_t::create_circle_layout(point_t c, int radius)
int idaapi mutable_graph_t::get_node_representative(int node)
int idaapi interactive_graph_t::get_node_representative(int node)
int idaapi mutable_graph_t::_find_subgraph_node(int gr, int n) const
int idaapi interactive_graph_t::_find_subgraph_node(int gr, int n) const
int idaapi mutable_graph_t::create_group(const intvec_t &_nodes)
int idaapi interactive_graph_t::create_group(const intvec_t &_nodes)
bool idaapi mutable_graph_t::get_custom_layout(void)
bool idaapi interactive_graph_t::get_custom_layout(void)
bool idaapi mutable_graph_t::get_graph_groups(void)
bool idaapi interactive_graph_t::get_graph_groups(void)
bool idaapi mutable_graph_t::empty(void) const
bool idaapi interactive_graph_t::empty(void) const
bool idaapi mutable_graph_t::is_visible_node(int node) const
bool idaapi interactive_graph_t::is_visible_node(int node) const
bool idaapi mutable_graph_t::delete_group(int group)
bool idaapi interactive_graph_t::delete_group(int group)
bool idaapi mutable_graph_t::change_group_visibility(int gr, bool exp)
bool idaapi interactive_graph_t::change_group_visibility(int gr, bool exp)
bool idaapi mutable_graph_t::set_edge(edge_t e, const edge_info_t *ei)
bool idaapi interactive_graph_t::set_edge(edge_t e, const edge_info_t *ei)
int idaapi mutable_graph_t::node_qty(void) const
int idaapi interactive_graph_t::node_qty(void) const
rect_t &idaapi mutable_graph_t::nrect(int n)
rect_t &idaapi interactive_graph_t::nrect(int n)
static ssize_t processor_t::gen_stkvar_def(outctx_t &ctx, const class member_t *mptr, sval_t v)
static ssize_t processor_t::gen_stkvar_def(outctx_t &ctx, const struct udm_t *mptr, sval_t v, tid_t tid)
ea_t choose_stkvar_xref(func_t *pfn, member_t *mptr)
ea_t choose_stkvar_xref(func_t *pfn, tid_t srkvar_tid)
bool tagged_line_section_t::substr(qstring *out, const qstring &in) const
bool tagged_line_section_t::substr(qstring *out,,const qstring &in, const tagged_line_section_t *end = nullptr) const
idaman lexer_t *ida_export create_lexer(const char *const *keys, size_t size, void *ud=nullptr)
idaman lexer_t *ida_export create_lexer(const char *const *keys, size_t size, void *ud=nullptr, uint32 macro_flags=0)
idaman void ida_export update_extra_cmt(ea_t ea, int what, const char *str)
idaman bool ida_export update_extra_cmt(ea_t ea, int what, const char *str)
idaman void ida_export del_extra_cmt(ea_t ea, int what)
idaman bool ida_export del_extra_cmt(ea_t ea, int what)
idaman int ida_export validate_idb_names2(bool do_repair)
idaman int ida_export validate_idb_names(bool do_repair)
void ida_export reg_finder_invalidate_cache(reg_finder_t *_this, ea_t ea)
void ida_export reg_finder_invalidate_cache(reg_finder_t *_this, ea_t to, ea_t from)
bool ida_export reg_finder_calc_op_addr(reg_finder_t *_this, reg_value_info_t *addr, const op_t *memop, const insn_t *insn, ea_t ea, ea_t ds)
bool ida_export reg_finder_calc_op_addr(reg_finder_t *_this, reg_value_info_t *addr, const op_t *memop, const insn_t *insn, ea_t ea, ea_t ds, int max_depth)
bool ida_export reg_finder_may_modify_stkvars(const reg_finder_t *_this, reg_finder_op_t op, const insn_t *insn)
bool ida_export reg_finder_may_modify_stkvar(const reg_finder_t *_this, reg_finder_op_t op, const insn_t *insn)
void idaapi invalidate_regfinder_cache(ea_t ea = BADADDR)
void idaapi invalidate_regfinder_cache(ea_t to = BADADDR, ea_t from = BADADDR)
bool ida_export create_tinfo2(tinfo_t *_this, type_t bt, type_t bt2, void *ptr)
bool ida_export create_tinfo(tinfo_t *_this, type_t bt, type_t bt2, void *ptr)
int ida_export verify_tinfo(uint32 typid)
int ida_export verify_tinfo(typid_t typid)
bool ida_export get_tinfo_details2(uint32 typid, type_t bt2, void *buf)
bool ida_export get_tinfo_details(typid_t typid, type_t bt2, void *buf)
size_t ida_export get_tinfo_size(uint32 *p_effalign, uint32 typid, int gts_code)
size_t ida_export get_tinfo_size(uint32 *p_effalign, typid_t typid, int gts_code)
size_t ida_export get_tinfo_pdata(void *outptr, uint32 typid, int what)
size_t ida_export get_tinfo_pdata(void *outptr, typid_t typid, int what)
size_t ida_export get_tinfo_property(uint32 typid, int gta_prop)
size_t ida_export get_tinfo_property(typid_t typid, int gta_prop)
size_t ida_export get_tinfo_property4(uint32 typid, int gta_prop, size_t p1, size_t p2, size_t p3, size_t p4)
size_t ida_export get_tinfo_property4(typid_t typid, int gta_prop, size_t p1, size_t p2, size_t p3, size_t p4)
bool ida_export deserialize_tinfo2(tinfo_t *tif, const til_t *til, const type_t **ptype, const p_list **pfields, const p_list **pfldcmts, const char *cmt)
bool ida_export deserialize_tinfo(tinfo_t *tif, const til_t *til, const type_t **ptype, const p_list **pfields, const p_list **pfldcmts, const char *cmt)
int ida_export find_tinfo_udt_member(udm_t *udm, uint32 typid, int strmem_flags)
int ida_export find_tinfo_udt_member(udm_t *udm, typid_t typid, int strmem_flags)
bool ida_export compare_tinfo(uint32 t1, uint32 t2, int tcflags)
bool ida_export compare_tinfo(typid_t t1, typid_t t2, int tcflags)
int ida_export lexcompare_tinfo(uint32 t1, uint32 t2, int)
int ida_export lexcompare_tinfo(typid_t t1, typid_t t2, int)
uint64 ida_export read_tinfo_bitfield_value(uint32 typid, uint64 v, int bitoff)
uint64 ida_export read_tinfo_bitfield_value(typid_t typid, uint64 v, int bitoff)
uint64 ida_export write_tinfo_bitfield_value(uint32 typid, uint64 dst, uint64 v, int bitoff)
uint64 ida_export write_tinfo_bitfield_value(typid_t typid, uint64 dst, uint64 v, int bitoff)
bool ida_export get_tinfo_attr(uint32 typid, const qstring &key, bytevec_t *bv, bool all_attrs)
bool ida_export get_tinfo_attr(typid_t typid, const qstring &key, bytevec_t *bv, bool all_attrs)
bool ida_export get_tinfo_attrs(uint32 typid, type_attrs_t *tav, bool include_ref_attrs)
bool ida_export get_tinfo_attrs(typid_t typid, type_attrs_t *tav, bool include_ref_attrs)
bool ida_export append_tinfo_covered(rangeset_t *out, uint32 typid, uint64 offset)
bool ida_export append_tinfo_covered(rangeset_t *out, typid_t typid, uint64 offset)
bool ida_export calc_tinfo_gaps(rangeset_t *out, uint32 typid)
bool ida_export calc_tinfo_gaps(rangeset_t *out, typid_t typid)
bool ida_export name_requires_qualifier(qstring *out, uint32 typid, const char *name, uint64 offset)
bool ida_export name_requires_qualifier(qstring *out, typid_t typid, const char *name, uint64 offset)
void ida_export tinfo_get_innermost_udm(tinfo_t *itif, const tinfo_t *tif, uint64 offset, size_t *udm_idx, uint64 *bit_offset)
void ida_export tinfo_get_innermost_udm(tinfo_t *itif, const tinfo_t *tif, uint64 offset, size_t *udm_idx, uint64 *bit_offset, bool return_member_type)
tinfo_code_t tinfo_t::find_edm(edm_t *edm, uint64 value, bmask64_t bmask=DEFMASK64, uchar serial=0) const
ssize_t tinfo_t::find_edm(edm_t *edm, uint64 value, bmask64_t bmask=DEFMASK64, uchar serial=0) const
tinfo_code_t tinfo_t::find_edm(edm_t *edm, const char *name) const
ssize_t tinfo_t::find_edm(edm_t *edm, const char *name) const
bool tinfo_t::get_type_by_edm_name(const char *mname, til_t *til=nullptr)
ssize_t tinfo_t::get_edm_by_name(const char *mname, const til_t *til=nullptr)
void ida_export gen_use_arg_tinfos2(struct argtinfo_helper_t *_this, ea_t caller, func_type_data_t *fti, funcargvec_t *rargs)
void ida_export gen_use_arg_tinfos(struct argtinfo_helper_t *_this, ea_t caller, func_type_data_t *fti, funcargvec_t *rargs)
truc_created
local_types_changed
deleting_struc
none
struc_deleted
local_types_changed
changing_struc_align
none
struc_align_changed
local_types_changed
renaming_struc
none
struc_renamed
local_types_changed
expanding_struc
none
struc_expanded
lt_udt_expanded, frame_expanded, local_types_changed
struc_member_created
lt_udm_created, frame_udm_created, local_types_changed
deleting_struc_member
none
struc_member_deleted
lt_udm_deleted, frame_udm_deleted, local_types_changed
renaming_struc_member
none
struc_member_renamed
lt_udm_renamed, frame_udm_renamed, local_types_changed
changing_struc_member
none
struc_member_changed
lt_udm_changed, frame_udm_changed, local_types_changed
changing_struc_cmt
none
struc_cmt_changed
local_types_changed
enum_created
local_types_changed
deleting_enum
none
enum_deleted
local_types_changed
renaming_enum
none
enum_renamed
local_types_changed
changing_enum_bf
local_types_changed
enum_bf_changed
local_types_changed
changing_enum_cmt
none
enum_cmt_changed
local_types_changed
enum_member_created
local_types_changed
deleting_enum_member
none
enum_member_deleted
local_types_changed
enum_width_changed
local_types_changed
enum_flag_changed
local_types_changed
enum_ordinal_changed
none
This page is currently a stub. We're working on additional examples tailored for beginners, so expect more samples soon.
The IDA SDK, which you can get from our Download Center in My Hex-Rays Portal, provides sample code in addition to necessary libraries and headers. These exemplary plugins, processor modules, or file loaders are designed to help you create your own plugins, modules, and more.
The IDA SDK is shipped with plenty of samples (including, for example, sample processor modules or loaders) and exemplary plugins that you can find in the IDA SDK folder. To kickstart your journey with the IDA SDK, we encourage you to check out the included samples, compile them, and run them.
The plugins folder contains sample plugins written in C++. Usually, the subfolders contains at minimum the cpp file(s) and a makefile.
Below, we present only a selection of samples to familiarize yourself with the possibilities of the C++ SDK. All of these samples and their corresponding makefiles can be found in your plugins folder inside the SDK directory.
Simple hello word plugin ideal to get started with IDA SDK.
Sample plugin, ideal to get familiar with plugins structure.
Sample plugin that allows the user to change the address of the called function.
Sample plugin module that demonstrates the use of the choose() function.
This sample plugin demonstates how to install a custom data type and a custom data format.
This sample plugin demonstates how to create and manipulate a simple custom viewer, that allows you to create a view which displays colored lines.
Plugin with CVT64 examples.
The source code of the dwarf plugin
This sample Debugger IDC Helper executes IDC script when the process is launched and allows to hook IDC scripts to various debugger events.
Sample plugin illustrating analysis improvement; it checks branch targets for newly created instructions.
Sample plugin that illustrates how to register a thid party language interpreter.
This plugin demonstrates how to use complex forms.
This sample plugin demonstrates how to get the the entry point prototypes.
This sample plugin demonstrates how to get the disassembly lines for one address.
This plugin will display a colored box at the executed instructions.
This sample plugin demonstrates receiving output window notification callbacks and usage of new output window functions.
This sample plugin demonstrates usage of the view callbacks and adding custom menu items to popup menus.
Sample multi-threaded plugin module.
This sample plugin demonstrates how to customize navigation band colors.
This plugin demonstrates how to use non modal forms.
Sample plugin that extends the IBM PC processor module to disassemble some NEC V20 instructions.
This plugin demonstrates the UI requests and the process_ui_action()
We encourage you to browse the plugins folder inside the SDK directory to check out all of examples, including more complex and advances ones, like FindCrypt program, that finds constants used in crypto algorithms, or qproject, that demonstrates how to fully use the Qt environment in IDA.
The modules folder contains sample processor modules, that are used to add support for new instruction sets or architectures to IDA. Inside the README file you will find instructions on how to compile and run the modules.
If you are going to write a new processor module, it's recommended to follow the below steps:
copy the sample module files to a new directory
edit ins.cpp and ins.hpp files
write the analyser ana.cpp
then outputter
and emulator (you can start with an almost empty emulator)
describe the processor & assembler, write the notify() function
The ldr folder includes source code for new file format loaders:
aif ARM Image File
amiga Amige Hunk File
aof ARM Object File
aout a.out
dos MS DOS File
dump Memory Dump File
geos GEOS File
hex Intel/Motorola HEX File
hpsom HP SOM
intelomf Intel Object File
javaldr Java Class Loader
mas Macro Assembler
nlm Netware Loader Module
os9 FLEX/9
pef Portable Executable Format (MAC)
pilot Palm Pilot
qnx Qnx
rt11 RT/11
w32run Watcom RUN32
ready to be compiled, similarly as processor module samples.
The exemplary decompiler plugins are shipped with the C++ SDK and can be found in the plugins folder (vds1-vds20) alongside other plugins.
Below are descriptions of sample decompiler plugins.
This plugin decompiles the current function and prints the result in the message window. It is useful to learn how to initialize a decompiler plugin. Please note that all decompiler sample plugins have the "hexrays_" prefix in their names. This is done to make sure that the decompiler plugins are loaded after the hexrays plugin. Otherwise they would see that the decompiler is missing and immediately terminate.
We recommend you to keep the same naming scheme: please use the "hexrays_" prefix for your decompiler plugins.
N.B.: if you're writing a plugin for non-x86 version of the decompiler, you should use another prefix. For example, the x64 decompiler is named "hexx64", ARM is "hexarm" and so on. To be certain, check IDA's "plugins" directory. To debug plugin loading issues, you can use -z20 switch when running IDA.
This plugin shows how to hook to decompiler events and react to them. It also shows how to visit all ctree elements and modify them.
This plugin waits for the decompilation result to be ready and replaces zeroes in pointer contexts with NULLs. One might say that this is just cosmetic change, but it makes the output more readable.
Since the plugin hooks to events, it is fully automatic. The user can disable it by selecting it from the Edit, Plugins menu.
This plugin shows
This is a quite complex plugin but it is thoroughly commented.
This plugin dumps all user-defined information to the message window. Read the source code to learn how to access various user-defined data from your plugins:
This plugin generates a graph from the current pseudocode and displays it with wingraph32.
The source code can be used to learn ctree details.
This plugin modifies the decompilation output: removes some space characters.
The source code can be used to learn the output text.
This plugin demonstrates how to use the cblock_t::iterator class. It enumerates all instructions of a block statement.
This plugin demonstrates how to use the udc_filter_t (User-Defined Call generator) class, which allows replacing cryptic function calls, with a simpler/more-readable counterpart.
This plugin demonstrates how to generate microcode for a given function and print it into the output window. It displays fully optimized microcode but it is also possible to retrieve microcode from earlier stages of decompilation. Generating the microcode text should be used only for debugging purposes. Printing microcode in production code may lead to crashes or wrong info.
This plugin installs a custom microcode optimization rule: call !DbgRaiseAssertionFailure fast:.0 => call !DbgRaiseAssertionFailure <fast:"char *" "assertion text">.0
See also sample19 for another example.
This plugin installs a custom inter-block optimization rule:
L1: goto L2
In other words we fix a goto target if it points to a chain of gotos. This improves the decompiler output is some cases.
This plugin displays list of direct references to a register from the current instruction.
This plugin generates microcode for selection and dumps it to the output window.
This plugin shows xrefs to the called function as the decompiler output. All calls are displayed with the call arguments.
This plugin shows list of possible values of a register using the value range analysis.
This plugin installs a custom instruction optimization rule:
We need this rule because the decompiler cannot propagate the second byte of VAR into the xor instruction.
The XOR opcode can be replaced by any other, we do not rely on it. Also operand sizes can vary.
This plugin shows how to use "Select offsets" widget (select_udt_by_offset() API). This plugin repeats the Alt-Y functionality.
This plugin shows how to specify a register value at a desired location. Such a functionality may be useful when the code to decompile is obfuscated and uses opaque predicates.
This plugin shows how to install a custom microcode optimization rule. Custom rules are useful to handle obfuscated code. See also sample10 for another example.
This plugin shows how to modify the decompiler output on the fly by adding dynamic comments.