Is a member id?
     id         - any id
returns: 1 there is structure member with the specified ID
         0 otherwise

long is_member_id(id);

get member id by member ordinal number
     id         - structure type ID
     member_idx - member ordinal number
returns: -1 if bad structure type ID is passed or there is
         no member with the specified index
         otherwise returns the member id.

long get_member_by_idx(long id, long member_idx);

Convenience function to load a type into a type library.
'name' may be empty for anonymous types.

     flags   -  combination of LOADTYPE_ constants,
                in case of 0 the LOADTYPE_DEFAULT is used
     ordinal -  slot number (1...NumberOfLocalTypes), is ignored if LOADTYPE_USEORD is clear
     name    -  type name
     type    -  serialized type string (internal type represenation)
     fields  -  serialized field names
     cmt     -  type comment
     fldcmts -  serialized field comments
     sclass  -  storage class of the type

set a selector value
        arguments:      sel - the selector number
                        val - value of selector
        returns:        nothing
        note:           ida supports up to 4096 selectors.
                        if 'sel' == 'val' then the
                        selector is destroyed because
                        it has no significance

void set_selector(long sel, long value);

Get number of local types + 1
returns: value >= 1. 1 means that there are no local types.

long get_ordinal_limit();

Enable step tracing
     trace_level - what kind of trace to modify
     enable      - 0: turn off, 1: turn on
Returns: success

success enable_tracing(long trace_level, long enable);

#define TRACE_STEP 0x0  // lowest level trace. trace buffers are not maintained
#define TRACE_INSN 0x1  // instruction level trace
#define TRACE_FUNC 0x2  // function level trace (calls & rets)
#define TRACE_BBLK 0x4  // basic block level trace

Delete a segment
  ea      - any address in the segment
  flags   - combination of SEGMOD_... flags

success del_segm(long ea, long flags);

#define SEGMOD_KILL    0x0001 // disable addresses if segment gets shrinked or deleted
#define SEGMOD_KEEP    0x0002 // keep information (code & data, etc)
#define SEGMOD_SILENT  0x0004 // be silent
#define SEGMOD_KEEP0   0x0008 // flag for internal use, don't set
#define SEGMOD_KEEPSEL 0x0010 // do not try to delete unused selector
#define SEGMOD_NOMOVE  0x0020 // don't move info from the start of segment to
                              // the new start address (for set_segment_bounds())
#define SEGMOD_SPARSE  0x0040 // use sparse storage if extending the segment
                              // (for set_segment_bounds())
                              

find previous address with fixup information
     ea - current address
returns: -1 - no more fixups
         otherwise returns the previous address with fixup information

long get_prev_fixup_ea(long ea);

get bitmask comment (only for bitfields)
     enum_id - id of enum
     bmask   - bitmask of the constant
     repeatable - type of comment, 0-regular, 1-repeatable
returns: comment attached to bitmask if it exists.
         otherwise returns 0.

long get_bmask_cmt(long enum_id, long bmask, long repeatable);

The following functions search for the specified byte
     ea - address to start from
     flag is combination of the following bits:
Returns BADADDR - not found

#define SEARCH_UP       0x00            // search backward
#define SEARCH_DOWN     0x01            // search forward
#define SEARCH_NEXT     0x02            // start the search at the next/prev item
                                        // useful only for find_text() and find_binary()
                                        // for other Find.. functions it is implicitly set
#define SEARCH_CASE     0x04            // search case-sensitive
                                        // (only for bin&txt search)
#define SEARCH_REGEX    0x08            // enable regular expressions (only for txt)
#define SEARCH_NOBRK    0x10            // don't test ctrl-break
#define SEARCH_NOSHOW   0x20            // don't display the search progress

long find_suspop(long ea, long flag);
long find_code(long ea, long flag);
long find_data(long ea, long flag);
long find_unknown(long ea, long flag);
long find_defined(long ea, long flag);
long find_imm(long ea, long flag, long value);
long find_text(long ea, long flag, long y, long x, string str);
                // y - number of text line at ea to start from (0..MAX_ITEM_LINES)
                // x - x coordinate in this line
long find_binary(long ea, long flag, string str);
                // str - a string as a user enters it for Search Text in Core
                //      example:  "41 42" - find 2 bytes 41h, 42h
                // The default radix depends on the current IDP module
                // (radix for ibm pc is 16)

End type updating. Refreshes the type system
at the end of type modification operations

     utp  - (one of UTP_... consts)
returns: none

Change value of a program byte
If debugger was active then the debugged process memory will be patched too
     ea    - linear address
     value - new value of the byte
Returns: 1 if the database has been modified,
         0 if either the debugger is running and the process' memory
           has value 'value' at address 'ea',
           or the debugger is not running, and the IDB
           has value 'value' at address 'ea already.

success patch_byte(long ea, long value);

Get a description of the module that contains the given ea
returned objct has attributes:
  "name"      - the full path of the module
  "base"      - module's base address
  "size"      - module size
  "rebase_to" - address the module was rebased to
                BADADDR if module was not rebased at all

object get_module_info(long ea);

change structure member name
     id            - structure type ID
     member_offset - offset of the member
     name          - new name of the member
returns: !=0 - ok.

long set_member_name(long id, long member_offset, string name);

delete structure member
     id            - structure type ID
     member_offset - offset of the member
returns: !=0 - ok.
NOTE: IDA allows 'holes' between members of a structure.
      It treats these 'holes' as unnamed arrays of bytes.

long del_struc_member(long id, long member_offset);

Read from debugger memory
     ea - linear address
     size - size of data to read
returns: data as a string. If failed, If failed, throws an exception
Thread-safe function (may be called only from the main thread and debthread)

string read_dbg_memory(long ea, long size);

get width of enum elements
     enum_id - ID of enum
returns: size of enum elements in bytes
         (0 if enum_id is bad or the width is unknown).

long get_enum_width(long enum_id);

delete a structure type
     id - structure type ID
returns: 0 if bad structure type ID is passed
         1 otherwise the structure type is deleted. All data
           and other structure types referencing to the
           deleted structure type will be displayed as array of bytes.

success del_struc(long id);

get file length
     handle - file handle
returns: -1 - error
         otherwise file length in bytes
Thread-safe function.

long filelength(long handle);

Check the variable type
Returns true if the variable type is the expected one
Thread-safe functions.

success value_is_string(var);
success value_is_long(var);
success value_is_float(var);
success value_is_object(var);
success value_is_func(var);
success value_is_pvoid(var);
success value_is_int64(var);

  'ea' is a linear address
  'success' is 0 if a function fails, 1 otherwise
  'void' means that function returns no meaningful value (always 0)
  'anyvalue' means that function may return value of any type

get value of the IP (program counter) register for the current thread

long get_ip_val();

Delete an extra comment line
     ea   - linear address
     n    - number of additional line (0..MAX_ITEM_LINES)
To delete anterior  line #n use (E_PREV + n)
To delete posterior line #n use (E_NEXT + n)

void del_extra_cmt(long ea, long n);

Specify instruction representation manually.
     ea   - linear address
     insn - a string representation of the operand
IDA will not check the specified instruction, it will simply display
it instead of the original representation.

void set_manual_insn(long ea, string insn);

Get indented comment
     ea - linear address
     repeatable: 0-regular, !=0-repeatable comment

string get_cmt(long ea, long repeatable);

Get IDB full path
This function returns full path of the current IDB database

string get_idb_path();

Get the extension of file name

string get_file_ext(string filename);

Sanitize the file name.
Remove the directory path, and replace wildcards ? * and chars<' ' with underscore.

string sanitize_file_name(string filename);

expand or shrink a structure type
     id     - structure type ID
     offset - offset in the structure
     delta  - how many bytes to add or remove
     recalc - recalculate the locations where
              the structure type is used
returns: !=0 - ok

success expand_struc(long id, long offset, long delta, long recalc);

read 2 bytes from file
     handle    - file handle
     mostfirst - 0 least significant byte is first (intel)
                 1 most  significant byte is first
returns: -1 - error
         otherwise: a 16-bit value
Thread-safe function.

long readshort(long handle, long mostfirst);

rename a file
     oldname - existing file name
     newname - new file name
returns: error code from the system
Thread-safe function.

long rename(string oldname, string newname);

Some ARM compilers in Thumb mode use BL (branch-and-link)
instead of B (branch) for long jumps, since BL has more range.
By default, IDA tries to determine if BL is a jump or a call.
You can override IDA's decision using commands in Edit/Other menu
(Force BL call/Force BL jump) or the following two functions.

//  Force BL instruction to be a jump
//       ea - address of the BL instruction
//  returns: 1-ok, 0-failed

success force_bl_jump(long ea);

//  Force BL instruction to be a call
//       ea - address of the BL instruction
//  returns: 1-ok, 0-failed

success force_bl_call(long ea);

Change IDA indicator.
Returns the previous status.

long set_ida_state(long status);

#define IDA_STATUS_READY    0 // READY     IDA is idle
#define IDA_STATUS_THINKING 1 // THINKING  Analyzing but the user may press keys
#define IDA_STATUS_WAITING  2 // WAITING   Waiting for the user input
#define IDA_STATUS_WORK     3 // BUSY      IDA is busy

Create a structure data item at the specified address
     ea      - linear address
     size    - structure size in bytes. -1 means that the size
               will be calculated automatically
     strname - name of a structure type
returns: 1-ok, 0-failure

success create_struct(long ea, long size, string strname);

get size of a member
     id            - structure type ID
     member_offset - member offset. The offset can be
                     any offset in the member. For example,
                     is a member is 4 bytes long and starts
                     at offset 2, then 2, 3, 4, 5 denote
                     the same structure member.
returns: -1 if bad structure type ID is passed
            or no such member in the structure
         otherwise returns size of the specified member in bytes.

long get_member_size(long id, long member_offset);

set a comment of a symbolic constant
     const_id - id of const
     cmt     - new comment for the constant
     repeatable - 0:set regular comment
                  1:set repeatable comment
returns: 1-ok, 0-failed

success set_enum_member_cmt(long const_id, string cmt, long repeatable);

Store a type in the til.
To replace the existing type use #NTF_REPLACE
     name    -  type name
     type    -  serialized type string
     fields  -  serialized type fields
     cmt     -  main type comment
     fldcmts -  serialized type field comments
     sclass  -  type storage class

tinfo_code_t set_named_type(
        string name,
        long ntf_flags,
        string type,
        string fields="",
        string cmt="",
        string fldcmts="",
        long sclass=0);

Get the file name part of the given path

string qbasename(string path);

Load (plan to apply) a FLIRT signature file
     name - signature name without path and extension
returns: 0 if could not load the signature file, !=0 otherwise

success plan_to_apply_idasgn(string name);

Plan to perform an action in the future.
This function will put your request to a special autoanalysis queue.
Later IDA will retrieve the request from the queue and process
it. There are several autoanalysis queue types. IDA will process all
queries from the first queue and then switch to the second queue, etc.

// plan/unplan range of addresses
void auto_mark_range(long start, long end, long queuetype);
void auto_unmark(long start, long end, long queuetype);

// plan to analyze an address
#define auto_mark(ea, qtype)      auto_mark_range(ea, (ea)+1, qtype)

#define AU_UNK  10      // make unknown
#define AU_CODE 20      // convert to instruction
#define AU_PROC 30      // make function
#define AU_USED 40      // reanalyze
#define AU_LIBF 60      // apply a flirt signature (the current signature!)
#define AU_FINAL 200    // coagulate unexplored items

Display an UTF-8 encoded message in the message window
     format - printf() style format string
     ...    - additional parameters if any
This function can be used to debug IDC scripts
The result of the stringification of the arguments
will be treated as an UTF-8 string.
Thread-safe function.

void msg(string format, ...);

// Print variables in the message window
// This function print text representation of all its arguments to the output window.
// This function can be used to debug IDC scripts

void print(...);

// Display a message in a message box
//      format - printf() style format string
//      ...    - additional parameters if any
// This function can be used to debug IDC scripts
// The user will be able to hide messages if they appear twice in a row on the screen

void warning(string format, ...);

// Display a fatal message in a message box and quit IDA
//      format - printf() style format string
//      ...    - additional parameters if any

void error(string format, ...);

get id of enum by id of constant
     const_id - id of symbolic constant
returns: id of enum the constant belongs to.
                        -1 if const_id is bad.

long get_enum_member_enum(long const_id);

        target + tdelta - base

If the target is not present, then it will be calculated using
        target = operand_value - tdelta + base
The target must be present for LOW.. and HIGH.. reference types
     ea      - linear address of the instruction/data
     n       - number of operand to convert (the same as in op_plain_offset)
     reftype - one of REF_... constants
     target  - an explicitly specified expression target. if you don't
               want to specify it, use -1. Please note that LOW... and
               HIGH... reference type require the target.
     base    - the offset base (a linear address)
     tdelta  - a displacement from the target which will be displayed
               in the expression.

success op\_offset(long ea, int n, long reftype, long target, long base, long tdelta);

#define REF_OFF8    0              // 8bit full offset
#define REF_OFF16   1              // 16bit full offset
#define REF_OFF32   2              // 32bit full offset
#define REF_LOW8    3              // low 8bits of 16bit offset
#define REF_LOW16   4              // low 16bits of 32bit offset
#define REF_HIGH8   5              // high 8bits of 16bit offset
#define REF_HIGH16  6              // high 16bits of 32bit offset
#define V695_REF_VHIGH   7         // obsolete
#define V695_REF_VLOW    8         // obsolete
#define REF_OFF64   9              // 64bit full offset
                                   // note: processor modules or plugins may register additional
                                   // custom reference types (for example, REF_HIGHA16 is
                                   // used by MIPS, SPARC, PPC, ALPHA, TRICORE, etc.)
#define REFINFO_RVA         0x10   // based reference (rva)
#define REFINFO_PASTEND     0x20   // reference past an item
                                   // it may point to an nonexistitng address
                                   // do not destroy alignment dirs
#define REFINFO_NOBASE      0x80   // offset base is a number
                                   // implies that base have be any value
                                   // nb: base xrefs are created only if base
                                   // points to the middle of a segment
#define REFINFO_SUBTRACT  0x0100   // the reference value is subtracted from
                                   // the base value instead of (as usual)
                                   // being added to it
#define REFINFO_SIGNEDOP  0x0200   // the operand value is sign-extended (only
                                   // supported for REF_OFF8/16/32/64)
#define REFINFO_NO_ZEROS  0x0400  ///< an opval of 0 will be considered invalid
#define REFINFO_NO_ONES   0x0800  ///< an opval of ~0 will be considered invalid

rename entry point
     ordinal - entry point number
     name    - new name
returns: !=0 - ok

success rename_entry(long ordinal, string name);

Return length of a string in bytes
     str - input string
Returns: length (0..n)
Thread-safe function.

long strlen(string str);

Get extra comment line
     ea - linear address
     n  - number of line (0..MAX_ITEM_LINES)
          MAX_ITEM_LINES is defined in IDA.CFG
To get anterior  line #n use (E_PREV + n)
To get posterior line #n use (E_NEXT + n)
Returns number 0 if the comment line does not exit

string get_extra_cmt(long ea, long n);

get flag of enum
     enum_id - ID of enum
returns: flags of enum. These flags determine representation
         of numeric constants (binary, octal, decimal, hex)
         in the enum definition. See start of this file for
         more information about flags.
         Returns 0 if enum_id is bad.

long get_enum_flag(long enum_id);

read one byte from file
     handle  - file handle
returns: -1 - error
         otherwise a byte read.
Thread-safe function.

long fgetc(long handle);

get index of the last existing array element
     tag     - tag of array (AR_LONG or AR_STR)
     id      - array id
returns: -1 - array is empty
         otherwise returns index of the last array element

long get_last_index(long tag, long id);

Get address of the specified field using the type information
     ea         - address of the structure
     field_name - name of the structure field
If the database contains a structure at the specified ea and the
type information is present, this function will return the address of the
structure field.

long get_field_ea(long ea, string field_name);

For example:

  .data:00413060 errtable        dd 1   ; oscode
  .data:00413060                 dd 16h ; errnocode

        msg("address is: %x\n", _errtable.errnocode);

get structure ID by structure name
     structure type name
returns: -1 if bad structure type name is passed
         otherwise returns structure ID.

long get_struc_id(string name);

create array
     name - name of array. There are no restrictions
            on the name (its length should be less than
            120 characters, though)
returns: -1 - can't create array (it already exists)
         otherwise returns id of the array

long create_array(string name);

Set storage type
     start_ea - starting address
     end_ea   - ending address
     stt     - new storage type, one of STT_VA and STT_MM
returns: 0 - ok, otherwise internal error code

long set_storage_type(long start_ea, long end_ea, long stt);

#define STT_VA 0  // regular storage: virtual arrays, an explicit flag for each byte
#define STT_MM 1  // memory map: sparse storage. useful for huge objects

get structure type comment
     id         - structure type ID
     repeatable - 1: get repeatable comment
                  0: get regular comment
returns: 0 if bad structure type ID is passed
         otherwise returns comment.

string get_struc_cmt(long id, long repeatable);

set string value of array element
     id      - array id
     idx     - index of an element
     str     - string to store in array element
returns: 1-ok, 0-failed

success set_array_string(long id, long idx, string str);

get size of a structure
     id         - structure type ID
returns: 0 if bad structure type ID is passed
         otherwise returns size of structure in bytes.

long get_struc_size(long id);

Select the given thread as the current debugged thread.
     tid - ID of the thread to select
The process must be suspended to select a new thread.
returns: success

success select_thread(long tid);

Demangle a name
     name - name to demangle
     disable_mask - a mask that tells how to demangle the name
                    it is a good idea to get this mask using
                    get_inf_attr(INF_SHORT_DN) or get_inf_attr(INF_LONG_DN)
Returns: a demangled name
If the input name cannot be demangled, returns 0

string demangle_name(string name, long disable_mask);

Del object attribute
     self  - object
     attr  - attribute name
Thread-safe function.

success delattr(object self, string attr);

get next bitmask in the enum (bitfield)
     enum_id - id of enum
     bmask   - value of the current bitmask
returns: value of a bitmask with value higher than the specified
         value. -1 if no such bitmasks exist.
         All bitmasks are sorted by their values as unsigned longs.

long get_next_bmask(long enum_id, long value);

find next address with fixup information
     ea - current address
returns: -1 - no more fixups
         otherwise returns the next address with fixup information

long get_next_fixup_ea(long ea);

Generate a function call graph GDL file
     outfile - output file name. GDL extension will be used
     title   - graph title
     ea1     - beginning of the range to flow chart
     ea2     - end of the range to flow chart. if ea2 == BADADDR
               then ea1 is treated as an address within a function.
               That function will be flow charted.
     flags   - combination of CHART_GEN_GDL, CHART_WINGRAPH, CHART_NOLIBFUNCS

success gen_simple_call_chart(string outfile, string title, long flags);

Change value of a quad word
     ea    - linear address
     value - new value of the quad word
Returns: 1 if the database has been modified,
         0 if either the debugger is running and the process' memory
           has value 'value' at address 'ea',
           or the debugger is not running, and the IDB
           has value 'value' at address 'ea' already.

success patch_qword(long ea, long value);

get name of enum
     enum_id - ID of enum
returns: name of enum or empty string

string get_enum_name(long enum_id);

Return the debugger event condition

returns: event condition

string get_debugger_event_cond();

Read one byte from the input file
Returns -1 if no more bytes

long loader_input_t.getc();

Get value of program quadro word (8 bytes) using the debugger memory
     ea - linear address
returns: the value of the quadro word. If failed, throws an exception
Thread-safe function (may be called only from the main thread and debthread)

long read_dbg_qword(long ea);

delete a selector
        arguments:      sel - the selector number to delete
        returns:        nothing
        note:           if the selector is found, it will
                        be deleted

void del_selector(long sel);

Get disassembly line
     ea - linear address of instruction
     flags - combination of the GENDSM_ flags, or 0
returns: "" - could not decode instruction at the specified location
note: this function may return not exactly the same mnemonics
as you see on the screen.

string generate_disasm_line(long ea, long flags);  // get disassembly line

// flags for generate_disasm_line
#define GENDSM_FORCE_CODE 1     // generate a disassembly line as if
                                // there is an instruction at 'ea'
#define GENDSM_MULTI_LINE 2     // if the instruction consists of several lines,
                                // produce all of them(useful for parallel instructions)

Add hotkey for IDC function
     hotkey  - hotkey name ('a', "Alt-A", etc)
     idcfunc - IDC function name
returns:
#define IDCHK_OK        0       // ok
#define IDCHK_ARG       -1      // bad argument(s)
#define IDCHK_KEY       -2      // bad hotkey name
#define IDCHK_MAX       -3      // too many IDC hotkeys

long add_idc_hotkey(string hotkey, string idcfunc);

Convert string to lowercase
     str    - input string
returns: lowercase string
Thread-safe function.

string tolower(string str);

Set a new debugger event condition

string set_debugger_event_cond(string condition);

retrieve entry point address
     ordinal - entry point number
               it is returned by get_entry_ordinal()
returns: -1 if entry point doesn't exist
         otherwise entry point address.
         If entry point address is equal to its ordinal
         number, then the entry point has no ordinal.

long get_entry(long ordinal);

Get base address of the input file

long get_imagebase();

Generate an output file
     type  - type of output file. One of OFILE_... symbols. See below.
     fp    - the output file handle
     ea1   - start address. For some file types this argument is ignored
     ea2   - end address. For some file types this argument is ignored
     flags - bit combination of GENFLG_...
returns: number of the generated lines.
         -1 if an error occurred
         OFILE_EXE: 0-can't generate exe file, 1-ok

int gen_file(long type, long file_handle, long ea1, long ea2, long flags);

// output file types:

#define OFILE_MAP  0
#define OFILE_EXE  1
#define OFILE_IDC  2
#define OFILE_LST  3
#define OFILE_ASM  4
#define OFILE_DIF  5

// output control flags:

#define GENFLG_MAPSEGS 0x0001          // map: generate map of segments
#define GENFLG_MAPNAME 0x0002          // map: include dummy names
#define GENFLG_MAPDMNG 0x0004          // map: demangle names
#define GENFLG_MAPLOC  0x0008          // map: include local names
#define GENFLG_IDCTYPE 0x0008          // idc: gen only information about types
#define GENFLG_ASMTYPE 0x0010          // asm&lst: gen information about types too
#define GENFLG_GENHTML 0x0020          // asm&lst: generate html (gui version only)
#define GENFLG_ASMINC  0x0040          // asm&lst: gen information only about types
#define GENFLG_TIPLACE 0x0080          // asm&lst: dump tiplace (c syntax)
#define GENFLG_TIPLACE_ASM 0x0100      // asm&lst: dump tiplace (asm syntax)

Get the address of a symbol created by the debugger module

long get_debug_name_ea(string name);

Get id of a custom data format
     name - name of the custom data format
Returns: id or -1

long find_custom_data_format(string name);

change function end address
     ea  - any address belonging to the function
     end - new function end address
returns: !=0 - ok

success set_func_end(long ea, long end);

Stop the debugger
Kills the currently debugger process and returns to the disassembly mode
   arguments: none
returns: success

success exit_process();

Convert ascii string to a binary number.
(this function is the same as hexadecimal 'strtoul' from C library,
 use long() for atol)
Thread-safe function.

long xtol(string str);

delete array
This function deletes all elements of the array.
     id      - array id

void delete_array(long id);

Get exception code
     idx - number of exception in the vector (0..get_exception_qty()-1)
returns: exception code (0 - error)

long get_exception_code(long idx);

Load a type library
     name - name of type library.
returns: 1-ok, 0-failed.

success add_default_til(string name);

set comment of enum
     enum_id    - id of enum
     cmt        - new comment for the enum
     repeatable - 0:set regular comment
                  1:set repeatable comment
returns: 1-ok, 0-failed

success set_enum_cmt(long enum_id, string cmt, long repeatable);

Detach the debugger from the debugged process.

success detach_process();

Get one wide word (2 'byte') of the program at 'ea'.
     ea - linear address
returns: the value of the word. If word has no value then returns 0xFFFF
Some processors may access more than 8bit quantity at an address.
These processors have 32-bit byte organization from the IDA's point of view.
This function takes into account order of bytes specified in inf.is_be()

long get_wide_word(long ea);
#define word(ea) get_wide_word(ea)

    mark position
         ea      - address to mark
         lnnum   - number of generated line for the 'ea'
         x       - x coordinate of cursor
         y       - y coordinate of cursor
         slot    - slot number: 0..1023
                   if the specified value is not within the range,
                   IDA will ask the user to select slot.
         comment - description of the mark.
                   Should be not empty.
    returns: none

    void put_bookmark(long ea, long lnnum, long x, long y, long slot, string comment);