clear IDA 7.0 SDK: Porting from IDA 4.9-6.x API to IDA 7.0 API
The SDK now only supports the new 7.0 API in x64 mode. The old SDK 6.95 can be used to develop plugins for IDA 7.0-x86 (which is ABI-compatible with IDA 6.95).
While the API has been revamped somewhat, most basic concepts still hold.
There are still two variants of IDA: one supporting 32-bit (ea_t is 32-bit) and the other 64-bit address space (ea_t is 64-bit). IDA database extensions remain correspondingly '.idb' and '.i64'.
Naming of IDA binaries has been unified across all OS variants:
The IDA GUI binary has been renamed from 'idaq[.exe]' to just 'ida[.exe]'.
The IDA text-mode UI has been renamed from 'idaw.exe' (on Windows) and 'idal' (on Linux/Mac OS X) to 'idat[.exe]' on all platforms.
Plugins, loaders, processor modules, and the kernel now use standard OS-specific suffixes ('.dll', '.so', or '.dylib') instead of custom extensions.
General approaches that were taken when cleaning up the APIs:
Try to use descriptive names and drop old, cryptic abbreviations.
Rename functions using camelCase to snake_case (e.g. 'isFlow' -> 'is_flow').
Move output parameters to the front of the argument list.
Common porting steps for plugins/loaders/modules:
Add __X64__ to the list of preprocessor defines. You still need to compile with or without __EA64__ defined to select between 32- and 64-bit address space.
If using custom build system, change output extension to OS-specific suffixes ('.dll', '.so', or '.dylib').
IDA library link path should start with x64 instead of x86.
Renamed/removed header files
Some headers have been renamed and/or removed:
Commonly used renamed structs and fields
area-related methods have been renamed too (e.g. 'prev_area' -> 'prev_range').
Porting plugins.
The plugin entry prototype has been changed from:
to:
The input parameter is now of type 'size_t', which allows passing a pointer as the argument of run() for extra possibilities.
The rest of the plugin interface is unchanged.
Porting loaders
The prototype for 'accept_file()' has been changed from:
int idaapi accept_file(linput_t *li, char fileformatname[MAX_FILE_FORMAT_NAME], int n);
to:
int idaapi accept_file(qstring *fileformatname, qstring *processor, linput_t *li, const char *filename);
The desired processor may be returned in the 'processor' output parameter.
The return value has been extended with flags 'ACCEPT_ARCHIVE' and 'ACCEPT_CONTINUE'.
Loaders can also process and extract archives now. If you detect an archive, the return value for 'accept_file' should be ORed with the 'ACCEPT_ARCHIVE' flag. After extraction, all loaders are queried again, which means IDA can now handle multiply nested archives.
Non-archive loaders should extend the return value with the 'ACCEPT_CONTINUE' flag.
Porting processor modules
WARNING: The global variables 'cmd' and 'uFlag' are gone.
Most APIs return or accept an 'insn_t' structure with instruction details.
The 'processor_t' structure has had many unused and obsolete fields removed, such as 'flag2', 'rFiles', 'rFnames', 'rFdescs', and 'CPUregs'.
Most callbacks are now handled centrally via the 'notify()' function:
ana.cpp
Change the prototype of 'ana' from:
to:
int idaapi ana(insn_t *_insn);
You may then declare an 'insn_t' reference variable to simplify your code:
Then replace all uses of 'cmd' by 'insn'. You will likely need to pass 'insn' to other helper functions that used 'cmd'.
emu.cpp
Change the prototype of 'emu' from:
to:
int idaapi emu(const insn_t &insn);
Then replace all uses of 'cmd' by 'insn'. You may need to adjust some code if it was relying on cmd being writeable.
out.cpp
The output functions now use a context structure ('outctx_t') instead of operating on a global buffer.
You must declare a class inheriting from 'outctx_t' and override its methods or add new ones for non-standard functions. For example:
Then use one of the two macros from idaidp.hpp:
DECLARE_OUT_FUNCS_WITHOUT_OUTMNEM(out_myproc_t)
or, if you implement 'out_mnem':
DECLARE_OUT_FUNCS(out_myproc_t)
Then prefix old function names with your class and rename them to match methods. For example, from:
to:
Then remove calls to 'init_output_buffer()' and uses of the buffer variable.
Other changes that must be made are:
Replacing references to 'cmd' with 'insn';
Replacing term_output_buffer()/MakeLine() sequence with flush_outbuf().
Most of the other code can remain intact or can be replaced by the new helper functions.
For other output-related callbacks, convert them to take an 'outctx_t &ctx' parameter and use its methods. For example, from:
void idaapi header(void);
to:
void idaapi myproc_header(outctx_t &ctx)
See the changes to 'ua.hpp' below for more information on converting the functions.
Also, see the SDK samples for more ideas.
reg.cpp
Remove the old callbacks from the 'processor_t' structure and call them from the 'notify()' function instead. For example:
For 'ev_out_insn', call 'out_insn()' generated by the macro in out.cpp:
Porting notifications
When hooking notifications, return 0 for "not handled" instead of 1 as before.
Many notifications had their arguments types and/or order changed. Double-check your handlers against the new headers.
Instead of calling ph.notify() or similar, prefer helper inline functions for additional type safety. For example, use 'ph.get_operand_string()' instead of 'ph.notify(processor_t::get_operand_string, ...)'.
original IDP event
new IDB notification
UI: Porting choosers
Make a new class derived from 'chooser_t' or 'chooser_multi_t'. Its fields are similar to arguments of 'choose2()' from IDA 6.95.
You should implement at least 2 methods:
The 'get_row()' method combines 3 methods of 6.95's old 'chooser_info_t':
If you want to show actions Ins/Delete/Edit/Refresh in a popup-menu you should set new bits 'CH_CAN_...' in the 'flags' member.
Changes per file in the SDK
This section describes in detail the changes to the APIs for each file in the SDK.
NOTE: global variables 'auto_state', 'auto_display', and 'autoEnabled' have been removed.
[1] output argument moved to beginning of argument list
original name
new name
[1]
Notes
NOTE: The misleading term "ASCII string" has been replaced by "string literal" (strlit).
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
Notes
config.hpp (NEW file)
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
[4]
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
NOTE: global variable 'enums' has been removed.
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
Notes
[1] input argument changed from 'int32' to 'qoff64_t'
[2] return type changed from 'int32' to 'qoff64_t'
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
Notes
[1] input argument changed from 'TCustomControl *' to 'graph_viewer_t *'
original name
new name
[1]
Notes
[1] output argument moved to beginning of argument list
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
Notes
[1] output argument moved to beginning of argument list
ints.hpp (REMOVED)
original name
new name
Notes
NOTE: Please note that in IDA version 6.7 we introduced the Actions API, which deprecated many functions related to augmenting functionality in IDA.
Those previously deprecated functions have been removed. For more details about the Actions API, please visit our old blog post from 2014:
NOTE: 'TForm', 'TCustomControl', and 'TWinControl' have been replaced by 'TWidget'
NOTE: global variable 'dirty_infos' has been removed.
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
[4]
[5]
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
Notes
[1] output argument moved to beginning of argument list
[2] output argument changed from reference to pointer
original name
new name
[1]
[2]
NOTE: global variables 'database_flags', 'command_line_file', 'idb_path', and 'id0_path' have been removed.
NOTE: class 'loader_jump' has been renamed to 'loader_failure_t'
[1] output argument moved to beginning of argument list
[2] input argument changed from 'int32' to 'qoff64_t'
original name
new name
[1]
[2]
[3]
Notes
NOTE: 'curloc_t' and 'location_t' have been replaced by 'lochist_t'.
NOTE: global variable 'import_node' has been removed.
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
Notes
original name
new name
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
Notes
problems.h (RENAMED from queue.hpp)
NOTE: 'qtype_t' has been changed to 'problist_id_t'.
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
Notes
NOTE: global variables 'codepage' and 'oemcodepage' have been removed.
[1] output argument moved to beginning of argument list
original name
new name
[1]
Notes
range.h (RENAMED from area.hpp)
NOTE: some classes have been renamed: - 'area_t' has been renamed to 'range_t' - 'areavec_t' has been renamed to 'rangevec_t' - 'areaset_t' has been renamed to 'rangeset_t'
NOTE: the classes 'rangecb_t', 'ranges_cache_t', and 'lock_range' have been removed
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
[1] output argument moved to beginning of argument list
original name
new name
[1]
Notes
NOTE: global variables 'hidden_ranges', 'funcs', and 'segs' have been removed.
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
[1]
[2]
[3]
Notes
segregs.hpp (RENAMED from srarea.hpp)
NOTE: type 'segreg_area_t' has been renamed to 'sreg_range_t'
original name
new name
Notes
sistack.h (REMOVED)
[1] output argument moved to beginning of argument list
original name
new name
[1]
Notes
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
tryblks.hpp (NEW file)
NOTE: global variable 'idati' has been removed.
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
Notes
WARNING: The global variables 'cmd' and 'uFlag' are gone.
All functions previously operating on 'cmd' now accept an 'insn_t' pointer or reference. Use get_flags() (or, if you really need it, get_full_flags()) to read the current flags.
NOTE: The maximum number of instruction operands (UA_MAXOP) has increased to 8.
NOTE: class 'outctx_base_t' has been added to replace functions that generate the disassembly text
NOTE: global variable 'lookback' has been removed.
[1] output argument moved to beginning of argument list
[2] output buffer converted to qstring
original name
new name
[1]
[2]
[3]
[4]
[5]
Notes
[1] output argument moved to beginning of argument list
[2] input argument changed from pointer to reference