function module¶

`binaryninja.function.AdvancedFunctionAnalysisDataRequestor`([func])
`binaryninja.function.ConstantReference`(val, ...)
`binaryninja.function.DisassemblySettings`([...])
`binaryninja.function.DisassemblyTextLine`(...)
`binaryninja.function.Function`(view, handle)
`binaryninja.function.FunctionGraph`(view, handle)
`binaryninja.function.FunctionGraphBlock`(...)
`binaryninja.function.FunctionGraphEdge`(...)
`binaryninja.function.IndirectBranchInfo`(...)
`binaryninja.function.InstructionBranch`(...)
`binaryninja.function.InstructionInfo`()
`binaryninja.function.InstructionTextToken`(...)	`class InstructionTextToken` is used to tell the core about the various components in the disassembly views.
`binaryninja.function.IntrinsicInfo`(inputs, ...)
`binaryninja.function.IntrinsicInput`(type_obj)
`binaryninja.function.LookupTableEntry`(...)
`binaryninja.function.ParameterVariables`(var_list)
`binaryninja.function.PossibleValueSet`(arch, ...)
`binaryninja.function.RegisterInfo`(...[, ...])
`binaryninja.function.RegisterStackInfo`(...)
`binaryninja.function.RegisterValue`([arch, ...])
`binaryninja.function.StackVariableReference`(...)
`binaryninja.function.ValueRange`(start, end, step)
`binaryninja.function.Variable`(func, ...[, ...])
`binaryninja.function.range`(*args)	A Python2 and Python3 Compatible Range Generator

class binaryninja.function.AdvancedFunctionAnalysisDataRequestor(func=None)[source]¶

Bases: object

close()[source]¶

function¶

class binaryninja.function.ConstantReference(val, size, ptr, intermediate)[source]¶: Bases: object

class binaryninja.function.DisassemblySettings(handle=None)[source]¶

Bases: object

is_option_set(option)[source]¶

max_symbol_width¶

set_option(option, state=True)[source]¶

width¶

class binaryninja.function.DisassemblyTextLine(addr, tokens, il_instr=None)[source]¶: Bases: object

class binaryninja.function.Function(view, handle)[source]¶

Bases: object

analysis_performance_info¶

analysis_skip_override¶: Override for skipping of automatic analysis

analysis_skip_reason¶: Function analysis skip reason

analysis_skipped¶: Whether automatic analysis was skipped for this function

apply_auto_discovered_type(func_type)[source]¶

apply_imported_types(sym)[source]¶

arch¶: Function architecture (read-only)

auto¶: Whether function was automatically discovered (read-only)

basic_blocks¶: List of basic blocks (read-only)

calling_convention¶: Calling convention used by the function

can_return¶: Whether function can return

clobbered_regs¶: Registers that are modified by this function

comment¶: Gets the comment for the current function

comments¶: Dict of comments (read-only)

create_auto_stack_var(offset, var_type, name)[source]¶

create_auto_var(var, var_type, name, ignore_disjoint_uses=False)[source]¶

create_graph()[source]¶

create_user_stack_var(offset, var_type, name)[source]¶

create_user_var(var, var_type, name, ignore_disjoint_uses=False)[source]¶

delete_auto_stack_var(offset)[source]¶

delete_auto_var(var)[source]¶

delete_user_stack_var(offset)[source]¶

delete_user_var(var)[source]¶

explicitly_defined_type¶: Whether function has explicitly defined types (read-only)

function_type¶: Function type object

get_basic_block_at(addr, arch=None)[source]¶

get_basic_block_at returns the BasicBlock of the optionally specified Architecture arch at the given address addr.

Parameters:	addr (int) – Address of the BasicBlock to retrieve. arch (Architecture) – (optional) Architecture of the basic block if different from the Function’s self.arch
Example:	>>> current_function.get_basic_block_at(current_function.start) <block: x86_64@0x100000f30-0x100000f50>

get_block_annotations(addr, arch=None)[source]¶

get_call_reg_stack_adjustment(addr, arch=None)[source]¶

get_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, arch=None)[source]¶

get_call_stack_adjustment(addr, arch=None)[source]¶

get_comment_at(addr)[source]¶

get_constants_referenced_by(addr, arch=None)[source]¶

get_flags_read_by_lifted_il_instruction(i)[source]¶

get_flags_written_by_lifted_il_instruction(i)[source]¶

get_indirect_branches_at(addr, arch=None)[source]¶

get_instr_highlight(addr, arch=None)[source]¶

Example:	>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0)) >>> current_function.get_instr_highlight(here) <color: #ff00ff>

get_int_display_type(instr_addr, value, operand, arch=None)[source]¶

get_lifted_il_at(addr, arch=None)[source]¶

get_lifted_il_flag_definitions_for_use(i, flag)[source]¶

get_lifted_il_flag_uses_for_definition(i, flag)[source]¶

get_low_level_il_at(addr, arch=None)[source]¶

get_low_level_il_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters:	addr (int) – virtual address of the function to be queried arch (Architecture) – (optional) Architecture for the given function
Return type:	LowLevelILInstruction
Example:	>>> func = bv.functions[0] >>> func.get_low_level_il_at(func.start) <il: push(rbp)>

get_low_level_il_exits_at(addr, arch=None)[source]¶

get_parameter_at(addr, func_type, i, arch=None)[source]¶

get_parameter_at_low_level_il_instruction(instr, func_type, i)[source]¶

get_reg_value_after(addr, reg, arch=None)[source]¶

get_reg_value_after gets the value instruction address corresponding to the given virtual address

Parameters:	addr (int) – virtual address of the instruction to query reg (str) – string value of native register to query arch (Architecture) – (optional) Architecture for the given function
Return type:	binaryninja.function.RegisterValue
Example:	>>> func.get_reg_value_after(0x400dbe, 'rdi') <undetermined>

get_reg_value_at(addr, reg, arch=None)[source]¶

get_reg_value_at gets the value the provided string register address corresponding to the given virtual address

Parameters:	addr (int) – virtual address of the instruction to query reg (str) – string value of native register to query arch (Architecture) – (optional) Architecture for the given function
Return type:	binaryninja.function.RegisterValue
Example:	>>> func.get_reg_value_at(0x400dbe, 'rdi') <const 0x2>

get_reg_value_at_exit(reg)[source]¶

get_regs_read_by(addr, arch=None)[source]¶

get_regs_written_by(addr, arch=None)[source]¶

get_stack_contents_after(addr, offset, size, arch=None)[source]¶

get_stack_contents_at(addr, offset, size, arch=None)[source]¶

get_stack_contents_at returns the RegisterValue for the item on the stack in the current function at the given virtual address addr, stack offset offset and size of size. Optionally specifying the architecture.

Parameters:	addr (int) – virtual address of the instruction to query offset (int) – stack offset base of stack size (int) – size of memory to query arch (Architecture) – (optional) Architecture for the given function
Return type:	binaryninja.function.RegisterValue

Note

Stack base is zero on entry into the function unless the architecture places the return address on the

stack as in (x86/x86_64) where the stack base will start at address_size

Example:	>>> func.get_stack_contents_at(0x400fad, -16, 4) <range: 0x8 to 0xffffffff>

get_stack_var_at_frame_offset(offset, addr, arch=None)[source]¶

get_stack_vars_referenced_by(addr, arch=None)[source]¶

get_type_tokens(settings=None)[source]¶

global_pointer_value¶: Discovered value of the global pointer register, if the function uses one (read-only)

has_variable_arguments¶: Whether the function takes a variable number of arguments

indirect_branches¶: List of indirect branches (read-only)

instructions¶: A generator of instruction tokens and their start addresses for the current function

lifted_il¶: returns LowLevelILFunction used to represent lifted IL (read-only)

llil_basic_blocks¶: A generator of all LowLevelILBasicBlock objects in the current function

llil_instructions¶: A generator of llil instructions of the current function

low_level_il¶: returns LowLevelILFunction used to represent Function low level IL (read-only)

mark_recent_use()[source]¶

medium_level_il¶: Function medium level IL (read-only)

mlil_basic_blocks¶: A generator of all MediumLevelILBasicBlock objects in the current function

mlil_instructions¶: A generator of mlil instructions of the current function

name¶: Symbol name for the function

needs_update¶: Whether the function has analysis that needs to be updated (read-only)

parameter_vars¶: List of variables for the incoming function parameters

platform¶: Function platform (read-only)

reanalyze()[source]¶

reanalyze causes this functions to be reanalyzed. This function does not wait for the analysis to finish.

Return type:	None

reg_stack_adjustments¶: Number of entries removed from each register stack after return

release_advanced_analysis_data()[source]¶

request_advanced_analysis_data()[source]¶

return_regs¶: Registers that are used for the return value

return_type¶: Return type of the function

session_data¶: Dictionary object where plugins can store arbitrary data associated with the function

set_auto_call_reg_stack_adjustment(addr, adjust, arch=None)[source]¶

set_auto_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, adjust, arch=None)[source]¶

set_auto_call_stack_adjustment(addr, adjust, arch=None)[source]¶

set_auto_calling_convention(value)[source]¶

set_auto_can_return(value)[source]¶

set_auto_clobbered_regs(value)[source]¶

set_auto_has_variable_arguments(value)[source]¶

set_auto_indirect_branches(source, branches, source_arch=None)[source]¶

set_auto_instr_highlight(addr, color, arch=None)[source]¶

set_auto_instr_highlight highlights the instruction at the specified address with the supplied color

..warning:: Use only in analysis plugins. Do not use in regular plugins, as colors won’t be saved to the database.

Parameters:	addr (int) – virtual address of the instruction to be highlighted or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting arch (Architecture) – (optional) Architecture of the instruction if different from self.arch

set_auto_parameter_vars(value)[source]¶

set_auto_reg_stack_adjustments(value)[source]¶

set_auto_return_regs(value)[source]¶

set_auto_return_type(value)[source]¶

set_auto_stack_adjustment(value)[source]¶

set_auto_type(value)[source]¶

set_call_reg_stack_adjustment(addr, adjust, arch=None)[source]¶

set_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, adjust, arch=None)[source]¶

set_call_stack_adjustment(addr, adjust, arch=None)[source]¶

set_comment(addr, comment)[source]¶: Deprecated use set_comment_at instead

set_comment_at(addr, comment)[source]¶

set_comment_at sets a comment for the current function at the address specified

Parameters:	int (addr) – virtual address within the current function to apply the comment to str (comment) – string comment to apply
Return type:	None
Example:	>>> current_function.set_comment_at(here, "hi")

classmethod set_default_session_data(name, value)[source]¶

set_int_display_type(instr_addr, value, operand, display_type, arch=None)[source]¶

Parameters:	instr_addr (int) – value (int) – operand (int) – display_type (enums.IntegerDisplayType) – arch (Architecture) – (optional)

set_user_indirect_branches(source, branches, source_arch=None)[source]¶

set_user_instr_highlight(addr, color, arch=None)[source]¶

set_user_instr_highlight highlights the instruction at the specified address with the supplied color

Parameters:	addr (int) – virtual address of the instruction to be highlighted or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting arch (Architecture) – (optional) Architecture of the instruction if different from self.arch
Example:	>>> current_function.set_user_instr_highlight(here, HighlightStandardColor.BlueHighlightColor) >>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))

set_user_type(value)[source]¶

stack_adjustment¶: Number of bytes removed from the stack after return

stack_layout¶: List of function stack variables (read-only)

start¶: Function start (read-only)

symbol¶: Function symbol(read-only)

too_large¶: Whether the function is too large to automatically perform analysis (read-only)

type_tokens¶: Text tokens for this function’s prototype

vars¶: List of function variables (read-only)

view¶: Function view (read-only)

class binaryninja.function.FunctionGraph(view, handle)[source]¶

Bases: object

abort()[source]¶

blocks¶: List of basic blocks in function (read-only)

complete¶: Whether function graph layout is complete (read-only)

function¶: Function for a function graph (read-only)

get_blocks_in_region(left, top, right, bottom)[source]¶

has_blocks¶: Whether the function graph has at least one block (read-only)

height¶: Function graph height (read-only)

horizontal_block_margin¶

il_function¶

is_il¶

is_low_level_il¶

is_medium_level_il¶

is_option_set(option)[source]¶

layout(graph_type=<FunctionGraphType.NormalFunctionGraph: 0>)[source]¶

layout_and_wait(graph_type=<FunctionGraphType.NormalFunctionGraph: 0>)[source]¶

on_complete(callback)[source]¶

set_option(option, state=True)[source]¶

settings¶

type¶: Function graph type (read-only)

vertical_block_margin¶

width¶: Function graph width (read-only)

class binaryninja.function.FunctionGraphBlock(handle, graph)[source]¶

Bases: object

arch¶: Function graph block architecture (read-only)

basic_block¶: Basic block associated with this part of the function graph (read-only)

end¶: Function graph block end (read-only)

height¶: Function graph block height (read-only)

lines¶: Function graph block list of lines (read-only)

outgoing_edges¶: Function graph block list of outgoing edges (read-only)

start¶: Function graph block start (read-only)

width¶: Function graph block width (read-only)

x¶: Function graph block X (read-only)

y¶: Function graph block Y (read-only)

class binaryninja.function.FunctionGraphEdge(branch_type, source, target, points, back_edge)[source]¶: Bases: object

class binaryninja.function.IndirectBranchInfo(source_arch, source_addr, dest_arch, dest_addr, auto_defined)[source]¶: Bases: object

class binaryninja.function.InstructionBranch(branch_type, target=0, arch=None)[source]¶: Bases: object

class binaryninja.function.InstructionInfo[source]¶

Bases: object

add_branch(branch_type, target=0, arch=None)[source]¶

class binaryninja.function.InstructionTextToken(token_type, text, value=0, size=0, operand=4294967295, context=<InstructionTextTokenContext.NoTokenContext: 0>, address=0, confidence=255)[source]¶

Bases: object

class InstructionTextToken is used to tell the core about the various components in the disassembly views.

InstructionTextTokenType Description

TextToken Text that doesn’t fit into the other tokens

InstructionToken The instruction mnemonic

OperandSeparatorToken The comma or whatever else separates tokens

RegisterToken Registers

IntegerToken Integers

PossibleAddressToken Integers that are likely addresses

BeginMemoryOperandToken The start of memory operand

EndMemoryOperandToken The end of a memory operand

FloatingPointToken Floating point number

AnnotationToken For internal use only

CodeRelativeAddressToken For internal use only

StackVariableTypeToken For internal use only

DataVariableTypeToken For internal use only

FunctionReturnTypeToken For internal use only

FunctionAttributeToken For internal use only

ArgumentTypeToken For internal use only

ArgumentNameToken For internal use only

HexDumpByteValueToken For internal use only

HexDumpSkippedByteToken For internal use only

HexDumpInvalidByteToken For internal use only

HexDumpTextToken For internal use only

OpcodeToken For internal use only

StringToken For internal use only

CharacterConstantToken For internal use only

CodeSymbolToken For internal use only

DataSymbolToken For internal use only

StackVariableToken For internal use only

ImportToken For internal use only

AddressDisplayToken For internal use only

class binaryninja.function.IntrinsicInfo(inputs, outputs, index=None)[source]¶: Bases: object

class binaryninja.function.IntrinsicInput(type_obj, name='')[source]¶: Bases: object

class binaryninja.function.LookupTableEntry(from_values, to_value)[source]¶: Bases: object

class binaryninja.function.ParameterVariables(var_list, confidence=255)[source]¶

Bases: object

with_confidence(confidence)[source]¶

class binaryninja.function.PossibleValueSet(arch, value)[source]¶: Bases: object

class binaryninja.function.RegisterInfo(full_width_reg, size, offset=0, extend=<ImplicitRegisterExtend.NoExtend: 0>, index=None)[source]¶: Bases: object

class binaryninja.function.RegisterStackInfo(storage_regs, top_relative_regs, stack_top_reg, index=None)[source]¶: Bases: object

class binaryninja.function.RegisterValue(arch=None, value=None, confidence=255)[source]¶

Bases: object

classmethod constant(value)[source]¶

classmethod constant_ptr(value)[source]¶

classmethod entry_value(arch, reg)[source]¶

classmethod imported_address(value)[source]¶

classmethod return_address()[source]¶

classmethod stack_frame_offset(offset)[source]¶

classmethod undetermined()[source]¶

class binaryninja.function.StackVariableReference(src_operand, t, name, var, ref_ofs, size)[source]¶: Bases: object

class binaryninja.function.ValueRange(start, end, step)[source]¶: Bases: object

class binaryninja.function.Variable(func, source_type, index, storage, name=None, var_type=None)[source]¶

Bases: object

classmethod from_identifier(func, identifier, name=None, var_type=None)[source]¶