mediumlevelil module¶

`binaryninja.mediumlevelil.MediumLevelILBasicBlock`(…)
`binaryninja.mediumlevelil.MediumLevelILExpr`(index)	`class MediumLevelILExpr` hold the index of IL Expressions.
`binaryninja.mediumlevelil.MediumLevelILFunction`([…])	`class MediumLevelILFunction` contains the list of MediumLevelILExpr objects that make up a binaryninja.function.
`binaryninja.mediumlevelil.MediumLevelILInstruction`(…)	`class MediumLevelILInstruction` Medium Level Intermediate Language Instructions are infinite length tree-based instructions.
`binaryninja.mediumlevelil.MediumLevelILLabel`([…])
`binaryninja.mediumlevelil.MediumLevelILOperationAndSize`(…)
`binaryninja.mediumlevelil.SSAVariable`(var, …)
`binaryninja.mediumlevelil.range`(*args)	A Python2 and Python3 Compatible Range Generator

class MediumLevelILBasicBlock(view, handle, owner)[source]¶: Bases: binaryninja.basicblock.BasicBlock

class MediumLevelILExpr(index)[source]¶

Bases: object

class MediumLevelILExpr hold the index of IL Expressions.

Note

This class shouldn’t be instantiated directly. Rather the helper members of MediumLevelILFunction should be used instead.

class MediumLevelILFunction(arch=None, handle=None, source_func=None)[source]¶

Bases: object

class MediumLevelILFunction contains the list of MediumLevelILExpr objects that make up a binaryninja.function. MediumLevelILExpr objects can be added to the MediumLevelILFunction by calling append and passing the result of the various class methods which return MediumLevelILExpr objects.

add_label_list(labels)[source]¶

add_label_list returns a label list expression for the given list of MediumLevelILLabel objects.

Parameters:	labels (list(MediumLevelILLabel)) – the list of MediumLevelILLabel to get a label list expression from
Returns:	the label list expression
Return type:	MediumLevelILExpr

add_operand_list(operands)[source]¶

add_operand_list returns an operand list expression for the given list of integer operands.

Parameters:	operands (list(int)) – list of operand numbers
Returns:	an operand list expression
Return type:	MediumLevelILExpr

append(expr)[source]¶

append adds the MediumLevelILExpr expr to the current MediumLevelILFunction.

Parameters:	expr (MediumLevelILExpr) – the MediumLevelILExpr to add to the current MediumLevelILFunction
Returns:	number of MediumLevelILExpr in the current function
Return type:	int

create_graph(settings=None)[source]¶

expr(operation, a=0, b=0, c=0, d=0, e=0, size=0)[source]¶

finalize()[source]¶

finalize ends the function and computes the list of basic blocks.

Return type:	None

get_instruction_start(addr, arch=None)[source]¶

get_low_level_il_expr_index(expr)[source]¶

get_low_level_il_instruction_index(instr)[source]¶

get_non_ssa_instruction_index(instr)[source]¶

get_ssa_instruction_index(instr)[source]¶

get_ssa_memory_definition(version)[source]¶

get_ssa_memory_uses(version)[source]¶

get_ssa_var_definition(ssa_var)[source]¶

get_ssa_var_uses(ssa_var)[source]¶

get_ssa_var_value(ssa_var)[source]¶

get_var_definitions(var)[source]¶

get_var_uses(var)[source]¶

goto(label)[source]¶

goto returns a goto expression which jumps to the provided MediumLevelILLabel.

Parameters:	label (MediumLevelILLabel) – Label to jump to
Returns:	the MediumLevelILExpr that jumps to the provided label
Return type:	MediumLevelILExpr

if_expr(operand, t, f)[source]¶

if_expr returns the if expression which depending on condition operand jumps to the MediumLevelILLabel t when the condition expression operand is non-zero and f when it’s zero.

Parameters:	operand (MediumLevelILExpr) – comparison expression to evaluate. t (MediumLevelILLabel) – Label for the true branch f (MediumLevelILLabel) – Label for the false branch
Returns:	the MediumLevelILExpr for the if expression
Return type:	MediumLevelILExpr

is_ssa_var_live(ssa_var)[source]¶

is_ssa_var_live determines if ssa_var is live at any point in the function

Parameters:	ssa_var (SSAVariable) – the SSA variable to query
Returns:	whether the variable is live at any point in the function
Return type:	bool

mark_label(label)[source]¶

mark_label assigns a MediumLevelILLabel to the current IL address.

Parameters:	label (MediumLevelILLabel) –
Return type:	None

operand(n, expr)[source]¶

operand sets the operand number of the expression expr and passes back expr without modification.

Parameters:	n (int) – expr (MediumLevelILExpr) –
Returns:	returns the expression `expr` unmodified
Return type:	MediumLevelILExpr

set_current_address(value, arch=None)[source]¶

basic_blocks¶: list of MediumLevelILBasicBlock objects (read-only)

current_address¶: Current IL Address (read/write)

instructions¶: A generator of mlil instructions of the current function

llil¶: Alias for low_level_il

low_level_il¶: Low level IL for this function

non_ssa_form¶: Medium level IL in non-SSA (default) form (read-only)

ssa_form¶: Medium level IL in SSA form (read-only)

class MediumLevelILInstruction(func, expr_index, instr_index=None)[source]¶

Bases: object

class MediumLevelILInstruction Medium Level Intermediate Language Instructions are infinite length tree-based instructions. Tree-based instructions use infix notation with the left hand operand being the destination operand. Infix notation is thus more natural to read than other notations (e.g. x86 mov eax, 0 vs. MLIL eax = 0).

get_branch_dependence(branch_instr)[source]¶

get_flag_value(flag)[source]¶

get_flag_value_after(flag)[source]¶

get_possible_flag_values(flag)[source]¶

get_possible_flag_values_after(flag)[source]¶

get_possible_reg_values(reg)[source]¶

get_possible_reg_values_after(reg)[source]¶

get_possible_stack_contents(offset, size)[source]¶

get_possible_stack_contents_after(offset, size)[source]¶

get_reg_value(reg)[source]¶

get_reg_value_after(reg)[source]¶

get_ssa_var_possible_values(ssa_var)[source]¶

get_ssa_var_version(var)[source]¶

get_stack_contents(offset, size)[source]¶

get_stack_contents_after(offset, size)[source]¶

get_var_for_flag(flag)[source]¶

get_var_for_reg(reg)[source]¶

get_var_for_stack_location(offset)[source]¶

ILOperations = {<MediumLevelILOperation.MLIL_NOP: 0>: [], <MediumLevelILOperation.MLIL_SET_VAR: 1>: [('dest', 'var'), ('src', 'expr')], <MediumLevelILOperation.MLIL_SET_VAR_FIELD: 2>: [('dest', 'var'), ('offset', 'int'), ('src', 'expr')], <MediumLevelILOperation.MLIL_SET_VAR_SPLIT: 3>: [('high', 'var'), ('low', 'var'), ('src', 'expr')], <MediumLevelILOperation.MLIL_LOAD: 4>: [('src', 'expr')], <MediumLevelILOperation.MLIL_LOAD_STRUCT: 5>: [('src', 'expr'), ('offset', 'int')], <MediumLevelILOperation.MLIL_STORE: 6>: [('dest', 'expr'), ('src', 'expr')], <MediumLevelILOperation.MLIL_STORE_STRUCT: 7>: [('dest', 'expr'), ('offset', 'int'), ('src', 'expr')], <MediumLevelILOperation.MLIL_VAR: 8>: [('src', 'var')], <MediumLevelILOperation.MLIL_VAR_FIELD: 9>: [('src', 'var'), ('offset', 'int')], <MediumLevelILOperation.MLIL_VAR_SPLIT: 10>: [('high', 'var'), ('low', 'var')], <MediumLevelILOperation.MLIL_ADDRESS_OF: 11>: [('src', 'var')], <MediumLevelILOperation.MLIL_ADDRESS_OF_FIELD: 12>: [('src', 'var'), ('offset', 'int')], <MediumLevelILOperation.MLIL_CONST: 13>: [('constant', 'int')], <MediumLevelILOperation.MLIL_CONST_PTR: 14>: [('constant', 'int')], <MediumLevelILOperation.MLIL_EXTERN_PTR: 15>: [('constant', 'int'), ('offset', 'int')], <MediumLevelILOperation.MLIL_FLOAT_CONST: 16>: [('constant', 'float')], <MediumLevelILOperation.MLIL_IMPORT: 17>: [('constant', 'int')], <MediumLevelILOperation.MLIL_ADD: 18>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_ADC: 19>: [('left', 'expr'), ('right', 'expr'), ('carry', 'expr')], <MediumLevelILOperation.MLIL_SUB: 20>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_SBB: 21>: [('left', 'expr'), ('right', 'expr'), ('carry', 'expr')], <MediumLevelILOperation.MLIL_AND: 22>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_OR: 23>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_XOR: 24>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_LSL: 25>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_LSR: 26>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_ASR: 27>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_ROL: 28>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_RLC: 29>: [('left', 'expr'), ('right', 'expr'), ('carry', 'expr')], <MediumLevelILOperation.MLIL_ROR: 30>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_RRC: 31>: [('left', 'expr'), ('right', 'expr'), ('carry', 'expr')], <MediumLevelILOperation.MLIL_MUL: 32>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_MULU_DP: 33>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_MULS_DP: 34>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_DIVU: 35>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_DIVU_DP: 36>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_DIVS: 37>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_DIVS_DP: 38>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_MODU: 39>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_MODU_DP: 40>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_MODS: 41>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_MODS_DP: 42>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_NEG: 43>: [('src', 'expr')], <MediumLevelILOperation.MLIL_NOT: 44>: [('src', 'expr')], <MediumLevelILOperation.MLIL_SX: 45>: [('src', 'expr')], <MediumLevelILOperation.MLIL_ZX: 46>: [('src', 'expr')], <MediumLevelILOperation.MLIL_LOW_PART: 47>: [('src', 'expr')], <MediumLevelILOperation.MLIL_JUMP: 48>: [('dest', 'expr')], <MediumLevelILOperation.MLIL_JUMP_TO: 49>: [('dest', 'expr'), ('targets', 'int_list')], <MediumLevelILOperation.MLIL_RET_HINT: 50>: [('dest', 'expr')], <MediumLevelILOperation.MLIL_CALL: 51>: [('output', 'var_list'), ('dest', 'expr'), ('params', 'expr_list')], <MediumLevelILOperation.MLIL_CALL_UNTYPED: 52>: [('output', 'expr'), ('dest', 'expr'), ('params', 'expr'), ('stack', 'expr')], <MediumLevelILOperation.MLIL_CALL_OUTPUT: 53>: [('dest', 'var_list')], <MediumLevelILOperation.MLIL_CALL_PARAM: 54>: [('src', 'var_list')], <MediumLevelILOperation.MLIL_RET: 55>: [('src', 'expr_list')], <MediumLevelILOperation.MLIL_NORET: 56>: [], <MediumLevelILOperation.MLIL_IF: 57>: [('condition', 'expr'), ('true', 'int'), ('false', 'int')], <MediumLevelILOperation.MLIL_GOTO: 58>: [('dest', 'int')], <MediumLevelILOperation.MLIL_CMP_E: 59>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_NE: 60>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_SLT: 61>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_ULT: 62>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_SLE: 63>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_ULE: 64>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_SGE: 65>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_UGE: 66>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_SGT: 67>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_CMP_UGT: 68>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_TEST_BIT: 69>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_BOOL_TO_INT: 70>: [('src', 'expr')], <MediumLevelILOperation.MLIL_ADD_OVERFLOW: 71>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_SYSCALL: 72>: [('output', 'var_list'), ('params', 'expr_list')], <MediumLevelILOperation.MLIL_SYSCALL_UNTYPED: 73>: [('output', 'expr'), ('params', 'expr'), ('stack', 'expr')], <MediumLevelILOperation.MLIL_TAILCALL: 74>: [('output', 'var_list'), ('dest', 'expr'), ('params', 'expr_list')], <MediumLevelILOperation.MLIL_TAILCALL_UNTYPED: 75>: [('output', 'expr'), ('dest', 'expr'), ('params', 'expr'), ('stack', 'expr')], <MediumLevelILOperation.MLIL_INTRINSIC: 76>: [('output', 'var_list'), ('intrinsic', 'intrinsic'), ('params', 'expr_list')], <MediumLevelILOperation.MLIL_FREE_VAR_SLOT: 77>: [('dest', 'var')], <MediumLevelILOperation.MLIL_BP: 78>: [], <MediumLevelILOperation.MLIL_TRAP: 79>: [('vector', 'int')], <MediumLevelILOperation.MLIL_UNDEF: 80>: [], <MediumLevelILOperation.MLIL_UNIMPL: 81>: [], <MediumLevelILOperation.MLIL_UNIMPL_MEM: 82>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FADD: 83>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FSUB: 84>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FMUL: 85>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FDIV: 86>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FSQRT: 87>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FNEG: 88>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FABS: 89>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FLOAT_TO_INT: 90>: [('src', 'expr')], <MediumLevelILOperation.MLIL_INT_TO_FLOAT: 91>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FLOAT_CONV: 92>: [('src', 'expr')], <MediumLevelILOperation.MLIL_ROUND_TO_INT: 93>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FLOOR: 94>: [('src', 'expr')], <MediumLevelILOperation.MLIL_CEIL: 95>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FTRUNC: 96>: [('src', 'expr')], <MediumLevelILOperation.MLIL_FCMP_E: 97>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FCMP_NE: 98>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FCMP_LT: 99>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FCMP_LE: 100>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FCMP_GE: 101>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FCMP_GT: 102>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FCMP_O: 103>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_FCMP_UO: 104>: [('left', 'expr'), ('right', 'expr')], <MediumLevelILOperation.MLIL_SET_VAR_SSA: 105>: [('dest', 'var_ssa'), ('src', 'expr')], <MediumLevelILOperation.MLIL_SET_VAR_SSA_FIELD: 106>: [('prev', 'var_ssa_dest_and_src'), ('offset', 'int'), ('src', 'expr')], <MediumLevelILOperation.MLIL_SET_VAR_SPLIT_SSA: 107>: [('high', 'var_ssa'), ('low', 'var_ssa'), ('src', 'expr')], <MediumLevelILOperation.MLIL_SET_VAR_ALIASED: 108>: [('prev', 'var_ssa_dest_and_src'), ('src', 'expr')], <MediumLevelILOperation.MLIL_SET_VAR_ALIASED_FIELD: 109>: [('prev', 'var_ssa_dest_and_src'), ('offset', 'int'), ('src', 'expr')], <MediumLevelILOperation.MLIL_VAR_SSA: 110>: [('src', 'var_ssa')], <MediumLevelILOperation.MLIL_VAR_SSA_FIELD: 111>: [('src', 'var_ssa'), ('offset', 'int')], <MediumLevelILOperation.MLIL_VAR_ALIASED: 112>: [('src', 'var_ssa')], <MediumLevelILOperation.MLIL_VAR_ALIASED_FIELD: 113>: [('src', 'var_ssa'), ('offset', 'int')], <MediumLevelILOperation.MLIL_VAR_SPLIT_SSA: 114>: [('high', 'var_ssa'), ('low', 'var_ssa')], <MediumLevelILOperation.MLIL_CALL_SSA: 115>: [('output', 'expr'), ('dest', 'expr'), ('params', 'expr_list'), ('src_memory', 'int')], <MediumLevelILOperation.MLIL_CALL_UNTYPED_SSA: 116>: [('output', 'expr'), ('dest', 'expr'), ('params', 'expr'), ('stack', 'expr')], <MediumLevelILOperation.MLIL_SYSCALL_SSA: 117>: [('output', 'expr'), ('params', 'expr_list'), ('src_memory', 'int')], <MediumLevelILOperation.MLIL_SYSCALL_UNTYPED_SSA: 118>: [('output', 'expr'), ('params', 'expr'), ('stack', 'expr')], <MediumLevelILOperation.MLIL_TAILCALL_SSA: 119>: [('output', 'expr'), ('dest', 'expr'), ('params', 'expr_list'), ('src_memory', 'int')], <MediumLevelILOperation.MLIL_TAILCALL_UNTYPED_SSA: 120>: [('output', 'expr'), ('dest', 'expr'), ('params', 'expr'), ('stack', 'expr')], <MediumLevelILOperation.MLIL_CALL_PARAM_SSA: 121>: [('src_memory', 'int'), ('src', 'var_ssa_list')], <MediumLevelILOperation.MLIL_CALL_OUTPUT_SSA: 122>: [('dest_memory', 'int'), ('dest', 'var_ssa_list')], <MediumLevelILOperation.MLIL_LOAD_SSA: 123>: [('src', 'expr'), ('src_memory', 'int')], <MediumLevelILOperation.MLIL_LOAD_STRUCT_SSA: 124>: [('src', 'expr'), ('offset', 'int'), ('src_memory', 'int')], <MediumLevelILOperation.MLIL_STORE_SSA: 125>: [('dest', 'expr'), ('dest_memory', 'int'), ('src_memory', 'int'), ('src', 'expr')], <MediumLevelILOperation.MLIL_STORE_STRUCT_SSA: 126>: [('dest', 'expr'), ('offset', 'int'), ('dest_memory', 'int'), ('src_memory', 'int'), ('src', 'expr')], <MediumLevelILOperation.MLIL_INTRINSIC_SSA: 127>: [('output', 'var_ssa_list'), ('intrinsic', 'intrinsic'), ('params', 'expr_list')], <MediumLevelILOperation.MLIL_FREE_VAR_SLOT_SSA: 128>: [('prev', 'var_ssa_dest_and_src')], <MediumLevelILOperation.MLIL_VAR_PHI: 129>: [('dest', 'var_ssa'), ('src', 'var_ssa_list')], <MediumLevelILOperation.MLIL_MEM_PHI: 130>: [('dest_memory', 'int'), ('src_memory', 'int_list')]}¶

branch_dependence¶: Set of branching instructions that must take the true or false path to reach this instruction

expr_type¶: Type of expression

il_basic_block¶: IL basic block object containing this expression (read-only) (only available on finalized functions)

llil¶: Alias for low_level_il

low_level_il¶: Low level IL form of this expression

non_ssa_form¶: Non-SSA form of expression (read-only)

possible_values¶: Possible values of expression using path-sensitive static data flow analysis (read-only)

postfix_operands¶: All operands in the expression tree in postfix order

prefix_operands¶: All operands in the expression tree in prefix order

ssa_form¶: SSA form of expression (read-only)

ssa_memory_version¶: Version of active memory contents in SSA form for this instruction

tokens¶: MLIL tokens (read-only)

value¶: Value of expression if constant or a known value (read-only)

vars_read¶: List of variables read by instruction

vars_written¶: List of variables written by instruction

class MediumLevelILLabel(handle=None)[source]¶: Bases: object

class MediumLevelILOperationAndSize(operation, size)[source]¶: Bases: object

class SSAVariable(var, version)[source]¶: Bases: object