function module

binaryninja.function.AdvancedFunctionAnalysisDataRequestor([func])
binaryninja.function.ConstantReference(val, …)
binaryninja.function.DisassemblySettings([…])
binaryninja.function.DisassemblyTextLine(tokens)
binaryninja.function.DisassemblyTextRenderer([…])
binaryninja.function.Function([view, handle])
binaryninja.function.IndirectBranchInfo(…)
binaryninja.function.InstructionBranch(…)
binaryninja.function.InstructionInfo()
binaryninja.function.InstructionTextToken(…)	class InstructionTextToken is used to tell the core about the various components in the disassembly views.
binaryninja.function.IntrinsicInfo(inputs, …)
binaryninja.function.IntrinsicInput(type_obj)
binaryninja.function.LookupTableEntry(…)
binaryninja.function.ParameterVariables(var_list)
binaryninja.function.PossibleValueSet(arch, …)
binaryninja.function.RegisterInfo(…[, …])
binaryninja.function.RegisterStackInfo(…)
binaryninja.function.RegisterValue([arch, …])
binaryninja.function.StackVariableReference(…)
binaryninja.function.ValueRange(start, end, step)
binaryninja.function.Variable(func, …[, …])
binaryninja.function.range(*args)	A Python2 and Python3 Compatible Range Generator

class AdvancedFunctionAnalysisDataRequestor(func=None)

Bases: object

close()

function

class ConstantReference(val, size, ptr, intermediate)

Bases: object

class DisassemblySettings(handle=None)

Bases: object

is_option_set(option)

set_option(option, state=True)

max_symbol_width

width

class DisassemblyTextLine(tokens, address=None, il_instr=None, color=None)

Bases: object

class DisassemblyTextRenderer(func=None, settings=None, handle=None)

Bases: object

add_integer_token(tokens, int_token, addr, arch=None)

add_stack_var_reference_tokens(tokens, ref)

add_symbol_token(tokens, addr, size, operand=None)

get_disassembly_text(addr)

get_instruction_annotations(addr)

get_instruction_text(addr)

classmethod is_integer_token(token)

reset_deduplicated_comments()

wrap_comment(lines, cur_line, comment, has_auto_annotations, leading_spaces=' ')

arch

basic_block

function

has_data_flow

il

il_function

settings

class Function(view=None, handle=None)

Bases: object

apply_auto_discovered_type(func_type)

apply_imported_types(sym)

create_auto_stack_var(offset, var_type, name)

create_auto_var(var, var_type, name, ignore_disjoint_uses=False)

create_graph(graph_type=<FunctionGraphType.NormalFunctionGraph: 0>, settings=None)

create_user_stack_var(offset, var_type, name)

create_user_var(var, var_type, name, ignore_disjoint_uses=False)

delete_auto_stack_var(offset)

delete_auto_var(var)

delete_user_stack_var(offset)

delete_user_var(var)

get_basic_block_at(addr, arch=None)

get_basic_block_at returns the BasicBlock of the optionally specified Architecture arch at the given address addr.

Parameters:

• addr (int) – Address of the BasicBlock to retrieve.
• arch (Architecture) – (optional) Architecture of the basic block if different from the Function’s self.arch

Example:

>>> current_function.get_basic_block_at(current_function.start)
<block: x86_64@0x100000f30-0x100000f50>

get_block_annotations(addr, arch=None)

get_call_reg_stack_adjustment(addr, arch=None)

get_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, arch=None)

get_call_stack_adjustment(addr, arch=None)

get_comment_at(addr)

get_constants_referenced_by(addr, arch=None)

get_flags_read_by_lifted_il_instruction(i)

get_flags_written_by_lifted_il_instruction(i)

get_indirect_branches_at(addr, arch=None)

get_instr_highlight(addr, arch=None)

Example:

>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))
>>> current_function.get_instr_highlight(here)
<color: #ff00ff>

get_int_display_type(instr_addr, value, operand, arch=None)

get_lifted_il_at(addr, arch=None)

get_lifted_il_flag_definitions_for_use(i, flag)

get_lifted_il_flag_uses_for_definition(i, flag)

get_low_level_il_at(addr, arch=None)

get_low_level_il_at gets the LowLevelILInstruction corresponding to the given virtual address

Parameters:

• addr (int) – virtual address of the function to be queried
• arch (Architecture) – (optional) Architecture for the given function

Return type:

LowLevelILInstruction

Example:

>>> func = bv.functions[0]
>>> func.get_low_level_il_at(func.start)
<il: push(rbp)>

get_low_level_il_exits_at(addr, arch=None)

get_parameter_at(addr, func_type, i, arch=None)

get_parameter_at_low_level_il_instruction(instr, func_type, i)

get_reg_value_after(addr, reg, arch=None)

get_reg_value_after gets the value instruction address corresponding to the given virtual address

Parameters:

• addr (int) – virtual address of the instruction to query
• reg (str) – string value of native register to query
• arch (Architecture) – (optional) Architecture for the given function

Return type:

binaryninja.function.RegisterValue

Example:

>>> func.get_reg_value_after(0x400dbe, 'rdi')
<undetermined>

get_reg_value_at(addr, reg, arch=None)

get_reg_value_at gets the value the provided string register address corresponding to the given virtual address

Parameters:

• addr (int) – virtual address of the instruction to query
• reg (str) – string value of native register to query
• arch (Architecture) – (optional) Architecture for the given function

Return type:

binaryninja.function.RegisterValue

Example:

>>> func.get_reg_value_at(0x400dbe, 'rdi')
<const 0x2>

get_reg_value_at_exit(reg)

get_regs_read_by(addr, arch=None)

get_regs_written_by(addr, arch=None)

get_stack_contents_after(addr, offset, size, arch=None)

get_stack_contents_at(addr, offset, size, arch=None)

get_stack_contents_at returns the RegisterValue for the item on the stack in the current function at the given virtual address addr, stack offset offset and size of size. Optionally specifying the architecture.

Parameters:

• addr (int) – virtual address of the instruction to query
• offset (int) – stack offset base of stack
• size (int) – size of memory to query
• arch (Architecture) – (optional) Architecture for the given function

Return type:

binaryninja.function.RegisterValue

Note

Stack base is zero on entry into the function unless the architecture places the return address on the

stack as in (x86/x86_64) where the stack base will start at address_size

Example:

>>> func.get_stack_contents_at(0x400fad, -16, 4)
<range: 0x8 to 0xffffffff>

get_stack_var_at_frame_offset(offset, addr, arch=None)

get_stack_vars_referenced_by(addr, arch=None)

get_type_tokens(settings=None)

is_call_instruction(addr, arch=None)

mark_recent_use()

reanalyze()

reanalyze causes this functions to be reanalyzed. This function does not wait for the analysis to finish.

Return type:None

release_advanced_analysis_data()

request_advanced_analysis_data()

request_debug_report(name)

set_auto_call_reg_stack_adjustment(addr, adjust, arch=None)

set_auto_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, adjust, arch=None)

set_auto_call_stack_adjustment(addr, adjust, arch=None)

set_auto_calling_convention(value)

set_auto_can_return(value)

set_auto_clobbered_regs(value)

set_auto_has_variable_arguments(value)

set_auto_indirect_branches(source, branches, source_arch=None)

set_auto_instr_highlight(addr, color, arch=None)

set_auto_instr_highlight highlights the instruction at the specified address with the supplied color

..warning:: Use only in analysis plugins. Do not use in regular plugins, as colors won’t be saved to the database.

Parameters:

• addr (int) – virtual address of the instruction to be highlighted
• or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting
• arch (Architecture) – (optional) Architecture of the instruction if different from self.arch

set_auto_parameter_vars(value)

set_auto_reg_stack_adjustments(value)

set_auto_return_regs(value)

set_auto_return_type(value)

set_auto_stack_adjustment(value)

set_auto_type(value)

set_call_reg_stack_adjustment(addr, adjust, arch=None)

set_call_reg_stack_adjustment_for_reg_stack(addr, reg_stack, adjust, arch=None)

set_call_stack_adjustment(addr, adjust, arch=None)

set_comment(addr, comment)

Deprecated method provided for compatibility. Use set_comment_at instead.

set_comment_at(addr, comment)

set_comment_at sets a comment for the current function at the address specified

Parameters:

• int (addr) – virtual address within the current function to apply the comment to
• str (comment) – string comment to apply

Return type:

None

Example:

>>> current_function.set_comment_at(here, "hi")

classmethod set_default_session_data(name, value)

set_int_display_type(instr_addr, value, operand, display_type, arch=None)

Parameters:

• instr_addr (int) –
• value (int) –
• operand (int) –
• display_type (enums.IntegerDisplayType) –
• arch (Architecture) – (optional)

set_user_indirect_branches(source, branches, source_arch=None)

set_user_instr_highlight(addr, color, arch=None)

set_user_instr_highlight highlights the instruction at the specified address with the supplied color

Parameters:

• addr (int) – virtual address of the instruction to be highlighted
• or highlight.HighlightColor color (HighlightStandardColor) – Color value to use for highlighting
• arch (Architecture) – (optional) Architecture of the instruction if different from self.arch

Example:

>>> current_function.set_user_instr_highlight(here, HighlightStandardColor.BlueHighlightColor)
>>> current_function.set_user_instr_highlight(here, highlight.HighlightColor(red=0xff, blue=0xff, green=0))

set_user_type(value)

analysis_performance_info

analysis_skip_override

Override for skipping of automatic analysis

analysis_skip_reason

Function analysis skip reason

analysis_skipped

Whether automatic analysis was skipped for this function

arch

Function architecture (read-only)

auto

Whether function was automatically discovered (read-only)

basic_blocks

List of basic blocks (read-only)

calling_convention

Calling convention used by the function

can_return

Whether function can return

clobbered_regs

Registers that are modified by this function

comment

Gets the comment for the current function

comments

Dict of comments (read-only)

explicitly_defined_type

Whether function has explicitly defined types (read-only)

function_type

Function type object

global_pointer_value

Discovered value of the global pointer register, if the function uses one (read-only)

has_variable_arguments

Whether the function takes a variable number of arguments

indirect_branches

List of indirect branches (read-only)

instructions

A generator of instruction tokens and their start addresses for the current function

lifted_il

returns LowLevelILFunction used to represent lifted IL (read-only)

llil

returns LowLevelILFunction used to represent Function low level IL (read-only)

llil_basic_blocks

A generator of all LowLevelILBasicBlock objects in the current function

llil_instructions

Deprecated method provided for compatibility. Use llil.instructions instead. Was: A generator of llil instructions of the current function

low_level_il

Deprecated property provided for compatibility. Use llil instead.

medium_level_il

Deprecated property provided for compatibility. Use mlil instead.

mlil

Function medium level IL (read-only)

mlil_basic_blocks

A generator of all MediumLevelILBasicBlock objects in the current function

mlil_instructions

Deprecated method provided for compatibility. Use mlil.instructions instead. Was: A generator of mlil instructions of the current function

name

Symbol name for the function

needs_update

Whether the function has analysis that needs to be updated (read-only)

parameter_vars

List of variables for the incoming function parameters

platform

Function platform (read-only)

reg_stack_adjustments

Number of entries removed from each register stack after return

return_regs

Registers that are used for the return value

return_type

Return type of the function

session_data

Dictionary object where plugins can store arbitrary data associated with the function

stack_adjustment

Number of bytes removed from the stack after return

stack_layout

List of function stack variables (read-only)

start

Function start (read-only)

symbol

Function symbol(read-only)

too_large

Whether the function is too large to automatically perform analysis (read-only)

type_tokens

Text tokens for this function’s prototype

unresolved_stack_adjustment_graph

Flow graph of unresolved stack adjustments (read-only)

vars

List of function variables (read-only)

view

Function view (read-only)

class IndirectBranchInfo(source_arch, source_addr, dest_arch, dest_addr, auto_defined)

Bases: object

class InstructionBranch(branch_type, target=0, arch=None)

Bases: object

class InstructionInfo

Bases: object

add_branch(branch_type, target=0, arch=None)

class InstructionTextToken(token_type, text, value=0, size=0, operand=4294967295, context=<InstructionTextTokenContext.NoTokenContext: 0>, address=0, confidence=255, typeNames=[])

Bases: object

class InstructionTextToken is used to tell the core about the various components in the disassembly views.

InstructionTextTokenType	Description
TextToken	Text that doesn’t fit into the other tokens
InstructionToken	The instruction mnemonic
OperandSeparatorToken	The comma or whatever else separates tokens
RegisterToken	Registers
IntegerToken	Integers
PossibleAddressToken	Integers that are likely addresses
BeginMemoryOperandToken	The start of memory operand
EndMemoryOperandToken	The end of a memory operand
FloatingPointToken	Floating point number
AnnotationToken	For internal use only
CodeRelativeAddressToken	For internal use only
StackVariableTypeToken	For internal use only
DataVariableTypeToken	For internal use only
FunctionReturnTypeToken	For internal use only
FunctionAttributeToken	For internal use only
ArgumentTypeToken	For internal use only
ArgumentNameToken	For internal use only
HexDumpByteValueToken	For internal use only
HexDumpSkippedByteToken	For internal use only
HexDumpInvalidByteToken	For internal use only
HexDumpTextToken	For internal use only
OpcodeToken	For internal use only
StringToken	For internal use only
CharacterConstantToken	For internal use only
CodeSymbolToken	For internal use only
DataSymbolToken	For internal use only
StackVariableToken	For internal use only
ImportToken	For internal use only
AddressDisplayToken	For internal use only

classmethod get_instruction_lines(tokens, count=0)

Helper method for converting between core.BNInstructionTextToken and InstructionTextToken lists

class IntrinsicInfo(inputs, outputs, index=None)

Bases: object

class IntrinsicInput(type_obj, name='')

Bases: object

class LookupTableEntry(from_values, to_value)

Bases: object

class ParameterVariables(var_list, confidence=255)

Bases: object

with_confidence(confidence)

class PossibleValueSet(arch, value)

Bases: object

class RegisterInfo(full_width_reg, size, offset=0, extend=<ImplicitRegisterExtend.NoExtend: 0>, index=None)

Bases: object

class RegisterStackInfo(storage_regs, top_relative_regs, stack_top_reg, index=None)

Bases: object

class RegisterValue(arch=None, value=None, confidence=255)

Bases: object

classmethod constant(value)

classmethod constant_ptr(value)

classmethod entry_value(arch, reg)

classmethod imported_address(value)

classmethod return_address()

classmethod stack_frame_offset(offset)

classmethod undetermined()

class StackVariableReference(src_operand, t, name, var, ref_ofs, size)

Bases: object

class ValueRange(start, end, step)

Bases: object

class Variable(func, source_type, index, storage, name=None, var_type=None)

Bases: object

classmethod from_identifier(func, identifier, name=None, var_type=None)