FIRST :: DB

class first_plugin_ida.first.FIRST[source]
class DB[source]

FIRST DB Class

Provides functions to save data to and retrieve data from IDA’s IDB backend. Additionally, it contains functions for calculating the index functions should be saved to in the IDB to provide constant time lookups.

This class contains only static methods and should be accessed as such.

record_size

int – The number of bytes that can be saved into one index in the IDB’s array. Once the number of bytes are hit the record is split and will continue in the next index.

Note

IDA enforces a hard limit of 1024, setting this value higher than that will result in information loss.

max_records

int – Determines how many array indices can be used to store data for a given function.

Note

If this number is increased and there is enough data to use all the indices, this could result in over writting other FIRST function data saved in the IDB.

static get_function(address=None, function=None)[source]

Retrieves function and all its details from the IDB DB.

The data returned here may not match the current state of the IDB. Either the address or function argument should be provided. Providing neither will result in a return value of None.

Parameters:
  • address (int, optional) – The start address of the function.
  • function (MetadataShim, optional) – The current MetadataShim object for the function.
Returns:

If function exits and is saved it is returned.

None: On failure.

Return type:

FIRSTMetadata

static get_index(function)[source]

Computes the base index for the function.

The index computed by thios function is index into an IDB array.

Parameters:function (MetadataShim) – The function to get an index for.
Results:

int: The index into the array.

None: On failure.

static get_tag(function)[source]

Calculates and returns the tag for the given function.

Function that will return array id corresponding to the array with the function data in it if the array exists. If the array does not exist then it is created and the created array id is returned.

Parameters:function (MetadataShim) – The function to get a tag for.
Results:

int: The array ID on success.

None: On failure.

max_records = 16
record_size = 1024
static save(functions)[source]

Saves one or more functions to the IDB DB.

This function can be used to save one or more FIRSTMetadata objects to the IDB’s database.

Parameters:functions (FIRSTMetadata or list of FIRSTMetadata) –
Returns:None