FIRST :: MetadataΒΆ

class first_plugin_ida.first.FIRST[source]
class Metadata[source]

Class containing Misc Metadata functions.

Contains helper functions that will allow interaction with the memory list containing all functions within the IDB.

This class contains only static methods and should be accessed as such.

static get_function(function_address)[source]

Get the MetadataShim object for a given function.

Parameters:function_address (int) – A functions start address. The value should be the start address of the function or else the function will return None.
Returns:object on success.

None on failure.

Return type:MetadataShim
static get_functions_with_applied_metadata()[source]

Returns a list of functions with FIRST metadata applied to it.

Returns:Empty list or list of MetadataShim objects
Return type:list
static get_non_jmp_wrapped_functions()[source]

Returns a list of functions addresses

Functions definited in the IDB, from auto analysis or manually definited, are part of the list returned. Functions that are just wrappers with a jmp instruction are not included.

Returns:Empty list or list of integer values

The list of integer values correspond to a function’s start address

Return type:list
static get_segment_functions(segment)[source]

Returns functions for a given segment.

Parameters:segment (segment_t) – The segment functions will be returned from. segment_t objects are returned from IDA’s getseg API.
Returns:Empty list or list of MetadataShim objects on success.

None: None on failure.

Fails if argument is not a segment_t or there are no functions in that segment.

Return type:list
static get_segments_with_functions()[source]

Returns a list of segments with defined functions in it.

Returns:Empty list or list of segment_t objects
Return type:list
static populate_function_list()[source]

Initializes FIRST’s function list

This should be called to initialize the FIRST.function_list global variable, thus it should be called once IDA’s auto analysis is complete to ensure it gets as many functions as possible.

Base case: User loads up sample in IDA for first time or IDB is opened in IDA with FIRST for the first time action: create new function list, save, monitor for changes

Complex case: User reopens an IDB that already has FIRST data in it action: extract function list from IDB, monitor for changes