FIRST :: Metadata¶
Class containing Misc Metadata functions.
Contains helper functions that will allow interaction with the memory list containing all functions within the IDB.
This class contains only static methods and should be accessed as such.
Get the MetadataShim object for a given function.
Parameters: function_address (int) – A functions start address. The value should be the start address of the function or else the function will return None. Returns: object on success.
None on failure.
Return type: MetadataShim
Returns a list of functions with FIRST metadata applied to it.
Returns: Empty list or list of MetadataShim objects Return type: list
Returns a list of functions addresses
Functions definited in the IDB, from auto analysis or manually definited, are part of the list returned. Functions that are just wrappers with a jmp instruction are not included.
Returns: Empty list or list of integer values
The list of integer values correspond to a function’s start address
Return type: list
Returns functions for a given segment.
Parameters: segment (segment_t) – The segment functions will be returned from. segment_t objects are returned from IDA’s getseg API. Returns: Empty list or list of MetadataShim objects on success.
None: None on failure.
Fails if argument is not a segment_t or there are no functions in that segment.
Return type: list
Returns a list of segments with defined functions in it.
Returns: Empty list or list of segment_t objects Return type: list
Initializes FIRST’s function list
This should be called to initialize the FIRST.function_list global variable, thus it should be called once IDA’s auto analysis is complete to ensure it gets as many functions as possible.
Base case: User loads up sample in IDA for first time or IDB is opened in IDA with FIRST for the first time action: create new function list, save, monitor for changes
Complex case: User reopens an IDB that already has FIRST data in it action: extract function list from IDB, monitor for changes