Returns the BasicBlock that contains the given address addr.

• addr - Address of the BasicBlock to retrieve.
• arch - Architecture of the basic block if different from the Function’s self.arch

§Example

let blocks = fun.basic_block_containing(0x1000, None);

Get the language representation of the function.

• language - The language representation, ex. “Pseudo C”.

Get the language representation of the function, if available.

• language - The language representation, ex. “Pseudo C”.

Sets or removes the call type override at a call site to the given type.

• addr - virtual address of the call instruction to adjust
• adjust_type - (optional) overridden call type, or None to remove an existing adjustment
• arch - (optional) Architecture of the instruction if different from self.arch

Creates and adds a Tag object on either a function, or on an address inside of a function.

“Function tags” appear at the top of a function and are a good way to label an entire function with some information. If you include an address when you call Function.add_tag, you’ll create an “address tag”. These are good for labeling specific instructions.

For tagging arbitrary data, consider BinaryViewExt::add_tag.

• tag_type_name - The name of the tag type for this Tag.
• data - Additional data for the Tag.
• addr - Address at which to add the tag.
• user - Whether or not a user tag.

§Example

let important = bv.create_tag_type("Important", "⚠️");
fun.add_tag(
    &important,
    "I think this is the main function",
    None,
    false,
    None,
);
let crash = bv.create_tag_type("Crashes", "🎯");
fun.add_tag(&crash, "Nullpointer dereference", Some(0x1337), false, None);

Remove Tag object on either a function, or on an address inside of a function.

• tag - The tag to remove.
• addr - (optional) Address at which to remove the tag.
• user - Whether or not a user tag.

Remove Tag object of type on either a function, or on an address inside of a function.

• tag_type - The type of the to remove.
• addr - Address at which to add the tag.
• user - Whether or not a user tag.

Places a user-defined cross-reference from the instruction at the given address and architecture to the specified target address. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use Function::remove_user_code_ref.

• from_addr - Virtual address of the source instruction.
• to_addr - Virtual address of the xref’s destination.
• arch - Architecture of the source instruction.

§Example

fun.add_user_code_ref(0x1337, 0x400000, None);

Removes a user-defined cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

• from_addr - virtual address of the source instruction
• to_addr - virtual address of the xref’s destination.
• arch - architecture of the source instruction

#Example

fun.remove_user_code_ref(0x1337, 0x400000, None);

Places a user-defined type cross-reference from the instruction at the given address and architecture to the specified type. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use Function::remove_user_type_ref.

• from_addr - Virtual address of the source instruction.
• name - Name of the referenced type.
• arch - Architecture of the source instruction.

§Example

fun.add_user_type_ref(0x1337, "A", None);

Removes a user-defined type cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

• from_addr - Virtual address of the source instruction.
• name - Name of the referenced type.
• from_arch - Architecture of the source instruction.

§Example

fun.remove_user_type_ref(0x1337, "A", None);

Places a user-defined type field cross-reference from the instruction at the given address and architecture to the specified type. If the specified source instruction is not contained within this function, no action is performed. To remove the reference, use Function::remove_user_type_field_ref.

• from_addr - Virtual address of the source instruction.
• name - Name of the referenced type.
• offset - Offset of the field, relative to the type.
• arch - Architecture of the source instruction.
• size - The size of the access.

§Example

fun.add_user_type_field_ref(0x1337, "A", 0x8, None, None);

Removes a user-defined type field cross-reference. If the given address is not contained within this function, or if there is no such user-defined cross-reference, no action is performed.

• from_addr - Virtual address of the source instruction
• name - Name of the referenced type
• offset - Offset of the field, relative to the type
• arch - Architecture of the source instruction
• size - The size of the access

§Example

fun.remove_user_type_field_ref(0x1337, "A", 0x8, None, None);

Returns a list of function Tags for the function.

auto - If None, gets all tags, if true, gets auto tags, if false, gets user tags tag_type - If None, gets all tags, otherwise only gets tags of the given type

Gets a list of Tags at the address.

• addr - Address to get tags from.
• auto - If None, gets all tags, if true, gets auto tags, if false, gets user tags

Gets a list of Tags in the address range.

• addr - Address to get tags from.
• auto - If None, gets all tags, if true, gets auto tags, if false, gets user tags

§Example

let color = fun.instr_highlight(0x1337, None);

Sets the highlights the instruction at the specified address with the supplied color

Use only in analysis plugins. Do not use in regular plugins, as colors won't be saved to the database.

• addr - virtual address of the instruction to be highlighted
• color - Color value to use for highlighting
• arch - (optional) Architecture of the instruction if different from self.arch

Sets the highlights the instruction at the specified address with the supplied color

• addr - virtual address of the instruction to be highlighted
• color - Color value to use for highlighting
• arch - (optional) Architecture of the instruction, pass this if not views default arch

§Example

let color = HighlightColor::StandardHighlightColor {
    color: HighlightStandardColor::RedHighlightColor,
    alpha: u8::MAX,
};
function.set_user_instr_highlight(0x1337, color, None);

Get the current text display type for an integer token in the disassembly or IL views

See also see Function::int_display_type_and_typeid

• instr_addr - Address of the instruction or IL line containing the token
• value - field of the InstructionTextToken object for the token, usually the constant displayed
• operand - Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token
• arch - (optional) Architecture of the instruction or IL line containing the token

Change the text display type for an integer token in the disassembly or IL views

• instr_addr - Address of the instruction or IL line containing the token
• value - Field of the InstructionTextToken object for the token, usually the constant displayed
• operand - Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token
• display_type - Desired display type
• arch - (optional) Architecture of the instruction or IL line containing the token
• enum_display_typeid - (optional) Whenever passing EnumDisplayType to display_type, passing a type ID here will specify the Enumeration display type. Must be a valid type ID and resolve to an enumeration type.

Get the current text display enum type for an integer token in the disassembly or IL views.

See also see Function::int_display_type_and_typeid

• instr_addr - Address of the instruction or IL line containing the token
• value - field of the InstructionTextToken object for the token, usually the constant displayed
• operand - Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token
• arch - (optional) Architecture of the instruction or IL line containing the token

Get the current text display type for an integer token in the disassembly or IL views

• instr_addr - Address of the instruction or IL line containing the token
• value - field of the InstructionTextToken object for the token, usually the constant displayed
• operand - Operand index of the token, defined as the number of OperandSeparatorTokens in the disassembly line before the token
• arch - (optional) Architecture of the instruction or IL line containing the token

Get the value the provided string register address corresponding to the given virtual address

• addr - virtual address of the instruction to query
• reg - string value of native register to query
• arch - (optional) Architecture for the given function

§Example

let reg = fun.arch().register_by_name("rdi").unwrap();
let value = fun.register_value_at(0x400dbe, reg.id(), None);

Gets the value instruction address corresponding to the given virtual address

• addr - virtual address of the instruction to query
• reg - string value of native register to query
• arch - (optional) Architecture for the given function

§Example

let reg = fun.arch().register_by_name("rdi").unwrap();
let value = fun.register_value_after(0x400dbe, reg.id(), None);

Indicates that this function needs to be reanalyzed during the next update cycle

• update_type - Desired update type

Indicates that callers of this function need to be reanalyzed during the next update cycle

• update_type - Desired update type

Merge one or more variables in sources into the target variable. All variable accesses to the variables in sources will be rewritten to use target.

• target - target variable
• sources - list of source variables

Undoes variable merging performed with Function::merge_variables. The variables in sources will no longer be merged into the target variable.

• target - target variable
• sources - list of source variables

Splits a variable at the definition site. The given var must be the variable unique to the definition and should be obtained by using crate::medium_level_il::MediumLevelILInstruction::split_var_for_definition at the definition site.

This function is not meant to split variables that have been previously merged. Use Function::unmerge_variables to split previously merged variables.

Binary Ninja automatically splits all variables that the analysis determines to be safely splittable. Splitting a variable manually with Function::split_variable can cause IL and decompilation to be incorrect. There are some patterns where variables can be safely split semantically but analysis cannot determine that it is safe. This function is provided to allow variable splitting to be performed in these cases by plugins or by the user.

• var - variable to split

Causes this function to be reanalyzed. This function does not wait for the analysis to finish.

• update_type - Desired update type

If analysis_skipped is true, using this API will not trigger re-analysis. Instead, use Function::set_analysis_skipped with false.

Generate internal debug reports for a variety of analysis. Current list of possible values include:

• mlil_translator
• stack_adjust_graph
• high_level_il

• name - Name of the debug report

Checks if a function has had a debug report requested with the given name, and then, if one has been requested, clears the request internally so that future calls to this function for that report will return False.

If a function has had a debug report requested, it is the caller of this function’s responsibility to actually generate and show the debug report. You can use crate::interaction::report::ReportCollection::show for showing a debug report from a workflow activity.