def DecodePrecedingInstruction(ea):
"""
Decode preceding instruction in the execution flow.
@param ea: address to decode
@return: (None or the decode instruction, farref)
farref will contain 'true' if followed an xref, false otherwise
"""
prev_addr, farref = idaapi.decode_preceding_insn(ea)
if prev_addr == idaapi.BADADDR:
return (None, False)
else:
return (idaapi.cmd.copy(), farref)
def DecodePrecedingInstruction(ea):
"""
Decode preceding instruction in the execution flow.
@param ea: address to decode
@return: (None or the decode instruction, farref)
farref will contain 'true' if followed an xref, false otherwise
"""
prev_addr, farref = idaapi.decode_preceding_insn(ea)
if prev_addr == idaapi.BADADDR:
return (None, False)
else:
return (idaapi.cmd.copy(), farref)
def get_ret_adr():
"""
Get the return address for the current function
"""
nativeSize = get_native_size()
if nativeSize is 16:
nextInst = DbgWord(
GetRegValue('SP')) # Address of instruction following the CALL
if nativeSize is 32:
nextInst = DbgDword(
GetRegValue('ESP')) # Address of instruction following the CALL
if nativeSize is 64:
nextInst = DbgQword(
GetRegValue('RSP')) # Address of instruction following the CALL
prev_addr, farref = idaapi.decode_preceding_insn(
nextInst) # Get previous instruction
return prev_addr
