Why CodeRefsTo() excludes all call type cross-references

[bjchan9an]

I found that the implementation of CodeRefsTo() excludes all call type cross-references, which is inconsistent with the results of CodeRefsTo() I observed in IDA Pro 7.0.

# a code xref is like a fallthrough or jump, not like a call.
for xref in idb.analysis.get_crefs_to(self.idb, ea,
     types=[idaapi.fl_JN, idaapi.fl_JF, idaapi.fl_F]):
     yield xref.frm

[williballenthin]

can you provide a short snippet and/or test case that demonstrates this behavior in IDA?

maybe use https://github.com/williballenthin/python-idb/tree/master/tests/data/v7.0b/x32 as a base.

[williballenthin]

i dont recall off the top of my head, but since i left a comment there, i must have had a reason for it.

[bjchan9an]

Idb file: https://github.com/williballenthin/python-idb/tree/master/tests/data/v7.0b/x64/kernel32.i64 Address: 0x689043FC In IDA Pro:

Python>list(idautils.CodeRefsTo(0x689043FC, 1))
[1754272045L, 1754296595L, 1754298927L, 1754299150L, 1754301314L, 1754312995L, 1754324259L, 1754334441L, 1754334461L, 1754334481L, 1754334501L, 1754334521L, 1754334541L, 1754334561L, 1754334574L, 1754446169L, 1754461433L, 1754480879L, 1754481688L, 1755015188L, 1755015214L, 1755015947L, 1755043500L, 1755058146L]

However, in python-idb:

In [3]: with idb.from_file('./kernel32.i64') as db:
   ...:     api = idb.IDAPython(db)

In [4]: list(api.idautils.CodeRefsTo(0x689043FC, 1))
Out[4]: []

Actually, all callees can't get their callers using CodeRefsTo in python-idb. I found the reason in implementation, types=[idaapi.fl_JN, idaapi.fl_JF, idaapi.fl_F]): excluded the call flows.

[XVilka]

@bjchan9an could you please send a pull request?