list_struct_accesses
summary: list operands representing a “path” to a (possibly nested) structure member
- description:
It is possible to assign, to instruction operands, the notion of “structure offset”, which really is a pointer to a specific offset in a type, leading to a possible N-deep path within types.
E.g., assuming the following types
struct c {
int foo; int bar; int baz; int quux; int trail;
};
struct b {
int gap; c c_instance;
};
struct a {
int count; b b_instance;
};
and assuming an instruction that initially looks like this:
mov eax, 10h
by pressing t, the user will be able set the “structure offset” to either:
c.trail
b.c_instance.quux
a.b_inscance.c_instance.baz
Here’s why IDA offers a.b_inscance.c_instance.baz:
- 0000 struct a
{
0000 int count; 0004 struct b
{
0004 int gap; 0008 struct c
{
0008 int foo; 000C int bar; 0010 int baz; 0014 int quux; 0018 int trail;
};
};
};
This sample shows how to programmatically retrieve information about that “structure member path” that an operand was made pointing to.
keywords: bookmarks
level: advanced
Functions
|