>Hex-Rays - IDA Page

IDA Pro Bit Fields Tutorial

Suppose the source text looked like this:

 
void out_operand(int opnum, int flags);

// 'flags' parameter is combination of the following bits:
// (don't use OOF_SIGNMASK and OOF_WIDTHMASK, they are for the kernel)

#define OOF_SIGNMASK    0x0003      // sign output:
#define   OOFS_IFSIGN   0x0000      //   output sign if needed
#define   OOFS_NOSIGN   0x0001      //   should not out sign     ()
#define   OOFS_NEEDSIGN 0x0002      //   always out sign         (+-)
#define OOF_SIGNED      0x0004      // output as signed if < 0
#define OOF_NUMBER      0x0008      // always as a number
#define OOF_WIDTHMASK   0x0030      // width of value in bits:
#define   OOFW_IMM      0x0000      //   take from x.dtyp
#define   OOFW_16       0x0010      //   16 bit width
#define   OOFW_32       0x0020      //   32 bit width
#define   OOFW_8        0x0030      //   8 bit width
#define OOF_ADDR        0x0040      // output x.addr, otherwise x.value
#define OOF_OUTER       0x0080      // output outer operand
#define OOF_ZSTROFF     0x0100      // meaningful only if isStroff(uFlag)


// This function output the first 2 operands of instruction
void out_operands(void)
{
  // the first operand is a signed value
  out_operand(0, OOFS_IFSIGN|OOF_SIGNED|OOFW_IMM);
  // the first operand is a unsigned 32bit address
  out_operand(1, OOFS_NOSIGN|OOF_ADDR|OOFW_32);
}

 

we have a disassembly like this:

 

 

Let's improve it by using bitfields. We first define a bitfield type by opening an enumeration window (menu View|Enumerations) where we press Ins to create a new object and make it a bitfield. The name given to the bitfield does not matter much. We press Ctrl-N to define the bitfield values.

 

 

The first bitfield mask is 3 (or 2 bits). The name of the mask is not used by IDA Pro, it is intended as a memory helper. Out of the 4 values this field can take, we only define the first value, zero, and assign a name to it : OOFS_IFSIGN. If we want to define other values, within the fields limits, we just repeat the process. With some comments, the definition becomes

 

We switch to the disassembly window (or close the enumeration window with Alt-F3). Through the Edit|Operand types|Enum member menu we select the enum type we just defined and get this result...

 

That's all folks !

 

[Go Back to >Hex-Rays Home Page ]
Hex-Rays blvd de la Sauvenière 30 Liège (Belgium)
tel 32-4-222-4300 fax 32-4-222-6500
Please send us your questions or comments.