Igor’s tip of the week #11: Quickly creating structures
When reverse engineering a big program, you often run into information stored in structures. The standard way of doing it involves using the Structures window and adding fields one by one, similar to the way you format data items in disassembly. But are there other options? Let’s look at some of them.
Using already formatted data
This was mentioned briefly in the post on selection but is worth repeating. If you happen to have some formatted data in your disassembly and want to group it into a structure, just select it and choose “Create struct from selection” in the context menu.
Using Local Types
The Local Types view shows the high level or C level types used in the database such as structs, enums and typedefs. It is most useful with the decompiler but can still be used for the assembler level types such as Structures and Enums. For example, open the Local Types (Shift–F1 or View > Open subviews > Local Types), then press Ins (or pick Insert.. from the context menu). In the new dialog enter a C syntax structure definition and click OK.
The structure appears in the list but cannot yet be used in disassembly.
To make it available, double-click it and answer “Yes”.
Now that a corresponding assembler level type has been created in the Structures view, it can be used in the disassembly.
For more info about using Local Types and two kinds of types check this IDA Help topic.