Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This command converts immediate operand(s) type of the current instruction/data to a number. That way, you can delete suspicious mark of the item.
The number is represented in the default radix for the current processor (usually hex, but octal for PDP-11, for example).
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
This command converts immediate operand(s) type of the current instruction/data to hex number. So you can delete suspicious mark of the item.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
This command converts the immediate operand(s) type of the current instruction/data to decimal. Therefore, it becomes a 'number'.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
This command makes the current instruction or data operand type octal. IDA always uses 123o notation for octal numbers even if the current assembler does not support octal numbers.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
This command makes the current instruction or data operand type binary. IDA always uses 123b notation for binary numbers even if the current assembler does not support binary numbers.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
This command makes the current operand type floating point.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
This command displays or hides the leading zeroes of the current operand. Example: if the instruction looked like this:
then after applying the command it will look like this:
If you prefer to see leading zeroes in all cases, then open the calculator and enter the following expression: set_inf_attr(INF_GENFLAGS, get_inf_attr(INF_GENFLAGS) | INFFL_LZERO); This will toggle the default for the current database and all numbers without leading zeroes will become numbers with leading zeroes, and vice versa.
See also Edit|Operand types submenu.
If you have selected a range before applying an operand conversion command, IDA will display a dialog box.
You can choose a range of operands to perform an en masse operation:
The operation will be performed on all operands as a toggle. For example, if you ask to convert to a character, then all non-character operands will become characters, and all character operands will become non-chars.
The operation will be performed on the void operands which contain immediate numbers in the specified range.
This selection will convert all operands with the specified type to undefined operands. Example: all characters become non-characters.
This selection allows to convert all operands that do not have the specified type to the specified type. Example: all non-characters to characters.
This selection allows to convert all operands without any type to the specified type. Example: all operands with no type to characters.
IDA will check whether an operand can be represented with the specified type (as a character constant, for example), and perform type conversion only if the check is successful.
A complex offset expression looks like
It is specified by:
The relationship between these parameters is (the formula is given for full offsets):
You always have to specify the offset type and base. Usually, the delta is equal to zero. For the full offset type you may omit the offset target, which is recommended. In this case, IDA will calculate it automatically. However, if you specify the offset target, make sure that the relationship between the parameters still holds. For the half offset types, you have to specify the target because there is no way to calculate it.
The offset types:
See also offset by any user-specified base
This submenu allows you to change the operand types to offsets, numbers, chars, etc. Use it to make disassembled text more understandable.
If IDA suspects that an operand can be represented as something different from a plain number, it will mark the operand as "suspicious" and show it in red. Use these commands to delete suspicious marks.
Some of these commands can be applied to a selected range. Click here to learn about the rules applied to such operations.
See also Edit submenu.
This command changes the sign of the current operand. Please note that not all operands can change their sign.
See also: Edit|Operand types submenu. Enter #th operand manually commands. Set operand type
This command converts the immediate operand of the current instruction/data to an offset from the current data segment (DS).
If current DS value is unknown (or equal 0xFFFF) IDA will warn you -- it will beep. In this case, you have to define DS register value for the current byte. The best way to do it is:
return or you can change default value of DS for the current segment.
If you want to delete offset definition, you can use this command again - it works as trigger.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.
To create offsets to structure members use Convert to struct offset command.
See also:
Enter the operand manually command.
This command converts the immediate operand of the current instruction/data to an offset from the current segment (CS).
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise, it will be left unmodified.
If this command is applied to a structure member in the structure window, then IDA will create an "automatic offset". An automatic offset is an offset with the base equal to 0xFFFFFFFF. This base value means that the actual value of the base will be calculated by IDA when a structure instance is created.
To create offsets to structure members, use Convert to struct offset command.
See also:
Enter #th operand manually commands.
This command converts the immediate operand of the current instruction/data to an offset from any segment.
IDA will ask to choose a base segment for the offset.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
To create offsets to structure members use Convert to struct offset command.
See also:
Enter #th operand manually commands.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
If the offset base is specified as 0xFFFFFFFF, then IDA will create "an automatic offset". Automatic offsets mean that the actual value of the base will be calculated by IDA.
The following offset attributes are available:
The offset base is dynamically calculated and is equal to the address of the current element:
for standalone items: their start address
for arrays: the start of the array element
for structures: the start of the structure field The offset expression is displayed in the following concise form: offset target - $ where "$" denotes the start of the element (and is assembler-dependent). To create offsets to structure members use Convert to struct offset command.
See also:
Enter #th operand manually commands.
The 'Hide sub structures without sub unions' option (checked by default) avoids to add unnecessary sub structures to the tree, to keep it as small as possible. If you uncheck this option, all sub structures will be added to the tree.
By default, IDA displays the structure member at offset 0. To change this behaviour, you can directly disable the 'Force zero offset field' in the 'Options' frame. Later zero offsets can be forced using Edit, Structs, Force zero offset menu item.
This command converts immediate operand(s) type of the current instruction/data to an offset within the specified structure. Before using this command, you have to define a structure type.
First of all, IDA will ask a so-called "struct offset delta". This value represents the difference between the structure start and the pointer value. For example, if you have an operand 4 and want to convert in into an expression like "mystruct.field_6-2", then you have to enter 2 as the delta. Usually the delta is zero, i.e. the pointer points to the start of the structure.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the an operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
By default IDA doesn't display the structure member at offset 0. To change this behaviour, use Force zero field offset command.
Moreover, if there are several possible representations (this can happen if unions are used), select the desired representation using the Select union member... command.
See also:
Enter #th operand manually command.
Related topics: Edit|Operand types submenu.
This command converts immediate operand(s) type of the current instruction/data to an enum member. Before using this command, you have to define an enumeration type.
If the selected enum is a bitfield, IDA will try to build a bitfield expression to represent the constant. Please note that for bitfields having multiple constants with the same value some expressions won't be possible.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to symbolic constants. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise all other operands will be affected.
See also: Edit|Operand types submenu. Enter #th operand manually commands. Set operand type
This command converts immediate operand(s) type of the current instruction to an offset to stack variables, i.e. a local variable or function argument in the stack.
You need to define stack variables before using this command.
If the current operand is based on the value of the stack pointer ([ESP+xxx]) and the SP value is traced incorrectly, then you need to correct SP value using change stack pointer command.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to stack variables. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to stack variable, otherwise it will be left unmodified.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise all other operands will be affected.
See also: Edit|Operand types submenu. Enter #th operand manually commands. Define stack variables...
This command converts immediate operand(s) type of the current instruction/data to character.
When you use this command, IDA deletes the entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
See also submenu.
This command bit-wisely negates the current operand. Please note that not all types of operands can be negated. It is not possible to negate and change sign of an operand simultaneously.
This command works only if the current assembler supports the bitwise negation operation.
See also: Edit|Operand types submenu. Enter #th operand manually commands. Set operand type
You may specify any string instead of an operand if IDA does not represent the operand in the desired form. In this case, IDA will simply display the specified string in the instruction instead of the default operand.
The current operand (under the cursor) will be affected.
You can use this command not only with instructions but with data items too.
IDA proposes the previous manual operand as the default value in the input form.
To delete the manual operand and revert back to the default text, specify an empty string.
IDA automatically deletes manually entered operands when you change operand representation using operand types submenu.
NOTE: A text offset reference is generated if you use a label in the program as the operand string. In other cases no cross-references are generated.
See also Edit|Operand types submenu.
This command converts the immediate operand(s) type of the current instruction/data to segment base. The segment bases are usually displayed like this:
When you use this command, IDA deletes the entered operand.
If IDA cannot find a segment whose base is equal to the operand value, it simply displays it as hex number.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
See also submenu.
This command allows you to specify the type of the operand under the cursor.
The operand type must be entered as a C declaration. Currently IDA itself does not use the operand type information. However, it can be used by the Hex-Rays decompiler plugin. Setting operand type is most useful in case of indirect calls: the decompiler will use the type information to determine the input parameters to the call instead of guessing, which can make the decompiled code better.
An example of a type declaration:
To delete a type declaration, enter an empty string.
For details on possible calling conventions, see menu item description.
See also