Structures tutorial

You can use IDA to interactively define and manipulate structures in the disassembly.

Sample program

Consider this simple sample C program:

#include <stdio.h>

struct client {
  char code;
  long id;
  char name[32];
  client *next;
};

void print_clients(client *ptr) {
  while ( ptr != NULL ) {
    printf("ID: %4ld Name: %-32s\n",ptr->id,ptr->name);
    ptr = ptr->next;
  }
}
          

Standard disassembly

Here is the disassembly with no structures defined, as IDA automatically generates it:

Defining structures

In order to use meaningful names instead of numbers, we open the local types window and press insert to define a new structure type. Structure members can be added with the D key for data and the A key for ASCII strings or by editing the structure (Alt-E) and adding members using the "C syntax" of the "Edit type" dialog box. When the first method is used, when we add new structure members, IDA automatically names them. You can change any member’s name by pressing N.

Improved disassembly

Finally, the defined structure type can be used to specify the type of an instruction operand. (menu Edit|Operand types|Struct offset).