Offset
Convert operand to offset (data segment)
This command converts the immediate operand of the current instruction/data to an offset from the current data segment (DS).
If current DS value is unknown (or equal 0xFFFF) IDA will warn you -- it will beep. In this case, you have to define DS register value for the current byte. The best way to do it is:
return or you can change default value of DS for the current segment.
If you want to delete offset definition, you can use this command again - it works as trigger.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.
To create offsets to structure members use Convert to struct offset command.
See also:
Enter the operand manually command.
Convert operand to offset (code segment)
This command converts the immediate operand of the current instruction/data to an offset from the current segment (CS).
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise, it will be left unmodified.
If this command is applied to a structure member in the local types window, then IDA will create an "automatic offset". An automatic offset is an offset with the base equal to 0xFFFFFFFF. This base value means that the actual value of the base will be calculated by IDA when a structure instance is created.
To create offsets to structure members, use Convert to struct offset command.
See also:
Enter #th operand manually commands.
Convert operand to offset (any segment)
This command converts the immediate operand of the current instruction/data to an offset from any segment.
IDA will ask to choose a base segment for the offset.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
To create offsets to structure members use Convert to struct offset command.
See also:
Enter #th operand manually commands.
Convert operand to offset (user-defined base)
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
If the offset base is specified as 0xFFFFFFFF, then IDA will create "an automatic offset". Automatic offsets mean that the actual value of the base will be calculated by IDA.
The following offset attributes are available:
The offset base is dynamically calculated and is equal to the address of the current element:
for standalone items: their start address
for arrays: the start of the array element
for structures: the start of the structure field The offset expression is displayed in the following concise form: offset target - $ where "$" denotes the start of the element (and is assembler-dependent). To create offsets to structure members use Convert to struct offset command.
See also:
Enter #th operand manually commands.
Convert operand to structure offset
This command permits to convert all immediate operands of instructions in a range selection to a path of offsets through a structure and its possible sub unions. If no selection is active, IDA will simply permit to convert the current operand. In this case, it will display a simple dialog box the same way as the text version (see below).
You can select the desired register in the drop-down list: all operands relative to this register will be added to the 'Offsets' list. A special empty line in the drop-down list is used to directly work on immediate values. Checkboxes in the 'Offsets' list allow you to select which operand you indeed want to modify. By default, IDA will select only undefined operands, to avoid overwriting previous type definitions. This list is sorted by operand value, by instruction address and finally by operand number. You can easily see the instructions related to the operand by moving the mouse over it, and wait for a hint to be displayed.
The 'Structures and Unions' tree will contain all selectable structures, and sub unions. Once you select or move over a structure, the 'Offsets' list updates itself for each checked offset: the computed name of the operand is displayed, according to the selected structure in the tree. An icon is also drawn, to easily know if a specific structure matchs the offset or not, or if the offset is too big for the selected structure. The structures who match the most offsets will be near the top of the tree. You can also move your mouse over structures in the tree to obtain an interesting hint.
A '?' icon can also appear, if the offset can be specialized by selecting an union member. In this case, if you expand the structure in the tree, you can select the adequate union member simply by checking the desired radio button. IDA automatically corrects the related name in the 'Offsets' list.
The 'Offset delta' value represents the difference between the structure start and the pointer value. For example, if you have an operand 4 and want to convert in into an expression like "mystruct.field_6-2", then you have to enter 2 as the delta. Usually the delta is zero, i.e. the pointer points to the start of the structure.
The 'Hide sub structures without sub unions' option (checked by default) avoids to add unnecessary sub structures to the tree, to keep it as small as possible. If you uncheck this option, all sub structures will be added to the tree.
By default, IDA displays the structure member at offset 0. To change this behaviour, you can directly disable the 'Force zero offset field' in the 'Options' frame. Later zero offsets can be forced using Edit, Structs, Force zero offset menu item.
This command converts immediate operand(s) type of the current instruction/data to an offset within the specified structure. Before using this command, you have to define a structure type.
First of all, IDA will ask a so-called "struct offset delta". This value represents the difference between the structure start and the pointer value. For example, if you have an operand 4 and want to convert in into an expression like "mystruct.field_6-2", then you have to enter 2 as the delta. Usually the delta is zero, i.e. the pointer points to the start of the structure.
If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the an operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.
When you use this command, IDA deletes the manually entered operand.
If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.
By default IDA doesn't display the structure member at offset 0. To change this behaviour, use Force zero field offset command.
Moreover, if there are several possible representations (this can happen if unions are used), select the desired representation using the Select union member... command.
See also:
Enter #th operand manually command.
Related topics: Edit|Operand types submenu.
Last updated