Variable length structures tutorial

Suppose the source text looked like this:

struct node_t
{
  long id;
  char *name;
  long nchild;                  // number of children
  long child[];                 // children
};

node_t n0 = { 0, "first",  2, { 1, 2 } };
node_t n1 = { 1, "second", 1, { 3 }    };
node_t n2 = { 2, "third",  1, { 4 }    };
node_t n3 = { 3, "fourth", 0,          };
node_t n4 = { 4, "fifth",  0,          };

Note that the length of the last field of the structure is not specified. In order to be able to create structures like this in a disassembly we must create a special kind of structure – a variable sized structure. A variable sized structure is created just as a normal structure is. The only difference is that the last member of the structure should be declared as an array with zero elements. (Just a reminder: arrays are declared with an * hotkey). Here is a sample variable sized structure definition:

Now we may switch to the disassembly window (or just close the enumeration window by pressing Alt-F3). In order to apply the defined structure we use Edit|Structs|Declare struct var. But since the structure size cannot be calculated by IDA we need to specify the desired structure size by selecting an area to convert to a structure. Another way to specify the size of a structure would be to use * hotkey. In all cases you need to tell IDA the exact size of a variable sized structure. The initial disassembly will evolve from this to this:

That’s all folks !

Last updated 1 month ago