LogoLogo
IDA 9.1
IDA 9.1IDA 9.0sp1IDA 9.0IDA 8.5IDA 8.4
IDA 9.1
IDA 9.1IDA 9.0sp1IDA 9.0IDA 8.5IDA 8.4
  • Welcome to Hex-Rays docs
    • What's new?
  • Getting Started
    • Install IDA
    • Licensing
    • Basic Usage
    • What's next?
  • User Guide
    • User Interface
      • Menu Bar
        • File
          • Load file
          • Script File
          • Script command
          • Produce output files
          • Invoke OS Shell
          • Take database snapshot
          • Save database
          • Save database as...
          • Abort IDA
          • Exit IDA
        • Edit
          • Export data
          • Undo an action
          • Redo an action
          • Clear undo history
          • Disable undo
          • Convert to instruction
          • Convert to data
          • Convert to string literal
          • Convert to array
          • Undefine a byte
          • Give Name to the Location
          • Operand types
            • Offset
            • Number
            • Perform en masse operation
            • Convert operand to character
            • Convert operand to segment
            • Complex Offset Expression
            • Convert operand to symbolic constant (enum)
            • Convert operand to stack variable
            • Change operand sign
            • Bitwise negate operand
            • User-defined operand
            • Set operand type
          • Comments
          • Functions
          • Structs
          • Segments
          • Patch core
          • Other
            • Rename Any Address
          • Plugins
        • Jump
          • Center current line in window
          • Problems List
        • Search
          • REGULAR EXPRESSION SYNTAX SUMMARY
        • View
          • Open subviews
          • Graphs
          • Arrows window
          • Database snapshot manager
          • Highlighting identifiers
          • Browser options
          • Lumina options
          • Assembler level and C level types
          • C++ type details
          • Bookmarks window
          • Calculator
          • View segment registers
          • View Internal Flags
          • Hide
          • Unhide
          • Del hidden range
          • Hide all items
          • Unhide all items
          • Setup hidden items
        • Debugger
          • Debugger window
          • Process Control
            • Start process
            • Process options
            • Pause process
            • Terminate process
            • Step into
            • Step over
            • Run to cursor
            • Run until return
            • Attach to process
            • Detach from process
            • Set current ip
            • Show application screen
          • Breakpoints
          • Watches
          • Tracing
          • Source code view
            • Watch view (source level)
          • Process Memory
            • Take memory snapshot
            • Manual memory regions
            • Refresh memory
          • Thread list
          • Module list
          • Stack trace
          • Exceptions
          • Debugger options
          • Switch debugger
        • Lumina
        • Options
          • Low & High Suspicious Operand Limits
        • Windows
          • Rename a stack variable
          • Miscellanous Options
          • Environment variables
          • Reset Hidden Messages
          • Various dialog help messages
          • Output window
        • List of all menu options
      • Desktops
      • Command line
      • How To Use List Viewers in IDA
      • Database conversion from idb to i64
    • Disassembler
      • Interactivity
      • Background Analysis
      • Graph view
        • Graphing tutorial
      • Proximity view
      • Navigation
        • Anchor
        • How to Enter a Segment Value
        • How to Enter a Number
        • How to Enter an Identifier
        • How to enter text
        • How to Enter an Address
      • Disassembly Gallery
        • Philips 51XA-G3
        • 6502 and 65C02 Disassembler
        • 6301, 6303, 6800, 6801 and 6803 Disassembler
        • 68040, Amiga
        • 6805 Disassembler
        • 6808 Disassembler
        • 6809 OS9 Flex Disassembler
        • 6809 Disassembler
        • 6811 Disassembler
        • 68HC12 Disassembler
        • 68HC16 Disassembler
        • 68k Amiga Disassembler
        • 68k Mac OS
        • 68k Palm Pilot
        • Unix COFF
        • NEC 78k0 and 78k0s Processor
        • 80196 Processor
        • 8051 Disassembler
        • Analog Devices 218x.
        • Alpha Processor – NT COFF
        • Alpha Processor – Unix ELF
        • Android ARM Executables (.elf)
        • ARC Processor
        • ARM Processor EPOC App
        • ARM Processor EPOC PE File
        • ARM Processor EPOC ROMFile
        • EPOC SIS File Handler
        • ARM Processor iOS (iPhone): Unlock
        • ARM Processor iOS (iPhone): Objective-C metadata
        • ARM Processor iOS (iPhone): Objective-C Instance variables
        • ARM Processor iOS (iPhone): Parameter Identification & Tracking (PIT)
        • ARM Processor iOS (iPhone): Start
        • ARM Processor iOS (iPhone): Switch statements
        • ARM Processor iOS (iPhone): C++ signatures
        • ARM Processor iOS (iPhone): Write
        • ARM Processor: Linux ELF
        • ARM Processor: AOF SDK
        • ARM Processor: Windows CE COFF Format
        • ARM Processor: Windows CE PE Format
        • ATMEL AVR Disassembler
        • C166 Processor
        • C166 Processor with ELF file
        • Rockwell C39
        • Microsoft .NET CLI Disassembler. VisualBasic library
        • CR16
        • Android Dalvik Executables (.dex)
        • Microsoft .NET CLI Disassembler
        • DSP56K
        • Fujitsu FR (.elf)
        • Gameboy
        • H8 300: COFF FILE Format
        • H8 300s: COFF FILE Format
        • H8 500
        • HPPA Risc Processor: HP-UX SOM
        • i51
        • i860
        • Intel i960
        • Intel IA-64 (Itanium)
        • Java Bytecode
        • Angstrem KR 1878
        • Renesas/Hitachi M16C
        • Renesas/Hitachi M32R
        • M740
        • M7700
        • M7900
        • MIPS Processor: Nintendo N64
        • MIPS R5900 Processor : Sony bin
        • MIPS Processor: Sony ELF
        • MIPS Processor: Sony PSX
        • MIPS Processor: Sony PSX
        • MIPS Processor: Unix COFF File Format
        • MIPS Processor: Unix ELF File Format
        • MIPS Processor: Windows CE PE File Format
        • MIPS Processor: Windows CE PE2 File Format
        • Panasonic MN102
        • Atmel OAK DSP
        • 80×86 Architecture: DOS Extender
        • 80×86 Architecture: Watcom Runtime
        • 80×86 Architecture: Geos APP
        • 80×86 Architecture: Geos DRV
        • 80×86 Architecture: Geos LIB
        • 80×86 Architecture: GNU COFF Format
        • 80×86 Architecture: OS/2 Linear Executable Format
        • 80×86 Architecture: Netware NLM
        • 80×86 Architecture: QNX Executable
        • 80×86 Architecture: Watcom Runtime
        • 80×86 Architecture: Windows OMF
        • 80×86 Architecture: Windows Portable Executable Format
        • 80×86 Architecture: Windows Virtual Device Driver
        • 80×86 Architecture: Windows 16 bits DLL
        • X-Box Disassembler
        • PDP 11: SAV File
        • PIC
        • PIC 12xx
        • Power PC AIF ECOFF file Format
        • Power PC Linux ELF
        • Mac OS PEF File
        • Mac OS X File
        • Windows NT PE File
        • Hitachi SH-1 Processor
        • Hitachi SH-3 Processor: Windows CE COFF format
        • Hitachi SH-3 Processor: Windows CE PE format
        • Hitachi SH-4 Processor: ELF File Format
        • Hitachi SH-4 Processor: Windows CE PE File Format
        • Super Nintendo Entertainement System (SNES)
        • SPARC Solaris COFF
        • SPARC Solaris ELF
        • SPARC Sun ELF
        • SPARC Sun ELF SO
        • ST 20C4
        • ST 7
        • ST 9
        • Toshiba TLCS 900
        • TMS 320c2 COFF
        • TMS 320c5
        • TMS 320c54
        • TMS 320c6 COFF File Format
        • TRICORE
        • SunPlus unSP
        • NEC V850
        • Z180 COFF File Format
        • Z380 COFF File Format
        • Z8
        • Z80
      • Supported processors
      • Supported file formats
        • Windmp file loader
      • Bitfields
        • Bit Fields tutorial
      • Structures tutorial
      • Union tutorial
      • Variable length structures tutorial
      • Data types, operands and constructs
      • Packed executables
    • Decompiler
      • Prerequisites
      • Quick primer
      • Exception handler
      • Introduction to Decompilation vs. Disassembly
        • Comparisons of ARM disassembly and decompilation
        • Comparisons of PowerPC disassembly and decompilation
        • Comparisons of MIPS disassembly and decompilation
        • Hex-Rays v7.4 vs. v7.3 Decompiler Comparison Page
        • Hex-Rays v7.3 vs. v7.2 Decompiler Comparison Page
        • Hex-Rays v7.2 vs. v7.1 Decompiler Comparison Page
      • Interactive operation
        • Rename
        • Set type
        • Set number representation
        • Edit indented comment
        • Edit block comment
        • Hide/unhide C statements
        • Split/unsplit expression
        • Force call type
        • Set call type
        • Add/del variadic arguments
        • Del function argument
        • Add/delete function return type
        • Jump to cross reference
        • Jump to cross reference globally
        • Generate HTML file
        • Mark/unmark as decompiled
        • Copy to assembly
        • Show/hide casts
        • Reset pointer type
        • Convert to struct *
        • Create new struct type
        • Split variable
        • Select union field
        • Jump to paired paren
        • Collapse/uncollapse item
        • Map to another variable
      • Batch operation
      • Configuration
      • Third party plugins
      • Floating point support
      • Support for intrinsic functions
      • Overlapped variables
      • gooMBA
      • Failures and troubleshooting
      • FAQ
      • Limitations
      • Tips and tricks
    • Debugger
      • Instant debugger
      • Remote debugging
        • Remote iOS Debugger
        • Android debugger
        • Dalvik debugger
        • Remote GDB Debugger
          • Remote GDB Debugger options
          • Debugging with gdbserver
          • Debugging with VMWare
          • Debugging with OpenOCD
          • Debugging with QEMU
          • External programs and GDB Debugger
          • Debugging code snippets with QEMU
        • PIN debugger
          • Building the PIN tool
          • Connecting a remote PIN tool instance from IDA
          • PIN support for MacOSX
        • Replayer debugger
        • Bochs debugger
          • Bochs Disk Image operation mode
          • Bochs IDB operation mode
          • Bochs PE operation mode
          • Bochs debugger FAQ
      • Local debugging
        • WinDbg Debugger
        • WinDbg: Time Travel Debugging
        • Linux debugger
        • Intel/ARM macOS debugger
      • Debugger tutorials
        • Debugging Dalvik Programs
        • IDA Win32 Local Debugging
        • IDA Linux Local Debugging
        • IDA Linux to Win64 Debugging
        • IDA Win32 to Linux Debugging
        • Debugging Mac OSX Applications with IDA Pro
        • Debugging iOS Applications using CoreDevice (iOS 17 and up)
        • Debugging iOS Applications with IDA Pro
        • Debugging Linux Applications locally
        • Debugging Linux/Windows Applications with PIN Tracer module
        • Debugging Windows Applications with IDA Bochs Plugin
        • Debugging Windows Applications with IDA WinDbg Plugin
        • Using the Bochs debugger plugin in Linux
        • Debugging Windows Kernel with VMWare and IDA WinDbg Plugin
        • Debugging Linux Kernel under VMWare using IDA GDB debugger
        • Windows Debugger Hub
        • Linux Debugger
        • Debugging a Windows executable locally and remotely
        • Debugging the XNU Kernel with IDA Pro
        • Remote debugging with IDA Pro
        • IDA Scriptable Debugger: overview
          • IDA Scriptable Debugger: scriptability
        • Debugging code snippets with QEMU debugger (a la IDA Bochs debugger)
        • Trace Replayer and managing traces
        • Using IDA Pro's tracing features
        • Working with PIN
        • Appcall
    • Creating Signatures
      • FLIRT
        • IDA F.L.I.R.T. Technology: In-Depth
        • Generate FLIRT signature file
        • Supported Compilers
          • Turbo Pascal
          • Delphi
      • Makesig
    • Types
      • Creating Type Libraries
        • IDAClang
        • TILIB
    • Configuration
      • Configuration files
      • Command line switches
      • Keyboard macros
      • UI/Fonts/Themes
      • Shortcuts
      • Customizing IDA
      • CSS-based styling
    • Teams
      • Diffing and Merging Databases with IDA Teams
      • Teams lc command reference manual
      • hv command reference manual
      • Hex-Rays Vault’s visual client user manual
    • Lumina
      • lc command reference manual
    • Plugins
      • Open Plugin Architecture
      • Plugin options
      • Plugins Shipped with IDA
        • Swift plugin
        • Golang plugin
        • Rust plugin
        • picture_search
        • Objective-C Analysis Plugin
        • DYLD Shared Cache Utils
        • Borland RTTI descriptors plugin
        • DWARF plugin
        • Patfind plugin
        • IDA Feeds
          • FLIRT Signature Bundle
      • Plugin Contest
      • How to write your own plugin?
    • Helper Tools
    • idalib
    • Licenses
      • Apache License for Ghidra
      • Apache License for LLVM
      • Common Public License Version 1.0
      • APPLE PUBLIC SOURCE LICENSE
      • PCRE2 LICENCE
      • GNU Lesser General Public License v2.1 for libiberty
    • Floating licenses
  • Developer Guide
    • C++ SDK
      • Getting Started
      • Reference
      • Using the Decompiler SDK: Decompiler plugin
      • Examples
      • How to create a plugin?
      • Porting Guide from IDA 8.x to 9.0
    • IDAPython
      • Getting Started
      • Reference
      • Examples
      • How to create a plugin?
      • Porting Guide from IDA 8.x to 9.0
    • IDC
      • Core concepts
        • Expressions
        • Statements
        • Functions
        • Variables
        • Constants
        • Exceptions
        • Classes
        • Predefined symbols
        • loader_input_t class
        • Slices
      • Reference
        • Index of debugger related IDC functions
        • Alphabetical list of IDC functions
          • add_auto_stkpnt
          • add_bpt
          • add_cref
          • add_default_til
          • add_dref
          • add_entry
          • add_enum
          • add_enum_member
          • add_func
          • add_hidden_range
          • add_idc_hotkey
          • add_segm_ex
          • add_sourcefile
          • add_struc
          • add_struc_member
          • add_user_stkpnt
          • append_func_tail
          • apply_type
          • ask_addr
          • ask_file
          • ask_long
          • ask_seg
          • ask_str
          • ask_yn
          • atoa
          • atol
          • attach_process
          • auto_mark
          • auto_mark_range
          • auto_unmark
          • auto_wait
          • batch
          • begin_type_updating
          • byte
          • byte_value
          • calc_gtn_flags
          • call_system
          • can_exc_continue
          • check_bpt
          • choose_func
          • cleanup_appcall
          • clear_selection
          • clear_trace
          • clr_database_flag
          • collect_stack_trace
          • compile_idc_file
          • compile_idc_text
          • create_align
          • create_array
          • create_byte
          • create_custom_data
          • create_data
          • create_double
          • create_dword
          • create_enum_type
          • create_float
          • create_insn
          • create_oword
          • create_pack_real
          • create_qword
          • create_strlit
          • create_struct
          • create_tbyte
          • create_word
          • create_yword
          • dalvik_get_array_elem
          • dalvik_get_array_size
          • dalvik_get_instance_fld
          • dalvik_get_local
          • dalvik_get_local_typed
          • dbg_appcall
          • decode_insn
          • define_exception
          • define_local_var
          • del_array_element
          • del_bpt
          • del_cref
          • del_dref
          • del_enum
          • del_enum_member
          • del_extra_cmt
          • del_fixup
          • del_func
          • del_hash_string
          • del_hidden_range
          • del_idc_hotkey
          • del_items
          • del_segm
          • del_selector
          • del_source_linnum
          • del_sourcefile
          • del_stkpnt
          • del_struc
          • del_struc_member
          • del_user_info
          • delattr
          • delete_all_segments
          • delete_array
          • demangle_name
          • detach_process
          • diff_trace_file
          • dword
          • enable_bpt
          • enable_tracing
          • end_type_updating
          • error
          • eval
          • EVAL_FAILURE
          • eval_python
          • exec_idc
          • exec_python
          • exit_process
          • expand_struc
          • fclose
          • fgetc
          • filelength
          • find_binary
          • find_code
          • find_custom_data_format
          • find_custom_data_type
          • find_data
          • find_defined
          • find_func_end
          • find_imm
          • find_selector
          • find_suspop
          • find_text
          • find_unknown
          • first_func_chunk
          • firstattr
          • fopen
          • force_bl_call
          • force_bl_jump
          • forget_exception
          • format_cdata
          • fprintf
          • fputc
          • fseek
          • ftell
          • func_contains
          • gen_file
          • gen_flow_graph
          • gen_simple_call_chart
          • generate_disasm_line
          • get_appcall_options
          • get_array_element
          • get_array_id
          • get_bmask_cmt
          • get_bmask_name
          • get_bookmark
          • get_bookmark_desc
          • get_bpt_attr
          • get_bpt_ea
          • get_bpt_qty
          • get_bpt_tev_ea
          • get_bytes
          • get_call_tev_callee
          • get_cmt
          • get_color
          • get_curline
          • get_current_tev
          • get_current_thread
          • get_db_byte
          • get_debug_name
          • get_debug_name_ea
          • get_debugger_event_cond
          • get_double
          • get_entry
          • get_entry_name
          • get_entry_ordinal
          • get_entry_qty
          • get_enum
          • get_enum_cmt
          • get_enum_flag
          • get_enum_member
          • get_enum_member_bmask
          • get_enum_member_by_name
          • get_enum_member_cmt
          • get_enum_member_enum
          • get_enum_member_name
          • get_enum_member_value
          • get_enum_name
          • get_enum_size
          • get_enum_width
          • get_event_bpt_hea
          • get_event_ea
          • get_event_exc_code
          • get_event_exc_ea
          • get_event_exc_info
          • get_event_exit_code
          • get_event_id
          • get_event_info
          • get_event_module_base
          • get_event_module_name
          • get_event_module_size
          • get_event_pid
          • get_event_tid
          • get_exception_code
          • get_exception_flags
          • get_exception_name
          • get_exception_qty
          • get_extra_cmt
          • get_fchunk_attr
          • get_fchunk_referer
          • get_field_ea
          • get_file_ext
          • get_first_bmask
          • get_first_cref_from
          • get_first_cref_to
          • get_first_dref_from
          • get_first_dref_to
          • get_first_enum_member
          • get_first_fcref_from
          • get_first_fcref_to
          • get_first_hash_key
          • get_first_index
          • get_first_member
          • get_first_module
          • get_first_seg
          • get_fixup_target_dis
          • get_fixup_target_flags
          • get_fixup_target_off
          • get_fixup_target_sel
          • get_fixup_target_type
          • get_flags
          • get_float
          • get_forced_operand
          • get_fpnum
          • get_frame_args_size
          • get_frame_id
          • get_frame_lvar_size
          • get_frame_regs_size
          • get_frame_size
          • get_full_flags
          • get_func_attr
          • get_func_cmt
          • get_func_flags
          • get_func_name
          • get_func_off_str
          • get_gotea
          • get_hash_long
          • get_hash_string
          • get_idb_path
          • get_imagebase
          • get_inf_attr
          • get_input_file_path
          • get_ip_val
          • get_item_end
          • get_item_head
          • get_item_size
          • get_last_bmask
          • get_last_enum_member
          • get_last_hash_key
          • get_last_index
          • get_last_member
          • get_local_tinfo
          • get_manual_insn
          • get_member_by_idx
          • get_member_cmt
          • get_member_flag
          • get_member_id
          • get_member_name
          • get_member_offset
          • get_member_qty
          • get_member_size
          • get_member_strid
          • get_min_spd_ea
          • get_module_info
          • get_module_name
          • get_module_size
          • get_name
          • get_name_ea
          • get_name_ea_simple
          • get_named_type_tid
          • get_next_bmask
          • get_next_cref_from
          • get_next_cref_to
          • get_next_dref_from
          • get_next_dref_to
          • get_next_enum_member
          • get_next_fchunk
          • get_next_fcref_from
          • get_next_fcref_to
          • get_next_fixup_ea
          • get_next_func
          • get_next_hash_key
          • get_next_index
          • get_next_module
          • get_next_offset
          • get_next_seg
          • get_nsec_stamp
          • get_numbered_type_name
          • get_numbered_type_tid
          • get_operand_type
          • get_operand_value
          • get_ordinal_limit
          • get_original_byte
          • get_prev_bmask
          • get_prev_enum_member
          • get_prev_fchunk
          • get_prev_fixup_ea
          • get_prev_func
          • get_prev_hash_key
          • get_prev_index
          • get_prev_offset
          • get_process_state
          • get_processes
          • get_processor_name
          • get_qword
          • get_reg_value
          • get_ret_tev_return
          • get_root_filename
          • get_screen_ea
          • get_segm_attr
          • get_segm_by_sel
          • get_segm_end
          • get_segm_name
          • get_segm_start
          • get_source_linnum
          • get_sourcefile
          • get_sp_delta
          • get_spd
          • get_sreg
          • get_step_trace_options
          • get_str_type
          • get_strlit_contents
          • get_struc_cmt
          • get_struc_id
          • get_struc_name
          • get_struc_size
          • get_tev_ea
          • get_tev_mem
          • get_tev_mem_ea
          • get_tev_mem_qty
          • get_tev_qty
          • get_tev_reg
          • get_tev_tid
          • get_tev_type
          • get_thread_qty
          • get_tinfo
          • get_trace_file_desc
          • get_type
          • get_wide_byte
          • get_wide_dword
          • get_wide_word
          • get_xref_type
          • getattr
          • getn_thread
          • getn_thread_name
          • guess_type
          • has_name
          • has_user_name
          • has_value
          • has_xref
          • hasattr
          • idadir
          • import_type
          • inf_is_32bit_or_higher
          • inf_is_64bit
          • inf_set_32bit
          • inf_set_64bit
          • is_align
          • is_bf
          • is_bin0
          • is_bin1
          • is_byte
          • is_char0
          • is_char1
          • is_code
          • is_code_far
          • is_custfmt0
          • is_custfmt1
          • is_custom
          • is_data
          • is_data_far
          • is_dec0
          • is_dec1
          • is_defarg0
          • is_defarg1
          • is_double
          • is_dword
          • is_enum0
          • is_enum1
          • is_event_handled
          • is_extra_cmts
          • is_float
          • is_float0
          • is_float1
          • is_flow
          • is_head
          • is_hex0
          • is_hex1
          • is_loaded
          • is_manual0
          • is_manual1
          • is_mapped
          • is_member_id
          • is_oct0
          • is_oct1
          • is_off0
          • is_off1
          • is_oword
          • is_pack_real
          • is_qword
          • is_seg0
          • is_seg1
          • is_stkvar0
          • is_stkvar1
          • is_strlit
          • is_stroff0
          • is_stroff1
          • is_struct
          • is_tail
          • is_tbyte
          • is_union
          • is_unknown
          • is_valid_trace_file
          • is_word
          • is_yword
          • JDWP_ArrayReference_GetValues
          • JDWP_ArrayReference_Length
          • JDWP_Method_Bytecodes
          • JDWP_Method_VariableTable
          • JDWP_Method_VariableTableWithGeneric
          • JDWP_ObjectReference_ReferenceType
          • JDWP_ReferenceType_Fields
          • JDWP_ReferenceType_Instances
          • JDWP_ReferenceType_Methods
          • JDWP_ReferenceType_NestedTypes
          • JDWP_ReferenceType_Signature
          • JDWP_ReferenceType_SourceFile
          • JDWP_StackFrame_GetValue
          • JDWP_StringReference_Value
          • JDWP_ThreadReference_Frames
          • JDWP_ThreadReference_ThreadGroup
          • JDWP_VirtualMachine_AllClasses
          • JDWP_VirtualMachine_AllThreads
          • JDWP_VirtualMachine_ClassesBySignature
          • JDWP_VirtualMachine_IDSizes
          • JDWP_VirtualMachine_Version
          • jumpto
          • lastattr
          • load_and_run_plugin
          • load_debugger
          • load_trace_file
          • load_type
          • loader_input_t_close
          • loader_input_t_getc
          • loader_input_t_gets
          • loader_input_t_getz
          • loader_input_t_read
          • loader_input_t_readbytes
          • loader_input_t_seek
          • loader_input_t_size
          • loader_input_t_tell
          • loadfile
          • ltoa
          • make_array
          • mkdir
          • move_segm
          • msg
          • next_addr
          • next_func_chunk
          • next_head
          • next_not_tail
          • nextattr
          • object_retrieve
          • object_store
          • op_bin
          • op_chr
          • op_dec
          • op_enum
          • op_flt
          • op_hex
          • op_man
          • op_num
          • op_oct
          • op_offset
          • op_offset_high16
          • op_plain_offset
          • op_seg
          • op_stkvar
          • op_stroff
          • open_loader_input
          • ord
          • parse_decl
          • parse_decls
          • patch_byte
          • patch_dbg_byte
          • patch_dword
          • patch_qword
          • patch_word
          • plan_and_wait
          • plan_to_apply_idasgn
          • prev_addr
          • prev_head
          • prev_not_tail
          • prevattr
          • print
          • print_decls
          • print_insn_mnem
          • print_operand
          • process_config_directive
          • process_ui_action
          • put_bookmark
          • qbasename
          • qdirname
          • qexit
          • qisabspath
          • qmake_full_path
          • qmakefile
          • qsleep
          • qword
          • read_dbg_byte
          • read_dbg_dword
          • read_dbg_memory
          • read_dbg_qword
          • read_dbg_word
          • read_msr
          • read_selection_end
          • read_selection_start
          • readlong
          • readshort
          • readstr
          • rebase_program
          • recalc_spd
          • refresh_choosers
          • refresh_debugger_memory
          • refresh_idaview_anyway
          • remove_fchunk
          • rename
          • rename_array
          • rename_entry
          • resume_process
          • resume_thread
          • retrieve_input_file_md5
          • rotate_byte
          • rotate_dword
          • rotate_left
          • rotate_word
          • run_to
          • sanitize_file_name
          • save_database
          • save_trace_file
          • savefile
          • search_path
          • sel2para
          • select_thread
          • selector_by_name
          • send_dbg_command
          • set_appcall_options
          • SET_APPCALL_TIMEOUT
          • set_array_long
          • set_array_params
          • set_array_string
          • set_bmask_cmt
          • set_bmask_name
          • set_bpt_attr
          • set_bpt_cond
          • set_cmt
          • set_color
          • set_current_tev
          • set_database_flag
          • set_debugger_event_cond
          • set_debugger_options
          • set_default_sreg_value
          • set_enum_bf
          • set_enum_cmt
          • set_enum_flag
          • set_enum_member_cmt
          • set_enum_member_name
          • set_enum_name
          • set_enum_width
          • set_exception_flags
          • set_fchunk_attr
          • set_fixup
          • set_flag
          • set_frame_size
          • set_func_attr
          • set_func_cmt
          • set_func_end
          • set_func_flags
          • set_func_start
          • set_hash_long
          • set_hash_string
          • set_ida_state
          • set_inf_attr
          • set_local_type
          • set_manual_insn
          • set_member_cmt
          • set_member_name
          • set_member_type
          • set_name
          • set_named_type
          • set_numbered_type
          • set_processor_type
          • set_reg_value
          • set_remote_debugger
          • set_root_filename
          • set_segm_addressing
          • set_segm_alignment
          • set_segm_attr
          • set_segm_class
          • set_segm_combination
          • set_segm_name
          • set_segm_type
          • set_segment_bounds
          • set_selector
          • set_source_linnum
          • set_step_trace_options
          • set_storage_type
          • set_struc_cmt
          • set_struc_name
          • set_tail_owner
          • set_target_assembler
          • set_trace_file_desc
          • setattr
          • sizeof
          • split_sreg_range
          • sprintf
          • start_process
          • step_back
          • step_into
          • step_over
          • step_until_ret
          • strfill
          • stristr
          • strlen
          • strstr
          • STRTERM1
          • STRTERM2
          • substr
          • suspend_process
          • suspend_thread
          • take_memory_snapshot
          • tinfo_errstr
          • to_ea
          • TO_LONG
          • toggle_bnot
          • toggle_sign
          • tolower
          • toupper
          • trim
          • TRUNC
          • typeinfo_print
          • typeinfo_size
          • unlink
          • update_extra_cmt
          • update_hidden_range
          • validate_idb_names
          • value_is_float
          • value_is_func
          • value_is_int64
          • value_is_long
          • value_is_object
          • value_is_pvoid
          • value_is_string
          • wait_for_next_event
          • warning
          • word
          • write_dbg_memory
          • write_msr
          • writelong
          • writeshort
          • writestr
          • xtol
      • Examples
        • Analyzing encrypted code
  • Admin Guide
    • Lumina server
    • Teams server
    • License server
      • Hex-Rays License Server Migration Guide
      • Hex-Rays License Server on WSL
  • Release Notes
    • IDA 9.1
    • IDA 9.0sp1
    • IDA 9.0
    • IDA 8.5
    • IDA 8.4sp2
    • IDA 8.4sp1
    • IDA 8.4
    • IDA 8.3
    • IDA 8.2sp1
    • IDA 8.2
    • IDA 8.1
    • IDA 8.0sp1
    • IDA 8.0
    • IDA 7.7sp1
    • IDA 7.7
    • IDA 7.6sp1
    • IDA 7.6
    • IDA 7.5sp3
    • IDA 7.5sp2
    • IDA 7.5sp1
    • IDA 7.5
    • IDA 7.4sp1
    • IDA 7.4
    • IDA 7.3
      • IDA 7.3 Undo: IDA can do it
    • IDA 7.2
      • IDA 7.2 The Mac Rundown
    • IDA 7.1
      • IDA 7.1 Debugger API 7.1 Porting Guide
    • IDA 7.0sp1
    • IDA 7.0
      • Internationalization (i18n)
      • Automatic discovery of string literals
      • API 7.0 Porting Guide
      • IDAPython backward compatibility
    • IDA 6.95
    • IDA 6.9
    • IDA 6.8
    • IDA 6.7
    • IDA 6.6
    • IDA 6.5
    • IDA 6.4
    • IDA 6.3
    • IDA 6.2
    • IDA 6.1
    • IDA 6.0
    • IDA 5.7
    • IDA 5.6
    • IDA 5.5
      • 5.5 Gallery
      • 5.5 Comparison
    • IDA 5.4
    • IDA 5.3
    • IDA 5.2
    • IDA 5.1
    • IDA 5.0
    • IDA 4.9SP
    • IDA 4.9
    • IDA 4.8
    • IDA 4.7
    • IDA 4.6
    • IDA 4.x
    • IDA 3.x
    • Cumulative bugfix for IDA
  • Archive
    • IDA’s Windbg plugin
    • IDA’s Bochs debugger plugin
    • IDA’s Bochs debugger plugin 2
    • DosWin32
    • Hex-Rays v1.1 vs. v1.0 Decompiler Comparison Page
    • Hex-Rays v1.2 vs. v1.1 Decompiler Comparison Page
    • Hex-Rays v1.3 vs. v1.2 Decompiler Comparison Page
    • Hex-Rays v1.6 vs. v1.5 Decompiler Comparison Page
    • Hex-Rays v1.7 vs. v1.6 Decompiler Comparison Page
    • Costly Greetings – An Adventure In Hostile Code Analysis
    • An Adventure In Hostile Code Analysis: Description
    • An Adventure In Hostile Code Analysis: Disassembly
    • Improved code flow analysis
    • Program Navigation Bar
    • IDA Home Contest
    • Pimp My IDA: vote results
    • Turning off IDA 6.x compatibility in IDAPython
    • Porting guide for IDA 7.4 turning off IDA 6.x API backwards-compatibility by default
    • Porting guide for IDA 7.4 IDAPython and Python 3
    • IDAPython and Python 3
    • Porting guide for changes in IDAPython-on-Python-3 APIs
    • Debugging iOS Applications With IDA
    • IDA Win32 to Win32 Debugging
    • IDA Win32 to Win64 Debugging
    • Legacy license server: Floating Licenses
      • Installing on Linux
      • Installing on Windows
      • Installing on OS X
    • Decompiler Installation
    • Enumerated types tutorial
  • Bug Bounty
Powered by GitBook
LogoLogo

Need Help?

  • FAQs
  • Support

Community

  • Forum
  • Plugins

Resources

  • Blog
  • Download center

© 2025 Copyright Hex-Rays

On this page

Was this helpful?

Export as PDF

Last updated 26 days ago

Was this helpful?

A complex offset expression looks like

It is specified by:

The relationship between these parameters is (the formula is given for full offsets):

You always have to specify the offset type and base. Usually, the delta is equal to zero. For the full offset type you may omit the offset target, which is recommended. In this case, IDA will calculate it automatically. However, if you specify the offset target, make sure that the relationship between the parameters still holds. For the half offset types, you have to specify the target because there is no way to calculate it.

The offset types:

See also

  1. User Guide
  2. User Interface
  3. Menu Bar
  4. Edit
  5. Operand types

Complex Offset Expression

        offset target + delta - offset base
        - type (OFF16, OFF32, LOW16, etc.)
        - base
        - optional target
        - optional delta from target
        operand_value = target + delta - base

  or (the same relationship in a different form):

        target = operand_value - delta + base
  8-bit full offset            :
  16-bit full offset           :
  32-bit full offset           :

    The full offsets are regular offset expressions like

        offset label

    They can occupy 8, 16, or 32 bits.
    You have to specify the offset base for these offsets.

  low 8 bits of 16-bit offset  :

    Only the low 8 bits of the offset. IDA will represent them as

        (offset label) & 0xFF

  low 16 bits of 32-bit offset :

    Only the low 16 bits of the offset. IDA will represent them as

        (offset label) & 0xFFFF

  high 8 bits of 16-bit offset :

    Only the high 8 bits of the offset. IDA will represent them as

        offset label >> 8

  high 16 bits of 32-bit offset:

    Only the high 17 bits of the offset. IDA will represent them as

        offset label >> 16
offset by any user-specified base