Segments

This submenu allows you to manipulate segments of the program:

See also:

Create a new segment

Action    name: CreateSegment

This command allows you to create a new segment.

If you select a range using the anchor, IDA will propose the start address and the end address of the selection as defaults for the segment bounds.

You need to specify at least:

    - the segment start address
    - the segment end address (excluded from the range)
    - the segment base

Click here to learn about addressing model used in IDA.

If "sparse storage" is set, IDA will use special sparse storage method for the segment. This method is recommended for huge segments. Later, it is possible to change the storage method of any region using set_storage_type IDC function.

If another segment already exists at the specified address, the existing segment is truncated and the new segment lasts from the specified start address to the next segment (or specified end address, whichever is lower). If the old and the new segments have the same base address, instructions/data will not be discarded by IDA. Otherwise, IDA will discard all instructions/data of the new segment.

An additional segment may be created by IDA to cover the range after the end of the new segment.

IDA address space concepts

nternally, IDA has 32-bit linear address space (IDA64 uses 64-bit address space). The internal addresses are called "linear addresses". The input program is loaded into this linear address space.

Please note that usually the linear addresses are not used in the program directly. During disassembling, we use so-called "virtual addresses", which are calculated by the following formula:

        VirtualAddress = LinearAddress - (SegmentBase << 4);

We see that the SegmentBase determines what addresses will be displayed on the screen. More than that, IDA allows to create several segments with the same virtual address in them. For this, you just need to create segments with correct segment base values.

Normally a SegmentBase is a 16bit quantity. To create a segment with base >= 0x10000, you need to use selectors. However, if you try to create a segment with a segment base >= 0x10000, IDA will automatically choose appropriately a free selector and setup for the new segment.

All SegmentBases are looked up in the selector table.

There are some address restrictions in IDA.

There is a range of addresses that are used for internal housekeeping. This range can be specified by the configuration variable PRIVRANGE (start address and size). It is not recommended to use these addresses for other purposes.

There is also one address which must never be used in the disassembly. It is the 'all ones' address, or -1. Internally, it is used as a BADADDR (bad address). No address or address range can include BADADDR.

Related topics:

  • Click here to see an example of segment creation (simple case - IBM PC)

  • Click here to see an example of segment creation (simple case - Z80)

  • Click here to see another example of segment creation (automatically chosen selector)

  • Click here to see another example of segment creation (user-defined selector)

  • See also How to change segment translation

Create segment - simple case (PC)

IBM PC case -----------

Suppose we need to create a segment occupying addresses F000:1000..F000:2000 Let's calculate linear addresses:

        start = (0xF000 << 4) + 0x1000 = 0xF1000
        end   = (0xF000 << 4) + 0x2000 = 0xF2000

The segment base must be selected so that the first offset in our segment will be 0x1000. Let's find it using the following equation:

        VirtualAddress = LinearAddress - (SegmentBase << 4);
        0x1000         = 0xF1000 - (base << 4);

After solving this equation, we see that the segment base is equal to 0xF000. (you see, this is really a very simple case :) )

Now, we can create a segment entering:

        segment start address:  0xF1000
        segment end address:    0xF2000
        segment base:           0xF000

Please note that the end address never belongs to the segment in IDA.

Create segment - simple case (Z80)

Z80 case
 --------

Suppose we need to create a segment occupying virtual addresses 8000-C000. Since we are free to place our segment anywhere in the linear address space, we choose the linear addresses at our convenience. Let's say we choose a linear address 0x20000:

        start = 0x20000
        end   = start + 0x4000 = 0x24000

The segment base must be selected so that the virtual address in our segment will be 0x8000. Let's find it using the following equation:

        VirtualAddress = LinearAddress - (SegmentBase << 4);
        0x8000         = 0x20000 - (base << 4);
        base << 4      = 0x20000 - 0x8000
        base << 4      = 0x18000
        base           = 0x1800

After solving this equation, we see that the segment base is equal to 0x1800.

Now we can create a segment entering:

        segment start address:  0x20000
        segment end address:    0x24000
        segment base:           0x1800

Please note that the end address never belongs to the segment in IDA.

Create segment - automatically chosen selector case

Suppose we need to create a segment occupying linear addresses 200000-200C00 and the virtual addresses must have be 0000..0C00. If we simply enter

        segment start address:  0x200000
        segment end address:    0x200C00
        segment base:           0x20000

Then IDA will notice that the segment base is too big and does not fit into 16bits. Because of this IDA will find a free selector (let's say it has found selector number 5), define it to point at paragraph 0x20000 and create a segment. After all this we will have:

        - a new selector is defined (5 -> 0x20000)
        - a new segment is created. Its attributes:
                start = 0x200000
                end   = 0x200C00
                base  = 5

The first virtual address in the segment will be 0:

        VirtualAddress = LinearAddress - (SelectorValue(SegmentBase) << 4)
                       = 0x200000      - (SelectorValue(5) << 4)
                       = 0x200000      - (0x20000 << 4)
                       = 0x200000      - 0x200000
                       = 0

Please note that the end address never belongs to the segment in IDA.

Create segment - user-defined selector case

If the previous example we saw how IDA allocates a selector automatically. You could make it yourself:

1. Create a selector. For this, open the selectors window and press Ins. Enter a selector number and its value.

2. Create a segment. Specify the selector number as the segment base.

Delete a segment

Action    name: KillSegment

This command allows you to delete a segment.

IDA will ask your the permission to disable the addresses occupied by the segment. If you allow this operation, all information about the segment will be deleted. In other words, IDA will discard the information about instructions or data, comments etc.

If you check the "disable addresses" checkbox, IDA will mark the addresses occupied by the segment as "nonexistent" in the program. You will lose *ALL* information, including byte values.

It is impossible to disassemble the content of addresses not located in any segment, therefore you must create a new segment if you want to resume the disassembly of that part of the code.

You can also edit (see below) an adjacent segment to expand it to those addresses.

IDA will ask your the permission to disable addresses occupied by the segment. If you give your permission, information about the segment will be deleted, otherwise IDA will discard information about instruction/data, comments etc, but retain byte values so that you will be able to create another segment afterwards.

To disassemble the addresses occupied by the segment, you need to create a new segment again (i.e. you cannot disassemble bytes without a segment). You can also expand another adjacent segment to these addresses.

Change segment attributes

Changing the segment class may change the segment type.

MOVE ADJACENT SEGMENTS: means that the previous and next segments will be shrunk or expanded to fill gaps between segments. Click here for more information.

DISABLE ADDRESSES: if set, when a segment is shrunk, all information about bytes going out of the segment will be completely removed.. Otherwise, IDA will discard information about instructions/data, comments etc, but will retain byte values so that another segment can be created later and it will use the existing byte values.

If IDA creates 2 segments where only one segment must exist, you may try the following sequence:

  • delete one segment. Choose one with bad segment base value. Do not disable addresses occupied by the segment being deleted.

  • change bounds of another segment. Note that the create segment command changes the boundaries of the overlapping segment automatically.

Segments with the 'debugger' attribute are the segments whose memory contents are not saved in the database. Usually, these segments are created by the debugger to reflect the current memory state of the program.

However, the user can modify this attribute.

If it is cleared, then the segment will permanently stay in the database after closing the debugger session. The database will reflect the state of the segment which was at the time when the status is changed.

If it is set, then the segment will become a temporary segment and will be deleted at the end of the debugging session.

The "debugger segment" checbkox is available only during debugging sessions.

The 'loader' segments are the segment created by the file loader. The segment having this attribute are considered to be part of the input file.

A segment with the 'debugger' attribute set and the 'loader' attribute not set is considered to be an ephemeral segment. Such segments are not analyzed automatically by IDA.

"Segment permissions" group box can be used to modify Segment access permissions (Read/Write/Execute)

Change Segment Name

Enter a new name for the segment. A segment name is up to 8 characters long. IDA does check if the length is ok. Try to give mnemonic names for the segments.

Segment Class Name

The segment class name identifies the segment with a class name (such as CODE, FAR_DATA, or STACK). The linker places segments with the same class name into a contiguous range of memory in the runtime memory map.

Changing the segment class changes only the segment definition on the screen. There are the following predefined segment class names:

        CODE    -       Pure code
        DATA    -       Pure data
        CONST   -       Pure data
        BSS     -       Uninitialized data
        STACK   -       Uninitialized data
        XTRN    -       Extern definitions segment

If you change segment class and the segment type is "Regular", then the segment type will be changed accordingly.

In order to set the segment type "Regular", you should change the segment class to "UNK".

Segment class names are never deleted. Once you define a segment class name, you cannot reuse it as a name of another object.

Change Segment Addressing

You can choose between 16-bit and 32-bit segment addressing.

IDA will delete all instructions and data in the segment if the segment address is changed.

Never do it if you are not sure. It may have irreversible consequences, all instructions/data will be converted to undefined bytes.

Change Segment Alignment

Alignment: select between abs,byte,word,dword,para,page

You can specify the segment alignment for the selected segment. By default, IDA assumes 'byte' alignment.

Changing the alignment changes only the segment definition on the screen. Nothing else will happen.

Change Segment Combination

Combination

A field that describes how the linker can combine the segment with other segments. Under MS-DOS, segments with the same name and class can be combined in two ways: they can be concatenated to form one logical segment, or they can be overlapped. In the latter case, they have either the same start address or the same end address, and they describe a common range in memory. Values for the field are:

  Private. Do not combine with any
           other program segment.
  Public.  Combine by appending at
           an offset that meets the
           alignment requirement.

  Stack.   Combine as for Public.
           This combine type forces
           byte alignment.

  Common.  Combine by overlay using
           maximum size.

Changing segment combination changes only the segment definition on the screen. Nothing else will happen.

Move a segment

Action    name: MoveSegment

This command allows you to move segment(s) to another address. Use it if the segment(s) are loaded at a wrong address.

This command shifts (moves) the selected segments in the memory to the target address. There must be enough free space at the target address for the segments.

All information in the segment will be moved to the new address, but since the addresses change, the disassembly might be not valid anymore (especially if the program is moved to the wrong addresses and the relocation information is not available).

 Fix up relocations

        This option allows IDA to modify the references
        to/from the relocated segment(s). If it is turned
        off, the references might be wrong after the move.

Rebase program

Action    name: Rebase program

The whole program will be shifted by the specified amount of bytes in the memory. The following options are available (we strongly recommend to leave them turned on):

 Fix up relocations

        This option allows IDA to modify the references
        to/from the relocated segment(s). If it is turned
        off, the references might be wrong after the move.

 Rebase the whole image

        This option is accessible only if the whole program
        is selected. It allows IDA to adjust internal
        variables on the whole program.

Please note rebasing the program might remove user-defined xrefs.

Change segment translation

        call    1000

in the segment C obviously refers to the segment B while the instruction

        call    500

refers to the segment A.

However, IDA does not try to link these references unless you tell it to do so: include the segments A and B into a translation list of the segment C. It means that you have to create a translation list

        A B

for the segment C.

Below is a more complicated example:

                start   end
        A       0000    1000
        B       1000    2000
        C       1000    2000
        D       3000    4000
        E       3000    4000

translations

        B:      A
        C:      A
        D:      A B
        E:      A C

allow you to emulate overlays (the first set is A B D, the second A C E)

IMPORTANT NOTE1: If you use the segment translations, make sure that all segments have unique segment bases. If two segments are placed in the linear address space so that they must have the same segment base, you may assign different selectors with equal values to them.

IMPORTANT NOTE2: IDA supports only one translation list per segment. This translation is applied by default to all instruction in the segment. If the segment uses other mappings, then these individual mappings can be specified for each instruction separately by using the make offset commands.

IMPORTANT NOTE3: Since only code references are affected by the segment translations, try to create the RAM segment at its usual place (i.e. its linear address in IDA corresponds to its address in the processor memory). This will make all data references to it to be correct without any segment translation. For the data references to other segments you'll need to use the make offset command for each such reference.

See also

Set Default Segment Register Value

Action    name: SetSegmentRegisterDefault

Relevant only for processors with the segment registers.

You can specify a default value of a segment register for the current segment. When you change the default value, IDA will reanalyze the segment, taking the default value when it cannot determine the actual value of the register. This takes time, so do not be surprised if references are not corrected immediately.

To specify a value other than the default value of a segment register, you can use change segment register value command.

See also How to enter segment value

Change Segment Register Value

 Action    name: SetSegmentRegister

Relevant only for processors with the segment registers. Currently this command works for IBM PC, TMS320C2, Intel80196, and PowerPC processors.

This command creates or updates a segment register change point.

See jump to segment register change point for more info.

ALPHA DISASSEMBLY

For Alpha processors, the user must enter the difference between the real GP value and the start of the GOT (global offset table). For example:

         .got
         ....
         ; gp points here
 label:

If you want to specify that a register points to "label", you must calculate and enter the difference "label-.got" as the register value.

ARM DISASSEMBLY

The ARM processor module has a virtual segment register T which reflects the state of the T bit of the processor state register (PSR). Therefore, the value of this register controls THUMB/ARM mode. If its value is not zero, then the disassembly will be in the thumb mode.

POWER PC DISASSEMBLY

For PowerPC processors, the user must enter an offset from the beginning of the TOC to the TOC entry which contains the address of the target. An example:

 TOC:    .toc
         ....
 sometc: .tc sometc[tc], datachunk

If you want to specify that a register points to "datachunk", you must calculate and enter the difference "sometc-TOC" as the register value. You can change the TOC value in the processor specific options (which is accessible from the analysis options).

INTEL 80196 DISASSEMBLY

For Intel 80196NP/NU processors, the user must enter the value of WSR or WSR1 register. IDA will automatically take the new value into account.

See also:

Segment Register Change Points

When IDA encounters an instruction which changes a segment register, it creates a segment register change point. So, mostly change points are maintained by IDA itself. IDA assumes that the segment registers do not change their values between change points. If you find out that IDA failed to locate a segment register change, or if you want to change a register value, you can create a change point using Change Segment Register command. You can change the value of a segment register using Set default segment register value command too.

IDA classifies the change points. In the list of the change points, you can see the following postfixes after the register values:

 a (auto)     - Created by IDA. May be changed by IDA afterwards.
 u (by user)  - Created by user. IDA will not change it.

IDA generates the appropriate 'assume' instructions for the change points if it was not disabled by the corresponding command.

Choose segment

IDA can display a list of the program segments. Each segment is represented by a line in the list. Please note that the end address of the segment never belongs to the segment in IDA.

The following segment attributes are visible:

  Name          Segment name
  Start         Virtual start address
  End           Virtual end address (address past the end of the segment)
  R             'R': readable,      '.': not readable,   '?':unknown
  W             'W': writable,      '.': not writable,   '?':unknown
  X             'X': executable,    '.': not executable, '?':unknown
  D             'D': debugger only, '.': regular
  L             'L': created by loader, '.': no
  Align         Segment alignment
  Base          Segment base selector or address
  Type          Segment type
  Class         Segment class
  AD            Segment addressing width

The rest of the columns display the default values of the segment registers for the segment.

By default, the cursor is located on the current segment.

You can use normal cursor movement keys and the mouse. You can also search for the segment by pressing Alt-T, or directly jump to the desired line by typing in its number.

Press <Enter> to select line, <Esc> to cancel the selection.

Last updated