IDA Pro Labeling struct

Hi Everybody

In this post, I am going to write about labeling c struct which improve our assembly reading which make easier to do interpretation.

I am going to use the C code below

We see from the above code that we are using a C struct called bodyType which has two field those are weight and height. Both of the field is integer.

Here is the assembly code

we can see that in the setdata function IDA does not recognize the struct that we defined in C code. In order to improve our reading, we can define a struct in IDA so that IDA can recognize it.

First what you need to do is recognize where is the first object initiation. In the above code sample in setdata function we can see person is passed variable which is assigned address after EBP.

We can add new struct in IDA by going to struct window and press Ins or right click add struct type

A dialog box will appear like below, there you can add new struct name that you want to use

After you press OK button, You can see the struct skeleton appear like the picture above

Now to add field then you can press D. You can change the field name by pressing N.

there are three types of declaration
dd = Defined Double Word 4 Bytes in x86 32 bit system
db = Defined Byte 8 bits
dw = Defined Words = Generally 2 bytes on typical x86 32 bits system

So based on our observation that our data are integer then dd is good enough 4 Bytes

OK.. after we defined our struct declaration then we can assign our code to struct by pressing T to the code

You can select MyStruct.Weight+4 then the code will be changed to become like this below. Basically IDA will detect that when EAX is MyStruct then EAX + 4 it means it will suggest us field with offset 4 that is height as seen below