位字段详解
本文详细介绍了位字段的概念及其在IDA中的应用。位字段是一种特殊的枚举类型,将32位分成多个组,定义符号常量时需指定其所属的位组。通过示例展示了如何设置位字段及掩码名称,并解释了在程序中使用位字段的方法。
Bitfields
There is a special kind of enums:
bitfields. A bitfield is an enum where the 32bits are divided into groups.
When you define a new symbolic constant in a bitfield, you need to specify
the group to which the constant will belong to.
By default, IDA proposes groups containing one bit each.
If a group is not defined yet, it is automatically created
when the first constant in the group is defined. For example:
name CONST1 value 0x1 mask 0x1
will define a constant named CONST1 with value 1 and will create a group containing only one bit.
Another example. Let's consider the following definitions:
#define OOF_SIGNMASK 0x0003 #define OOFS_IFSIGN 0x0000 #define OOFS_NOSIGN 0x0001 #define OOFS_NEEDSIGN 0x0002 #define OOF_SIGNED 0x0004 #define OOF_NUMBER 0x0008 #define OOF_WIDTHMASK 0x0030 #define OOFW_IMM 0x0000 #define OOFW_16 0x0010 #define OOFW_32 0x0020 #define OOFW_8 0x0030 #define OOF_ADDR 0x0040 #define OOF_OUTER 0x0080 #define OOF_ZSTROFF 0x0100
How do we describe this?
name value mask maskname OOFS_IFSIGN 0x0000 0x0003 OOF_SIGNMASK OOFS_NOSIGN 0x0001 0x0003 OOF_SIGNMASK OOFS_NEEDSIGN 0x0002 0x0003 OOF_SIGNMASK OOF_SIGNED 0x0004 0x0004 OOF_NUMBER 0x0008 0x0008 OOFW_IMM 0x0000 0x0030 OOF_WIDTHMASK OOFW_16 0x0010 0x0030 OOF_WIDTHMASK OOFW_32 0x0020 0x0030 OOF_WIDTHMASK OOFW_8 0x0030 0x0030 OOF_WIDTHMASK OOF_ADDR 0x0040 0x0040 OOF_OUTER 0x0080 0x0080 OOF_ZSTROFF 0x0100 0x0100
If a mask consists of more than one bit, it can have a name and a comment.
A mask name can be set when a constant with the mask is being defined.
IDA will display the mask names in a different color.
In order to use a bitfield in the program, just convert an instruction operand to enum.
IDA will display the operand like this:
mov ax, 70h
will be replaced by
mov ax, OOFS_IFSIGN or OOFW_8 or OOF_ADDR
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
