Reputation: 299
IDA 6.9 IDC AddStrucMember
In IDA if I change the type of a struct member (using D hotkey) and dump to idc database in that IDC file it correctly produces an AddStrucMember command for that member.
The problem is that if I change that member again (still with D) and then load the previously produced IDC script it fails to return said member to its original state.
Upvotes: 0
Views: 819
Answers (1)
Reputation: 8176
Test
Testing with a dummy struct :
00000000 FooTest struc ; (sizeof=0x8, mappedto_126)
00000000 f0 dd ?
00000004 f2 dd ?
00000008 FooTest ends
Export it to IDC (File > Produce File > Dump typeinfo to IDC file...)
Change to the following:
00000000 FooTest struc ; (sizeof=0x8, mappedto_126)
00000000 f0 dw ?
00000002 f1 dw ?
00000004 f2 dd ?
00000008 FooTest ends
Reloading the idc file doesn't change anything...
Check
Checking with python:
Python>id = GetStrucIdByName("FooTest");
Python>id
18374686479671636282
Python>mid = AddStrucMember(id,"f0", 0, 0x20000400, -1, 4)
Python>mid
-2
According to the documentation, -2 is an error :
STRUC_ERROR_MEMBER_OFFSET (-2) // already has member at this offset
Possible solution
So, the best option is to delete the existing struct, you can use the del key on the struct window or python / idc with DelStruc:
Python>id = GetStrucIdByName("FooTest")
Python>id
18374686479671636398
Python>r = DelStruc(id)
Python>r
True
And then reload the (backup) idc file.
The struct is back, as saved (notice the mappedto_xxx has changed):
00000000 FooTest struc ; (sizeof=0x8, mappedto_127)
00000000 f0 dd ?
00000004 f2 dd ?
00000008 FooTest ends
Upvotes: 1
Related Questions
- IDA Free truncated strings?
- Setting an IDA function pointer in a struct via script
- Ida IDC equivalent of GDB /x and gdb /p, accessing pointer at address and IDA syntax quirks
- IDA configuration for existing idb
- IDA "call offset"
- IDA overwrite String
- How to get the version of IDA Pro use IDC or IDAPython?
- Ida Pro 6.9 crash
- IDA Pro string function