Access to stack or globally allocated structures looks quite different than access to
dynamically allocated structures. Listing 13-6 shows that main contains a local, stack allocated
structure declared at line 10. Lines 16 and 17 of main reference fields in this local
structure. These correspond to lines 40 and 44 in the assembly Listing 13-7. While we can
see that line 44 references memory that is 80 bytes ([ebp-96+80] == [ebp-16]) after the
reference at line 40, we don??™t get a sense that the two references belong to the same structure.
This is because the compiler can compute the address of each field (as an absolute
address in a global variable, or a relative address within a stack frame) at compile time,
whereas access to fields in dynamically allocated structures must always be computed at
runtime because the base address of the structure is not known at compile time.
Using IDA Structures to View Program Headers
In addition to enabling you to declare your own data structures, IDA contains a large
number of common data structure templates for various build environments, including
standard C library structures and Windows API structures. An interesting example use of
these predefined structures is to use them to examine the program file headers which, by
default, are not loaded into the analysis database.
Pages:
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578