State-of-the-art binary code analysis tools

In one of the  previous posts, we’ve discussed how to edit types of functions and variables used in the pseudocode. In most cases, you can use the standard C types: char, int, long and so on. However, there may be situations where you need a more specific type. Decompiler may also generate such types itself so recognizing them is useful. The following custom types may appear in the pseudocode or used in variable and function types:

Explicitly-sized integer types

  • __int8 – 1-byte integer (8 bits)
  • __int16 – 2-byte integer (16 bits
  • __int32 – 4-byte integer (32 bits)
  • __int64 – 8-byte integer (64 bits)
  • __int128 – 16-byte integer (128 bits)

Explicitly-sized boolean types

  • _BOOL1 – boolean type with explicit size specification (1 byte)
  • _BOOL2 – boolean type with explicit size specification (2 bytes)
  • _BOOL4 – boolean type with explicit size specification (4 bytes)

Regardless of size, values of  these types are treated in the same way: 0 is considered false and all other values true.

Unknown types

  • _BYTE – unknown type; the only known info is its size: 1 byte
  • _WORD – unknown type; the only known info is its size: 2 bytes
  • _DWORD – unknown type; the only known info is its size: 4 bytes
  • _QWORD – unknown type; the only known info is its size: 8 bytes
  • _OWORD – unknown type; the only known info is its size: 16 bytes
  • _TBYTE – 10-byte  floating point (x87 extended precision 80-bit value)
  • _UNKNOWN – no info is available about type or size (usually only appears in pointers)

Please note that these types are not equivalent to the similarly-looking Windows data types and may appear in non-Windows programs.

More info: Set function/item type in IDA Help.