IDA uses mostly standard C (and basic C++) syntax, but it also supports some extensions, in particular to represent low-level details which are not necessary for “standard” C code but are helpful for real-life binary code analysis. We’ve already covered custom types and calling conventions, but there are more extensions you may use or encounter.
Function attributes
The following attributes may be used in function prototypes:
__pure: a pure function (always returns the same result for same inputs and does not
affect memory in a visible way);__noreturn: function does not return to the caller;__usercallor__userpurge: user-defined calling convention (see previous post);__spoils: explicit spoiled registers specification (see previous post);__attribute__((format(printf,n1,n2))): variadic function with a printf-style format string in argument at position n1 and variadic argument list at position n2.
Argument attributes
These attributes can often appear when IDA lowers a user-provided prototype to represent the actual low-level details of argument passing.
__hidden: the argument was not present in source code (for example the implicitthispointer in C++ class methods).__return_ptr: hidden argument used for the return value (implies__hidden);__struct_ptr: argument was originally a structure value;__array_ptr: argument was originally an array (arrays ;__unused: unused function argument.
For example, if s1 is a structure of 16 bytes, then the following prototype:
struct s1 func();
will be lowered by IDA to:
struct s1 *__cdecl func(struct s1 *__return_ptr __struct_ptr retstr);
Other attributes
__cppobj: used for structures representing C++ objects; some layout details change if this attribute is used (e.g. treatment of empty structs or reuse of end-of-struct padding in inheritance);__ptr32,__ptr64: explicitly-sized pointers;__shifted: a pointer which points not at the start of an object but some location inside or before it.
See also: Set function/item type in IDA Help.