State-of-the-art binary code analysis tools

Last time we used operand types to make a function more readable and understand its behavior better. Converting operands one by one is fine if you need to do it a few times, but can quickly get tedious if you need to do it for a long piece of code.

En masse operation

To convert operands of several instruction at once, select them before triggering the operation (either using the corresponding hotkey (e.g. R), or from the Edit > Operand type menu.

If you have a selection when triggering one of these actions, it won’t be performed immediately but another dialog will pop up first:

Here, you can tell IDA which operands you want to actually convert. The following options are available:

  • All operands: all operands of selected instructions will be converted to the selected type (or back to the default/number type if they already had the chosen type);
  • Operand value range: only operands with values between Lower value and Upper value below will be converted. For example, you could enter ‘0x20’ and ‘0x7F’ to have IDA only consider single ASCII characters like the last example from the previous post;
  • <type> operands: only convert operands which already have the selected type (they will be converted back to the default/number type);
  • Not <type> operands: only convert operands not already having the selected type. Both untyped and having another type (e.g. decimal/enum/offset) operands will be converted to the desired type;
  • Not typed operands: only convert operands not assigned a specific type (default/number). All operands already having an assigned type will be left as is.

P.S. you can use this feature not only with instructions but also data. For example, for converting several separate integers in the data section to decimal or octal. In such case, the ‘operands’ will be the data items.

See also: IDA Help: Perform en masse operation