Suppose the source text looked like this:
struct node_t { long id; char *name; long nchild; // number of children long child[]; // children }; node_t n0 = { 0, "first", 2, { 1, 2 } }; node_t n1 = { 1, "second", 1, { 3 } }; node_t n2 = { 2, "third", 1, { 4 } }; node_t n3 = { 3, "fourth", 0, }; node_t n4 = { 4, "fifth", 0, };
Note that the length of the last field of the structure is not specified. In order to be able to create structures like this in a disassembly we must create a special kind of structure – a variable sized structure. A variable sized structure is created just as a normal structure is. The only difference is that the last member of the structure should be declared as an array with zero elements. (Just a reminder: arrays are declared with an * hotkey). Here is a sample variable sized structure definition:
Now we may switch to the disassembly window (or just close the enumeration window by pressing Alt-F3). In order to apply the defined structure we use Edit|Structs|Declare struct var. But since the structure size cannot be calculated by IDA we need to specify the desired structure size by selecting an area to convert to a structure. Another way to specify the size of a structure would be to use * hotkey. In all cases you need to tell IDA the exact size of a variable sized structure. The initial disassembly will evolve from this to this:
That’s all folks !