IDA pro将操作数转换为结构偏移量（Convert operand to structure offset）

Action    name: OpStructOffset

GUI version:
------------
This command pertmits to convert all immediate operands of instructions in a range selection to a path of offsets through a structure and its possible sub unions. If no selection is active, IDA will simply permit to convert the current operand. In this case, it will display a simple dialog box the same way as the text version (see below).
You can select the desired register in the drop-down list: all operands relative to this register will be added to the 'Offsets' list. A special empty line in the drop-down list is used to directly work on immediate values. Checkboxes in the 'Offsets' list allow you to select which operand you indeed want to modify. By default, IDA will select only undefined operands, to avoid overwriting previous type definitions. This list is sorted by operand value, by instruction address and finally by operand number. You can easily see the instructions related to the operand by moving the mouse over it, and wait for a hint to be displayed.

The 'Structures and Unions' tree will contain all selectable structures, and sub unions. Once you select or move over a structure, the 'Offsets' list updates itself for each checked offset: the computed name of the operand is displayed, according to the selected structure in the tree. An icon is also drawn, to easily know if a specific structure matchs the offset or not, or if the offset is too big for the selected structure. The structures who match the most offsets will be near the top of the tree. You can also move your mouse over structures in the tree to obtain an interesting hint.

A '?' icon can also appear, if the offset can be specialized by selecting an union member. In this case, if you expand the structure in the tree, you can select the adequate union member simply by checking the desired radio button. IDA automatically corrects the related name in the 'Offsets' list.

The 'Offset delta' value represents the difference between the structure start and the pointer value. For example, if you have an operand 4 and want to convert in into an expression like "mystruct.field_6-2", then you have to enter 2 as the delta. Usually the delta is zero, i.e. the pointer points to the start of the structure.

The 'Hide sub structures without sub unions' option (checked by default) avoids to add unnecessary sub structures to the tree, to keep it as small as possible. If you uncheck this option, all sub structures will be added to the tree.

By default, IDA displays the structure member at offset 0. To change this behaviour, you can directly disable the 'Force zero offset field' in the 'Options' frame. Later zero offsets can be forced using Edit, Structs, Force zero offset menu item.

Text version:
-------------
This command converts immediate operand(s) type of the current instruction/data to an offset within the specified structure. Before using this command, you have to define a structure type.
First of all, IDA will ask a so-called "struct offset delta". This value represents the difference between the structure start and the pointer value. For example, if you have an operand 4 and want to convert in into an expression like "mystruct.field_6-2", then you have to enter 2 as the delta. Usually the delta is zero, i.e. the pointer points to the start of the structure.

If a range is selected using the anchor, IDA will perform 'en masse' conversion. It will convert immediate operands of all instructions in the selected range to offsets. However, IDA will ask you first the lower and upper limits of immediate operand value. If the an operand value is >= lower limit and <= upper limit then the operand will be converted to offset, otherwise it will be left unmodified.

When you use this command, IDA deletes the manually entered operand.

If the cursor is on the first operand (the cursor is before ',') then the first operand will be affected; otherwise, all other operands will be affected.

By default IDA doesn't display the structure member at offset 0. To change this behaviour, use Force zero field offset command.

Moreover, if there are several possible representations (this can happen if unions are used), select the desired representation using the Select union member... command.

See also:

         offset by data segment/no
         offset by current segment
         offset by any segment
         offset by any user-specified base
         Edit|Operand types|Offset submenu.
         Enter #th operand manually command.
         Set operand type
 

中文翻译：

操作名称：OpUserOffset
此命令将当前指令/数据的立即数转换为复杂的偏移量表达式。

请单击此处了解有关复杂偏移量的详细信息。

如果使用锚点选择了一个范围，IDA将执行“批量”转换。它将把所
选范围内的所有指令的立即数转换为偏移。然而，IDA将首先询问即时操作数值的下限和上限。如果某个操作数的值为>=下限和<=上限，则该操作数将转换为偏移量，否则将保持不变。

如果光标位于第一个操作数上（光标在“，”之前），
则第一个操作数会受到影响；否则，所有其他操作数都将受到
影响。

如果偏移基址指定为0xFFFFFFFF，则IDA将创建“自动偏移”。自动偏移意味着基址的实际值将由IDA计算。

以下偏移属性可用：

如果选中，则将基址视为纯数字，IDA将将基址视作数字。在这种情况下，IDA不会创建对它的交叉引用，并且基地址将打印为数字，而不是偏移量表达式。

偏移点经过主对象

此类型的偏移点经过对象终点。它们不会导致创建/删除对象。

使用图像基准作为偏移基准

这些偏移是基于图像基准的。没有必要明确指定偏移基准。这些偏移量以简洁的形式显示：rva-func
而不是offset func-imagebase
如果您打算重新组装输出文件，请执行以下IDC语句：set_inf_attr（inf_GENFLAGS，get_inf_aattr（inf-GENFLAGS）&~INFFL_ALLSM）；

减去操作数值

当操作数值应
从基数减去以获得目标地址时，使用此选项。在这种情况下，显示的表达式将显示为偏移基目标，而不是通常的偏移基目标有

符号操作数。

如果操作数应解释为有符号值，请使用此选项。此选项仅适用于OFF_REF8、OFF_REF16、OFF_REF32和OFF_REF64偏移类型。

操作数值0无效

如果操作数值为0，则该值将以红色突出显示。

操作数值NOT 0无效

如果该操作数值是零的补码（即所有位都已设置），则该数值将以红色高亮显示。例如，操作数值0xFFFF的OFF_REF16将无效。

使用当前地址作为偏移基

偏移基是动态计算的，等于当前元素的地址：-对于独立项：其起始地址-对于数组：数组元素的起始位置-对于结构：结构字段的起始位置偏移表达式以以下简明形式显示：offset target-$，其中“$”表示元素的开始（与汇编程序相关）。

要创建结构成员的偏移量，请使用“

转换为结构偏移量”命令。另请参阅：按数据段偏移量/按当前段无偏移量编辑|操作数类型|偏移量子菜单。
手动输入第#个操作数命令。设置操作数类型