7

Currently I'm reversing a Windows driver, and there are a lot of structs IDA doesn't automatically recognize, which means I have to import them manually by parsing C header files.

However, there are way too many nested structs/unions and I have to modify each one so IDA can parse it correctly. They go so deep, they make me spend more time on adding structs rather than actually reversing.

Is there any way of doing this?

I did try parsing the file I need with Ctrl+F9, but IDA doesn't understand stuff like e.g. #includes and errors, making this option impossible to use

rev
  • 1,293
  • 12
  • 22

2 Answers2

10

View->Open subviews->Type Libraries (Shift-F11), right click, Load Type Library..., wdk8_km.

Igor Skochinsky
  • 36,553
  • 7
  • 65
  • 115
7

Create an empty file, include whatever headers you want, add a DriverEntry and compile with debug symbols enabled and no optimization. Now load the test driver into IDA. If done correctly, All types should be available. You should be able to export all types via File->Produce File->Dump typeinfo to IDC file... then load the script back File->Script File....

Ahmed Abdelfattah
  • 96
  • 4
  • Very smart trick! This time I will go with Igor's answer but you definitely have my upvote, as that could work even if IDA doesn't support the type library I need. – rev Jul 31 '16 at 09:33