2

I'm trying to reverse-engineer a function in IDA Pro that was originally identified by IDA as such (I was able to rename it into Device_CreateCloseIoControl):

enter image description here

but I know that this function was originally compiled as this:

enter image description here

where DEVICE_OBJECT and IRP structs are defined in wdm.h from Windows Driver Kit.

So I'm curious, is there a way to rename this function to make IDA use those custom types? (Included in a specific header file.)

c00000fd
  • 1,659
  • 3
  • 25
  • 41

1 Answers1

2

To do this you need to do the following:

  1. Define or import structures involved in function definition if not defined yet. You can add a structure via Structures window (View-->Open Subviews-->Structures, or Shift-F9) , import the header file via File-->Load file-->Parse C header file, or Ctrl-F9 (this will also import typedefs if needed) or use a type library as described in How to import Windows DDK headers into IDA? .
  2. After that you should locate cursor at the function definition, press Y and enter C function prototype as it stated in the function definition.

Good luck.

Community
  • 1
w s
  • 8,458
  • 1
  • 24
  • 40