types
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseThis skill is the authoritative reference for IDA's type system as exposed through idasql. For annotation workflows that use types, see . For decompiler-specific type interactions (ctree, lvars, union selection, numform), see .
annotationsdecompiler本技能是通过idasql暴露的IDA类型系统的权威参考。对于使用类型的标注工作流,请查看技能。针对反编译器特有的类型交互(ctree、lvars、union选择、numform),请查看技能。
annotationsdecompilerTrigger Intents
触发场景
Use this skill when user asks to:
- create/edit structs, unions, enums, typedefs
- inspect function prototype argument types
- resolve hidden pointer/typedef behavior
- apply or refine recovered data models
Route to:
- for expression-level type context
decompiler - for applying and documenting type decisions
annotations - for recursive structure-recovery workflows
re-source
当用户提出以下需求时使用本技能:
- 创建/编辑struct、union、enum、typedef
- 检查函数原型的参数类型
- 解析隐藏的指针/typedef行为
- 应用或优化已恢复的数据模型
相关技能路由:
- 如需表达式级别的类型上下文,请使用技能
decompiler - 如需应用并记录类型决策,请使用技能
annotations - 如需递归结构恢复工作流,请使用技能
re-source
Do This First (Warm-Start Sequence)
初始操作(快速启动流程)
sql
-- 1) Inventory local types
SELECT ordinal, name, kind, size
FROM types
ORDER BY ordinal
LIMIT 30;
-- 2) Large/high-signal structs
SELECT name, size
FROM types
WHERE is_struct = 1
ORDER BY size DESC
LIMIT 20;
-- 3) Prototype introspection sample
SELECT type_name, arg_index, arg_name, arg_type
FROM types_func_args
WHERE arg_index >= 0
LIMIT 40;Interpretation guidance:
- Start with inventory and prioritize large/high-fanout types.
- Use resolved fields for typedef-aware reasoning.
types_func_args
sql
-- 1) 盘点本地类型
SELECT ordinal, name, kind, size
FROM types
ORDER BY ordinal
LIMIT 30;
-- 2) 大型/高关联度结构体
SELECT name, size
FROM types
WHERE is_struct = 1
ORDER BY size DESC
LIMIT 20;
-- 3) 函数原型检查示例
SELECT type_name, arg_index, arg_name, arg_type
FROM types_func_args
WHERE arg_index >= 0
LIMIT 40;解读指南:
- 从类型盘点开始,优先处理大型/高引用类型。
- 使用的解析字段进行支持typedef的推理。
types_func_args
Failure and Recovery
故障排查与恢复
- Type insert/update failed:
- Validate declaration syntax and target ordinal/name existence.
- Conflicting/incomplete type picture:
- Correlate with (
decompiler, call args) before committing changes.ctree_lvars
- Correlate with
- Unexpected disassembly rendering:
- Re-check operand format settings and applied declarations.
- 类型插入/更新失败:
- 验证声明语法和目标序号/名称是否存在。
- 类型冲突/信息不完整:
- 在提交更改前,结合技能(
decompiler、调用参数)进行关联分析。ctree_lvars
- 在提交更改前,结合
- 反汇编显示异常:
- 重新检查操作数格式设置和已应用的声明。
Handoff Patterns
技能交接模式
- ->
typesto validate semantic effect in pseudocode.decompiler - ->
typesfor naming/comments on newly typed fields.annotations - ->
typesfor multi-function struct refinement.re-source
- ->
types:验证伪代码中的语义效果。decompiler - ->
types:为新添加的类型字段命名/添加注释。annotations - ->
types:多函数结构体优化。re-source
Type Tables
类型表
local_types
local_types
Local type declarations as stored in the database.
Use this for quick inventory/filtering of local types; use tables for deeper editing workflows.
types*| Column | Type | Description |
|---|---|---|
| INT | Type ordinal (local type ID) |
| TEXT | Type name |
| TEXT | Declared type text |
| INT | 1=struct |
| INT | 1=enum |
| INT | 1=typedef |
sql
-- Quick local type inventory
SELECT ordinal, name, type FROM local_types ORDER BY ordinal LIMIT 50;For canonical schema and owner mapping, see ().
../connect/references/schema-catalog.mdlocal_types存储在数据库中的本地类型声明。
用于快速盘点/筛选本地类型;如需深度编辑工作流,请使用系列表。
types*| 列名 | 类型 | 描述 |
|---|---|---|
| INT | 类型序号(本地类型ID) |
| TEXT | 类型名称 |
| TEXT | 声明的类型文本 |
| INT | 1=结构体 |
| INT | 1=枚举 |
| INT | 1=类型定义 |
sql
-- 快速盘点本地类型
SELECT ordinal, name, type FROM local_types ORDER BY ordinal LIMIT 50;如需完整模式和所有者映射,请查看中的部分。
../connect/references/schema-catalog.mdlocal_typestypes
types
All local type definitions. Supports INSERT (create struct/union/enum), UPDATE, and DELETE.
| Column | Type | Description |
|---|---|---|
| INT | Type ordinal (unique identifier) |
| TEXT | Type name |
| INT | Size in bytes |
| TEXT | struct/union/enum/typedef/func |
| INT | 1=struct |
| INT | 1=union |
| INT | 1=enum |
sql
-- List all structs
SELECT ordinal, name, size FROM types WHERE is_struct = 1 ORDER BY size DESC;
-- List all enums
SELECT ordinal, name FROM types WHERE is_enum = 1;
-- Find types by name pattern
SELECT * FROM types WHERE name LIKE '%CONTEXT%';所有本地类型定义。支持INSERT(创建struct/union/enum)、UPDATE和DELETE操作。
| 列名 | 类型 | 描述 |
|---|---|---|
| INT | 类型序号(唯一标识符) |
| TEXT | 类型名称 |
| INT | 字节大小 |
| TEXT | struct/union/enum/typedef/func |
| INT | 1=结构体 |
| INT | 1=联合体 |
| INT | 1=枚举 |
sql
-- 列出所有结构体
SELECT ordinal, name, size FROM types WHERE is_struct = 1 ORDER BY size DESC;
-- 列出所有枚举
SELECT ordinal, name FROM types WHERE is_enum = 1;
-- 按名称模式查找类型
SELECT * FROM types WHERE name LIKE '%CONTEXT%';Creating Types
创建类型
sql
-- Create a struct
INSERT INTO types (name, kind) VALUES ('MY_HEADER', 'struct');
-- Create a union
INSERT INTO types (name, kind) VALUES ('PARAM_UNION', 'union');
-- Create an enum
INSERT INTO types (name, kind) VALUES ('CMD_TYPE', 'enum');
-- Verify creation (get the assigned ordinal)
SELECT ordinal, name, kind FROM types WHERE name = 'MY_HEADER';sql
-- 创建结构体
INSERT INTO types (name, kind) VALUES ('MY_HEADER', 'struct');
-- 创建联合体
INSERT INTO types (name, kind) VALUES ('PARAM_UNION', 'union');
-- 创建枚举
INSERT INTO types (name, kind) VALUES ('CMD_TYPE', 'enum');
-- 验证创建结果(获取分配的序号)
SELECT ordinal, name, kind FROM types WHERE name = 'MY_HEADER';Deleting Types
删除类型
sql
-- Delete a type by name
DELETE FROM types WHERE name = 'MY_HEADER';
-- Delete by ordinal
DELETE FROM types WHERE ordinal = 42;sql
-- 按名称删除类型
DELETE FROM types WHERE name = 'MY_HEADER';
-- 按序号删除类型
DELETE FROM types WHERE ordinal = 42;types_members
types_members
Structure and union members. Supports INSERT, UPDATE, and DELETE.
| Column | Type | Description |
|---|---|---|
| INT | Parent type ordinal |
| TEXT | Parent type name |
| TEXT | Member name |
| INT | Byte offset |
| INT | Member size |
| TEXT | Type string (e.g., |
| INT | 1=pointer |
| INT | 1=array |
| INT | 1=embedded struct |
sql
-- View members of a struct
SELECT member_name, member_type, offset, size
FROM types_members WHERE type_name = 'MY_HEADER'
ORDER BY offset;
-- Add members (member_type supports: int, void *, char[64], etc.)
INSERT INTO types_members (type_ordinal, member_name, member_type)
VALUES (42, 'magic', 'unsigned int');
INSERT INTO types_members (type_ordinal, member_name, member_type)
VALUES (42, 'data_ptr', 'void *');
-- Rename/retype a member
UPDATE types_members SET member_name = 'signature'
WHERE type_ordinal = 42 AND member_name = 'magic';
UPDATE types_members SET member_type = 'DWORD'
WHERE type_ordinal = 42 AND member_name = 'signature';
-- Delete a member
DELETE FROM types_members
WHERE type_ordinal = 42 AND member_name = 'reserved';结构体和联合体成员。支持INSERT、UPDATE和DELETE操作。
| 列名 | 类型 | 描述 |
|---|---|---|
| INT | 父类型序号 |
| TEXT | 父类型名称 |
| TEXT | 成员名称 |
| INT | 字节偏移量 |
| INT | 成员大小 |
| TEXT | 类型字符串(例如: |
| INT | 1=指针类型 |
| INT | 1=数组类型 |
| INT | 1=嵌入式结构体 |
sql
-- 查看结构体成员
SELECT member_name, member_type, offset, size
FROM types_members WHERE type_name = 'MY_HEADER'
ORDER BY offset;
-- 添加成员(member_type支持:int, void *, char[64]等)
INSERT INTO types_members (type_ordinal, member_name, member_type)
VALUES (42, 'magic', 'unsigned int');
INSERT INTO types_members (type_ordinal, member_name, member_type)
VALUES (42, 'data_ptr', 'void *');
-- 重命名/修改成员类型
UPDATE types_members SET member_name = 'signature'
WHERE type_ordinal = 42 AND member_name = 'magic';
UPDATE types_members SET member_type = 'DWORD'
WHERE type_ordinal = 42 AND member_name = 'signature';
-- 删除成员
DELETE FROM types_members
WHERE type_ordinal = 42 AND member_name = 'reserved';types_enum_values
types_enum_values
Enum constant values. Supports INSERT, UPDATE, and DELETE.
| Column | Type | Description |
|---|---|---|
| INT | Enum type ordinal |
| TEXT | Enum name |
| TEXT | Constant name |
| INT | Constant value |
sql
-- View enum values
SELECT value_name, value FROM types_enum_values
WHERE type_name = 'CMD_TYPE'
ORDER BY value;
-- Add enum values (optional comment column supported)
INSERT INTO types_enum_values (type_ordinal, value_name, value)
VALUES (50, 'CMD_INIT', 0);
INSERT INTO types_enum_values (type_ordinal, value_name, value)
VALUES (50, 'CMD_READ', 1);
-- Rename / delete enum values
UPDATE types_enum_values SET value_name = 'CMD_OPEN'
WHERE type_ordinal = 50 AND value_name = 'CMD_INIT';
DELETE FROM types_enum_values
WHERE type_ordinal = 50 AND value_name = 'CMD_READ';枚举常量值。支持INSERT、UPDATE和DELETE操作。
| 列名 | 类型 | 描述 |
|---|---|---|
| INT | 枚举类型序号 |
| TEXT | 枚举名称 |
| TEXT | 常量名称 |
| INT | 常量值 |
sql
-- 查看枚举值
SELECT value_name, value FROM types_enum_values
WHERE type_name = 'CMD_TYPE'
ORDER BY value;
-- 添加枚举值(支持可选注释列)
INSERT INTO types_enum_values (type_ordinal, value_name, value)
VALUES (50, 'CMD_INIT', 0);
INSERT INTO types_enum_values (type_ordinal, value_name, value)
VALUES (50, 'CMD_READ', 1);
-- 重命名/删除枚举值
UPDATE types_enum_values SET value_name = 'CMD_OPEN'
WHERE type_ordinal = 50 AND value_name = 'CMD_INIT';
DELETE FROM types_enum_values
WHERE type_ordinal = 50 AND value_name = 'CMD_READ';types_func_args
types_func_args
Function prototype arguments with deep type classification.
| Column | Type | Description |
|---|---|---|
| INT | Function type ordinal |
| TEXT | Function type name |
| INT | Argument index (-1 = return type, 0+ = args) |
| TEXT | Argument name |
| TEXT | Argument type string |
| TEXT | Calling convention (on return row only) |
带有深度类型分类的函数原型参数。
| 列名 | 类型 | 描述 |
|---|---|---|
| INT | 函数类型序号 |
| TEXT | 函数类型名称 |
| INT | 参数索引(-1 = 返回类型,0+ = 参数) |
| TEXT | 参数名称 |
| TEXT | 参数类型字符串 |
| TEXT | 调用约定(仅返回行包含) |
Surface-Level Type Classification
表层类型分类
Literal type as written — what you see in the declaration:
| Column | Description |
|---|---|
| 1 if pointer type |
| 1 if exactly |
| 1 if int-like (int, long, short, char, bool) |
| 1 if float/double |
| 1 if void |
| 1 if struct/union |
| 1 if array |
| Pointer depth (int** = 2) |
| Type with pointers stripped |
声明中显示的字面类型——即你在声明中看到的内容:
| 列名 | 描述 |
|---|---|
| 1表示指针类型 |
| 1表示恰好是 |
| 1表示类int类型(int、long、short、char、bool) |
| 1表示float/double类型 |
| 1表示void类型 |
| 1表示struct/union类型 |
| 1表示数组类型 |
| 指针深度(int** = 2) |
| 去除指针后的基础类型 |
Resolved Type Classification
解析后类型分类
After typedef resolution — what the type actually is:
| Column | Description |
|---|---|
| 1 if resolved type is pointer |
| 1 if resolved type is exactly int |
| 1 if resolved type is int-like |
| 1 if resolved type is float/double |
| 1 if resolved type is void |
| Pointer depth after resolution |
| Resolved type with pointers stripped |
This dual classification is critical for typedef-aware queries. For example, appears as non-pointer at surface level but resolves to .
HANDLEvoid *sql
-- Typedefs that hide pointers (HANDLE, HMODULE, etc.)
SELECT DISTINCT type_name, arg_type, base_type_resolved
FROM types_func_args
WHERE is_ptr = 0 AND is_ptr_resolved = 1;
-- Functions with struct parameters
SELECT type_name, arg_name, arg_type FROM types_func_args
WHERE arg_index >= 0 AND is_struct = 1;For more query patterns (string parameters, pointer counts, return type filters), see references/type-patterns.md.
types_func_args解析typedef后的实际类型:
| 列名 | 描述 |
|---|---|
| 1表示解析后的类型是指针 |
| 1表示解析后的类型恰好是int |
| 1表示解析后的类型是类int类型 |
| 1表示解析后的类型是float/double |
| 1表示解析后的类型是void |
| 解析后的指针深度 |
| 解析后去除指针的基础类型 |
这种双重分类对于支持typedef的查询至关重要。例如,在表层显示为非指针类型,但解析后是。
HANDLEvoid *sql
-- 隐藏指针的typedef(HANDLE、HMODULE等)
SELECT DISTINCT type_name, arg_type, base_type_resolved
FROM types_func_args
WHERE is_ptr = 0 AND is_ptr_resolved = 1;
-- 带有结构体参数的函数
SELECT type_name, arg_name, arg_type FROM types_func_args
WHERE arg_index >= 0 AND is_struct = 1;如需更多查询模式(字符串参数、指针计数、返回类型筛选),请查看references/type-patterns.md。
types_func_argsType Views
类型视图
Convenience views for filtering types:
| View | Description |
|---|---|
| |
| |
| |
| |
| |
| Struct/class inheritance relationships (baseclasses from |
用于筛选类型的便捷视图:
| 视图 | 描述 |
|---|---|
| |
| |
| |
| |
| |
| 结构体/类继承关系(来自 |
types_v_inheritance
view
types_v_inheritancetypes_v_inheritance
视图
types_v_inheritanceShows struct/class inheritance relationships extracted from baseclass members.
| Column | Type | Description |
|---|---|---|
| INT | Ordinal of the derived type |
| TEXT | Name of the derived type |
| TEXT | Name of the base type |
| INT | Ordinal of the base type |
| INT | Byte offset of the base within the derived type |
sql
-- Find base classes of a type
SELECT * FROM types_v_inheritance WHERE derived_name = 'MyClass';
-- Recursive ancestors
WITH RECURSIVE ancestors(name, depth) AS (
SELECT base_type_name, 1 FROM types_v_inheritance WHERE derived_name = 'MyClass'
UNION ALL
SELECT i.base_type_name, a.depth + 1
FROM types_v_inheritance i JOIN ancestors a ON i.derived_name = a.name
WHERE a.depth < 10
)
SELECT * FROM ancestors;展示从基类成员中提取的结构体/类继承关系。
| 列名 | 类型 | 描述 |
|---|---|---|
| INT | 派生类型的序号 |
| TEXT | 派生类型的名称 |
| TEXT | 基类类型的名称 |
| INT | 基类类型的序号 |
| INT | 基类在派生类型中的字节偏移量 |
sql
-- 查找某类型的基类
SELECT * FROM types_v_inheritance WHERE derived_name = 'MyClass';
-- 递归查找祖先类
WITH RECURSIVE ancestors(name, depth) AS (
SELECT base_type_name, 1 FROM types_v_inheritance WHERE derived_name = 'MyClass'
UNION ALL
SELECT i.base_type_name, a.depth + 1
FROM types_v_inheritance i JOIN ancestors a ON i.derived_name = a.name
WHERE a.depth < 10
)
SELECT * FROM ancestors;Importing C Declarations (parse_decls)
导入C语言声明(parse_decls)
parse_decls(text)sql
-- Import a simple struct
SELECT parse_decls('
struct MY_HEADER {
unsigned int magic;
unsigned int version;
unsigned int size;
void *data;
};
');
-- Import with pragmas for packing (enums, typedefs, nested unions)
SELECT parse_decls('
#pragma pack(push, 1)
typedef enum operations_e { op_empty=0, op_open=11, op_read=22 } operations_e;
typedef struct command_t { operations_e cmd_id; unsigned __int64 ret; } command_t;
#pragma pack(pop)
');
-- Verify imported types
SELECT name, kind, size FROM types WHERE name IN ('command_t', 'operations_e');For a full multi-struct example with nested unions, see references/type-patterns.md.
parse_declsparse_decls(text)sql
-- 导入简单结构体
SELECT parse_decls('
struct MY_HEADER {
unsigned int magic;
unsigned int version;
unsigned int size;
void *data;
};
');
-- 导入带打包指令的声明(枚举、typedef、嵌套联合体)
SELECT parse_decls('
#pragma pack(push, 1)
typedef enum operations_e { op_empty=0, op_open=11, op_read=22 } operations_e;
typedef struct command_t { operations_e cmd_id; unsigned __int64 ret; } command_t;
#pragma pack(pop)
');
-- 验证导入的类型
SELECT name, kind, size FROM types WHERE name IN ('command_t', 'operations_e');如需包含嵌套联合体的完整多结构体示例,请查看references/type-patterns.md。
parse_declsApplying Types to Functions and Variables
将类型应用于函数和变量
Function Prototypes
函数原型
sql
-- Apply type to function via prototype column
UPDATE funcs SET prototype = 'void __fastcall exec_command(command_t *cmd);'
WHERE address = 0x140001BD0;
-- Apply via set_type function
SELECT set_type(0x140001BD0, 'void __fastcall exec_command(command_t *cmd);');
-- Read current type at address
SELECT type_at(0x140001BD0);
-- Clear type (reset to auto-detected)
SELECT set_type(0x140001BD0, '');
-- Re-decompile to see effect
SELECT decompile(0x140001BD0, 1);sql
-- 通过prototype列为函数应用类型
UPDATE funcs SET prototype = 'void __fastcall exec_command(command_t *cmd);'
WHERE address = 0x140001BD0;
-- 通过set_type函数应用类型
SELECT set_type(0x140001BD0, 'void __fastcall exec_command(command_t *cmd);');
-- 读取地址处的当前类型
SELECT type_at(0x140001BD0);
-- 清除类型(重置为自动检测)
SELECT set_type(0x140001BD0, '');
-- 重新反编译查看效果
SELECT decompile(0x140001BD0, 1);Local Variables
局部变量
sql
-- Change local variable type
UPDATE ctree_lvars SET type = 'MY_HEADER *'
WHERE func_addr = 0x401000 AND idx = 0;
-- Change and verify
SELECT decompile(0x401000, 1);
SELECT idx, name, type FROM ctree_lvars
WHERE func_addr = 0x401000 AND idx = 0;sql
-- 修改局部变量类型
UPDATE ctree_lvars SET type = 'MY_HEADER *'
WHERE func_addr = 0x401000 AND idx = 0;
-- 修改后验证
SELECT decompile(0x401000, 1);
SELECT idx, name, type FROM ctree_lvars
WHERE func_addr = 0x401000 AND idx = 0;Call Sites
调用站点
Use call-site typing for indirect calls when function prototypes and local-variable types still leave a specific call under-typed.
sql
-- Discover indirect call sites first
SELECT call_ea, target_op, target_var_name, arg_count
FROM ctree_v_indirect_calls
WHERE func_addr = 0x140001BD0
ORDER BY call_ea;
-- Apply a prototype to one call site
SELECT apply_callee_type(
0x140001C3E,
'int __fastcall emit_message(const char *name, const char *target, int flag, const char *tag);'
);
-- Verify the persisted call-site typing
SELECT callee_type_at(0x140001C3E);
SELECT call_arg_addrs(0x140001C3E);
SELECT decompile(0x140001BD0, 1);当函数原型和局部变量类型仍无法明确特定调用的类型时,可使用调用站点类型设置。
sql
-- 先发现间接调用站点
SELECT call_ea, target_op, target_var_name, arg_count
FROM ctree_v_indirect_calls
WHERE func_addr = 0x140001BD0
ORDER BY call_ea;
-- 为单个调用站点应用原型
SELECT apply_callee_type(
0x140001C3E,
'int __fastcall emit_message(const char *name, const char *target, int flag, const char *tag);'
);
-- 验证持久化的调用站点类型
SELECT callee_type_at(0x140001C3E);
SELECT call_arg_addrs(0x140001C3E);
SELECT decompile(0x140001BD0, 1);Typing Surfaces Matrix
类型应用场景矩阵
| Surface | Scope | Semantic vs render-only | Typical use |
|---|---|---|---|
| Function/global address | Semantic | Give a function or global the right declared type |
| One decompiled local/arg | Semantic | Clean up local pointer/struct inference |
| One call site | Semantic | Fix an indirect call when the callee prototype must be explicit |
| One disassembly operand | Render-only | Show enums/struct offsets in listing output |
| One decompiler expression | Render-only | Choose a union arm for nicer pseudocode |
| One decompiler expression operand | Render-only | Change numeric rendering without changing base type |
| 应用场景 | 作用范围 | 语义型 vs 仅渲染型 | 典型用途 |
|---|---|---|---|
| 函数/全局地址 | 语义型 | 为函数或全局变量设置正确的声明类型 |
| 单个反编译局部变量/参数 | 语义型 | 优化局部指针/结构体的推断结果 |
| 单个调用站点 | 语义型 | 当被调用者原型必须明确时,修复间接调用 |
| 单个反汇编操作数 | 仅渲染型 | 在列表输出中显示枚举/结构体偏移量 |
| 单个反编译器表达式 | 仅渲染型 | 选择联合体分支以优化伪代码显示 |
| 单个反编译器表达式操作数 | 仅渲染型 | 在不改变基础类型的情况下修改数值显示方式 |
Names
命名
sql
-- Set a name at address
INSERT INTO names(address, name) VALUES (0x402000, 'g_config');sql
-- 为地址设置名称
INSERT INTO names(address, name) VALUES (0x402000, 'g_config');Struct Offset Representation in Disassembly
反汇编中的结构体偏移表示
The table column applies struct offset display to disassembly operands:
instructionsoperand*_format_specsql
-- Apply struct-offset: makes `[rax+10h]` display as `[rax+MY_STRUCT.field_name]`
UPDATE instructions SET operand0_format_spec = 'stroff:MY_STRUCT,delta=0'
WHERE address = 0x401030;
-- Apply enum: `enum:CMD_TYPE`; clear back to plain: `clear`
UPDATE instructions SET operand1_format_spec = 'enum:CMD_TYPE'
WHERE address = 0x401020;instructionsoperand*_format_specsql
-- 应用结构体偏移:将`[rax+10h]`显示为`[rax+MY_STRUCT.field_name]`
UPDATE instructions SET operand0_format_spec = 'stroff:MY_STRUCT,delta=0'
WHERE address = 0x401030;
-- 应用枚举:`enum:CMD_TYPE`;恢复为默认显示:`clear`
UPDATE instructions SET operand1_format_spec = 'enum:CMD_TYPE'
WHERE address = 0x401020;Enum/Union Rendering in Decompiled Code
反编译代码中的枚举/联合体渲染
For numform helpers () and union selection helpers (), see skill.
set_numform*set_union_selection*decompilerapply_callee_type如需numform辅助工具()和联合体选择辅助工具(),请查看技能。
set_numform*set_union_selection*decompilerapply_callee_typePerformance Rules
性能规则
| Table | Architecture | Key Constraint | Notes |
|---|---|---|---|
| Cached | | Full cache rebuilt on demand; usually fast (<1000 types) |
| Cached | | O(1) lookup with constraint; without it iterates all types |
| Cached | | O(1) lookup with constraint |
| Cached | | O(1) lookup with constraint |
Key rules:
- constraint pushdown gives O(1) access to a single type's members, enum values, or func args.
type_ordinal - Without constraint, these tables iterate all local types. This is usually fast (most binaries have <1000 local types), but prefer filtered queries when you know the target.
- Type views (, etc.) are pre-filtered — use them for categorical queries.
types_v_structs - is the fastest way to seed multiple types at once (single call vs multiple INSERTs).
parse_decls()
| 表 | 架构 | 关键约束 | 说明 |
|---|---|---|---|
| 缓存 | | 按需重建完整缓存;通常速度较快(类型数<1000) |
| 缓存 | | 带约束时为O(1)查找;无约束时遍历所有类型 |
| 缓存 | | 带约束时为O(1)查找 |
| 缓存 | | 带约束时为O(1)查找 |
核心规则:
- 传递约束可实现O(1)访问单个类型的成员、枚举值或函数参数。
type_ordinal - 无约束时,这些表会遍历所有本地类型。通常速度较快(大多数二进制文件的本地类型数<1000),但当明确目标时优先使用过滤查询。
- 类型视图(等)已预过滤——分类查询时优先使用。
types_v_structs - 是批量初始化多个类型的最快方式(单次调用 vs 多次INSERT)。
parse_decls()
Related Skills
相关技能
- — Workflow expert: how to combine type application with renaming and commenting
annotations - — Deep ctree mechanics, union selection, numform, mutation loop
decompiler - — Structure recovery methodology from offset casts
re-source
- — 工作流专家:如何结合类型应用与重命名、注释操作
annotations - — 深入ctree机制、联合体选择、numform、循环修改
decompiler - — 基于偏移转换的结构恢复方法
re-source
Additional Resources
额外资源
- For complete type workflow examples and advanced CTE patterns: references/type-patterns.md
- 完整的类型工作流示例和高级CTE模式:references/type-patterns.md