Please someone help. MakeStruct does not work with structures whose last field is a string (zero-length in structure definition). If the string field is already defined MakeStruct fails, if it is undefined it's not included in the structure field. However the Declare Structure field tool button creates the structure ok!

Hi

Is the problem that you haven't *explicitly* defined a STRING or UNICODE_STRING structure before defining the struc that uses it? This may make the struc definition fail on the *last* field.

I had a similar problem inserting a struc where the last field was a pointer to a UNICODE_STRING. By default IDA declared this standard type structure wrong. It should recognize it from the pdb, but instead defined the last field as zero length:

0000 RTL_DRIVE_LETTER_CURDIR struc ; (sizeof=0x8, standard type, variable size)
...
0008 DosPath db 0 dup(?)
0008 RTL_DRIVE_LETTER_CURDIR ends


This was very curious because I had already defined several other strucs with UNICODE_STRING fields, but they were never the LAST field. In fact, when I tried to dump the idc file, IDA gave an access violation error message, produced only a partial idc file (up to the bad struct), and basically hung until I terminated it.

When I then *explicitly* declared a UNICODE_STRING struc first (even though IDA recognizes the struc internally by default), the other structure was properly defined and a proper idc file was produced:

0000 RTL_DRIVE_LETTER_CURDIR struc ; (sizeof=0x10, standard type)
...
0008 DosPath UNICODE_STRING ?
0010 RTL_DRIVE_LETTER_CURDIR ends


If you're getting a similar problem when the last field of a structure is a string, there may be a bit of a bug here requiring this workaround.

Kayaker

The last field of the structure definition is even simpler. Not a STRING or UNICODE_STRING structure but a simple C string. Zero length so that individual instances supply their own string field. Something like this:
_tpida struc
tpDtt dd ?
tpMask dw ?
tpName dw ?
BaseType dd ? ; offset (FFFFFFFF)
Elements dd ? ; base 10
Name db 0 dup(?) ; string(C)
_tpida ends

so no prior string structure needs to be defined. Later on individual instance you try to apply this definition and if you do it programmatically MakeStruct don't include the string field. Like this
CODE:0048A9B3 stru_48A9B3 dd 4 ; tpDtt ; 004CAD84o
CODE:0048A9B3 dw 90h ; tpMask
CODE:0048A9B3 dw 0Ch ; tpName
CODE:0048A9B3 dd offset `__tpdsc__'[TXMenu]; BaseType
CODE:0048A9BF db 54h ; T
CODE:0048A9C0 db 58h ; X
CODE:0048A9C1 db 4Dh ; M
CODE:0048A9C2 db 65h ; e
CODE:0048A9C3 db 6Eh ; n
CODE:0048A9C4 db 75h ; u
CODE:0048A9C5 db 20h ;
CODE:0048A9C6 db 2Ah ; *
CODE:0048A9C7 db 0 ;

But if you do it using the Declare Structure Variable menu/toolbutton (Alt-Q) it works:
CODE:0048A9B3 stru_48A9B3 dd 4 ; tpDtt ; 004CAD84o
CODE:0048A9B3 dw 90h ; tpMask
CODE:0048A9B3 dw 0Ch ; tpName
CODE:0048A9B3 dd offset `__tpdsc__'[TXMenu]; BaseType
CODE:0048A9B3 db 'TXMenu *',0 ; Name

You see?

Sounds like someone might want to send an email to Ilfak (or maybe someone already has)?