[idb_import] Display enum operands against their enumeration

ChrisKader · ChrisKader · commit 6edeedbd4556 · 2026-06-05T16:15:47.000-05:00
Recover operands IDA displays as enumeration members, resolve each to its
enumeration via idb-rs (op_enum_type, which maps the operand's member tid to
the owning enumeration by tid range), and apply it to the disassembly with
EnumerationDisplayType. Like the number-format pass it disassembles each
operand to recover the immediate value and is gated behind the same
"Apply IDB Operand Formats" setting.
diff --git a/plugins/idb_import/src/mapper.rs b/plugins/idb_import/src/mapper.rs
@@ -2,7 +2,8 @@
 
 use crate::parse::{
     BaseAddressInfo, CommentInfo, DataInfo, DataKind, ExportInfo, FunctionFolderEntry,
-    FunctionInfo, IDBInfo, LabelInfo, NameInfo, OperandFormat, OperandFormatInfo, SegmentInfo,
+    FunctionInfo, IDBInfo, LabelInfo, NameInfo, OperandEnumInfo, OperandFormat, OperandFormatInfo,
+    SegmentInfo,
 };
 use crate::translate::TILTranslator;
 use binaryninja::architecture::{Architecture, ArchitectureExt, Register, RegisterInfo};
@@ -229,9 +230,65 @@ impl IDBMapper {
             }
         }
 
+        // Apply enum-displayed operands (same gating, since it also disassembles each operand).
+        if self.apply_operand_formats && !self.info.operand_enums.is_empty() {
+            tracing::info!(
+                "Applying {} enum-displayed operands",
+                self.info.operand_enums.len()
+            );
+            for operand_enum in &self.info.operand_enums {
+                let mut rebased = operand_enum.clone();
+                rebased.address = rebase(operand_enum.address);
+                self.map_operand_enum_to_view(view, &rebased);
+            }
+        }
+
         // self.map_used_types_to_view(view, &til_translator);
     }
 
+    /// Display an operand against its enumeration, as IDA does.
+    ///
+    /// Resolves the enumeration's Binary Ninja type id and sets it on the operand for every
+    /// immediate value in the instruction; like the number-format pass, an entry only takes
+    /// effect for the exact (value, operand) Binary Ninja renders.
+    fn map_operand_enum_to_view(&self, view: &BinaryView, operand_enum: &OperandEnumInfo) {
+        let Some(type_id) = view.type_id_by_name(operand_enum.enum_name.as_str()) else {
+            tracing::debug!(
+                "No Binary Ninja type for enum '{}', skipping operand at {:0x}",
+                operand_enum.enum_name,
+                operand_enum.address
+            );
+            return;
+        };
+
+        let functions = view.functions_containing(operand_enum.address);
+        let Some(func) = functions.iter().next() else {
+            return;
+        };
+        let arch = func.arch();
+
+        let bytes = view.read_vec(operand_enum.address, 16);
+        if bytes.is_empty() {
+            return;
+        }
+        let Some((_consumed, tokens)) = arch.instruction_text(&bytes, operand_enum.address) else {
+            return;
+        };
+
+        for token in &tokens {
+            if let Some(value) = integer_token_value(&token.kind) {
+                func.set_int_display_type(
+                    operand_enum.address,
+                    value,
+                    operand_enum.operand as usize,
+                    IntegerDisplayType::EnumerationDisplayType,
+                    Some(arch),
+                    Some(type_id.as_str()),
+                );
+            }
+        }
+    }
+
     /// Apply IDA's per-operand number formats to the instruction at an address.
     ///
     /// `set_int_display_type` only takes effect when Binary Ninja renders a token with the exact
diff --git a/plugins/idb_import/src/parse.rs b/plugins/idb_import/src/parse.rs
@@ -116,6 +116,15 @@ pub enum OperandFormat {
     Offset,
 }
 
+/// An instruction operand IDA displays as a member of an enumeration.
+#[derive(Debug, Clone, Serialize)]
+pub struct OperandEnumInfo {
+    pub address: u64,
+    pub operand: u8,
+    /// The name of the enumeration the operand is displayed against.
+    pub enum_name: String,
+}
+
 #[derive(Debug, Clone, Serialize)]
 pub struct CommentInfo {
     pub address: u64,
@@ -194,6 +203,8 @@ pub struct IDBInfo {
     pub dir_tree: Option<DirTreeInfo>,
     /// Typed data items recovered from the byte flags (id1).
     pub data_items: Vec<DataInfo>,
+    /// Operands IDA displays as enumeration members.
+    pub operand_enums: Vec<OperandEnumInfo>,
     /// Per-operand number formats recovered from the byte flags (id1).
     pub operand_formats: Vec<OperandFormatInfo>,
 }
@@ -400,16 +411,63 @@ impl IDBFileParser {
             .map(|id1| self.parse_operand_formats(id1))
             .unwrap_or_default();
 
+        // Recover operands displayed as enumeration members, resolved to their enumeration.
+        let operand_enums = match (id0.as_ref(), id1.as_ref(), til.as_ref()) {
+            (Some(id0), Some(id1), Some(til)) => {
+                self.parse_operand_enums(id0, id1, id2.as_ref(), til)?
+            }
+            _ => Vec::new(),
+        };
+
         Ok(IDBInfo {
             sha256,
             id0: id0_info,
             til,
             dir_tree: dir_tree_info,
             data_items,
+            operand_enums,
             operand_formats,
         })
     }
 
+    /// Walk the byte flags and recover operands IDA displays as enumeration members, resolving
+    /// each to the enumeration it belongs to.
+    pub fn parse_operand_enums<K: IDAKind>(
+        &self,
+        id0: &ID0Section<K>,
+        id1: &ID1Section<K>,
+        id2: Option<&ID2Section<K>>,
+        til: &TILSection,
+    ) -> anyhow::Result<Vec<OperandEnumInfo>> {
+        use idb_rs::id1::{ByteOp, ByteType};
+
+        let root_info = id0.ida_info(id0.root_node()?)?;
+        let netdelta = root_info.netdelta();
+
+        let mut operand_enums = Vec::new();
+        for (address, byte_info, _size) in id1.all_bytes_no_tails() {
+            let ByteType::Code(code) = byte_info.byte_type() else {
+                continue;
+            };
+            for (operand, op) in [(0u8, code.operand0()), (1u8, code.operand1())] {
+                if !matches!(op, Ok(Some(ByteOp::Enum))) {
+                    continue;
+                }
+                let Some(info) = AddressInfo::new(id0, id1, id2, netdelta, address) else {
+                    continue;
+                };
+                if let Some(enum_ty) = info.op_enum_type(operand, til) {
+                    operand_enums.push(OperandEnumInfo {
+                        address: address.into_raw().into_u64(),
+                        operand,
+                        enum_name: enum_ty.name.to_string(),
+                    });
+                }
+            }
+        }
+        Ok(operand_enums)
+    }
+
     /// Walk the byte flags and recover the per-operand number formats IDA assigned to code.
     pub fn parse_operand_formats<K: IDAKind>(
         &self,
