This is simple PoC that allows you to define AST pattern you want to process and make some actions with them
- Replacing inlined
strlen
called on global variable - Auto renaming globals in expressions like
global_var = func(arg1, "newglobalname")
- Auto renaming structure fields like
glob_str.f0 = sub_cafebabe
toglob_str.sub_cafebabe = sub_cafebabe
Scripts are not fully tested (e.g. it can fail on some ctree elements), but you can already make some useful things.
ast_helper.py
contains some functions that help to create ctree items
If you got some interr like 50680 etc after yours changes to ctree you should check IDADIR/hexrays_sdk/verifier/cverify.cpp (you need to have IDA 7.1+)
- Load HRAST.py into IDA
- Write your patterns in read_patterns.py. You should define
PATTERNS
list with tuples (template_code
,replacement_fcn
,is_chain
) as elements - Call
reLOAD()
function from IDAPython - Reload decompiler window
- You can call
unLOAD()
function to disable modifications - Also
deBUG()
method switches DEBUG mode on/off - If you want to reload HRAST.py or remove hex-rays callback call
hr_remove()
cpp operator << replace:
Released under The MIT License