PoC of modifying HexRays AST
This is simple PoC that allows you to define AST pattern you want to process and make some actions with them
strlen
called on global variableglobal_var = func(arg1, "newglobalname")
glob_str.f0 = sub_cafebabe
to glob_str.sub_cafebabe = sub_cafebabe
Scripts are not fully tested (e.g. it can fail on some ctree elements), but you can already make some useful things.
ast_helper.py
contains some functions that help to create ctree items
If you got some interr like 50680 etc after yours changes to ctree you should check IDADIR/hexrays_sdk/verifier/cverify.cpp (you need to have IDA 7.1+)
PATTERNS
list with tuples (template_code
, replacement_fcn
, is_chain
) as elementsreLOAD()
function from IDAPythonunLOAD()
function to disable modificationsdeBUG()
method switches DEBUG mode on/offhr_remove()
Before
After
cpp operator << replace:
Before
After
Released under The MIT License