GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sibears → Hrast

sibears / Hrast

Licence: mit
PoC of modifying HexRays AST

Programming Languages

python
139335 projects - #7 most used programming language

Labels

idapython

Projects that are alternatives of or similar to Hrast

Sark
IDAPython Made Easy
Stars: ✭ 477 (+167.98%)
Mutual labels:  idapython
Ida For Delphi
IDA Python Script to Get All function names from Event Constructor (VCL)
Stars: ✭ 92 (-48.31%)
Mutual labels:  idapython
Mazewalker
Toolkit for enriching and speeding up static malware analysis
Stars: ✭ 132 (-25.84%)
Mutual labels:  idapython
Idarling
Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Stars: ✭ 588 (+230.34%)
Mutual labels:  idapython
Hexrays scripts
Various scripts for the Hexrays decompiler (kloppy, shuffle, arachno, IDA coffee, screenrecorder, ricky)
Stars: ✭ 50 (-71.91%)
Mutual labels:  idapython
Mipsaudit
IDA MIPS静态扫描脚本,汇编审计辅助脚本
Stars: ✭ 101 (-43.26%)
Mutual labels:  idapython
Scratchabit
Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
Stars: ✭ 369 (+107.3%)
Mutual labels:  idapython
Abyss
abyss - IDAPython Plugin for Postprocessing of Hexrays Decompiler Output
Stars: ✭ 161 (-9.55%)
Mutual labels:  idapython
Mrspicky
MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.
Stars: ✭ 86 (-51.69%)
Mutual labels:  idapython
Idapyhelper
IDAPyHelper is a script for the Interactive Disassembler that helps writing IDAPython scripts and plugins.
Stars: ✭ 128 (-28.09%)
Mutual labels:  idapython
Hexrayspytools
IDA Pro plugin which improves work with HexRays decompiler and helps in process of reconstruction structures and classes
Stars: ✭ 873 (+390.45%)
Mutual labels:  idapython
Pytest Idapro
A pytest module for The Interactive Disassembler and IDAPython; Record and Replay IDAPython API, execute inside IDA or use mockups of IDAPython API.
Stars: ✭ 44 (-75.28%)
Mutual labels:  idapython
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+671.91%)
Mutual labels:  idapython
Heap Viewer
An IDA Pro plugin to examine the glibc heap, focused on exploit development
Stars: ✭ 574 (+222.47%)
Mutual labels:  idapython
Amie
A Minimalist Instruction Extender for the ARM architecture and IDA Pro
Stars: ✭ 136 (-23.6%)
Mutual labels:  idapython
Ipyida
IPython console integration for IDA Pro
Stars: ✭ 358 (+101.12%)
Mutual labels:  idapython
Lighthouse
A Code Coverage Explorer for Reverse Engineers
Stars: ✭ 1,348 (+657.3%)
Mutual labels:  idapython
Ida Minsc
IDA-minsc is a plugin for IDA Pro that simplifies IDAPython. The API is grouped into contextual modules, and is dumbed down by removing the concept of types (DWIM). This allows one to script w/ very little investment or the need for documentation. Click "Watch" to keep track of any ongoing development, and smash that "Star" button if you like this.
Stars: ✭ 170 (-4.49%)
Mutual labels:  idapython
Genmc
Display Hex-Rays Microcode
Stars: ✭ 159 (-10.67%)
Mutual labels:  idapython
Stingray
IDAPython plugin for finding function strings recursively
Stars: ✭ 110 (-38.2%)
Mutual labels:  idapython
View All Similar Projects ➔

HexRaysAST matcher

MIT license

This is simple PoC that allows you to define AST pattern you want to process and make some actions with them

Current code contains templates for:

  1. Replacing inlined strlen called on global variable
  2. Auto renaming globals in expressions like global_var = func(arg1, "newglobalname")
  3. Auto renaming structure fields like glob_str.f0 = sub_cafebabe to glob_str.sub_cafebabe = sub_cafebabe

Scripts are not fully tested (e.g. it can fail on some ctree elements), but you can already make some useful things.

ast_helper.py contains some functions that help to create ctree items

If you got some interr like 50680 etc after yours changes to ctree you should check IDADIR/hexrays_sdk/verifier/cverify.cpp (you need to have IDA 7.1+)

Usage:

  1. Load HRAST.py into IDA
  2. Write your patterns in read_patterns.py. You should define PATTERNS list with tuples (template_code, replacement_fcn, is_chain) as elements
  3. Call reLOAD() function from IDAPython
  4. Reload decompiler window
  5. You can call unLOAD() function to disable modifications
  6. Also deBUG() method switches DEBUG mode on/off
  7. If you want to reload HRAST.py or remove hex-rays callback call hr_remove()

Examples:

Before before screen

After after screen

cpp operator << replace:

Before before screen

After after screen

License:

Released under The MIT License

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].