Skip to content

Instantly share code, notes, and snippets.

Created February 12, 2024 23:29
Show Gist options
  • Save alexander-hanel/10264b06e73f19c68fd1f0b853a21513 to your computer and use it in GitHub Desktop.
Save alexander-hanel/10264b06e73f19c68fd1f0b853a21513 to your computer and use it in GitHub Desktop.
A hackish way to extract arguments passed to a function from hex-rays decompiler output
import idautils
ea = 0x000000140013188
name = ida_name.get_ea_name(ea)
# get xrefs to function
xrefs = [x for x in idautils.CodeRefsTo(ea, 0)]
for func in xrefs:
args = []
cfunc = idaapi.decompile(func)
sv = cfunc.get_pseudocode()
comment_len = ida_name.get_ea_name(func)
comment_flag = False
c = 1
for index, sline in enumerate(sv):
tt = idaapi.tag_remove(sline.line)
if name in tt and comment_flag != True:
comment_flag = True
# print lines
if comment_flag:
if ";" in tt:
print(hex(func), args)
Copy link

Hi @52617365, my version uses the hex-rays decompiler to extract the arguments. I always forget Hex-Rays API usage. Yes, your example will work but I would exercise caution when relying on idaapi.get_arg_addrs to extract function arguments. It works well on 64-bit functions that use standard calling conventions but it can fail on other calling conventions or functions that don’t have their types defined. I have had to write a couple of backtracing functions to deal with idaapi.get_arg_addrs failing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment