Last active
September 14, 2022 21:30
Revisions
-
arizvisa renamed this gist
Sep 14, 2022 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Sep 14, 2022 .There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,38 @@ F = idaapi.decompile(address) def ctree_relexer(F, idabits=8 if idaapi.get_inf_structure().is_64bit() else 4): iterable = (F.pseudocode[i].line for i in range(1 + F.hdrlines, F.pseudocode.size())) items = ' '.join(iterable).split("\x01({:0{:d}s}".format('', 2 * idabits)) line, = filter(None, items) for m in re.finditer(r"\x01\(([0-9A-F]{{{:d}}})[\1\2]([^\1\2]+)".format(2 * idabits), line): id, x = m.groups() idx = int(id, 0x10) if F.treeitems.size() <= idx: continue item = F.treeitems[idx] yield idaapi.tag_remove(item.print1(F)), item.cexpr return name, index = 'malloc', 0 def ctree_parameter(F, name, index): iterable = ctree_relexer(F) for string, item in iterable: if string.startswith(name + '('): [consume for _, consume in zip(range(index), iterable)] yield (lambda *a: a)(item.ea, string, *next(iterable)) continue return item = ctree_parameters[idx][-1] def ctree_resolve(F, item): if hasattr(item, 'operands'): ops = item.operands return resolve(F, ops.get('n', ops.get('v', ops.get('x', ops)))) elif hasattr(item, 'getv'): loc = item.getv().location return resolve(F, loc) elif hasattr(item, 'get_reginfo'): offset, Fregname = item.reg1(), lambda midx: '@' + idaapi.get_mreg_name(midx, 0x2318 + 1) return Fregname(offset) if item.is_reg() else (Fregname(idaapi.reg2mreg(idaapi.ph.regnames.index('sp'))), offset - F.mba.stacksize) elif hasattr(item, '_value'): return item._value return item