jershmagersh · November 24, 2024 07:06
diff --git a/copy_hash.py b/copy_hash.py
 import idaapi
 import ida_hexrays
 import idc
 import ida_lines
 import random
 import string

 HASH_ENUM_INDEX = 0

 global call_op_uniq
 call_op_uniq = None 

 class ctree_visitor(ida_hexrays.ctree_visitor_t):
    def __init__(self, cfunc):
        ida_hexrays.ctree_visitor_t.__init__(self, ida_hexrays.CV_FAST)
        self.cfunc = cfunc
        self.func_name = "mw_walk_hash_brc4_algo"# API resolution function name
    
    def get_expr_name(self, expr):
        name = expr.print1(None)
        name = ida_lines.tag_remove(name)
        name = ida_pro.str2user(name)
        return name

    def visit_expr(self, expr):
        if expr.op == idaapi.cot_call:
            if idc.get_name(expr.x.obj_ea) == self.func_name:
                carg_1 = expr.a[HASH_ENUM_INDEX]
                api_name = ida_lines.tag_remove(
                    carg_1.cexpr.print1(None)
                )  # Get API name
                expr_parent = self.cfunc.body.find_parent_of(expr)  # Get node parent

                # find asg node
                while expr_parent.op != idaapi.cot_asg:
                    expr_parent = self.cfunc.body.find_parent_of(expr_parent)

                # The global variable assignment is of type cot_obj
                # getting the name of this object was a giant pain but found
                # an example that's done in get_expr_name
                if expr_parent.cexpr.x.op == idaapi.cot_obj:
                    lvariable_old_name = (
                        self.get_expr_name(expr_parent.cexpr.x)
                    )  # get name of variable
                    print(f"Changing 0x{expr_parent.cexpr.x.obj_ea:2x} to {api_name}")
                    idc.set_name(
                        expr_parent.cexpr.x.obj_ea, api_name
                    ) # rename variable
        return 0


 def main():
    cfunc = idaapi.decompile(idc.here())
    v = ctree_visitor(cfunc)
    v.apply_to(cfunc.body, None)


 main()
	import idaapi
	import ida_hexrays
	import idc
	import ida_lines
	import random
	import string

	HASH_ENUM_INDEX = 0

	global call_op_uniq
	call_op_uniq = None

	class ctree_visitor(ida_hexrays.ctree_visitor_t):
	def __init__(self, cfunc):
	ida_hexrays.ctree_visitor_t.__init__(self, ida_hexrays.CV_FAST)
	self.cfunc = cfunc
	self.func_name = "mw_walk_hash_brc4_algo"# API resolution function name

	def get_expr_name(self, expr):
	name = expr.print1(None)
	name = ida_lines.tag_remove(name)
	name = ida_pro.str2user(name)
	return name

	def visit_expr(self, expr):
	if expr.op == idaapi.cot_call:
	if idc.get_name(expr.x.obj_ea) == self.func_name:
	carg_1 = expr.a[HASH_ENUM_INDEX]
	api_name = ida_lines.tag_remove(
	carg_1.cexpr.print1(None)
	) # Get API name
	expr_parent = self.cfunc.body.find_parent_of(expr) # Get node parent

	# find asg node
	while expr_parent.op != idaapi.cot_asg:
	expr_parent = self.cfunc.body.find_parent_of(expr_parent)

	# The global variable assignment is of type cot_obj
	# getting the name of this object was a giant pain but found
	# an example that's done in get_expr_name
	if expr_parent.cexpr.x.op == idaapi.cot_obj:
	lvariable_old_name = (
	self.get_expr_name(expr_parent.cexpr.x)
	) # get name of variable
	print(f"Changing 0x{expr_parent.cexpr.x.obj_ea:2x} to {api_name}")
	idc.set_name(
	expr_parent.cexpr.x.obj_ea, api_name
	) # rename variable
	return 0


	def main():
	cfunc = idaapi.decompile(idc.here())
	v = ctree_visitor(cfunc)
	v.apply_to(cfunc.body, None)


	main()