Last active
August 26, 2021 16:49
-
-
Save zerotypic/672eb0563b7289d094dd77463b6958c6 to your computer and use it in GitHub Desktop.
wilhelm AST example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [10]: import wilhelm as W | |
| In [11]: W.initialize(W.Feature.PATH) | |
| In [12]: func = W.ast.Function(idaapi.get_screen_ea()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [13]: func.body[0].expr.e_lhs | |
| Out[13]: <wilhelm.ast.DerefExpr at 0x7fe902486470> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [14]: func.body.children.select("IfStmt") | |
| Out[14]: NodeList(...) | |
| In [15]: list(func.body.children.select("IfStmt")) | |
| Out[15]: | |
| [<wilhelm.ast.IfStmt at 0x7fe8ffe31320>, | |
| <wilhelm.ast.IfStmt at 0x7fe8ff57f940>] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [16]: def sel(path): return list(func.body.select(path)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [17]: sel("*/BinOpExpr") | |
| Out[17]: | |
| [<wilhelm.ast.BinOpExpr at 0x7fe8ffe2cb70>, | |
| <wilhelm.ast.BinOpExpr at 0x7fe8ffe2cb38>, | |
| ...] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [18]: sel("*/BinOpExpr.e_lhs/LocalVarExpr{name = 'fourcc2'}") | |
| Out[18]: | |
| [<wilhelm.ast.LocalVarExpr at 0x7fe8ffdadf60>, | |
| <wilhelm.ast.LocalVarExpr at 0x7fe8ffdb2198>, | |
| ...] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [19]: sel("*/BinOpExpr[.e_lhs/LocalVarExpr{name = 'fourcc2'}].e_rhs/NumExpr") | |
| Out[19]: | |
| [<wilhelm.ast.NumExpr at 0x7fe8ffdadf98>, | |
| <wilhelm.ast.NumExpr at 0x7fe8ffdb21d0>, | |
| ...] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def switch_to_char(num): | |
| nf = idaapi.number_format_t() | |
| nf.opnum = num.hexrays_item.n.nf.opnum | |
| nf.flags = idaapi.char_flag() | |
| nf.props = idaapi.NF_FIXED | |
| idaapi.user_numforms_insert( | |
| num.parent_func.hx_func.numforms, | |
| idaapi.operand_locator_t(num.ea, | |
| ord(num.hexrays_item.n.nf.opnum)), | |
| nf) | |
| num.parent_func.hx_func.save_user_numforms() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In [20]: for num in sel("*/BinOpExpr[.e_lhs/LocalVarExpr{name = 'fourcc2'}].e_rhs/NumExpr"): | |
| ...: switch_to_char(num) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment