Rewritten for IDAPython3 (IDA_VERSION >= 7.4) version of @groke's HRAST. Contains more features, more convenient and richer language for AST patterns and its handling, simple GUI for easier management and expanding over time repository with ready AST patterns (PRs are welcome!).
Herast helps with finding AST subtrees and with following work with found items. Herast provides its API via herapi module and via GUI view via Shift-M hotkey. Herast is designed for easy expandability, simple reusage and for fast scripting.
$IDAUSR is "%APPDATA%/Hex-Rays/IDA Pro" on windows and "$HOME/.idapro" on linux and mac
- Place
herast/to$IDAUSR/python/3/directory - Place
herapi.pyto$IDAUSR/python/3/directory - Place
herast.pyto$IDAUSR/pluginsdirectory
Add this folder for IDB in Schemes Storages View (Shift-M) or globally via herapi.add_storage_folder(folder_name, global_settings=True). Then enable needed storages and see the results applied to pseudocode.
Couple examples:
collapse_exception_branch replaces
propagate_error replaces
- Write patterns that describe parts of AST
- Write schemes that describe handling of found patterns
- Either export schemes to passive matcher (herapi.register_storage_scheme), that will later automatically apply them on the fly and modify every decompilation output (see examples) OR
- Use them as scripts with the help of Matcher (see examples)