HexRaysAST matcher

This is simple PoC that allows you to define AST pattern you want to process and make some actions with them

Current code contains templates for:

1. Replacing inlined strlen called on global variable
2. Auto renaming globals in expressions like global_var = func(arg1, "newglobalname")
3. Auto renaming structure fields like glob_str.f0 = sub_cafebabe to glob_str.sub_cafebabe = sub_cafebabe

Scripts are not fully tested (e.g. it can fail on some ctree elements), but you can already make some useful things.

ast_helper.py contains some functions that help to create ctree items

If you got some interr like 50680 etc after yours changes to ctree you should check IDADIR/hexrays_sdk/verifier/cverify.cpp (you need to have IDA 7.1+)

Usage:

1. Load HRAST.py into IDA
2. Write your patterns in read_patterns.py. You should define PATTERNS list with tuples (template_code, replacement_fcn, is_chain) as elements
3. Call reLOAD() function from IDAPython
4. Reload decompiler window
5. You can call unLOAD() function to disable modifications
6. Also deBUG() method switches DEBUG mode on/off
7. If you want to reload HRAST.py or remove hex-rays callback call hr_remove()

Examples:

Before

After

cpp operator << replace:

Before

After

License:

Released under The MIT License