Examples (Hex Rays) | Renaming a couple of variables that are parameters
This example iterates through all decompiled functions while looking for a variable that is an argument and a pointer to a structure.
results = set()
for ea in db.functions.iterate(decompiled=True):
f = hexrays.function(ea)
for v in hexrays.variables.iterate(f, argument=True):
ti = hexrays.variable.type(v)
if not (ti.is_ptr() or struc.has(ti)): continue
# Count the number of times that we need to dereference it before it isn't a pointer.
count = 0
while(ti.is_ptr()):
ti = db.types.dereference(ti)
count += 1
# If the count was larger than 1, then check the structure name and add it to our results if it matches.
if count > 1 and struc.by(ti).name == 'jsmisc32::global_1c5d0::arena':
results.add(ea)
continue
continueNow we'll use our results and iterate through the parameters again. Anything that points to a pointer to a structure will be displayed and then renamed while preserving the storage location offset in the suffix of the parameter name.
for ea in results:
f = hexrays.function(ea)
items = []
for v in hexrays.variables.iterate(f, argument=True):
ti = hexrays.variable.type(v)
if not ti.is_ptr(): continue
# count the number of times that it's referenced
count = 0
while(ti.is_ptr()):
ti = db.types.dereference(ti)
count += 1
# if it matches, add it to our list of items
if count > 1 and struc.by(ti).name == 'jsmisc32::global_1c5d0::arena':
items.append(v)
continue
# iterate through the variables we collected, print them, then rename them.
for v in items:
print(hexrays.repr(v))
# get their storage location and adjust them to subtract the size of the saved registers
offset, size = hexrays.variable.storage(v) - (f.mba.frregs + f.mba.retsize)
# now we can rename the variable using the offset we calculated.
print(hexrays.variable.name(v, 'app','arena', offset))
continue
|
|