Awesome
herast
Rewritten for IDAPython3 (IDA_VERSION >= 7.4) version of @groke's HRAST. Contains more features, more convenient and richer language for AST patterns and its handling, simple GUI for easier management and expanding over time repository with ready AST patterns (PRs are welcome!).
What it does
Herast helps with finding AST subtrees and with following work with found items. Herast provides its API via herapi module and via GUI view via Shift-M hotkey. Herast is designed for easy expandability, simple reusage and for fast scripting.
<p align='center'> <img src='pictures/storages_manager_view.png'> </p>Installation
$IDAUSR is "%APPDATA%/Hex-Rays/IDA Pro" on windows and "$HOME/.idapro" on linux and mac
- Place
herast/to$IDAUSR/python/3/directory - Place
herapi.pyto$IDAUSR/python/3/directory - Place
herast.pyto$IDAUSR/pluginsdirectory
Use already written AST handlers
Add this folder for IDB in Schemes Storages View (Shift-M) or globally via herapi.add_storage_folder(folder_name, global_settings=True). Then enable needed storages and see the results applied to pseudocode.
Couple examples:
collapse_exception_branch replaces
propagate_error replaces
<p align='center'> <img src='https://github.com/mostobriv/herast/blob/main/pictures/propagate_error_before.png'> </p> into <p align='center'> <img src='https://github.com/mostobriv/herast/blob/main/pictures/propagate_error_after.png'> </p>Create your own AST handlers
- Write patterns that describe parts of AST
- Write schemes that describe handling of found patterns
- Either export schemes to passive matcher (herapi.register_storage_scheme), that will later automatically apply them on the fly and modify every decompilation output (see examples) OR
- Use them as scripts with the help of Matcher (see examples)