Skip to content
/ herast Public

Framework to automate working with AST in IDA Pro

Notifications You must be signed in to change notification settings

Mizari/herast

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

herast

Rewritten for IDAPython3 (IDA_VERSION >= 7.4) version of @groke's HRAST. Contains more features, more convenient and richer language for AST patterns and its handling, simple GUI for easier management and expanding over time repository with ready AST patterns (PRs are welcome!).

What it does

Herast helps with finding AST subtrees and with following work with found items. Herast provides its API via herapi module and via GUI view via Shift-M hotkey. Herast is designed for easy expandability, simple reusage and for fast scripting.

Installation

$IDAUSR is "%APPDATA%/Hex-Rays/IDA Pro" on windows and "$HOME/.idapro" on linux and mac

  • Place herast/ to $IDAUSR/python/3/ directory
  • Place herapi.py to $IDAUSR/python/3/ directory
  • Place herast.py to $IDAUSR/plugins directory

Use already written AST handlers

Add this folder for IDB in Schemes Storages View (Shift-M) or globally via herapi.add_storage_folder(folder_name, global_settings=True). Then enable needed storages and see the results applied to pseudocode.

Couple examples:
collapse_exception_branch replaces

into

propagate_error replaces

into

Create your own AST handlers

  • Write patterns that describe parts of AST
  • Write schemes that describe handling of found patterns
  • Either export schemes to passive matcher (herapi.register_storage_scheme), that will later automatically apply them on the fly and modify every decompilation output (see examples) OR
  • Use them as scripts with the help of Matcher (see examples)