vds8

summary: improve decompilation by turning specific patterns into custom function calls

description:

Registers an action that uses a ida_hexrays.udc_filter_t to decompile svc 0x900001 and svc 0x9000F8 as function calls to svc_exit() and svc_exit_group() respectively.

You will need to have an ARM + Linux IDB for this script to be usable

In addition to having a shortcut, the action will be present in the context menu.

level: intermediate

Attributes

`ACTION_NAME`
`ACTION_SHORTCUT`
`my_hooks`
`SVC_EXIT`
`SVC_EXIT_GROUP`
`udc_exit`

Classes

`udc_exit_t`
`toggle_udc_ah_t`
`my_hooks_t`

Module Contents

vds8.ACTION_NAME = 'vds8.py:udcall'

vds8.ACTION_SHORTCUT = 'Ctrl+Shift+U'

class vds8.udc_exit_t(code, name)

Bases: ida_hexrays.udc_filter_t

code

installed = False

match(cdg): return true if the filter object should be applied to given instruction

install()

uninstall()

toggle_install()

class vds8.toggle_udc_ah_t

Bases: ida_kernwin.action_handler_t

activate(ctx)

Activate an action. This function implements the core behavior of an action. It is called when the action is triggered, from a menu, from a popup menu, from the toolbar, or programmatically.

Returns:: non-zero: all IDA windows will be refreshed

update(ctx): Update an action. This is called when the context of the UI changed, and we need to let the action update some of its properties if needed (label, icon, …) In addition, this lets IDA know whether the action is enabled, and when it should be queried for availability again. Note: This callback is not meant to change anything in the application’s state, except by calling one (or many) of the “update_action_*()” functions on this very action.

class vds8.my_hooks_t(_flags: int = 0, _hkcb_flags: int = 1)

Bases: ida_kernwin.UI_Hooks

populating_widget_popup(widget, popup)

IDA is populating the context menu for a widget. This is your chance to attach_action_to_popup(). Have a look at ui_finish_populating_widget_popup, if you want to augment the context menu with your own actions after the menu has had a chance to be properly populated by the owning component or plugin (which typically does it on ui_populating_widget_popup.)

Parameters:

widget – (TWidget *)
popup_handle – (TPopupMenu *)
ctx – (const action_activation_ctx_t *)

Returns:

void

vds8.my_hooks

vds8.SVC_EXIT = 9437185

vds8.SVC_EXIT_GROUP = 9437432

vds8.udc_exit