ctree_rename.py

import idc
import idautils
import idaapi
import ida_funcs
import ida_name
import ida_bytes
import ida_nalt
import ida_hexrays as hr


def cstr(ea):
    b = ida_bytes.get_strlit_contents(ea, -1, ida_nalt.STRTYPE_C)
    if not b:
        raise ValueError('uanble to get string content from %s' % hex(ea))

    return b.decode()


class Visitor(idaapi.ctree_visitor_t):
    def __init__(self, target, index):
        super().__init__(hr.CV_FAST)
        self.target = target
        self.name = None
        self.index = index

    def visit_expr(self, i):
        if (i.op == idaapi.cot_call) and i.x.obj_ea == self.target:
            s = i.a[self.index].obj_ea
            self.name = cstr(s)
            return 1

        return 0


def guess_name_by_logger(logger, index):
    visited = set()
    for xref in idautils.CodeRefsTo(logger, False):
        f = ida_funcs.get_func(xref)
        if not f:
            continue

        name = ida_name.get_ea_name(f.start_ea)

        if not name.startswith('sub_'):
            continue

        if f.start_ea in visited:
            continue

        cfunc = hr.decompile(f)
        v = Visitor(logger, index)
        v.apply_to_exprs(cfunc.body, None)

        if v.name:
            idc.set_name(f.start_ea, v.name)
            visited.add(f.start_ea)
        else:
            print('unable to find', hex(f.start_ea))


guess_name_by_logger(0x1234, 3)