multun/hlil_visitor.py

## hlil_visitor.py
from dataclasses import dataclass
from typing import Callable


@dataclass
class ExprVisitor:
    matcher: Callable[[HighLevelILInstruction], bool]
    block: HighLevelILBasicBlock

    def visit_insn(self, expr):
        #print("matching", expr.operation, expr)
        if expr.operation == HighLevelILOperation.HLIL_BLOCK:
            return
        if expr.operation == HighLevelILOperation.HLIL_NOP:
            return
        if expr.il_basic_block != self.block:
            return
        if self.matcher(expr):
            return
        for field_name, field_type in HighLevelILInstruction.ILOperations[expr.operation]:
            if field_type == "expr":
                self.visit_insn(getattr(expr, field_name))
            if field_type == "expr_list":
                for expr in getattr(expr, field_name):
                    self.visit_insn(expr)

    @staticmethod
    def visit_block(matcher, block):
        #print("visiting block", block)
        visitor = ExprVisitor(matcher, block)
        for insn in block:
            visitor.visit_insn(insn)

    @staticmethod
    def visit_function(matcher, func):
        #print("visiting function", func)
        for block in func.hlil:
            ExprVisitor.visit_block(matcher, block)

def match_call(expr):
    if expr.operation == HighLevelILOperation.HLIL_CALL:
        print(expr)
        return True
    return False

print("analysing", current_function.name)
ExprVisitor.visit_function(match_call, current_function)
	from dataclasses import dataclass
	from typing import Callable


	@dataclass
	class ExprVisitor:
	matcher: Callable[[HighLevelILInstruction], bool]
	block: HighLevelILBasicBlock

	def visit_insn(self, expr):
	#print("matching", expr.operation, expr)
	if expr.operation == HighLevelILOperation.HLIL_BLOCK:
	return
	if expr.operation == HighLevelILOperation.HLIL_NOP:
	return
	if expr.il_basic_block != self.block:
	return
	if self.matcher(expr):
	return
	for field_name, field_type in HighLevelILInstruction.ILOperations[expr.operation]:
	if field_type == "expr":
	self.visit_insn(getattr(expr, field_name))
	if field_type == "expr_list":
	for expr in getattr(expr, field_name):
	self.visit_insn(expr)

	@staticmethod
	def visit_block(matcher, block):
	#print("visiting block", block)
	visitor = ExprVisitor(matcher, block)
	for insn in block:
	visitor.visit_insn(insn)

	@staticmethod
	def visit_function(matcher, func):
	#print("visiting function", func)
	for block in func.hlil:
	ExprVisitor.visit_block(matcher, block)

	def match_call(expr):
	if expr.operation == HighLevelILOperation.HLIL_CALL:
	print(expr)
	return True
	return False

	print("analysing", current_function.name)
	ExprVisitor.visit_function(match_call, current_function)