oopsmishap/astaroth_hide_timewasters.py

## astaroth_hide_timewasters.py
import idautils
import idaapi
import ida_bytes
import ida_search
import ida_segment
import ida_nalt

def find_function(pattern):
    text = ida_segment.get_segm_by_name('.text')
    return ida_search.find_binary(text.start_ea, text.end_ea, pattern, 16, ida_search.SEARCH_DOWN)

TIMEWASTE_FUNC_PATTERN = "55 8B EC 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 53 89 4D F4 89 55 F8"

timewaste_func = find_function(TIMEWASTE_FUNC_PATTERN)

for ref in idautils.XrefsTo(timewaste_func, idaapi.XREF_ALL):
    start = ref.frm - 35  # 5 bytes per instruction
    end = ref.frm + 5
    ida_bytes.patch_bytes(start, b'\x90'*40)
    for x in range(start, end):
        ida_nalt.hide_item(x)
    print(f'Patched callee 0x{ref.frm:x} with nops')
	import idautils
	import idaapi
	import ida_bytes
	import ida_search
	import ida_segment
	import ida_nalt

	def find_function(pattern):
	text = ida_segment.get_segm_by_name('.text')
	return ida_search.find_binary(text.start_ea, text.end_ea, pattern, 16, ida_search.SEARCH_DOWN)

	TIMEWASTE_FUNC_PATTERN = "55 8B EC 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 53 89 4D F4 89 55 F8"

	timewaste_func = find_function(TIMEWASTE_FUNC_PATTERN)

	for ref in idautils.XrefsTo(timewaste_func, idaapi.XREF_ALL):
	start = ref.frm - 35 # 5 bytes per instruction
	end = ref.frm + 5
	ida_bytes.patch_bytes(start, b'\x90'*40)
	for x in range(start, end):
	ida_nalt.hide_item(x)
	print(f'Patched callee 0x{ref.frm:x} with nops')