IDApython and IDA-decompiler commenting

Question

Looking at the functions exposed by idaapi I see that functions like the following are exposed.

get_user_cmt
set_user_cmt
save_user_cmts

As these functions are exposed I'm hoping that I have a way to add comments onto the hex-rays decompiler using a script. I looked around a bit and could not find examples using these functions.

[EDIT]

set_user_cmt seems to take 2 arguments, of which the second is the comment and the first is an instance of treeloc_t. However, I'm not too sure how to use it. Using the following leads to an orphan comment.

idaapi.set_user_cmt(idaapi.treeloc_t(5), "asdf")

I'm not pretty sure that it answers your question, but probably it will give you some direction : https://github.com/idapython/src/blob/master/examples/vds4.py — w s, Apr 19 '16 at 13:43
Just for reference : you will probably find more information on treeloc_t here, in hexrays.hpp file : https://www.hex-rays.com/products/decompiler/manual/sdk/hexrays_8hpp_source.shtml . I'd be glad to provide more complete solution but unfortunately I don't have working hex-rays now. — w s, Apr 19 '16 at 14:01

score 2 · Answer 1 · answered Jun 19 '16 at 20:14

The treeloc_t constructor does not accept an EA, and you need to specify the comment preciser:

ea = idaapi.get_screen_ea()
cfunc = idaapi.decompile(ea)
tl = idaapi.treeloc_t()
tl.ea = ea
tl.itp = idaapi.ITP_SEMI
cfunc.set_user_cmt(tl, "Test comment")
cfunc.save_user_cmts()

You can find more info about the precisers in hexrays.hpp. Not all precisers work everywhere. For example, the above code uses ITP_SEMI, which comments after a semicolon: it will result in an orphan comment if you use it on an if.

tintin · Answer 2 · 2016-09-30T09:12:02.283

I am trying to achieve a similar thing with ida-batch_decompile. The basic idea is to annotate and decompile the target from commandline (but it also comes with a menu entry; acting as a plugin or idascript)

It currently annotates functions with a textual description of guessed stack variable sizes and xrefs. To do so it adds a function comment block with SetFunctionCmt(addr, txtcomment, 0) (see code) and once all functions are annotated it decompiles the target binary to pseudocode (optionally also decompiles resolvable imports). Note that atm it is not capable of annotating decompiled lines but I am looking into having that in the future.

Here's an example for dbghelp.c

//----- (03052800) --------------------------------------------------------
// **** Variables ****
// * stack size: 20
// {"diff_size": 4, "offset_text": "[bp+0h]", "size": 4, "name": " s", "offset": 0}
// {"diff_size": 4, "offset_text": "[bp+4h]", "size": 4, "name": " r", "offset": 4}
// {"diff_size": 4, "offset_text": "[bp+8h]", "size": 4, "name": "arg_0", "offset": 8}
// {"diff_size": 4, "offset_text": "[bp+Ch]", "size": 4, "name": "dwBytes", "offset": 12}
// {"diff_size": 4, "offset_text": "[bp+10h]", "size": 4, "name": "arg_8", "offset": 16}
// *******************
// ***** XREFS *****
// * # 1
// sub_30733D0+30
// *******************
int __stdcall sub_3052800(int a1, SIZE_T dwBytes, int a3)
{
  int result; // eax@17
  HANDLE v4; // eax@21
...

score -2 · Answer 3 · answered Apr 19 '16 at 07:31

-2

You can use idc.MakeComm or idc.MakeRptCmt functions. For example:

MakeComm(address, 'My comment')

answered Apr 19 '16 at 07:31

ebux

1,759
9
17

4

I don't believe that can be used to apply comments on Hex-Rays decompilations. – Jason Geffner Apr 19 '16 at 13:35

IDApython and IDA-decompiler commenting

3 Answers3