#include static main() { AddHotkey("Ctrl-Shift-J", "rename_j"); } static rename_j () { auto func_start, func_end; auto ea; auto ea_inst; auto instruction; auto location; auto new_jmp; Message("[*] Rename Jxx\n"); Message("[*] Rename Jxx instructions to jxx_signed or jxx_unsigned\n"); // we're about to start working. // change the status, make an announcement and disable dialogs. Message("[-] Scanning through database ... \n"); // process the entire database. for (ea = NextFunction(MinEA()); ea != BADADDR; ea = NextNotTail(ea)) { // determine function start/end address. func_start = GetFunctionAttr(ea, FUNCATTR_START); func_end = GetFunctionAttr(ea, FUNCATTR_END); // export the disassembly of the current function under ScreenEA(). for (ea_inst = func_start; ea_inst != func_end; ea_inst = NextNotTail(ea_inst)) { instruction = GetMnem(ea_inst); if(!strstr(instruction,"j") && strstr(instruction,"jmp")) { if( ((strstr(instruction, "g") || // jump if greater than strstr(instruction, "l") || // jump if less than strstr(instruction, "s") || // jump if signed/unsigned strstr(instruction, "o")) && // jump if overflow !strstr(instruction, "jpo")) ) // jump if odd parity (this is an unsigned operation) { //get the location we are jumping to location = GetOpnd(ea_inst, 0); //create a new "instruction" new_jmp = form("%s_signed %s", instruction, location); //set this as a manual instruction SetManualInsn(ea_inst, new_jmp); } else { location = GetOpnd(ea_inst, 0); new_jmp = form("%s_unsigned %s", instruction, location); SetManualInsn(ea_inst, new_jmp); } } } } Message("[-] done. \n"); }