handle negative hashes

[herrcore]

Currently we use get_highlight to pull the selected constant from IDA but this is an issue when the constant is negative. The negative sign is not highlighted in IDA so we don't grab it and misinterpret the constant as positive.

This can be handled elegantly in the disassembly by checking the operands at the selected address for both negative and positive values of the selected constant to determine which one to use... however this doesn't really work when the value is selected in the pseudocode window.

TLDR Issue
When we use get_highlight in the pseudocode window to select a constant how can we match that constant with the actual value in the IDA microcode/pseudocode representation? This is my lack of understanding of how to manipulate the pseudocode from python... example code would be much appreciated 🙏

[anthonyprintup]

So it seems like there is a much simpler way of figuring out if the value is negative (notice the invsign and negated keywords):

I know that some Python code is executed when displaying the popup, which probably means IDA also gets the information through a Python API? If so, then we just need to figure out what IDA does here.

[I-VANN]

add this function and replace all "parse_highlighted_value" with "extract_immediate_value":

def extract_immediate_value():
        # get instruction at mouse pos
        current_ea = idaapi.get_screen_ea()

        #get instruction operand
        insn = idaapi.insn_t()
        idaapi.decode_insn(insn, current_ea)
        for op in insn.ops:
            # check if immediate value
            if op.type == idaapi.o_imm:
                # get operand value
                imm_value = op.value
                #print("TEST: Operand is an immediate: {:#x}".format(imm_value))
                return imm_value
        #print("TEST: Operand is not an immediate")
        return None

[anthonyprintup]

add this function and replace all "parse_highlighted_value" with "extract_immediate_value":

def extract_immediate_value():
        # get instruction at mouse pos
        current_ea = idaapi.get_screen_ea()

        #get instruction operand
        insn = idaapi.insn_t()
        idaapi.decode_insn(insn, current_ea)
        for op in insn.ops:
            # check if immediate value
            if op.type == idaapi.o_imm:
                # get operand value
                imm_value = op.value
                #print("TEST: Operand is an immediate: {:#x}".format(imm_value))
                return imm_value
        #print("TEST: Operand is not an immediate")
        return None

The reason why we can't use this method is that we'd have to parse the microcode instead. The highlighted values could be optimized from multiple immediate values, they could also be registers, etc.

[I-VANN]

The reason why we can't use this method is that we'd have to parse the microcode instead. The highlighted values could be optimized from multiple immediate values, they could also be registers, etc.

it must be considered that the value of the hash is always a number and is taken from the disassembly window (even if it is selected from the decompilation window) and not from the decompilation window where, on the other hand, there may be more immediate values. I have tested it in many conditions and it seems to work. Could you please provide me with a particular use case that is not covered? Thanks.