import cutter;
import re;

cutter.cmd('aa')
decode_func_addr = 0x00401210
cutter.cmd("s %d" % decode_func_addr )
func_info = cutter.cmdj("afij")
func_size = func_info[0]['size']
print("Function size %d" % func_size)

line = decode_func_addr
for i in range(func_size):
    obj = cutter.cmdj("pdj 1 @ %s" % hex(line))
    opcode =obj[0]['opcode']
    match_object = re.search(r'^mov dword \[(.*)\], eax$', opcode, flags=re.IGNORECASE)
    if match_object:
        decoded_addr = match_object.group(1)
        tmp = cutter.cmdj("pdj -3 @ %s" % hex(line))
        
        match_object = re.search(r'^push (.*?)$', tmp[0]['opcode'], flags=re.IGNORECASE)
        if match_object:
            str_addr = match_object.group(1)
            #get zero terminated string at addr
            tmp = cutter.cmdj("pszj @ %s" % str_addr)
            decoded_str = tmp['string']
            print("%s %s" % (decoded_addr, decoded_str))
        
            #add comments to all references to decoded_addr
            for xref in cutter.cmdj('axtj %s' % decoded_addr):
                if re.match(r"call *", xref['opcode']):
                    # Add comments to each call of the decryption function
                    cutter.cmd('CCu CALL %s @ %d' % (decoded_str, xref['from']))

    line = line + 0x1

cutter.refresh()