kernullist

kernullist / PseudoForge

Public

An IDA Pro / Hex-Rays plugin that turns noisy pseudocode into reviewable, kernel-aware cleanup artifacts

19
2
85% credibility
Found May 31, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

PseudoForge is an IDA Pro plugin that transforms noisy Hex-Rays decompiler output into clean, readable pseudocode by applying deterministic analysis and optional AI-assisted renaming, with a strong emphasis on preview-before-apply safety for kernel driver reverse engineering.

How It Works

1
🔍 Open a binary in IDA Pro

You load a Windows driver or system binary and view the messy decompiled pseudocode that Hex-Rays produces.

2
📦 Install PseudoForge as an IDA plugin

You copy the plugin files into your IDA plugins folder and restart IDA Pro to activate the new menu.

3
Analyze a function with one click

You select a function and click 'Analyze current function' - PseudoForge instantly cleans up variable names and adds helpful comments.

4
Choose your analysis approach
🎯
Built-in rules only

Deterministic analysis runs immediately using proven patterns for kernel code without any external services.

💡
Add AI name suggestions

You connect an AI service so your assistant can think of better variable names based on how the code is used.

5
👀 Review the cleaned preview

A side-by-side preview shows the original messy code next to the cleaned version with meaningful names and comments.

6
Apply only the renames you choose

You pick which variable renames to keep and PseudoForge safely updates only those names in your database.

🎉 Get readable, reviewable pseudocode

Your decompiled code is now easier to understand, share, and audit - with a clear record of every change made.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is PseudoForge?

PseudoForge is an IDA Pro plugin that transforms messy Hex-Rays pseudocode into clean, readable artifacts you can actually review. It targets Windows kernel drivers specifically, normalizing NTSTATUS literals, decoding IOCTL codes, and recovering switch dispatchers from tangled if-else chains. The plugin runs inside IDA and shows a side-by-side preview of raw versus cleaned output, then lets you export bundles containing cleaned pseudocode, switch outlines, rename maps, and flow reports. A standalone CLI handles offline smoke testing without launching IDA, and a separate workflow supports IDA Free users who work with cloud-decompiled code. The core philosophy is deterministic-first: LLM suggestions are optional and must pass validation before appearing in output.

Why is it gaining traction?

The hook is kernel-specific semantics that generic cleanup tools miss. PseudoForge understands NTSTATUS error codes, LIST_ENTRY traversal patterns, IRP dispatch signatures, and pool tag formatting out of the box. It ships with a WDK profile covering thousands of kernel API prototypes and status codes, generated directly from Windows headers. The deterministic rules engine lets teams author JSON-based rename and comment rules without touching Python code, making it practical for team workflows. Optional LLM assist via OpenAI, Claude, or DeepSeek adds rename suggestions, but the plugin refuses to apply them blindly--everything goes through collision checking and identifier validation first.

Who should use this?

Reverse engineers analyzing Windows kernel drivers who spend too much time manually renaming locals and decoding status codes. Malware analysts working with no-symbol OB callbacks or custom IOCTL dispatchers. Security researchers who need to share cleaned pseudocode with teammates and want audit trails showing why each rename appeared. Teams building internal analysis pipelines can use the headless batch mode to process large IDBs and the JSON rules engine to enforce naming conventions across projects.

Verdict

PseudoForge fills a real gap for kernel-focused reverse engineering, but the 19-star count signals early-stage software still finding its audience. Documentation is thorough and the WDK profile generation from headers is a nice touch, but test coverage and community activity will determine long-term viability. If you regularly battle noisy Hex-Rays output on Windows drivers, this is worth installing just for the NTSTATUS decoding and switch recovery alone. Start with the offline CLI smoke test before committing to the full IDA plugin workflow.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.