Skip to content

Releases: emoose/idaxex

idaxex 0.41 - XBE/patch support

30 Oct 22:34
Compare
Choose a tag to compare

Built for IDA 9.0.240925 rc1/release (beta2 not supported)

Binary has been renamed from idaxex64.dll to idaxex.dll, make sure to remove the older version.

Linux build of idaxex is now included, tested on some recent distros and seems to work fine, not sure how compatible it'll be with everything though.
(xex1tool build currently isn't included, but can be built from source)


0.41 changes:

  • idaloader: allows writing patched data back to file via IDA Apply patches to input file option, should work for all XBE files, XEX must be both decompressed & decrypted for it to apply (Keypatch plugin allows patching both x86 & PPC asm)

0.40 changes:

  • xex: named remainder of previously-unknown XAM exports (no more Refresh_1 Refresh_2)
  • xbe: added loader for Xbox XBE executables, this will try naming library functions via XbSymbolDatabase & XTLID section data, and populate imports window with kernel imports
  • xbe: support for retail/debug/beta/chihiro executables
  • xbe: recrypts beta xbe headers as retail to let them work with XbSymbolDatabase (0.40b)
  • xex: switched to ExCrypt AES code, may be slightly faster (0.40c)
  • xex1tool: fixed issue with XEX2 signature validation (0.40c)

Sadly IDAs PDB loader isn't currently compatible with XBEs, when image is converted from EXE -> XBE the section addresses get shifted around & aren't reflected in the PDB, causing IDA to use incorrect addresses for symbols.
(guess MSDIA likely allows section addrs inside loaded PDBs to be changed/ignored, seeing as Xbox SDK can debug XBE+PDB fine, but IDA doesn't seem to expose anything similar - ideally it should probably be comparing sections inside PDB against the IDB segments & updating in-memory PDB to match automatically...)

idaxex 0.40c - Xbox XBE support

30 Oct 22:40
Compare
Choose a tag to compare

(old release, see https://github.com/emoose/idaxex/releases for latest)

Built for IDA 9.0.240925 rc1/release (beta2 not supported)

Binary has been renamed from idaxex64.dll to idaxex.dll, make sure to remove the older version.

Linux build of idaxex is now included, tested on some recent distros and seems to work fine, not sure how compatible it'll be with everything though.
(xex1tool build currently isn't included, but can be built from source)


0.40 changes:

  • xex: named remainder of previously-unknown XAM exports (no more Refresh_1 Refresh_2)
  • xbe: added loader for Xbox XBE executables, this will try naming library functions via XbSymbolDatabase & XTLID section data, and populate imports window with kernel imports
  • xbe: support for retail/debug/beta/chihiro executables
  • xbe: recrypts beta xbe headers as retail to let them work with XbSymbolDatabase (0.40b)
  • xex: switched to ExCrypt AES code, may be slightly faster (0.40c)
  • xex1tool: fixed issue with XEX2 signature validation (0.40c)

Sadly IDAs PDB loader isn't currently compatible with XBEs, when image is converted from EXE -> XBE the section addresses get shifted around & aren't reflected in the PDB, causing IDA to use incorrect addresses for symbols.
(guess MSDIA likely allows section addrs inside loaded PDBs to be changed/ignored, seeing as Xbox SDK can debug XBE+PDB file, but IDA doesn't seem to expose anything similar - ideally it should probably be comparing sections inside PDB against the IDB segments & updating in-memory PDB to match automatically...)

idaxex 0.38b

09 Oct 11:49
Compare
Choose a tag to compare

Built for IDA 9.0.240925 rc1/release (beta2 not supported)

Binary has been renamed from idaxex64.dll to idaxex.dll, make sure to remove the older version.

Linux build of idaxex is now included, tested on some recent distros and seems to work fine, not sure how compatible it'll be with everything though.
(xex1tool build currently isn't included, but can be built from source)

0.38b changes:

  • simplified call to eh_parse, should fix "FFFFFFFFFFFFFFFF" popup message
  • fixed XEX1 export loading
  • fixed rare issue with callcap imports not being marked properly
  • re-added pdata parser code to mark functions before calling eh_parse, allowing funcs to get analysed much sooner

0.37 changes:

  • use IDA's (undocumented...) eh_parse plugin to handle .pdata & exception parsing, should now mark SEH exceptions in functions fine
  • (for this it uses a hacked up version of eh_parse_t struct which could easily change in future, would be really nice if definition of that showed up in idasdk...)
  • small plug, but you can now connect IDA up to xenia-canary with gdbstub branch: https://github.com/emoose/xenia/commits/canary-gdbstub/

0.36 changes:

  • support building for Linux with clang & ida-cmake
  • parse & name TLS directory/callbacks
  • VA offset fixes for XEX3F/XEX0

0.35 changes:

  • improved .pdata parsing, greatly reduces time taken to label .pdata functions
  • savevmx/restvmx functions now named/hidden
  • add fix for some XEX1 files that had segments such as .idata removed entirely from basefile
  • use set_inf_main to mark EP like the IDA PE loader does, and call the set_import_* IDA funcs for imports
  • (0.35a) updated x360.til with savefpr/savevmx prototypes to improve decompilation

0.34a changes:

  • prompts to load PDB if the XEX contains debug info
  • now passes codeview info from the XEX over to IDA, fixing "pdb incorrect or invalid" message if using matching PDB for the executable
  • changing PDB_PROVIDER = PDB_PROVIDER_MSDIA inside pdb.cfg is recommended to fully load X360 symbols (though this is a lot slower than PDBIDA)

0.33 changes:

  • IDA 9.0 support: changed bin_search3 -> bin_search to support IDA 9.0.240925

idaxex 0.37 - pdata / exceptions parsing

07 Oct 17:59
Compare
Choose a tag to compare

Built for IDA 9.0.240925 RC1/release (beta2 not supported)

Binary has been renamed from idaxex64.dll to idaxex.dll, make sure to remove the older version.

Linux build of idaxex is now included, tested on some recent distros and seems to work fine, not sure how compatible it'll be with everything though.
(xex1tool build currently isn't included, but can be built for Linux from source)

0.37 changes:

  • use IDA's (undocumented...) eh_parse plugin to handle .pdata & exception parsing, should now mark SEH exceptions in functions fine
  • (for this it uses a hacked up version of eh_parse_t struct which could easily change in future, would be really nice if definition of that showed up in idasdk...)
  • small plug, but you can now connect IDA up to xenia-canary with gdbstub branch: https://github.com/emoose/xenia/commits/canary-gdbstub/

0.36 changes:

  • support building for Linux with clang & ida-cmake
  • parse & name TLS directory/callbacks
  • VA offset fixes for XEX3F/XEX0

0.35 changes:

  • improved .pdata parsing, greatly reduces time taken to label .pdata functions
  • savevmx/restvmx functions now named/hidden
  • add fix for some XEX1 files that had segments such as .idata removed entirely from basefile
  • use set_inf_main to mark EP like the IDA PE loader does, and call the set_import_* IDA funcs for imports
  • (0.35a) updated x360.til with savefpr/savevmx prototypes to improve decompilation

0.34a changes:

  • prompts to load PDB if the XEX contains debug info
  • now passes codeview info from the XEX over to IDA, fixing "pdb incorrect or invalid" message if using matching PDB for the executable
  • changing PDB_PROVIDER = PDB_PROVIDER_MSDIA inside pdb.cfg is recommended to fully load X360 symbols (though this is a lot slower than PDBIDA)

0.33 changes:

  • IDA 9.0 support: changed bin_search3 -> bin_search to support IDA 9.0.240925

0.32 changes:

  • hopefully fixed x360.til loading by delaying 32-bit switch until after XEX has loaded, should apply fine with hex-rays working, if you find anything wrong with it please let me know.

0.31 changes:

  • added support for IDA 9.0.240807 beta
  • savegpr/restgpr functions should be hidden from hex-rays now, making the decompilation a bit cleaner
  • savefpr/restfpr functions now also named/hidden

idaxex 0.36 - Linux support

03 Oct 22:38
Compare
Choose a tag to compare

Built for IDA 9.0.240925 RC1/release (beta2 not supported)

Binary has been renamed from idaxex64.dll to idaxex.dll, make sure to remove the older version.

Linux build of idaxex is now included, tested on some recent distros and seems to work fine, not sure how compatible it'll be with everything though.
(xex1tool build currently isn't included, but can be built for Linux from source)

0.36 changes:

  • support building for Linux with clang & ida-cmake
  • parse & name TLS directory/callbacks
  • VA offset fixes for XEX3F/XEX0

0.35 changes:

  • improved .pdata parsing, greatly reduces time taken to label .pdata functions
  • savevmx/restvmx functions now named/hidden
  • add fix for some XEX1 files that had segments such as .idata removed entirely from basefile
  • use set_inf_main to mark EP like the IDA PE loader does, and call the set_import_* IDA funcs for imports
  • (0.35a) updated x360.til with savefpr/savevmx prototypes to improve decompilation

0.34a changes:

  • prompts to load PDB if the XEX contains debug info
  • now passes codeview info from the XEX over to IDA, fixing "pdb incorrect or invalid" message if using matching PDB for the executable
  • changing PDB_PROVIDER = PDB_PROVIDER_MSDIA inside pdb.cfg is recommended to fully load X360 symbols (though this is a lot slower than PDBIDA)

0.33 changes:

  • IDA 9.0 support: changed bin_search3 -> bin_search to support IDA 9.0.240925

0.32 changes:

  • hopefully fixed x360.til loading by delaying 32-bit switch until after XEX has loaded, should apply fine with hex-rays working, if you find anything wrong with it please let me know.

0.31 changes:

  • added support for IDA 9.0.240807 beta
  • savegpr/restgpr functions should be hidden from hex-rays now, making the decompilation a bit cleaner
  • savefpr/restfpr functions now also named/hidden

idaxex 0.35a - IDA 9.0 release

03 Oct 01:49
Compare
Choose a tag to compare

Built for IDA 9.0.240925 RC1/release (beta2 not supported)

0.35 changes:

  • improved .pdata parsing, greatly reduces time taken to label .pdata functions
  • savevmx/restvmx functions now named/hidden
  • add fix for some XEX1 files that had segments removed entirely from basefile
  • use set_inf_main to mark EP like the IDA PE loader does, and call the set_import_* IDA funcs for imports
  • (0.35a) updated x360.til with savefpr/savevmx prototypes to improve decompilation

0.34a changes:

  • prompts to load PDB if the XEX contains debug info
  • now passes codeview info from the XEX over to IDA, fixing "pdb incorrect or invalid" message if using matching PDB for the executable
  • changing PDB_PROVIDER = PDB_PROVIDER_MSDIA inside pdb.cfg is recommended to fully load X360 symbols (though this is a lot slower than PDBIDA)

0.33 changes:

  • change bin_search3 -> bin_search to support IDA 9.0.240925

0.32 changes:

  • hopefully fixed x360.til loading by delaying 32-bit switch until after XEX has loaded, should apply fine with hex-rays working, if you find anything wrong with it please let me know.

0.31 changes:

  • added support for IDA 9.0.240807 beta
  • savegpr/restgpr functions should be hidden from hex-rays now, making the decompilation a bit cleaner
  • savefpr/restfpr functions now also named/hidden

idaxex 0.34a - IDA 9.0 release

02 Oct 21:28
Compare
Choose a tag to compare

Built for IDA 9.0.240925 RC1/release (beta2 not supported)

0.34a changes:

  • prompts to load PDB if the XEX contains debug info
  • now passes codeview info from the XEX over to IDA, fixing "pdb incorrect or invalid" message if using matching PDB for the executable
  • changing PDB_PROVIDER = PDB_PROVIDER_MSDIA inside pdb.cfg is recommended to fully load X360 symbols (though this is a lot slower than PDBIDA)

0.33 changes:

  • change bin_search3 -> bin_search to support IDA 9.0.240925

0.32 changes:

  • hopefully fixed x360.til loading by delaying 32-bit switch until after XEX has loaded, should apply fine with hex-rays working, if you find anything wrong with it please let me know.

0.31 changes:

  • added support for IDA 9.0.240807 beta
  • savegpr/restgpr functions should be hidden from hex-rays now, making the decompilation a bit cleaner
  • savefpr/restfpr functions now also named/hidden

idaxex 0.33 - IDA 9.0 release

01 Oct 23:55
Compare
Choose a tag to compare

Built for IDA 9.0.240925 (RC1 / release)

0.33 changes:

  • change bin_search3 -> bin_search to support IDA 9.0.240925

0.32 changes:

  • hopefully fixed x360.til loading by delaying 32-bit switch until after XEX has loaded, should apply fine with hex-rays working, if you find anything wrong with it please let me know.

0.31 changes:

  • added support for IDA 9.0.240807 beta
  • savegpr/restgpr functions should be hidden from hex-rays now, making the decompilation a bit cleaner
  • savefpr/restfpr functions now also named/hidden

idaxex 0.32 - IDA 9.0 beta

23 Aug 12:31
Compare
Choose a tag to compare

Built for IDA 9.0 beta 2

0.32 hopefully fixes x360.til loading by delaying 32-bit switch until after XEX has loaded, so x360.til should apply fine with hex-rays working, if you find anything wrong with it please let me know.


0.31 changes:

  • added support for IDA 9.0 beta
  • savegpr/restgpr functions should be hidden from hex-rays now, making the decompilation a bit cleaner
  • savefpr/restfpr functions now also named/hidden

idaxex 0.31 - IDA 9.0 beta

10 Aug 17:15
Compare
Choose a tag to compare

Built for IDA 9.0 beta

0.31 should hide the savegpr/restgpr functions from hex-rays now, making the decompilation a bit cleaner, if you notice any issues with that let me know.

No x360.til included since tilib90.zip doesn't seem available, not sure if there's any way to hack the 7.7 x360.til to work with it...