Skip to content

idaxex 0.41 - XBE/patch support

Compare
Choose a tag to compare
@emoose emoose released this 30 Oct 22:34
· 3 commits to master since this release

Built for IDA 9.0.240925 rc1/release (beta2 not supported)

Binary has been renamed from idaxex64.dll to idaxex.dll, make sure to remove the older version.

Linux build of idaxex is now included, tested on some recent distros and seems to work fine, not sure how compatible it'll be with everything though.
(xex1tool build currently isn't included, but can be built from source)


0.41 changes:

  • idaloader: allows writing patched data back to file via IDA Apply patches to input file option, should work for all XBE files, XEX must be both decompressed & decrypted for it to apply (Keypatch plugin allows patching both x86 & PPC asm)

0.40 changes:

  • xex: named remainder of previously-unknown XAM exports (no more Refresh_1 Refresh_2)
  • xbe: added loader for Xbox XBE executables, this will try naming library functions via XbSymbolDatabase & XTLID section data, and populate imports window with kernel imports
  • xbe: support for retail/debug/beta/chihiro executables
  • xbe: recrypts beta xbe headers as retail to let them work with XbSymbolDatabase (0.40b)
  • xex: switched to ExCrypt AES code, may be slightly faster (0.40c)
  • xex1tool: fixed issue with XEX2 signature validation (0.40c)

Sadly IDAs PDB loader isn't currently compatible with XBEs, when image is converted from EXE -> XBE the section addresses get shifted around & aren't reflected in the PDB, causing IDA to use incorrect addresses for symbols.
(guess MSDIA likely allows section addrs inside loaded PDBs to be changed/ignored, seeing as Xbox SDK can debug XBE+PDB fine, but IDA doesn't seem to expose anything similar - ideally it should probably be comparing sections inside PDB against the IDB segments & updating in-memory PDB to match automatically...)