idaxex is a native loader plugin for IDA Pro, adding support for loading in Xbox360 XEX & Xbox XBE executables.
Originally started as an IDAPython loader, work was continued as a native DLL to solve the shortcomings of it.
This should have the same features as xorloser's great Xex Loader (for IDA 6 and older), along with additional support for some early non-XEX2 formats, such as XEX1 used on beta-kits.
XBE files are additionally supported, adding a few extra features over the loader included with IDA.
This fork keeps the 0.42b codebase viable while smoothing over two compatibility breaks that matter in current setups:
- newer IDA SDK ignore-micro API changes
- newer
XbSymbolDatabasepublic API names
The maintained branch for that work is 0.42b-compat.
XbSymbolDatabase only affects the XBE-side SDK naming path in idaxex.
The Xbox 360 XEX import names still come from the loader's compiled-in name tables in:
namegen.cppnamegen_xtlid.cpp
That means refreshing XbSymbolDatabase is useful for XBE analysis, but it does not by itself refresh Xbox 360 kernel/XAM/XBDM import names.
Includes support for the following Xbox executables:
- XEX2 (>= kernel 1861)
- XEX1 (>= 1838)
- XEX% (>= 1746)
- XEX- (>= 1640)
- XEX? (>= 1529)
- XEX0 (>= 1332)
- XBE (>= XboxOG ~3729)
- Can handle compressed/uncompressed images, and encrypted/decrypted (with support for retail, devkit & pre-release encryption keys)
- Reads in imports & exports into the appropriate IDA import/export views.
- Automatically names imports that are well-known, such as imports from the kernel & XAM, just like xorloser's loader would.
- PE sections are created & marked with the appropriate permissions as given by the PE headers.
- AES-NI support to help improve load times of larger XEXs.
- Marks functions from .pdata exception directory & allows IDA's eh_parse plugin to read exception information.
- Passes codeview information over to IDA, allowing it to prompt for & load PDBs without warnings/errors.
- Patched bytes can be written back to input file via IDA
Apply patches to inputoption (works for all XBEs, XEX must be both uncompressed & decrypted usingxextool -eu -cu input.xexfirst) - XBE: adds kernel imports to IDA imports view
- XBE: tries naming SDK library functions using XbSymbolDatabase & data from XTLID section
Builds for IDA 9 are available in the releases section.
To install the loader just extract the contents of the folder for your IDA version into IDA's install folder (eg. C:\Program Files\IDA Professional 9.0)
I recommend pairing this loader with the PPCAltivec plugin, an updated version for IDA 7 is available at hayleyxyz's repo here: https://github.com/hayleyxyz/PPC-Altivec-IDA
Make sure to clone repo recursively for excrypt submodule to get pulled in.
This project requires the full IDA C++ SDK to build. A normal IDA installation is not enough on its own; it does not ship the SDK headers and ida.lib import library this loader needs.
Windows
- Set
IDASDKto the root of your full IDA SDK tree. - Run
scripts\Check-IdaEnv.ps1to confirm the SDK and install layout are usable. - Build
idaxex.slnwith Visual Studio ormsbuild.
Example:
$env:IDASDK = 'C:\idasdk91'
powershell -ExecutionPolicy Bypass -File .\scripts\Check-IdaEnv.ps1
msbuild .\idaxex.sln /p:Configuration=Release /p:Platform=x64The Visual Studio project still supports the historical layout where the repo lives under idasdk\ldr\, but IDASDK is now the preferred path because it makes the checkout portable.
Linux
- Setup ida-cmake in your IDA SDK folder
- Make sure
IDASDKpoints to your IDA SDK folder - Clone idaxex repo
- Run
cmake . -DEA64=YESinside idaxex folder - Run
make - To build xex1tool run cmake/make inside the xex1tool folder
On newest IDA you may need to edit ida-cmake common.cmake and change libida64.so to libida.so for build to link properly.
To sanity-check loader startup against an installed copy of IDA in batch mode:
powershell -ExecutionPolicy Bypass -File .\scripts\Test-IdaLoader.ps1 `
-IdaExe 'C:\Program Files\IDA Professional 9.1\idat.exe' `
-InputFile 'C:\path\to\sample.xex'That smoke test is intended to verify loader startup and processor/file-type detection. It does not replace a full SDK build.
Based on work by the Xenia project, XEX2.bt by Anthony, xextool 0.1 by xor37h, Xex Loader & x360_imports.idc by xorloser, xkelib, and probably many others I forgot to name.
Thanks to everyone involved in the Xbox 360 modding/reverse-engineering community!
XTLID parsing supported thanks to the XboxDev/xtlid project.
Also included is an attempt at recreating xorloser's XexTool, for working with older pre-XEX2 executables.
(The name is only to differentiate it from the original XexTool - it'll still support XEX2 files fine)
So far it can print info about the various XEX headers via -l, and extract the basefile (PE/XUIZ) from inside the XEX.
For XEX files that are both decrypted & decompressed xex1tool can also convert a VA address to a file offset for you, making file patching a little easier.
Support for other XexTool features may slowly be added over time (of course any help is appreciated!)