patois/xray patois/xray

  • Stars
    star
    114
  • Rank 306,284 (Top 7 %)
  • Language
    Python
  • License
    Other
  • Created over 5 years ago
  • Updated 10 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
patois/xray
github

patois

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Hexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions

xray - Filter Hex-Rays Decompiler Output

xray is a plugin for the Hexrays decompiler that both filters and colorizes the textual representation of the decompiler's output based on configurable regular expressions.

This helps highlighting interesting code patterns which can be useful in malware analysis and vulnerability identification.

xray animated gif

Installation/Updating:

xray installs or updates itself as a plugin by loading it as a script using the "File->Script file..." (Alt-F7) menu item within IDA.

Running the plugin for the first time creates a default configuration file "xray.cfg" within the folder "%APPDATA%/Hex-Rays/IDA Pro/plugins/", which can and should then be customized by the user.

While still under development, updating from a previous installation of the plugin may introduce changes to the configuration file which may cause incompatibility. If this is the case, the current configuration file should be ported to the new format or deleted.

xray requires IDA 7.2+ (with some effort it may be backported to 7.0).

This IDAPython project is compatible with Python3. For compatibility with older versions of IDA, you may want to check out the Python2 branch of this project.

Usage:

The plugin offers two distinct filtering/highlighting features:

  • "xray", a persistent, configurable regular expression parser that applies color filters to the output of the Hexrays decompiler. This filter can be turned on and off using a keyboard shortcut as described in the next section.

    Persistent filtering attempts to match regular expressions taken from the plugin's configuration file against each of the decompiler's text lines. Successful matches will cause the background color of a matching text line to be changed accordingly. Optionally, changing the "high_contrast" setting to "1" in the configuration file will cause a visual "xray" effect.

    For more settings and details, please refer to the comments in the configuration file.

  • a dynamic filter that filters/highlights Hexrays output. This filter works similar to how the built-in filters for IDA "choosers" work. Possible "filter types" are "Regex" and "ASCII". Additional "filter options" determine how the filters are applied to respective Hexrays output:

    • "Text" removes any lines from the decompiler's output that a specified search term could not be matched against.
    • "Color" does not remove non-matching lines but only their respective color tags instead. This will cause matching text to be highlighted visually.

Popup Menus/Keyboard shortcuts:

  • F3: Toggle xray
  • Ctrl-R: Reload xray configuration file and apply changes (edit and reload the configuration file on-the-fly)
  • Ctrl-F: Find ascii string/regular expression and apply filters based on Filter type and options. "Text": removes any non-matching lines from the outpout "Color": removes colors from non-matching lines

xray3 animated gif

More Repositories

1

dsync

IDAPython plugin that synchronizes disassembler and decompiler views
Python
438
star
2

HexraysToolbox

Hexrays Toolbox - Find code patterns within the Hexrays ctree
Python
422
star
3

HRDevHelper

HexRays ctree visualization plugin
Python
349
star
4

abyss

abyss - augmentation of Hexrays decompiler output
Python
315
star
5

IDACyber

Data Visualization Plugin for IDA Pro
Python
285
star
6

genmc

Display Hex-Rays Microcode
Python
220
star
7

IDAPyHelper

IDAPyHelper is a script for the Interactive Disassembler that helps writing IDAPython scripts and plugins.
Python
163
star
8

mrspicky

MrsPicky - An IDAPython decompiler script that helps auditing memcpy() and memmove() calls
Python
108
star
9

RETracker

Reverse Engineering Framework for the Polyend Tracker
Python
93
star
10

FuncScanner

Collects extended function properties from IDA Pro databases
Python
91
star
11

hexrays_scripts

Various scripts for the Hexrays decompiler
Python
87
star
12

DrGadget

dr.rer.oec.gadget IDAPython plugin for the Interactive Disassembler <ABANDONED PROJECT>
Python
62
star
13

nesldr

Nintendo Entertainment System (NES) ROM loader module for IDA Pro (for IDA 4.9)
C++
46
star
14

NDSLdr

Nintendo DS ROM loader module for IDA Pro
C++
34
star
15

NECromancer

IDA Pro V850 Processor Module Extension
Python
30
star
16

idaplugins

Old and probably outdated IDA plugins
C++
24
star
17

NTRDisasm

Annotated disassembly of the NTR 2.x custom firmware for the Nintendo N3DS
Assembly
24
star
18

BFS2019

Bluefrost Exploitation Challenge 2019 - Exploit and Writeup
Assembly
21
star
19

zohocorp_dc

Zoho ManageEngine Desktop Central CVEs
Python
15
star
20

winmagic_sd

Technical Write-Up on and PoC Exploit for CVE-2020-11519 and CVE-2020-11520
Python
13
star
21

iOS-stuff

tools, hacks and stuff for iOS (this is old stuff based on an old iOS version and wasn't tested for functioning on recent iOS devices)
Python
13
star
22

MadNES

IDA plugin to export symbols and names from IDA db so they can be loaded into FCEUXD SP
C++
12
star
23

ida_vs2017

IDA 7.x VisualStudio 2017 Sample Project for IDA and HexRays plugins (works with Community Edition)
C++
11
star
24

bankswitch

IDA Pro plugin module for NES ROMs, simulates bank switching/paging
C++
10
star
25

A5Pack

Firmware Utility for ASM Hydrasynth Synthesizers
Python
8
star
26

NESTrainers

NES Game Hacking examples (adding cheating functionality/trainers)
Assembly
8
star
27

tools

various tools
Python
8
star
28

vds5plugin

vds5plugin - vds5.py script taken from IDAPython and turned into a plugin
Python
6
star
29

3DSProjects

Nintendo 3DS Projects
C
5
star
30

CTFs

Write-ups and solutions for CTF challenges
Python
5
star
31

FEZ

FEZ tools and stuff
Python
3
star
32

nesdbg

Failed attempt in creating an IDA Pro debugger plugin for NES ROMs
C++
2
star
33

touchosc-templates

Templates / Layouts for the touchosc iOS app
2
star
34

FancyVote

My solution to the BFS Ekoparty Exploitation Challenge
Python
2
star