Xbox360 XEX Loaders v1.1 for IDA v5.2



:: Overview and Install

Have you ever wanted to be able to load an Xbox360 XEX file in IDA?
Well now you can! :D
Just follow the install instructions below.




:: Install

1) Copy "xex.ldw" and "xex64.l64" into your "ida\loaders" dir.
2) Copy "x360_imports.idc" into your "ida\idc" dir.
3) Open "ida\cfg\idagui.cfg", search for "// consoles" and below it add:
   EXE_X360,    "Xbox360 Executables",                        "*.xex"
   
   Then search for "DEFAULT_FILE_FILTER" and add "EXE_X360" to it just
   before "EXE_XBOX".

NOTE: IDA has a bug where there are too many file extensions for the string
size it uses to store the extensions in when searching. This causes files
with extensions later in the alphabet (such as xex and xbe) to not be included
in the normal search string. The only way to get around this is to comment out
other listed extensions in the above file that you don't use. For example I
commented out all the entries for "Mac" (such as "EXE_MACOSX"), as well as 
all the entries for "various OS's" and "embedded".




:: Loading an XEX File

Once the loaders have been "installed" you can load an XEX file just as you
would any other file in IDA; you can drag and drop it onto IDA or choose "Open"
from the "File" menu.

If you tick the "Load Resources" checkbox on the IDA "Load a new file" dialog
it will load the XEX resources into the disassembler. This option is off by
default and isn't really needed since resources are data and are accessed
by way of a resource name rather than their address.




:: Notes

* The loaders have been compiled with the IDA v5.2 SDK and so should be used
  with that version of IDA.

* Currently the loaders use the IDC file "x360_imports.idc" to determine
  the names of imported and exported function names as well as syscall names.
  This is the same file that is used with xextool and should be stored in your
  "ida\idc" dir for usage by both xextool and these loaders.

* The usage of the above mentioned IDC files to return name strings apparently
  causes all returned name strings to not be freed. The IDA SDK informs you
  of this, and there doesn't seem to be any way around this that I can see.
  (Anyone got any tips on how this might be fixed or any workarounds?)
  So until I update the import/export/syscall name generation this memleak
  will continue to exist. This "leaked" memory should be freed once you exit
  from IDA.




www.xorloser.com