Xbox360 XEX Loaders v1.1 for IDA v5.2 :: Overview and Install Have you ever wanted to be able to load an Xbox360 XEX file in IDA? Well now you can! :D Just follow the install instructions below. :: Install 1) Copy "xex.ldw" and "xex64.l64" into your "ida\loaders" dir. 2) Copy "x360_imports.idc" into your "ida\idc" dir. 3) Open "ida\cfg\idagui.cfg", search for "// consoles" and below it add: EXE_X360, "Xbox360 Executables", "*.xex" Then search for "DEFAULT_FILE_FILTER" and add "EXE_X360" to it just before "EXE_XBOX". NOTE: IDA has a bug where there are too many file extensions for the string size it uses to store the extensions in when searching. This causes files with extensions later in the alphabet (such as xex and xbe) to not be included in the normal search string. The only way to get around this is to comment out other listed extensions in the above file that you don't use. For example I commented out all the entries for "Mac" (such as "EXE_MACOSX"), as well as all the entries for "various OS's" and "embedded". :: Loading an XEX File Once the loaders have been "installed" you can load an XEX file just as you would any other file in IDA; you can drag and drop it onto IDA or choose "Open" from the "File" menu. If you tick the "Load Resources" checkbox on the IDA "Load a new file" dialog it will load the XEX resources into the disassembler. This option is off by default and isn't really needed since resources are data and are accessed by way of a resource name rather than their address. :: Notes * The loaders have been compiled with the IDA v5.2 SDK and so should be used with that version of IDA. * Currently the loaders use the IDC file "x360_imports.idc" to determine the names of imported and exported function names as well as syscall names. This is the same file that is used with xextool and should be stored in your "ida\idc" dir for usage by both xextool and these loaders. * The usage of the above mentioned IDC files to return name strings apparently causes all returned name strings to not be freed. The IDA SDK informs you of this, and there doesn't seem to be any way around this that I can see. (Anyone got any tips on how this might be fixed or any workarounds?) So until I update the import/export/syscall name generation this memleak will continue to exist. This "leaked" memory should be freed once you exit from IDA. www.xorloser.com |