GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → patois → xray

patois / xray

Licence: other
Hexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions

Programming Languages

python
139335 projects - #7 most used programming language

Labels

pluginfilterdecompilerregular-expressionidahighlightida-promalware-analysisidapythonbug-huntinghexrays

Projects that are alternatives of or similar to xray

Hrdevhelper
Context-sensitive HexRays decompiler plugin that visualizes the ctree of decompiled functions.
Stars: ✭ 193 (+98.97%)
Mutual labels:  decompiler, ida, ida-pro, idapython
Idarling
Collaborative Reverse Engineering plugin for IDA Pro & Hex-Rays
Stars: ✭ 588 (+506.19%)
Mutual labels:  ida, ida-pro, idapython
Ipyida
IPython console integration for IDA Pro
Stars: ✭ 358 (+269.07%)
Mutual labels:  ida, ida-pro, idapython
Hexraystoolbox
Hexrays Toolbox - Find code patterns within the Hexrays AST
Stars: ✭ 202 (+108.25%)
Mutual labels:  decompiler, ida-pro, idapython
idapython-cheatsheet
scripting IDA like a Pro
Stars: ✭ 13 (-86.6%)
Mutual labels:  ida, ida-pro, idapython
Idawasm
IDA Pro loader and processor modules for WebAssembly
Stars: ✭ 264 (+172.16%)
Mutual labels:  ida, ida-pro, idapython
Mrspicky
MrsPicky - An IDAPython decompiler script that helps auditing calls to the memcpy() and memmove() functions.
Stars: ✭ 86 (-11.34%)
Mutual labels:  decompiler, ida-pro, idapython
Necromancer
IDA Pro V850 Processor Module Extension
Stars: ✭ 21 (-78.35%)
Mutual labels:  ida, ida-pro, idapython
Flare Ida
IDA Pro utilities from FLARE team
Stars: ✭ 1,374 (+1316.49%)
Mutual labels:  ida, ida-pro, idapython
Amie
A Minimalist Instruction Extender for the ARM architecture and IDA Pro
Stars: ✭ 136 (+40.21%)
Mutual labels:  ida, ida-pro, idapython
Idangr
Use angr in the IDA Pro debugger generating a state from the current debug session
Stars: ✭ 214 (+120.62%)
Mutual labels:  ida, ida-pro, idapython
obfDetect
IDA plugin to pinpoint obfuscated code
Stars: ✭ 99 (+2.06%)
Mutual labels:  ida, ida-pro, idapython
Hyara
Yara rule making tool (IDA Pro & Binary Ninja & Cutter Plugin)
Stars: ✭ 142 (+46.39%)
Mutual labels:  ida, ida-pro, idapython
Mazewalker
Toolkit for enriching and speeding up static malware analysis
Stars: ✭ 132 (+36.08%)
Mutual labels:  ida-pro, malware-analysis, idapython
ida migrator
IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums.
Stars: ✭ 65 (-32.99%)
Mutual labels:  ida, ida-pro, idapython
Ida For Delphi
IDA Python Script to Get All function names from Event Constructor (VCL)
Stars: ✭ 92 (-5.15%)
Mutual labels:  ida, ida-pro, idapython
Dsync
IDAPython plugin that synchronizes disassembler and decompiler views
Stars: ✭ 399 (+311.34%)
Mutual labels:  decompiler, ida, highlight
Hexrays scripts
Various scripts for the Hexrays decompiler (kloppy, shuffle, arachno, IDA coffee, screenrecorder, ricky)
Stars: ✭ 50 (-48.45%)
Mutual labels:  decompiler, ida-pro, idapython
Rebel Framework
Advanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (+88.66%)
Mutual labels:  decompiler, malware-analysis
Abyss
abyss - IDAPython Plugin for Postprocessing of Hexrays Decompiler Output
Stars: ✭ 161 (+65.98%)
Mutual labels:  decompiler, idapython
View All Similar Projects ➔

xray - Filter Hex-Rays Decompiler Output

xray is a plugin for the Hexrays decompiler that both filters and colorizes the textual representation of the decompiler's output based on configurable regular expressions.

This helps highlighting interesting code patterns which can be useful in malware analysis and vulnerability identification.

xray animated gif

Installation/Updating:

xray installs or updates itself as a plugin by loading it as a script using the "File->Script file..." (Alt-F7) menu item within IDA.

Running the plugin for the first time creates a default configuration file "xray.cfg" within the folder "%APPDATA%/Hex-Rays/IDA Pro/plugins/", which can and should then be customized by the user.

While still under development, updating from a previous installation of the plugin may introduce changes to the configuration file which may cause incompatibility. If this is the case, the current configuration file should be ported to the new format or deleted.

xray requires IDA 7.2+ (with some effort it may be backported to 7.0).

This IDAPython project is compatible with Python3. For compatibility with older versions of IDA, you may want to check out the Python2 branch of this project.

Usage:

The plugin offers two distinct filtering/highlighting features:

  • "xray", a persistent, configurable regular expression parser that applies color filters to the output of the Hexrays decompiler. This filter can be turned on and off using a keyboard shortcut as described in the next section.

    Persistent filtering attempts to match regular expressions taken from the plugin's configuration file against each of the decompiler's text lines. Successful matches will cause the background color of a matching text line to be changed accordingly. Optionally, changing the "high_contrast" setting to "1" in the configuration file will cause a visual "xray" effect.

    For more settings and details, please refer to the comments in the configuration file.

  • a dynamic filter that filters/highlights Hexrays output. This filter works similar to how the built-in filters for IDA "choosers" work. Possible "filter types" are "Regex" and "ASCII". Additional "filter options" determine how the filters are applied to respective Hexrays output:

    • "Text" removes any lines from the decompiler's output that a specified search term could not be matched against.
    • "Color" does not remove non-matching lines but only their respective color tags instead. This will cause matching text to be highlighted visually.

Popup Menus/Keyboard shortcuts:

  • F3: Toggle xray
  • Ctrl-R: Reload xray configuration file and apply changes (edit and reload the configuration file on-the-fly)
  • Ctrl-F: Find ascii string/regular expression and apply filters based on Filter type and options. "Text": removes any non-matching lines from the outpout "Color": removes colors from non-matching lines

xray3 animated gif

Contact:

Twitter: https://twitter.com/pat0is

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].