Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

HexRaysCodeXplorer (Recompiled for IDA Pro) 2.1

bluedevil

By bluedevil

The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm ...

Features:

  • Automatic type REconstruction for C++ objects. To be able to reconstruct a type using HexRaysCodeXplorer one needs to select the variable holding pointer to the instance of position independed code or to an object and by right-button mouse click select from the context menu «REconstruct Type» option.
  • Virtual function table identification - automatically identifies references to virtual function tables during type reconstruction. When a reference to a virtual function table is identified the plugin generates a corresponding C-structure. As shown below during reconstructing struct_local_data_storage two virtual function tables were identified and, as a result, two corresponding structures were generated: struct_local_data_storage_VTABLE_0 and struct_local_data_storage_VTABLE_4.
  • C-tree graph visualization – a special tree-like structure representing a decompiled routine in citem_t terms (hexrays.hpp). Useful feature for understanding how the decompiler works. The highlighted graph node corresponds to the current cursor position in the HexRays Pseudocode window
  • Ctree Item View – show ctree representation for highlighted element
  • Extract Types to File – dump all types information (include reconstructed types) into file.
  • Navigation through virtual function calls in HexRays Pseudocode window. After representing C++ objects by C-structures this feature make possible navigation by mouse clicking to the virtual function calls as structure fields
  • Jump to Disasm - small feature for navigate to assembly code into "IDA View window" from current Pseudocode line position. It is help to find a place in assembly code associated with decompiled line.
  • Object Explorer – useful interface for navigation through virtual tables (VTBL) structures. Object Explorer outputs VTBL information into IDA custom view window. The output window is shown by choosing «Object Explorer» option in right-button mouse click context menu
  • Support auto parsing RTTI objects

This plugin is recompiled by disauto

UPDATE 29.10.2024

Recompiled for IDA Pro v9.0 Windows x86_64

hexrayscodexplorer-rightclickmenu.jpg

Edited by bluedevil
New upload

What's New in Version 2.1

See changelog

Released

No changelog available for this version.

  • Like 2
  • Thanks 2
Previous File Abyss
Next File ifred - IDA command palette

User Feedback

Recommended Comments

jackyjask

jackyjask

Full Member+

will it work with IDA 8.4?

bluedevil

bluedevil

Full Member

(edited)

2 hours ago, jackyjask said:

will it work with IDA 8.4?

EDIT: Hello @jackyjask, now when you click on download you can select both v8.3 and v8.4. Enjoy!

Edited by bluedevil

    • Like 1
    Teddy Rogers

    Teddy Rogers

    Administrator

    @bluedevil I have attached 8.4 release here. You can have multiple files/ versions available under the one download...

    Ted.

    • Thanks 1
    bluedevil

    bluedevil

    Full Member

    Thank you @Teddy Rogers

    I wasn't sure where to place different versions, that's  why I made separate posts. Thanks for tidying up!

    • Like 1
    Caint Maicon

    Caint Maicon

    Junior

    Downloading the files I cant open them, it always returns checksum error.

    • Like 1
    Stuttered

    Stuttered

    Full Member

    16 hours ago, Caint Maicon said:

    Downloading the files I cant open them, it always returns checksum error.

    Try using the PW include in the archive name.

    • Like 1
    Caint Maicon

    Caint Maicon

    Junior

    On 1/25/2025 at 5:33 PM, Stuttered said:

    Try using the PW include in the archive name.

    I did :( I dont even get as far as to try to exctract it. 

    • Like 1
    jackyjask

    jackyjask

    Full Member+

    The pass is after "=" and before "."

    image.png.fd6ddd12b726a285b42a244e619ec2b0.png

    Shub-Nigurrath

    Shub-Nigurrath

    Full Member

    I'm trying to use the newly compiled version on the IDA 9.0 leaked beta, and it crashes everything. Does anyone have a hint?

    • Like 1
    jackyjask

    jackyjask

    Full Member+

    @Shub-Nigurrath  I just tried IDA9.1 GA + plugin (debug build) and seems to work well

    for some reason release build crashes...

     

     

    • Like 1
    Shub-Nigurrath

    Shub-Nigurrath

    Full Member

    btw last leaked IDA I have is 90 beta .. is there something else around? just asking ..

    • Like 1
    jackyjask

    jackyjask

    Full Member+

    (edited)

    YES! 

    9.1 GA  (find it here as a torr)

    90beta is buggy

    Edited by jackyjask

    • Like 1
    • Thanks 1

    Create an account or sign in to comment

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.