Jump to content
Tuts 4 You

About This File

The Hex-Rays Decompiler plugin for better code navigation in RE process. CodeXplorer automates code REconstruction of C++ applications or modern malware like Stuxnet, Flame, Equation, Animal Farm ...

Features:

  • Automatic type REconstruction for C++ objects. To be able to reconstruct a type using HexRaysCodeXplorer one needs to select the variable holding pointer to the instance of position independed code or to an object and by right-button mouse click select from the context menu «REconstruct Type» option.
  • Virtual function table identification - automatically identifies references to virtual function tables during type reconstruction. When a reference to a virtual function table is identified the plugin generates a corresponding C-structure. As shown below during reconstructing struct_local_data_storage two virtual function tables were identified and, as a result, two corresponding structures were generated: struct_local_data_storage_VTABLE_0 and struct_local_data_storage_VTABLE_4.
  • C-tree graph visualization – a special tree-like structure representing a decompiled routine in citem_t terms (hexrays.hpp). Useful feature for understanding how the decompiler works. The highlighted graph node corresponds to the current cursor position in the HexRays Pseudocode window
  • Ctree Item View – show ctree representation for highlighted element
  • Extract Types to File – dump all types information (include reconstructed types) into file.
  • Navigation through virtual function calls in HexRays Pseudocode window. After representing C++ objects by C-structures this feature make possible navigation by mouse clicking to the virtual function calls as structure fields
  • Jump to Disasm - small feature for navigate to assembly code into "IDA View window" from current Pseudocode line position. It is help to find a place in assembly code associated with decompiled line.
  • Object Explorer – useful interface for navigation through virtual tables (VTBL) structures. Object Explorer outputs VTBL information into IDA custom view window. The output window is shown by choosing «Object Explorer» option in right-button mouse click context menu
  • Support auto parsing RTTI objects

This plugin is recompiled by disauto

UPDATE 29.10.2024

Recompiled for IDA Pro v9.0 Windows x86_64

hexrayscodexplorer-rightclickmenu.jpg

Edited by bluedevil
New upload

What's New in Version 2.1   See changelog

Released

No changelog available for this version.

  • Like 1
  • Thanks 1
 Share
Previous File Abyss
Next File ifred - IDA command palette

User Feedback

Recommended Comments

jackyjask

jackyjask 761

Posted

will it work with IDA 8.4?

bluedevil

bluedevil 61

Posted (edited)

2 hours ago, jackyjask said:

will it work with IDA 8.4?

EDIT: Hello @jackyjask, now when you click on download you can select both v8.3 and v8.4. Enjoy!

Edited by bluedevil
  • Like 1
Teddy Rogers

Teddy Rogers 2,235

Posted

@bluedevil I have attached 8.4 release here. You can have multiple files/ versions available under the one download...

Ted.

  • Thanks 1
bluedevil

bluedevil 61

Posted

Thank you @Teddy Rogers

I wasn't sure where to place different versions, that's  why I made separate posts. Thanks for tidying up!

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...