Want to Join Us ?

you'll be able to discuss, share and send private messages.

Release HexRaysCodeXplorer v1.6 released! By Rehints

Discussion in 'Plugins' started by storm shadow, May 2, 2015.

Share This Page

  1. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    From the always awsome Rehints

    HexRaysCodeXplorer v1.6 released! New features and support for IDA 64-bit

    Today we are releasing an updated version 1.6 of HexRaysCodeXplorer. The new version of the plugin supports latest versions of IDA v6.8 and Hex-rays Decompiler v2.2. In this update we also provide support for IDA versions for 64-bit.
    About 2 weeks ago new versions of IDA and Hex-rays Decompiler have been released. Along with certain improvements and bug fixes the update brought some changes into the SDK what rendered HexRaysCodeXplorer uncompilable. As a result we have updated source code of the plugin to address the SDK modifications.
    64-bit version

    Now the new version of CodeXplorer plugin can be used with IDA 64-bit. In order to compile the plugin for working with 64-bit binaries you need to choose either Debug x64 or Release x64 in configuration manager in MS Visual Studio. The Platform field should be set to Win32 since IDA 64-bit is, in fact, a 32-bit application. The 64-bit version of the plugin will get .p64 extension (32-bit version has .plw extension)
    [​IMG]
    Once built the plugin should be copied into plugins subdirectory of IDA Pro installation directory and it’s ready to be used.
    New feature in ObjectExplorer: XREFS for virtual tables

    From version 1.6 CodeXplorer starts displaying cross-references to virtual tables in ObjectExplorer window. It is useful for direct navigation into IDA-View window to code where VTBL methods is called.
    [​IMG]
    NorthSec 2015 is coming

    [​IMG]
    And there are almost three weeks left before beginning of the security conference NorthSec 2015 in Montréal, Canada where we will be giving a presentation titled Object Oriented Code RE with HexraysCodeXplorer. In this talk we will take an in-depth look at challenges related to reversing object-oriented code with respect to modern malware: implementation of polymorphism and class inheritance in MS Visual C++ compiler; C++ templates and so on.
    In the presentation we will demonstrate how HexRaysCodeXplorer can be employed in reverse engineering of complex threats created with object oriented programming languages.
    Currently, we are working on a new release of HexRaysCodeXplorer v1.7 [NSEC Edition] which we are planning to make publicly available for NorthSec 2015. We are always happy to get any feedback on the project. All features requests, comments or bugs can be submitted to issues tracker or support@rehints.com.


    Source
    http://rehints.com/2015-05-01-HexRaysCodeXplorer-v1.6-new-features.html

    Github
    https://github.com/REhints/HexRaysCodeXplorer/releases/tag/1.6
     
    Rip Cord and mrexodia like this.
  2. computerline

    Well-Known Member Ida Pro Expert

  3. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Rip Cord likes this.
  4. computerline

    Well-Known Member Ida Pro Expert

    @Storm: The crash could be fix by reformat the output in ObjectExplorer.cpp file, but I think the algorithm to find VTBL has problem, so it not work on x64 :(, maybe their will fix in the next version

    Code (Text):
           
    qstring tmp;
    // fix for x64 version
    tmp.cat_sprnt(_T(" 0x%I64X:  %s"), rtd, name);
    rtti_list.push_back(tmp);
     
     
    Rip Cord and storm shadow like this.
  5. computerline

    Well-Known Member Ida Pro Expert

  6. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Very nice :) ill try when i get home from work.
     
    computerline likes this.
  7. storm shadow

    Techbliss Owner Admin Ida Pro Expert Developer

    Hell yeah
    All working flawless now good work.
     
    computerline likes this.
Top