{"id":21289075,"url":"https://github.com/can1357/ntrays","last_synced_at":"2025-05-15T13:07:54.186Z","repository":{"id":46663147,"uuid":"433461303","full_name":"can1357/NtRays","owner":"can1357","description":"Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.","archived":false,"fork":false,"pushed_at":"2025-01-28T11:06:22.000Z","size":247,"stargazers_count":588,"open_issues_count":5,"forks_count":73,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-04-15T05:32:04.678Z","etag":null,"topics":["hex-rays","hex-rays-decompiler","ntoskrnl","windows-kernel"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/can1357.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-30T14:26:17.000Z","updated_at":"2025-04-13T19:44:35.000Z","dependencies_parsed_at":"2024-08-21T03:28:31.619Z","dependency_job_id":"4041febc-bfd5-4f6e-85a8-931d4802a174","html_url":"https://github.com/can1357/NtRays","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNtRays","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNtRays/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNtRays/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/can1357%2FNtRays/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/can1357","download_url":"https://codeload.github.com/can1357/NtRays/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254346624,"owners_count":22055808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hex-rays","hex-rays-decompiler","ntoskrnl","windows-kernel"],"created_at":"2024-11-21T12:34:10.238Z","updated_at":"2025-05-15T13:07:49.176Z","avatar_url":"https://github.com/can1357.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NtRays\nNtRays is a Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.\n\n## Features\n- Cleanup of instrumentation and scheduler hinting code.\n\n  ![](https://i.can.ac/zPTAq.png)\n\n- Lifting of multiple missing instructions.\n\n  ![](https://i.can.ac/BKL9G.png)\n  \n- Lifting of TrapFrame accesses and interrupt/syscall returns.\n\n  ![](https://i.can.ac/5h6wU.png)\n  \n- Inference of KUSER_SHARED_DATA segments.\n\n  ![](https://i.can.ac/SGIp2.png)\n  \n- Lifting of dynamic relocations for page tables and PFN database with LA57 support.\n\n  ![](https://i.can.ac/LxA48.png)\n  \n- RSB flush lifting in ISRs.\n\n  ![](https://i.can.ac/YW5AQ.png)\n  \n- Replacement of KTHREAD/KPROCESS with ETHREAD/EPROCESS in user types, local variables and arguments.\n\n- Lifting of SYSCALL instructions with the ability to select Nt* signatures.\n\n## How to compile\n\n### Windows with Visual Studio 2022\n\n```\nmkdir build\ncd build\ncmake -G \"Visual Studio 17 2022\" -A x64 .. -DIDA_SDK_DIR=idasdk90 -DHEXRAYS_SDK_DIR=C:\\Program Files\\IDA Professional 9.0\\plugins\\hexrays_sdk\ncmake --build . --config Release\n```\n\n### Linux\n```\nmkdir build\ncd build\ncmake .. -DCMAKE_BUILD_TYPE=Release -DIDA_SDK_DIR=idasdk90 -DHEXRAYS_SDK_DIR=/root/idapro-9.0/plugins/hexrays_sdk/\nmake\n```\n\n### macOS\n```\nmkdir build\ncd build\ncmake .. -DCMAKE_BUILD_TYPE=Release -DIDA_SDK_DIR=./idasdk90 -DHEXRAYS_SDK_DIR=./idasdk90\nmake\n```\n\n## Installation\nSimply drop the NtRays64.dll into the plugins folder.\nNote: IDA 7.6+ is required.\n\n## License\nNtRays is licensed under BSD-3-Clause License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcan1357%2Fntrays","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcan1357%2Fntrays","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcan1357%2Fntrays/lists"}