Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/patois/xray
Hexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions
https://github.com/patois/xray
bug-hunting decompiler filter hexrays highlight ida ida-pro idapython malware-analysis plugin regular-expression
Last synced: 3 months ago
JSON representation
Hexrays decompiler plugin that colorizes and filters the decompiler's output based on regular expressions
- Host: GitHub
- URL: https://github.com/patois/xray
- Owner: patois
- License: other
- Created: 2019-06-21T16:18:10.000Z (about 5 years ago)
- Default Branch: master
- Last Pushed: 2023-12-08T16:20:53.000Z (7 months ago)
- Last Synced: 2024-01-22T15:26:14.837Z (5 months ago)
- Topics: bug-hunting, decompiler, filter, hexrays, highlight, ida, ida-pro, idapython, malware-analysis, plugin, regular-expression
- Language: Python
- Homepage:
- Size: 2.49 MB
- Stars: 110
- Watchers: 5
- Forks: 10
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-ida-x64-olly-plugin - xray
- awesome-ida - **47**星
- awesome-ida-x64-olly-plugin - xray
README
# xray - Filter Hex-Rays Decompiler Output
xray is a plugin for the Hexrays decompiler that both filters and
colorizes the textual representation of the decompiler's output based
on configurable regular expressions.
This helps highlighting interesting code patterns which can be
useful in malware analysis and vulnerability identification.
## Installation/Updating:
xray installs or updates itself as a plugin by loading it as a
script using the "File->Script file..." (Alt-F7) menu item within IDA.
Running the plugin for the first time creates a default
configuration file "xray.cfg" within the folder
"%APPDATA%/Hex-Rays/IDA Pro/plugins/", which can and should then be
customized by the user.
While still under development, updating from a previous installation
of the plugin may introduce changes to the configuration file which may
cause incompatibility. If this is the case, the current configuration
file should be ported to the new format or deleted.
xray requires IDA 7.2+ (with some effort it may be backported to 7.0).
This IDAPython project is compatible with Python3. For compatibility with older versions of IDA, you may want to check out the Python2 branch of this project.
## Usage:
The plugin offers two distinct filtering/highlighting features:
* "xray", a persistent, configurable regular expression parser that
applies color filters to the output of the Hexrays decompiler.
This filter can be turned on and off using a keyboard shortcut as
described in the next section.
Persistent filtering attempts to match regular expressions taken
from the plugin's configuration file against each of the decompiler's
text lines. Successful matches will cause the background
color of a matching text line to be changed accordingly.
Optionally, changing the "high_contrast" setting to "1" in the
configuration file will cause a visual "xray" effect.
For more settings and details, please refer to the comments in the
configuration file.
* a dynamic filter that filters/highlights Hexrays output. This filter
works similar to how the built-in filters for IDA "choosers" work.
Possible "filter types" are "Regex" and "ASCII". Additional "filter
options" determine how the filters are applied to respective Hexrays
output:
* "Text" removes any lines from the decompiler's output that a
specified search term could not be matched against.
* "Color" does not remove non-matching lines but only their respective
color tags instead. This will cause matching text to be highlighted
visually.
## Popup Menus/Keyboard shortcuts:
* F3: Toggle xray
* Ctrl-R: Reload xray configuration file and apply changes
(edit and reload the configuration file on-the-fly)
* Ctrl-F: Find ascii string/regular expression and apply
filters based on Filter type and options.
"Text": removes any non-matching lines from the outpout
"Color": removes colors from non-matching lines
