XexTool v6.0 Update

I have been meaning to update this site for a while, and also to release updates for XexTool and the Xex Loader for IDA. So over the weekend I finally got around to doing so.

For those who don’t know, XexTool is a windows command line tool that gives info on every aspect of an Xbox360 xex file. It also extracts the file that the xex is based on (usually an exe file) and has the ability to alter most of the various flags and parameters set inside an xex file.

XexTool v6.0

The IDA loader for XEX files enables you to directly load an xex file into the IDA disassembler in order to look at what the internal code is doing. This is extremely useful for developers and reversers. If you don’t know what IDA is or what this loader does, then this tool isn’t for you. :)

Xex Loader for IDA v6.0

37 thoughts on “XexTool v6.0 Update

  1. Hi xorloser, i used your last xextools (6.0) but it was not able to remove (-r l option) library check from new default.xex files (i.e.: need for speed hot pursuit default.xex). In fact i checked file proprierties again and library need 12216 was always there (also the game return to dash when try to load….). Bye….

  2. Great tool xor. Do YOu Plan On Do Updates To The Self Tool So It could Be Use More Easily With IDA?

  3. frozen: I assume you are looking at the library versions in the xex by using the “-l” option. There are two types of libraries the statically linked, which are included fully within the xex, and the dynamically linked, which are external to the xex and are imported at load time. It is these imported libraries that the minimum version check is done on.

    Before patching if you look at the imported libraries you will see something like “0) xam.xex v2.0.12345.0 (min v2.0.4321.0)” and after patching you will see “0) xam.xex v2.0.12345.0 (min v2.0.0.0)”. This has patched the minimum library check value. The first value just tells what library was actually used, not what minimum version must be checked for.

    The reason minimum library checks are done is to ensure the library functions being imported actually exist and are the expencted implementation. If the function doesnt exist and the xex needs it to run, then just patching the version check will not help the fact that the function is missing!

  4. Great work, xorloser. Glad to see an update for this fine tool.
    One problem, though. When I use the plugins in IDA 5.5, it crashes midway through the loading process. Are these plugins only compatible with IDA 6.0?

  5. Do you refer to the Xex Loader for IDA?
    Or the IDC files generated by xextool for IDA?

    The Xex Loader was written using the IDA v6.0 SDK, so it is possible that it requires something specific to that version. What file are you trying to load in particular?

  6. Hello, I am referring to the Xex Loader for IDA. I am trying all xex files I have. Ones from the latest nand flash, games, etc.

  7. If its not too much hassle could you update x360gamehack?
    if not thank you for your time.

  8. ohu: All 3 files should be placed in the “ida\loaders” dir.

    Eaton: I tried using this build of the xex loaders with IDA v5.6 and it did not crash. This was the earliest version of IDA I still had installed, but i have my v5.5 installer files still, so I will install it to test when I get a chance and see if it crashes for me and if it is fixable.

  9. Hey loser. I’m getting the following error in ida from an idc after doing
    xextool -b default.exe -i default.idc default.xex method and Loaded as binary/ppc of course.

    Runtime error at SetupImportFunc+0x00000013: Attempt to call undefined function ‘DoNameGen’

    is that part of 6.0 sdk, DoNameGen seems seems custom.

    cheers

  10. (O_O)
    Finally,you updated it…
    Cannot wait to try it on those xexp files.
    Thank you very much!

  11. I had a few questions.

    This might be an xexloader/xextool related problem with creating segments or maybe not. I noticed that in xexs since 12611 when extracting segments that are xuiz or something, they’re wrong and don’t open in regular tools, when it did work at 9199. I’m not sure if it’s that the xuiz format changed and other tools need to be updated, but it seems like they’re getting cut short. Any ideas?

    Also, why do segments get created with just space 1 instead of putting the data from file to that segment?

    thanks

  12. loser: Try the latest dash, or even older ones, running ida 5.5(shouldn’t matter). This is using xextool with the produced idc after loading as binary with ppc set.

    Most of the segments are filled with .space 1 when I know they should be files. That’s problem 1. So I just dump the segments by hand with hex editor or using my segment dumper script, since 12611 those files, like say from dash, should be a valid .xuiz or whatever they are, but they don’t load in something like xextractor anymore. So the question is, did the xuiz format change, or are the segment sizes wrong/changed/obfuscated in the xex info now, it looks to me like the segment sizes are wrong because the files get cut off when looking at the hex of dumps, though the start offsets are correct.

  13. ah you are using the idc creation. tbh i havent used that in a long time, not since i made the direct ida loader for xex files. i’ll give it a test and see if i can replicate then fix the issue.

  14. Pingback: How to mod the Black Ops Xex - XboxMB - Xbox Message Boards

  15. Ya I like to use xextool to dump to base file because I usually go through the pe section table manually, sometimes things are hidden and also sometimes stuff that’s not in segments just doesn’t get created so it’s missed. The idc option also doesn’t make the code section code. Don’t worry about it if you’re busy though 😛

    thanks.

  16. stk50: i tried some recent files using idc and the sections look fine. are you sure you loaded the file in as binary and not a PE/exe file?

    the XUIZ sections that i looked at start with “XUIZ” still so it seems to me that would be correct. btw to dump XUIZ easily use the “dump resources” option (it is “-d”).

    i havent noticed anything “hidden” in the PE file. what sort of stuff do you refer to?

  17. i have updated the idc to produce the same result as the xex loaders for ida, i also added checks to ensure files were loaded as ppc binaries.

    i have also updated the xex loaders for ida to work on v5.5, it turned out to be a problem with setting default segment register values which isnt really important.

    i am going to wait another few days, maybe a week to see if any more bug reports come in, then i will release v6.1 of these tools. so if you have any bug reports now is the time to make them known.

  18. I always load as ppc/binary so I’m sure that wasn’t it. Did you try dumping any xuiz’s from a new file and see if it loads in any xuiz tools or extractors?

    The hidden thing I’m talking about is maybe because idc wasn’t working, but things like xb1 kernel in xefu or code chunk resources I could only find when going through manually.

    Another thing (sorry) after it asks “do you want to analyze this file as code” it doesn’t. Probably due to the .space 1 issue, but the ROM section is there. Not a big deal though.

    -stk

  19. Thanks a ton for fixing the loaders! Looking forward to finally being able to drag an xex over IDA and not get some error message. (-:

  20. Thank you for finally updating, I was wondering when you would do it! Almost lost hope, then I decided today to check your blog, and there it was! I’m gonna run it and then I’ll tell you what I think 😉

Leave a Reply

Your email address will not be published. Required fields are marked *