diff --git a/README.md b/README.md index bb68ccc..8f0c177 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ A tool for extracting and inspecting Xbox 360 XEX2 executable files, written in ### Inspect -Display XEX2 file information (headers, security info, etc.): +Display XEX2 file information (headers, security info, resolved imports, etc.): ```sh xex2tractor inspect @@ -51,6 +51,18 @@ Load Address: 0x82000000 Region: 0xFFFFFFFF [ALL REGIONS] Allowed Media Types: 0x00000004 [DVD_CD] ... + +=== Resolved Imports (398 total) === + +xam.xex (104 imports): + 0x82DAA7D8 Variable 0x0041 XamLoaderGetLaunchDataSize + 0x82DAA7E0 Thunk 0x0041 XamLoaderGetLaunchDataSize + ... + +xboxkrnl.exe (294 imports): + 0x82DAA600 Variable 0x0001 DbgBreakPoint + 0x82DAA608 Thunk 0x0001 DbgBreakPoint + ... ``` ### Extract @@ -63,6 +75,19 @@ xex2tractor extract [output.exe] If no output path is given, defaults to the input filename with `.exe` extension. +#### Import Resolution + +Pass `-r` / `--resolve-imports` to write Xenia-style thunk stubs and variable +slot values into the extracted PE image, making it suitable for further +static analysis with tools that understand resolved Xbox 360 imports: + +```sh +xex2tractor extract -r [output.exe] +``` + +Without `-r`, the extracted PE is byte-for-byte identical to the decrypted and +decompressed image as it appears in the XEX2 file. + #### Example ```sh @@ -70,12 +95,21 @@ $ xex2tractor extract default.xex default.exe Encryption: Normal (AES-128-CBC) Compression: Normal (LZX) Extracted PE image (9568256 bytes) -> default.exe + +$ xex2tractor extract -r default.xex resolved.exe +Encryption: Normal (AES-128-CBC) +Compression: Normal (LZX) +Resolved 398 imports (204 variables, 194 thunks) + xam.xex: 104 + xboxkrnl.exe: 294 +Extracted PE image (9568256 bytes) -> resolved.exe ``` Supports: - AES-128-CBC decryption (retail, devkit, and XEX1 master keys) - No compression, basic (zero-fill), and normal (LZX) decompression - PE header verification (MZ signature, PE signature, POWERPCBE machine type) +- Xenia-style import resolution (variable slots and thunk stubs) ## Building @@ -93,7 +127,8 @@ cargo test ## Documentation -See [doc/xex2_format.md](doc/xex2_format.md) for the XEX2 file format specification. +- [doc/xex2_format.md](doc/xex2_format.md) — XEX2 file format specification +- [doc/xbox360_exports.json](doc/xbox360_exports.json) — Xbox 360 system export database (2,913 exports across xboxkrnl.exe, xam.xex, xbdm.xex) ## License