fabi/xex2tractor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
771d401fb14f4c7aa31b7ada18f658bd2e2cdb42
xex2tractor/README.md
MechaCat02 771d401fb1 docs: update README with inspect imports, extract -r flag, and export DB 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-29 19:26:03 +02:00

136 lines
3.3 KiB
Markdown
Raw Blame History

# xex2tractor
A tool for extracting and inspecting Xbox 360 XEX2 executable files, written in Rust.
## Usage
### Inspect
Display XEX2 file information (headers, security info, resolved imports, etc.):
```sh
xex2tractor inspect <file.xex>
```
#### Example Output
```
=== XEX2 Header ===
Magic: XEX2 (0x58455832)
Module Flags: 0x00000001 [TITLE]
Header Size: 0x00003000 (12288 bytes)
Reserved: 0x00000000
Security Offset: 0x00000090
Header Count: 15
=== Optional Headers (15 entries) ===
[ENTRY_POINT] 0x824AB748
[IMAGE_BASE_ADDRESS] 0x82000000
[DEFAULT_STACK_SIZE] 0x00080000 (524288 bytes)
[SYSTEM_FLAGS] 0x00000400 [PAL50_INCOMPATIBLE]
[EXECUTION_INFO]
Media ID: 0x2D2E2EEB
Title ID: 0x535107D4
Version: 0.0.0.2
...
[FILE_FORMAT_INFO]
Encryption: Normal (AES-128-CBC)
Compression: Normal (LZX)
Window Size: 0x8000 (32 KB)
...
=== Security Info ===
Header Size: 0x00000F34 (3892 bytes)
Image Size: 0x00920000 (9568256 bytes)
RSA Signature: 2C94EBE6...11A6E8AA (256 bytes)
Image Flags: 0x00000008 [XGD2_MEDIA_ONLY]
Load Address: 0x82000000
Region: 0xFFFFFFFF [ALL REGIONS]
Allowed Media Types: 0x00000004 [DVD_CD]
...
=== Resolved Imports (398 total) ===
xam.xex (104 imports):
0x82DAA7D8 Variable 0x0041 XamLoaderGetLaunchDataSize
0x82DAA7E0 Thunk 0x0041 XamLoaderGetLaunchDataSize
...
xboxkrnl.exe (294 imports):
0x82DAA600 Variable 0x0001 DbgBreakPoint
0x82DAA608 Thunk 0x0001 DbgBreakPoint
...
```
### Extract
Extract the decrypted and decompressed PE image from a XEX2 file:
```sh
xex2tractor extract <file.xex> [output.exe]
```
If no output path is given, defaults to the input filename with `.exe` extension.
#### Import Resolution
Pass `-r` / `--resolve-imports` to write Xenia-style thunk stubs and variable
slot values into the extracted PE image, making it suitable for further
static analysis with tools that understand resolved Xbox 360 imports:
```sh
xex2tractor extract -r <file.xex> [output.exe]
```
Without `-r`, the extracted PE is byte-for-byte identical to the decrypted and
decompressed image as it appears in the XEX2 file.
#### Example
```sh
$ xex2tractor extract default.xex default.exe
Encryption: Normal (AES-128-CBC)
Compression: Normal (LZX)
Extracted PE image (9568256 bytes) -> default.exe
$ xex2tractor extract -r default.xex resolved.exe
Encryption: Normal (AES-128-CBC)
Compression: Normal (LZX)
Resolved 398 imports (204 variables, 194 thunks)
xam.xex: 104
xboxkrnl.exe: 294
Extracted PE image (9568256 bytes) -> resolved.exe
```
Supports:
- AES-128-CBC decryption (retail, devkit, and XEX1 master keys)
- No compression, basic (zero-fill), and normal (LZX) decompression
- PE header verification (MZ signature, PE signature, POWERPCBE machine type)
- Xenia-style import resolution (variable slots and thunk stubs)
## Building
```sh
cargo build --release
```
## Testing
Place a sample XEX2 file at `tests/data/default.xex`, then run:
```sh
cargo test
```
## Documentation
- [doc/xex2_format.md](doc/xex2_format.md) — XEX2 file format specification
- [doc/xbox360_exports.json](doc/xbox360_exports.json) — Xbox 360 system export database (2,913 exports across xboxkrnl.exe, xam.xex, xbdm.xex)
## License
This project is licensed under the MIT License. See [LICENSE](LICENSE) for details.
Reference in New Issue View Git Blame Copy Permalink