Skip to content
master
Switch branches/tags
1 branch 14 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
HexSuite @ 2f92fe5
 
 
.gitignore
 
 
.gitmodules
 
 
LICENSE
 
 
NtRays.sln
 
 
NtRays.vcxproj
 
 
NtRays.vcxproj.filters
 
 
NtRays.vcxproj.user
 
 
README.md
 
 
plugin.cpp
 
 
NtRays Features Installation License

README.md

NtRays

NtRays is a Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Features

  • Cleanup of instrumentation and scheduler hinting code.

  • Lifting of multiple missing instructions.

  • Lifting of TrapFrame accesses and interrupt/syscall returns.

  • Inference of KUSER_SHARED_DATA segments.

  • Lifting of dynamic relocations for page tables and PFN database with LA57 support.

  • RSB flush lifting in ISRs.

  • Replacement of KTHREAD/KPROCESS with ETHREAD/EPROCESS in user types, local variables and arguments.

Installation

Simply drop the NtRays64.dll into the plugins folder. Note: IDA 7.6+ is required.

License

NtRays is licensed under BSD-3-Clause License.

About

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Topics

windows-kernel hex-rays-decompiler hex-rays ntoskrnl

Resources

Readme

License

BSD-3-Clause License

Stars

264 stars

Watchers

13 watching

Forks

32 forks

Releases 13

v1.67 Latest
Dec 2, 2021
+ 12 releases

Packages

No packages published

Languages