NtRays is a Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
-
Cleanup of instrumentation and scheduler hinting code.
-
Lifting of dynamic relocations for page tables and PFN database with LA57 support.
-
RSB flush lifting in ISRs.
- ETHREAD/EPROCESS where KTHREAD/KPROCESS is used.
Simply drop the NtRays64.dll into the plugins folder. Note: IDA 7.4+ is required.
NtRays is licensed under BSD-3-Clause License.