efiXplorer features
Features summary table
| Feature name | 32-bit | 64-bit |
|---|---|---|
| Boot Services | + | + |
| Runtime Services | + | + |
| SMM services | - | + |
| PEI Services | + | - |
| Protocols | + | + |
| GUIDS | + | + |
| Applying types for local variables | + | + |
| Vulnerabilities scanner | + | + |
| Report in JSON format | + | + |
| Loader | - | + |
| Dependency graph | - | + |
Identify available Boot Services automatically
Annotate Boot Services calls in assembly code automatically:
Identify available Runtime Services automatically
Annotate Runtime Services calls in assembly code automatically:
Identify available SMM services automatically
Annotate SMM Services calls in assembly code automatically:
Identify available PEI services automatically
Annotate PEI Services calls in assembly code automatically:
Identify available EFI Protocols automatically
Build the list of EFI Protocols firmware consumes and installs:
Identify known EFI GUIDs
Build the list of identified EFI GUIDs (including protocol names for known GUIDS):
Applying types for protocols interfaces
This feature works only in conjunction with a HexRays decompiler. If you don't have a HexRays decompiler, build efiXplorer without hexrays_sdk.
Vulnerabilities scanner
efiXplorer scans drivers for the following types of vulnerabilities:
- SMM callouts
- OOB Write via wrong
GetVariableusage (in PEI, DXE and SMM drivers)
At the end of the analysis, a chooser is displayed with the suspected vulnerabilities.
Report in JSON format
After analysis efiXplorer saves the report in JSON format.