Antipyretics for children are prescribed by a pediatrician. But there are emergency situations for fever when the child needs to be given medicine immediately. Then the parents take responsibility and use antipyretic drugs. What is allowed to give to infants? How can you bring down the temperature in older children? What medicines are the safest?
A HEX editor is a program that can display information the way a computer "sees" it, but converting it to hexadecimal. Opening any file in such an application, the user will see a matrix consisting of columns and rows, the number of which depends on the size of the file in question. Therefore, if you change the byte values in the editor, the contents of the open document will also change.
A bit of theory
Any data is stored in the PC memory in the form of machine words, otherwise - bytes. Each includes 8 bits (binary digits that take on the value of either "0" or "1"). By mathematical calculations, you can understand that a number in the range from 0 to 255 can be written in one byte. If you convert 255 to hexadecimal, it will be converted to FF. That is, to display any machine word, it is very convenient to use the hexadecimal representation. Hence the name of the group of programs - hex editor.
Main elements of programs
In addition to the matrix described above, there may be other means in the interface of the presented group of applications:
- Line numbering. Usually located on the left side of the application. Shows the offset of the first byte of the string relative to the beginning of the file.
- At the top there is often a similar strip of numbers showing the byte offset of the relative left value in the line. By adding the values of the strings, you can get the number of each byte.
- The right area can display the same data as in the table, but in the form of user text).
McAfee FileInsight
This HEX editor is absolutely free. Works only in operating systems Windows family. The product has all the gentleman's set, such as viewing and editing a file. At the same time, the program has a pleasant and convenient interface.
But the standard features are the minimum for which FileInsight can be used. What is the maximum? You need to start with the ability to parse the structures of executable files. Is this not enough? Any selected fragment can be disassembled on the fly. One click - and incomprehensible numbers become a readable listing.
Among other things, this HEX editor provides many code processing algorithms to bypass the built-in protection by developers. First of all, you need to pay attention to the decoding of obfuscation methods such as add, xor, Base64, shift. The scripts that the application comes with break such crypto protection with ease. Most of the actions can be automated by writing simple scripts in JS or Python. Sometimes it is not required to create anything new, because the base of these is impressive.
Although FileInsight is considered one of the best tools for reverse engineering, the program also has a huge drawback - the inability to process files larger than 400 MB.
Hex Editor Neo
This HEX editor is distributed in two versions: free and advanced. A product with a freeware license is of high quality, but unremarkable. Of the features, you can highlight the wide settings of the interface and color schemes. The professional version provides more useful features that are especially relevant during analysis
For example, the user is provided with the ability to decode programs encrypted with common algorithms. In addition to this, there are functions that allow you to edit local resources (RAM, NTFS streams, hard drives). Process automation is implemented using VBS and JS scripts.
However, the most important feature of the program is the disassembler, which can work with x64, x86 and .NET files. Another feature not provided by competitors is the creation of a patch based on a comparison of two binary executables. Certainly impressive, but when compared to FileInsight, Neo still loses. However, NEO can handle large files.
Hiew
The Hiew HEX editor does not have a free version. A team from Russia is engaged in development. The product begins its history since the days of 16-bit applications for DOS and Windows 3.1. Hiew is often used by professionals dealing with computer and information security. The reasons are clear: the whole range of possibilities for editing and viewing executable binary Windows files, as well as compiled Linux programs (ELF).
Another notable feature to aid in reverse engineering is Hiew's built-in disassembler and assembler. Moreover, they work with both x86 and x86_64 applications, ARM instructions are also supported. The editor copes with large files without any difficulties, allows you to perform low-level changes to data on physical HDDs.
A large number of actions can be automated. To do this, programmers have built in the ability to create scripts, keyboard macros and API functions that are used to call internal procedures from external applications. But Hiew still did not reach the unconditional victory in the field of hexadecimal editors. Its interface is completely made in the style of DOS, and it is engaged in drawing windows (or the console, if we talk about Linux systems).
Good day to all.
For some reason, many people think that working with hex editors is the lot of professionals and novice users should not meddle with them. But, in my opinion, if you have at least basic PC skills and understand why you need a hex editor, then why not?!
With the help of a program of this kind, you can change any file, regardless of its type (many manuals and guides contain information on changing a particular file using a hex editor)! True, the user must have at least a basic understanding of the hexadecimal system (the data in the hex editor is presented in it). However, basic knowledge on it is given in computer science lessons at school, and probably many have heard and have an idea about it (therefore, I will not comment on it in this article). So, here are the best hex editors for beginners (in my humble opinion).
1) Free Hex Editor Neo
One of the simplest and most common editors for hex, decimal and binary files under Windows OS. The program allows you to open any type of files, make changes (the history of changes is saved), conveniently select and edit a file, debug and analyze.
It is also worth noting the very good level performance, coupled with low system requirements for the machine (for example, the program allows you to open and edit fairly large files, while other editors simply freeze and refuse to work).
Among other things, the program supports the Russian language, has a thoughtful and intuitive interface. Even a novice user will be able to understand and start working with the utility. In general, I recommend it to anyone who is starting their acquaintance with hex editors.
2) WinHex
This editor, unfortunately, is shareware, but it is one of the most versatile, it supports a bunch of different options and features (some of which are hard to find among competitors).
In the disk editor mode, it allows you to work with: HDD, floppy disks, flash drives, DVDs, ZIP disks, etc. Supports file systems: NTFS, FAT16, FAT32, CDFS.
I cannot fail to note convenient analysis tools: in addition to the main window, you can connect additional ones with various calculators, tools for searching and analyzing the file structure. In general, suitable for both beginners and experienced users. The program supports the Russian language ( select the following menu: Help / Setup / English ).
WinHex, in addition to its most common functions (which support similar programs), allows you to "clone" disks and delete information from them so that no one can ever recover it!
3) HxD Hex Editor
A free and fairly powerful binary editor. Supports all major encodings (ANSI, DOS/IBM-ASCII and EBCDIC), files of almost any size (by the way, the editor allows you to edit RAM in addition to files, directly write changes to the hard drive!).
You can also note a well-thought-out interface, a convenient and simple function for searching and replacing data, a stepped and multi-level system of backups and rollbacks.
After starting, the program consists of two windows: on the left is a hexadecimal code, and on the right is a text translation and the contents of the file.
Of the minuses, I would single out the lack of the Russian language. However, many functions will be clear even to those who have never learned English...
4) HexCmp
HexCmp - this small utility combines 2 programs at once: the first allows you to compare binary files with each other, and the second is a hex editor. This is a very valuable option when you need to find differences in different files, it helps to explore the different structure of a wide variety of file types.
By the way, places after comparison can be painted in a different color, depending on where everything matches and where the data is different. The comparison happens on the fly and is very fast. The program supports files whose size does not exceed 4 GB (which is enough for most tasks).
In addition to the usual comparison, you can compare in the text version (or even both at once!). The program is quite flexible, allows you to customize the color scheme, specify the shortcut buttons. If you configure the program in a proper way, then you can work with it without a mouse at all! In general, I recommend that all novice "checkers" of hex editors and file structures be familiarized.
5) Hex Workshop
Hex Workshop - simple and convenient editor binary files, which is distinguished primarily by its flexible settings and low system requirements. Thanks to this, it is possible to edit large enough files in it, which simply do not open or freeze in other editors.
The editor's arsenal has all the most necessary functions: editing, search and replace, copying, pasting, etc. The program can perform logical operations, conduct binary file comparison, view and generate various checksums of files, export data to popular formats: rtf and html .
The editor also has a converter between binary, binary and hexadecimal systems. In general, a good arsenal for a hex editor. Perhaps the only negative is that the program is shareware ...
good luck!
Social buttons.
After the end of the series of articles “Best pentester tools”, the editorial office received a lot of letters with a request to make a selection of hex editors. Of interest, of course, is not the ability to edit binary data, but additional features like automatic recognition of data structures and code disassembly. To make an overview, we found out the opinions of people who often have to tinker with such tools - virus analysts. And here's what they told us.
Any hex editor allows you to explore and modify a file at a low level, operating with bits and bytes. The contents of the file are presented in hexadecimal form. This is the basic functionality. However, some editors offer users much more, allowing them to figure out what is what in that incomprehensible set of characters that appears when a file is opened. To do this, ASCII and Unicode strings are automatically extracted, known patterns are searched, basic data structures are recognized, and much more. There are quite a few hex editors, but if we decide to consider them in the context of malware samples, it is easy to highlight some of them. Only a few are really useful for analyzing malicious code and examining infected documents (say, PDF).
McAfee FileInsight
FileInsight is a free hex editor for Windows from McAfee Labs. The product, of course, performs all the standard functionality associated with such software, offering a convenient interface for viewing and editing files in hexadecimal and text modes. But this is only a drop in the ocean, if you look at all its functionality. It's worth starting with the fact that FileInsight is able to parse the structure of executable binaries for Windows (PE files), as well as Microsoft Office OLE objects. Not only that, the user is offered a built-in x86 disassembler. It is enough to select the part of the file that you want to view as readable code, and FileInsight will show this fragment as a listing of assembler instructions. The disassembler is especially useful when looking for shellcode in malicious files. Other options that reversers will love is the ability to import structure declarations. To do this, the program just needs to specify a header file with declarations like:
struct ANIHeader(
DWORD cbSizeOf; // Num bytes in AniHeader
DWORD cFrames; // Number of unique Icons
DWORD cSteps; // Number of Blits
};
In this case, the program itself will parse such constructions. However, many intuitive algorithms for code processing are offered by default. First of all, we are talking about decoding many obfuscation methods (xor, add, shift, Base64, etc.) - built-in scripts click such cryptoprotection once or twice. Here it should be noted that the object of research does not have to be a binary, it can be an ordinary web page that causes suspicion. The program allows you to automate many actions using simple JavaScript scripts or Python modules, which have already been written a lot. Alas, with all the advantages, FileInsight also has a serious drawback, which is expressed in the inability to process large files. For example, if you try to feed the utility a file of 400-500 MB, the error “Failed to open document” crashes.
Hex Editor Neo
There are two versions of this hex editor from HDD Software - a simple free version and an advanced commercial version. The freeware version is a solid but unremarkable HEX editor that has a cool customizable interface with support for different color schemes. No more. But the professional version of Hex Editor Neo provides several useful options that can be extremely useful when analyzing binaries. For example, the user gets the ability to decode code encrypted using the most common algorithms. In addition, it becomes possible to view and edit local resources such as NTFS streams, local drives, process memory, and RAM. In the full version there is also support for a scripting language that allows you to automate many processes using scripts in VBScript and JavaScript. But the best part is that you have a built-in disassembler that works with x86, x64, and .NET binaries! Another feature is the fast creation of patches based on the comparison of two binaries. Sounds impressive, but is it better than FileInsight? Probably not. FileInsight looks more functional overall. On the other hand, any, even free version Hex Editor Neo works great even with very large files and allows you to search for ASCII and Unicode strings. The disassembler here is not limited to the x86 platform only, and the built-in resource editor is very convenient. There is something to think about.
FlexHex
FlexHex is a powerful commercial hex editor from Heaventools Software that includes many of the features available in Hex Editor Neo. The only thing that is not here is, perhaps, support for scripts. But this full-featured editor handles binaries, OLE files, physical disks, and alternative NTFS streams equally well. The latter is especially important because FlexHex allows you to edit data that other editors might not even see. In addition, you immediately feel the focus on working with large amounts of information: no matter how large the file is, navigation through it is carried out without any lags and brakes. For even more convenience, there is a system of convenient bookmarks. At the same time, FlexHex continuously keeps a history of all operations - you can undo any action by simply selecting it from the list of changes (undo-list is not limited)! FlexHex supports all the necessary operations with binary data, searching for ASCII and Unicode strings. If you need to process a structure with a previously known format, it will not be difficult to set its parameters using special tools. As a result, we get an excellent hex editor, but still much inferior to the same FileInsight. The only noteworthy option is the processing of OLE files, but there are problems here too. Several times when trying to open an infected OLE, the program crashed with the error "The docfile has been corrupted".
010 editor
010 Editor is a famous commercial product developed by SweetScape Software. If you compare it with the previous three tools, then it can do everything: it supports working with very large files, provides cool data manipulation capabilities, allows you to edit local resources, has a scripting system to automate routine actions (more than 140 different functions at your service). And 010 Editor has a zest, a unique feature. The editor makes everyone happy thanks to the ability to parse various file formats using its own template library (so-called Binary Templates). Here he has no equal. Many enthusiasts around the world work on templates, hammering various format and data structures. As a result, the process of navigating through various file formats becomes transparent and understandable. This also applies to the processing of Windows binaries (PE files), Windows shortcut files (LNK), Zip archives, Java class files, and much more. The whole charm of this feature was realized by many people when the well-known security specialist Didier Stevens created a template for parsing PDF files for 010 Editor. Together with other utilities, this greatly simplifies the analysis of infected PDF documents, which for the past six months have never ceased to amaze with the number of places where the reader can be used. We add here a cool binary comparison tool, a calculator with a C-like syntax, data conversion between ASCII, EBCDIC, Unicode formats, and we get a very attractive tool with unique features.
Hiew
Hiew, in terms of distribution method, is not much different from its colleagues - this is also a commercial product that was developed by our compatriot Evgeny Suslikov. With a long history, the program is much loved by many information security professionals. There are quite obvious reasons for this - powerful capabilities for examining and editing the structure and content of executable files for both Windows (PE) and binaries for Linux (ELF). Another very useful feature for reversing is the built-in x86-64 assembler and disassembler. The latter even supports ARM instructions. Needless to say, the editor perfectly digests large files and allows you to edit logical and physical drives. Many tasks are easily automated through a system of keyboard macros, scripts, and even an API for developing extensions (Hiew Extrenal Modules). But before you rush into battle, keep in mind that the Hiew interface is a DOS-like window, which is quite inconvenient to work with out of habit. But you can feel for yourself all the charm of the old school.
radar
Radare is a set of free utilities for the Unix platform that provide cool options for editing files in HEX mode. It includes the hex editor itself (radare) with the ability to open local and deleted files. The program analyzes executable files of various formats, both Linux (ELF) and Windows (PE). In addition to editing, Radare has a tool for comparing binary files (radiff) and a built-in assembler/disassembler. And personally, a tool for generating shellcodes (rasc) came in handy a couple of times. Any operations can be easily automated and customized using a scripting system. Of the minuses, again, we can note the lack of a GUI interface - all actions are carried out from command line, and it will be possible to fully work with the utilities only after reading the documentation. On the other hand, the site has visual screencasts that demonstrate both the main points and small secrets (like connecting a Python plugin).
So what to choose?
We have reviewed several powerful hex editors that include useful options for analyzing suspicious files. Of all the products, FileInsight stands out, which, for all its functionality (and it is really impressive), remains free. 010 Editor provides a large number of templates for processing a wide variety of files, including PDF documents. This is a mega-chip that should not be neglected. These are the two editors I use all the time; for the work of an analyst, perhaps, they are best suited. If we talk about working under the Unix platform, then, of course, we should not forget about Radare. The package offers very powerful features, although it is difficult to use due to the fact that it works from the command line. Hiew is also not very friendly, although its capabilities certainly allow you to perform a variety of operations with binaries. In addition, Hiew is the choice of a lot of real pros, and this is worth a lot (and means a lot). As for Hex Editor Neo, you should take it into service if you are interested in the ability to disassemble x86, x64 and .NET code.
Description: Hex Editor Neo Ultimate- the most powerful binary editor for experienced professionals who want the best and know the pleasure of working with only high-quality tools.
Hex Editor Neo Ultimate is a professional hex, decimal and binary editor for Windows. The program has the ability to select, view, edit, replace, debug and analyze data. Allows you to package in two clicks, manipulate your EXE, DLL, DAT, AVI, MP3, JPG files with unlimited undo and redo. Unlimited file change history with visualization and the ability to save the download.
Capabilities:
Unlimited undo feature.
Selection of various objects.
Save and load selected.
Search.
Search and replace.
Saving and loading history.
Creation of packages.
Operations with the clipboard.
Various operating modes.
Setting colors in samples.
Data Inspector.
Bookmarks.
Structure Viewer.
Statistics.
base converter.
Creation of scenarios.
""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""
Portable by PortableWares:
Version features:
▪ Treatment completed
▪ Portable version of the program that does not require installation.
____________________________
Attention!
If your antivirus in this distribution has found something suspicious in the uploaded file(s),
Send the file(s) for analysis to the anti-virus laboratory for virus analysts.
Also, you can report false antivirus positives.
Until the answer from the virus analysts nothing Do not write in this thread!
