HEX-editor. Description of the tool and overview of the most popular

HEX-editor called a program that can display information as it "sees" the computer, but by converting binary numbers to hexadecimal. Having opened any file in such an application, the user will see a matrix consisting of columns and rows, the number of which depends on the size of the file in question. Therefore, if you change the byte values in the editor, the contents of the open document will also change.

A bit of theory

Any data is stored in the PC's memory in the form of machine words, otherwise - bytes. Each includes 8 bits (binary bits that take the value either "0" or "1"). You can understand by mathematical calculations that a single byte can have a number in the range from 0 to 255. If you convert 255 to hexadecimal , it is converted to FF. That is, to display any computer word, it is very convenient to use the hexadecimal view. Hence the name of the group of programs is a hex editor.

Main Program Elements

In addition to the matrix described above, there may be other means in the interface of the presented application group:

• Numbering of lines. Usually located on the left side of the application. Displays the offset of the first byte of the string relative to the beginning of the file.
• On the top, there is often a similar number of digits showing the byte offset of the relative left value in the line. Adding the values of the lines, you can get the number of each byte.
• In the right area, you can display the same data as in the table, but in the form of text (the encoding is determined by the user).

McAfee FileInsight

This HEX-editor is completely free. Works only on Windows operating systems. The product has a whole gentleman's set, such as viewing and editing a file. The program has a pleasant and convenient interface.

But standard functions are the minimum for which FileInsight can be used. What is the maximum? You need to start with the possibility of parsing the structures of executable files. Is not that enough? Any selected fragment can be disassembled on the fly. One click - and incomprehensible numbers become a readable listing.

Among other things, this HEX-editor provides many algorithms for processing code to bypass the built-in protection developers. First of all, you need to pay attention to the decoding of obfuscation methods, such as add, xor, Base64, shift. The scripts with which the application is delivered break such a crypto protection with ease. Most of the actions can be automated by writing simple scripts on JS or Python. Sometimes it is not necessary to create anything new, because the base is very impressive.

Although FileInsight is considered one of the best tools for reverse engineering, there is a huge drawback in the program - the impossibility of processing files exceeding 400 MB.

Hex Editor Neo

This HEX-editor is distributed in two versions: free and advanced. The product with freeware-license is qualitative, but unremarkable. Of the features can be identified broad interface settings and color schemes. The professional version provides more useful features, which are especially relevant during the analysis of binary files.

For example, the user is given the opportunity to decode programs, crypted by common algorithms. Additionally, there are functions that allow you to edit local resources (RAM, NTFS streams, hard disks). Automation of processes is realized with the help of scripts VBS and JS.

However, the most important feature of the program is a disassembler, which can work with x64, x86 and .NET-files. Another function not provided by competitors is the creation of a patch based on the comparison of two executable binaries. Undoubtedly impressive, but when compared with FileInsight, Neo still loses. However, NEO can handle large files.

Hiew

HEX Hiew editor does not have a free version. Developed by a team from Russia. The product begins its history from the time of 16-bit applications for DOS and Windows 3.1. Hiew is often used by professionals dealing with computer and information security issues. The reasons are clear: the whole range of possibilities for editing and viewing executable binary Windows files, as well as compiled Linux (ELF) programs.

Another notable feature that helps in reverse engineering is the built-in Hiew disassembler and assembler. And they work, both with x86, and with x86_64-applications, the instructions of processors of architecture ARM are supported also. With large files, the editor handles without any difficulties, allows you to perform low-level data changes on physical HDD.

A large number of actions can be automated. For this, programmers built the ability to create scripts, keyboard macros and API functions, which are used to call internal routines from external applications. But before the unconditional victory in the field of hexadecimal editors, Hiew still did not get there. Its interface is completely executed in DOS style, and the command line (or console, if we talk about Linux-systems) is drawing windows.