From Collaborative RCE Tool Library

Jump to: navigation, search

Hex Editors

Tool name:

Explorer Suite

Currently5/5
1
2
3
4
5

Rating: 5.0 (1 vote)

Author:

Daniel Pistelli

Website:

http://ntcore.com/exsuite.php

Current version:

III

Last updated:

March 2, 2008

Direct D/L link:

http://ntcore.com/Files/ExplorerSuite.exe

License type:

Free

Description:

A freeware suite of tools including a PE editor called CFF Explorer and a process viewer. The PE editor has full support for PE32/64. Special fields description and modification (.NET supported), utilities, rebuilder, hex editor, import adder, signature scanner, signature manager, extension support, scripting, disassembler, dependency walker etc. First PE editor with support for .NET internal structures. Resource Editor (Windows Vista icons supported) capable of handling .NET manifest resources. The suite is available for x86, x64 and Itanium.

Features:

* Process Viewer
* Windows Viewer
* PE and Memory Dumper
* Full support for PE32/64
* Special fields description and modification (.NET supported)
* PE Utilities
* PE Rebuilder (with Realigner, IT Binder, Reloc Remover, Strong Name Signature Remover, Image Base Changer)
* View and modification of .NET internal structures
* Resource Editor (full support for Windows Vista icons)
* Support in the Resource Editor for .NET resources (dumpable as well)
* Hex Editor
* Import Adder
* PE integrity checks
* Extension support
* Visual Studio Extensions Wizard
* Powerful scripting language
* Dependency Walker
* Quick Disassembler (x86, x64)
* Name Unmangler
* Extension support
* File Scanner
* Directory Scanner
* Deep Scan method
* Recursive Scan method
* Multiple results
* Report generation
* Signatures Manager
* Signatures Updater
* Signatures Collisions Checker
* Signatures Retriever

Also listed in:

.NET Executable Editors, .NET Resource Editors, .NET Signature Removers, .NET Tools, Dependency Analyzer Tools, Exe Analyzers, Executable CRC Calculators, Import Editors, Memory Dumpers, PE Executable Editors, Process Dumpers, Protection Identifiers, Resource Editors

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

WinHex

Currently4/5
1
2
3
4
5

Rating: 4.0 (1 vote)

Author:

Stefan Fleischmann

Website:

http://www.x-ways.net/winhex

Current version:

14.9

Last updated:

April 17, 2008

Direct D/L link:

http://www.x-ways.net/winhex.zip

License type:

Shareware

Description:

WinHex is in its core a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards. Features include (depending on the license type):

* Disk editor for hard disks, floppy disks, CD-ROM & DVD, ZIP, Smart Media, Compact Flash, ...
* Native support for FAT, NTFS, Ext2/3, ReiserFS, Reiser4, UFS, CDFS, UDF
* Built-in interpretation of RAID systems and dynamic disks
* Various data recovery techniques
* RAM editor, providing access to physical RAM and other processes' virtual memory
* Data interpreter, knowing 20 data types
* Editing data structures using templates (e.g. to repair partition table/boot sector)
* Concatenating and splitting files, unifying and dividing odd and even bytes/words
* Analyzing and comparing files
* Particularly flexible search and replace functions
* Disk cloning (under DOS with X-Ways Replica)
* Drive images & backups (optionally compressed or split into 650 MB archives)
* Programming interface (API) and scripting
* 256-bit AES encryption, checksums, CRC32, hashes (MD5, SHA-1, ...)
* Erase (wipe) confidential files securely, hard drive cleansing to protect your privacy
* Import all clipboard formats, incl. ASCII hex values
* Convert between binary, hex ASCII, Intel Hex, and Motorola S
* Character sets: ANSI ASCII, IBM ASCII, EBCDIC, (Unicode)
* Instant window switching. Printing. Random-number generator.
* Supports files >4 GB. Very fast. Easy to use. Extensive online help.

Also listed in:

Binary Diff Tools, Memory Dumpers, Memory Patchers, Memory Search Tools

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

ASHE - A Scripted Hex Editor

Currently0/5
1
2
3
4
5

Rating: 0.0 (0 votes)

Author:

Grand River Software, LLC

Website:

http://www.grandriversoftware.com/ashe.htm

Current version:

2.0

Last updated:

Direct D/L link:

http://www.grandriversoftware.com/files/ashesetup.exe

License type:

A license for ASHE costs US $39.95

Description:

ASHE is a tool to help analyze the structure of any type of disk file. It allows locating and modifying any type of data in a file quickly and easily. Once the structure of a file has been identified, routine changes to the file can be scripted using the integrated scripting engine. Scripts can then be shared with any other ASHE user with a similar need.

ASHE - A SCRIPTED HEX EDITOR features:

- Easy to read user interface (screen shots)
- Any size file (supported by Microsoft Windows™) can be edited without worrying about memory
- File resizing, including insertion and deletion of bytes and file truncation, is fully supported
- Hex, hex dump, decimal and binary displays are automatically provided for each open file
- Edit values in any supported data format, (hex, decimal or binary) whatever you feel most comfortable with
- Powerful and fast string and binary search functionsMultiple files can be searched for a value.
- Double-clicking on a match will open that file and position where the search value was found.
- Up to 10 files can be opened simultaneously
- Files can be created from scratch, sized and then filled through the user interface (or through scripting)
- Separate navigation buttons allow stepping through a file from a single byte at a time to any value you wish
- A scripting language, with a rich set of data manipulation functions, is built in
- All user interface functions (file resize, insert, delete, save, etc) can also be scripted
- Block copies from one open file to another can be scripted
- Searches are fully scriptable, providing powerful and conditional search and replace functions
- Scripts can be shared with any other ASHE user
- A trace debugger with output and watch windows is provided for a complete integrated scripting environment
- Search results can be saved for later comparisons or scripting purposes
- Scripts and script output can be printed

Also listed in:

(Not listed in any other category)

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

FileInsight

Currently3.6666666666667/5
1
2
3
4
5

Rating: 3.7 (3 votes)

Author:

Secure Computing

Website:

http://www.webwasher.de/download/fileinsight

Current version:

1.0

Last updated:

January 7, 2008

Direct D/L link:

http://www.webwasher.de/download/fileinsight/bin/fileinsight.exe

License type:

Freeware

Description:

Opening Files
FileInsight allows to open files for analysis both directly from the local harddisk, using the Open toolbar button, or by typing a URL into the Web toolbar and clicking the Get button. Files are displayed in either textual or hexadecimal format, which can be toggled easily via the View as Hex and View as Text toolbar buttons.

Navigating Binary Files
C/C++ data structure declarations (also see Structure Declarations on MSDN) can be directly imported into FileInsight. Simply click the Open toolbar button in the Structures window and choose the .h file to be opened. Using such data structures can significantly simplify navigating through binary file formats, such as the Windows Animated Cursor File Format (also see Icons in Win32 on MSDN):

struct ANIHeader {
DWORD cbSizeOf; // Num bytes in AniHeader
DWORD cFrames; // Number of unique Icons
DWORD cSteps; // Number of Blits
// ...
};

The Go To dialog allows not only to go to an absolute offset (or line, in text view mode), but also to jump relatively from the current position.

Analyzing Data
The Values window displays different interpretations of the data at the current cursor position. A toolbar button allows to toggle between Little-Endian and Big-Endian byte order.

When placing the cursor at a position that contains IA-32 machine code (also see Intel 64 and IA-32 Architectures Software Developer's Manuals), the Disassembly window shows the disassembled code starting at (and relative to) the current offset.

Scripting
Modification of a file's content can be automated using the builtin JavaScript support (also see A re-introduction to JavaScript). Modification using the setByteAt() script method is performed directly in the opened document.

Also listed in:

(Not listed in any other category)

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

Groovy Hex Editor

Currently0/5
1
2
3
4
5

Rating: 0.0 (0 votes)

Author:

SB-Software

Website:

http://www.sb-software.com/hexeditor/

Current version:

1.6

Last updated:

December 2006

Direct D/L link:

http://www.sb-software.com/hexeditor/sbhexd16.zip

License type:

Description:

Groovy Hex Editor is an editor for editing binary files. It's compatible with any type of file, including text documents, save game files, program executables, data files, etc. I've tried to make Groovy Hex Editor very easy to use, and give it a user friendly and cool looking color scheme. You can download it for free, and try it out for an unlimited period of time.

Here's a run-down of some of the new features introduced in the recent upgrades:

- New bookmark editor takes the place of the not-very-useful hex keypad.
- Added settings menu
- Added color and display settings
- Optional Blinky or Fixed cursor
- Change highlighting (things you modify change color, so you can easily notice them)
- Shrink-to-system tray option
- String sifter and VFD displays added to tools menu

Also listed in:

(Not listed in any other category)

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

Hackman Suite

Currently0/5
1
2
3
4
5

Rating: 0.0 (0 votes)

Author:

TechnoLogismiki

Website:

http://www.technologismiki.com/prod.php?id=31

Current version:

9.01

Last updated:

June 2007

Direct D/L link:

N/A

License type:

Shareware

Description:

Description
Hackman Suite is a multi-module all purpose debugging tool. It includes a hex editor, a disassembler, a template editor, a hex calculator and other everyday useful tools to assist programmers and code testers with the most common tasks.

The Editor
With Hackman Hex Editor you can edit any type of file in your hard disk, even your hard disk itself or a process in memory. Data are presented in 6 different ways (modes): ASCII, Hex, Binary, Octal, Decimal and Custom mode. The editor comes with unlimited undo/redo with undo/redo lists, full clipboard control: cut, copy, paste, paste special, clear clipboard, highly sophisticated find and replace, unlimited watches and bookmarks and numerous conversion modes, including Java, C++, VB, ASCII, text and more.
You can always use the Patch Maker, the MS-DOS Executable Maker, Merger/Splitter and Checksums (CRC16/32, MD5, SHA1 and more) to check and / or manipulate files. Embedded cryptographic capabilities (Skipjack, NSA, RCA algorithms), support for macros, inline command bar, numerous plugins and external tools, configurable toolbar, shortcuts and menus, multilingual interface and online help consist a part of the features list.

The Disassembler
Hackman Disassembler 9.0 is an ultra fast multi processor disassembler, capable of disassembling code at a rate of 250 Kb/sec (PIII/900 MHz). The opcodes cover all x86 Intel and AMD architecture, starting at 8086 and ending at 3DNow! and Pentium 4 specific instructions. With Hackman Disassembler you have a multi-disassembling suite integrated into one program with a handy interface. Opcode sets are available for Intel 8086/80286/80386/80486 (*), Intel Pentium/Pro/MMX/II/III/P4 (*), AMD 3DNow! (*), 1802 (*), 6502/6510/8500/8502, 65816, 65C02/65SC02, 65CE02, Motorola 6800/6802/6808 (*), Motorola 6801/6803 (*), Motorola 6805/146805 (*), Hitachi 6809/6309, 8085, Zilog Z80, Gameboy CPU, Java Bytecode. Asterisk (*) denotes detailed online help availability.

The Template Editor
Hackman Template Editor is an ultra fast editor based on multi-format templates. The templates can be either simple structures or complicated layered formats. With Hackman Template Editor you have a powerful template based multipurpose editor integrated into one program with a handy interface.
Supported Formats are Characters, Hex, Binary, Octal, Decimal, 8, 16, 32 and 64 bit signed and unsigned numbers, Floating numbers, DOS and UNIX Date/Time among others. You can edit both files or disks (physical, logical, compact flash, smart media, etc) and of course you can construct your own templates to match your needs.

The Calculator
Hackman Calculator is a versatile scientific calculator that can operate in any mode (decimal, hex, binary and octal) up to 1024 bits. It is able to perform both signed and unsigned operations. From simple arithmetics to advanced logical or boolean operations, Hackman Calculator can provide you with fast and accurate results up to 1024 bits.

The Bundled Utilities
Hackman INI Editor is developed by Innovation Systems as an extension for Hackman Hex Editor. You can edit INI and INF files with the ease of a few clicks!
Hackman DIZ Editor is developed by Innovation Systems as an extension for Hackman Hex Editor. You can edit DIZ files which you can include in your distribution zip files.
Hackman Autorun Generator is developed by Innovation Systems as an extension for Hackman Hex Editor. You can create autorun.inf files that you can distribute in your application's CD-Rom.
Other tools include MP3 Tag Editor, Version Changer, Date Changer and more!

Also listed in:

Disassemblers

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

Hex Workshop

Currently3/5
1
2
3
4
5

Rating: 3.0 (1 vote)

Author:

BreakPoint Software

Website:

http://www.hexworkshop.com

Current version:

5.02

Last updated:

January 6, 2008

Direct D/L link:

http://www.bpsoft.com/downloads/hw32v502.msi

License type:

Shareware

Description:

A quite good and competent hex editor.

Also listed in:

(Not listed in any other category)

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

Hiew

Currently3/5
1
2
3
4
5

Rating: 3.0 (2 votes)

Author:

Eugene Suslikov

Website:

http://www.hiew.ru/

Current version:

7.50

Last updated:

February 6, 2008

Direct D/L link:

http://www.hiew.ru/files/hiew750.zip

License type:

Shareware

Description:

* view and edit files of any length in text, hex, and decode modes
* x86-64 disassembler & assembler
* physical & logical drive view & edit
* support for NE, LE, LX, PE, PE32+ and little-endian ELF executable formats
* support for Netware Loadable Modules like NLM, DSK, LAN,...
* following direct call/jmp instructions in any executable file with one touch
* pattern search in disassembler
* built-in simple 64bit decrypt/crypt system
* built-in powerful 64bit calculator
* block operations: read, write, fill, copy, move, insert, delete, crypt
* multifile search and replace
* keyboard macros
* unicode support
* Hiew Extrenal Module (HEM) support

Also listed in:

Disassemblers, PE Executable Editors

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

MiTec HexEdit

Currently0/5
1
2
3
4
5

Rating: 0.0 (0 votes)

Author:

MiTec(?)

Website:

http://www.mitec.cz/hex.html

Current version:

4.20

Last updated:

Direct D/L link:

http://www.mitec.cz/Downloads/HEXEdit.zip

License type:

Freeware ("for both private and commercial users")

Description:

From the source:

"HexEdit is powerful hexadecimal editor with following features:
- MDI interface
- Data Inspector
- Calculator
- File Compare
- Memory Dumper
- Disk Dumper (NT only)"

Also listed in:

(Not listed in any other category)

More details:

Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)

Tool name:

radare

Currently0/5
1
2
3
4
5

Rating: 0.0 (0 votes)

Author:

pancake

Website:

http://radare.nopcode.org

Current version:

0.9.3

Last updated:

February 19, 2008

Direct D/L link:

http://radare.nopcode.org/get/radare-0.9.3.tar.gz

License type:

GPL

Description:

The radare project aims to provide a complete unix-like toolchain for working with binary files. It currently provides a set of tools to work with x86, arm and java with some ones powerpc.

The core is a raw hexadecimal editor for commandline with scripting features and perl/python extensions that gets extended with IO plugins that hooks the open/read/write/close/system calls.

The debugger and disassembler has a code analysis module for x86, arm and java. This way it's possible to draw graphs using Cairo on a GTK window or store the flow execution of a program on a log file and use the information to diff't against another trace or binary.

The toolchain provides assemblers and disasemblers for x86, arm and java.

The disassembler has been enhaced to handle inline comments, code block detections and flag references (data pointers or so).

The debugger currently works on linux,*bsd x86-32 but it has initial support for x86-64 and linux-ARM, and w32 support is in mind too.

But there are IO plugins for debugging windows and DOS applications via wine and dosemu. Initial gxemul support gives us the possibility to also debug ARM, MIPS, SPARC, .. binaries.

There are some internal commands to handle memory maps, mount a syscall proxy, inject code, patch data, dump user data sections, step-back, syscall tracing, hardware DRx register manipulation, conditional watchpoints with expressions, signalling manipulation, syscall injection and very early threading support..

Data structures can be parsed with hand-written C programs called as extensions from radare. So the hexadecimal editor comes with a set of views for different bases and print formats like URL-encoding, binary, octal, shellcode, C string-like, which is really useful for developing shellcodes.

There's a minimal GUI frontend written in C that interacts directly with an VTE running radare. But I plan to write a new native frontend written in Vala.

Current development plugins are:

* ewf: EnCase (R) forensic disk images
* winedbg: WineDebugger interface ( winedbg://./program.exe )
* haret: Remotely read WindowsCE memory ( haret://host:port )
* ptrace: Debugs or attach to a process ( dbg://file or pid://PID )
* sysproxy: Connects to a remote syscallproxy server
* remote: TCP IO ( listen://:port or connect://host:port )
* gdb: Debugs or attach to a process using gdb (gdb://file, gdb://PID, gdb://host:port)
* w32: posix to native w32 api io
* posix: plain posix file access

The tools provided around the core are:

* radare: command line hexadecimal editor with IO plugin extensions
* rabin: get info from ELF/MZ/PE/CLASS files
* rasc: shellcode generator and tester (outputs in raw, hexpairs or C)
* bindiff: binary diffing utilities for raw files, binaries, data blocks, etc
* xrefs: find crossed references on raw images for ppc, arm and x86
* hasher: calculate different algorithms over data blocks of a file or stream
* rsc: command line helpers written in shellscript or perl
* javasm: minimalistic java assembler/disassembler/classdumper
* armasm: minimalistic arm assembler
* xc: converts between multiple radix numeric bases

FMI see the mailing list

Have fun!

Also listed in: