From Collaborative RCE Tool Library

Jump to: navigation, search

Hexer Plugin - Calculating the entropy of a file

Tool name: Hexer Plugin - Calculating the entropy of a file
Rating: 0.0 (0 votes)
Author: Sebastian Porst                        
Website: http://www.the-interweb.com/serendipity/index.php?/archives/99-Sample-Hexer-Plugin-Calculating-the-entropy-of-a-file.html#extended
Current version: 1.4.0
Last updated: July 1, 2008
Direct D/L link: http://www.the-interweb.com/serendipity/exit.php?url_id=699&entry_id=107
License type: Free / Open Source
Description: I finally got around to write an example plugin for my hex editor Hexer to show how simple it is to extend Hexer according to your own needs. The Java plugin I am going to present calculates the entropy of files according to the method presented on Ero Carrera's blog. The plugin adds a new tab containing a line chart and a button to the File Statistics dialog. When the user clicks the button, the entropy of the active file (that is the file in the last active hex window) is calculated and shown in the line chart. The screenshot below shows the entropy distribution of Notepad.exe.

You can download the source file of the plugin here. The archive contains the source file EntropyCalculator.java as well as two class files which were created by compiling the source file using Java 1.6. To install the plugin, simply copy the two class files to the plugins directory of your Hexer installation. Since the plugin uses the JFreeChart library to display the graph it is also necessary to get the files jcommon-1.0.12.jar and jfreechart-1.0.9.jar from the JFreeChart package. Copy those files into the jars directory of your Hexer installation.

At the beginning of the source file the methods getDescription(), getGuid(), getName(), and init() are implemented. These methods must be implemented by all classes that implement the Hexer plugin interface IPlugin. The first three methods return the name, the description, and the GUID of the plugin. These values are necessary for plugin management. The init() method is called once by Hexer when the plugin is loaded for the first time. Its parameter of type IPluginInterface can be used by the plugin to interact with Hexer.

Afterwards the necessary methods of the IStatsPlugin plugin are implemented. This interface must be implemented by all plugins that want to extend the File Statistics dialog. The method getStatsDescription() returns the description of the file statistic as displayed in the tab header of the File Statistics dialog ("Entropy" in this case). The method getStatsComponent() returns the component that is used to display the calculated file statistic in the File Statistics dialog. For the Entropy Calculator plugin we only need the line chart and the button.

That's all that is necessary to extend the Hexer File Statistics dialog. The remaining methods are used to calculate and display the entropy. They are basically a direct Python-to-Java conversion of the code from Ero Carrera's blog. The only difference is that I averaged the entropies of larger files to make sure that the dataset is small enough for the line chart component to handle.

If you do not want to extend the File Statistics dialog but prefer to have your own Entropy dialog you can simply modify the plugin. Just implement the interface IPlugin instead of IStatsPlugin, add a menu to the Hexer main menu in the init() method, and create the dialog when the menu is clicked.
Related URLs: No related URLs have been submitted for this tool yet


Screenshot:
Screenshot of Hexer Plugin - Calculating the entropy of a file


RSS feed Feed containing all updates for this tool.

Here below you will find useful notes about this tool, left by other users.

You are welcome to add your own useful notes here, or edit any existing notes to improve or extend them.


This Java plugin is included with the latest version of the Hexer hex editor, but needs to be compiled to its class files.

Install the Java SE Development Kit (JDK) from http://java.sun.com/javase/downloads/index.jsp and update the make.bat file with the current version numbers for the JFreeChart library, following the rest of the instructions above.

To open Hexer, point your Java JRE enabled browser to the Hexer.jar file in the main directory.


Views