Hiew

From aldeid
Jump to: navigation, search

Description

Hiew is an Hex editor and assembler/disassembler with following features:

  • view and edit files of any length in text, hex, and decode modes
  • x86-64 disassembler & assembler (AVX instructions include)
  • physical & logical drive view & edit
  • support for NE, LE, LX, PE/PE32+ and little-endian ELF/ELF64 executable formats
  • support for Netware Loadable Modules like NLM, DSK, LAN,...
  • following direct call/jmp instructions in any executable file with one touch
  • pattern search in disassembler
  • built-in simple 64bit decrypt/crypt system
  • built-in powerful 64bit calculator
  • block operations: read, write, fill, copy, move, insert, delete, crypt
  • multifile search and replace
  • keyboard macros
  • unicode support
  • Hiew External Module (HEM) support
  • ArmV6 disassembler

Installation

Hiew demo version (with limited features) can be downloaded here. If you're interested in buying Hiew, please refer to the official website: http://hiew.ru/.

Configuration & Customization

Configuration file

You can customize Hiew from the hiew*.ini (e.g. hiew8.ini) configuration file. From this configuration file, you can for example change the default start mode to "Code" mode instead of the default "Text" mode as follows:

StartMode = Code  ; Text | Hex | Code

Resize columns

Inside Hiew, you can resize columns by pressing
Ctrl
left
or
Ctrl
right
:

Hiew-resize-1.png

Hiew-resize-2.png

Usage

Open file and Quit

Open

To open a file, either start hiew from CLI and navigate through the browser to locate the file:

Hiew-open-file.png

... or drag a file to the hiew icon. This second option will make you save time.

Hiew-open-drag-and-drop.png

Quit (F10)

To quit Hiew, press
F10
.

Help (F1)

To view the help, press
F1
:

Hiew-help.png

Switch mode (F4 or ENTER)

To switch between modes (Text -> Hex -> Code -> Text -> ...), press
F4
or
Enter
:

Hiew-switch-mode.png

View Header (F8)

From the Hex and Code views, press
F8
to view the header:

Hiew-header.png

Print screen (Alt+P)

To make a screenshot, press
Alt
+
P
. You can either save the screnshot to a file (name it in the field) or copy the picture to the clipboard directly (press
*
).

Hiew-print-screen.png

Navigate

Goto (F5)

To jump to a given offset (e.g.
0x401B14
), press
F5
and enter "dot" followed by the offset (e.g.
.401B14
).

Hiew-goto.png

Refer (F6)

This feature display cross references. Place your cursor on a function and press
F6
to display the cross references:

Hiew-refer.png

In IDA Pro, this corresponds to the
x
key (xref):

Hiew-ida-pro-xref.png

Search (F7)

To search for a string or HEX, press
F7
:

Hiew-search-1.png

When you press ENTER, Hiew goes to the offset of the first occurence:

Hiew-search-2.png

To find the next occurence, press
Ctrl
+
Enter
.

Patch

Edit (F3)

Ssh-img013.png
Warning
Make a backup of your original file prior to any modification because Hiew will commit changes on the opened file directly.

To edit hex bytes, place the cursor to the location to patch:

Hiew-edit-1.png

... and press
F3
to enter in edit mode.

Hiew-edit-2.png

The menu offers different options:

Keys Label Description
F2
Asm call assembler
F3
Undo restore original byte under cursor
F7
Crypt crypt/deCrypt
F9
Update save changes
F10
Trunc truncate file at cursor
Ctrl
+
F7
CrySet crypt initialize
Alt
+
F2
NOPs filling current command by NOP
Alt
+
F8
Table select translation table

Commit (F9)

To apply changes, press
F9
.

Calculator (Alt+=)

To display the calculator, press
Alt
=
.

Hiew-calculator.png

Comments

blog comments powered by Disqus

Keywords: hiew assembler disassembler hex-editor