Hiew

From aldeid
Jump to: navigation, search

Description

Hiew is an Hex editor and assembler/disassembler with following features:

  • view and edit files of any length in text, hex, and decode modes
  • x86-64 disassembler & assembler (AVX instructions include)
  • physical & logical drive view & edit
  • support for NE, LE, LX, PE/PE32+ and little-endian ELF/ELF64 executable formats
  • support for Netware Loadable Modules like NLM, DSK, LAN,...
  • following direct call/jmp instructions in any executable file with one touch
  • pattern search in disassembler
  • built-in simple 64bit decrypt/crypt system
  • built-in powerful 64bit calculator
  • block operations: read, write, fill, copy, move, insert, delete, crypt
  • multifile search and replace
  • keyboard macros
  • unicode support
  • Hiew External Module (HEM) support
  • ArmV6 disassembler

Installation

Hiew demo version (with limited features) can be downloaded here. If you're interested in buying Hiew, please refer to the official website: http://hiew.ru/.

Configuration & Customization

Configuration file

You can customize Hiew from the hiew*.ini (e.g. hiew8.ini) configuration file. From this configuration file, you can for example change the default start mode to "Code" mode instead of the default "Text" mode as follows:

StartMode = Code  ; Text | Hex | Code

Resize columns

Inside Hiew, you can resize columns by pressing Ctrlleft or Ctrlright:

Hiew-resize-1.png

Hiew-resize-2.png

Usage

Open file and Quit

Open

To open a file, either start hiew from CLI and navigate through the browser to locate the file:

Hiew-open-file.png

... or drag a file to the hiew icon. This second option will make you save time.

Hiew-open-drag-and-drop.png

Quit (F10)

To quit Hiew, press F10.

Help (F1)

To view the help, press F1:

Hiew-help.png

Switch mode (F4 or ENTER)

To switch between modes (Text -> Hex -> Code -> Text -> ...), press F4 or Enter:

Hiew-switch-mode.png

View Header (F8)

From the Hex and Code views, press F8 to view the header:

Hiew-header.png

Print screen (Alt+P)

To make a screenshot, press Alt+P. You can either save the screnshot to a file (name it in the field) or copy the picture to the clipboard directly (press *).

Hiew-print-screen.png

Navigate

Goto (F5)

To jump to a given offset (e.g. 0x401B14), press F5 and enter "dot" followed by the offset (e.g. .401B14).

Hiew-goto.png

Refer (F6)

This feature display cross references. Place your cursor on a function and press F6 to display the cross references:

Hiew-refer.png

In IDA Pro, this corresponds to the x key (xref):

Hiew-ida-pro-xref.png

Search (F7)

To search for a string or HEX, press F7:

Hiew-search-1.png

When you press ENTER, Hiew goes to the offset of the first occurence:

Hiew-search-2.png

To find the next occurence, press Ctrl+Enter.

Patch

Edit (F3)

Ssh-img013.png
Warning
Make a backup of your original file prior to any modification because Hiew will commit changes on the opened file directly.

To edit hex bytes, place the cursor to the location to patch:

Hiew-edit-1.png

... and press F3 to enter in edit mode.

Hiew-edit-2.png

The menu offers different options:

Keys Label Description
F2 Asm call assembler
F3 Undo restore original byte under cursor
F7 Crypt crypt/deCrypt
F9 Update save changes
F10 Trunc truncate file at cursor
Ctrl+F7 CrySet crypt initialize
Alt+F2 NOPs filling current command by NOP
Alt+F8 Table select translation table

Commit (F9)

To apply changes, press F9.

Calculator (Alt+=)

To display the calculator, press Alt=.

Hiew-calculator.png

Comments

blog comments powered by Disqus

Keywords: hiew assembler disassembler hex-editor