A HEX editor is a program that can display information the way the computer "sees" it, but by converting binary numbers to hexadecimal. Opening any file in a similar application, the user will see a matrix consisting of columns and rows, the number of which depends on the size of the file in question. Therefore, if you change the byte values ββin the editor, the contents of the open document will also change.
Bit of theory
Any data is stored in the PC memory in the form of machine words, otherwise - bytes. Each includes 8 bits (binary bits that take the value either "0" or "1"). By mathematical calculations, it can be understood that a number in the range from 0 to 255 can be written in one byte. If you translate 255 into a hexadecimal system, it is converted to FF. That is, to display any machine word, it is very convenient to use the hexadecimal representation. Hence the name of the group of programs - a hex editor.
Key elements of programs
In addition to the matrix described above, there can be other means in the interface of the presented application group:
- Line numbering. Usually located on the left side of the application. Shows the offset of the first byte of the line relative to the beginning of the file.
- There is often a similar number bar at the top, showing the offset of the byte of the relative left value in the line. Adding the string values, you can get the number of each byte.
- In the right pane, the same data can be displayed as in the table, but in the form of text (the encoding is determined by the user).
McAfee FileInsight
This HEX editor is completely free. It works only on Windows operating systems. The product has an entire gentleman's set, such as viewing and editing a file. At the same time, the program has a pleasant and convenient interface.
But standard features are the minimum for which FileInsight can be used. What is the maximum? You need to start with the possibility of parsing the structures of executable files. Is this not enough? Any selected fragment can be disassembled on the fly. One click and incomprehensible numbers become a readable listing.
Among other things, this HEX-editor provides many code processing algorithms to bypass the built-in security developers. First of all, you need to pay attention to decoding obfuscation methods, such as add, xor, Base64, shift. The scripts that come with the application break such crypto protection with ease. Most of the actions can be automated by writing simple scripts in JS or Python. Sometimes it is not required to create anything new, because the base of these is impressive.
Although FileInsight is considered one of the best tools for reverse engineering, there is also a huge drawback in the program - the inability to process files in excess of 400 MB.
Hex editor neo
This HEX editor is distributed in two versions: free and advanced. A freeware-licensed product is quality, but unremarkable. Of the features you can highlight the wide settings of the interface and color schemes. The professional version provides more useful features that are especially relevant during the analysis of binary files.
For example, the user is given the opportunity to decode programs encrypted with general algorithms. In addition to this, there are functions that allow you to edit local resources (RAM, NTFS streams, hard drives). Process automation is implemented using VBS and JS scripts.
However, the main feature of the program is a disassembler, which can work with x64, x86, and .NET files. Another feature not provided by competitors is the creation of a patch based on a comparison of two executable binaries. Certainly impressive, but when compared to FileInsight, Neo still loses. However, NEO can work with large files.
Hiew
The Hiew editor Hiew does not have a free version. The development team is from Russia. The product begins its history from the time of 16-bit applications for DOS and Windows 3.1. Hiew is often used by computer and information security professionals. The reasons are clear: the full range of options for editing and viewing Windows executable binary files, as well as compiled Linux programs (ELF).
Another noteworthy feature that helps in reverse engineering is the disassembler and assembler built into Hiew. Moreover, they work with both x86 and x86_64 applications, and instructions from ARM architecture processors are also supported . The editor copes with large files without any difficulties, allows you to perform low-level data changes on physical HDDs.
A large number of actions can be automated. For this, programmers have built in the ability to create scripts, keyboard macros and API functions that are used to call internal procedures from external applications. But before the unconditional victory in the field of hex editor Hiew still did not get. Its interface is completely DOS-style, and the command line (or the console, if we talk about Linux-systems) is engaged in rendering windows.