You are on page 1of 12

Hiew release 8.

10
http://www.hiew.ru

...

7.40
, 64
x86-64.
PE32+.
64 Crypt, DIV MUL. ( .
' Crypt') crypt-
** / div/mul
crypt- '[HiewCrypt 6.70]'
7.00

7.00 - .
- DOS OS/2
-
,


/

-
- progress bar
- PE MZ
- jmp/call one-touch
- -
- - ( 5-7%)
**
**:
.

Files ( "
")
6.70
Crypt 32. Crypt- (*.cry)
.
5.01
6.7x! : AND OR. 32.
-, ';'.

6.60

- little-endian ELF.
NE-,LX-,PE-DUMP EDUMP,
ELF.
6.29/6.30
32- .
.

, .
PE- PEDUMP.EXE
: DOS, OS/2, Win32.
6.15
6.15 HIEW . exUSSR - 10$.
register.ru.
HIEW
win32 *nix , - ...

6.01

- crypt
6.00
, 6.00
:
- crypt' ( , , -..)
-
CtrlF11/CtrlF12.
- Alt- Alt-Fn ( Alt-P, Alt-H, Alt-=) - . hiew.hlp
- (PgDown ) (Backspace
, Tab )
- "ActionAfterWriteSavefile" ini-.
- ini- "NextFileSaveOffset" (
) "NextFileSaveState" (
).

call/jmp

Crypt
/


INI-
SAV-
XLT-


Hiew - '' ,
- ( , 7xh 0EBh :-). Hiew

, .


x86-64

" " ( , ..)
( ? )
Help -


64

, .
, 't' (. mov al,10t).
: mov eax,"sign"
. / ( mov bx,[123+23-46h] = mov bx,[100h]
).
: ,
, , ,
"
?".
:
jmps = jmp short
jmpf = jmp far [mem 16:16/32/64]
callf = call far [mem 16:16/32/64]
,
7.40 : F4
.
'nop' 1 9 .

, , .com 100h,
.
-
, .
: 12345h, 95h - "*95" (
! ), ( ).
CtrlF5-CtrlF5 "*0".

Hex Decode.
5.00
.
PutBlk(
F2 ). - *.
: ( GetBlk (CtrlF2) ):
,
.
6.10 ,
, .

xx% Filename.ext
.dFRO -------- xxx PE xxxxxxxxHiew 7.00 (c) SEN

progress bar
( bar=P

V
HIEW.INI )

neexecutable
V

* Text mode:

> * DeCode mode:

kbmacro: <
R -

0..8 -

<

:
<
F -

B -

A -

:
<
R -

W -

U -

O -
<
I -

'a'

exe

> 8
'-'
'1..8' ..
'*'

HIEW7.HLP,
- F1. .

HIEW7.HLP ,
: "[HiewHelp 7.00]".
';'
, .
F1
: [xxxx] [yyyy].
[End].
7.00
: +[ ]

/ .
'+'
.
8 .

, Alt-1...Alt-8.
( Text/Hex/Decode ) .

call/jmp

Hiew Beta Day 28


'A'-'Y'('Z') '1'-'9'('0').
-
. Hiew.ini jumpTable.
(
),
, , .

- , ( hiew 4
'0', hiew day 28 - 'Z' ).
,
QWERTY
jumpTable, .. 'S' ' '
. jumpTable '1'-'9',
'A'-'Z'.
.
: 0123456789QWERTYUIOPASDFGHJKLZXCVBNM -
.

:
1. (decode mode, F7-F7)
2. (F9)
3. (F8-F7)
:
?
*
{ABD}
{A-D}
{!ABCD}
!


,
A B C D
A D
A, B, C, D
(!*.
)

/
'reg*key*'

ASCII,
/ ( .. ), HEX
.
4.00 , F7.
5.00 " " ( FindNext )
( , "
" , ).
FindNext CtrlHome, CtrlEnd, F7(find), F5(goto)
5.00 : F4
/.
5.00

. ( . ).
,
- .
CtrlEnter, 'mov eax,[eax*2]'
: Decode <F7><F7>"mov ax,*" "mov
ax,1234h", "mov ax,sp", ..
"mov e?x, eax" "mov eax,eax", "mov ebx,eax", "mov ecx,eax",
"mov edx, eax", "mov ebp,eax", "mov esi,eax"
***

***
!

! 'cmp *,0ab' - , 'cmp *,000ab' -
5.83 ,
. 7.40 '/'
: "push *10 / call * / add *"
:
:
--------------------push 00010
push 00010
call 01234:05678
push 00011
add sp,00006
add ax,00006

6.10 / ,
. "filArg" F4
/.
Crypt ( F7 in Edit )
/ / .

/ byte/word/dword/qword,
F2. "LOOP numberLine", "Loop
1" .
:

Reg
:
Reg-Reg:
Reg-Imm:
Imm
:

neg,mul,div
mov,xor,add,sub,rol,ror,xchg,and,or
mov,xor,add,sub,rol,ror,and,or
mul,div,loop

8/16/32/64- , ,

AL/AX/EAX/RAX,

*
*
*

:

loop jmp/stop
rol/ror , ..
ROL AX,CL ROL AL,CX
* ( 7.40) mul rax ,

* ( 7.40) div rax ,
. rax, - rdx

:
a. -XOR- 0AAh:
1. XOR al,0aah
2. LOOP 1
; .
b. -XOR-
1. MOV dx,0
2. XOR ax,dx
; F7 ""
3. ADD dx,1
;
4. LOOP 2
;

5.40 NE/LX/PE (
) , /.

.
NE/LX
SSSSOOOO, SSSS - NE, LX, OOOO -
. SSSS ,
.
LX, 0xFFFF (. 1
FC.EXE) (. SD386),
, .0x200234, 0x20000 .
, /

( :-)
*NB!*
'.',
, .

F5:
a: (NE) .10023
- 0x0023
b: (NE/LX/PE) .23 - 0x0023
c: (LX) .10023
- 0x10000
0x0023
d: (PE) .401023 - 401023
,
NE/LX/PE .
dual-EXE
.
MZ,
NewExe.
7.00 64 4

"32'32"

, .

64 ,
(>89) 32,
.

,
' '
Ctrl-
-

- Ctrl-
.
Ctrl-0 0. Ctrl-Minus

Ctrl-1..Ctrl-8
/ / , ''

/:
Ctrl-Minus
Ctrl-.
Ctrl-0
Ctrl-1
...
Ctrl-8
Macro manager:
Enter
F2
- From 0
F4
- Delay
F5
- Rename
F8
- Unload
F9
- Store
F10
- Load
F11
- Up
F12
- Down
AltF1 - Loop
AltF2 - FailSr

Macro manager ( )
/ Macro0
Macro0
Macro1

- Macro8
-


0
' '






' '

hiew : /MACRO0=<filename>

7.10
(Alt-F6) exe- .

ascii-.

, .

ini- 'MinStringLength='
4.

. 1000 .
INI-
, HIEW.EXE HIEW.INI
. ini-
: "/INI="
: "[HiewIni 5.03]".
( ';' ) .
Ini- ,
, , __ , hiew.ini
: "Bar=...".
HIEW.INI
HEMKEYS.INI-
7.45 hem- HEMKEYS.INI
hem- hem (F11).
'[HemKeys 7.45]'.
:
k: hemfile
.
.
hem- c .
:
[HemKeys 7.45]
w: FileWalker.hem
V: PEVERIFY
SAV-
Hiew savefile (HIEW.SAV
savefile= INI-) (Ctrl/F10 SaveState). HIEW.SAV :
/SAV=<savefile> - HIEW.SAV
XLT-
HIEW.XLT //.
.
/ .
typedef struct{

BYTE sign[ 9 ],
unused[ 5 ],
versionMajor,
versionMinor;
}XLAT_HEADER;
typedef struct{
BYTE title[ 16 ],
tableOut[ 256 ],
tableIn[ 256 ],
tableUpper[ 256 ];
}XLAT;

// "HiewXlat",0
// 0x05
// 0x40

//
//
//
//

F8


- 15.
F8-F9 (text mode),
AltF8-F9 ( . editmode)

Hiew [options] [/s]filemask...[/s][filemask]


/O[thc]=OEP|END|[.]offset[th] -
/MACRO0=<macrofile>
-
/SAV=<savefile>
- savefile
/INI=<inifile>
- inifile
[/s]filemask...[/s][filemask] - ,
.
*
/s :
hiew /s *.dll *.exe /s *.txt -> .dll .exe
.txt
*

'/O' , hiew:
-
- (16) 't'
:
- 'END' ( )
- 'OEP' ( ) Exe-
:
/Ot=END
- ,
/Oc=OEP
- ,
/Oh=1234
- hex , 1234 (hex)
/Oh=0x1234 -
/Oh=1234t - hex , 1234 (decimal)
/Oc=.401234 - , 401234

7.40 '/O'
CtrlF9/CtrlF11/CtrlF12

p
7.00

23/12/04 -

DOS, OS/2
4

64
progress bar

hiew7.ord PE
- MZ ( MZ-)

7.01

28/12/04 -

7.10

20/02/05 2/06/05 7/07/05 24/09/05 30/11/05 21/01/06 -

7.20

7.21

7.22

7.25

7.26

MZ PE
PE (, ,...)
(. Delay import) 8- 7
.
FileList ( F9)

hiew.ini
MacroDelay=
MacroStopIfSearchFail=
MacroPath=
FlistSizeInK=
AutoloadOrdinals=
IgnoreDiskError=
ConfirmExitByEsc=
SuppressPrepareError=
CursorShapeInvert=
ColorFixup=
ColorMacroRec=
ColorMacroPlay=
FIX: PE section name
FIX: import table
sav-file
: @x -
clipboard (Shift-Insert)

FIX: '' (2K/XP)
FIX: DLLNAME.ORDINAL DLLNAME.DLL.ORDINAL
Pre-release
FIX:
6 XX 'push XXXXXXXXX' (: 'push XX')
Unicode
HEM (Hiew Extrenal Module). HEM SDK 0.11
Edump 1.43
Pre-release
FIX: PE
FIX: sav-,
FIX: PE export table
flist change drive
import/export
unicode-string
HEM SDK 0.21: HEM keys line
Pre-release!
HEM SDK 0.30: MessageWait(),IsKeyBreak()
HEM: window()
PE: directory (F7)
PE: directory
hem menu
Unicode
FIX: StringCollections
Code: AltF9 ( auto opsize) CtrlF1 (
FIX PE:
FIX PE:
FIX NE:
FIX: scanbar
file history: Ctrl-Enter
target jump marker
fastkey &
FIX: targetJump
FIX MZ: far call/jmp ( 7.11)
FIX NE:

7.27

4/04/06

7.28

26/09/06

7.40

5/02/07

7.41

25/04/07

7.45

26/07/07

7.47

26/09/07

7.50

29/01/08

7.60

14/05/08

FIX PE: file alignment


NE: segfix entry export
FIX:
FIX: far Jcc
FIX: (Import)
'Goto offset' text mode (F5)
'Goto offset' % (e.g.50%, -10%, +5%)
'Strings' text mode (Alt-F6)
Strings: ansi unicode
Strings & resource strings: F9 (: F10)
Code edit: Alt-F2 nop-
FIX: PE Overlay
FIX: 'rep strings'
FIX(7.27): '%'
FIX: PE
PE: forwarded export
Export:
StringCollections global/local offset
"StringsShowOffset=" ini-file
"ColorCodeRet=" ini-file
HEM: SEH /
HEM FIX:
HEM FIX: Hiew_Menu() Fn-
64bit / x86-64
64bit crypt (! mul div)
c crypt (F11)
Pe32+ 8684h
TLS callback PE/PE32+ (F8-F11)

(F4)
hexedit: dword/qword (AltF3/AltF4)
( )
XOR ( F8 )
FIX(7.40):
FIX(7.40) PE: call/jm
hiew7.ord
'' mz- '' PE
PE: PE-
HEM SDK 0.35: SetErrorMsg(), GetStringDual()
HemKeys.ini
FIX: hiew.key
(hex mode/Shift-F11)
CryptBlock code (Alt-F3)
FIX: 'hiew7.ini'
FIX: esc
Code lighting (Shift-F1 in code)
HEM SDK 0.40
"SignImmediate = On/Off" ini-file, Alt-I in code
"SignDisplacement = On/Off" ini-file, Alt-D in code
OpcodeShowBytes 15
(ShiftF12/F12) hex decode
(;/F12) hex decode
HEM SDK 0.42
"NamesAutosave = On/Off" ini-file
"DllNameInComment = On/Off" ini-file

FIX:
FIX: PE image size virtsize
FIX: PE
FIX(7.50):

7.61

15/08/08

8.00

29/01/09

8.02

20/07/09

8.10

4/02/10

"ShortImmed = On/Off" ini-file, Alt-T in code


Elf64


FIX: ''
FIX(7.50): ShortImmed=Off 'int 3' 'int 0'
FIX: 'Address of ordinals'
FIX: PE
"BlockLengthShowAlways = On/Off" ini-file
ARMv6
"ArmCodeDetection = On/Off" ini-file
Xor string (Edit/F8) !
Names (F12/F6)
Names export (F12/Shift-F12)
rva/offset PE (F8-F6-F5/F6)
FIX:
FIX: HEM: HEM_RETURN_FILERELOAD
code keys: Alt-F6(1byte/command) Alt-F9
code keys: Alt-F6 as Strings
code keys: Ctrl-F7 as FindOtherByte ( ,
FIX: PE
FIX ARM: load_imm_offset not allow for u-bit
FIX: clipboard input hexline
FIX PE: PE
FIX PE: escape 'Sections count invalid'
ELF: program types (TLS,EH_FRAME,STACK)
"PackNops = On/Off" ini-file
SSE 4.2

<sen@kemtel.ru>, <eugenys@gmail.com>