You are on page 1of 9

Hiew8 DEMO ( 8.

13)
http://www.hiew.ru/
7.40
, 64
x86-64. PE32+.
64 Crypt, DIV MUL. ( .
' Crypt') crypt-
** / div/mul
crypt- '[HiewCrypt 6.70]'
7.00
7.00 - .
- DOS OS/2
- ,
/

-
- progress bar
- PE MZ
- jmp/call one-touch
- -
- - ( 5-7%)
** **: .
Files ( "
")

6.70
Crypt 32. Crypt- (*.cry)
. 5.01
6.7x! : AND OR. 32.
-, ';'.
6.60
- little-endian ELF.
NE-,LX-,PE-DUMP EDUMP,
ELF.

6.29/6.30
32- . .
, .
PE- PEDUMP.EXE
: DOS, OS/2, Win32.

6.15
6.15 HIEW . exUSSR - 10$.
register.ru. HIEW
win32 *nix , - ...
6.01
- crypt
6.00
, 6.00
:
- crypt' ( , , -..)
-
CtrlF11/CtrlF12.
- Alt- Alt-Fn ( Alt-P, Alt-H, Alt-=) - . hiew.hlp
- (PgDown ) (Backspace
, Tab )
- "ActionAfterWriteSavefile" ini-.
- ini- "NextFileSaveOffset" (
) "NextFileSaveState" (
).


( DEMO)





call/jmp


Crypt ( DEMO)
/
( DEMO)

INI- ( DEMO)
SAV- ( DEMO)
XLT-


Hiew - '' ,
- ( , 7xh 0EBh :-). Hiew

, .

x86-64

" " ( , ..)
( ? )
Help -


64


DEMO
, .
, 't' (. mov al,10t).
: mov eax,"sign"
. / ( mov bx,[123+23-46h] = mov bx,[100h]
). : ,
, , ,
"
?".
:
jmps = jmp short
jmpf = jmp far [mem 16:16/32/64]
callf = call far [mem 16:16/32/64]
,
7.40 : F4
.
'nop' 1 9 .


, , .com 100h,
. -
, .
: -
12345h, 95h - "*95" (
! ), ( ).
CtrlF5-CtrlF5 "*0".


Hex Decode. 5.00
. PutBlk(
F2 ). - *.
: ( GetBlk (CtrlF2) ):
,
.
6.10 ,
, .

xx% Filename.ext .dFRO -------- xxx PE xxxxxxxxHiew8 DEMO (c)SEN



progress bar
( bar=P V
HIEW.INI ) neexecutable
V

* Text mode:
> * DeCode mode:
kbmacro: < /
R - 'a'
0..8 -
exe
<

: < > 8
F - '-'
B - '1..8' ..
A - '*'

: <
R -
W -
U -

O - <
I -


HIEW32DEMO.HLP,
- F1. .
HIEW32DEMO.HLP ,
: "[HiewHelp 7.00]". ';'
, . F1
: [xxxx] [yyyy].
[End].
7.00
: +[ ]

/ . '+'
. 8 .
, Alt-1...Alt-8.
( Text/Hex/Decode ) .

call/jmp
Hiew Beta Day 28
'A'-'Y'('Z') '1'-'9'('0'). -
. Hiew.ini jumpTable.
( ),
, , .
- , ( hiew 4
'0', hiew day 28 - 'Z' ).
,
QWERTY-
jumpTable, .. 'S' ' '
. jumpTable '1'-'9',
'A'-'Z'. .
: 0123456789QWERTYUIOPASDFGHJKLZXCVBNM -
.

:
1. (decode mode, F7-F7)
2. (F9)
3. (F8-F7)
:
? -
* - ,
{ABD} - A B C D
{A-D} - A D
{!ABCD} - A, B, C, D
! - (!*. -
- )
/
'reg*key*'


ASCII,
/ ( .. ), HEX
.
4.00 , F7.
5.00 " " ( FindNext )
( , "
" , ).
FindNext CtrlHome, CtrlEnd, F7(find), F5(goto)
5.00 : F4
/.
5.00
. ( . ).
,
- .
CtrlEnter, 'mov eax,[eax*2]'
: Decode <F7><F7>"mov ax,*" "mov
ax,1234h", "mov ax,sp", ..
"mov e?x, eax" "mov eax,eax", "mov ebx,eax", "mov ecx,eax",
"mov edx, eax", "mov ebp,eax", "mov esi,eax"
*** ***
!
! 'cmp *,0ab' - , 'cmp *,000ab' -
5.83 ,
. 7.40 '/'
: "push *10 / call * / add *"
: :
------------- ---------
push 00010 push 00010
call 01234:05678 push 00011
add sp,00006 add ax,00006
6.10 / ,
. "filArg" F4
/.

Crypt ( F7 in Edit )
DEMO
/ / .
/ byte/word/dword/qword,
F2. "LOOP numberLine", "Loop
1" .
:
Reg : neg,mul,div
Reg-Reg: mov,xor,add,sub,rol,ror,xchg,and,or
Reg-Imm: mov,xor,add,sub,rol,ror,and,or
Imm : mul,div,loop
8/16/32/64- , ,
AL/AX/EAX/RAX,
,
.
:
*
* loop jmp/stop
* rol/ror , ..
ROL AX,CL ROL AL,CX
* ( 7.40) mul rax ,

* ( 7.40) div rax ,
. rax, - rdx
:
a. -XOR- 0AAh:
1. XOR al,0aah
2. LOOP 1 ; .
b. -XOR-
1. MOV dx,0
2. XOR ax,dx ; F7 ""
3. ADD dx,1 ;
4. LOOP 2 ;
/
5.40 NE/LX/PE (
) , /.
.
NE/LX
SSSSOOOO, SSSS - NE, LX, OOOO -
. SSSS ,
.
LX, 0xFFFF (. 1
FC.EXE) (. SD386),
, .0x200234, 0x20000 .
, /
( :-)
*NB!* '.',
, .
F5:
a: (NE) .10023 - 0x0023
b: (NE/LX/PE) .23 - 0x0023
c: (LX) .10023 - 0x10000
0x0023
d: (PE) .401023 - 401023
,
NE/LX/PE . dual-EXE
. MZ,
NewExe.

7.00 64 4
"32'32"
, .
64 ,
(>89) 32,
.


DEMO
,
' '
Ctrl- - - Ctrl- .
Ctrl-0 0. Ctrl-Minus
Ctrl-1..Ctrl-8
/ / , ''

/:
Ctrl-Minus - Macro manager ( )
Ctrl-. - / Macro0
Ctrl-0 - Macro0
Ctrl-1 - Macro1
...
Ctrl-8 - Macro8
Macro manager:
Enter -
F2 - From 0 - 0
F4 - Delay - ' '
F5 - Rename -
F8 - Unload -
F9 - Store - ( DEMO)
F10 - Load - ( DEMO)
F11 - Up -
F12 - Down -
AltF1 - Loop - ' '
AltF2 - FailSr -
hiew : /MACRO0=<filename>


7.10 (Alt-F6) exe- .

ascii-.
, .
ini- 'MinStringLength='
4.
. 1000 .

INI-
DEMO
, HIEW.EXE HIEW.INI
. ini-
: "/INI="
: "[HiewIni 5.03]".
( ';' ) .
Ini- ,
, , __ , hiew.ini
: "Bar=...".
HIEW.INI

HEMKEYS.INI-
DEMO
7.45 hem- HEMKEYS.INI
hem- hem (F11).
'[HemKeys 7.45]'.
:
k: hemfile
.
.
hem- c .
:
[HemKeys 7.45]
w: FileWalker.hem
V: PEVERIFY

SAV-
DEMO
Hiew savefile (HIEW.SAV
savefile= INI-) (Ctrl/F10 -
SaveState). HIEW.SAV :
/SAV=<savefile> - HIEW.SAV

XLT-
HIEW.XLT //.
. / .
typedef struct{
BYTE sign[ 9 ], // "HiewXlat",0
unused[ 5 ],
versionMajor, // 0x05
versionMinor; // 0x40
}XLAT_HEADER;
typedef struct{
BYTE title[ 16 ], // F8
tableOut[ 256 ], //
tableIn[ 256 ], //
tableUpper[ 256 ]; //
}XLAT;
- 15.
F8-F9 (text mode),
AltF8-F9 ( . editmode)

Hiew [options] [/s]filemask...[/s][filemask]
/O[thc]=OEP|END|[.]offset[th] - ( DEMO)
/MACRO0=<macrofile> - ( DEMO)
/SAV=<savefile> - savefile ( DEMO)
/INI=<inifile> - inifile ( DEMO)
[/s]filemask...[/s][filemask] - ,
.
* /s :
hiew /s *.dll *.exe /s *.txt -> .dll .exe
.txt
* '/O' , hiew:
-
- (16) 't'
:
- 'END' ( )
- 'OEP' ( ) Exe-
:
/Ot=END - ,
/Oc=OEP - ,
/Oh=1234 - hex , 1234 (hex)
/Oh=0x1234 -
/Oh=1234t - hex , 1234 (decimal)
/Oc=.401234 - , 401234
* 7.40 '/O'
CtrlF9/CtrlF11/CtrlF12

<sen@kemtel.ru>, <eugenys@gmail.com>