06 February 2016

Two advanced free hex editors for Windows

Back in the day when all of my software were pirated software, WinHex is the single best thing I ever need. Now to replicate its functionality I have to combine two application HexEdit and TinyHexer or more.

TinyHexer

1. TinyHexer was my first free hex editor, it was the best during its time and probably still if only it support big file. The homepage www.mirkes.de has gone so you need to find mirror for mpth_18.exe or mpthme_18.exe. Here is mirror from softpedia http://download.softpedia.com/kRHV01DUV2Ym8XNnMprEEBK6t2a4wgfe/software/programming/.

TinyHexer's strength lies on good manipulation features and plugins which serious user will establish workflow with this tool. Furthermore tinyhexer is highly extendable, it has Delphi SDK (the file is gone?), scripting and macro replay. TinyHexer also has good reference help including scripting but not covering many of its plugins. One to note somehow tinyhexer doesn't allow paste in overwrite mode, make it hard when you have to combine/patching part of files, another minor inconvenient is the full page mouse scrolling.

HexEdit

2. HexEdit (okay what an ambiguous name here :P) the homepage is http://www.hexedit.com/. Personally I use this as tinyhexer replacement, but not for all features otherwise some are overlapped between the two. For example HexEdit missing opening process' memory but beside that HexEdit is completely different kind of hex editor. The overwhelming editing aids such track changes, mark/bookmark, highlighter, etc really make HexEdit like a word processor for binary files. Manipulation feature also extensive, lots of bitwise operation and conversion it even has data encryption (built-in) and arbitrary compression (via Zlib). HexEdit also have user expandable file structure template for analysis similar to tinyhexer.

One of its unique feature (WinHex can do this) that I like is "Keep Same Time" toggle which keep file date modification once you done editing. Its search function is comparable (no regexp unfortunately) but slower to tinyhexer. Startup also rather slow probably because its complex UI (based on MFC). The bundled manual is excellent, you'll need it for something like this. HexEdit also extendable via macro replay. In short HexEdit is the most advanced (if not overkill) open source hex editor I have ever used.


The niche extras. Two more hex editor deserve mention here for its built-in live disassembly and other for low-level operation.

FileInsight

3. FileInsight from McAfee http://www.mcafee.com/us/downloads/free-tools/index.aspx is hex editor specific for malware analysis so large file support is not a concern. Live disassembly is done using libdasm, by the way it will produce assembly for *any* interpretable binary data. The interface is rather flashy :D, I think this is a Delphi app. Its PE structure analysis is on par with the tinyhexer's plugin. And despite being niche, FileInsight also extendable, this time using JavaScript (via built-in spidermonkey engine) or Python (need preinstalled python). Note that open source wxHexEditor also can do live disassembly (via udis86) with other feature similar to the popular HxD.


disk editor
 
4. Active @ Disk Editor http://lsoft.net/disk_utilit.aspx is a low-level access hex editor that I have no other free comparison. The first two hex editor here able to open disk in raw however without the ability to traverse or sync with actual filesystem those two miss the usefulness. Most forensic tools also do low-level (raw mode) but usually for read-only acquisition and reinterpret the filesystem wholly including orphaned files (recovery) which Active @ Disk Editor doesn't (that what paid Active @ UNDELETE will do). Supported filesystem include: NTFS, FAT, HFS+, ExtFS, UFS and BtrFS. Like hexedit and tinyhexer, diskeditor also have templates in this case: boot record, partition table and so on. I found the interface rather confusing (Qt based) and could be more streamlined but this is no major issue. As bonus it could edit disk images too.

 

2 comments:

  1. The Tiny Hexer plugin SDK if you need: http://filebin.ca/2WAUILPPj4Cv/thsdk.zip

    ReplyDelete