FlexHex

FlexHex is a freeware hex editor for Microsoft Windows that can edit files, NTFS alternate streams and sparse data, OLE compound files, logical disks, and physical drives. [1][2][3][4][5][6]

FlexHex
Developer(s)Inv Softworks
Stable release
2.7 / October 12, 2018 (2018-10-12)
Written inC++
Operating systemWindows
Available inEnglish
TypeHex editor
LicenseProprietary (free for non-commercial use)
Websitewww.flexhex.com

Technology

FlexHex uses the 'edit stack' model, representing the file being edited as the unchanged original stream and a stack of primitive editing operations. The original file is kept intact and gets modified only when the user selects the Save command. The advantages of this model are 1) the file does not need to be read into memory so there is no file size limit, and 2) an unlimited Undo/Redo list can be implemented simply by traversing the operation stack.

FlexHex is written on Visual C++ and MFC, which makes it very fast while keeping the size small enough.

Features

In addition to the standard features more or less typical for other hex editors, FlexHex offers a few unique ones. Specifically, FlexHex is the only hex editor that can create or edit NTFS alternate streams, sparse files, and OLE structured storage.

  • Edits files, alternate streams, OLE compound files, logical and physical disks,
  • Can edit files up to 8 exabytes long,
  • Includes unlimited Undo and Redo,
  • Allows to define arrays, structures, and unions, and to map them to the file contents,
  • Supports arithmetic and bitwise operations on data,
  • Supports multi-format search, including single-pass search for multiple patterns,
  • Scans file for strings, Unicode strings, or GUIDs,
  • Full and partial comparison of files and streams,
  • Multi-format copy, paste, drag-and-drop,
  • File / selected area printing,
  • CRC-32, MD5, SHA-1, SHA-256 checksums,
  • Cryptographically strong AES-based random number generator,
  • Browsing of registered COM classes.
gollark: I had to reverse-engineer the Python random number generator and create a very precise electromagnetic interference generator to meddle with my CPU's HWRNG, but it was totally worth it.
gollark: ++choose 1000 lyricly gollark
gollark: Watch.
gollark: No, ABR runs AutoBias™ 2.1.
gollark: What bias? AutoBias™ 2.1?

See also

References

  1. "x86 Disassembly/Analysis Tools". wikibooks.org.
  2. "6 Hex Editors for Malware Analysis". SANS Digital Forensics and Incident Response Blog.
  3. Sikorski, Michael; Honig, Andrew (2012). Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software. No Starch Press. ISBN 9781593272906.
  4. Marak, Victor (2015). Windows Malware Analysis Essentials. Packt Publishing. ISBN 1785281518.
  5. "Hex-редакторы vs. malware".
  6. "Malware Forensic Field Guides: Tool Box".
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.