Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   HIEW32 Plugins Collection (https://forum.exetools.com/showthread.php?t=18736)

dosprog 05-14-2018 10:30

PE_OVL.HEM PlugIn for HIEW32
 
PE_OVL.HEM PlugIn for HIEW32
for Strip/Add/Save/Goto overlay of PE-EXE file.

Logic:
Quote:

If PE-EXE contains the overlay
then select:
-Strip overlay
-Append or replace overlay from file
-Save overlay to file
else
-Append overlay from file
Plugin Actions Menu:
Quote:

Overlay:
- Strip
- Add
- Save
- Goto
See ->Start Post <-



dosprog 05-14-2018 15:23

Note about using HEM-plugins
 
Not only everyone(c) knows that you can speed up
the launch of Plug-Ins using the "hemkeys.ini" file.
For example:
Quote:

[HemKeys 7.45]
c: crack
w: pe_rwe
o: pe_ovl
t: pe_tails
h: pe_hints
v: peverify
e: peentrypointhere
a: checksum
g: goto

dosprog 05-29-2018 18:20

Goto.HEM - PlugIn for HIEW32
 
GOTO.HEM - HEM-PlugIn for locate some positions in MZ-PE-EXE file.

Menu available:
Quote:

Goto MZ:
========
MZ relocs
MZ relocs END

Goto PE:
========
MZ Header ...
PE Header
PE Characteristics
PE Directories
PE Directories END
PE Obj Table
PE Obj Table END
PE Overlay

See ->Start Post <-



dosprog 06-09-2018 15:28

Updated 5 PlugIns for manipulate with PE-EXE.
(Now if file opened in Hiew is not PE, then PE_xxxx PligIns not listed in Hiew32 PlugIns Menu).

Updated full PlugIns archive.

See ->Start Post <-

agoo 06-12-2018 11:11

Quote:

Originally Posted by an0rma1 (Post 113130)
I found this: https://github.com/lallousx86/pyhiew

And an example able to retrieve results from virustotal: https://github.com/matrosov/pyHiew/blob/master/vt_check.py

Be aware of some malware in this site I found a while ago.

sendersu 06-13-2018 18:11

you say malware found @github? :)
how come... or maybe it started to happen after MS bought GH by 7 500 000 000 usd? :)

dosprog 06-14-2018 17:42

) sendersu, he got little excited

dosprog 06-23-2018 09:54

Goto.HEM - PlugIn for HIEW32 (updated)
 
Goto.HEM - added new option "Goto PE CheckSum".

Menu available:
Quote:

Goto MZ:
========
MZ relocs
MZ relocs END

Goto PE:
========
MZ Header ...
PE Header
PE Characteristics
PE CheckSum <-------NEW OPTION----
PE Directories
PE Directories END
PE Obj Table
PE Obj Table END
PE Overlay

See ->Start Post <-

dosprog 01-07-2019 19:10

Happy NY 2 all

@Jupiter,
test, please, HEM-plugin KBD_CYR.HEM with new version 8.66, if possible
- because in leaked vmprotected version it doesn't works.

chessgod101 01-08-2019 03:47

@dosprog, The plugin loads in my legal copy. This is the output for characters a-z on an English keyboard.
Code:

https://i.imgur.com/SMnal27.png

dosprog 05-26-2020 18:37

New plugins released 2020:

--> BASE64.HEM <-- (17 apr 2020) - HEM-PlugIn produces BASE64 string for marked block (16Mb max.)

--> SECTOR.HEM <-- (18 apr 2020) - HEM-PlugIn for write sector(s) of disk to a file (256 sectors max.).

--> PE_SPLIT.HEM <-- (24 apr 2020) - HEM-Plugin - Split & Join 32-bit PE-file. (Prototype is --> PEU <-- by A.Quincey,1998)

--> BL_FILE.HEM <-- (26 apr 2020) - HEM-PlugIn writes selected block to a file with HEX-address as filename.


dosprog 05-26-2020 19:12

--> PE_TIME.HEM <-- (23 apr 2020) - HEM-Plugin - PE-file LinkTime<-> FileTime.

TQN 06-27-2020 15:51

Another excellent HEM plugin by Tavis Ormandy, view data structures in Kaitai format:
https://github.com/taviso/kiewtai

dosprog 09-10-2020 11:13

Updated PlugIn MBYTE2.HEM
- Added "Raw" Option.
- Fixed "Asm" transtation (removed invalid comma at EOL)

Now converted bytes :

C-code:
Quote:

#define MB_BUF_SIZE 0x6
unsigned char marked_bytes[MB_BUF_SIZE] = {
0x48, 0x49, 0x45, 0x57, 0x33, 0x32
};

Asm-code:
Quote:

;MB_BUF_SIZE equ 06h
marked_bytes label byte ;{
db 048h, 049h, 045h, 057h, 033h, 032h
;}
Raw-bytes:
Quote:

48 49 45 57 33 32
Download: MBYTES2.HEM

dosprog 10-08-2020 08:54

Updated PlugIn MBYTE2.HEM
- Fixed "Asm" translation (missing ending 2 symbols)

Download:MBYTES2.HEM


All times are GMT +8. The time now is 21:45.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2023, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX