EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 07-13-2018, 08:25
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 472
Rept. Given: 2,078
Rept. Rcvd 663 Times in 204 Posts
Thanks Given: 412
Thanks Rcvd at 484 Times in 93 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
Inline Empty Byte Finder

Inline Empty Byte Finder is a tool designed to help you find a location inside an executable or dll file to create an inline patch or code cave. It can check for specific section flags to meet the requirements for your inline. Inline finder searches for areas the meet the size that you specify, but also lists how many extra bytes are available at that offset. It searches for the empty bytes by section to prevent the code cave from overlapping other sections.

Features:
  • Drag and Drop Support
  • Command line Support
  • Define Empty Byte Value
  • Define needed Section Flags

Download:
Code:
https://mega.nz/#!p50zUS4Y!xSTu4qaEgUIFXYzIEmU_lqBOESEf4usKRQe1J2LduAc

Screenshot:

Code:
https://1.bp.blogspot.com/-FO3PxX1cMPI/W0FgpG2TZFI/AAAAAAAAAuk/XD5jk8xnFZAUTq2VmrMnliy6OS4H3uHGwCLcBGAs/s400/InlineFinder_2018-07-07_20-52-02.png
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following 5 Users Gave Reputation+1 to chessgod101 For This Useful Post:
b30wulf (07-16-2018), canopus (08-11-2018), CodeCracker (07-13-2018), MarcElBichon (07-14-2018), niculaita (07-14-2018)
The Following 15 Users Say Thank You to chessgod101 For This Useful Post:
2late (07-24-2018), besoeso (07-14-2018), CodeCracker (07-13-2018), dosprog (07-13-2018), Hypnz (07-13-2018), Mahmoudnia (07-14-2018), Megin (07-14-2018), niculaita (07-14-2018), NoneForce (07-14-2018), taos (07-13-2018), TechLord (07-13-2018), user_hidden (07-13-2018), wilson bibe (07-13-2018), zeffy (07-13-2018), Zeokat (07-14-2018)
  #2  
Old 07-13-2018, 14:44
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Please add possibility to call Hiew32.exe with PE-file name and PE-offset from selected line of listing.
Reply With Quote
The Following User Says Thank You to dosprog For This Useful Post:
zeuscane (07-14-2018)
  #3  
Old 07-14-2018, 04:33
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 472
Rept. Given: 2,078
Rept. Rcvd 663 Times in 204 Posts
Thanks Given: 412
Thanks Rcvd at 484 Times in 93 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
That's a very good idea, dosprog. Here is an updated release with the feature implemented:
Download:
Code:
https://mega.nz/#!I582nATZ!cziRlP7krGlQQ0sBe-CdcB17SraXWkOETy2U21HWWz4
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following 4 Users Say Thank You to chessgod101 For This Useful Post:
besoeso (07-14-2018), dosprog (07-14-2018), Mahmoudnia (07-14-2018), zeuscane (07-14-2018)
  #4  
Old 07-14-2018, 06:51
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Great.

Duplicate, please, context menu functions HEX/ASM with keys <F3> & <F4>.

Then the context menu should look like this:

|------------------------------
| <F3> = Follow offset in HEX
| <F4> = Follow RVA in DASM
|------------------------------

--Add--

Little bug: Settings->Hiew32Path not saved on exit.
Works only if Hiew32 Path selected in current program session.

Last edited by dosprog; 07-14-2018 at 07:16.
Reply With Quote
The Following User Says Thank You to dosprog For This Useful Post:
niculaita (07-14-2018)
  #5  
Old 07-14-2018, 09:50
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 472
Rept. Given: 2,078
Rept. Rcvd 663 Times in 204 Posts
Thanks Given: 412
Thanks Rcvd at 484 Times in 93 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
Quote:
Little bug: Settings->Hiew32Path not saved on exit.
Works only if Hiew32 Path selected in current program session.
It does save the path on exit. Make sure you run it as admin so it can create the Settings.ini file in the application directory.
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
niculaita (07-14-2018), TechLord (07-14-2018)
  #6  
Old 07-14-2018, 16:17
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Run as admin Ok.
But file settings.ini not created.

It created only if Hiew32.exe placed at program directory ("E:\1\")
then HiewPath = E:\1\HIEW32.EXE.

When "settings.ini" edited manually to set
HiewPath=C:\EDITOR\HEX\HIEW\HIEW800\HIEW32.EXE
- then works Ok.

May be problems with selecting/saving too complex path?


Last edited by dosprog; 07-14-2018 at 16:22.
Reply With Quote
  #7  
Old 07-15-2018, 03:48
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 472
Rept. Given: 2,078
Rept. Rcvd 663 Times in 204 Posts
Thanks Given: 412
Thanks Rcvd at 484 Times in 93 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
I found the issue. I failed to note that the CurrentDirectory is reset when a file is passed via command line. I used an alternate method to obtain the exe directory:
Code:
https://mega.nz/#!ZhdDlKKT!sawucwBXtwKeViQROViMXg4rivMGSNJURZoyN9dOx1k
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following User Says Thank You to chessgod101 For This Useful Post:
tonyweb (07-15-2018)
  #8  
Old 07-15-2018, 14:06
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
Ok. Works fine.

Quote:
Originally Posted by chessgod101 View Post
I found the issue. I failed to note that the CurrentDirectory is reset when a file is passed via command line. I used an alternate method to obtain the exe directory.
The best way is using GetCommandLine().

-- add --

What about creating accelerators <F3> & <F4>? - Really needed function


Last edited by dosprog; 07-15-2018 at 14:14.
Reply With Quote
  #9  
Old 07-15-2018, 23:33
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 472
Rept. Given: 2,078
Rept. Rcvd 663 Times in 204 Posts
Thanks Given: 412
Thanks Rcvd at 484 Times in 93 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
Here is version 1.3. I added sorting to the columns and hotkeys for the hiew functions:
Code:
https://mega.nz/#!159GGIgK!XUzoE3GcIh_6b5AtyxX2OnfGskZua43ULyssOsw9y9w
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following 2 Users Say Thank You to chessgod101 For This Useful Post:
dosprog (07-15-2018), niculaita (07-15-2018)
  #10  
Old 07-16-2018, 00:15
dosprog dosprog is offline
Friend
 
Join Date: Feb 2018
Posts: 60
Rept. Given: 0
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 23
Thanks Rcvd at 71 Times in 34 Posts
dosprog Reputation: 7
) I beg your pardon, i'm created new theme -> here <-
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 14:23.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX