#1
|
|||
|
|||
HIEW32 Plugins Collection
Simple useful plugins for HIEW32, created 2017..2024:
--------------------------------------------------- CRACK.HEM HEM-PlugIn - compares binary files. Reports differences as CRK-file for using with CRACKER.EXE. Adds to CRK as comment all available defined HIEW32 labels/names. (Original idea by Jupiter). GOTO.HEM HEM-PlugIn for locate some positions in MZ & PE-EXE. PE_RWE.HEM HEM-PlugIn - sets attributes of all sections in PE into r/w/e. (See comment at post#3) (Original idea by me). PE_TAILS.HEM HEM-PlugIn - corrects "tails of sections" in PE. (Sets VirtSize>=PhisSize for all) (See comment at post#3) (Original idea by me). PE_TAIL!.HEM HEM-PlugIn - Reports if file location in "tail of sections" in PE. (Original idea by me). PE_HINTS.HEM HEM-PlugIn - for correcting import hints in 32-bit PE-file. (Original idea by FalseMaster). PE_OVL.HEM HEM-PlugIn - Manipulates with PE-file Overlay. PE_ASLR.HEM HEM-PlugIn - Sets/Clears RelocationsStripped Bit in PE-header. BLOCK.HEM HEM-PlugIn - operations with Block (Xor,Add,Sub string or file) (16Mb max.). (It's minor modification of standard HEM-plugin example). BL_MD5.HEM HEM-PlugIn - calculates MD5 sum of marked block (16Mb max.) MBYTES2.HEM HEM-PlugIn - Converts selected block of bytes into C/Asm "DB/DW/DD" code. Paste it from Clipboard. KBD_CYR.HEM HEM-PlugIn - for russify keyboard input in HIEW32.EXE. Available 6 keyboard mappings (LAT, RUS/UKR DOS/WIN, and DOS-ps.graphics) Starts when loaded, after pressing in HIEW32 <F11>-key. (Original idea by me). KBD_CYR.PNG - optional - Simple picture-help for KBD_CYR.HEM keyboard switcher. SECTOR.HEM - HEM-PlugIn for write sector(s) of disk to a file (256 sectors max.). PE_SPLIT.HEM - HEM-Plugin - Split & Join 32-bit PE-file. (Prototype is PEU by A.Quincey,1998) BL_FILE.HEM - HEM-PlugIn writes selected block to a file with HEX-address as filename. PE_TIME.HEM - HEM-Plugin - PE-file LinkTime<-> FileTime. (Original idea by FalseMaster) PE_Win9x.HEM - HEM-Plugin - Set for x32 PE-file OSVer/SubSys = 1/4 (for run on Win9x+). Locate.HEM - HEM-Plugin - Writes current file address with comment into file "Locate.txt". Copies address to clipboard (as Raw/VA/RVA). cursor.HEM - HEM-Plugin - Highlighting current line in Hex/Disasm modes in Hiew32. See attached archive (Updated 29 Mar 2024) ---------------------------------------------------------- See also: PlugIns from Fernando Merces (github.com/merces) - CopyAs.HEM - Hashes.HEM here: https://forum.exetools.com/showpost....3&postcount=40 See also: PlugIn from Tavis Ormandy (github.com/taviso) - KeyHelp.HEM here: https://forum.exetools.com/showpost....8&postcount=41 Last edited by dosprog; 03-29-2024 at 08:04. |
The Following User Gave Reputation+1 to dosprog For This Useful Post: | ||
MarcElBichon (04-03-2018) |
#2
|
|||
|
|||
Fix to HIEW32.EXE v.8.43 for cacheing of GOTO address
Fix to HIEW32.EXE v.8.43 for cacheing of GOTO address (when <F5> pressed).
File HIEW32.EXE v.8.43 must be unpacked. Use CRACKER.EXE with given patch file "GOTO_843.CRK". Discussed here: https://exelab.ru/f/index.php?action...5147&page=6#11 --Add-- This feature is already implemented in the new HIEW32 v.8.60. Last edited by dosprog; 04-09-2018 at 18:04. |
#3
|
||||
|
||||
===================================
Comment for HEM-plugin PE_TAILS.HEM =================================== Original PE-sections table of target example file: Quote:
Quote:
=================================== Comment for HEM-plugin PE_RWE.HEM =================================== Original PE-sections table of target example file: Quote:
Quote:
Last edited by dosprog; 04-02-2018 at 19:34. |
The Following User Says Thank You to dosprog For This Useful Post: | ||
Indigo (07-19-2019) |
#4
|
|||
|
|||
PE_ASLR.HEM PlugIn for HIEW32
for set/clear flag "Relocations Stripped" in PE-EXE file. See Start Post Last edited by dosprog; 06-09-2018 at 15:15. |
#5
|
|||
|
|||
Updated:
KBD_CYR.HEM HEM-PlugIn v.0.000b- for russify keyboard input in HIEW32.EXE vv.7.51, 8.10, 8.15, 8.40, 8.41, 8.43, 8.63. Available 6 keyboard mappings (LAT, RUS/UKR DOS/WIN, and DOS-ps.graphics) Starts when loaded, after pressing in HIEW32 <F11>-key. Version 0.000b - added support for HIEW32.EXE v.8.63. See ->Start Post <- Last edited by dosprog; 06-09-2018 at 15:21. |
#6
|
|||
|
|||
Mbytes2.HEM - HEM-PlugIn for converting HIEW multibyte selection into "DB/DW/DD" C/Asm code.
Based on standard HIEW32 plugIn example Mbyte2c.HEM by Dmitry.Andriyankov ,(c)2010. See ->Start Post <- Last edited by dosprog; 06-09-2018 at 15:21. |
The Following 4 Users Say Thank You to dosprog For This Useful Post: | ||
Indigo (07-19-2019), kienmanowar (04-20-2018), niculaita (04-09-2018), serseri_1453 (04-20-2018) |
#7
|
|||
|
|||
I use this plugin a lot:
DIE's plugin for HIEW http://ntinfo.biz/index.html , check it the link there. Very useful. |
The Following 3 Users Say Thank You to an0rma1 For This Useful Post: | ||
#8
|
||||
|
||||
Quote:
Tks! |
The Following User Says Thank You to kienmanowar For This Useful Post: | ||
Indigo (07-19-2019) |
#9
|
||||
|
||||
By Hiew External Module
"Hem modules are not loaded until the key F11 is pressed in any of the modes (Text/Hex/Code). If you were brave enough to press the key F11 and engage Hem modules, Hiew will scan special folder and its subfolders for Hem files. For each found file Hiew loads it, looks for exported entry point, and uses it for invoking module initializer. Subsequent Hem menu invocations processed without directory scan. " zeuscane
__________________
"Educate yourselves because we'll need all your intelligence. Stir yourselves because we'll need all your enthusiasm. Organize yourselves because we'll need all your strength." |
#10
|
|||
|
|||
Quote:
Then select item in plugins catalogue: "Marked bytes to C / Asm Source", select mode "Byte / Word / Dword", choose language "C / Asm" - selection set of bytes will be converted into "DB" source code and result of conversion will be copied into clipboard. Last edited by dosprog; 04-21-2018 at 16:02. |
#11
|
||||
|
||||
Here is my screen shot when i loaded file, marked ranges of bytes and pressed F11, but can not see "Marked bytes to C / Asm Source" option in plugins catalogue:
https://imgur.com/a/JsWJZON Regards, |
The Following User Says Thank You to kienmanowar For This Useful Post: | ||
Indigo (07-19-2019) |
#12
|
|||
|
|||
Hmm..
I'm tested this ->Ok<-. Note: Hiew selection of bytes must be ended by prssing <*> again. Then plugin that works with blocks will be present in plugins catalogue. Last edited by dosprog; 04-22-2018 at 01:21. |
The Following User Says Thank You to dosprog For This Useful Post: | ||
Indigo (07-19-2019) |
#13
|
|||
|
|||
Updated:
KBD_CYR.HEM HEM-PlugIn v.0.001a- for russify keyboard input in HIEW32.EXE (all versions). Available 6 keyboard mappings (LAT, RUS/UKR DOS/WIN, and DOS-ps.graphics) Starts when loaded, after pressing in HIEW32 <F11>-key. Version 0.001b - added support for any version of HIEW32.EXE . See ->Start Post <- Last edited by dosprog; 06-09-2018 at 15:22. |
The Following User Says Thank You to dosprog For This Useful Post: | ||
Indigo (07-19-2019) |
#14
|
|||
|
|||
I found this: https://github.com/lallousx86/pyhiew
And an example able to retrieve results from virustotal: https://github.com/matrosov/pyHiew/blob/master/vt_check.py |
The Following User Says Thank You to an0rma1 For This Useful Post: | ||
Indigo (07-19-2019) |
Tags |
hem, hiew |
Thread Tools | |
Display Modes | |
|
|