A hex editor is a “special purpose” editor. It is different from a regular text ediro in that the hex editor displays the raw binary content of a given file, without applying any text encoding or typesetting. A hex editor is mainly used in forensic or low level editing situation. It can be use for example: repairing disk image and partition, reverse engineering binary code, patching emulator ROM files, analyzing malware, etc.
One of good HEX editor available for Linux is wxHexEditor, which will be discussed here.
wxHexEditor is using wxWidgets libraries, therefore it can be compiled on top of various platform supported by wxWidgets.
In this article we will limit ourself to some operating system: Windows, Mac, and Linux.
The latest version of wxHexEditor is 0.22, which will be used in this article.
wxHexEditor offers a number of powerful features.
- 64-bit file descriptors supporting files or devices of up to 2^64 bytes.
- Extremely fast with handling large files by not copying the whole files to RAM.
- Can handle multiple byte insertions or deletions without creating a temp file.
- Low memory footprint (e.g., 25 MB memory for opening multi GB files).
- Disassembly support for x86, x86-64, MMX, SSE, SSE2, SSE3, AMD-V, Intel VT-x.
- Support for process memory editing.
- Can handle XOR-based obfuscation.
- Multiple views to show multiple files.
- Support for multiple encodings (e.g., UTF8/16/32, Shift JIS, GBK, EUC, etc).
To compile wxHexEditor, we need wxWidgets library with version 2.8.11 or higher.
You can follow this article to install wxWidgets if you don’t have it yet.
wxHexEditor offers a binary installer which compiled using MinGW. You can download it here.
Once the download finished, you will have a new zip archive name wxHexEditor-v0.22a-Win32.zip.
Mac OS Installation
Mac OSX users can download precompiled static binary for MacIntel. You can download the installer here.
To install wxHexEditor on Debian and it’s derivation, you can install via GetDeb Apps repositories. Here are the commands you need to invoke to install wxHexEditor:
wget -q -O – http://archive.getdeb.net/getdeb-archive.key | sudo apt-key add - sudo sh -c ‘echo “deb http://archive.getdeb.net/ubuntu $(lsb_release -cs)-getdeb apps” >> /etc/apt/sources.list.d/getdeb.list’ sudo apt-get update sudo apt-get install wxhexeditor
Alternatively, you can build wxHexEditor from source:
sudo apt-get install debhelper libdisasm-dev libmhash-dev libwxbase2.8-dev libwxgtk2.8-dev wx-common wx2.8-headers svn checkout svn://svn.code.sf.net/p/wxhexeditor/code/trunk wxHexEditor cd wxHexEditor make OPTFLAGS=”-fopenmp”
RPM Package Way
If you are using CentOS or RHEL, you need to enable Repoforge repository first.
To install wxHexEditor, you can build it from source, as follows:
sudo yum install libtool gcc-c++ wxGTK-devel svn checkout svn://svn.code.sf.net/p/wxhexeditor/code/trunk wxHexEditor cd wxHexEditor make OPTFLAGS=”-fopenmp”
If you encounter following problems:
/lib/libgbm.so.1: undefined reference to `wayland_buffer_is_drm'
then you need to updating mesa-libgbm package.