Tag Archive : hex editor

/ hex editor

Installing wxHexEditor

December 9, 2015 | Article | No Comments

A hex editor is a “special purpose” editor. It is different from a regular text ediro in that the hex editor displays the raw binary content of a given file, without applying any text encoding or typesetting. A hex editor is mainly used in forensic or low level editing situation. It can be use for example: repairing disk image and partition, reverse engineering binary code, patching emulator ROM files, analyzing malware, etc.

One of good HEX editor available for Linux is wxHexEditor, which will be discussed here.

wxHexEditor is using wxWidgets libraries, therefore it can be compiled on top of various platform supported by wxWidgets.

In this article we will limit ourself to some operating system: Windows, Mac, and Linux.

There is also a specific article for installing wxHexEditor for Slackware, which can be used as a guide for installing wxHexEditor from source code.

The latest version of wxHexEditor is 0.22, which will be used in this article.

wxHexEditor Features

wxHexEditor offers a number of powerful features.

  • 64-bit file descriptors supporting files or devices of up to 2^64 bytes.
  • Extremely fast with handling large files by not copying the whole files to RAM.
  • Can handle multiple byte insertions or deletions without creating a temp file.
  • Low memory footprint (e.g., 25 MB memory for opening multi GB files).
  • Disassembly support for x86, x86-64, MMX, SSE, SSE2, SSE3, AMD-V, Intel VT-x.
  • Support for process memory editing.
  • Can handle XOR-based obfuscation.
  • Multiple views to show multiple files.
  • Support for multiple encodings (e.g., UTF8/16/32, Shift JIS, GBK, EUC, etc).

Dependencies

To compile wxHexEditor, we need wxWidgets library with version 2.8.11 or higher.

You can follow this article to install wxWidgets if you don’t have it yet.

Windows Installation

wxHexEditor offers a binary installer which compiled using MinGW. You can download it here.

Once the download finished, you will have a new zip archive name wxHexEditor-v0.22a-Win32.zip.

Mac OS Installation

Mac OSX users can download precompiled static binary for MacIntel. You can download the installer here.

Linux Installation

Debian Way

To install wxHexEditor on Debian and it’s derivation, you can install via GetDeb Apps repositories. Here are the commands you need to invoke to install wxHexEditor:

wget -q -O – http://archive.getdeb.net/getdeb-archive.key | sudo apt-key add -
sudo sh -c ‘echo “deb http://archive.getdeb.net/ubuntu $(lsb_release -cs)-getdeb apps” >> /etc/apt/sources.list.d/getdeb.list’
sudo apt-get update
sudo apt-get install wxhexeditor

Alternatively, you can build wxHexEditor from source:

sudo apt-get install debhelper libdisasm-dev libmhash-dev libwxbase2.8-dev libwxgtk2.8-dev wx-common wx2.8-headers
svn checkout svn://svn.code.sf.net/p/wxhexeditor/code/trunk wxHexEditor
cd wxHexEditor
make OPTFLAGS=”-fopenmp”

RPM Package Way

If you are using CentOS or RHEL, you need to enable Repoforge repository first.

To install wxHexEditor, you can build it from source, as follows:

sudo yum install libtool gcc-c++ wxGTK-devel
svn checkout svn://svn.code.sf.net/p/wxhexeditor/code/trunk wxHexEditor
cd wxHexEditor
make OPTFLAGS=”-fopenmp”

Troubleshoot

If you encounter following problems:

/lib/libgbm.so.1: undefined reference to `wayland_buffer_is_drm'

then you need to updating mesa-libgbm package.

Installing wxHexEditor for Slackware64

December 9, 2015 | Article | No Comments

A hex editor is a “special purpose” editor. It is different from a regular text ediro in that the hex editor displays the raw binary content of a given file, without applying any text encoding or typesetting. A hex editor is mainly used in forensic or low level editing situation. It can be use for example: repairing disk image and partition, reverse engineering binary code, patching emulator ROM files, analyzing malware, etc.

One of good HEX editor available for Linux is wxHexEditor, which will be discussed here.

In this article, I use following:

  1. Slackware64 14.0
  2. wxHexEditor – source code.

There is also an article for installing wxHexEditor in several operating system.

wxHexEditor Features

wxHexEditor offers a number of powerful features.

  • 64-bit file descriptors supporting files or devices of up to 2^64 bytes.
  • Extremely fast with handling large files by not copying the whole files to RAM.
  • Can handle multiple byte insertions or deletions without creating a temp file.
  • Low memory footprint (e.g., 25 MB memory for opening multi GB files).
  • Disassembly support for x86, x86-64, MMX, SSE, SSE2, SSE3, AMD-V, Intel VT-x.
  • Support for process memory editing.
  • Can handle XOR-based obfuscation.
  • Multiple views to show multiple files.
  • Support for multiple encodings (e.g., UTF8/16/32, Shift JIS, GBK, EUC, etc).

Installation

Dependencies

To compile wxHexEditor, we need wxWidgets library with version 2.8.11 or higher.

You can follow this article to install wxWidgets if you don’t have it yet.

You also need wxPython to do so.

Obtain the Materials

Source code for wxHexEditor is hosted at sourceforge with latest version is 0.22 Beta. You can download the source code here.

Next, extract it and you will have a directory of the source code. Change to that directory, the rest of compilation will be assumed that we are here.

Compilation

Invoke these series of commands to build wxHexEditor (using root privileges to install):

make OPTFLAGS="-fopenmp"
su -c "make install"

Other Installation Methods

Slackbuilds

A slackbuild script has been provided here. However, the version supported there is 0.20.

You can download the source code and slackbuild script and do slackbuild on your system.

Install from RPM Package

Installing from RPM package means you need to convert the corresponding .rpm package to Slackware compatible. This package is actually used for Red Hat and it’s derivative distributions.

First you need to obtain the package.

For example, I obtain one package from pkgs.org which is wxHexEditor-0.22-2.1.x86_64.rpm

Then do conversion by rpm2tgz tool:

rpm2tgz wxhexeditor-0.22-2.1.x86_64.rpm

And then install it by:

su -c "upgradepkg --install-new wxhexeditor-0.22-2.1.x86_64.tgz"

Install from Deb Package

Installing from Deb package means you need to convert the corresponding .deb package to Slackware compatible. This package is actually used for Debian and it’s derivative distributions.

First you need to obtain the package.

For example, I obtain one package from pkgs.org which is wxHexEditor-0.22-repack-1_amd64.deb

Then do conversion by deb2tgz tool:

deb2tgz wxhexeditor_0.22+repack-1_amd64.deb

And then install it by:

su -c "upgradepkg --install-new wxhexeditor_0.22+repack-1_amd64.tgz"

Social media & sharing icons powered by UltimatelySocial