292 lines
12 KiB
Plaintext
292 lines
12 KiB
Plaintext
|
||
±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
±±±±±±±ÅÅÅÅÅÅÅÅÅű±±ÅÅÅÅÅÅÅÅÅű±±ÅÅÅÅű±±±ÅÅÅű±±±±±±±±±± ‘ã᫨ª®¢ ±±±±±±±±±±±±
|
||
±±±±±±ÅÅÅÅ°°°°°°°°±ÅÅÅÅ°°°°°°°°±ÅÅÅÅÅÅ°±±ÅÅÅÅ°°±±±±±±±±±± …¢£¥¨© °°±±±±±±±±±±
|
||
±±±±±ÅÅÅÅ°°±±±±±±±ÅÅÅÅ°°±±±±±±±ÅÅÅÅ°ÅÅ°±ÅÅÅÅ°°±±±±±±±±±±± <20>¨ª®« ¥¢¨ç °°±±±±±±±±±±
|
||
±±±±ÅÅÅÅÅÅÅÅÅű±±ÅÅÅÅÅÅÅÅÅű±±ÅÅÅÅ°°ÅÅ°ÅÅÅÅ°°±±±±±±±±±±±±±±°°°°°°°°°°°°±±±±±±±±±±
|
||
±±±±±°°°°ÅÅÅÅ°°±ÅÅÅÅ°°°°°°°°±ÅÅÅÅ°°±ÅÅÅÅÅÅ°° voice: (384-2-)23-31-40 ±±±
|
||
±±±±±±±±ÅÅÅÅ°°±ÅÅÅÅ°°±±±±±±±ÅÅÅÅ°°±±ÅÅÅÅÅ°°± FIDO: 2:5020/35.200 °°±
|
||
±ÅÅÅÅÅÅÅÅÅÅ°°±ÅÅÅÅÅÅÅÅÅű±±ÅÅÅÅ°°±±±ÅÅÅÅ°°±± E-mail: sen@suslikov.kemerovo.su °°±
|
||
±±°°°°°°°°°°±±±°°°°°°°°°°±±±°°°°±±±±±°°°°±±±±±°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°±
|
||
±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
Release 5.16 28 May 1996
|
||
|
||
( English translation: M.Korneff )
|
||
|
||
±±±± Contents ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
1. About HIEW
|
||
2. Assembler mode
|
||
3. Basing
|
||
4. Block operations
|
||
5. Video modes
|
||
6. Status bar
|
||
7. Keys
|
||
8. Bookmarks
|
||
9. Jumps (call/jmp) in the disassembler mode
|
||
10. Search/replace operations
|
||
11. Crypt operations
|
||
12. INI file
|
||
13. SAV file
|
||
14. History
|
||
|
||
±±±± About HIEW ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
Basically HIEW (Hacker's view) is a hex viewer for those who need
|
||
change some bytes in the code (usually 7xh to 0EBh). Hiew is able to view
|
||
unlimited length files in text/hex modes and in 386 disassembler mode.
|
||
|
||
Features:
|
||
|
||
þ Text/hex mode editor
|
||
þ Built-in 386 assembler
|
||
þ HIEW is able to create new files
|
||
þ Search and replace mode (can be restricted to block size)
|
||
þ Context-sensitive help (but who needs any goddamned help anyways? HIEW can
|
||
operate without help file HIEW.HLP)
|
||
þ Search of assembler commands using pattern (for real hackers!)
|
||
þ Version 5.02 compiled for OS/2, EXE for DOS use as stub
|
||
|
||
±±±± Assembler mode ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
"Byte/word/dword/pword ptr" may be abbreviated to "b/w/d/p". All
|
||
numbers are hex, so the letter "h" is optional. You can use math operations
|
||
(i.e. mov bx, [123+23-46h] = mov bx,[100h]). Error messages are very brief
|
||
(invalid command, syntax error, invalid operand, missing/invalid size).
|
||
Unconditional JMP will be translated to 0E9 XX XX, so if you want near jump
|
||
(0EB), you have to type jmp short xxxxx (or jmps xxxxx ).
|
||
|
||
There is 386 assembler in HIEW version 5.00 or later, so check all
|
||
jumps carefully because you may get unwanted long jump in 8086 code.
|
||
|
||
WARNING! The same command can be assembled differently depending on
|
||
the assembler you're using.
|
||
|
||
±±±± Basing ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
Base is a constant that will be added to offset and jump addresses.
|
||
If current offset is YY and you need XX, you should type base "*XX" (asterisk
|
||
is required!).
|
||
|
||
±±±± Block operations ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
Block operations are working only in Hex and Decode modes. You can
|
||
mark blocks without switching to Edit mode. Block can be written to file
|
||
using PutBlk(F2). If you want to append the block to the end of file, you
|
||
should type "FFFFFFFF" offset. You can insert the block to the current file
|
||
from another file using GetBlk (CtrlF2). Block will be inserted on the
|
||
current offset.
|
||
|
||
±±±± Video modes ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
HIEW supports video modes up to 132x75.
|
||
|
||
±±±± Status Bar ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
xxx% Filename.ext R xxxxxxxx xxx -------- YYYYYYYº HIEW X.XXa by SEN
|
||
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
ÀÂÄÙ ÀÄÄÄÄÄÄÄÄÄÂÙ ³ ÀÄÄÂÄÄÄÙ ÀÂÙ ÀÄÂÄÄÄÄÙ ÀÄÄÂÄÄÄÙ
|
||
percent ³ ³ current ³ ³ file length in bytes
|
||
indicator ³ ³ offset ³ ³
|
||
(only if BAR=P ³ ³ ³ ³ 1: status of the bookmarks:
|
||
in HIEW.INI) ³ ³ ³ ³ '-' free
|
||
V ³ ³ ÀÄ> '1...8' respective position
|
||
filename ³ ³ is currently used
|
||
³ ³ '*' current
|
||
³ ³ 2: "<Editor>" = Edit mode
|
||
³ ³
|
||
V ³
|
||
status of the file: ÀÄ> 1: Text mode: number of the first
|
||
R - open in Read mode column
|
||
W - open in Write mode 2: Decode mode: measurement of
|
||
U - modified operands and addresses
|
||
|
||
|
||
±±±± Keys ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
All keys are described in HIEW.HLP (press Alt-H). HIEW.HLP may be
|
||
modified. First line of HIEW.HLP must be "[HiewHelp 5.01]". Semicolon ';' is
|
||
a comment prefix character. By pressing Alt-H the respective section (from
|
||
[xxxx] till [yyyy]) will be displayed. HIEW.HLP must be terminated with
|
||
[End].
|
||
|
||
|
||
±±±± Bookmarks ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
Bookmarks is for saving/restoring of the current screen. Press '+' to
|
||
save the state of current screen. You can save eight screens. To restore any
|
||
saved screen, press Alt-1...Alt-8 respectively. There are different bookmarks
|
||
for different modes (Text/ Hex/Decode).
|
||
|
||
±±±± Jumps (call/jmp) in the disassembler mode ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
Now jumps is 100% configurable. Jumps can be specified in HIEW.INI in
|
||
the jumpTable array. This line (C Language) consists of digits and letters.
|
||
First character used to undo jump ('0' in HIEW 4, 'Z' in HIEW 5 day 28).
|
||
After reading from keyboard the character will be converted to the upper case,
|
||
then search in jumpTable will be performed. Default value of jumpTable is
|
||
'1'-'9', then 'A'-'Z'.
|
||
|
||
±±±± Search/replace operations ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
If search string was entered in ASCII field, case-insensitive search
|
||
will be performed. If you want to perform case-sensitive search, move the
|
||
cursor to the HEX field and press Enter.
|
||
|
||
You can search assembler commands (F7).
|
||
|
||
Now search/replace can be restricted to selected block (F4 during
|
||
entering the search/replace string).
|
||
|
||
In the disassembler mode you can use wildcards in assembler commands
|
||
for searching. The wildcard character is '?'. For example, DECODE <F7><F7>
|
||
'mov ax, ?' will look for 'mov ax,1234h", "mov ax,sp", etc.
|
||
|
||
|
||
±±±± Crypt operations (F7/F8 in Edit) ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
Crypt operations are using for crypting/decrypting the code/data. Crypt
|
||
algorithm is very simple. Code/data will be crypted by the bytes/words (to
|
||
change the size ot the unit, press F2). Crypting routine must be terminated
|
||
with "LOOP numberLine" operator.
|
||
|
||
Available commands:
|
||
|
||
Reg mode : neg,mul,div
|
||
Reg-Reg mode: mov,xor,add,sub,rol,ror,xchg
|
||
Reg-Imm mode: mov,xor,add,sub,rol,ror
|
||
Imm mode : loop
|
||
|
||
All 8/16 bit registers are available, except AL/AX that will be filled
|
||
with (de)crypted byte/word.
|
||
|
||
The differences from standart asembler:
|
||
there are no jumps;
|
||
'loop' means 'jmp/stop'
|
||
the operands of 'rol/ror' commands must have the same size, i.e.
|
||
ROL AX,CL not allowed.
|
||
|
||
Example:
|
||
a. XOR byte with 0AAh:
|
||
1. XOR al,0aah
|
||
2. LOOP 1
|
||
|
||
b. XOR word with mask increment
|
||
1. MOV dx,0
|
||
2. XOR ax,dx
|
||
3. ADD dx,1
|
||
4. LOOP 2
|
||
|
||
±±±± INI file ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
INI file must be located in HIEW.EXE home directory.
|
||
First line in HIEW.INI always "[HiewIni 5.03]" !
|
||
Blank line or line, beginners with ';' is ignored.
|
||
|
||
-----8<------ Example HIEW.INI -------8<-------
|
||
|
||
[HiewIni 5.03]
|
||
;
|
||
; Startup
|
||
; ; legal values
|
||
|
||
; startup mode
|
||
;
|
||
StartMode = Text ; Text | Hex | Code
|
||
|
||
; beeper
|
||
Beep = On ; On | Off
|
||
|
||
; percent indicator
|
||
Bar = Left ; Left | Right | Percent
|
||
|
||
; warp/don't warp long lines
|
||
; Auto=Off for textfile, On for binary
|
||
Wrap = Auto ; Auto | On | Off
|
||
|
||
; tabulation
|
||
; Auto=On for textfile, Off for binary
|
||
Tab = Auto ; Auto | On | Off
|
||
|
||
; step for Ctrl-Left, Ctrl-Right in textmode
|
||
StepCtrlRight = 20 ; 1 - 128
|
||
|
||
; Show/Do not show mouse cursor
|
||
DisableMouse = On ; On | Off
|
||
|
||
; see next line :-)
|
||
ActionAfterWriteSavfile = None ; None | ExitF10 | ExitESC
|
||
|
||
; table symbols for branch call/jmp
|
||
JumpTable = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
||
|
||
; Select symbol "linefeed": automatic 0x0a / 0x0d / 0x0d:0x0a
|
||
Linefeed = Auto ; LF | CR | LFCR
|
||
|
||
;
|
||
; Colors
|
||
;
|
||
ColorMain = 0x1B ; main color
|
||
ColorCurrent = 0x71 ; current byte
|
||
ColorMark = 0x5E ; block color
|
||
ColorEdit = 0x1E ; file editing
|
||
ColorEditOut = 0x1D ; non-file editing
|
||
ColorError = 0x4E ; error messages
|
||
ColorMsg = 0x2E ; messages
|
||
ColorTitle = 0x70 ; status bar
|
||
ColorKbNum = 0x07 ; keys
|
||
ColorKb = 0x30 ; key is active
|
||
ColorKbOff = 0x37 ; key is inactive
|
||
ColorBar = 0x02 ; progress indicator
|
||
ColorWin = 0x70 ; input dialog
|
||
ColorWinBold = 0x7F ; - " - selected
|
||
ColorWinInput = 0x3F ; - " - input field
|
||
ColorMenu = 0x30 ; menu frame
|
||
ColorMenuText = 0x31 ; - " - field
|
||
ColorMenuBold = 0x0F ; - " - text
|
||
ColorHelp = 0x20 ; help frame
|
||
ColorHelpText = 0x2E ; - " - field
|
||
ColorHelpBold = 0x0F ; - " - text
|
||
|
||
; ---+--- End of Inifile ---+---
|
||
|
||
--------8<--------8<--------8<--------
|
||
|
||
|
||
±±±± SAV file ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
If executed without any parameters, HIEW will look for SAV file in the
|
||
current directory (you can specify /FS=<savefile> in the command line) and
|
||
restore previously saved (Ctrl-F10) state. If executed with filename, HIEW
|
||
will use SAV file only to restore search/replace data.
|
||
|
||
±±±± History ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|
||
|
||
5.03aa 3/10/95 - OS/2: DosSleep( 1L )
|
||
- Unvisible cursor
|
||
|
||
5.10ee 22/12/95 - fixed bug: invalid jump for Jc 7E/7F
|
||
- fixed bug: invalid opsize, if previons byte is 0x0F
|
||
- save screencopy into file ( PrScr deleted )
|
||
- choise symbol "linefeed" in INI-file
|
||
- for replace write full buffer ( was: 1 byte )
|
||
- for OS/2session get key with KbdCharIn ( was: getch() )
|
||
delete DosSleep( 1 )
|
||
5.11bb 24/01/96 - fixed bug: call/jmp PWORD ptr
|
||
5.13 01/02/96 - fixed bug: marked text on 2-lines
|
||
fixed bug: crash scrolling Up, if upper code is
|
||
24 one-byte command (ex. NOP )
|
||
fixed bug: OS/2: trap on create file
|
||
5.14 09/04/96 - fixed bug: ( from 5.13 ) double prefix 0x66
|
||
- fixed bug: bad assembler with [EBP]
|
||
- for (Pg)Up looking symbol 0x0A
|
||
- added leading zero to all digit in decode
|
||
- pattern find with wildcards as in decode
|
||
5.15 12/05/96 - fixed bug: pattern find truncate line
|
||
5.16 28/05/96 - fixed bug: pattern find not found "mov ax,?"
|
||
|
||
|
||
±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±± = YES = ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±
|