HIEW Hex editor tutorials series , part 2 – the basics.

Wed 24 May 2017 in Reversing

#Reversing

Round up of the basic HIEW commands used:

Command	Action
Change the color scheme	edit hiew8.ini the last section "Colors", set ColorMain = 0x07 to have the black background.
ESC	To exit any window/mode without saving the changes.
F1	Context-sensitive help.
F3	Enter the Edit mode.
ENTER	In the read mode, switch between Hex/Decode/Text modes.
F7	Open a search window
Ctrl + Enter	continue searching.
Alt + F1	Change location addressing mode.
F9	Save the changes.
F6	In Decode/Disassembled mode, find cross-references.
*	In Read mode, select block(s) of bytes.
F8	Show the file header.
F8 -> F6 ->F3	In Hex/Decode modes, show then edit file header sections.
Alt + F6	Show all strings in a file.
+/-	See above, increase/decrease minimal string lentgh.
F5	Go to offset.
Alt + F7	Change the search direction.

Sample "serial1.exe" program used in the tutorial:
Compiled binary "serial1.exe": https://blog-assets-public-all.s3.amazonaws.com/serial1.exe
NOTE: Today almost all OS will flag any executable you download as "malicious/harmful" etc. (and good they do so), so be warned. The virustotal rating of the file is quite good, just 7 detections of 72 :) https://www.virustotal.com/gui/file/b38128c26bc792989b23d70684498ea2612639c11047e2cd6c3a1114a9ad1e92/detection

Its SHA256 hash (use PowerShell command Get-FileHash "serial1.exe") to verify:B38128C26BC792989B23D70684498EA2612639C11047E2CD6C3A1114A9AD1E92

The source code (compiled in Microsoft Viual Studio 2015):

#include "stdafx.h"
#include <stdio.h>
#include <string.h>
// this example and all the following will be posted on my site https://yurisk.info

int main()
{
        char serial_input[6] = "";
        char serial_correct[6] = "23845";
        int result = 0;
                printf("Please enter the serial of 5 numbers:");
        fgets(serial_input, 6, stdin);
        result = strncmp(serial_input, serial_correct, 5);
                if (result != 0) 
        {
                printf("Wrong serial!, quitting ..\n");
                return 1;
        }
        else { printf("Great, you have the correct serial !\n"); }
    return 0;
}

See also other posts in the series:
Part 1
Part 3
Part 4
Part 5
Part 6

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.