I really like this area of computer culture. RE, writing kernel modules, figuring out how stuff works and making stuff do what it was not designed to do aspects. However, legal avenues to do so are far in between and it requires a huge amount of time and help from peers.
It is hard to find the link for Windows download, most people (especially us dumb Windows users) want to find a link and download, not scroll a bunch then go to another page then scroll some more and make a decision about which one of 20 links they need. It is not that hard, especially for most people on HN but it does add friction to people trying your software. This is a very common thing with other projects so not just picking on this one.
Finally, when it does load on my Windows machine (using MSI installer and after convincing Microsoft that it is safe to run and bypassing their warning) it loads up super tiny on my 4k laptop screen and is unusable. I suppose I could mess about with the compatibility and scaling settings but I kind of lost interest after all of the above.
I tell you all this because obviously a lot of work went into this tool and from the screenshots it looks beautiful and useful, but is let down by the process involved to get it to run, at least on my machine.
For now, I will keep running HxD.
Maybe create an issue saying as much?
Why would I do that unless I have a strong reason to use it rather than just move on with my day? A link is posted on HN for some cool software, it is already annoying to install it due to Microsoft complaining about it, then when I first run it, it opens up a tiny window an is asking if it can upload information. I don't expect to spend time figuring out its issues. I can't be the only one using a 4K display on Windows.
> Why would I do that unless I have a strong reason to use it rather than just
> move on with my day? A link is posted on HN for some cool software, it is
> already annoying to install it due to Microsoft complaining about it, then
> when I first run it, it opens up a tiny window an is asking if it can upload
> information. I don't expect to spend time figuring out its issues. I can't be
> the only one using a 4K display on Windows.
Spoken as a true reverse engineer, you should ask for a refund.Really weird criticism. If you're confused about how GitHub works, you might follow the link to their website[0] (when you click on "Release" in the readme) and then scroll down to find a "Download for Windows" button.
At least on desktop, there's also a link to the main site in the About section of the repo. This might actually be a better link for the HN submission, as I bet there's a non-zero intersection of hex editor users and people who completely do not understand Git whatsoever (assuming they've even heard of it).
Maybe they've updated it, but I found a Windows MSI link about halfway down the front page.
You can also use it on the web, no need to download it: https://web.imhex.werwolv.net/
I tried ImHex…found it way too complex for most of what I wanted to do. I’m still a huge fan of Hex Fiend on macOS - simple, fast, does what I want. I still haven’t found the perfect “simple” hex editor on Windows.
Have you tried Hiew?
No, hadn’t heard about it. Seems interesting, sort of “vim for hex” like. I might give it a spin.
Interesting, I find HxD on Windows to be the absolute peak of hex editors with no real parallels on macOS or Linux. Which is a shame because I never use Windows.
Hex Fiend for instance is my hex editor on macOS, but why does it insist on reflowing the lines when I expand the window? I might just want to work with it maximized to avoid visual distractions, but I still only want lines to be 16 or 32 bytes long, and definitely not some weird size that will make things not line up.
+1 for HexFiend. Their template format is straightforward to extend. I’ve used it to analyze many different file formats.
I also tried ImHex briefly. I have a ton of respect for the project, but found for my needs it was like using a cannon to kill a housefly.
ImHex requires a GPU with OpenGL 3.0 support in general.
Why does a hex editor require OpenGL? (and therefore a GPU?)
Is there a good reason why it needs OpenGL or is it just for l33t-ness?
The UI is built using Imgui (hence the Im prefix) which is a Ui framework for computer graphics programs.
Though, a couple nits:
1. An OpenGL requirement doesn’t necessitate a GPU. There are software implementations of OpenGL but they tend to be rather mediocre at best for performance.
2. Many platforms now assume some kind of GPU. It’s fairly rare to need a GUI tool without also having a GPU available. Of course there are niches for it, but those aren’t also likely to be running a hex editor and tooling locally.
'GPU' doesn't mean discrete, power-hungry graphics card either (not that you said it did).
OpenGL calls for basic desktop rendering can be reliably handled by the integrated graphics in the CPU. In which case OpenGL can almost be viewed as a parallel instruction set / DSL.
Why does a hex editor require ... a GPU?
Any editor, to be fluid and quick at today's screen resolution, needs hardware rendering. The days of drawing things pixelwise, especially any complex formatting, are noticeably slow.
See this [1] for example
[1] https://www.sublimetext.com/blog/articles/hardware-accelerat...
they probably just picked the opengl renderer for imgui
ImHex has so far been the best hex editor I’ve used for a few reasons. Some of these exist in other editors but rarely all together.
1. File templates mean that it auto highlights sections of known file types.
2. It shows how selected bytes may be interpreted as pretty much every common data type that I would want and does so simultaneously.
3. It’s significantly faster than other editors for me when I use large files
On the downside, the imgui ui gets buggy sometimes but it’s replaced my use of other viewers like HexFiend, hexa etc…
Well, 010 Editor also checks all three. So:
4. Unlike 010 Editor, it does not take you $150 and is FOSS so you can easily patch it to do whatever you need.
After briefly having used both, the main difference besides layout and aesthetics, is that 010 has a bigger repo of premade templates.
https://github.com/WerWolv/ImHex
Oooh that looks slick, thanks for the tip!
Uh that is literally the link that is posted, that this thread is about.
This seems interesting and is coincidentally exactly what I need right now. My trusty file, strings, hexdump and xxd all failed me. I was going to use ghidra, but it's quite the beast and I haven't had any time to learn it yet. Gonna give this a try tonight.
What do you need Ghidra for?
Ghidra is, for the most part, not a hex editor. It’s meant for reverse engineering - mainly decompilation, but it’s useful for patching as well. The debugger is new and takes some getting used to (I’m still using GDB + Ghidra), but the disassembler and decompiler are top-notch.
It’s also useful for defining data structures and carving them up, which (for me) is the role now filled by ImHex.
If HexFiend/xxd are at one end of the spectrum, ghidra at the other, I imagine ImHex and tools like Kaitai are in the middle
Hex Fiend does data structures and file formats now too, using parsers written in TCL. I’d probably rate Hex Fiend as being in the middle too, especially if you’re going to put xxd at the low end :)
Personally, for file format parsing I like to use Hachoir (specifically Hachoir-wx for GUI file structure browsing), which is a somewhat obscure bit of software that I’ve made some contributions to.
Username checks out
Great project, shame the author did not google the username.
Why's that?
Google it.
Ah. Yeah, perhaps, but that was a normal, common word that the bad guys used because it sounded scary, but which still has its original meaning. It's not a word I'd primarily associate with those particular bad guys.
Does this editor have a way to display the ASCII bytes in CP437 glyphs? I grew up reading binary files in DOS that way and I can read the glyphs much faster than the corresponding hex values; in contrast, using dots for the non-printable characters doesn't really tell me much.
You can download additional assets in the settings and then interpret data as encoded in various formats. I don't see CP437 in the list but the file format for encodings is straightforward, you can probably create a mapping easily.
https://github.com/WerWolv/ImHex-Patterns/tree/master/encodi...
The problem with CP437 is that FF, 00, and 20 are all empty space and look the same. Then there's the question about that ambiguous character that's either German Sharp S or Beta.
This is an absolutely great project. I had a lot of fun tinkering with the ROM of my Philips smart clock.
It has a built-in DSL that looks like Rust (without memory management, though – so it's very lightweight), and with that, it's possible to visualize and extract structural data from binary streams. That's really fun and cool.
It also has a visual editor to make simple calculations with no code. It didn't feel polished at the time I tried it. Strangely, writing code in DSL was more intuitive and easier for me.
Cool, a bit like Wireshark protocol dissectors then?
There's, unfortunately, a million similar implementations for this basic concept. 010 Binary Templates, Hex Workshop structures, Okteta structures, Kaitai Struct Definitions. Heck, I made my own Go struct tag DSL that does this, before I realized just how many times it had already been done before.
The thing that's complicated of course, is that while it is a good idea and the basic idea is incredibly similar across implementations, there are just enough different concerns to make it hard to have one universal standard that can cover all of the use cases. It's hard enough to have a single parsing framework that handles both text parsing and binary format parsing well, but you also would need to consider the ability to incrementally parse/stream, read/write support, support arbitrary transformations, some formats need pointers, offsets, indices, and of course to what degree such a descriptor should be declarative versus imperative (declarative is better, but it gets increasingly hard to capture all details entirely in a purely declarative manner.)
Looks good! I usually stick to 010 Editor for it's wildcard search, but ImHex does that and more, I'm sold. Will be testing it out a bit more
what're the odds of two dead 0x users showing up at the same time in a thread previously without comments. gave me a chuckle
a thread about a hex editor? kinda high
people who value their retinas when working at 3 AM.
You just need a well lit room to use light mode.
Agreed, and also turn down your monitor brightness if needed so the light background matches a piece of paper on your desk.
No one complains that reading something on paper burns out your retinas. A light mode shouldn't either.
I always assumed that ImHex only supported dark mode, but it turns out that it does support light mode too!
I will stick to 010 Editor for now[1], it's the most amazing hex editor I've tried in my life. I'm not fond at all of the GUI framework (Dear ImGui) that this new projects uses. It's meant for embedded systems with tiny screens and no window manager, not full-fledged desktop environments where the small elements and the complete lack of UI integration makes for a very awkward experience.
This looks pretty neat. Would it be a good idea to develop a hex editor as a project? It doesn't look too hard for a simple one, but if one wants there is a lot of room for practice, like parsing all fileformats, from executionable image to doom wads too some proprietary file format, and I'm there is a lot room for tools that help RE too.
I will just stick with 010 Hex editor for now. Still I will keep an eye on this.
Gave me a flashback to my middle school days when I used a hex editor to modify my saved game files.
Not to be confused with the Reverse Engineer's Hex Editor, rehex
I still use HXD for most cases, but whenever I need to work with encoded text, I use a fork of MadEdit instead. MadEdit has no problem with multibyte characters, whether it's UTF-8, UTF-16, or Shift-JIS.
are there illegal schools teaching kernel module writing?
Yes. A silly example I encountered just yesterday, looking for usermodehelper invocation examples: https://gist.github.com/muratdemirtas/31b46c459c9c2e285ed71b...
Commenter asks:
i don't see how that's illegal - it's only a crime if you install it on somebody's computer to steal their information. knives aren't illegal.
Yes, it's not literally illegal, otherwise Microsoft would be in even more trouble. I just thought it was amusing.
(but also, carrying sensibly sized knife is illegal where I live)
I reverse engineer things for a living and I have many peers worldwide who do the same. My main field of work is malware analysis.
For recreation, in my country it's explicitly legal to reverse engineer things you own, with a purpose of making it work on your system (think: fixing a windows XP game so it works on windows 10). This is a very broad loophole, and let's you reverse engineer things in most cases when they "feel" like they should be legal.
Reversing for the purpose of integrations is commonly also legal.
This applies to the entire EEA, fortunately!
Just don't publish it, and you can kinda do whatever. Remember, just because you build or learn something doesn't mean you have to broadcast it. Edification can be its own reward.
You don't need a project to be "legal" to have some fun :)
Publish under a pseudonym with no links to your real identity, use dedicated communities that disregard DMCA takedowns. As long as you don't want to earn money this way, the worst that will happen is that your target notices your work and deploys vmprotect on their releases.
File formats are great fun to RE. I worked at a place that used a proprietary business management app. One day I was bored and started looking at its data files with a hex editor and saw some patterns like the titles of records in the app were spaced at exact multiples of X bytes apart on the data file. Oh! Fixed width records! Huh, look at that: right after the title, the next two bytes look like the hex value of the record number show in the app. Guess that's how it stores those! If I click this checkbox, this one byte changes from 0x00 to 0x01. Hey there! After enough experimentation I had the whole thing mapped to structs in code and was able to build reports that the original app couldn't support.
There wasn't anything illegal about that. I'm sure the vendor would've preferred we pay them to make reports for us but nothing legally prevented it.
If you've never done at least a tiny bit of "illegal" RE, are you even a true hacker? ;)