Hiew+ – Editing process memory with Hiew hex editor

What’s is Hiew+

Hiew+ is based on the FsPlus project. FsPlus is an implementation of an idea that allows you to access non disk files as if they were disk files. Hiew+ is a real life example of FsPlus where we take Hiew (an excellent hex editor) and turn it into an excellent process editor. Each process will be viewed as a file with a size as much as SYSTEM_INFO.lpMaximumApplicationAddress returns. In theory FsPlus should work with any hex editor to provide process memory editing, but this release is just Hiew ready.

Hiew+ editing the process memory of a process being debugged by IDA Pro

Usage

To use FsPlus, you need to inject FsPlus.dll into Hiew’s process memory so that the APIs are hooked. After APIs are hooked, FsPlus will recognize and treat in a different manner any file name that has the following form: “pid|1234” where 1234 is a given PID. To make the usage even simpler, I provid a small GUI (FsPlusGui) to allow you launch Hiew conveniently.

In fact, Hiew+ can be considered as a nice addition to your reverse engineering tools arsenal (IDA Pro‘s debugger or any other debugger, etc.).

Here’s a screenshot of the FsPlusGui:

You will need to double click on a process to have Hiew or the desired process launched with FsPlus support.
Make sure you specify the settings correctly in FsPlus.ini:

[settings]
title=Hiew+ (c) lallous <lallousz-x86@yahoo.com>
hookdll=.\fsPlus.dll
launch=c:\hiew\hiew32.exe

Features

After you run it successfully, you will be able to start editing processes as if you were editing files. The catch is every process virtual address is now a physical offset in Hiew.

Modules as IMAGE_SECTION_HEADERs

For your convenience we have created additional IMAGE_SECTION_HEADER structures in the PE header of the main process, so that each loaded module is view as a PE section:

Textual information about process’ modules

In addition to viewing modules as PE sections, you will have an actual representation of all loaded modules just after the end of the PE header:

flower separator
batchography-good-resDo you want to master Batch Files programming? Look no further, the Batchography is the right book for you.

Available in print or e-book editions from Amazon.
flower separator

No Read Errors

To avoid reading errors and such, any unreadable memory page is filled with “BAD!” pattern.

Physical and Logical disk editing

This is not something added by FsPlus, rather it is a undocumented feature of Hiew32 where you can use Hiew to edit/view logical and physical disk sectors:

Conclusion

Download – Release date: late 2008

This tool has been tested with Windows Vista (32) and Windows XP SP2 and with Hiew 7.29.
Hope you find this tool useful as Hiew itself.
Note: Please don’t contact me if you run into trouble. This tool is no longer supported.

You might also like:

A visit to the Saint Charbel Monastery in Annaya, Lebanon

Charbel Makhlouf, also known as Saint Charbel in Annaya Lebanon is very famous amongst Maronite and Catholic Christians. Charbel is famous for his numerous miracles such as healing partial paralysis or eradicating cancer from patients.
It is customary for me and my family to visit Saint Charbel’s monastery once a year at least. In this blog post, I share with you some of the photos I took.


You might also like:

Take aways from the Defensive Driving Course

Recently, I took the 6 session defensive driving course. The following are some of the notes I extracted from the course that I would like to share with my you:

There were lots of information in the course, I highly recommend taking it! You can download the notes as a single PDF file from here:

(The PDF was created using the free Pic2Pdf tool)

The defensive driving formula


Continue reading “Take aways from the Defensive Driving Course”

The difference between hell and heaven is a mindset

the sacrifice of one An old teaching tale goes like this: A young man wanted to know the difference between Heaven and Hell.

The sage led him to two rooms with observation portals, one labeled Heaven and one Hell.

Looking in at Hell he saw a banquet table filled with luscious food but the people at the table were emaciated and distressed. Their spoons had long handles to reach the food, but the handles were too long to bring the food to their mouths.

Then he looked in on Heaven. Same table full of luscious food. Same long spoons. But the people were healthy and happy and using their long-handled spoons to feed one another.

You might also like:

Funny male sexuality quotes from a shirt I found

  • God gave men both a penis and a brain, but unfortunately not enough blood supply to run both at the same time.
  • Sex is hereditary. If your parents never had it, chances are you won’t either.
  • What matters is not the length of the wand, but the magic in the stick.
  • A verbal outburst during the male orgasm is called “sperm wail”
  • It’s not how deep you fish, it’s how you wiggle your worm.
  • Sex is not the answer. Sex is the question. “Yes” is the answer.
  • Wanna hear a joke about my penis? Never mind, it’s too long.

 


You might also like:

How many slaves work for you?

When researching minimalism and reading the Affluenza book, I came across the “Slavery Footprint” website (http://slaveryfootprint.org)

how many slaves work for you?
On this website, you take a survey:


…and then at the end you get the result:

This is not my real result. This is an example.


You might also like:

The 2017 World Predictions – Between reality and illusion, between today and tomorrow

Last year, out of curiosity, I decided to translate the predictions of Michel Hayek for the year of 2016. The article proved to be popular so I decided to do a preliminary translation of the 2017 predictions.

Disclaimer:

  1. I am not a professional translator and I do this as a hobby.
  2. I do not claim the accuracy of the translation below.
  3. I did not translate everything. I skipped many things including predictions of events that are very local to the Arab region and Lebanon.
  4. Please watch the original video with the help of an interpreter if you want to know about all of his predictions.

As Michel Hayek said in his interview, the title of his predictions for the year of 2017 is:

Between reality and illusion, between today and tomorrow

Let’s get started!

More predictions: