For more advanced Batch scripting topics, please grab a copy of the Batchography book.
Let’s get started! Continue reading
Hiew+ is based on the FsPlus project. FsPlus is an implementation of an idea that allows you to access non disk files as if they were disk files. Hiew+ is a real life example of FsPlus where we take Hiew (an excellent hex editor) and turn it into an excellent process editor. Each process will be viewed as a file with a size as much as SYSTEM_INFO.lpMaximumApplicationAddress returns. In theory FsPlus should work with any hex editor to provide process memory editing, but this release is just Hiew ready.
To use FsPlus, you need to inject FsPlus.dll into Hiew’s process memory so that the APIs are hooked. After APIs are hooked, FsPlus will recognize and treat in a different manner any file name that has the following form: “pid|1234” where 1234 is a given PID. To make the usage even simpler, I provid a small GUI (FsPlusGui) to allow you launch Hiew conveniently.
In fact, Hiew+ can be considered as a nice addition to your reverse engineering tools arsenal (IDA Pro‘s debugger or any other debugger, etc.).
Here’s a screenshot of the FsPlusGui:
You will need to double click on a process to have Hiew or the desired process launched with FsPlus support.
Make sure you specify the settings correctly in FsPlus.ini:
title=Hiew+ (c) lallous <firstname.lastname@example.org>
After you run it successfully, you will be able to start editing processes as if you were editing files. The catch is every process virtual address is now a physical offset in Hiew.
For your convenience we have created additional IMAGE_SECTION_HEADER structures in the PE header of the main process, so that each loaded module is view as a PE section:
In addition to viewing modules as PE sections, you will have an actual representation of all loaded modules just after the end of the PE header:
Do you want to master Batch Files programming? Look no further, the Batchography is the right book for you.
To avoid reading errors and such, any unreadable memory page is filled with “BAD!” pattern.
This is not something added by FsPlus, rather it is a undocumented feature of Hiew32 where you can use Hiew to edit/view logical and physical disk sectors:
This tool has been tested with Windows Vista (32) and Windows XP SP2 and with Hiew 7.29.
Hope you find this tool useful as Hiew itself.
Note: Please don’t contact me if you run into trouble. This tool is no longer supported.
You might also like:
In various programming languages, you might sometimes need to convert numbers to characters. In simple terms, each character you see has a numerical representation. The ASCII table shows the numbers of each character and its corresponding glyph.
Converting numbers to their corresponding characters would be useful to generate a random string for instance. The first step to generating a random string is to generate random numbers between 65 and 90 (upper case ‘A’ to upper case ‘Z’) or between 97 and 122 (lower case ‘a’ to lower case ‘z’).
While the Batch language is pretty primitive, you would be surprised how many things you can do with it. In the Batchography book, I cover various topics that would bring your Batch programming skills to the next level.
Get the book from Amazon:
You have found this blog post because you are wondering if there is a way to express a “switch/case” logic in Batch files.
The short answer is NO, not exactly. However, there are ways to achieve the same in Batch files.
In the Batchography book, I explain in details the “switch/case” construct, but in this blog post I will illustrate this mechanism briefly. For more advanced Batch scripting topics, please grab a copy of the Batchography book.
Get the book from Amazon:
To learn more about how the Hangman is programmed using the Batch scripting language, please refer to Chapter 5 in the Batchography book.
In chapter 4 of the Batchography book, I illustrate 3 methods that you can use to check if your Batch file script is running as an Administrator.
In this blog post, I will share with you the method entitled “Using known commands that fail to run without elevated privileges” from the book.
The idea behind this method is to run commands that are known to fail and return a non-zero error code if they are not executed with administrative privilege.
The Batch script would then check the return code and act accordingly:
@echo off :: :: The Batchography book by Elias Bachaalany :: net session >nul 2>&1 if %errorlevel% neq 0 ( echo Requires administrative privilege. goto :eof ) echo Script starts here...
Look no further, the Batchography is the right book for you.
You might also like: