Suggestion for HxD:User templates for data inspector

Wishlists for new functionality and features.
dukk
Posts: 2
Joined: 24 Feb 2021 14:39

Re: Suggestion for HxD:User templates for data inspector

Post by dukk »

no questions yet.

You clarify all.

(sorry ALL for my possible bad english)
JakeTheDog
Posts: 2
Joined: 15 Feb 2021 10:16

Re: Suggestion for HxD:User templates for data inspector

Post by JakeTheDog »

Woah, that looks awesome you really put a lot of thought into the design.
Eagerly waiting for the release :D
Maël
Site Admin
Posts: 1404
Joined: 12 Mar 2005 14:15

Re: Suggestion for HxD:User templates for data inspector

Post by Maël »

Add option to specify memory layout of arrays:
https://en.wikipedia.org/wiki/Row-_and_ ... ajor_order
Maël
Site Admin
Posts: 1404
Joined: 12 Mar 2005 14:15

Re: Suggestion for HxD:User templates for data inspector

Post by Maël »

Support ROM images (SNES, N64, Amiga, etc.) with lookup tables for sprites, text tables, levels, etc.

Possibly, but not for an 1.0 release, with the ability to resize data structures, while keeping length and size fields up to date, and adapting memory allocation inside the file accordingly.
A simpler version of this would target PNG files or RIFF/WAVE files, that allow for easier resizing/memory allocation, while still needing a couple length and offset fields updated to stay valid.

From a high level view, resizing structured files is adding a kind of linker capability, since you need to section the file into parts, update offsets, possibly consider alignment issues, and memory allocation/section sizes, but also need to add constraints (that express logical dependencies between fields/parts of the file), such that the file remains valid. This includes updating indeces/lookup tables, length fields, range or size constraints but also checksums.

Editing resource sections in PE files is the "light" version of this, editing anything inside a PE file is the more complete/complex version, since program code might be dependent on this as well. Without additional "debugging" or "compiler/linking" information this might be difficult, since pointers in assembly code might need to be updated as well (and disassembling in general is not feasible without human assistance). In PE files there is a notion of relocations, but they can be stripped, or not available for other file types, like ROMs.

So it might be that files can be partially edited, with some sections remaining read-only (and just be moveable as entire sections, but besides changing the starting offset, remain unchanged), while others can be edited in fine grained detail, like resource sections (that were designed to be edited, independent of other parts of a PE file -- besides indices close to the PE header).
Maël
Site Admin
Posts: 1404
Joined: 12 Mar 2005 14:15

Re: Suggestion for HxD:User templates for data inspector

Post by Maël »

Use case example submitted by Denis Collis:
Simple example. Say I have C defs...

Code: Select all

typedef enum
{
  DEV_UART = 0,
  DEV_MODEM = 1,
  DEV_NFC = 2,
  DEV_BLE = 3,
}

typedef struct
{
  uint32_t serial;
  devtype_e devtype;
  char desc[28];
} prod_t;
If I then click on the first byte of the struct in the file, then the Data Inspector shows something like:

Code: Select all

|  prod_t   | serial:1020304,  devtype:'DEV_MODEM', desc:"Telit LE910"   |
And a feature request:
...maybe have capability of reading a .h header file/s with custom definitions?
MarcosG
Posts: 1
Joined: 18 Jan 2022 23:11

Suggestion for HxD: Blocks Tagging

Post by MarcosG »

I think it would be very useful to have the possibility of labeling sectors of the binary with different colors and a text that identifies each one. I think it is a very necessary option for binary analysis.

The idea is basically to be able to select blocks and put a color label on them with a simple text that identifies that block. It would be nice to be able to select the background color and the font color. And of course, being able to save these labels in a file parallel to the one analyzed.

And in the right panel there could be a list with all the tags and quick access by clicking on them.

Something like this:
8f1oP[1].png
8f1oP[1].png (214.24 KiB) Viewed 2310 times
Image taken from Google.

I would love to see this option in new versions. I really think it's very useful and I didn't find a tool with the convenience of HxD and a labeling option.

I greatly appreciate the work you are doing and I congratulate you on the position you have achieved.

Greetings!
Maël
Site Admin
Posts: 1404
Joined: 12 Mar 2005 14:15

Re: Suggestion for HxD:User templates for data inspector

Post by Maël »

The screenshot in the post above comes from the software at synalysis.net, which has a Windows version at hexinator.com/benefits.

A higher resolution screenshot from this software that shows more detail:
Parsing-results-explained[1].png
Parsing-results-explained[1].png (71.85 KiB) Viewed 2290 times

It uses "grammars" defined in XML which is quite verbose, and not easy to read or edit manually, for example for BMPs:

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<ufwb version="1.23.4">
    <grammar name="Windows Bitmaps" start="id:2" author="Andreas Pehnack" fileextension="bmp" uti="com.microsoft.bmp">
        <description>Grammar for the Windows Bitmap file format</description>
        <structure name="Defaults" id="3" encoding="ISO_8859-1:1987" endian="little" signed="no"/>
        <structure name="Bitmap File" id="2" extends="id:3">
            <structref name="Header" id="6" fillcolor="00F900" structure="id:5"/>
            <structref name="BITMAPINFOHEADER" id="8" fillcolor="FF9200" structure="id:7"/>
            <structref name="ColorPallete" id="33" structure="id:28"/>
        </structure>
        <structure name="Header" id="5" extends="id:3">
            <number name="bfType" mustmatch="yes" id="10" type="integer" length="2" endian="big" display="hex">
                <fixedvalues>
                    <fixedvalue value="0x424D"/>
                </fixedvalues>
            </number>
            <number name="bfSize" id="11" type="integer" length="4"/>
            <number name="bfReserved" id="12" type="integer" length="4">
                <fixedvalues>
                    <fixedvalue value="0"/>
                </fixedvalues>
            </number>
            <offset name="bfOffBits" id="14" length="4" references="id:13" follownullreference="yes"/>
        </structure>
        <structure name="Info" id="7" length="this.biSize" extends="id:3" fillcolor="929292">
            <number name="biSize" id="16" fillcolor="FF2600" type="integer" length="4">
                <fixedvalues>
                    <fixedvalue value="40"/>
                    <fixedvalue name="&lt;unnamed&gt;" value="108"/>
                </fixedvalues>
            </number>
            <number name="biWidth" id="17" fillcolor="FEFB00" type="integer" length="4"/>
            <number name="biHeight" id="18" fillcolor="FEFB00" type="integer" length="4" signed="yes"/>
            <number name="biPlanes" id="19" fillcolor="797979" type="integer" length="2">
                <fixedvalues>
                    <fixedvalue value="1"/>
                </fixedvalues>
            </number>
            <number name="biBitCount" id="20" fillcolor="FF89D8" type="integer" length="2"/>
            <number name="biCompression" id="21" fillcolor="72FA78" type="integer" length="4"/>
            <number name="biSizeImage" id="22" fillcolor="FFD478" type="integer" length="4"/>
            <number name="biXPelsPerMeter" id="23" type="integer" length="4"/>
            <number name="biYPelsPerMeter" id="24" fillcolor="C0C0C0" type="integer" length="4"/>
            <number name="biClrUsed" id="25" fillcolor="73FDFF" type="integer" length="4"/>
            <number name="biClrImportant" id="26" fillcolor="7980FF" type="integer" length="4"/>
        </structure>
        <structure name="ColorPallete" id="28" extends="id:3" encoding="ISO_8859-1:1987" endian="little" signed="no">
            <binary name="RBGPallet" id="29" fillcolor="D783FF" repeatmin="0" repeatmax="biClrUsed" length="32" lengthunit="bit"/>
        </structure>
        <structure name="ImageData" id="13" extends="id:3">
            <binary name="ImageData" id="31" fillcolor="D5D5D5" length="remaining"/>
        </structure>
    </grammar>
</ufwb>
Post Reply