首页
社区
课程
招聘
[转帖]WinHex 16.8
发表于: 2012-11-30 00:22 4167

[转帖]WinHex 16.8

2012-11-30 00:22
4167

A computer Forensics & Data Recovery Software, Hex Editor & Disk Editor

Written by Cosmin Anton on November 8th, 2011
Unlike text editors, Hex editors are capable to display and manipulate the binary data of any file type. The application is not usually addressed to the average computer users, due to the knowledge required to recover damaged or deleted files by using only control codes and executable code.

All the data displayed uses two-digit numbers based on the hexadecimal system which uses only 16 digits from 0 to 9 and A to F. WinHex enables users to change the value of any bite just by changing these values in hexadecimal mode.

The application supports a wide array of partition types including: FAT12, FAT16, FAT32, exFAT, NTFS, Ext2/3/4, Next3, CDFS and UDF. As a disk editor, WinHex allows you to inspect and recover lost, deleted or corrupt data from almost any kind of media including: hard disks, floppy disks, CD-ROM & DVD drives, ZIP, Smart Media, Compact Flash etc.

The usability of WinHex doesn’t stop here; the application will provide users with a RAM editor that gives instant access to physical RAM and the virtual memory used by your opened processes.

Calculating checksums and hashes is easy using WinHex. The application supports Checksums from 8 bits to 64 bits, CRC16, CRC32, MD5, SHA-1, SHA-256, RipeMD-128, RipeMD-160, MD4 and ed2k hash types.

The interface is well structured and provides users quick access to the most important features with one or two mouse clicks. The Hex panel will display all the info associated with each hexadecimal digit in a simpl and accessible manner.

WinHex can display various character sets including: ANSI ASCII, IBM ASCII, EBCDIC and Unicode. Converting between binary, hex ASCII, Intel Hex and Motorola S is also possible.

The built-in Data interpreter can read various data types including RAID systems and dynamic disks. The application can also automate various file editing procedures using scripts, thus accelerating routine tasks.

In the hands of professionals and computer forensics, WinHex can become a valuable instrument that can help them uncover important evidence and solve difficult cases.

WinHex description


Here are some key features of "WinHex":

Disk cloning, disk imaging:
· to produce exact duplicates of disks/drives, e.g. to save the time for a full installation of the operating system and other software for several computers/disks of the same type, or to be able to restore a running installation in case of data loss/screwed up Windows (restoration of a backup). Also for computer forensics specialists, since they need to work on a copy when searching for evidence on the object disk. You can clone directly, or from an image file. Menu: Tools | Disk Tools | Clone Disk

RAM editor:
· e.g. for debugging purposes (programming), for examining/manipulating any running program and in particular computer games (cheating). Tools | RAM Editor

Analyzing files:
· e.g. to determine the type of data recovered as lost cluster chains by ScanDisk or chkdsk. Examples. Tools | Analyze File

Wiping confidential files or disks:
· ...so no one (not even computer forensics specialists) will be able to retrieve them. To securely erase a file, use File Manager | Delete Irreversibly. For disk wiping, open the disk with the disk editor and use Edit | Fill Disk Sectors. E.g. fill with zero bytes (hexadecimal value 00) or random bytes. WinHex works in accordance with the standard outlined in DoD 5220.22-M (for details, please see this white paper). Also see X-Ways Security.

Wiping unused space and slack space:
· ...either to close security leaks, to securely destroy previously existing classified files that have been deleted in the traditional way only, or to minimize the size of your disk backups (like WinHex backups or Norton Ghost backups), since initialized space can be compressed 99%. On NTFS drives, WinHex will even offer to wipe all currently unused $Mft (Master File Table) file records, as they may still contain names and fragments of files previously stored in them. File slack can be found in the unused end of the last cluster allocated to a file, which usually contains traces of previously existing files. Slack space - like everything else - is processed by WinHex very fast. Also see X-Ways Security.

ASCII - EBCDIC conversion:
· Allows to exchange text between mainframe computers and the PC in both directions. You may even tailor the character translation table in WinHex (ebcdic.dat) for your own needs. Edit | Convert
· Binary, Hex ASCII, Intel Hex, and Motorola S conversion
· z. B. for (E)PROM programmers. Edit | Convert
· Unifying and dividing odd and even bytes/words
· for (E)PROM programmers. File Manager | Unify/Dissect

Conveniently editing data structure:
· using custom templates. Download a tutorial. View | Template Manager

Splitting files that do not fit on a disk:
· File Manager | Split/Concatenate
· WinHex as a reconnaissance and learning tool
Are you sure Microsoft Word really discards previous states of your document? You may be surprised to find text deleted long ago in your .doc files. Maybe text that you really do not wish to be seen by the person you are going to pass the .doc file to? Discover what various software programs save in their files. Study unknown file formats and learn how they work. Investigate e.g. how executable files are structured and how they are loaded in RAM. The possibilities are practically unlimited. Here is another important one:
· Finding interesting values (e.g. the number of lives, ammunition, etc.) in saved game files
· using the Combined Search or using the File Comparison utility, for later manipulation

Manipulating saved game files:
· for any computer game, following existing instructions from cheat sites on the Internet or for developing your own cheats.

Upgrading MP3 jukeboxes and Microsoft Xbox with larger hard drive:
· To upgrade, the new hard disk must be prepared first. This is where you need WinHex. Instructions for Creative's Nomad MP3 jukebox, DAP jukebox and Microsoft Xbox. You can also change the name of your Xbox.

Manipulating text:
· ...that one is not supposed to edit, e.g. in binary files. It is not convenient, but possible to translate practically any software into another language by editing text in the executable files, e.g. if the source code is not available (e.g. lost). Or you would like to edit text in files of a certain binary type that the native application does not let you modify. For instance, programmers may find their compiler automatically creates a configuration file for their project whose filename (application name + .cfg) conflicts with a file their own software uses. If your local laws and the license permit that, edit the compiler's executable file such that it works without problems (e.g. with the filename extension “.cnf”).
· Viewing and manipulating files that usually cannot be edited
· because they are protected by Windows (e.g. the swap file, temporary files of the Internet Explorer), using the disk editor. Tools | Disk Editor

Viewing, editing, and repairing system areas:
· such as the Master Boot Record with its partition table and boot sectors. Tools | Disk Editor | Access button

Hiding data or discovering hidden data:
· ...e.g. behind the supposed end of .jpg files (steganography), or in unused parts of logical drives or physical disks. WinHex specifically supports access to surplus sectors that are not in use by the operating system because they do not add to an entire cluster or cylinder.

Copy & Paste:
· Use copy & paste or copy & write (=overwrite) with files, disks, and RAM. You may freely copy from a disk and write the clipboard contents to a disk, without regard to sector boundaries!

Unlimited Undo:
· When editing, reverse any of your steps. Only restricted by available disk space. Edit | Undo

Jump back and forward:
· WinHex keeps a history of your offset jumps, and lets you go back and forward in the chain, like an Internet browser does. Position | Back/Forward

Scripting:
· Automated file editing using scripts, to accelerate recurring routine tasks or to carry out certain tasks on unattended remote computers. The ability to execute scripts other than the supplied sample scripts is limited to owners of a professional license. Scripts can be run from the Start Center or the command line. While a script is executed, you may press Esc to abort. With its wider range of application, scripting supersedes the Routine feature known from previous WinHex versions. Find out more about scripts in the program help.

API (Application Programming Interface):
· Professional users may also make good use of WinHex' advanced capabilities in their own programs written in Delphi, C/C++, or Visual Basic. The WinHex API provides a convenient interface for random access to files and disks (at the sector level). The provided functions are similar to the scripting commands.

Data recovery:
· for erroneously deleted files or generally after an experienced loss of data. Can be done manually (see undeleting files) or automatically. There is an automatic recovery mode for FAT12, FAT16, FAT32, and NTFS drives called “File Recovery by Name” that simply requires you to specify one or more file masks (like *.gif, John*.doc, etc.). WinHex will do the rest. Via the Access button menu, a recovery mechanism is available for FAT drives which re-creates entire nested directory structures (details here). Another mechanism (“File Recovery by Type”, formerly “file retrieval”) can be used on any file system and recovers all files of a certain type at a time. Supported file types: jpg, png, gif, tif, bmp, dwg, psd, rtf, xml, html, eml, dbx, xls/doc, mdb, wpd, eps/ps, pdf, qdf, pwl, zip, rar, wav, avi, ram, rm, mpg, mpg, mov, asf, mid. In particular owners of digital cameras quite often encounter problems with their media. WinHex is likely to help with this automated function that makes good use of the existence of file headers (characteristic signatures at the beginning of a file). Tools | Disk Tools | File Retrieval

Computer examination/forensics:
· WinHex is an invaluable tool in the hands of computer investigative specialists in private enterprise and law enforcement.

Trusted download (a security issue):
· When transferring unclassified material from a classified hard disk drive to unclassified media, you need to be certain that a copied file will have no extraneous information in any cluster or sector “overhang” spuriously copied along with the actual file, since this slack space may still contain classified data from a time when it was allocated to a different file. The command Tools | Specialist Tools | Copy exactly copies the file in its current size, no entire sectors or clusters. Not one byte beyond the end of the file will be copied to the destination disk. Minimize your IT risks. Requires a specialist license.

128-bit encryption:
· to make files unreadable by others. Edit | Convert

Checksum/digest calculation:
· to make sure a file is not corrupt and was not manipulated, or to identify common known files. Tools | Calculate Hash.

Generating pseudo-random data:
· for various (e.g. scientific simulation) purposes. Edit | Fill File

Limitations:

· Doesn't save files larger than 200 KB
· Doesn't write disk sectors, edit virtual memory
· Evaluation version reminders

http://www.softpedia.com/dyn-postdownload.php?p=6909&t=0&i=1


[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

上传的附件:
收藏
免费 1
支持
分享
最新回复 (16)
雪    币: 370
活跃值: (15)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
2
can be down, but no lic
2012-11-30 00:55
0
雪    币: 98745
活跃值: (201039)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
3
Wait...
上传的附件:
2012-11-30 01:08
0
雪    币: 98745
活跃值: (201039)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
4
X-Ways Forensics 16.8
http://www.x-ways.net/winhex/forum/messages/1/3908.html?1354171530

v16.8 was just released.

Additional changes since Beta 5:

* Interpretation of file allocation table entries in exFAT file systems in the Info Pane. Brackets indicate that the displayed information is not actually retrieved from the file allocation table (but from other sources) and that the entry where the cursor is located is actually unused.

* File header signature search: Rough file size detection for .olk14MsgSource e-mail message files.

上传的附件:
2012-11-30 01:11
0
雪    币: 208
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
Keymaker-ZWT的注册文件都不行。前几个版本就不行了。
打开软件测试软件的更个功能,很容易异常退出,或者变成非注册版。
包括反馈打开模板文件都会有这样现象。
原来15.x版本,keygen-fff的破解相对好点,不知道新版本有没有fff的破解了。
2012-11-30 12:26
0
雪    币: 202
活跃值: (1255)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
thank for sharing,it is a very usefully  tools!
2012-11-30 12:34
0
雪    币: 98745
活跃值: (201039)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
7
X-Ways.WinHex.v16.8.Incl.Keymaker-ZWT

http://rghost.net/private/42064126/4dbc0d4a6cac266ca730c5622a52bc91

上传的附件:
2012-12-10 03:57
0
雪    币: 213
活跃值: (15)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
[QUOTE=linhanshi;1124353]X-Ways.WinHex.v16.8.Incl.Keymaker-ZWT

http://rghost.net/private/42064126/4dbc0d4a6cac266ca730c5622a52bc91

[/QUOTE]

thank you。。。。。
2012-12-12 12:28
0
雪    币: 1478
活跃值: (4012)
能力值: ( LV3,RANK:30 )
在线值:
发帖
回帖
粉丝
9
X-Ways.WinHex.v16.8.Incl.Keymaker-ZWT

http://www60.zippyshare.com/v/48286674/file.html
2012-12-12 15:59
0
雪    币: 8719
活跃值: (2085)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
没有解压密码,麻烦提供一下,谢谢
2012-12-12 16:34
0
雪    币: 8719
活跃值: (2085)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
11
[QUOTE=linhanshi;1124353]X-Ways.WinHex.v16.8.Incl.Keymaker-ZWT

http://rghost.net/private/42064126/4dbc0d4a6cac266ca730c5622a52bc91

[/QUOTE]

可否本要备份一份,谢谢!地址打不开。
2012-12-13 09:13
0
雪    币: 112
活跃值: (1536)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
12
不会呀,我联通的都能打开,速度还不错呢。
2012-12-14 14:52
0
雪    币: 2902
活跃值: (1082)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
13
[QUOTE=linhanshi;1124353]X-Ways.WinHex.v16.8.Incl.Keymaker-ZWT

http://rghost.net/private/42064126/4dbc0d4a6cac266ca730c5622a52bc91

[/QUOTE]

林版的链接有效,不带密码,只是要翻墙,本地一份。
上传的附件:
2012-12-16 11:18
0
雪    币: 370
活跃值: (15)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
14
谢谢楼上,谢谢林版
2012-12-16 12:44
0
雪    币: 4
活跃值: (12)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
15
下载了   先谢谢
2012-12-18 16:23
0
雪    币: 112
活跃值: (1536)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
16
WinHex 的 v16.6 和 v16.8 目前都没发现有退出现象,好用!呵呵~
2012-12-19 00:30
0
雪    币: 94
活跃值: (23)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
17
下载了   先谢谢
2012-12-21 23:14
0
游客
登录 | 注册 方可回帖
返回
//