Hey guys,
I want to implement a hex editor in my program and want to program it myself. I know there are many others out there, and they are all very good, but this is one feature id like to add custom made :grin: . So how exactly could i use it to open an exe for editing? I dont want to do it like Hutch did (with the rich edit control) but would all the data to be lined up and be able to refresh it on user's request. Any help is appreciated. If anyone knows of an open source MASM hex editor please let me know because i would like to get it done asap..

Thx,
RIF
Posted on 2003-02-10 20:15:58 by resistance_is_futile
anyone?
Posted on 2003-02-10 21:09:55 by resistance_is_futile
There is nothing special on open a file in "hex mode" like you call it. Open it with CreateFile, read it in chunks and display the hex values of each byte.
Posted on 2003-02-11 01:56:13 by bazik
So invoke CreateFile, etc, etc
invoke ReadFile, etc, etc.
Then just display it in some kind of Listbox??

Do I need to allocate memory or anything? Also how do I know when/where to start reading and when to stop? Will it automatically display in hex?
Posted on 2003-02-12 17:33:40 by resistance_is_futile
Do I need to allocate memory or anything?

Yes, you always have to allocate memory when you want to use it. Its as simple as "buffer db 1000h dup(?)"

Also how do I know when/where to start reading and when to stop?

When you first call ReadFile you are at the start of the file, when ReadFile returns 0 in its 4th parameter then your at the end of the file. ReadFile updates the file pointer on each call to it, but if you want to change it to something else use SetFilePointer.

Will it automatically display in hex?

If the information in a file is in any kind of format then that format is binary. If you want to represent this information with ASCII characters 0-9 and A-F then of course you?re going to have to convert that raw information to the appropriate ASCII characters.

Then just display it in some kind of Listbox??

I don't know anything about making a hex editor, but If I had to choose a windows control to act as one I would go with an edit control before a listbox. IMO a good hex editor should have a control designed specifically for that purpose, instead of relying on a standard windows control.
Posted on 2003-02-12 17:59:51 by BubbaFate
okay thx for the info.

characters 0-9 and A-F then of course you?re going to have to convert that raw information to the appropriate ASCII characters.

So wsprintf would work to convert this?
Posted on 2003-02-12 18:58:15 by resistance_is_futile
hmmtried something real quick but didnt work :S. any help is much appreciated. Sorry if there are any stupid mistakes :S.



.data
filename db 'C:\Program Files\AIM95\aim.exe',0
hFile dd 0
bytesread dd 0
format db '%X',0

.data?
pMem db 1000h dup (?)
output db 1000h dup (?)
hInstance dd ?
CommandLine dd ?
hWnd dd ?

invoke CreateFile,addr filename,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,0,OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, 0
mov hFile,eax
INVOKE ReadFile, hFile,addr pMem,sizeof pMem, addr bytesread, NULL
invoke wsprintf,addr output,addr format,addr pMem
invoke SetDlgItemText,hWin,IDC_EDT1,addr output


This code puts out this number: 403088. Like every single time lol. Before that it was like PZ| but i added the wsprintf api to it.
Posted on 2003-02-12 19:25:08 by resistance_is_futile
403088 is the address of the variable pMem in memory, hence your third argument 'addr pMem' If you want to use wsprintf to do the conversion then you are going to have to load 1 byte of the file into a register or variable and pass that to wsprintf. The reason you can not pass pMem to wsprintf directly is because wsprintf only provides the capability to convert 4 bytes at a time to hexadecimal, while you are wanting to convert 1 byte at a time.

BTW, wspintf will probably prove to be slow, because you are going to have to convert the information in the file to a hexadecimal string byte by byte. It would certainly be beneficial to come up with a quick asm routine to do the conversion.
Posted on 2003-02-12 20:14:36 by BubbaFate
okay well i have a asm example for converting ascii to hex (asm routine) but I have no idea on converting binary to hex. instead of passing addr pMem, could i just do pMem without the addr part?
Posted on 2003-02-12 20:23:41 by resistance_is_futile
if you pass pMem directly then wsprintf is going to treat it as a 4 byte value, and thats not what you want. Example: if you open up aim.exe in a hex editor you get this "4D5A9000" but in your program you would get this "00905A4D". The solution is to pass a byte at a time to wsprintf, so do something like this...
xor eax, eax

mov al, byte ptr[pMem]
invoke wsprintf,addr output,addr format,eax
Posted on 2003-02-12 20:36:49 by BubbaFate
Completely ignore my previous post if you had a chance to read it. I need to quit being so lazy lol.
Posted on 2003-02-12 21:31:06 by resistance_is_futile
okay tried this (to get it to loop through) but its really slow and when it finishes it doesnt show the main proggie :S



invoke GetDlgItem,hWin,1001
mov [hList],eax
invoke CreateFile,addr filename,GENERIC_READ or GENERIC_WRITE,FILE_SHARE_READ or FILE_SHARE_WRITE,0,OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE, 0
mov hFile,eax
INVOKE ReadFile, hFile,addr pMem,sizeof pMem, addr bytesread, NULL
@@@2:
xor eax, eax
mov al, byte ptr[pMem]
invoke wsprintf,addr output,addr format,eax ; Format it
invoke SetDlgItemInt,hWin,IDC_EDT1,eax,NULL ; Set the box with the info
add edi,1 ;add 1 to edi
cmp edi,4096 ; If edi is less than 1000h jmp up top and do it over again
jne @@@2


REALLY slow though. Help is appreciated.
Posted on 2003-02-12 21:49:50 by resistance_is_futile
It's slow because you are calling wsprintf 4096 times. I don't understand the reasoning behind calling SetDlgItemInt, all that line is doing is constatly putting the return value of wsprintf into IDC_EDIT1 over and over again. wsprintf is not the way to do this, you really should make a routine that loops through each byte in pMem and builds a string of hexidecimal characters. After the routine finishes set the resulting hexidecimal string to the text box.
Posted on 2003-02-12 22:02:23 by BubbaFate
this is what you originally told me to do:

xor eax, eax
mov al, byte ptr
invoke wsprintf,addr output,addr format,eax

clear eax
mov 1 byte of pMem into al
make into hex string
the print it out
add one to edi
if edi doesnt equal 1000h (how much we read in in the beginning)
jmp back to top and do it again to the next byte
mov a different byte into al
etc etc

thats what i would think to do...
Posted on 2003-02-12 22:10:19 by resistance_is_futile
The return value of wsprintf is how many characters were copied into the supplied buffer. The loop you have now does not move to the next byte, you could do this by putting the address to pMem into a register and then increment that register. And you really shouldn't use wsprintf, its gonna be slow. Check out the dw2hex.asm that comes with masm32, you wanna do something like that. Except you want to do it to the whole file.
Posted on 2003-02-12 22:18:16 by BubbaFate
okay ill check that out.
Posted on 2003-02-12 22:33:00 by resistance_is_futile