
  Hiew release 7.01                                    頥...


    http://webhost.kemtel.ru/~sen    ⥩


 砭  ᨨ 7.00 

       ᫥    쬠   த⥫쭮    7.00  -⠪  .  
-       ন  DOS    OS/2 ᨨ
- ⥯  娥  ࠡ⠥      䠩              ,    
  ᫥⢨  ⮣ ࠡ      ᪨/䨧᪨  ᪠    稨
  ࠢ    ⥬
-   
- progress bar  ᪠   権
- ᢥ⪠ 䨪ᠯ  PE  MZ
- ᢥ jmp/call ⮢   one-touch
- ࠡ ⮢ - 
- -  ( 5-7%)  ᪮७ 

**  **:      蠡   ᪠      ᥬ.  
  㭨஢    蠡  Files  (  ᠭ    ࠧ  "ப
蠡")


 砭  ᨨ 6.70 

        Crypt ⠫ 32.   Crypt-ணࠬ (*.cry)  ⥯ 뢠  
⥪⮢ ଠ.    ଠ   5.01 㤥  ন ⮫쪮  
6.7x!   樨: AND  OR. ⢮  㢥稫  32.
 ᯮ짮 ப-ਨ, 稭騥  ';'.

 砭  ᨨ 6.60 

         ⮩ ᨨ ন ଠ 䠩 - little-endian ELF.
         ⮩ ᨨ NE-,LX-,PE-DUMP ꥤ      EDUMP,    ஬
 ELF.


 砭   6.29/6.30 

        32-⭠ ᮫쭠   .   ࠭.    筮
 ᨫ쭮 ᪥ 室   訡 ⠬,   뫮.
          PE-䠩 PEDUMP.EXE
         ⨫ ⪮஢   : DOS, OS/2, Win32.


 砭  ᨨ 6.15 

         ᨨ 6.15 HIEW ⠭ ஢.  ⮨  exUSSR - 10$.
஡  register.ru.  ᫨   ন HIEW 㤥  ஢
 win32  *nix  ࠧ ,  ᫨ প  㤥 -  ...

 砭  ᨨ 6.01 

 - crypt 

 砭  ᨨ 6.00 

            ᨨ    ﬨ,  6.00 ந諨  
쥧 :
 -   crypt' ( 㤥 ⤥ ஥,  , -..)
 -  ४祭     ᯨ  䠩        ப  ॥堫   
CtrlF11/CtrlF12.
 - Alt-㪢 ॥堫  Alt-Fn (஬ Alt-P, Alt-H, Alt-=) - . hiew.hlp
 -  ਨ  (PgDown    ப)   䠩 (Backspace  
, Tab  ४祭  ᫥騩 䠩  ਨ )
 -   "ActionAfterWriteSavefile"  ini-䠩.
 - ࠬ  ini-䠩  "NextFileSaveOffset" (࠭ ⥪饥 ᬥ饭  
᫥饣  䠩)    ࠬ஬  "NextFileSaveState"  (࠭   
ﭨ  ᫥饣 䠩).

 ঠ 

    ᥡ
  ᥬ
  ஢
  
  ଠ樮 ப                                        (  7.00)
  
  
  室  call/jmp  ᥬ
  ப 蠡    					(  7.00)
                                                          (  7.00)
  ணࠬ  Crypt
  / ᬥ饭                                (  7.00)
                                            (  7.00)
  INI-䠩
  SAV-䠩
  XLT-䠩
   ப                                             (  7.00)
   ᨩ                                               ( ᥣ)


   ᥡ 

Hiew  -    '拉'    ,    ॡ    㦮 ணࠬ
   -      (  ࠢ, 7xh    0EBh :-). Hiew 
ᬠਢ  䠩  ࠭祭      ⥪⮢   ⭠筮
ଠ,  ⠪   ० ᥬ  Pentium(R) 4.

  ஢  ⭠筮 ०   ० ᥬ
  ஥ ᥬ Pentium(R) 4
  ᬮ  ।஢ ᪨  䨧᪨ ᪮
   ᮧ  䠩 " " ( ,  ᣮ ..)
       (    祬 ? )
  Help ⥪᭮-ᨬ
   ᥬ   蠡
   
  ஥ 64 


 ᥬ 

         ,     .   Byte/word/dword/pword/qword/tbyte
  ᮪     "b,"/"w,"/"d,"/"p,"/"q,"/"t,".     ᫠   
⭠묨, 㪮 "h"  ⠢,     ⠢,  
稭  .    ᪫뢠/  ( mov  bx,[123+23-46h] =  mov
bx,[100h] ).  饭  訡 ᢥ  㬠: ࠢ쭠  ,
ᨭ⠪᪠, ࠢ ࠭,  ᮮ⢥⢨  ⢨  ࠧ,
⮬  ਬ  ᤠ    ⢥  "   
ࠢ쭮 ?".  ᫮ JMP  ࠭᫨    0E9  XX  XX,  ᫨  
⪨ (0EB), ⠪  : jmp short xxxxx (  jmps xxxxx ).

         ᨨ 5.00    ᫥  졠  ᤥ  386-  ᥬ,
⮬   ⥫   ᥬ஢ 室  -   
  室  ணࠬ  8086.

 ***  ! ***        ᥬ஢ -ࠧ
                     ࠧ묨 ᥬࠬ.


 ஢ 

         ,  , ⮡  .com 易⥫쭮  稭   100h,   
 ⮡ ᬥ饭  ᥣ   稭  .   -   
⠭,  ਡ  ᬥ饭  ᠬ 室.
          ᫥  ⭠  :  ⥪饥  ᬥ饭    -
12345h,   ⮡ 뫮 95h -  뢠  "*95" (    
  !  ),  ᠬ ⠥ ( 祬  㦥   㦭 ).
        ⠭ CtrlF5-CtrlF5 筮 "*0".


  

        쪮  ०  Hex   Decode.    ᨨ 5.00   砥  
० ।஢.  뤥   ᪮஢  䠩 १ PutBlk(
F2 ).  ᫨     䠩 -  ᨬ *.

         ⠢  ⥪騩 䠩  㣮 䠩: ( GetBlk (CtrlF2) ):
⠥  ࠧ஬  ⬥祭   ᬥ饭,      
뢠  ⥪騩 䠩  ᬥ饭  ஬.
         ᨨ 6.10  ᫨    ⬥祭      ⥪饬  䠩,  
롨ࠥ  䠩 ਨ,   .


 ଠ樮 ப 


 xx%   Filename.ext           .dFRO -------- xxx PE xxxxxxxxHiew 7.00 (c) SEN

                     
 業⮢                                  ⥪饥     㤥     
  ᥣ 䠩                             ᬥ饭  progress bar
 ( ᫨ bar=P                            V
  HIEW.INI )                            ⨯ neexecutable
                 V                        
              䠩                    
                                           * Text mode:  ࢮ                     
                                        > * DeCode mode: ࠧ୮  
 ﭨ kbmacro:   <ٳ                ࠭/ᮢ
 R -                                 䨪 'a'        
 0..8 - ந                        ⮬᪮ ।  
                                               ࠧ୮   exe
 ࠢ ᪠   <ٳ                                
                                                                
  ᪠:      <ٳ     >   8 権
 F -  ⥪騩 䠩                    '-' ᢮          
 B -                                  '1..8' ᮮ..
 A - ᯨ᮪   ப           '*' ⥪騩                         
                                          
 ﭨ 䠩:     <ٳ
 R -   ⥭             
 W -                
 U -                       
                                  
 O -      <
 I - ⠢ 


  

        ᠭ   HIEW7.HLP,     ६     䠩   
஥  - ⪫  F1.   ⥭  .

  HIEW7.HLP   ࠢ   ᢮ , ࢠ ப   
ப:  "[HiewHelp  7.00]".      ';'     ᥣ  砥  ப
ਥ       ,  ஬  ࠧ    .     F1  뢠
ᮮ⢥ ᥪ:  [xxxx]  [yyyy].      ᥪ樥
[End].

  ᨨ 7.00   뫪  ᥪ  ⮣ ⮡    
ࠣ  ᪮쪮 ࠧ: +[樨]

  

         ࠭/⠭ ﭨ  ⥪饣 ࠭.    '+'
 ﭨ ⥪饣  ࠭.  ᥣ    8 ࠭.   
  ࠭   ३,    ᮮ⢥⢥  Alt-1...Alt-8.
  ० ( Text/Hex/Decode ) ᢮ .


 室  call/jmp  ᥬ 

        ⢮  맢  ७    Hiew   Beta  Day  28  室   
'A'-'Y'('Z')    '1'-'9'('0').    砭  ⥭   -  室   ⠫
⭮⥫쭮 䨣ࠡ.      Hiew.ini  ᨢ jumpTable.
 ப (  ⨨ 몠    ),          㪢  ᪮
䠢,   ६蠥, ⠪    室    ન஢.   
ᨬ - ᨬ,   ஬ ⢫ ⪠ (   hiew 4 ⠪  ᨬ
 '0',  hiew day 28  - 'Z'  ).    ⥭      ᨬ
ॢ  孨 ॣ,   室  ࠭᫨   
᪨ ᨬ  ᮮ⢥⢨    ᪫    QWERTY-  
⥬      ⠡  jumpTable,  ..   室    'S'    ''  
묨.   㬮砭   jumpTable ᭠砫    '1'-'9',  ⥬
㪢 'A'-'Z'.   뫮  祭  ਣ쭮  ।  ᤥ  ⠡  .
:   0123456789QWERTYUIOPASDFGHJKLZXCVBNM  -      ⠥ 
⥫.


 ப 蠡 

    ᫥   ᯮ짮 ப 蠡:
1.   ᪥  ᥬ (decode mode, F7-F7)
2. ᪠ 䠩  䠩  (F9)
3. ᪠ 㭪樨   ᯨ᪥ ⮢ (F8-F7)

⢥ 蠡 ᨬ:

?       -   ᨬ
*       -  ப,  㫥
{ABD}   - A  B  C  D
{A-D}   -  A  D
{!ABCD} -  A,  B,  C,  D
!       -  ᨬ  蠡  १ (!*. -
           - 䠩)

ਬ ᫨  ⮡  ⥭/ ॥  ᯮ짮
 'reg*key*'


  

        ᫨        ப   ASCII,            ࠧ砥
쪨/訥 㪢 ( ..    ᪨),  ⨥      ப  HEX
ࠧ砥 㪮.

         ᨨ 4.00 ਤ ᥬ, 窠 F7.

         ᨨ  5.00   "᪠ "  ( FindNext  ) ࠡ뢠  
᫥  ᬥ饭 (         ,  "த  
⭮" ५窠,  ⥬ ᪠ ᫥騥 宦 ).  뢠
FindNext  CtrlHome, CtrlEnd, F7(find), F5(goto)

         ᨨ 5.00     ந  ⬥祭 :  F4
  ப ᪠/.

 ⮩  ᠬ ᨨ 5.00       ᪠ 
  蠡.   (  蠡  . ).    ᫨    ᥬ୮
 砥  ப  ᨬ 蠡      蠡,
᫨  -   ᥬ. ᨫ쭮 ᥡ஢  
樥 CtrlEnter, ਬ  'mov eax,[eax*2]'

        ਬ:    ०  Decode  <F7><F7>"mov  ax,*"  㤥  ᪠  "mov
ax,1234h", "mov ax,sp",  ..
"mov e?x, eax" 㤥 ᪠ "mov eax,eax", "mov ebx,eax", "mov ecx,eax", 
"mov edx, eax",   "mov ebp,eax", "mov esi,eax"

 ***  ***
        ப ࠢ   ८ࠧ!       騥
! 'cmp *,0ab' -  , 'cmp *,000ab' -  ᫮

         ᨨ 5.83  ᪠ ᫥⥫쭮 , ࠧ 
窮  ⮩.
        ਬ: "push *10; call *; add *"

         離:                   :
        -------------                   ---------
        push 00010                      push 00010
        call 01234:05678                push 00011
        add  sp,00006                   add  ax,00006


         ᨨ 6.10   ᪠/   䠩,     
ப.    砥 롮஬ 樨 "filArg" १  F4 
।஢ ப ᪠/.


 ணࠬ  Crypt ( F7/F8 in Edit ) 

         /஢ /  ࠢ⥫쭮 ⮬ .  
 ࠧ /஢뢠  /᫮/.᫮, ࠧ  
F2.  ணࠬ   ஬ "LOOP numberLine", 祬 "Loop
1"  .

              :

        ० Reg    : neg,mul,div
        ० Reg-Reg: mov,xor,add,sub,rol,ror,xchg,and,or
        ० Reg-Imm: mov,xor,add,sub,rol,ror,and,or
        ० Imm    : loop

        㯭  8/16/32-  ॣ,  ᮫⭮  ࠢࠢ,
஬    AL/AX/EAX,            ⮬/᫮/.᫮    
஢뢠  ࠣ,        ண   ⮬   /᫮/.᫮
頥  .

⫨  ⠭⭮ ᥬ:
      *  ࠭  
      * loop ᯮ  ⢥ jmp/stop
      * ࠭  rol/ror    ࠧ, ..
           ROL AX,CL  ROL AL,CX  ᪠
      * 32 ॣ  㯭  㬭  

ਬ:
     a. -XOR-   祭 0AAh:
        1. XOR  al,0aah
        2. LOOP 1               ;  .

     b. -XOR- ᫮  ६⮬ ᪨
        1. MOV  dx,0
        2. XOR  ax,dx           ; F7 㤥 "室"  ⨬ 
        3. ADD  dx,1            ;
        4. LOOP 2               ;

        ,        ᫮ ( AX ),    
᫮   ᫮ ( DX:AX  ), ⮬  뢠  祣  
.
     c.   
        1. MOV  cl,2
        2. MOV  ah,0            ; ॣ AH  ।
        3. DIV  cl

     d. ८ࠧ  㫥: ax=(ax*3)/2
        1. MOV  bx,3
        2. MOV  cx,2
        3. MUL  bx              ; १  (DX:AX)
        4. DIV  cx              ;  (DX:AX)  CX


 / ᬥ饭 

         ᨨ 5.40   䠩 NE/LX/PE  ᤥ  ⮡ࠦ  (
)  ᬥ饭,      砫 ᥣ/쥪.   쭮
ᬥ饭 ⬥砥 窮 । ᬥ饭.
         砥 쭮  ᬥ饭  NE/LX   ᬥ饭 ⠥  
SSSSOOOO,  SSSS -   ᥣ   NE,    LX,  OOOO -  쭮
ᬥ饭.  ᫨ SSSS  㫥 ,   ᬥ饭  뢠   ⥪饣
ᥣ.
         LX,  ண ࠧ  쥪    0xFFFF  (.   1  쥪  
FC.EXE) ⮡ࠦ     ⫠稪 (.  SD386),    室  
ᮮ⢥⢥, ਬ  .0x200234,   0x20000 .
         ⮬ 砥, ᫨    室    ᥣ/쥪  뤠
ᮮ饭  訡 (  ࠢ쭮  室 :-)

 *NB!*  ᫨        ᨬ    '.',    ᬥ饭   ⠥
,  ⨢ 砥 .

ਬ   ᬥ饭  F5:
   a: (NE) .10023    -   ᥣ ᬥ饭 0x0023
   b: (NE/LX/PE) .23 -  ⥪騩 ᥣ ᬥ饭 0x0023
   c: (LX) .10023    -  ⠡ 쥪⮢  쥪   0x10000 
                         ⮬ 쥪 室  쭮 ᬥ饭 0x0023
   d: (PE) .401023   -  㠫쭮  401023

        ᫨ ⠭ 쭮 ᬥ饭,    蠡  뫪  
NE/LX/PE  ⮫쪮    ᥣ.   砥 dual-EXE ॣ  ᪠
। ⨢ .   ᫨ ⨢   MZ,    
 NewExe.


  ᨨ  7.00    64 ⮢ 砥  䠩  4 祬
ଠ          '訥32,訥32'    ᤥ  ⮬  
          ⠥  ,  ⠥  .  쭮 ப 
  䠩      ᥣ       64  ,    ᫥  ⮫쪮 ᫨
ਭ    (>89ᨬ)  ⮡ࠦ ⮫쪮 訥32,  
訬  ᬮ   ப.


   

   ᫥⥫쭮 ⨩,  ⠪  㯮 ந 
 㣨 '   ࠭'

Ctrl-窠    -       諨       -   Ctrl-窠      ४饭.
᫥⥫쭮       Ctrl-0   0.  १ Ctrl-Minus
    ७                       Ctrl-1..Ctrl-8   
࠭/  /  䠩,   ⠢  প    'ﬨ'  
ࠧ 䫠

ࠢ騥   /ந:

 Ctrl-Minus       - Macro manager (  )
 Ctrl-.           - /⠭   Macro0
 Ctrl-0           - ந Macro0 
 Ctrl-1           - ந Macro1 
 ...
 Ctrl-8           - ந Macro8 

Macro manager:
 Enter            - ந ⥪騩  
 F2     - From 0  - ஢  0
 F4     - Delay   - ⠢ প  'ﬨ '
 F5     - Rename  - २ 
 F8     - Unload  - 㧨  
 F9     - Store   -    䠩
 F10    - Load    - 㧨   䠩
 F11    - Up      - ६  
 F12    - Down    - ६  
 AltF1  - Loop    - ந뢠  ' '
 AltF2  - FailSr  - ⠭ ᫨  祣  襫


⠪  ᪠ hiew ࠧ  : /MACRO0=<filename>


 INI-䠩 

        ᫨  ⮬  ⠫,   HIEW.EXE 室 HIEW.INI  砫
⠭      .       ini-䠩 १ 
 ப: "/INI="
        ࢠ ப  : "[HiewIni 5.03]".  ப  ப
ਥ ( 稭  ';' ) .
        ⠭  Ini-䠩 ४뢠 祭  㬮砭, ᫨  
ࠨ, , _⮫쪮_ ᪠ ᫥,  ᤥ hiew.ini  
ப:   ப "Bar=...".
          ⠭ ᬮ  HIEW.INI
	
 SAV-䠩 

         ᪥  ࠬ஢ Hiew   savefile (HIEW.SAV   祭
savefile=  INI-䠩)   ⠭  ᠭ    (Ctrl/F10  -
SaveState).   HIEW.SAV  ४   ப:

       /SAV=<savefile> - 㤠  HIEW.SAV


 XLT-䠩 

        HIEW.XLT 㦨    ४஢    뢮//᪥.   
⢮ .   ४஢  ⥭/ .

typedef  struct{
   BYTE  sign[ 9 ],             // "HiewXlat",0
         unused[ 5 ],
         versionMajor,          // 0x05
         versionMinor;          // 0x40
   }XLAT_HEADER;

typedef  struct{
   BYTE  title[ 16 ],           //  ⮡ࠦ  F8
         tableOut[ 256 ],       //  뢮
         tableIn[ 256 ],        //  
         tableUpper[ 256 ];     //  ஢ ॣ஢  ᪥
   }XLAT;

 ᨬ쭮 ⢮ ⠡ - 15.

  ᬮ  ⠡ ४஢ १ F8-F9 (text mode), 
 AltF8-F9 (⠫ ० . editmode)

  ப 

 Hiew [/MACRO0=<macrofile>][/SAV=<savefile>][/INI=<inifile>] [/s]filemask ...[/s][filemask]

      /MACRO0=<macrofile>              - ࠧ ᪠ 
      /SAV=<savefile>                  - 㤠  savefile
      /INI=<inifile>                   - 㤠  inifile
      [/s] filemask ... [/s][filemask] -   ᪮쪮 䠩,
                                            蠡.

  /s ४砥   ⠫:
 hiew /s *.dll *.exe /s *.txt -> 㤥 ᪠ .dll  .exe  ⠫ 
                                 .txt ⮫쪮  ⥪饬 ⠫

 ୮ 

 樠:
        Kaspersky Labs, AVP research team:    
        ᠭ :  ⥫쭮
        ᠭ 客:  訩 -
        ઠ ⨭᪨:    ELF-䠩
         㫨:  㩬  訡
        䠪 䠭:    NE-䠩
        堨 ୥:  ॢ ।  ᪨
         ⠯:  ਮ饭  unix

 -ࠬ ⤥ ᨩ:
        Elias Bachaalany
        Erwann Corvellec
        ⠭⨭ 
        堨 客
         ᭮᪨

 騥:
        Tadashi Yamakawa
        ᫠ ஢
        ᥩ 㫥殢
        ३ ᪨
         譨
        ਫ 
         堭設
        ᥩ १
	 
        Keith Byers 

 p  

 7.00   23/12/04 -   প DOS, OS/2 ᨩ
                 - প 䠩    4
                 -  
                 - 64 
                 - progress bar  直 ᪮   権
                 -   㥬  न 㭪権  稥 ᠭ
                    न  hiew7.ord ⥯   PE
                 - ૥ MZ (  ᪮쪮 MZ-)
		 - ᢥ⪠ 䨪ᠯ  MZ  PE
		 - ।஢ ⠡ ᥪ権  PE (㤠, ,...)
		 - ⥯   (. Delay import)  8-7   ⠡
                 - ७ 蠡 ᪠  ᥬ.   㭨஢ 
                   蠡 FileList (   F9)
                 - ᬮ ⠡ ४஢
                 -  ࠬ  hiew.ini
                   MacroDelay=
                   MacroStopIfSearchFail=
	           MacroPath=
                   FlistSizeInK=
                   AutoloadOrdinals=
                   IgnoreDiskError=
                   ConfirmExitByEsc=
                   SuppressPrepareError=
                   CursorShapeInvert=
                   ColorFixup=
                   ColorMacroRec=
                   ColorMacroPlay=
 7.01   28/12/04 - FIX:   ।஢ PE section name
                   FIX:    䠩  ୮ import table

   ᫨ <sen@kemtel.ru>  
