Round up of the basic HIEW commands used:
| Command | Action |
|---|---|
| Change the color scheme | edit hiew8.ini the last section "Colors", set ColorMain = 0x07 to have the black background. |
| ESC | To exit any window/mode without saving the changes. |
| F1 | Context-sensitive help. |
| F3 | Enter the Edit mode. |
| ENTER | In the read mode, switch between Hex/Decode/Text modes. |
| F7 | Open a search window |
| Ctrl + Enter | continue searching. |
| Alt + F1 | Change location addressing mode. |
| F9 | Save the changes. |
| F6 | In Decode/Disassembled mode, find cross-references. |
| * | In Read mode, select block(s) of bytes. |
| F8 | Show the file header. |
| F8 -> F6 ->F3 | In Hex/Decode modes, show then edit file header sections. |
| Alt + F6 | Show all strings in a file. |
| +/- | See above, increase/decrease minimal string lentgh. |
| F5 | Go to offset. |
| Alt + F7 | Change the search direction. |
Sample "serial1.exe" program used in the tutorial:
Compiled binary "serial1.exe": https://blog-assets-public-all.s3.amazonaws.com/serial1.exe
NOTE: Today almost all OS will flag any executable you download as "malicious/harmful" etc. (and good they do so), so be warned. The virustotal rating of the file is quite good, just 7 detections of 72 :) https://www.virustotal.com/gui/file/b38128c26bc792989b23d70684498ea2612639c11047e2cd6c3a1114a9ad1e92/detection
Its SHA256 hash (use PowerShell command Get-FileHash "serial1.exe") to verify:B38128C26BC792989B23D70684498EA2612639C11047E2CD6C3A1114A9AD1E92
The source code (compiled in Microsoft Viual Studio 2015):
#include "stdafx.h"#include <stdio.h>#include <string.h>// this example and all the following will be posted on my site https://yurisk.infoint main(){ char serial_input[6] = ""; char serial_correct[6] = "23845"; int result = 0; printf("Please enter the serial of 5 numbers:"); fgets(serial_input, 6, stdin); result = strncmp(serial_input, serial_correct, 5); if (result != 0) { printf("Wrong serial!, quitting ..\n"); return 1; } else { printf("Great, you have the correct serial !\n"); } return 0;}See also other posts in the series:
Part 1
Part 3
Part 4
Part 5
Part 6
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.
