├── .gitignore ├── .gitmodules ├── LICENSE ├── README.md ├── binwalk_windows ├── binw.py └── binwalk-2.1.1 │ ├── .gitignore │ ├── API.md │ ├── INSTALL.md │ ├── LICENSE │ ├── README.md │ ├── deps.sh │ ├── images │ ├── README.md │ ├── binwalk_ida_plugin_output.png │ └── binwalk_ida_plugin_usage.png │ ├── setup.py │ └── src │ ├── .gitignore │ ├── binwalk.egg-info │ ├── PKG-INFO │ ├── SOURCES.txt │ ├── dependency_links.txt │ └── top_level.txt │ ├── binwalk │ ├── __init__.py │ ├── config │ │ └── extract.conf │ ├── core │ │ ├── C.py │ │ ├── __init__.py │ │ ├── common.py │ │ ├── compat.py │ │ ├── display.py │ │ ├── idb.py │ │ ├── magic.py │ │ ├── module.py │ │ ├── plugin.py │ │ ├── settings.py │ │ └── statuserver.py │ ├── magic │ │ ├── archives │ │ ├── binarch │ │ ├── bincast │ │ ├── binwalk │ │ ├── bootloaders │ │ ├── code │ │ ├── compressed │ │ ├── console │ │ ├── crypto │ │ ├── ecos │ │ ├── encoding │ │ ├── executables │ │ ├── filesystems │ │ ├── firmware │ │ ├── hashing │ │ ├── images │ │ ├── linux │ │ ├── lzma │ │ ├── misc │ │ ├── network │ │ ├── sql │ │ └── vxworks │ ├── modules │ │ ├── __init__.py │ │ ├── binvis.py │ │ ├── compression.py │ │ ├── disasm.py │ │ ├── entropy.py │ │ ├── extractor.py │ │ ├── general.py │ │ ├── hashmatch.py │ │ ├── heuristics.py │ │ ├── hexdiff.py │ │ └── signature.py │ └── plugins │ │ ├── arcadyan.py │ │ ├── compressd.py │ │ ├── cpio.py │ │ ├── gzipextract.py │ │ ├── gzipvalid.py │ │ ├── jffs2valid.py │ │ ├── lzmaextract.py │ │ ├── lzmamod.py │ │ ├── lzmavalid.py │ │ ├── tar.py │ │ ├── ubivalid.py │ │ ├── unjffs2.py │ │ ├── ziphelper.py │ │ ├── zlibextract.py │ │ └── zlibvalid.py │ └── scripts │ ├── binida.py │ ├── binwalk │ └── examples │ ├── binwalk_simple.py │ ├── extract_data.py │ └── signature_scan.py ├── deb-packaging └── hexwalk-1.7.1 │ ├── COPYING │ ├── debian │ ├── changelog │ ├── control │ ├── copyright │ ├── dirs │ ├── hexwalk.install │ ├── menu │ ├── rules │ ├── source │ │ └── format │ └── watch │ ├── hexwalk.desktop │ ├── hexwalk.ico │ ├── hexwalk.pro │ └── src │ └── README.md ├── hexwalk.png ├── hexwalk ├── advancedsearchdialog.cpp ├── advancedsearchdialog.h ├── advancedsearchdialog.ui ├── binanalysisdialog.cpp ├── binanalysisdialog.h ├── binanalysisdialog.ui ├── bytemap.cpp ├── bytemap.h ├── bytemapdialog.cpp ├── bytemapdialog.h ├── bytemapdialog.ui ├── converterwidget.cpp ├── converterwidget.h ├── converterwidget.ui ├── diffdialog.cpp ├── diffdialog.h ├── diffdialog.ui ├── disasmwidget.cpp ├── disasmwidget.h ├── disasmwidget.ui ├── edittagdialog.cpp ├── edittagdialog.h ├── edittagdialog.ui ├── entropychart.cpp ├── entropychart.h ├── entropydialog.cpp ├── entropydialog.h ├── entropydialog.ui ├── fonts │ ├── Courier.ttf │ └── Roboto.ttf ├── hashdialog.cpp ├── hashdialog.h ├── hashdialog.ui ├── hexwalk.pro ├── hexwalk.qrc ├── hexwalkmain.cpp ├── hexwalkmain.h ├── hexwalkmain.ui ├── images │ ├── binary.png │ ├── bytemap.png │ ├── diff.png │ ├── disasm.png │ ├── entropy.png │ ├── find.png │ ├── hexwalk.ico │ ├── hexwalk16.png │ ├── hexwalk256.png │ ├── hexwalk32.png │ ├── hexwalk64.png │ ├── open.png │ ├── redo.png │ ├── save.png │ ├── strings.png │ ├── tags.png │ └── undo.png ├── main.cpp ├── optionsdialog.cpp ├── optionsdialog.h ├── optionsdialog.ui ├── resultType.h ├── searchdialog.cpp ├── searchdialog.h ├── searchdialog.ui ├── stringsdialog.cpp ├── stringsdialog.h ├── stringsdialog.ui ├── tagsdialog.cpp ├── tagsdialog.h ├── tagsdialog.ui ├── translations │ ├── hexwalk_cs.qm │ ├── hexwalk_cs.ts │ ├── hexwalk_de.qm │ ├── hexwalk_de.ts │ ├── hexwalk_ru.qm │ └── hexwalk_ru.ts ├── worditemdelegate.cpp └── worditemdelegate.h ├── linux_build.sh ├── patterns ├── elf.yml ├── exe.yml ├── jpg.yml ├── pdf1.yml └── wav.yml ├── qhexedit ├── QHexEditPlugin.cpp ├── QHexEditPlugin.h ├── bytepattern.cpp ├── bytepattern.h ├── chunks.cpp ├── chunks.h ├── colortag.cpp ├── colortag.h ├── commands.cpp ├── commands.h ├── license.txt ├── qhexedit.cpp ├── qhexedit.h ├── qhexedit.pro ├── qhexedit.sip ├── qhexeditplugin.pro ├── tagparser.cpp └── tagparser.hpp └── screenshots ├── digits.png ├── digits2.png ├── hexwalk_gui0.png ├── hexwalk_gui1.png ├── hexwalk_gui10.png ├── hexwalk_gui11.png ├── hexwalk_gui12.png ├── hexwalk_gui13.png ├── hexwalk_gui14.png ├── hexwalk_gui15.png ├── hexwalk_gui16.png ├── hexwalk_gui17.png ├── hexwalk_gui2.png ├── hexwalk_gui3.png ├── hexwalk_gui4.png ├── hexwalk_gui5.png ├── hexwalk_gui6.png ├── hexwalk_gui7.png ├── hexwalk_gui8.png └── hexwalk_gui9.png /.gitignore: -------------------------------------------------------------------------------- 1 | build-* 2 | build/ 3 | deploy_linux/ 4 | deploy_win/ 5 | deploy_deb/ 6 | bin/ 7 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "capstone"] 2 | path = capstone 3 | url = https://github.com/capstone-engine/capstone 4 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![hexwalk](hexwalk/images/hexwalk64.png) 2 | # HexWalk - Hex Editor/Viewer/Analyzer 3 | 4 | HexWalk is an Hex editor, viewer, analyzer. 5 | 6 | Based on opensource projects like qhexedit2,binwalk and QT. 7 | 8 | It is cross platform and has plenty of features: 9 | 10 | * Advanced Find (can find patterns in binary files based on HEX,UTF8,UTF16 and regex) 11 | * Binwalk integration 12 | * Entropy Analysis 13 | * Byte Map 14 | * Hash Calculator 15 | * Bin/Dec/Hex Converter 16 | * Hex file editing 17 | * Diff file analysis 18 | * Byte Patterns to parse headers 19 | * Disassembler for x86,ARM and MIPS architectures 20 | 21 | 22 | ## Screenshots 23 | 24 | * Main page 25 | ![hexwalk gui](screenshots/hexwalk_gui1.png) 26 | 27 | * Byte Map 28 | ![hexwalk gui](screenshots/hexwalk_gui17.png) 29 | 30 | * Advanced Search 31 | ![hexwalk gui](screenshots/hexwalk_gui5.png) 32 | 33 | * Entropy Calculator 34 | ![hexwalk gui](screenshots/hexwalk_gui2.png) 35 | 36 | * Binary Analyzer 37 | ![hexwalk gui](screenshots/hexwalk_gui3.png) 38 | 39 | 40 | 41 | * Hash Calculator 42 | ![hexwalk gui](screenshots/hexwalk_gui4.png) 43 | 44 | * Diff Analysis 45 | ![hexwalk gui](screenshots/hexwalk_gui13.png) 46 | 47 | * Binary Patterns for header parsing 48 | ![hexwalk gui](screenshots/hexwalk_gui15.png) 49 | 50 | ## Usage 51 | 52 | HexWalk release executables are self-contained, you can use as-is. 53 | Binwalk functionalities need Binwalk to be installed on the OS. For Linux OS simply install binwalk with your package manager (eg. sudo apt install binwalk). On Mac install with "brew install binwalk" or from sources following the instructions on Binwalk repository. 54 | 55 | For more details about the usage go to the Wiki: 56 | 57 | https://github.com/gcarmix/hexwalk/wiki 58 | 59 | ## Windows 60 | HexWalk on Windows is released in different flavours: 61 | - as an installer 62 | - as a portable zip file 63 | 64 | The fastest way to install it is through winget: 65 | 66 | ``` 67 | winget install hexwalk 68 | ``` 69 | ## MacOS 70 | On MacOS you can easily download the .dmg file available in the release page and drag the app in the Applications folder as usual 71 | 72 | ## Debian 73 | The project is now available on backports for Bookworm, just enable the backports repos by adding this line to /etc/apt/sources.list: 74 | ``` 75 | deb http://deb.debian.org/debian bookworm-backports main 76 | ``` 77 | and then type in: 78 | ``` 79 | sudo apt update 80 | 81 | sudo apt install hexwalk 82 | ``` 83 | 84 | ## Ubuntu 85 | The project is also available on launchpad 86 | https://launchpad.net/hexwalk 87 | to install on Ubuntu you can simply do: 88 | ``` 89 | sudo add-apt-repository ppa:carmix/ppa 90 | 91 | sudo apt update 92 | 93 | sudo apt install hexwalk 94 | ``` 95 | 96 | ## Linux 97 | For other Linux distributions there's the AppImage file available in the release page. Just download, give execution permissions and you are ready to go. 98 | 99 | ## Build 100 | If you want to build from source just open hexedit.pro in QT Creator and build it. 101 | It is possible also to build from command line (linux_build.sh script provided). 102 | 103 | ## Acknowledgments 104 | 105 | Thanks to these projects: 106 | 107 | * Binwalk - https://github.com/ReFirmLabs/binwalk 108 | 109 | * QHexEdit2 - https://github.com/Simsys/qhexedit2 110 | 111 | * QT5 112 | 113 | * Capstone - https://www.capstone-engine.org 114 | -------------------------------------------------------------------------------- /binwalk_windows/binw.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import os 3 | sys.path.append(os.path.dirname('binwalk/src/binwalk')) 4 | import binwalk 5 | if len(sys.argv) == 2: 6 | binwalk.scan('--signature', sys.argv[1]) 7 | elif len(sys.argv) == 3 and sys.argv[1] == '-e': 8 | binwalk.scan('--signature','--extract', sys.argv[2]) 9 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/binwalk_windows/binwalk-2.1.1/.gitignore -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/INSTALL.md: -------------------------------------------------------------------------------- 1 | Before You Start 2 | ================ 3 | 4 | Binwalk supports Python 2.7 - 3.x. Although most systems have Python2.7 set as their default Python interpreter, binwalk does run faster in Python3. Installation procedures for both are provided below. 5 | 6 | Installation 7 | ============ 8 | 9 | Installation follows the typical Python installation procedure: 10 | 11 | ```bash 12 | # Python2.7 13 | $ sudo python setup.py install 14 | ``` 15 | 16 | ```bash 17 | # Python3.x 18 | $ sudo python3 setup.py install 19 | ``` 20 | 21 | **NOTE**: Older versions of binwalk (e.g., v1.0) are not compatible with the latest version of binwalk. It is strongly recommended that you uninstall any existing binwalk installations before installing the latest version in order to avoid API conflicts. 22 | 23 | Dependencies 24 | ============ 25 | 26 | Besides a Python interpreter, there are no installation dependencies for binwalk. All dependencies are optional run-time dependencies, and unless otherwise specified, are available from most Linux package managers. 27 | 28 | Although all binwalk run-time dependencies are optional, the `python-lzma` module is highly recommended for improving the reliability of signature scans. This module is included by default in Python3, but must be installed separately for Python2.7: 29 | 30 | ```bash 31 | $ sudo apt-get install python-lzma 32 | ``` 33 | 34 | Binwalk uses [pyqtgraph](http://www.pyqtgraph.org) to generate graphs and visualizations, which requires the following: 35 | 36 | ```bash 37 | # Python2.7 38 | $ sudo apt-get install libqt4-opengl python-opengl python-qt4 python-qt4-gl python-numpy python-scipy python-pip 39 | $ sudo pip install pyqtgraph 40 | ``` 41 | 42 | ```bash 43 | # Python3.x 44 | $ sudo apt-get install libqt4-opengl python3-opengl python3-pyqt4 python3-pyqt4.qtopengl python3-numpy python3-scipy python3-pip 45 | $ sudo pip3 install pyqtgraph 46 | ``` 47 | 48 | Binwalk's `--disasm` option requires the [Capstone](http://www.capstone-engine.org/) disassembly framework and its corresponding Python bindings: 49 | 50 | ```bash 51 | # Python2.7 52 | $ sudo apt-get install python-pip 53 | $ sudo pip install capstone 54 | ``` 55 | 56 | ```bash 57 | # Python3.x 58 | $ sudo apt-get install python3-pip 59 | $ sudo pip3 install capstone 60 | ``` 61 | 62 | Binwalk relies on multiple external utilties in order to automatically extract/decompress files and data: 63 | 64 | ```bash 65 | # Install standard extraction utilities 66 | $ sudo apt-get install mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools 67 | ``` 68 | 69 | ```bash 70 | # Install sasquatch to extract non-standard SquashFS images 71 | $ sudo apt-get install zlib1g-dev liblzma-dev liblzo2-dev 72 | $ git clone https://github.com/devttys0/sasquatch 73 | $ (cd sasquatch && make && sudo make install) 74 | ``` 75 | 76 | ```bash 77 | # Install jefferson to extract JFFS2 file systems 78 | $ sudo pip install cstruct 79 | $ git clone https://github.com/sviehb/jefferson 80 | $ (cd jefferson && sudo python setup.py install) 81 | ``` 82 | 83 | ```bash 84 | # Install ubi_reader to extract UBIFS file systems 85 | $ sudo apt-get install liblzo2-dev python-lzo 86 | $ git clone https://github.com/jrspruitt/ubi_reader 87 | $ (cd ubi_reader && sudo python setup.py install) 88 | ``` 89 | 90 | ```bash 91 | # Install unstuff (closed source) to extract StuffIt archive files 92 | $ wget -O - http://my.smithmicro.com/downloads/files/stuffit520.611linux-i386.tar.gz | tar -zxv 93 | $ sudo cp bin/unstuff /usr/local/bin/ 94 | ``` 95 | 96 | Note that for Debian/Ubuntu users, all of the above dependencies can be installed automatically using the included `deps.sh` script: 97 | 98 | ```bash 99 | $ sudo ./deps.sh 100 | ``` 101 | 102 | Installing the IDA Plugin 103 | ========================= 104 | 105 | If IDA is installed on your system, you may optionally install the binwalk IDA plugin: 106 | 107 | ```bash 108 | $ python setup.py idainstall --idadir=/home/user/ida 109 | ``` 110 | 111 | Likewise, the binwalk IDA plugin can be uninstalled: 112 | 113 | ```bash 114 | $ python setup.py idauninstall --idadir=/home/user/ida 115 | ``` 116 | 117 | 118 | Uninstalling Binwalk 119 | ==================== 120 | 121 | If binwalk has been installed to a standard system location (e.g., via `setup.py install`), it can be removed by running: 122 | 123 | ```bash 124 | # Python2.7 125 | $ sudo python setup.py uninstall 126 | ``` 127 | 128 | ```bash 129 | # Python3 130 | $ sudo python3 setup.py uninstall 131 | ``` 132 | 133 | Note that this does _not_ remove any of the manually installed dependencies. 134 | 135 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2010-2015 Craig Heffner 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/README.md: -------------------------------------------------------------------------------- 1 | Description 2 | =========== 3 | 4 | Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. 5 | 6 | Installation 7 | ============ 8 | 9 | Binwalk follows the standard Python installation procedure: 10 | 11 | ```bash 12 | $ sudo python setup.py install 13 | ``` 14 | 15 | If you're running Python 2.x, you'll also want to install the Python lzma module: 16 | 17 | ```bash 18 | $ sudo apt-get install python-lzma 19 | ``` 20 | 21 | For instructions on installing optional dependencies, see [INSTALL.md](https://github.com/devttys0/binwalk/blob/master/INSTALL.md). 22 | 23 | 24 | Usage 25 | ===== 26 | 27 | Basic usage is simple: 28 | 29 | ```bash 30 | $ binwalk firmware.bin 31 | 32 | DECIMAL HEXADECIMAL DESCRIPTION 33 | -------------------------------------------------------------------------------- 34 | 0 0x0 TRX firmware header, little endian, header size: 28 bytes, image size: 14766080 bytes, CRC32: 0x6980E553 flags: 0x0, version: 1 35 | 28 0x1C LZMA compressed data, properties: 0x5D, dictionary size: 65536 bytes, uncompressed size: 5494368 bytes 36 | 2319004 0x23629C Squashfs filesystem, little endian, version 4.0, compression: xz, size: 12442471 bytes, 3158 inodes, blocksize: 131072 bytes, blocksize: 131072 bytes, created: 2014-05-21 22:38:47 37 | ``` 38 | 39 | For additional examples and descriptions of advanced options, see the [wiki](https://github.com/devttys0/binwalk/wiki). 40 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/deps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | REQUIRED_UTILS="wget tar python" 4 | APTCMD="apt-get" 5 | YUMCMD="yum" 6 | APT_CANDIDATES="git build-essential libqt4-opengl mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools zlib1g-dev liblzma-dev liblzo2-dev sleuthkit" 7 | PYTHON2_APT_CANDIDATES="python-lzo python-lzma python-pip python-opengl python-qt4 python-qt4-gl python-numpy python-scipy" 8 | PYTHON3_APT_CANDIDATES="python3-pip python3-opengl python3-pyqt4 python3-pyqt4.qtopengl python3-numpy python3-scipy" 9 | PYTHON3_YUM_CANDIDATES="" 10 | YUM_CANDIDATES="git gcc gcc-c++ make openssl-devel qtwebkit-devel qt-devel gzip bzip2 tar arj p7zip p7zip-plugins cabextract squashfs-tools zlib zlib-devel lzo lzo-devel xz xz-compat-libs xz-libs xz-devel xz-lzma-compat python-backports-lzma lzip pyliblzma perl-Compress-Raw-Lzma" 11 | PYTHON2_YUM_CANDIDATES="python-pip python-opengl python-qt4 numpy python-numdisplay numpy-2f python-Bottleneck scipy" 12 | APT_CANDIDATES="$APT_CANDIDATES $PYTHON2_APT_CANDIDATES" 13 | YUM_CANDIDATES="$YUM_CANDIDATES $PYTHON2_YUM_CANDIDATES" 14 | PIP_COMMANDS="pip" 15 | 16 | # Check for root privileges 17 | if [ $UID -eq 0 ] 18 | then 19 | SUDO="" 20 | else 21 | SUDO="sudo" 22 | REQUIRED_UTILS="sudo $REQUIRED_UTILS" 23 | fi 24 | 25 | function install_sasquatch 26 | { 27 | git clone https://github.com/devttys0/sasquatch 28 | (cd sasquatch && make && $SUDO make install) 29 | $SUDO rm -rf sasquatch 30 | } 31 | 32 | function install_jefferson 33 | { 34 | $SUDO pip install cstruct 35 | git clone https://github.com/sviehb/jefferson 36 | (cd jefferson && $SUDO python2 setup.py install) 37 | $SUDO rm -rf jefferson 38 | } 39 | 40 | function install_unstuff 41 | { 42 | mkdir -p /tmp/unstuff 43 | cd /tmp/unstuff 44 | wget -O - http://my.smithmicro.com/downloads/files/stuffit520.611linux-i386.tar.gz | tar -zxv 45 | $SUDO cp bin/unstuff /usr/local/bin/ 46 | cd - 47 | rm -rf /tmp/unstuff 48 | } 49 | 50 | function install_ubireader 51 | { 52 | git clone https://github.com/jrspruitt/ubi_reader 53 | (cd ubi_reader && $SUDO python setup.py install) 54 | rm -rf ubi_reader 55 | } 56 | 57 | function install_pip_package 58 | { 59 | PACKAGE="$1" 60 | 61 | for PIP_COMMAND in $PIP_COMMANDS 62 | do 63 | $SUDO $PIP_COMMAND install $PACKAGE 64 | done 65 | } 66 | 67 | function find_path 68 | { 69 | FILE_NAME="$1" 70 | 71 | echo -ne "checking for $FILE_NAME..." 72 | which $FILE_NAME > /dev/null 73 | if [ $? -eq 0 ] 74 | then 75 | echo "yes" 76 | return 0 77 | else 78 | echo "no" 79 | return 1 80 | fi 81 | } 82 | 83 | # Make sure the user really wants to do this 84 | echo "" 85 | echo "WARNING: This script will download and install all required and optional dependencies for binwalk." 86 | echo " This script has only been tested on, and is only intended for, Debian based systems." 87 | echo " Some dependencies are downloaded via unsecure (HTTP) protocols." 88 | echo " This script requires internet access." 89 | echo " This script requires root privileges." 90 | echo "" 91 | echo -n "Continue [y/N]? " 92 | read YN 93 | if [ "$(echo "$YN" | grep -i -e 'y' -e 'yes')" == "" ] 94 | then 95 | echo "Quitting..." 96 | exit 1 97 | fi 98 | 99 | # Check to make sure we have all the required utilities installed 100 | NEEDED_UTILS="" 101 | for UTIL in $REQUIRED_UTILS 102 | do 103 | find_path $UTIL 104 | if [ $? -eq 1 ] 105 | then 106 | NEEDED_UTILS="$NEEDED_UTILS $UTIL" 107 | fi 108 | done 109 | 110 | # Check for supported package managers and set the PKG_* envars appropriately 111 | find_path $APTCMD 112 | if [ $? -eq 1 ] 113 | then 114 | find_path $YUMCMD 115 | if [ $? -eq 1 ] 116 | then 117 | NEEDED_UTILS="$NEEDED_UTILS $APTCMD/$YUMCMD" 118 | else 119 | PKGCMD="$YUMCMD" 120 | PKGCMD_OPTS="-y install" 121 | PKG_CANDIDATES="$YUM_CANDIDATES" 122 | PKG_PYTHON3_CANDIDATES="$PYTHON3_YUM_CANDIDATES" 123 | fi 124 | else 125 | PKGCMD="$APTCMD" 126 | PKGCMD_OPTS="install -y" 127 | PKG_CANDIDATES="$APT_CANDIDATES" 128 | PKG_PYTHON3_CANDIDATES="$PYTHON3_APT_CANDIDATES" 129 | fi 130 | 131 | if [ "$NEEDED_UTILS" != "" ] 132 | then 133 | echo "Please install the following required utilities: $NEEDED_UTILS" 134 | exit 1 135 | fi 136 | 137 | # Check to see if we should install modules for python3 as well 138 | find_path python3 139 | if [ $? -eq 0 ] 140 | then 141 | PKG_CANDIDATES="$PKG_CANDIDATES $PKG_PYTHON3_CANDIDATES" 142 | PIP_COMMANDS="pip3 $PIP_COMMANDS" 143 | fi 144 | 145 | # Do the install(s) 146 | cd /tmp 147 | sudo $PKGCMD $PKGCMD_OPTS $PKG_CANDIDTES 148 | install_pip_package pyqtgraph 149 | install_pip_package capstone 150 | install_sasquatch 151 | install_jefferson 152 | install_unstuff 153 | install_ubireader 154 | 155 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/images/README.md: -------------------------------------------------------------------------------- 1 | This is just a directory to store screenshots used in the github Wiki / documentation. 2 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/images/binwalk_ida_plugin_output.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/binwalk_windows/binwalk-2.1.1/images/binwalk_ida_plugin_output.png -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/images/binwalk_ida_plugin_usage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/binwalk_windows/binwalk-2.1.1/images/binwalk_ida_plugin_usage.png -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/.gitignore: -------------------------------------------------------------------------------- 1 | build 2 | dist 3 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk.egg-info/PKG-INFO: -------------------------------------------------------------------------------- 1 | Metadata-Version: 2.1 2 | Name: binwalk 3 | Version: 2.1.1 4 | Summary: Firmware analysis tool 5 | Home-page: https://github.com/devttys0/binwalk 6 | Author: Craig Heffner 7 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk.egg-info/SOURCES.txt: -------------------------------------------------------------------------------- 1 | binwalk/__init__.py 2 | binwalk.egg-info/PKG-INFO 3 | binwalk.egg-info/SOURCES.txt 4 | binwalk.egg-info/dependency_links.txt 5 | binwalk.egg-info/top_level.txt 6 | binwalk/config/extract.conf 7 | binwalk/core/C.py 8 | binwalk/core/__init__.py 9 | binwalk/core/common.py 10 | binwalk/core/compat.py 11 | binwalk/core/display.py 12 | binwalk/core/idb.py 13 | binwalk/core/magic.py 14 | binwalk/core/module.py 15 | binwalk/core/plugin.py 16 | binwalk/core/settings.py 17 | binwalk/core/statuserver.py 18 | binwalk/magic/archives 19 | binwalk/magic/binarch 20 | binwalk/magic/bincast 21 | binwalk/magic/binwalk 22 | binwalk/magic/bootloaders 23 | binwalk/magic/code 24 | binwalk/magic/compressed 25 | binwalk/magic/console 26 | binwalk/magic/crypto 27 | binwalk/magic/ecos 28 | binwalk/magic/encoding 29 | binwalk/magic/executables 30 | binwalk/magic/filesystems 31 | binwalk/magic/firmware 32 | binwalk/magic/hashing 33 | binwalk/magic/images 34 | binwalk/magic/linux 35 | binwalk/magic/lzma 36 | binwalk/magic/misc 37 | binwalk/magic/network 38 | binwalk/magic/sql 39 | binwalk/magic/vxworks 40 | binwalk/modules/__init__.py 41 | binwalk/modules/binvis.py 42 | binwalk/modules/compression.py 43 | binwalk/modules/disasm.py 44 | binwalk/modules/entropy.py 45 | binwalk/modules/extractor.py 46 | binwalk/modules/general.py 47 | binwalk/modules/hashmatch.py 48 | binwalk/modules/heuristics.py 49 | binwalk/modules/hexdiff.py 50 | binwalk/modules/signature.py 51 | binwalk/plugins/arcadyan.py 52 | binwalk/plugins/compressd.py 53 | binwalk/plugins/cpio.py 54 | binwalk/plugins/gzipextract.py 55 | binwalk/plugins/gzipvalid.py 56 | binwalk/plugins/jffs2valid.py 57 | binwalk/plugins/lzmaextract.py 58 | binwalk/plugins/lzmamod.py 59 | binwalk/plugins/lzmavalid.py 60 | binwalk/plugins/tar.py 61 | binwalk/plugins/ubivalid.py 62 | binwalk/plugins/unjffs2.py 63 | binwalk/plugins/ziphelper.py 64 | binwalk/plugins/zlibextract.py 65 | binwalk/plugins/zlibvalid.py 66 | scripts/binwalk -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk.egg-info/dependency_links.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk.egg-info/top_level.txt: -------------------------------------------------------------------------------- 1 | binwalk 2 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/__init__.py: -------------------------------------------------------------------------------- 1 | __all__ = ['scan', 'execute', 'ModuleException'] 2 | 3 | from binwalk.core.module import Modules, ModuleException 4 | 5 | # Convenience functions 6 | def scan(*args, **kwargs): 7 | with Modules(*args, **kwargs) as m: 8 | objs = m.execute() 9 | return objs 10 | def execute(*args, **kwargs): 11 | return scan(*args, **kwargs) 12 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/config/extract.conf: -------------------------------------------------------------------------------- 1 | ####################################################################################################################################### 2 | # Default extraction rules, loaded when --extract is specified. 3 | # 4 | # :::: 5 | # 6 | # Note that %e is a place holder for the extracted file name. 7 | # 8 | # The %% place holder is used when a unique file path is required. 9 | # For example '%%squashfs-root%%' will be replaced with 'squashfs-root-0' 10 | # if 'squashfs-root' already exists. 11 | # 12 | # The following file types are handled internally by extractor plugins: 13 | # 14 | # o zlib 15 | # o cpio 16 | # o Raw LZMA/deflate streams 17 | # 18 | # There are also alternative extractors for the following file formats, implemented as plugins: 19 | # 20 | # o gzip 21 | # o lzma 22 | # o xz 23 | # 24 | ####################################################################################################################################### 25 | 26 | # Assumes these utilities are installed in $PATH. 27 | ^gzip compressed data:gz:gzip -d -f '%e':0,2 28 | ^lzma compressed data:7z:7z e -y '%e':0,1 29 | ^xz compressed data:xz:7z e -y '%e':0,1 30 | ^bzip2 compressed data:bz2:bzip2 -d '%e' 31 | ^compress'd data:Z:gzip -d '%e' 32 | ^zip archive data:zip:7z x -y '%e' -p '':0,1 33 | ^posix tar archive:tar:tar xvf '%e' 34 | ^rar archive data:rar:unrar e '%e' 35 | ^rar archive data:rar:unrar -x '%e' # This is for the 'free' version 36 | ^arj archive data.*comment header:arj:arj -y e '%e' 37 | ^lha:lha:lha ei '%e' 38 | ^iso 9660:iso:7z x '%e' -oiso-root 39 | ^microsoft cabinet archive:cab:cabextract '%e' 40 | ^stuffit:sit:unstuff '%e' 41 | 42 | # Try unsquashfs first, or if not installed, sasquatch 43 | ^squashfs filesystem:squashfs:unsquashfs -d '%%squashfs-root%%' '%e':0:False 44 | ^squashfs filesystem:squashfs:sasquatch -p 1 -le -d '%%squashfs-root%%' '%e':0:False 45 | ^squashfs filesystem:squashfs:sasquatch -p 1 -be -d '%%squashfs-root%%' '%e':0:False 46 | 47 | # Try cramfsck first; if that fails, swap the file system and try again 48 | ^cramfs filesystem:cramfs:cramfsck -x '%%cramfs-root%%' '%e':0:False 49 | ^cramfs filesystem:cramfs:cramfsswap '%e' '%e.swap' && cramfsck -x '%%cramfs-root%%' '%e.swap':0:False 50 | 51 | # Extract EXT filesystems using sleuth kit 52 | ^linux ext:ext:tsk_recover -i raw -f ext -a -v '%e' '%%ext-root%%':0:False 53 | 54 | # Try mounting the file system (this requires root privileges) 55 | ^squashfs filesystem:squashfs:mkdir squashfs-root && mount -t squashfs '%e' squashfs-root:0:False 56 | ^cramfs filesystem:cramfs:mkdir cramfs-root && mount -t cramfs '%e' cramfs-root:0:False 57 | ^ext2 filesystem:ext2:mkdir ext2-root && mount -t ext2 '%e' ext2-root:0:False 58 | ^romfs filesystem:romfs:mkdir romfs-root && mount -t romfs '%e' romfs-root:0:False 59 | 60 | # Use sviehb's jefferson.py tool for JFFS2 extraction 61 | ^jffs2 filesystem:jffs2:jefferson -d '%%jffs2-root%%' '%e':0:False 62 | 63 | # Use ubi_reader tool for UBIFS extraction 64 | ^ubifs filesystem superblock node:ubi:ubireader_extract_files -o '%%ubifs-root%%' '%e':0:False 65 | ^ubi erase count header:ubi:ubireader_extract_files -o '%%ubifs-root%%' '%e':0:False 66 | 67 | # These were extractors used from FMK that still need suitable replacements. 68 | #^bff volume entry:bff:/opt/firmware-mod-kit/src/bff/bffxtractor.py '%e' 69 | #^wdk file system:wdk:/opt/firmware-mod-kit/src/firmware-tools/unwdk.py '%e' 70 | 71 | # Extract, but don't run anything 72 | ^elf,:elf 73 | private key:key 74 | certificate:crt 75 | html document header 76 | xml document:xml 77 | 78 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/binwalk_windows/binwalk-2.1.1/src/binwalk/core/__init__.py -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/core/compat.py: -------------------------------------------------------------------------------- 1 | # All Python 2/3 compatibility stuffs go here. 2 | 3 | from __future__ import print_function 4 | import sys 5 | import string 6 | 7 | PY_MAJOR_VERSION = sys.version_info[0] 8 | 9 | if PY_MAJOR_VERSION > 2: 10 | string.letters = string.ascii_letters 11 | 12 | def iterator(dictionary): 13 | ''' 14 | For cross compatibility between Python 2 and Python 3 dictionaries. 15 | ''' 16 | if PY_MAJOR_VERSION > 2: 17 | return dictionary.items() 18 | else: 19 | return dictionary.iteritems() 20 | 21 | def has_key(dictionary, key): 22 | ''' 23 | For cross compatibility between Python 2 and Python 3 dictionaries. 24 | ''' 25 | if PY_MAJOR_VERSION > 2: 26 | return key in dictionary 27 | else: 28 | return dictionary.has_key(key) 29 | 30 | def get_keys(dictionary): 31 | ''' 32 | For cross compatibility between Python 2 and Python 3 dictionaries. 33 | ''' 34 | if PY_MAJOR_VERSION > 2: 35 | return list(dictionary.keys()) 36 | else: 37 | return dictionary.keys() 38 | 39 | def str2bytes(string): 40 | ''' 41 | For cross compatibility between Python 2 and Python 3 strings. 42 | ''' 43 | if isinstance(string, type('')) and PY_MAJOR_VERSION > 2: 44 | return bytes(string, 'latin1') 45 | else: 46 | return string 47 | 48 | def bytes2str(bs): 49 | ''' 50 | For cross compatibility between Python 2 and Python 3 strings. 51 | ''' 52 | if isinstance(bs, type(b'')) and PY_MAJOR_VERSION > 2: 53 | return bs.decode('latin1') 54 | else: 55 | return bs 56 | 57 | def string_decode(string): 58 | ''' 59 | For cross compatibility between Python 2 and Python 3 strings. 60 | ''' 61 | if PY_MAJOR_VERSION > 2: 62 | return bytes(string, 'utf-8').decode('unicode_escape') 63 | else: 64 | return string.decode('string_escape') 65 | 66 | def user_input(prompt=''): 67 | ''' 68 | For getting raw user input in Python 2 and 3. 69 | ''' 70 | if PY_MAJOR_VERSION > 2: 71 | return input(prompt) 72 | else: 73 | return raw_input(prompt) 74 | 75 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/core/idb.py: -------------------------------------------------------------------------------- 1 | # Special overrides/workarounds for running as an IDA plugin 2 | 3 | import io 4 | import os 5 | import logging 6 | 7 | class ShutUpHashlib(logging.Filter): 8 | ''' 9 | This is used to suppress hashlib exception messages 10 | if using the Python interpreter bundled with IDA. 11 | ''' 12 | def filter(self, record): 13 | return not record.getMessage().startswith("code for hash") 14 | 15 | try: 16 | import idc 17 | import idaapi 18 | LOADED_IN_IDA = True 19 | logger = logging.getLogger() 20 | logger.addFilter(ShutUpHashlib()) 21 | except ImportError: 22 | LOADED_IN_IDA = False 23 | 24 | def start_address(): 25 | return idaapi.get_first_seg().startEA 26 | 27 | def end_address(): 28 | last_ea = idc.BADADDR 29 | seg = idaapi.get_first_seg() 30 | 31 | while seg: 32 | last_ea = seg.endEA 33 | seg = idaapi.get_next_seg(last_ea) 34 | 35 | return last_ea 36 | 37 | class IDBFileIO(io.FileIO): 38 | ''' 39 | A custom class to override binwalk.core.common.Blockfile in order to 40 | read data directly out of the IDB, rather than reading from the original 41 | file on disk, which may or may not still exist. 42 | 43 | Requests to read from files that are not the current IDB are just forwarded 44 | up to io.FileIO. 45 | ''' 46 | 47 | def __init__(self, fname, mode): 48 | if idc.GetIdbPath() != fname: 49 | self.__idb__ = False 50 | super(IDBFileIO, self).__init__(fname, mode) 51 | else: 52 | self.__idb__ = True 53 | self.name = fname 54 | 55 | self.idb_start = 0 56 | self.idb_pos = 0 57 | self.idb_end = end_address() 58 | 59 | if self.args.size == 0: 60 | self.args.size = end_address() 61 | 62 | if self.args.offset == 0: 63 | self.args.offset = start_address() 64 | elif self.args.offset < 0: 65 | self.args.length = self.args.offset * -1 66 | self.args.offset = end_address() + self.args.offset 67 | 68 | if self.args.length == 0 or self.args.length > (end_address() - start_address()): 69 | self.args.length = end_address() - start_address() 70 | 71 | def read(self, n=-1): 72 | if not self.__idb__: 73 | return super(IDBFileIO, self).read(n) 74 | else: 75 | data = '' 76 | read_count = 0 77 | filler_count = 0 78 | 79 | # Loop to read n bytes of data across IDB segments, filling 80 | # segment gaps with NULL bytes. 81 | while n and self.idb_pos <= self.idb_end: 82 | segment = idaapi.getseg(self.idb_pos) 83 | 84 | if not segment: 85 | filler_count += 1 86 | self.idb_pos += 1 87 | n -= 1 88 | else: 89 | if filler_count: 90 | data += "\x00" * filler_count 91 | filler_count = 0 92 | 93 | if (self.idb_pos + n) > segment.endEA: 94 | read_count = segment.endEA - self.idb_pos 95 | else: 96 | read_count = n 97 | 98 | try: 99 | data += idc.GetManyBytes(self.idb_pos, read_count) 100 | except TypeError as e: 101 | # This happens when trying to read from uninitialized segments (e.g., .bss) 102 | data += "\x00" * read_count 103 | 104 | n -= read_count 105 | self.idb_pos += read_count 106 | 107 | if filler_count: 108 | data += "\x00" * filler_count 109 | filler_count = 0 110 | 111 | return data 112 | 113 | def write(self, data): 114 | if not self.__idb__: 115 | return super(IDBFileIO, self).write(data) 116 | else: 117 | # Don't actually write anything to the IDB, as, IMHO, 118 | # a binwalk plugin should never do this. But return the 119 | # number of bytes we were requested to write so that 120 | # any callers are happy. 121 | return len(data) 122 | 123 | def seek(self, n, whence=os.SEEK_SET): 124 | if not self.__idb__: 125 | return super(IDBFileIO, self).seek(n, whence) 126 | else: 127 | if whence == os.SEEK_SET: 128 | self.idb_pos = self.idb_start + n 129 | elif whence == os.SEEK_CUR: 130 | self.idb_pos += n 131 | elif whence == os.SEEK_END: 132 | self.idb_pos = self.idb_end + n 133 | 134 | def tell(self): 135 | if not self.__idb__: 136 | return super(IDBFileIO, self).tell() 137 | else: 138 | return self.idb_pos 139 | 140 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/core/statuserver.py: -------------------------------------------------------------------------------- 1 | # Provides scan status information via a TCP socket service. 2 | # Currently only works for signature scans. 3 | 4 | import sys 5 | import time 6 | import errno 7 | import threading 8 | import binwalk.core.compat 9 | 10 | # Python 2/3 compatibility 11 | try: 12 | import SocketServer 13 | except ImportError: 14 | import socketserver as SocketServer 15 | 16 | class StatusRequestHandler(SocketServer.BaseRequestHandler): 17 | 18 | def handle(self): 19 | message_format = "%s %3d%% [ %d / %d ]" 20 | last_status_message_len = 0 21 | status_message = '' 22 | message_sent = False 23 | 24 | self.server.binwalk.status.running = True 25 | 26 | while True: 27 | time.sleep(0.1) 28 | 29 | try: 30 | self.request.send(binwalk.core.compat.str2bytes('\b' * last_status_message_len)) 31 | self.request.send(binwalk.core.compat.str2bytes(' ' * last_status_message_len)) 32 | self.request.send(binwalk.core.compat.str2bytes('\b' * last_status_message_len)) 33 | 34 | if self.server.binwalk.status.shutdown: 35 | self.server.binwalk.status.finished = True 36 | break 37 | 38 | if self.server.binwalk.status.total != 0: 39 | percentage = ((float(self.server.binwalk.status.completed) / float(self.server.binwalk.status.total)) * 100) 40 | status_message = message_format % (self.server.binwalk.status.fp.path, 41 | percentage, 42 | self.server.binwalk.status.completed, 43 | self.server.binwalk.status.total) 44 | elif not message_sent: 45 | status_message = "No status information available at this time!" 46 | else: 47 | continue 48 | 49 | last_status_message_len = len(status_message) 50 | self.request.send(binwalk.core.compat.str2bytes(status_message)) 51 | message_sent = True 52 | except IOError as e: 53 | if e.errno == errno.EPIPE: 54 | break 55 | except Exception as e: 56 | binwalk.core.common.debug('StatusRequestHandler exception: ' + str(e) + '\n') 57 | except KeyboardInterrupt as e: 58 | raise e 59 | 60 | self.server.binwalk.status.running = False 61 | return 62 | 63 | class ThreadedStatusServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer): 64 | daemon_threads = True 65 | allow_reuse_address = True 66 | 67 | class StatusServer(object): 68 | 69 | def __init__(self, port, binwalk): 70 | self.server = ThreadedStatusServer(('127.0.0.1', port), StatusRequestHandler) 71 | self.server.binwalk = binwalk 72 | 73 | t = threading.Thread(target=self.server.serve_forever) 74 | t.setDaemon(True) 75 | t.start() 76 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/binarch: -------------------------------------------------------------------------------- 1 | # MIPS prologue 2 | # addiu $sp, -XX 3 | # sw XX, XX($sp) 4 | # 27 BD FF XX 5 | # AF BX XX XX 6 | 1 string \xFF\xBD\x27 MIPSEL instructions, function prologue 7 | >6 byte !0xAF {invalid} 8 | >5 byte&0xE0 !0xA0 {invalid} 9 | 10 | 0 string \x27\xBD\xFF MIPS instructions, function prologue 11 | >4 byte !0xAF {invalid} 12 | >5 byte&0xE0 !0xA0 {invalid} 13 | 14 | # MIPS epilogue 15 | # jr $ra 16 | # addiu $sp, XX 17 | # 18 | # addiu $sp, XX 19 | # jr $ra 20 | 0 ubelong 0x03e00008 MIPS instructions, function epilogue 21 | >4 ubeshort !0x27BD {invalid} 22 | 0 ubeshort 0x27BD MIPS instructions, function epilogue 23 | >2 ubelong !0x03e00008 {invalid} 24 | 25 | 0 ulelong 0x03e00008 MIPSEL instructions, function epilogue 26 | >6 uleshort !0x27BD {invalid} 27 | 0 uleshort 0x27BD MIPS instructions, function epilogue 28 | >2 ulelong !0x03e00008 {invalid} 29 | 30 | # MIPS16e 31 | # nop (x4) 32 | # TODO: Produces false positives when scanning ARM Thumb code 33 | #0 string \x65\x00\x65\x00\x65\x00\x65\x00 MIPS16e instructions, nops{jump-to-offset:8} 34 | #0 string \x00\x65\x00\x65\x00\x65\x00\x65 MIPSEL16e instructions, nops{jump-to-offset:8} 35 | 36 | # save a0-a1, XX 37 | # addiu XX, XX 38 | 0 string \xf0\x08\x64 MIPS16e instructions, function prologue 39 | >4 byte !0x01 {invalid} 40 | 41 | # move $sp, $s1 42 | # restore XX, XX, XX 43 | # jrc $ra 44 | 0 ubeshort 0x65B9 MIPS16e instructions, function epilogue 45 | >3 byte !0x64 {invalid} 46 | >4 ubeshort !0xE8A0 {invalid} 47 | 0 uleshort 0x65B9 MIPSEL16e instructions, function epilogue 48 | >3 byte !0x64 {invalid} 49 | >4 uleshort !0xE8A0 {invalid} 50 | 51 | # jrc $ra 52 | # nop 53 | 0 ubelong 0xe8a06500 MIPS16e instructions, function epilogue 54 | 0 ulelong 0xe8a06500 MIPSEL16e instructions, function epilogue 55 | 56 | # PowerPC prologue 57 | # mflr r0 58 | 0 ubelong 0x7C0802A6 PowerPC big endian instructions, function prologue 59 | 0 ulelong 0x7C0802A6 PowerPC little endian instructions, function prologue 60 | 61 | # PowerPC epilogue 62 | # blr 63 | 0 ubelong 0x4E800020 PowerPC big endian instructions, function epilogue 64 | 0 ulelong 0x4E800020 PowerPC little endian instructions, function epilogue 65 | 66 | # TODO: Add ARM Thumb dectection 67 | # ARM prologue 68 | # STMFD SP!, {XX} 69 | # 70 | 0 ubeshort 0xE92D ARMEB instructions, function prologue 71 | >4 byte&0xF0 !0xE0 {invalid} 72 | >8 byte&0xF0 !0xE0 {invalid} 73 | 0 uleshort 0xE92D ARM instructions, function prologue{adjust:-2} 74 | >5 byte&0xF0 !0xE0 {invalid} 75 | >9 byte&0xF0 !0xE0 {invalid} 76 | 77 | # ARM epilogue 78 | # MOV R0, XX 79 | # LDMFD SP!, {XX} 80 | 0 ubeshort 0xE1A0 ARMEB instructions, function epilogue 81 | >4 beshort !0xE8BD {invalid} 82 | 0 uleshort 0xE1A0 ARM instructions, function epilogue{adjust:-2} 83 | >4 leshort !0xE8BD {invalid} 84 | 85 | 86 | # Ubicom32 prologue 87 | # move.4 -4($sp)++, $ra 88 | 0 ubelong 0x02FF6125 Ubicom32 instructions, function prologue 89 | 90 | # Ubicom32 epilogues 91 | # calli $ra, 0($ra) 92 | # ret ($sp)4++ 93 | 0 ubelong 0xF0A000A0 Ubicom32 instructions, function epilogue 94 | 0 ubelong 0x000022E1 Ubicom32 instructions, function epilogue 95 | 96 | # AVR8 prologue 97 | # push r28 98 | # push r29 99 | 0 ubelong 0x93CF93DF AVR8 instructions, function prologue 100 | 0 ubelong 0x93DF93CF AVR8 instructions, function prologue 101 | 102 | # AVR32 prologue 103 | # pushm r7,lr 104 | # mov r7,sp 105 | 0 string \xEB\xCD\x40\x80\x1A\x97 AVR32 instructions, function prologue 106 | 107 | # SPARC epilogue 108 | # ret 109 | # restore XX 110 | 0 string \x81\xC7\xE0\x08\x81\xE8 SPARC instructions, function epilogue 111 | 112 | # x86 epilogue 113 | # push ebp 114 | # move ebp, esp 115 | # sub esp, XX 116 | # 117 | # push ebp 118 | # move ebp, esp 119 | # push edi 120 | # push esi 121 | 0 string \x55\x89\xE5\x83\xEC Intel x86 instructions, function prologue 122 | 0 string \x55\x89\xE5\x57\x56 Intel x86 instructions, function prologue 123 | 0 string \x90\x90\x90\x90\x90\x90\x90\x90 Intel x86 instructions, nops{jump:8}{overlap} 124 | 125 | # unlk a6 126 | # rts 127 | # link a6, XX 128 | 0 string N^NuNV Motorola Coldfire instructions, function prologue/epilogue 129 | 130 | # mov.l @r15+, r9 131 | # rts 132 | # mov.l @r15 133 | 0 string \xF6\x69\x0B\x00\xF6\x68 SuperH instructions, little endian, function epilogue (gcc) 134 | 0 string \x69\xF6\x00\x0B\x68\xF6 SuperH instructions, big endian, function epilogue (gcc) 135 | 136 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/bincast: -------------------------------------------------------------------------------- 1 | # This file is depreciated and intentionally left blank. 2 | # It is included solely to ensure that previously installed 3 | # versions of this file are overwritten during an upgrade. 4 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/binwalk: -------------------------------------------------------------------------------- 1 | # This file is depreciated and intentionally left blank. 2 | # It is included solely to ensure that previously installed 3 | # versions of this file are overwritten during an upgrade. 4 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/bootloaders: -------------------------------------------------------------------------------- 1 | 2 | #---------------------------Bootloaders-------------------------------- 3 | 4 | # CFE bootloader 5 | 0 string CFE1 CFE boot loader 6 | >4 string !CFE1 {invalid} 7 | >40 string CFE1CFE1 {invalid} 8 | 9 | # U-Boot boot loader 10 | 0 string U-Boot\x20 U-Boot version string, 11 | >7 byte <48 {invalid} 12 | >7 byte >57 {invalid} 13 | >8 byte !0x2E {invalid} 14 | >0 string x "%s" 15 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/code: -------------------------------------------------------------------------------- 1 | # This file is depreciated and intentionally left blank. 2 | # It is included solely to ensure that previously installed 3 | # versions of this file are overwritten during an upgrade. 4 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/ecos: -------------------------------------------------------------------------------- 1 | # eCos kernel exception handlers 2 | # 3 | # mfc0 $k0, Cause # Cause of last exception 4 | # nop # Some versions of eCos omit the nop 5 | # andi $k0, 0x7F 6 | # li $k1, 0xXXXXXXXX 7 | # add $k1, $k0 8 | # lw $k1, 0($k1) 9 | # jr $k1 10 | # nop 11 | 0 string \x00\x68\x1A\x40\x00\x00\x00\x00\x7F\x00\x5A\x33 eCos kernel exception handler, architecture: MIPSEL, 12 | >14 leshort !0x3C1B {invalid} 13 | >18 leshort !0x277B {invalid} 14 | >12 uleshort x exception vector table base address: 0x%.4X 15 | >16 uleshort x \b%.4X 16 | 17 | 0 string \x00\x68\x1A\x40\x7F\x00\x5A\x33 eCos kernel exception handler, architecture: MIPSEL, 18 | >10 leshort !0x3C1B {invalid} 19 | >14 leshort !0x277B {invalid} 20 | >8 uleshort x exception vector table base address: 0x%.4X 21 | >12 uleshort x \b%.4X 22 | 23 | 0 string \x40\x1A\x68\x00\x00\x00\x00\x00\x33\x5A\x00\x7F eCos kernel exception handler, architecture: MIPS, 24 | >12 beshort !0x3C1B {invalid} 25 | >16 beshort !0x277B {invalid} 26 | >14 ubeshort x exception vector table base address: 0x%.4X 27 | >18 ubeshort x \b%.4X 28 | 29 | 0 string \x40\x1A\x68\x00\x33\x5A\x00\x7F eCos kernel exception handler, architecture: MIPS, 30 | >8 beshort !0x3C1B {invalid} 31 | >12 beshort !0x277B {invalid} 32 | >10 ubeshort x exception vector table base address: 0x%.4X 33 | >14 ubeshort x \b%.4X 34 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/encoding: -------------------------------------------------------------------------------- 1 | # Base64 index tables 2 | 0 string ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/ Base64 standard index table 3 | 0 string ACEGIKMOQSUWYBDFHJLNPRTVXZacegikmoqsuwybdfhjlnprtvxz0246813579=+/ Base64 SerComm index table 4 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/hashing: -------------------------------------------------------------------------------- 1 | # CRC32 polynomial table 2 | 0 string \x00\x00\x00\x00\x77\x07\x30\x96\xEE\x0E\x61\x2C\x99\x09\x51\xBA CRC32 polynomial table, big endian 3 | 0 string \x00\x00\x00\x00\x96\x30\x07\x77\x2C\x61\x0E\xEE\xBA\x51\x09\x99 CRC32 polynomial table, little endian 4 | 5 | # SHA256 constant k 6 | 0 string \x42\x8a\x2f\x98\x71\x37\x44\x91\xb5\xc0\xfb\xcf\xe9\xb5\xdb\xa5 SHA256 hash constants, big endian 7 | 0 string \x98\x2f\x8a\x42\x91\x44\x37\x71\xcf\xfb\xc0\xb5\xa5\xdb\xb5\xe9 SHA256 hash constants, little endian 8 | 9 | 10 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/linux: -------------------------------------------------------------------------------- 1 | 2 | #-------------------------Kernels------------------------------------- 3 | 4 | # Linux kernel boot images, from Albert Cahalan 5 | # and others such as Axel Kohlmeyer 6 | # and Nicolas Lichtmaier 7 | # All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29 8 | 0 string \xb8\xc0\x07\x8e\xd8\xb8\x00\x90\x8e\xc0\xb9\x00\x01\x29\xf6\x29 Linux kernel boot image 9 | >514 string !HdrS {invalid} 10 | 11 | # Finds and prints Linux kernel strings in raw Linux kernels (output like uname -a). 12 | # Commonly found in decompressed embedded kernel binaries. 13 | 0 string Linux\x20version\x20 Linux kernel version 14 | >14 byte 0 {invalid} 15 | >14 byte !0 16 | >>14 string x "%s" 17 | 18 | # Linux ARM compressed kernel image 19 | # See arch/arm/boot/compressed/head.S and arch/arm/boot/compressed/vmlinux.lds.S 20 | 0 ulelong 0x016f2818 Linux kernel ARM boot executable zImage (little-endian), 21 | >4 ulelong x load address: "0x%.8X", 22 | >8 ulelong x end address: "0x%.8X" 23 | >12 ulelong !0x04030201 {invalid} 24 | 25 | 0 ubelong 0x016f2818 Linux kernel ARM boot executable zImage (big-endian), 26 | >4 ubelong x load address: "0x%.8X", 27 | >8 ubelong x end address: "0x%.8X" 28 | >12 ubelong !0x04030201 {invalid} 29 | 30 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/misc: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------ 2 | # $File: pdf,v 1.6 2009/09/19 16:28:11 christos Exp $ 3 | # pdf: file(1) magic for Portable Document Format 4 | # 5 | 0 string %PDF- PDF document, 6 | >6 byte !0x2e {invalid} 7 | >5 string x version: "%3s" 8 | 9 | #------------------------------------------------------------------------------ 10 | # $File: zyxel,v 1.6 2009/09/19 16:28:13 christos Exp $ 11 | # zyxel: file(1) magic for ZyXEL modems 12 | # 13 | # From 14 | # These are the /etc/magic entries to decode datafiles as used for the 15 | # ZyXEL U-1496E DATA/FAX/VOICE modems. (This header conforms to a 16 | # ZyXEL-defined standard) 17 | 18 | 0 string ZyXEL\002 ZyXEL voice data 19 | >10 byte 0 \b, CELP encoding 20 | >10 byte&0x0B 1 \b, ADPCM2 encoding 21 | >10 byte&0x0B 2 \b, ADPCM3 encoding 22 | >10 byte&0x0B 3 \b, ADPCM4 encoding 23 | >10 byte&0x0B 8 \b, New ADPCM3 encoding 24 | >10 byte&0x04 4 \b,with resync 25 | 26 | 0 string LinuxGuestRecord Xen saved domain file 27 | 28 | 0 string \x3chtml HTML document header 29 | >5 byte !0x20 30 | >>5 byte !0x3e {invalid} 31 | 0 string \x3cHTML HTML document header 32 | >5 byte !0x20 33 | >>5 byte !0x3e {invalid} 34 | 35 | 0 string \x3c/html\x3e HTML document footer 36 | 0 string \x3c/HTML\x3e HTML document footer 37 | 38 | 0 string \x3c?xml\x20version XML document, 39 | >15 string x version: "%.3s" 40 | 41 | # CodeGate 2011 http://nopsrus.blogspot.com/2013/05/codegate-ctf-2011-binary-100-points.html 42 | 0 string \x23\x40\x7e\x5e Windows Script Encoded Data (screnc.exe) 43 | 44 | 0 regex /[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_/].* Unix path: 45 | >0 string x %s 46 | 47 | 0 string neighbor Neighborly text, 48 | >0 string x "%s 49 | >63 string x \b%s" 50 | 51 | 0 string Neighbor Neighborly text, 52 | >0 string x "%s 53 | >63 string x \b%s" 54 | 55 | 0 string neighborly Neighborly text, best guess: Goodspeed, 56 | >0 string x "%s 57 | >63 string x \b%s" 58 | 59 | 0 string begin\x20 uuencoded data, 60 | >9 byte !0x20 {invalid}invalid format, 61 | >6 byte <0x30 {invalid}invalid permissions, 62 | >6 byte >0x39 {invalid}invalid permissions, 63 | >7 byte <0x30 {invalid}invalid permissions, 64 | >7 byte >0x39 {invalid}invalid permissions, 65 | >8 byte <0x30 {invalid}invalid permissions, 66 | >8 byte >0x39 {invalid}invalid permissions, 67 | >10 string x file name: "%s", 68 | >6 string x file permissions: "%.3s" 69 | 70 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/magic/sql: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------ 2 | # $File: sql,v 1.6 2009/09/19 16:28:12 christos Exp $ 3 | # sql: file(1) magic for SQL files 4 | # 5 | # From: "Marty Leisner" 6 | # Recognize some MySQL files. 7 | # 8 | 0 beshort 0xfe01 MySQL table definition file 9 | >2 ubyte <1 {invalid} 10 | >2 ubyte >11 {invalid} 11 | >2 byte x Version %d 12 | 0 string \xfe\xfe\x03 MySQL MISAM index file 13 | >3 ubyte <1 {invalid} 14 | >3 ubyte >11 {invalid} 15 | >3 byte x Version %d 16 | 0 string \xfe\xfe\x07 MySQL MISAM compressed data file 17 | >3 ubyte <1 {invalid} 18 | >3 ubyte >11 {invalid} 19 | >3 byte x Version %d 20 | 0 string \xfe\xfe\x05 MySQL ISAM index file 21 | >3 ubyte <1 {invalid} 22 | >3 ubyte >11 {invalid} 23 | >3 byte x Version %d 24 | 0 string \xfe\xfe\x06 MySQL ISAM compressed data file 25 | >3 ubyte <1 {invalid} 26 | >3 ubyte >11 {invalid} 27 | >3 byte x Version %d 28 | #0 string \376bin MySQL replication log 29 | 30 | #------------------------------------------------------------------------------ 31 | # iRiver H Series database file 32 | # From Ken Guest 33 | # As observed from iRivNavi.iDB and unencoded firmware 34 | # 35 | 0 string iRivDB iRiver Database file 36 | >11 byte !0 37 | >>11 string x Version "%s" 38 | #>39 string iHP-100 [H Series] 39 | 40 | #------------------------------------------------------------------------------ 41 | # SQLite database files 42 | # Ken Guest , Ty Sarna, Zack Weinberg 43 | # 44 | # Version 1 used GDBM internally; its files cannot be distinguished 45 | # from other GDBM files. 46 | # 47 | # Version 2 used this format: 48 | 0 string \x2A\x2A\x20This\x20file\x20contains\x20an\x20SQLite SQLite 2.x database 49 | 50 | # Version 3 of SQLite allows applications to embed their own "user version" 51 | # number in the database. Detect this and distinguish those files. 52 | 53 | 0 string SQLite\x20format\x203 SQLite 3.x database, 54 | >60 string _MTN monotone source repository 55 | >60 ubelong !0 \b, user version %u 56 | 57 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/modules/__init__.py: -------------------------------------------------------------------------------- 1 | # Don't load the disasm module if the capstone module can't be found 2 | try: 3 | from binwalk.modules.disasm import Disasm 4 | except ImportError: 5 | pass 6 | 7 | # Don't load the compression module if the lzma module can't be found 8 | try: 9 | from binwalk.modules.compression import RawCompression 10 | except ImportError: 11 | pass 12 | 13 | from binwalk.modules.signature import Signature 14 | from binwalk.modules.hexdiff import HexDiff 15 | from binwalk.modules.general import General 16 | from binwalk.modules.extractor import Extractor 17 | from binwalk.modules.entropy import Entropy 18 | 19 | # These are depreciated. 20 | #from binwalk.modules.binvis import Plotter 21 | #from binwalk.modules.hashmatch import HashMatch 22 | #from binwalk.modules.heuristics import HeuristicCompressionAnalyzer 23 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/arcadyan.py: -------------------------------------------------------------------------------- 1 | import os 2 | import binwalk.core.common 3 | import binwalk.core.plugin 4 | 5 | class ArcadyanDeobfuscator(binwalk.core.plugin.Plugin): 6 | ''' 7 | Deobfuscator for known Arcadyan firmware obfuscation(s). 8 | ''' 9 | MODULES = ['Signature'] 10 | 11 | OBFUSCATION_MAGIC_SIZE = 4 12 | MAX_IMAGE_SIZE = 0x1B0000 13 | BLOCK_SIZE = 32 14 | BLOCK1_OFFSET = 4 15 | BLOCK2_OFFSET = 0x68 16 | MIN_FILE_SIZE = (OBFUSCATION_MAGIC_SIZE + BLOCK2_OFFSET + BLOCK_SIZE) 17 | 18 | BLOCK1_START = BLOCK1_OFFSET 19 | BLOCK1_END = BLOCK1_START + BLOCK_SIZE 20 | 21 | BLOCK2_START = BLOCK2_OFFSET 22 | BLOCK2_END = BLOCK2_OFFSET + BLOCK_SIZE 23 | 24 | P1_START = 0 25 | P1_END = BLOCK1_OFFSET 26 | 27 | P2_START = BLOCK1_END 28 | P2_END = BLOCK2_START 29 | 30 | P3_START = BLOCK2_END 31 | 32 | def init(self): 33 | if self.module.extractor.enabled: 34 | self.module.extractor.add_rule(regex="^obfuscated arcadyan firmware", 35 | extension="obfuscated", 36 | cmd=self.extractor) 37 | 38 | def extractor(self, fname): 39 | deobfuscated = None 40 | fname = os.path.abspath(fname) 41 | 42 | infile = binwalk.core.common.BlockFile(fname, "rb") 43 | obfuscated = infile.read() 44 | infile.close() 45 | 46 | if len(obfuscated) >= self.MIN_FILE_SIZE: 47 | # Swap blocks 1 and 2 48 | p1 = obfuscated[self.P1_START:self.P1_END] 49 | b1 = obfuscated[self.BLOCK1_START:self.BLOCK1_END] 50 | p2 = obfuscated[self.P2_START:self.P2_END] 51 | b2 = obfuscated[self.BLOCK2_START:self.BLOCK2_END] 52 | p3 = obfuscated[self.P3_START:] 53 | deobfuscated = p1 + b2 + p2 + b1 + p3 54 | 55 | # Nibble-swap each byte in block 1 56 | nswap = '' 57 | for i in range(self.BLOCK1_START, self.BLOCK1_END): 58 | nswap += chr(((ord(deobfuscated[i]) & 0x0F) << 4) + ((ord(deobfuscated[i]) & 0xF0) >> 4)); 59 | deobfuscated = deobfuscated[self.P1_START:self.P1_END] + nswap + deobfuscated[self.BLOCK1_END:] 60 | 61 | # Byte-swap each byte pair in block 1 62 | bswap = '' 63 | i = self.BLOCK1_START 64 | while i < self.BLOCK1_END: 65 | bswap += deobfuscated[i+1] + deobfuscated[i] 66 | i += 2 67 | deobfuscated = deobfuscated[self.P1_START:self.P1_END] + bswap + deobfuscated[self.BLOCK1_END:] 68 | 69 | if deobfuscated: 70 | out = binwalk.core.common.BlockFile((os.path.splitext(fname)[0] + '.deobfuscated'), "wb") 71 | out.write(deobfuscated) 72 | out.close() 73 | return True 74 | else: 75 | return False 76 | 77 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/compressd.py: -------------------------------------------------------------------------------- 1 | #import binwalk.core.C 2 | import binwalk.core.plugin 3 | #from binwalk.core.common import * 4 | 5 | class CompressdPlugin(binwalk.core.plugin.Plugin): 6 | # ''' 7 | # Searches for and validates compress'd data. 8 | # ''' 9 | 10 | MODULES = ['Signature'] 11 | 12 | #READ_SIZE = 64 13 | 14 | #COMPRESS42 = "compress42" 15 | #COMPRESS42_FUNCTIONS = [ 16 | # binwalk.core.C.Function(name="is_compressed", type=bool), 17 | #] 18 | 19 | #comp = None 20 | 21 | #def init(self): 22 | #self.comp = binwalk.core.C.Library(self.COMPRESS42, self.COMPRESS42_FUNCTIONS) 23 | # This plugin is currently disabled due to the need to move away from supporting C 24 | # libraries and into a pure Python project, for cross-platform support and ease of 25 | # installation / package maintenance. A Python implementation will likely need to 26 | # be custom developed in the future, but for now, since this compression format is 27 | # not very common, especially in firmware, simply disable it. 28 | #self.comp = None 29 | 30 | #def scan(self, result): 31 | # if self.comp and result.file and result.description.lower().startswith("compress'd data"): 32 | # fd = self.module.config.open_file(result.file.name, offset=result.offset, length=self.READ_SIZE) 33 | # compressed_data = fd.read(self.READ_SIZE) 34 | # fd.close() 35 | 36 | # if not self.comp.is_compressed(compressed_data, len(compressed_data)): 37 | # result.valid = False 38 | 39 | 40 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/cpio.py: -------------------------------------------------------------------------------- 1 | import os 2 | import subprocess 3 | import binwalk.core.plugin 4 | 5 | class CPIOPlugin(binwalk.core.plugin.Plugin): 6 | ''' 7 | Ensures that ASCII CPIO archive entries only get extracted once. 8 | Also provides an internal CPIO extraction wrapper around the Unix 9 | cpio utility since no output directory can be provided to it directly. 10 | ''' 11 | CPIO_OUT_DIR = "cpio-root" 12 | 13 | MODULES = ['Signature'] 14 | 15 | def init(self): 16 | self.consecutive_hits = 0 17 | 18 | if self.module.extractor.enabled: 19 | self.module.extractor.add_rule(regex="^ascii cpio archive", 20 | extension="cpio", 21 | cmd=self.extractor, 22 | recurse=False) # Most CPIO archives are file systems, so don't recurse into the extracted contents 23 | 24 | def extractor(self, fname): 25 | result = None 26 | fname = os.path.abspath(fname) 27 | out_dir = os.path.join(os.path.dirname(fname), self.CPIO_OUT_DIR) 28 | 29 | try: 30 | fpin = open(fname, "rb") 31 | fperr = open(os.devnull, "rb") 32 | os.mkdir(out_dir) 33 | except OSError: 34 | return 35 | 36 | try: 37 | curdir = os.getcwd() 38 | os.chdir(out_dir) 39 | except OSError: 40 | return 41 | 42 | try: 43 | result = subprocess.call(['cpio', '-d', '-i', '--no-absolute-filenames'], 44 | stdin=fpin, 45 | stderr=fperr, 46 | stdout=fperr) 47 | except OSError: 48 | result = -1 49 | 50 | os.chdir(curdir) 51 | fpin.close() 52 | fperr.close() 53 | 54 | if result in [0, 2]: 55 | return True 56 | else: 57 | return False 58 | 59 | def pre_scan(self): 60 | # Be sure to re-set this at the beginning of every scan 61 | self.found_archive = False 62 | self.found_archive_in_file = None 63 | 64 | def scan(self, result): 65 | if result.valid: 66 | # ASCII CPIO archives consist of multiple entries, ending with an entry named 'TRAILER!!!'. 67 | # Displaying each entry is useful, as it shows what files are contained in the archive, 68 | # but we only want to extract the archive when the first entry is found. 69 | if result.description.startswith('ASCII cpio archive'): 70 | self.consecutive_hits += 1 71 | 72 | if not self.found_archive or self.found_archive_in_file != result.file.name: 73 | # This is the first entry. Set found_archive and allow the scan to continue normally. 74 | self.found_archive_in_file = result.file.name 75 | self.found_archive = True 76 | result.extract = True 77 | elif 'TRAILER!!!' in result.description: 78 | # This is the last entry, un-set found_archive. 79 | self.found_archive = False 80 | result.extract = False 81 | self.consecutive_hits = 0 82 | else: 83 | # The first entry has already been found and this is not the last entry, or the last entry 84 | # has not yet been found. Don't extract. 85 | result.extract = False 86 | elif self.consecutive_hits < 4: 87 | # If this was a valid non-CPIO archive result, reset these values; else, a previous 88 | # false positive CPIO result could leave these set, causing a subsequent valid CPIO 89 | # result to not be extracted. 90 | self.found_archive = False 91 | self.found_archive_in_file = None 92 | self.consecutive_hits = 0 93 | elif self.consecutive_hits >= 4: 94 | # Ignore other stuff until the end of CPIO is found 95 | # TODO: It would be better to jump to the end of this CPIO entry rather than make this assumption... 96 | result.valid = False 97 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/gzipextract.py: -------------------------------------------------------------------------------- 1 | import os 2 | import gzip 3 | import binwalk.core.plugin 4 | 5 | class GzipExtractPlugin(binwalk.core.plugin.Plugin): 6 | ''' 7 | Gzip extractor plugin. 8 | ''' 9 | MODULES = ['Signature'] 10 | BLOCK_SIZE = 10 * 1024 11 | 12 | def init(self): 13 | # If the extractor is enabled for the module we're currently loaded 14 | # into, and if a rule that matches gzip signature results already exists 15 | # (e.g., the default rules were loaded or a gzip rule was specified manually), 16 | # then register self.extractor as a gzip extraction rule. 17 | if self.module.extractor.enabled and self.module.extractor.match("gzip compressed data"): 18 | self.module.extractor.add_rule(txtrule=None, 19 | regex="^gzip compressed data", 20 | extension="gz", 21 | cmd=self.extractor) 22 | 23 | def extractor(self, fname): 24 | fname = os.path.abspath(fname) 25 | outfile = os.path.splitext(fname)[0] 26 | 27 | try: 28 | fpout = open(outfile, "wb") 29 | gz = gzip.GzipFile(fname, "rb") 30 | 31 | while True: 32 | data = gz.read(self.BLOCK_SIZE) 33 | if data: 34 | fpout.write(data) 35 | else: 36 | break 37 | 38 | gz.close() 39 | fpout.close() 40 | except KeyboardInterrupt as e: 41 | raise e 42 | except Exception as e: 43 | return False 44 | 45 | return True 46 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/gzipvalid.py: -------------------------------------------------------------------------------- 1 | import zlib 2 | import binwalk.core.compat 3 | import binwalk.core.plugin 4 | from binwalk.core.common import BlockFile 5 | 6 | class GzipValidPlugin(binwalk.core.plugin.Plugin): 7 | ''' 8 | Validates gzip compressed data. Almost identical to zlibvalid.py. 9 | ''' 10 | MODULES = ['Signature'] 11 | 12 | MAX_DATA_SIZE = 33 * 1024 13 | 14 | def scan(self, result): 15 | # If this result is a gzip signature match, try to decompress the data 16 | if result.file and result.description.lower().startswith('gzip'): 17 | # Seek to and read the suspected gzip data 18 | fd = self.module.config.open_file(result.file.name, offset=result.offset, length=self.MAX_DATA_SIZE) 19 | data = fd.read(self.MAX_DATA_SIZE) 20 | fd.close() 21 | 22 | # Grab the flags and initialize the default offset of the start of 23 | # compressed data. 24 | flags = int(ord(data[3])) 25 | offset = 10 26 | 27 | # If there is a comment or the original file name, find the end of that 28 | # string and start decompression from there. 29 | if (flags & 0x0C) or (flags & 0x10): 30 | while data[offset] != "\x00": 31 | offset += 1 32 | offset += 1 33 | 34 | # Append basic zlib header to the beginning of the compressed data 35 | data = "\x78\x9C" + data[offset:] 36 | 37 | # Check if this is valid deflate data (no zlib header) 38 | try: 39 | zlib.decompress(binwalk.core.compat.str2bytes(data)) 40 | except zlib.error as e: 41 | error = str(e) 42 | # Truncated input data results in error -5. 43 | # gzip uses different checksums than zlib, which results in error -3. 44 | if not error.startswith("Error -5") and not error.startswith("Error -3"): 45 | result.valid = False 46 | 47 | 48 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/jffs2valid.py: -------------------------------------------------------------------------------- 1 | import struct 2 | import binascii 3 | import binwalk.core.plugin 4 | 5 | class JFFS2ValidPlugin(binwalk.core.plugin.Plugin): 6 | ''' 7 | Helps validate JFFS2 signature results. 8 | 9 | The JFFS2 signature rules catch obvious cases, but inadvertently 10 | mark some valid JFFS2 nodes as invalid due to padding (0xFF's or 11 | 0x00's) in between nodes. 12 | ''' 13 | MODULES = ['Signature'] 14 | 15 | def _check_crc(self, node_header): 16 | # struct and binascii want a bytes object in Python3 17 | node_header = binwalk.core.compat.str2bytes(node_header) 18 | 19 | # Get the header's reported CRC value 20 | if node_header[0:2] == b"\x19\x85": 21 | header_crc = struct.unpack(">I", node_header[8:12])[0] 22 | else: 23 | header_crc = struct.unpack("= result.file.size: 64 | # we hit the end of the file 65 | is_tar = False 66 | else: 67 | fd.seek(file_offset) 68 | else: 69 | is_tar = False 70 | 71 | result.jump = file_offset 72 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/ubivalid.py: -------------------------------------------------------------------------------- 1 | import struct 2 | import binascii 3 | import binwalk.core.plugin 4 | import binwalk.core.compat 5 | 6 | class UBIValidPlugin(binwalk.core.plugin.Plugin): 7 | ''' 8 | Helps validate UBI erase count signature results. 9 | 10 | Checks header CRC and calculates jump value 11 | ''' 12 | MODULES = ['Signature'] 13 | current_file=None 14 | last_ec_hdr_offset = None 15 | peb_size = None 16 | 17 | def _check_crc(self, ec_header): 18 | # Get the header's reported CRC value 19 | header_crc = struct.unpack(">I", ec_header[60:64])[0] 20 | 21 | # Calculate the actual CRC 22 | calculated_header_crc = ~binascii.crc32(ec_header[0:60]) & 0xffffffff 23 | 24 | # Make sure they match 25 | return header_crc == calculated_header_crc 26 | 27 | def _process_result(self, result): 28 | if self.current_file == result.file.name: 29 | result.display=False 30 | else: 31 | # Reset everything in case new file is encountered 32 | self.peb_size=None 33 | self.last_ec_hdr_offset=None 34 | self.peb_size=None 35 | 36 | # Display result and trigger extraction 37 | result.display=True 38 | 39 | self.current_file = result.file.name 40 | 41 | if not self.peb_size and self.last_ec_hdr_offset: 42 | # Calculate PEB size by subtracting last EC block offset 43 | self.peb_size = result.offset - self.last_ec_hdr_offset 44 | else: 45 | # First time plugin is called on file, save EC block offset 46 | self.last_ec_hdr_offset = result.offset 47 | 48 | if self.peb_size: 49 | # If PEB size has been determined jump PEB size 50 | result.jump = self.peb_size 51 | else: 52 | result.jump = 0 53 | 54 | def scan(self, result): 55 | if result.file and result.description.lower().startswith('ubi erase count header'): 56 | # Seek to and read the suspected UBI erase count header 57 | fd = self.module.config.open_file(result.file.name, offset=result.offset) 58 | 59 | ec_header = binwalk.core.compat.str2bytes(fd.read(1024)) 60 | fd.close() 61 | 62 | result.valid = self._check_crc(ec_header[0:64]) 63 | if result.valid: 64 | self._process_result(result) 65 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/unjffs2.py: -------------------------------------------------------------------------------- 1 | # This file has been depreciated and is no longer in use. 2 | # This is merely a placeholder to ensure future installations 3 | # don't leave the old, depreciated file in tact. 4 | 5 | import binwalk.core.plugin 6 | 7 | class Unjffs2DepreciatedPlugin(binwalk.core.plugin.Plugin): 8 | pass 9 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/ziphelper.py: -------------------------------------------------------------------------------- 1 | import binwalk.core.plugin 2 | 3 | class ZipHelperPlugin(binwalk.core.plugin.Plugin): 4 | ''' 5 | A helper plugin for Zip files to ensure that the Zip archive 6 | extraction rule is only executed once when the first Zip archive 7 | entry is encountered. This resets once and end of zip archive is 8 | found. 9 | ''' 10 | MODULES = ['Signature'] 11 | 12 | extraction_active = False 13 | 14 | def scan(self, result): 15 | if result.valid and result.display: 16 | if result.description.lower().startswith('zip archive data'): 17 | if self.extraction_active: 18 | result.extract = False 19 | else: 20 | self.extraction_active = True 21 | elif result.description.lower().startswith('end of zip archive'): 22 | self.extraction_active = False 23 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/zlibextract.py: -------------------------------------------------------------------------------- 1 | import os 2 | import zlib 3 | import binwalk.core.compat 4 | import binwalk.core.common 5 | import binwalk.core.plugin 6 | 7 | class ZLIBExtractPlugin(binwalk.core.plugin.Plugin): 8 | ''' 9 | Zlib extractor plugin. 10 | ''' 11 | MODULES = ['Signature'] 12 | 13 | def init(self): 14 | # If the extractor is enabled for the module we're currently loaded 15 | # into, then register self.extractor as a zlib extraction rule. 16 | if self.module.extractor.enabled: 17 | self.module.extractor.add_rule(txtrule=None, 18 | regex="^zlib compressed data", 19 | extension="zlib", 20 | cmd=self.extractor) 21 | 22 | def extractor(self, fname): 23 | outfile = os.path.splitext(fname)[0] 24 | 25 | try: 26 | fpin = binwalk.core.common.BlockFile(fname) 27 | fpout = binwalk.core.common.BlockFile(outfile, 'w') 28 | 29 | plaintext = zlib.decompress(binwalk.core.compat.str2bytes(fpin.read())) 30 | fpout.write(plaintext) 31 | 32 | fpin.close() 33 | fpout.close() 34 | except KeyboardInterrupt as e: 35 | raise e 36 | except Exception as e: 37 | return False 38 | 39 | return True 40 | 41 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/binwalk/plugins/zlibvalid.py: -------------------------------------------------------------------------------- 1 | import zlib 2 | import binwalk.core.compat 3 | import binwalk.core.plugin 4 | from binwalk.core.common import BlockFile 5 | 6 | class ZlibValidPlugin(binwalk.core.plugin.Plugin): 7 | ''' 8 | Validates zlib compressed data. 9 | ''' 10 | MODULES = ['Signature'] 11 | 12 | MAX_DATA_SIZE = 33 * 1024 13 | 14 | def scan(self, result): 15 | # If this result is a zlib signature match, try to decompress the data 16 | if result.file and result.description.lower().startswith('zlib'): 17 | 18 | # If byte swapping is enabled, we need to start reading at a swap-size 19 | # aligned offset, then index in to the read data appropriately. 20 | if self.module.config.swap_size: 21 | adjust = result.offset % self.module.config.swap_size 22 | else: 23 | adjust = 0 24 | 25 | offset = result.offset - adjust 26 | 27 | # Seek to and read the suspected zlib data 28 | fd = self.module.config.open_file(result.file.name) 29 | fd.seek(offset) 30 | data = fd.read(self.MAX_DATA_SIZE)[adjust:] 31 | fd.close() 32 | 33 | # Check if this is valid zlib data. It is valid if: 34 | # 35 | # 1. It decompresses without error 36 | # 2. Decompression fails only because of truncated input 37 | try: 38 | zlib.decompress(binwalk.core.compat.str2bytes(data)) 39 | except zlib.error as e: 40 | # Error -5, incomplete or truncated data input 41 | if not str(e).startswith("Error -5"): 42 | result.valid = False 43 | 44 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/scripts/binida.py: -------------------------------------------------------------------------------- 1 | import idc 2 | import idaapi 3 | import binwalk 4 | 5 | class binwalk_t(idaapi.plugin_t): 6 | flags = 0 7 | comment = "Scan the current IDB for file signatures" 8 | help = "" 9 | wanted_name = "Binwalk IDA Plugin" 10 | wanted_hotkey = "" 11 | 12 | def init(self): 13 | self.menu_context_1 = idaapi.add_menu_item("Search/", "binwalk opcodes", "", 0, self.opcode_scan, (None,)) 14 | self.menu_context_2 = idaapi.add_menu_item("Search/", "binwalk signatures", "", 0, self.signature_scan, (None,)) 15 | return idaapi.PLUGIN_KEEP 16 | 17 | def term(self): 18 | idaapi.del_menu_item(self.menu_context_1) 19 | idaapi.del_menu_item(self.menu_context_2) 20 | return None 21 | 22 | def run(self, arg): 23 | return None 24 | 25 | def signature_scan(self, arg): 26 | binwalk.scan(idc.GetIdbPath(), signature=True) 27 | 28 | def opcode_scan(self, arg): 29 | binwalk.scan(idc.GetIdbPath(), opcode=True) 30 | 31 | def PLUGIN_ENTRY(): 32 | return binwalk_t() 33 | 34 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/scripts/binwalk: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import os 4 | import sys 5 | 6 | # If installed to a custom prefix directory, binwalk may not be in 7 | # the default module search path(s). Try to resolve the prefix module 8 | # path and make it the first entry in sys.path. 9 | # Ensure that 'src/binwalk' becomes '.' instead of an empty string 10 | _parent_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) 11 | for _module_path in [ 12 | # from repo: src/scripts/ -> src/ 13 | _parent_dir, 14 | # from build dir: build/scripts-3.4/ -> build/lib/ 15 | os.path.join(_parent_dir, "lib"), 16 | # installed in non-default path: bin/ -> lib/python3.4/site-packages/ 17 | os.path.join(_parent_dir, 18 | "lib", 19 | "python%d.%d" % (sys.version_info[0], sys.version_info[1]), 20 | "site-packages") 21 | ]: 22 | if os.path.exists(_module_path) and _module_path not in sys.path: 23 | sys.path = [_module_path] + sys.path 24 | 25 | import binwalk 26 | import binwalk.modules 27 | 28 | def main(): 29 | with binwalk.Modules() as modules: 30 | try: 31 | if len(sys.argv) == 1: 32 | sys.stderr.write(modules.help()) 33 | sys.exit(1) 34 | # If no explicit module was enabled in the command line arguments, 35 | # run again with the default signature scan explicitly enabled. 36 | elif not modules.execute(): 37 | # Make sure the Signature module is loaded before attempting 38 | # an implicit signature scan; else, the error message received 39 | # by the end user is not very helpful. 40 | if hasattr(binwalk.modules, "Signature"): 41 | modules.execute(*sys.argv[1:], signature=True) 42 | else: 43 | sys.stderr.write("Error: Signature scans not supported; ") 44 | sys.stderr.write("make sure you have python-lzma installed and try again.\n") 45 | sys.exit(2) 46 | except binwalk.ModuleException as e: 47 | sys.exit(3) 48 | 49 | if __name__ == '__main__': 50 | try: 51 | # Special options for profiling the code. For debug use only. 52 | if '--profile' in sys.argv: 53 | import cProfile 54 | sys.argv.pop(sys.argv.index('--profile')) 55 | cProfile.run('main()') 56 | else: 57 | main() 58 | except IOError: 59 | pass 60 | except KeyboardInterrupt: 61 | sys.stdout.write("\n") 62 | 63 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/scripts/examples/binwalk_simple.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import binwalk 4 | 5 | # Since no options are specified, they are by default taken from sys.argv. 6 | # Effecitvely, this duplicates the functionality of the normal binwalk script. 7 | binwalk.scan() 8 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/scripts/examples/extract_data.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import sys 4 | import binwalk 5 | 6 | # Extracts and logs 7 | for module in binwalk.scan(*sys.argv[1:], signature=True, quiet=True, extract=True): 8 | print ("%s Results:" % module.name) 9 | for result in module.results: 10 | if module.extractor.output.has_key(result.file.path): 11 | if module.extractor.output[result.file.path].extracted.has_key(result.offset): 12 | print ("Extracted '%s' at offset 0x%X from '%s' to '%s'" % (result.description.split(',')[0], 13 | result.offset, 14 | result.file.path, 15 | str(module.extractor.output[result.file.path].extracted[result.offset]))) 16 | -------------------------------------------------------------------------------- /binwalk_windows/binwalk-2.1.1/src/scripts/examples/signature_scan.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import sys 4 | import binwalk 5 | 6 | try: 7 | # Perform a signature scan against the files specified on the command line and suppress the usual binwalk output. 8 | for module in binwalk.scan(*sys.argv[1:], signature=True, quiet=True): 9 | print ("%s Results:" % module.name) 10 | for result in module.results: 11 | print ("\t%s 0x%.8X %s [%s]" % (result.file.name, result.offset, result.description, str(result.valid))) 12 | except binwalk.ModuleException as e: 13 | pass 14 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/COPYING: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/deb-packaging/hexwalk-1.7.1/COPYING -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/changelog: -------------------------------------------------------------------------------- 1 | hexwalk (1.7.1-1) unstable; urgency=medium 2 | * Initial release (Closes: #1063579) 3 | 4 | -- Carmix Sun, 3 Mar 2024 13:56:50 +0100 5 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/control: -------------------------------------------------------------------------------- 1 | Source: hexwalk 2 | Section: editors 3 | Priority: optional 4 | Maintainer: Carmix 5 | Build-Depends: debhelper-compat (= 13), qtbase5-dev, qtbase5-dev-tools,libqt5charts5-dev 6 | Standards-Version: 4.7.0 7 | Rules-Requires-Root: no 8 | Homepage: https://www.hexwalk.com 9 | Vcs-Git: https://github.com/gcarmix/hexwalk.git 10 | Vcs-Browser: https://github.com/gcarmix/hexwalk 11 | 12 | Package: hexwalk 13 | Architecture: any 14 | Depends: ${shlibs:Depends}, ${misc:Depends} 15 | Description: Hex analyzer, editor and viewer 16 | HexWalk is an Hex editor, viewer, analyzer based on opensource 17 | projects like qhexedit2,binwalk and QT 18 | It is cross platform and has plenty of features: 19 | - Advanced find patterns in binary files based on HEX,UTF8,UTF16 and regex 20 | - Binwalk integration 21 | - Entropy Analysis 22 | - Byte Map 23 | - Hash Calculator 24 | - Bin/Dec/Hex Converter 25 | - Hex file editing 26 | - Diff file analysis 27 | - Byte Patterns to parse headers 28 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/copyright: -------------------------------------------------------------------------------- 1 | Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: hexwalk 3 | Upstream-Contact: Carmix 4 | Source: https://github.com/gcarmix/hexwalk 5 | 6 | Files: * 7 | Copyright: 2023 Carmix 8 | License: GPL-3.0+ 9 | 10 | Files: debian/* 11 | Copyright: 2024 Carmix 12 | License: GPL-3.0+ 13 | 14 | License: GPL-3.0+ 15 | This program is free software: you can redistribute it and/or modify 16 | it under the terms of the GNU General Public License as published by 17 | the Free Software Foundation, either version 3 of the License, or 18 | (at your option) any later version. 19 | . 20 | This package is distributed in the hope that it will be useful, 21 | but WITHOUT ANY WARRANTY; without even the implied warranty of 22 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 | GNU General Public License for more details. 24 | . 25 | You should have received a copy of the GNU General Public License 26 | along with this program. If not, see . 27 | . 28 | On Debian systems, the complete text of the GNU General 29 | Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". 30 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/dirs: -------------------------------------------------------------------------------- 1 | usr/bin 2 | usr/share/applications 3 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/hexwalk.install: -------------------------------------------------------------------------------- 1 | src/bin/hexwalk usr/bin 2 | hexwalk.desktop usr/share/applications 3 | hexwalk.ico /usr/share/pixmaps 4 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/menu: -------------------------------------------------------------------------------- 1 | ?package(hexwalk):needs="x11" \ 2 | section="Applications/Editors" \ 3 | title="HexWalk" \ 4 | command="/usr/bin/hexwalk" 5 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | export QT_SELECT := qt5 3 | export DH_VERBOSE = 1 4 | export DEB_BUILD_MAINT_OPTIONS = hardening=+all 5 | 6 | %: 7 | dh $@ 8 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/debian/watch: -------------------------------------------------------------------------------- 1 | version=4 2 | opts="searchmode=plain,\ 3 | filenamemangle=s%.*/v?@ANY_VERSION@%@PACKAGE@-$1.tar.xz%" \ 4 | https://api.github.com/repos/gcarmix/hexwalk/releases?per_page=50 \ 5 | https://api.github.com/repos/[^/]+/[^/]+/tarball/v?@ANY_VERSION@ 6 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/hexwalk.desktop: -------------------------------------------------------------------------------- 1 | [Desktop Entry] 2 | Version=1.0 3 | Type=Application 4 | Terminal=false 5 | Name=HexWalk 6 | Exec=/usr/bin/hexwalk 7 | Comment=Hex Analyzer 8 | Icon=/usr/share/pixmaps/hexwalk.ico 9 | StartupNotify=false 10 | Encoding=UTF-8 11 | Categories=HexEditor;Development;Qt; 12 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/hexwalk.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/deb-packaging/hexwalk-1.7.1/hexwalk.ico -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/hexwalk.pro: -------------------------------------------------------------------------------- 1 | SUBDIRS += src/hexwalk 2 | TEMPLATE = subdirs 3 | CONFIG += ordered warn_on qt debug_and_release 4 | -------------------------------------------------------------------------------- /deb-packaging/hexwalk-1.7.1/src/README.md: -------------------------------------------------------------------------------- 1 | Sources go here 2 | -------------------------------------------------------------------------------- /hexwalk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk.png -------------------------------------------------------------------------------- /hexwalk/advancedsearchdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef ADVANCEDSEARCHDIALOG_H 20 | #define ADVANCEDSEARCHDIALOG_H 21 | 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include "../qhexedit/qhexedit.h" 28 | #include "resultType.h" 29 | 30 | namespace Ui { 31 | class AdvancedSearchDialog; 32 | } 33 | 34 | class FindAllWorker; 35 | 36 | class TableModel : public QAbstractTableModel 37 | { 38 | Q_OBJECT 39 | 40 | public: 41 | TableModel(QObject *parent = 0); 42 | 43 | void populateData(const QList &resultsData); 44 | void clearData(); 45 | 46 | int rowCount(const QModelIndex &parent = QModelIndex()) const Q_DECL_OVERRIDE; 47 | int columnCount(const QModelIndex &parent = QModelIndex()) const Q_DECL_OVERRIDE; 48 | 49 | QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const Q_DECL_OVERRIDE; 50 | QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const Q_DECL_OVERRIDE; 51 | 52 | private: 53 | QList tm_cursor; 54 | QList tm_contenthex; 55 | QList tm_content; 56 | 57 | }; 58 | 59 | class AdvancedSearchDialog : public QDialog 60 | { 61 | Q_OBJECT 62 | public: 63 | explicit AdvancedSearchDialog(QHexEdit *hexEdit, QWidget *parent = 0); 64 | ~AdvancedSearchDialog(); 65 | qint64 findNext(); 66 | void findAll(); 67 | 68 | Ui::AdvancedSearchDialog *ui; 69 | 70 | 71 | QHexEdit *_hexEdit; 72 | QProgressDialog * progrDialog; 73 | 74 | private slots: 75 | void on_pbFind_clicked(); 76 | 77 | 78 | 79 | void on_resultsTableView_clicked(const QModelIndex &index); 80 | 81 | void on_pbFindAll_clicked(); 82 | void on_pbCancel_clicked(); 83 | 84 | void on_cbCase_clicked(); 85 | 86 | void on_cbFindFormat_currentIndexChanged(int index); 87 | 88 | void on_cbBackwards_clicked(); 89 | 90 | void on_cbBegin_clicked(); 91 | 92 | void on_cbRegex_clicked(); 93 | 94 | private: 95 | void setData(); 96 | QByteArray getContent(int comboIndex, const QString &input); 97 | qint64 replaceOccurrence(qint64 idx, const QByteArray &replaceBa); 98 | QByteArray _findBa; 99 | QList resultslist; 100 | TableModel *model = NULL; 101 | QString binToStr(QByteArray bin); 102 | 103 | }; 104 | 105 | 106 | 107 | #endif // ADVANCEDSEARCHDIALOG_H 108 | -------------------------------------------------------------------------------- /hexwalk/binanalysisdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef BINANALYSISDIALOG_H 20 | #define BINANALYSISDIALOG_H 21 | 22 | #include 23 | #include 24 | #include 25 | #include "resultType.h" 26 | #include "../qhexedit/qhexedit.h" 27 | 28 | namespace Ui { 29 | class binanalysisdialog; 30 | } 31 | 32 | class BinTableModel : public QAbstractTableModel 33 | { 34 | Q_OBJECT 35 | 36 | public: 37 | BinTableModel(QObject *parent = 0); 38 | 39 | void populateData(const QList &resultsData); 40 | void clearData(); 41 | 42 | int rowCount(const QModelIndex &parent = QModelIndex()) const Q_DECL_OVERRIDE; 43 | int columnCount(const QModelIndex &parent = QModelIndex()) const Q_DECL_OVERRIDE; 44 | 45 | QVariant data(const QModelIndex &index, int role = Qt::DisplayRole) const Q_DECL_OVERRIDE; 46 | QVariant headerData(int section, Qt::Orientation orientation, int role = Qt::DisplayRole) const Q_DECL_OVERRIDE; 47 | 48 | private: 49 | QList tm_cursor; 50 | QList tm_content; 51 | 52 | }; 53 | 54 | 55 | class binanalysisdialog : public QDialog 56 | { 57 | Q_OBJECT 58 | 59 | public: 60 | explicit binanalysisdialog(QHexEdit *hexEdit,QWidget *parent = nullptr); 61 | ~binanalysisdialog(); 62 | void analyze(QString filename); 63 | 64 | QHexEdit *_hexEdit; 65 | 66 | private slots: 67 | void on_binwalkTableView_clicked(const QModelIndex &index); 68 | 69 | void on_closeBtn_clicked(); 70 | void kill_process(); 71 | void renderAnalysis(int status_code); 72 | void on_extractAllBtn_clicked(); 73 | 74 | private: 75 | Ui::binanalysisdialog *ui; 76 | QList resultslist; 77 | BinTableModel *model = NULL; 78 | QString curFile; 79 | QProgressDialog * progrDialog; 80 | QProcess * binwalkProcess; 81 | int processType = 0; 82 | }; 83 | 84 | #endif // BINANALYSISDIALOG_H 85 | -------------------------------------------------------------------------------- /hexwalk/binanalysisdialog.ui: -------------------------------------------------------------------------------- 1 | 2 | 3 | binanalysisdialog 4 | 5 | 6 | 7 | 0 8 | 0 9 | 1024 10 | 378 11 | 12 | 13 | 14 | 15 | 1024 16 | 0 17 | 18 | 19 | 20 | 21 | 1024 22 | 16777215 23 | 24 | 25 | 26 | HexWalk - Binary Analysis 27 | 28 | 29 | 30 | 31 | 0 32 | 10 33 | 881 34 | 361 35 | 36 | 37 | 38 | 39 | 40 | 41 | 910 42 | 10 43 | 93 44 | 29 45 | 46 | 47 | 48 | Extract All 49 | 50 | 51 | 52 | 53 | 54 | 910 55 | 50 56 | 93 57 | 29 58 | 59 | 60 | 61 | Close 62 | 63 | 64 | 65 | 66 | 67 | 68 | -------------------------------------------------------------------------------- /hexwalk/bytemap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef BYTEMAP_H 20 | #define BYTEMAP_H 21 | #include 22 | #include 23 | #include 24 | #include "../qhexedit/qhexedit.h" 25 | 26 | class ByteMap: public QAbstractScrollArea 27 | { 28 | Q_OBJECT 29 | public: 30 | ByteMap(QWidget *parent=0); 31 | void loadBytes(QHexEdit * hexedit); 32 | qint64 cursorPosition(QPoint pos); 33 | void setCursorPosition(qint64 actpos); 34 | qint64 getCurrentPosition(); 35 | void setBytesPerLine(int value); 36 | bool colored = false; 37 | protected: 38 | void paintEvent(QPaintEvent *event); 39 | void mouseMoveEvent(QMouseEvent * event); 40 | void mousePressEvent(QMouseEvent * event); 41 | void showEvent(QShowEvent *event); 42 | signals: 43 | void mouseEvent(); 44 | void mousePress(); 45 | private: 46 | int _rowsShown; 47 | QColor _jetColor(int value); 48 | int _pxHeight; 49 | int _pxWidth; 50 | int _bytesPerLine; 51 | QHexEdit * _hexedit; 52 | qint64 _currentPos; 53 | QPoint mPoint; 54 | private slots: 55 | void adjust(); 56 | }; 57 | 58 | #endif // BYTEMAP_H 59 | -------------------------------------------------------------------------------- /hexwalk/bytemapdialog.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include "bytemapdialog.h" 20 | #include "ui_bytemapdialog.h" 21 | ByteMapDialog::ByteMapDialog(QHexEdit * hexedit,QWidget *parent) : 22 | QDialog(parent), 23 | ui(new Ui::ByteMapDialog) 24 | { 25 | ui->setupUi(this); 26 | _hexedit = hexedit; 27 | connect(ui->byteMap,SIGNAL(mouseEvent()),this,SLOT(updatePos())); 28 | connect(ui->byteMap,SIGNAL(mousePress()),this,SLOT(gotoAddress())); 29 | connect(parent,SIGNAL(fileLoaded()),this,SLOT(refresh())); 30 | ui->byteMap->setBytesPerLine(256); 31 | ui->spinCols->setValue(256); 32 | ui->byteMap->colored = ui->colorBox->isChecked(); 33 | setFixedWidth(48+256*3); 34 | } 35 | 36 | ByteMapDialog::~ByteMapDialog() 37 | { 38 | delete ui; 39 | } 40 | 41 | void ByteMapDialog::showByteMapDialog() 42 | { 43 | ui->byteMap->loadBytes(_hexedit); 44 | this->show(); 45 | this->update(); 46 | 47 | } 48 | 49 | void ByteMapDialog::refresh() 50 | { 51 | ui->byteMap->loadBytes(_hexedit); 52 | 53 | } 54 | 55 | 56 | void ByteMapDialog::updatePos() 57 | { 58 | if(ui->byteMap->getCurrentPosition() < _hexedit->getSize()) 59 | { 60 | ui->edtAddress->setText(QString::asprintf("%02llX (%lld)",ui->byteMap->getCurrentPosition(),ui->byteMap->getCurrentPosition())); 61 | ui->edtValue->setText(QString::asprintf("%02X (%u)",(unsigned char)(_hexedit->dataAt(ui->byteMap->getCurrentPosition(),1).at(0)),(unsigned char)(_hexedit->dataAt(ui->byteMap->getCurrentPosition(),1).at(0)))); 62 | } 63 | 64 | } 65 | 66 | void ByteMapDialog::gotoAddress() 67 | { 68 | _hexedit->setCursorPosition(2*ui->byteMap->getCurrentPosition()); 69 | _hexedit->ensureVisible(); 70 | } 71 | 72 | 73 | void ByteMapDialog::on_spinCols_valueChanged(int arg1) 74 | { 75 | ui->byteMap->setBytesPerLine(arg1); 76 | if(arg1 > 512) 77 | { 78 | setFixedWidth(32+arg1*2); 79 | } 80 | else 81 | { 82 | setFixedWidth(48+arg1*3); 83 | } 84 | } 85 | 86 | 87 | 88 | void ByteMapDialog::on_closeBtn_clicked() 89 | { 90 | this->hide(); 91 | } 92 | 93 | 94 | void ByteMapDialog::on_colorBox_stateChanged(int arg1) 95 | { 96 | 97 | ui->byteMap->colored = ui->colorBox->isChecked(); 98 | 99 | } 100 | 101 | -------------------------------------------------------------------------------- /hexwalk/bytemapdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef BYTEMAPDIALOG_H 20 | #define BYTEMAPDIALOG_H 21 | 22 | #include 23 | #include "../qhexedit/qhexedit.h" 24 | #include 25 | namespace Ui { 26 | class ByteMapDialog; 27 | } 28 | 29 | class ByteMapDialog : public QDialog 30 | { 31 | Q_OBJECT 32 | 33 | public: 34 | explicit ByteMapDialog(QHexEdit * hexedit,QWidget *parent = nullptr); 35 | ~ByteMapDialog(); 36 | void showByteMapDialog(); 37 | 38 | private slots: 39 | void updatePos(); 40 | void gotoAddress(); 41 | void refresh(); 42 | void on_spinCols_valueChanged(int arg1); 43 | void on_closeBtn_clicked(); 44 | 45 | void on_colorBox_stateChanged(int arg1); 46 | 47 | private: 48 | int imageWidth; 49 | int imageHeight; 50 | Ui::ByteMapDialog *ui; 51 | QHexEdit * _hexedit; 52 | QGraphicsScene *scene; 53 | }; 54 | 55 | #endif // BYTEMAPDIALOG_H 56 | -------------------------------------------------------------------------------- /hexwalk/bytemapdialog.ui: -------------------------------------------------------------------------------- 1 | 2 | 3 | ByteMapDialog 4 | 5 | 6 | 7 | 0 8 | 0 9 | 833 10 | 584 11 | 12 | 13 | 14 | Byte Map 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 1 24 | 25 | 26 | QLayout::SetMaximumSize 27 | 28 | 29 | 30 | 31 | 32 | 100 33 | 30 34 | 35 | 36 | 37 | Value: 38 | 39 | 40 | 41 | 42 | 43 | 44 | false 45 | 46 | 47 | 48 | 49 | 50 | 51 | Qt::Horizontal 52 | 53 | 54 | 55 | 30 56 | 20 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | Cols: 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 50 73 | 0 74 | 75 | 76 | 77 | QAbstractSpinBox::UpDownArrows 78 | 79 | 80 | true 81 | 82 | 83 | true 84 | 85 | 86 | 80 87 | 88 | 89 | 940 90 | 91 | 92 | 1 93 | 94 | 95 | QAbstractSpinBox::DefaultStepType 96 | 97 | 98 | 256 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 100 111 | 30 112 | 113 | 114 | 115 | Addr: 116 | 117 | 118 | 119 | 120 | 121 | 122 | false 123 | 124 | 125 | false 126 | 127 | 128 | 129 | 130 | 131 | 132 | Color map 133 | 134 | 135 | 136 | 137 | 138 | 139 | Qt::Horizontal 140 | 141 | 142 | 143 | 40 144 | 20 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | Close 153 | 154 | 155 | false 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | ByteMap 166 | QWidget 167 |
bytemap.h
168 | 1 169 | 170 | 171 | 172 | 173 | 174 | -------------------------------------------------------------------------------- /hexwalk/converterwidget.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef CONVERTERWIDGET_H 20 | #define CONVERTERWIDGET_H 21 | 22 | #include 23 | 24 | namespace Ui { 25 | class ConverterWidget; 26 | } 27 | 28 | class ConverterWidget : public QDockWidget 29 | { 30 | Q_OBJECT 31 | 32 | public: 33 | explicit ConverterWidget(QWidget *parent = nullptr); 34 | void update(QString hexString); 35 | ~ConverterWidget(); 36 | 37 | private slots: 38 | 39 | void on_decTextEdit_textChanged(const QString &arg1); 40 | void on_hexTextEdit_textChanged(const QString &arg1); 41 | void on_binTextEdit_textChanged(const QString &arg1); 42 | void on_checkBox_be_stateChanged(int arg1); 43 | //void update(QByteArray ba); 44 | 45 | private: 46 | Ui::ConverterWidget *ui; 47 | bool isBE=false; 48 | bool isSigned=false; 49 | void updateDec(); 50 | void updateHex(); 51 | QString binValue; 52 | QString decValue; 53 | QString hexValue; 54 | }; 55 | 56 | #endif // CONVERTERWIDGET_H 57 | -------------------------------------------------------------------------------- /hexwalk/converterwidget.ui: -------------------------------------------------------------------------------- 1 | 2 | 3 | ConverterWidget 4 | 5 | 6 | 7 | 0 8 | 0 9 | 280 10 | 250 11 | 12 | 13 | 14 | 15 | 0 16 | 0 17 | 18 | 19 | 20 | 21 | 280 22 | 250 23 | 24 | 25 | 26 | true 27 | 28 | 29 | QDockWidget::DockWidgetClosable|QDockWidget::DockWidgetFloatable|QDockWidget::DockWidgetMovable 30 | 31 | 32 | Qt::LeftDockWidgetArea|Qt::RightDockWidgetArea 33 | 34 | 35 | CONVERTER 36 | 37 | 38 | 39 | 40 | 41 | 100 42 | 10 43 | 171 44 | 25 45 | 46 | 47 | 48 | 49 | 50 | 51 | 100 52 | 40 53 | 171 54 | 25 55 | 56 | 57 | 58 | 59 | 60 | 61 | 10 62 | 10 63 | 90 64 | 25 65 | 66 | 67 | 68 | Hex: 69 | 70 | 71 | 72 | 73 | 74 | 10 75 | 40 76 | 90 77 | 25 78 | 79 | 80 | 81 | Bin: 82 | 83 | 84 | 85 | 86 | 87 | 100 88 | 70 89 | 171 90 | 25 91 | 92 | 93 | 94 | 95 | 96 | 97 | 10 98 | 70 99 | 90 100 | 25 101 | 102 | 103 | 104 | Dec: 105 | 106 | 107 | 108 | 109 | 110 | 100 111 | 100 112 | 171 113 | 25 114 | 115 | 116 | 117 | true 118 | 119 | 120 | 121 | 122 | 123 | 10 124 | 100 125 | 90 126 | 25 127 | 128 | 129 | 130 | Float: 131 | 132 | 133 | 134 | 135 | 136 | 10 137 | 160 138 | 121 139 | 24 140 | 141 | 142 | 143 | Big Endian 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | -------------------------------------------------------------------------------- /hexwalk/diffdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef DIFFDIALOG_H 20 | #define DIFFDIALOG_H 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | namespace Ui { 27 | class DiffDialog; 28 | } 29 | 30 | class DiffDialog : public QDialog 31 | { 32 | Q_OBJECT 33 | 34 | public: 35 | explicit DiffDialog(QWidget *parent = nullptr); 36 | ~DiffDialog(); 37 | void setFiles(QString file1, QString file2); 38 | QFile file1; 39 | QFile file2; 40 | private slots: 41 | void trackCursor1(); 42 | void trackCursor2(); 43 | 44 | void on_nextDiffBtn_clicked(); 45 | 46 | void on_exitBtn_clicked(); 47 | 48 | void on_prevDiffBtn_clicked(); 49 | 50 | private: 51 | Ui::DiffDialog *ui; 52 | QProgressDialog *progrDialog; 53 | }; 54 | 55 | #endif // DIFFDIALOG_H 56 | -------------------------------------------------------------------------------- /hexwalk/diffdialog.ui: -------------------------------------------------------------------------------- 1 | 2 | 3 | DiffDialog 4 | 5 | 6 | 7 | 0 8 | 0 9 | 1320 10 | 725 11 | 12 | 13 | 14 | HexWalk - Diff Analysis 15 | 16 | 17 | 18 | 19 | 9 20 | 50 21 | 640 22 | 650 23 | 24 | 25 | 26 | 27 | 28 | 29 | 660 30 | 50 31 | 640 32 | 650 33 | 34 | 35 | 36 | 37 | 38 | 39 | 110 40 | 10 41 | 93 42 | 29 43 | 44 | 45 | 46 | Next Diff 47 | 48 | 49 | 50 | 51 | 52 | 10 53 | 10 54 | 93 55 | 29 56 | 57 | 58 | 59 | Prev Diff 60 | 61 | 62 | 63 | 64 | 65 | 210 66 | 10 67 | 93 68 | 29 69 | 70 | 71 | 72 | Exit 73 | 74 | 75 | 76 | 77 | 78 | QHexEdit 79 | QWidget 80 |
../qhexedit/qhexedit.h
81 | 1 82 | 83 | 84 | 85 | 86 | 87 | -------------------------------------------------------------------------------- /hexwalk/disasmwidget.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include "disasmwidget.h" 20 | #include "ui_disasmwidget.h" 21 | #include 22 | void DisasmWidget::capst(void) 23 | { 24 | csh handle; 25 | cs_insn *insn; 26 | size_t count; 27 | QString message; 28 | ui->lstDisasm->clear(); 29 | QByteArray selectedHex = _hexedit->selectedDataBa(); 30 | qint64 addrBase = _hexedit->cursorPosition()/2 - selectedHex.size(); 31 | ui->edtBaseAddr->setText(QString("%1").arg(addrBase,2,16,QLatin1Char('0')).toUpper()); 32 | ui->edtSelected->setText(QString("%1").arg(selectedHex.size())); 33 | cs_arch arch = CS_ARCH_X86; 34 | uint32_t mode_int = CS_MODE_64; 35 | cs_mode mode = CS_MODE_64; 36 | uint32_t endianness = CS_MODE_LITTLE_ENDIAN; 37 | if(ui->comboEndian->currentText().contains("Little")) 38 | { 39 | endianness = CS_MODE_LITTLE_ENDIAN; 40 | } 41 | else 42 | { 43 | endianness = CS_MODE_BIG_ENDIAN; 44 | } 45 | if(ui->comboBox->currentText().contains("x86/64")) 46 | { 47 | arch = CS_ARCH_X86; 48 | mode_int = CS_MODE_64; 49 | } 50 | else if(ui->comboBox->currentText().contains("x86/32")) 51 | { 52 | arch = CS_ARCH_X86; 53 | mode_int = CS_MODE_32; 54 | } 55 | else if(ui->comboBox->currentText() == "ARM32") 56 | { 57 | arch = CS_ARCH_ARM; 58 | mode_int = CS_MODE_ARM; 59 | } 60 | else if(ui->comboBox->currentText() == "ARM32/THUMB") 61 | { 62 | arch = CS_ARCH_ARM; 63 | mode_int = CS_MODE_THUMB; 64 | } 65 | else if(ui->comboBox->currentText().contains("ARM64")) 66 | { 67 | arch = CS_ARCH_ARM64; 68 | mode_int = CS_MODE_ARM; 69 | } 70 | else if(ui->comboBox->currentText().contains("MIPS")) 71 | { 72 | arch = CS_ARCH_MIPS; 73 | mode_int = CS_MODE_MIPS32; 74 | } 75 | mode = (cs_mode) (mode_int | endianness); 76 | if (cs_err ret = cs_open(arch, mode , &handle)) 77 | { 78 | message.sprintf("Invalid mode (e.g. x86 can't be Big Endian)"); 79 | ui->lstDisasm->addItem(message); 80 | return; 81 | } 82 | count = cs_disasm(handle, (const uint8_t*)selectedHex.data(), selectedHex.size(), addrBase, 0, &insn); 83 | if (count > 0) { 84 | size_t j; 85 | for (j = 0; j < count; j++) { 86 | message.sprintf("0x%llX: %s %s", insn[j].address, insn[j].mnemonic, 87 | insn[j].op_str); 88 | ui->lstDisasm->addItem(message); 89 | 90 | } 91 | 92 | cs_free(insn, count); 93 | } else 94 | { 95 | 96 | message.sprintf("ERROR: Failed to disassemble given code!\n"); 97 | ui->lstDisasm->addItem(message); 98 | } 99 | cs_close(&handle); 100 | 101 | } 102 | DisasmWidget::DisasmWidget(QHexEdit * hexedit,QWidget *parent) : 103 | QDockWidget(parent), 104 | ui(new Ui::DisasmWidget) 105 | { 106 | ui->setupUi(this); 107 | _hexedit = hexedit; 108 | hide(); 109 | } 110 | 111 | DisasmWidget::~DisasmWidget() 112 | { 113 | delete ui; 114 | } 115 | 116 | 117 | 118 | 119 | void DisasmWidget::on_btnDisasm_clicked() 120 | { 121 | capst(); 122 | } 123 | 124 | void DisasmWidget::refresh() 125 | { 126 | capst(); 127 | 128 | } 129 | -------------------------------------------------------------------------------- /hexwalk/disasmwidget.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef DISASMWIDGET_H 20 | #define DISASMWIDGET_H 21 | 22 | #include 23 | #include "../qhexedit/qhexedit.h" 24 | namespace Ui { 25 | class DisasmWidget; 26 | } 27 | 28 | class DisasmWidget : public QDockWidget 29 | { 30 | Q_OBJECT 31 | 32 | public: 33 | explicit DisasmWidget(QHexEdit * hexedit,QWidget *parent = nullptr); 34 | ~DisasmWidget(); 35 | void capst(void); 36 | void refresh(void); 37 | private slots: 38 | void on_btnDisasm_clicked(); 39 | private: 40 | Ui::DisasmWidget *ui; 41 | QHexEdit * _hexedit; 42 | }; 43 | 44 | #endif // DISASMWIDGET_H 45 | -------------------------------------------------------------------------------- /hexwalk/edittagdialog.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include "edittagdialog.h" 20 | #include "ui_edittagdialog.h" 21 | #include 22 | #include "../qhexedit/colortag.h" 23 | #include 24 | EditTagDialog::EditTagDialog(BytePattern * bytePtr,QWidget *parent ) : 25 | QDialog(parent), 26 | ui(new Ui::EditTagDialog) 27 | { 28 | bytePattern = bytePtr; 29 | ui->setupUi(this); 30 | 31 | 32 | } 33 | 34 | EditTagDialog::~EditTagDialog() 35 | { 36 | delete ui; 37 | } 38 | 39 | void EditTagDialog::colorGen() 40 | { 41 | QRandomGenerator prng(time(0)); 42 | 43 | QColor color(prng.generate()%256,prng.generate()%256,prng.generate()%256); 44 | if(color.isValid()) { 45 | QString qss = QString("background-color: %1").arg(color.name()); 46 | ui->colorButton->setStyleSheet(qss); 47 | } 48 | editedTagIdx = -1; 49 | } 50 | 51 | void EditTagDialog::loadTag(int row) 52 | { 53 | ColorTag tag = bytePattern->colorTag.at(row); 54 | QString qss = QString("background-color: %1").arg(QString::fromStdString(tag.color)); 55 | ui->colorButton->setStyleSheet(qss); 56 | ui->nameEdit->setText(QString::fromStdString(tag.name)); 57 | ui->offsetEdit->setText(QString::fromStdString(tag.obj.offset)); 58 | ui->lengthEdit->setText(QString::fromStdString(tag.obj.size)); 59 | if(tag.type == BE_t) 60 | { 61 | ui->typeCombo->setCurrentIndex(BE_t-1); 62 | } 63 | else if(tag.type == LE_t) 64 | { 65 | ui->typeCombo->setCurrentIndex(LE_t-1); 66 | } 67 | else if(tag.type == STRING_t) 68 | { 69 | ui->typeCombo->setCurrentIndex(STRING_t-1); 70 | } 71 | else 72 | { 73 | ui->typeCombo->setCurrentIndex(HEX_t-1); 74 | } 75 | editedTagIdx = row; 76 | } 77 | 78 | void EditTagDialog::on_colorButton_clicked() 79 | { 80 | QColor color = QColorDialog::getColor(); 81 | if(color.isValid()) { 82 | QString qss = QString("background-color: %1").arg(color.name()); 83 | ui->colorButton->setStyleSheet(qss); 84 | } 85 | } 86 | 87 | void EditTagDialog::on_applyButton_clicked() 88 | { 89 | YMLObj obj; 90 | BPerrors error = E_NONE; 91 | obj.color = ui->colorButton->palette().button().color().name().toStdString(); 92 | obj.name = ui->nameEdit->text().toStdString(); 93 | obj.offset = ui->offsetEdit->text().toStdString(); 94 | obj.size = ui->lengthEdit->text().toStdString(); 95 | obj.type = tagStrings[ui->typeCombo->currentIndex() +1 ]; 96 | 97 | if(!bytePattern->isValidColor(obj.color)) 98 | { 99 | error = E_WRONGCOLOR; 100 | } 101 | else if(!bytePattern->isValidName(obj.name)) 102 | { 103 | error = E_WRONGNAME; 104 | } 105 | else if(bytePattern->isDuplicatedName(obj.name,editedTagIdx)) 106 | { 107 | error = E_DUPNAME; 108 | } 109 | else if(obj.offset.length() == 0) 110 | { 111 | error = E_EMPTYOFFSET; 112 | } 113 | else if(obj.size.length() == 0) 114 | { 115 | error = E_EMPTYSIZE; 116 | } 117 | QString error_string; 118 | if(error != E_NONE) 119 | { 120 | switch(error) 121 | { 122 | case E_WRONGNAME: 123 | error_string = QString("Wrong name passed "); 124 | break; 125 | case E_WRONGTYPE: 126 | error_string = QString("Wrong type passed "); 127 | break; 128 | case E_WRONGREF: 129 | error_string = QString("Wrong reference passed" ); 130 | break; 131 | case E_WRONGCOLOR: 132 | error_string = QString("Wrong color passed"); 133 | break; 134 | case E_DUPNAME: 135 | error_string = QString("Duplicated name"); 136 | break; 137 | default: 138 | error_string = QString("Error code %1").arg(error); 139 | } 140 | 141 | QMessageBox::warning(this, tr("HexWalk"), 142 | error_string 143 | ); 144 | } 145 | else 146 | { 147 | 148 | if(editedTagIdx >= 0) 149 | { 150 | bytePattern->updateElement(editedTagIdx,obj); 151 | editedTagIdx = -1; 152 | } 153 | else { 154 | bytePattern->addElement(obj); 155 | } 156 | 157 | emit tagReady(); 158 | this->hide(); 159 | } 160 | 161 | 162 | } 163 | 164 | -------------------------------------------------------------------------------- /hexwalk/edittagdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef EDITTAGDIALOG_H 20 | #define EDITTAGDIALOG_H 21 | 22 | #include 23 | #include "../qhexedit/qhexedit.h" 24 | #include "../qhexedit/bytepattern.h" 25 | namespace Ui { 26 | class EditTagDialog; 27 | } 28 | 29 | class EditTagDialog : public QDialog 30 | { 31 | Q_OBJECT 32 | 33 | public: 34 | explicit EditTagDialog(BytePattern * bytePtr,QWidget *parent = nullptr); 35 | void colorGen(); 36 | void loadTag(int row); 37 | ~EditTagDialog(); 38 | BytePattern * bytePattern; 39 | 40 | private slots: 41 | void on_colorButton_clicked(); 42 | 43 | void on_applyButton_clicked(); 44 | signals: 45 | void tagReady(); 46 | private: 47 | Ui::EditTagDialog *ui; 48 | QHexEdit * hexEdit; 49 | int editedTagIdx; 50 | }; 51 | 52 | #endif // EDITTAGDIALOG_H 53 | -------------------------------------------------------------------------------- /hexwalk/edittagdialog.ui: -------------------------------------------------------------------------------- 1 | 2 | 3 | EditTagDialog 4 | 5 | 6 | 7 | 0 8 | 0 9 | 400 10 | 200 11 | 12 | 13 | 14 | 15 | 400 16 | 200 17 | 18 | 19 | 20 | 21 | 400 22 | 200 23 | 24 | 25 | 26 | Edit Tag 27 | 28 | 29 | true 30 | 31 | 32 | true 33 | 34 | 35 | 36 | 37 | 110 38 | 50 39 | 141 40 | 25 41 | 42 | 43 | 44 | 45 | 46 | 47 | 10 48 | 50 49 | 91 50 | 20 51 | 52 | 53 | 54 | Name: 55 | 56 | 57 | 58 | 59 | 60 | 10 61 | 10 62 | 91 63 | 20 64 | 65 | 66 | 67 | Color: 68 | 69 | 70 | 71 | 72 | 73 | 10 74 | 90 75 | 91 76 | 20 77 | 78 | 79 | 80 | Offset: 81 | 82 | 83 | 84 | 85 | 86 | 110 87 | 90 88 | 141 89 | 25 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 10 100 | 130 101 | 91 102 | 20 103 | 104 | 105 | 106 | Length: 107 | 108 | 109 | 110 | 111 | 112 | 110 113 | 130 114 | 141 115 | 25 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 10 126 | 170 127 | 91 128 | 20 129 | 130 | 131 | 132 | Type: 133 | 134 | 135 | 136 | 137 | 138 | 110 139 | 170 140 | 141 141 | 25 142 | 143 | 144 | 145 | 146 | String 147 | 148 | 149 | 150 | 151 | BigEndian 152 | 153 | 154 | 155 | 156 | LittleEndian 157 | 158 | 159 | 160 | 161 | HEX 162 | 163 | 164 | 165 | 166 | 167 | 168 | 290 169 | 10 170 | 93 171 | 29 172 | 173 | 174 | 175 | Apply 176 | 177 | 178 | 179 | 180 | 181 | 110 182 | 10 183 | 141 184 | 29 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | -------------------------------------------------------------------------------- /hexwalk/entropychart.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include "entropychart.h" 20 | #include 21 | EntropyChart::EntropyChart(QWidget *parent): 22 | QChartView(parent) 23 | { 24 | 25 | } 26 | 27 | void EntropyChart::mousePressEvent(QMouseEvent * event){ 28 | auto curPoint = QCursor::pos(); 29 | curPoint = this->mapFromGlobal(curPoint); 30 | auto pickVal = this->mapToScene(curPoint); 31 | pickVal = this->chart()->mapFromScene(curPoint); 32 | pickVal = this->chart()->mapToValue(curPoint,this->chart()->series().at(0)); 33 | emit rubberBandEvent(); 34 | emit mousePressed(qint64(pickVal.x())); 35 | 36 | QChartView::mousePressEvent(event); 37 | 38 | } 39 | void EntropyChart::resizeEvent(QResizeEvent *event){ 40 | 41 | emit rubberBandEvent(); 42 | QChartView::resizeEvent(event); 43 | } 44 | void EntropyChart::mouseReleaseEvent(QMouseEvent *event){ 45 | emit rubberBandEvent(); 46 | QChartView::mouseReleaseEvent(event); 47 | } 48 | 49 | void EntropyChart::mouseMoveEvent(QMouseEvent * event){ 50 | auto curPoint = QCursor::pos(); 51 | curPoint = this->mapFromGlobal(curPoint); 52 | auto pickVal = this->mapToScene(curPoint); 53 | pickVal = this->chart()->mapFromScene(curPoint); 54 | pickVal = this->chart()->mapToValue(curPoint,this->chart()->series().at(0)); 55 | 56 | emit mouseMoved(qint64(pickVal.x())); 57 | QChartView::mouseMoveEvent(event); 58 | } 59 | -------------------------------------------------------------------------------- /hexwalk/entropychart.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef ENTROPYCHART_H 20 | #define ENTROPYCHART_H 21 | #include 22 | #include 23 | #include 24 | QT_CHARTS_USE_NAMESPACE 25 | class EntropyChart : public QChartView 26 | { 27 | Q_OBJECT 28 | public: 29 | explicit EntropyChart(QWidget *parent = nullptr); 30 | 31 | signals: 32 | void mousePressed(qint64 value); 33 | void mouseMoved(qint64 address); 34 | void rubberBandEvent(); 35 | protected: 36 | void mousePressEvent(QMouseEvent *event); 37 | void mouseMoveEvent(QMouseEvent *event); 38 | void resizeEvent(QResizeEvent *event); 39 | void mouseReleaseEvent(QMouseEvent *event); 40 | 41 | 42 | 43 | 44 | }; 45 | 46 | #endif // ENTROPYCHART_H 47 | -------------------------------------------------------------------------------- /hexwalk/entropydialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef ENTROPYDIALOG_H 20 | #define ENTROPYDIALOG_H 21 | 22 | #include 23 | #include 24 | #include 25 | #include "../qhexedit/qhexedit.h" 26 | #include "entropychart.h" 27 | 28 | namespace Ui { 29 | class EntropyDialog; 30 | } 31 | 32 | class EntropyDialog : public QDialog 33 | { 34 | Q_OBJECT 35 | 36 | public: 37 | explicit EntropyDialog(QHexEdit * hexedit,QWidget *parent = nullptr); 38 | ~EntropyDialog(); 39 | void calculate(); 40 | public slots: 41 | void mousePressed(qint64 value); 42 | void mouseMoved(qint64 address); 43 | void limitZoomOut(); 44 | void refresh(); 45 | private slots: 46 | void on_buttonBox_clicked(QAbstractButton *button); 47 | 48 | void on_entropyChart_mousePressed(qint64 ); 49 | 50 | private: 51 | Ui::EntropyDialog *ui; 52 | QHexEdit * _hexed; 53 | double blockEntropy(QByteArray * data); 54 | EntropyChart *entropyView; 55 | QProgressDialog *progrDialog; 56 | QLineSeries *series = NULL; 57 | QPointF findClosestPoint(QLineSeries* lineSeries, qreal x); 58 | }; 59 | 60 | #endif // ENTROPYDIALOG_H 61 | -------------------------------------------------------------------------------- /hexwalk/entropydialog.ui: -------------------------------------------------------------------------------- 1 | 2 | 3 | EntropyDialog 4 | 5 | 6 | 7 | 0 8 | 0 9 | 752 10 | 564 11 | 12 | 13 | 14 | HexWalk - Entropy Analysis 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | Value: 28 | 29 | 30 | 31 | 32 | 33 | 34 | false 35 | 36 | 37 | 38 | 39 | 40 | 41 | Address: 42 | 43 | 44 | 45 | 46 | 47 | 48 | false 49 | 50 | 51 | 52 | 53 | 54 | 55 | Qt::Horizontal 56 | 57 | 58 | 59 | 40 60 | 20 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | Qt::Horizontal 73 | 74 | 75 | QDialogButtonBox::Close 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | EntropyChart 84 | QGraphicsView 85 |
entropychart.h
86 | 87 | 88 | 89 | 90 | 91 | buttonBox 92 | accepted() 93 | EntropyDialog 94 | accept() 95 | 96 | 97 | 248 98 | 254 99 | 100 | 101 | 157 102 | 274 103 | 104 | 105 | 106 | 107 | buttonBox 108 | rejected() 109 | EntropyDialog 110 | reject() 111 | 112 | 113 | 316 114 | 260 115 | 116 | 117 | 286 118 | 274 119 | 120 | 121 | 122 | 123 | 124 | -------------------------------------------------------------------------------- /hexwalk/fonts/Courier.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/fonts/Courier.ttf -------------------------------------------------------------------------------- /hexwalk/fonts/Roboto.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/fonts/Roboto.ttf -------------------------------------------------------------------------------- /hexwalk/hashdialog.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include "hashdialog.h" 20 | #include "qevent.h" 21 | #include "ui_hashdialog.h" 22 | #include 23 | #include 24 | #include 25 | HashDialog::HashDialog(QWidget *parent) : 26 | QDialog(parent), 27 | ui(new Ui::HashDialog) 28 | { 29 | ui->setupUi(this); 30 | } 31 | 32 | HashDialog::~HashDialog() 33 | { 34 | delete ui; 35 | } 36 | void HashDialog::keyPressEvent(QKeyEvent *event) { 37 | if (event->key() == Qt::Key_Escape) { 38 | haltCalc = true; 39 | this->hide(); 40 | } else { 41 | QDialog::keyPressEvent(event); 42 | } 43 | } 44 | void HashDialog::calculate(QString filepath) 45 | { 46 | QFile in(filepath); 47 | haltCalc = false; 48 | ui->md5Lbl->setText(""); 49 | ui->sha1Lbl->setText(""); 50 | ui->sha256Lbl->setText(""); 51 | if (in.open(QIODevice::ReadOnly)) { 52 | qint64 fileSize = in.size(); 53 | ui->progressBar->setMinimum(0); 54 | ui->progressBar->setMaximum(100); 55 | ui->progressBar->setValue(0); 56 | ui->progressBar->show(); 57 | QCryptographicHash hashmd5(QCryptographicHash::Md5); 58 | QCryptographicHash hashsha1(QCryptographicHash::Sha1); 59 | QCryptographicHash hashsha256(QCryptographicHash::Sha256); 60 | hashmd5.reset(); 61 | hashsha1.reset(); 62 | hashsha256.reset(); 63 | char buf[4096]; 64 | qint64 bytesRead; 65 | qint64 totalBytes = 0; 66 | while ((bytesRead = in.read(buf, 4096)) > 0) { 67 | if(haltCalc == true) 68 | { 69 | break; 70 | } 71 | totalBytes+=bytesRead; 72 | ui->progressBar->setValue(100.0*totalBytes/fileSize); 73 | hashmd5.addData(buf, bytesRead); 74 | hashsha1.addData(buf, bytesRead); 75 | hashsha256.addData(buf, bytesRead); 76 | QCoreApplication::processEvents(); 77 | 78 | } 79 | ui->progressBar->hide(); 80 | if(haltCalc == false) 81 | { 82 | ui->md5Lbl->setText(hashmd5.result().toHex()); 83 | ui->sha1Lbl->setText(hashsha1.result().toHex()); 84 | ui->sha256Lbl->setText(hashsha256.result().toHex()); 85 | } 86 | else 87 | { 88 | haltCalc = false; 89 | } 90 | 91 | in.close(); 92 | } 93 | } 94 | 95 | void HashDialog::on_pushButton_clicked() 96 | { 97 | haltCalc = true; 98 | } 99 | 100 | 101 | void HashDialog::on_pushButton_2_clicked() 102 | { 103 | haltCalc = true; 104 | this->hide(); 105 | } 106 | 107 | -------------------------------------------------------------------------------- /hexwalk/hashdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef HASHDIALOG_H 20 | #define HASHDIALOG_H 21 | 22 | #include 23 | 24 | namespace Ui { 25 | class HashDialog; 26 | } 27 | 28 | class HashDialog : public QDialog 29 | { 30 | Q_OBJECT 31 | 32 | public: 33 | explicit HashDialog(QWidget *parent = nullptr); 34 | ~HashDialog(); 35 | void calculate(QString curFile); 36 | protected: 37 | void keyPressEvent(QKeyEvent *event); 38 | private slots: 39 | void on_pushButton_clicked(); 40 | 41 | void on_pushButton_2_clicked(); 42 | 43 | private: 44 | Ui::HashDialog *ui; 45 | bool haltCalc; 46 | }; 47 | 48 | #endif // HASHDIALOG_H 49 | -------------------------------------------------------------------------------- /hexwalk/hexwalk.pro: -------------------------------------------------------------------------------- 1 | QT += charts 2 | CONFIG += static 3 | RC_ICONS = images/hexwalk.ico 4 | #Only for Windows: 5 | win32:QMAKE_LFLAGS += -no-pie -lstdc++ -Bstatic -static-libgcc -static-libstdc++ -static 6 | #Only for Mac: 7 | macx:ICON = images/hexwalk.icns 8 | ############### 9 | VERSION = "1.9.1" 10 | QMAKE_TARGET_COPYRIGHT = "gcarmix" 11 | QMAKE_TARGET_PRODUCT = "HexWalk" 12 | HEADERS = \ 13 | ../qhexedit/bytepattern.h \ 14 | ../qhexedit/colortag.h \ 15 | ../qhexedit/tagparser.hpp \ 16 | advancedsearchdialog.h \ 17 | binanalysisdialog.h \ 18 | bytemap.h \ 19 | bytemapdialog.h \ 20 | converterwidget.h \ 21 | diffdialog.h \ 22 | disasmwidget.h \ 23 | edittagdialog.h \ 24 | entropychart.h \ 25 | entropydialog.h \ 26 | hashdialog.h \ 27 | hexwalkmain.h \ 28 | optionsdialog.h \ 29 | ../qhexedit/qhexedit.h \ 30 | ../qhexedit/chunks.h \ 31 | ../qhexedit/commands.h \ 32 | resultType.h \ 33 | searchdialog.h \ 34 | stringsdialog.h \ 35 | tagsdialog.h \ 36 | worditemdelegate.h 37 | 38 | 39 | SOURCES = \ 40 | ../qhexedit/bytepattern.cpp \ 41 | ../qhexedit/colortag.cpp \ 42 | ../qhexedit/tagparser.cpp \ 43 | advancedsearchdialog.cpp \ 44 | binanalysisdialog.cpp \ 45 | bytemap.cpp \ 46 | bytemapdialog.cpp \ 47 | converterwidget.cpp \ 48 | diffdialog.cpp \ 49 | disasmwidget.cpp \ 50 | edittagdialog.cpp \ 51 | entropychart.cpp \ 52 | entropydialog.cpp \ 53 | hashdialog.cpp \ 54 | hexwalkmain.cpp \ 55 | main.cpp \ 56 | optionsdialog.cpp \ 57 | ../qhexedit/qhexedit.cpp \ 58 | ../qhexedit/chunks.cpp \ 59 | ../qhexedit/commands.cpp \ 60 | searchdialog.cpp \ 61 | stringsdialog.cpp \ 62 | tagsdialog.cpp \ 63 | worditemdelegate.cpp 64 | 65 | RESOURCES = \ 66 | hexwalk.qrc 67 | 68 | FORMS += \ 69 | advancedsearchdialog.ui \ 70 | binanalysisdialog.ui \ 71 | bytemapdialog.ui \ 72 | converterwidget.ui \ 73 | diffdialog.ui \ 74 | disasmwidget.ui \ 75 | edittagdialog.ui \ 76 | entropydialog.ui \ 77 | hashdialog.ui \ 78 | hexwalkmain.ui \ 79 | optionsdialog.ui \ 80 | searchdialog.ui \ 81 | stringsdialog.ui \ 82 | tagsdialog.ui 83 | 84 | DEFINES += QHEXEDIT_EXPORTS \ 85 | APP_VERSION=\\\"$$VERSION\\\" 86 | 87 | DESTDIR = ../bin 88 | MOC_DIR = ../build/moc 89 | RCC_DIR = ../build/rcc 90 | UI_DIR = ../build/ui 91 | unix:OBJECTS_DIR = ../build/o/unix 92 | win32:OBJECTS_DIR = ../build/o/win32 93 | macx:OBJECTS_DIR = ../build/o/mac 94 | 95 | win32:LIBS += -L$$PWD/../capstone/build/ -lcapstone 96 | unix:LIBS += -L$$PWD/../capstone/ -lcapstone 97 | macx:LIBS += -L$$PWD/../capstone/ -lcapstone 98 | 99 | INCLUDEPATH += $$PWD/../capstone/include 100 | DEPENDPATH += $$PWD/../capstone/include 101 | 102 | win32: PRE_TARGETDEPS += $$PWD/../capstone/build/libcapstone.a 103 | unix: PRE_TARGETDEPS += $$PWD/../capstone/libcapstone.a 104 | macx: PRE_TARGETDEPS += $$PWD/../capstone/libcapstone.a 105 | -------------------------------------------------------------------------------- /hexwalk/hexwalk.qrc: -------------------------------------------------------------------------------- 1 | 2 | 3 | images/save.png 4 | images/undo.png 5 | images/redo.png 6 | images/find.png 7 | images/hexwalk.ico 8 | images/binary.png 9 | images/entropy.png 10 | images/open.png 11 | images/diff.png 12 | images/tags.png 13 | images/strings.png 14 | images/bytemap.png 15 | images/disasm.png 16 | fonts/Courier.ttf 17 | fonts/Roboto.ttf 18 | 19 | 20 | -------------------------------------------------------------------------------- /hexwalk/images/binary.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/binary.png -------------------------------------------------------------------------------- /hexwalk/images/bytemap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/bytemap.png -------------------------------------------------------------------------------- /hexwalk/images/diff.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/diff.png -------------------------------------------------------------------------------- /hexwalk/images/disasm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/disasm.png -------------------------------------------------------------------------------- /hexwalk/images/entropy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/entropy.png -------------------------------------------------------------------------------- /hexwalk/images/find.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/find.png -------------------------------------------------------------------------------- /hexwalk/images/hexwalk.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/hexwalk.ico -------------------------------------------------------------------------------- /hexwalk/images/hexwalk16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/hexwalk16.png -------------------------------------------------------------------------------- /hexwalk/images/hexwalk256.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/hexwalk256.png -------------------------------------------------------------------------------- /hexwalk/images/hexwalk32.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/hexwalk32.png -------------------------------------------------------------------------------- /hexwalk/images/hexwalk64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/hexwalk64.png -------------------------------------------------------------------------------- /hexwalk/images/open.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/open.png -------------------------------------------------------------------------------- /hexwalk/images/redo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/redo.png -------------------------------------------------------------------------------- /hexwalk/images/save.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/save.png -------------------------------------------------------------------------------- /hexwalk/images/strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/strings.png -------------------------------------------------------------------------------- /hexwalk/images/tags.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/tags.png -------------------------------------------------------------------------------- /hexwalk/images/undo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/images/undo.png -------------------------------------------------------------------------------- /hexwalk/main.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include 20 | #include 21 | #include 22 | 23 | #include "hexwalkmain.h" 24 | int main(int argc, char *argv[]) 25 | { 26 | Q_INIT_RESOURCE(hexwalk); 27 | QApplication::setAttribute(Qt::AA_EnableHighDpiScaling); 28 | QApplication::setAttribute(Qt::AA_UseHighDpiPixmaps); 29 | QApplication app(argc, argv); 30 | app.setApplicationName("HexWalk"); 31 | app.setOrganizationName("HexWalk"); 32 | app.setWindowIcon(QIcon(":images/hexwalk.ico")); 33 | // set style 34 | app.setStyle(QStyleFactory::create("Fusion")); 35 | // increase font size for better reading 36 | QString fontPath1=":/fonts/Roboto.ttf"; 37 | QString fontPath2=":/fonts/Courier.ttf"; 38 | int fontId = QFontDatabase::addApplicationFont(fontPath1); 39 | QFontDatabase::addApplicationFont(fontPath2); 40 | //if (fontId != -1) 41 | //{ 42 | QFont font("Roboto"); 43 | font.setPointSize(font.pointSize()-2); 44 | app.setFont(font); 45 | //} 46 | /*QFont defaultFont = QApplication::font(); 47 | defaultFont.setPointSize(defaultFont.pointSize()+2); 48 | app.setFont(defaultFont);*/ 49 | // modify palette to dark 50 | QPalette darkPalette; 51 | darkPalette.setColor(QPalette::Window,QColor(53,53,53)); 52 | darkPalette.setColor(QPalette::WindowText,Qt::white); 53 | darkPalette.setColor(QPalette::Disabled,QPalette::WindowText,QColor(127,127,127)); 54 | darkPalette.setColor(QPalette::Base,QColor(42,42,42)); 55 | darkPalette.setColor(QPalette::AlternateBase,QColor(66,66,66)); 56 | darkPalette.setColor(QPalette::ToolTipBase,Qt::white); 57 | darkPalette.setColor(QPalette::ToolTipText,Qt::black); 58 | darkPalette.setColor(QPalette::Text,Qt::white); 59 | darkPalette.setColor(QPalette::Disabled,QPalette::Text,QColor(127,127,127)); 60 | darkPalette.setColor(QPalette::Dark,QColor(35,35,35)); 61 | darkPalette.setColor(QPalette::Shadow,QColor(20,20,20)); 62 | darkPalette.setColor(QPalette::Button,QColor(53,53,53)); 63 | darkPalette.setColor(QPalette::ButtonText,Qt::white); 64 | darkPalette.setColor(QPalette::Disabled,QPalette::ButtonText,QColor(127,127,127)); 65 | darkPalette.setColor(QPalette::BrightText,Qt::red); 66 | darkPalette.setColor(QPalette::Link,QColor(42,130,218)); 67 | darkPalette.setColor(QPalette::Highlight,QColor(42,130,218)); 68 | darkPalette.setColor(QPalette::Disabled,QPalette::Highlight,QColor(80,80,80)); 69 | darkPalette.setColor(QPalette::HighlightedText,Qt::white); 70 | darkPalette.setColor(QPalette::Disabled,QPalette::HighlightedText,QColor(127,127,127)); 71 | 72 | app.setPalette(darkPalette); 73 | 74 | 75 | // Identify locale and load translation if available 76 | QString locale = QLocale::system().name(); 77 | QTranslator translator; 78 | translator.load(QString("hexwalk_") + locale); 79 | app.installTranslator(&translator); 80 | 81 | QCommandLineParser parser; 82 | parser.addPositionalArgument("file", "File to open"); 83 | parser.addHelpOption(); 84 | parser.process(app); 85 | 86 | /*MainWindow *mainWin = new MainWindow; 87 | if(!parser.positionalArguments().isEmpty()) 88 | mainWin->loadFile(parser.positionalArguments().at(0)); 89 | mainWin->show();*/ 90 | HexWalkMain *hexwalkWin = new HexWalkMain; 91 | if(!parser.positionalArguments().isEmpty()) 92 | hexwalkWin->loadFile(parser.positionalArguments().at(0)); 93 | hexwalkWin->show(); 94 | 95 | return app.exec(); 96 | } 97 | -------------------------------------------------------------------------------- /hexwalk/optionsdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef OPTIONSDIALOG_H 20 | #define OPTIONSDIALOG_H 21 | 22 | #include 23 | #include 24 | #include 25 | namespace Ui { 26 | class OptionsDialog; 27 | } 28 | 29 | class OptionsDialog : public QDialog 30 | { 31 | Q_OBJECT 32 | 33 | public: 34 | explicit OptionsDialog(QSettings * appSettings,QWidget *parent = 0); 35 | ~OptionsDialog(); 36 | Ui::OptionsDialog *ui; 37 | void show(); 38 | 39 | public slots: 40 | virtual void accept(); 41 | 42 | private slots: 43 | void on_pbHighlightingColor_clicked(); 44 | void on_pbAddressAreaColor_clicked(); 45 | void on_pbAddressFontColor_clicked(); 46 | void on_pbAsciiAreaColor_clicked(); 47 | void on_pbAsciiFontColor_clicked(); 48 | void on_pbHexFontColor_clicked(); 49 | void on_pbSelectionColor_clicked(); 50 | void on_pbWidgetFont_clicked(); 51 | 52 | void on_buttonBox_clicked(QAbstractButton *button); 53 | 54 | private: 55 | void readSettings(); 56 | void writeSettings(); 57 | void setColor(QWidget *widget, QColor color); 58 | QSettings * appSettings; 59 | }; 60 | 61 | #endif // OPTIONSDIALOG_H 62 | -------------------------------------------------------------------------------- /hexwalk/resultType.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef RESULTTYPE_H 20 | #define RESULTTYPE_H 21 | #include 22 | #include 23 | 24 | typedef struct Result_S{ 25 | qint64 cursor; 26 | QString hexdatastr; 27 | QString datastr; 28 | 29 | }Result_S; 30 | 31 | typedef struct BinwalkResult_S{ 32 | qint64 cursor; 33 | QString datastr; 34 | 35 | }BinwalkResult_S; 36 | 37 | #endif // RESULTTYPE_H 38 | -------------------------------------------------------------------------------- /hexwalk/searchdialog.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include "searchdialog.h" 20 | #include "ui_searchdialog.h" 21 | 22 | #include 23 | 24 | SearchDialog::SearchDialog(QHexEdit *hexEdit, QWidget *parent) : 25 | QDialog(parent), 26 | ui(new Ui::SearchDialog) 27 | { 28 | ui->setupUi(this); 29 | _hexEdit = hexEdit; 30 | } 31 | 32 | SearchDialog::~SearchDialog() 33 | { 34 | delete ui; 35 | } 36 | 37 | qint64 SearchDialog::findNext() 38 | { 39 | qint64 from = _hexEdit->cursorPosition() / 2; 40 | _findBa = getContent(ui->cbFindFormat->currentIndex(), ui->cbFind->currentText()); 41 | qint64 idx = -1; 42 | 43 | if (_findBa.length() > 0) 44 | { 45 | if (ui->cbBackwards->isChecked()) 46 | idx = _hexEdit->lastIndexOf(_findBa, from); 47 | else 48 | idx = _hexEdit->indexOf(_findBa, from,false,false); 49 | } 50 | return idx; 51 | } 52 | 53 | void SearchDialog::on_pbFind_clicked() 54 | { 55 | findNext(); 56 | } 57 | 58 | void SearchDialog::on_pbReplace_clicked() 59 | { 60 | int idx = findNext(); 61 | if (idx >= 0) 62 | { 63 | QByteArray replaceBa = getContent(ui->cbReplaceFormat->currentIndex(), ui->cbReplace->currentText()); 64 | replaceOccurrence(idx, replaceBa); 65 | } 66 | } 67 | 68 | void SearchDialog::on_pbReplaceAll_clicked() 69 | { 70 | int replaceCounter = 0; 71 | int idx = 0; 72 | int goOn = QMessageBox::Yes; 73 | 74 | while ((idx >= 0) && (goOn == QMessageBox::Yes)) 75 | { 76 | idx = findNext(); 77 | if (idx >= 0) 78 | { 79 | QByteArray replaceBa = getContent(ui->cbReplaceFormat->currentIndex(), ui->cbReplace->currentText()); 80 | int result = replaceOccurrence(idx, replaceBa); 81 | 82 | if (result == QMessageBox::Yes) 83 | replaceCounter += 1; 84 | 85 | if (result == QMessageBox::Cancel) 86 | goOn = result; 87 | } 88 | } 89 | 90 | if (replaceCounter > 0) 91 | QMessageBox::information(this, tr("QHexEdit"), QString(tr("%1 occurrences replaced.")).arg(replaceCounter)); 92 | } 93 | 94 | 95 | QByteArray SearchDialog::getContent(int comboIndex, const QString &input) 96 | { 97 | QByteArray findBa; 98 | switch (comboIndex) 99 | { 100 | case 0: // hex 101 | findBa = QByteArray::fromHex(input.toLatin1()); 102 | break; 103 | case 1: // text 104 | findBa = input.toUtf8(); 105 | break; 106 | } 107 | return findBa; 108 | } 109 | 110 | qint64 SearchDialog::replaceOccurrence(qint64 idx, const QByteArray &replaceBa) 111 | { 112 | int result = QMessageBox::Yes; 113 | if (replaceBa.length() >= 0) 114 | { 115 | if (ui->cbPrompt->isChecked()) 116 | { 117 | result = QMessageBox::question(this, tr("QHexEdit"), 118 | tr("Replace occurrence?"), 119 | QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel); 120 | 121 | if (result == QMessageBox::Yes) 122 | { 123 | _hexEdit->replace(idx, replaceBa.length(), replaceBa); 124 | _hexEdit->update(); 125 | } 126 | } 127 | else 128 | { 129 | _hexEdit->replace(idx, _findBa.length(), replaceBa); 130 | } 131 | } 132 | return result; 133 | } 134 | -------------------------------------------------------------------------------- /hexwalk/searchdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef SEARCHDIALOG_H 20 | #define SEARCHDIALOG_H 21 | 22 | #include 23 | #include 24 | #include "../qhexedit/qhexedit.h" 25 | 26 | namespace Ui { 27 | class SearchDialog; 28 | } 29 | 30 | class SearchDialog : public QDialog 31 | { 32 | Q_OBJECT 33 | public: 34 | explicit SearchDialog(QHexEdit *hexEdit, QWidget *parent = 0); 35 | ~SearchDialog(); 36 | qint64 findNext(); 37 | Ui::SearchDialog *ui; 38 | 39 | private slots: 40 | void on_pbFind_clicked(); 41 | void on_pbReplace_clicked(); 42 | void on_pbReplaceAll_clicked(); 43 | 44 | private: 45 | QByteArray getContent(int comboIndex, const QString &input); 46 | qint64 replaceOccurrence(qint64 idx, const QByteArray &replaceBa); 47 | 48 | QHexEdit *_hexEdit; 49 | QByteArray _findBa; 50 | }; 51 | 52 | #endif // SEARCHDIALOG_H 53 | -------------------------------------------------------------------------------- /hexwalk/stringsdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef STRINGSDIALOG_H 20 | #define STRINGSDIALOG_H 21 | 22 | #include 23 | #include 24 | #include "../qhexedit/qhexedit.h" 25 | namespace Ui { 26 | class StringsDialog; 27 | } 28 | 29 | class StringsDialog : public QDialog 30 | { 31 | Q_OBJECT 32 | 33 | public: 34 | explicit StringsDialog(QHexEdit *hexEdit,QWidget *parent = nullptr); 35 | ~StringsDialog(); 36 | 37 | private slots: 38 | void on_pbSearch_clicked(); 39 | 40 | void on_tableWidget_clicked(const QModelIndex &index); 41 | 42 | void on_btnNext_clicked(); 43 | 44 | private: 45 | Ui::StringsDialog *ui; 46 | QHexEdit * _hexEdit; 47 | void searchStrings(); 48 | QProgressDialog *progrDialog; 49 | bool findStringInColumn(const QString& target); 50 | 51 | }; 52 | 53 | #endif // STRINGSDIALOG_H 54 | -------------------------------------------------------------------------------- /hexwalk/tagsdialog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef TAGSDIALOG_H 20 | #define TAGSDIALOG_H 21 | 22 | #include 23 | #include "edittagdialog.h" 24 | #include "../qhexedit/qhexedit.h" 25 | #include "../qhexedit/tagparser.hpp" 26 | #include 27 | #include 28 | #include 29 | #include "../qhexedit/bytepattern.h" 30 | namespace Ui { 31 | class TagsDialog; 32 | } 33 | 34 | class TagsDialog : public QDialog 35 | { 36 | Q_OBJECT 37 | 38 | public: 39 | explicit TagsDialog(QHexEdit * hexedit,QWidget *parent = nullptr); 40 | void changeColor(); 41 | ~TagsDialog(); 42 | void updateTable(); 43 | bool isOperator(char c); 44 | int performOperation(char operation, int operand1, int operand2); 45 | int evaluateExpression(const string& expression); 46 | void analyzePattern(); 47 | BytePattern *bytePattern; 48 | QString curFileTag; 49 | 50 | private slots: 51 | void on_addBtn_clicked(); 52 | void triggerUpdate(); 53 | void triggerFileUpdate(); 54 | 55 | void on_loadBtn_clicked(); 56 | 57 | void on_tableWidget_clicked(const QModelIndex &index); 58 | 59 | void on_saveBtn_clicked(); 60 | 61 | void on_delBtn_clicked(); 62 | 63 | void on_tableWidget_doubleClicked(const QModelIndex &index); 64 | 65 | void on_resetBtn_clicked(); 66 | 67 | void on_closeBtn_clicked(); 68 | 69 | private: 70 | Ui::TagsDialog *ui; 71 | EditTagDialog * edittagDialog; 72 | QHexEdit * hexEdit; 73 | 74 | QString binToStr(QByteArray bin); 75 | void substVariables(string line,int idx); 76 | }; 77 | 78 | #endif // TAGSDIALOG_H 79 | -------------------------------------------------------------------------------- /hexwalk/tagsdialog.ui: -------------------------------------------------------------------------------- 1 | 2 | 3 | TagsDialog 4 | 5 | 6 | 7 | 0 8 | 0 9 | 863 10 | 345 11 | 12 | 13 | 14 | HexWalk - Byte Pattern 15 | 16 | 17 | 18 | 19 | 20 | Load 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | Add 31 | 32 | 33 | 34 | 35 | 36 | 37 | Del 38 | 39 | 40 | 41 | 42 | 43 | 44 | Save 45 | 46 | 47 | 48 | 49 | 50 | 51 | Qt::Horizontal 52 | 53 | 54 | 55 | 40 56 | 20 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | Reset 65 | 66 | 67 | 68 | 69 | 70 | 71 | Close 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /hexwalk/translations/hexwalk_cs.qm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/translations/hexwalk_cs.qm -------------------------------------------------------------------------------- /hexwalk/translations/hexwalk_de.qm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/translations/hexwalk_de.qm -------------------------------------------------------------------------------- /hexwalk/translations/hexwalk_ru.qm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/hexwalk/translations/hexwalk_ru.qm -------------------------------------------------------------------------------- /hexwalk/worditemdelegate.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #include 20 | #include 21 | #include "worditemdelegate.h" 22 | #include 23 | 24 | WordItemDelegate::WordItemDelegate(QObject *parent) : 25 | QStyledItemDelegate(parent) 26 | {} 27 | 28 | QString WordItemDelegate::anchorAt(QString html, const QPoint &point) const { 29 | QTextDocument doc; 30 | doc.setHtml(html); 31 | 32 | auto textLayout = doc.documentLayout(); 33 | Q_ASSERT(textLayout != 0); 34 | return textLayout->anchorAt(point); 35 | } 36 | 37 | void WordItemDelegate::paint(QPainter *painter, const QStyleOptionViewItem &option, const QModelIndex &index) const { 38 | auto options = option; 39 | initStyleOption(&options, index); 40 | 41 | painter->save(); 42 | 43 | QTextDocument doc; 44 | doc.setHtml(options.text); 45 | 46 | options.text = ""; 47 | options.widget->style()->drawControl(QStyle::CE_ItemViewItem, &option, painter); 48 | 49 | painter->translate(options.rect.left(), options.rect.top()); 50 | QRect clip(0, 0, options.rect.width(), options.rect.height()); 51 | doc.drawContents(painter, clip); 52 | 53 | painter->restore(); 54 | } 55 | 56 | QSize WordItemDelegate::sizeHint(const QStyleOptionViewItem &option, const QModelIndex &index) const { 57 | QStyleOptionViewItemV4 options = option; 58 | initStyleOption(&options, index); 59 | 60 | QTextDocument doc; 61 | doc.setHtml(options.text); 62 | doc.setTextWidth(options.rect.width()); 63 | return QSize(doc.idealWidth(), doc.size().height()); 64 | } 65 | -------------------------------------------------------------------------------- /hexwalk/worditemdelegate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2025 Carmix 3 | * 4 | * This file is part of HexWalk. 5 | * 6 | * HexWalk is free software: you can redistribute it and/or modify 7 | * it under the terms of the GNU General Public License as published by 8 | * the Free Software Foundation, either version 3 of the License, or 9 | * (at your option) any later version. 10 | * 11 | * HexWalk is distributed in the hope that it will be useful, 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | * GNU General Public License for more details. 15 | * 16 | * You should have received a copy of the GNU General Public License 17 | * along with this program. If not, see . 18 | */ 19 | #ifndef WORDITEMDELEGATE_H 20 | #define WORDITEMDELEGATE_H 21 | 22 | #include 23 | 24 | class WordItemDelegate : public QStyledItemDelegate 25 | { 26 | Q_OBJECT 27 | public: 28 | explicit WordItemDelegate(QObject *parent = 0); 29 | 30 | QString anchorAt(QString html, const QPoint &point) const; 31 | 32 | protected: 33 | void paint(QPainter *painter, const QStyleOptionViewItem &option, const QModelIndex &index) const; 34 | QSize sizeHint(const QStyleOptionViewItem &option, const QModelIndex &index) const; 35 | }; 36 | 37 | #endif // WORDITEMDELEGATE_H 38 | -------------------------------------------------------------------------------- /linux_build.sh: -------------------------------------------------------------------------------- 1 | if [ ! -d build ];then 2 | mkdir build 3 | else 4 | rm -rf build/* 5 | fi 6 | 7 | cd build 8 | qmake ../hexwalk/hexwalk.pro 9 | make 10 | cd .. 11 | -------------------------------------------------------------------------------- /patterns/elf.yml: -------------------------------------------------------------------------------- 1 | - name: MAGIC 2 | offset: 0 3 | size: 4 4 | color: #076525 5 | type: string 6 | - name: CLASS 7 | offset: 4 8 | size: 1 9 | color: #a566ac 10 | type: beint 11 | - name: ENDIANNESS 12 | offset: 5 13 | size: 1 14 | color: #7cbaa7 15 | type: beint 16 | - name: VERSION 17 | offset: 6 18 | size: 1 19 | color: #21c76d 20 | type: beint 21 | - name: OSABI 22 | offset: 7 23 | size: 1 24 | color: #fefa2e 25 | type: hex 26 | - name: ABIVERSION 27 | offset: 8 28 | size: 1 29 | color: #535d81 30 | type: hex 31 | - name: RESERVED 32 | offset: 9 33 | size: 7 34 | color: #4c10e6 35 | type: hex 36 | - name: E_TYPE 37 | offset: 0x10 38 | size: 2 39 | color: #ae6ede 40 | type: hex 41 | - name: E_MACHINE 42 | offset: 0x12 43 | size: 2 44 | color: #2bd2eb 45 | type: hex 46 | - name: E_VERSION 47 | offset: 0x14 48 | size: 4 49 | color: #7978dd 50 | type: hex 51 | - name: E_ENTRY 52 | offset: 0x18 53 | size: 4*CLASS 54 | color: #f52d30 55 | type: hex 56 | - name: E_PHOFF 57 | offset: 0x18+(4*CLASS) 58 | size: 4*CLASS 59 | color: #5342b7 60 | type: leint 61 | - name: E_SHOFF 62 | offset: 0x18+(8*CLASS) 63 | size: 4*CLASS 64 | color: #b5b11b 65 | type: hex 66 | - name: E_FLAGS 67 | offset: 0x18+(12*CLASS) 68 | size: 4 69 | color: #243add 70 | type: hex 71 | - name: E_EHSIZE 72 | offset: 0x1C+(12*CLASS) 73 | size: 2 74 | color: #191ea5 75 | type: leint 76 | - name: E_PHENTSIZE 77 | offset: 0x1E+(12*CLASS) 78 | size: 2 79 | color: #efcca3 80 | type: leint 81 | - name: E_PHNUM 82 | offset: 0x20+(12*CLASS) 83 | size: 2 84 | color: #beba4d 85 | type: leint 86 | - name: E_SHENTSIZE 87 | offset: 0x22+(12*CLASS) 88 | size: 2 89 | color: #f33b3b 90 | type: leint 91 | - name: E_SHNUM 92 | offset: 0x24+(12*CLASS) 93 | size: 2 94 | color: #5a629d 95 | type: leint 96 | - name: E_SHSTRNDX 97 | offset: 0x26+(12*CLASS) 98 | size: 2 99 | color: #151c29 100 | type: leint 101 | - name: P_TYPE 102 | offset: E_PHOFF 103 | size: 4 104 | color: #e159c8 105 | type: hex 106 | -------------------------------------------------------------------------------- /patterns/exe.yml: -------------------------------------------------------------------------------- 1 | #Byte pattern for EXE file format 2 | - name: Signature 3 | offset: 0 4 | size: 2 5 | color: #880000 6 | type: string 7 | - name: Extra_Bytes 8 | offset: 2 9 | size: 2 10 | color: #008800 11 | type: leint 12 | - name: Pages 13 | offset: 4 14 | size: 2 15 | color: #000088 16 | type: leint 17 | - name: RelocationItems 18 | offset: 6 19 | size: 2 20 | color: #008888 21 | type: leint 22 | - name: Header 23 | offset: 8 24 | size: 2 25 | color: #880088 26 | type: leint 27 | - name: MinAllocation 28 | offset: 10 29 | size: 2 30 | color: #FF0088 31 | type: leint 32 | - name: MaxAllocation 33 | offset: 12 34 | size: 2 35 | color: #FFAA80 36 | type: leint 37 | - name: InitialSS 38 | offset: 14 39 | size: 2 40 | color: #CCAA30 41 | type: leint 42 | - name: InitialSP 43 | offset: 16 44 | size: 2 45 | color: #00AA30 46 | type: leint 47 | - name: Checksum 48 | offset: 18 49 | size: 2 50 | color: #123456 51 | type: leint 52 | - name: InitialIP 53 | offset: 20 54 | size: 2 55 | color: #654321 56 | type: leint 57 | - name: InitialCS 58 | offset: 22 59 | size: 2 60 | color: #650555 61 | type: leint 62 | - name: RelocationTable 63 | offset: 24 64 | size: 2 65 | color: #954921 66 | type: leint 67 | - name: Overlay 68 | offset: 26 69 | size: 2 70 | color: #63432A 71 | type: leint 72 | - name: OverlayInformation 73 | offset: 28 74 | size: 2 75 | color: #60032A 76 | type: leint 77 | 78 | -------------------------------------------------------------------------------- /patterns/jpg.yml: -------------------------------------------------------------------------------- 1 | - name: SOI 2 | offset: 0 3 | size: 2 4 | color: #9b43d8 5 | type: hex 6 | - name: APP0 7 | offset: 2 8 | size: 2 9 | color: #74be81 10 | type: hex 11 | - name: Length 12 | offset: 4 13 | size: 2 14 | color: #bed491 15 | type: beint 16 | - name: Identifier 17 | offset: 6 18 | size: 5 19 | color: #33631b 20 | type: string 21 | - name: Version 22 | offset: 11 23 | size: 2 24 | color: #9aa369 25 | type: hex 26 | - name: Density_units 27 | offset: 13 28 | size: 1 29 | color: #a9c3ae 30 | type: hex 31 | - name: Xdensity 32 | offset: 14 33 | size: 2 34 | color: #fb5983 35 | type: beint 36 | - name: Ydensity 37 | offset: 16 38 | size: 2 39 | color: #12b98f 40 | type: beint 41 | - name: Xthumbnail 42 | offset: 18 43 | size: 1 44 | color: #5db8b2 45 | type: beint 46 | - name: Ythumbnail 47 | offset: 19 48 | size: 1 49 | color: #91a189 50 | type: beint 51 | -------------------------------------------------------------------------------- /patterns/pdf1.yml: -------------------------------------------------------------------------------- 1 | - name: HEADER 2 | offset: 0 3 | size: 5 4 | color: #8332c7 5 | type: string 6 | - name: VERSION 7 | offset: 0x05 8 | size: 3 9 | color: #b7dda3 10 | type: string 11 | 12 | -------------------------------------------------------------------------------- /patterns/wav.yml: -------------------------------------------------------------------------------- 1 | - name: MAGIC 2 | offset: 0 3 | size: 4 4 | color: #880000 5 | type: string 6 | - name: FILE_SIZE 7 | offset: 4 8 | size: 4 9 | color: #008800 10 | type: leint 11 | - name: HEADER 12 | offset: 8 13 | size: 4 14 | color: #000088 15 | type: string 16 | - name: FMT_HDR 17 | offset: 12 18 | size: 4 19 | color: #008888 20 | type: string 21 | - name: FMT_LEN 22 | offset: 16 23 | size: 4 24 | color: #008888 25 | type: leint 26 | - name: FMT_TYPE 27 | offset: 20 28 | size: 2 29 | color: #994400 30 | type: leint 31 | - name: CHANNELS_NUM 32 | offset: 22 33 | size: 2 34 | color: #994400 35 | type: leint 36 | - name: SAMPLE_RATE 37 | offset: 24 38 | size: 4 39 | color: #880088 40 | type: leint 41 | - name: BIT_TOTAL 42 | offset: 28 43 | size: 4 44 | color: #804088 45 | type: leint 46 | - name: TYPE_CHAN 47 | offset: 32 48 | size: 2 49 | color: #804088 50 | type: leint 51 | - name: BITS_PER_SAMPLE 52 | offset: 34 53 | size: 2 54 | color: #804088 55 | type: leint 56 | - name: DATA_HEADER 57 | offset: 36 58 | size: 4 59 | color: #334455 60 | type: string 61 | - name: DATA_SIZE 62 | offset: 40 63 | size: (2+2) 64 | color: #334455 65 | type: leint 66 | 67 | 68 | 69 | -------------------------------------------------------------------------------- /qhexedit/QHexEditPlugin.cpp: -------------------------------------------------------------------------------- 1 | #include "QHexEditPlugin.h" 2 | #include "qhexedit.h" 3 | 4 | #include 5 | 6 | QHexEditPlugin::QHexEditPlugin(QObject * parent) : QObject(parent) 7 | { 8 | initialized = false; 9 | } 10 | 11 | 12 | bool QHexEditPlugin::isContainer() const 13 | { 14 | return false; 15 | } 16 | 17 | bool QHexEditPlugin::isInitialized() const 18 | { 19 | return initialized; 20 | } 21 | 22 | QIcon QHexEditPlugin::icon() const 23 | { 24 | return QIcon(); 25 | } 26 | 27 | QString QHexEditPlugin::domXml() const 28 | { 29 | return "\n" 30 | " \n" 31 | " \n" 32 | " \n" 33 | " 0\n" 34 | " 0\n" 35 | " 100\n" 36 | " 100\n" 37 | " \n" 38 | " \n" 39 | " \n" 40 | " QHexEditWidget\n" 41 | " \n" 42 | " \n" 43 | " QHexEdit widget allow to edit the data in hex view.\n" 44 | " \n" 45 | " \n" 46 | "\n"; 47 | } 48 | 49 | QString QHexEditPlugin::group() const 50 | { 51 | return "Input Widgets"; 52 | } 53 | 54 | QString QHexEditPlugin::includeFile() const 55 | { 56 | return "qhexedit.h"; 57 | } 58 | 59 | QString QHexEditPlugin::name() const 60 | { 61 | return "QHexEdit"; 62 | } 63 | 64 | QString QHexEditPlugin::toolTip() const 65 | { 66 | return ""; 67 | } 68 | 69 | QString QHexEditPlugin::whatsThis() const 70 | { 71 | return ""; 72 | } 73 | 74 | QWidget * QHexEditPlugin::createWidget(QWidget *parent) 75 | { 76 | return new QHexEdit(parent); 77 | } 78 | 79 | void QHexEditPlugin::initialize(QDesignerFormEditorInterface * /*core*/) 80 | { 81 | if (initialized) 82 | return; 83 | 84 | initialized = true; 85 | } 86 | 87 | #if QT_VERSION < QT_VERSION_CHECK(5,0,0) 88 | Q_EXPORT_PLUGIN2(QHexEditPlugin, QHexEditPlugin) 89 | #endif 90 | -------------------------------------------------------------------------------- /qhexedit/QHexEditPlugin.h: -------------------------------------------------------------------------------- 1 | #ifndef QHEXEDITPLUGIN_H 2 | #define QHEXEDITPLUGIN_H 3 | 4 | #include 5 | 6 | #if QT_VERSION < QT_VERSION_CHECK(5,0,0) 7 | #include 8 | #else 9 | #include 10 | #endif 11 | 12 | class QHexEditPlugin : public QObject, public QDesignerCustomWidgetInterface 13 | { 14 | Q_OBJECT 15 | Q_INTERFACES(QDesignerCustomWidgetInterface) 16 | #if QT_VERSION >= QT_VERSION_CHECK(5,0,0) 17 | Q_PLUGIN_METADATA(IID "com.qt-project.Qt.QHexEditPlugin") 18 | #endif 19 | 20 | public: 21 | QHexEditPlugin(QObject * parent = 0); 22 | 23 | bool isContainer() const; 24 | bool isInitialized() const; 25 | QIcon icon() const; 26 | QString domXml() const; 27 | QString group() const; 28 | QString includeFile() const; 29 | QString name() const; 30 | QString toolTip() const; 31 | QString whatsThis() const; 32 | QWidget *createWidget(QWidget *parent); 33 | void initialize(QDesignerFormEditorInterface *core); 34 | 35 | private: 36 | bool initialized; 37 | 38 | }; 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /qhexedit/bytepattern.h: -------------------------------------------------------------------------------- 1 | #ifndef BYTEPATTERN_H 2 | #define BYTEPATTERN_H 3 | #include "qhexedit.h" 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "colortag.h" 9 | #include "tagparser.hpp" 10 | #include 11 | 12 | class BPException: public std::exception{ 13 | private: 14 | std::string message; 15 | public: 16 | BPException(std::string msg):message(msg) {} 17 | std::string what(){ 18 | return message; 19 | } 20 | 21 | }; 22 | 23 | enum BPerrors 24 | { 25 | E_NONE = 0, 26 | E_WRONGNAME = -1, 27 | E_WRONGTYPE = -2, 28 | E_WRONGREF = -3, 29 | E_WRONGCOLOR = -4, 30 | E_EMPTYOFFSET = -5, 31 | E_EMPTYSIZE = -6, 32 | E_DUPNAME = -7, 33 | 34 | }; 35 | 36 | class BytePattern{ 37 | public: 38 | BytePattern(QHexEdit * qhexptr); 39 | bool isOperator(char c); 40 | int performOperation(char operation, int operand1, int operand2); 41 | int evaluateExpression(const string& expression); 42 | int updateTags(); 43 | int addElement(YMLObj obj); 44 | bool isDigit(string str); 45 | QList colorTag; 46 | int resolveReferences(); 47 | void reset(); 48 | int delElement(int idx); 49 | int updateElement(int idx,YMLObj obj); 50 | YMLParser ymlParser; 51 | bool isValidName(std::string name); 52 | bool isValidColor(std::string name); 53 | bool isDuplicatedName(std::string name,int excluded_idx); 54 | private: 55 | vector tokenizeString(const string& input, const string& delimiters); 56 | std::string hexToDecimal(const std::string& hexString); 57 | bool isHexString(std::string x); 58 | QHexEdit *hexEdit; 59 | }; 60 | 61 | 62 | #endif // BYTEPATTERN_H 63 | -------------------------------------------------------------------------------- /qhexedit/chunks.h: -------------------------------------------------------------------------------- 1 | #ifndef CHUNKS_H 2 | #define CHUNKS_H 3 | 4 | /** \cond docNever */ 5 | 6 | /*! The Chunks class is the storage backend for QHexEdit. 7 | * 8 | * When QHexEdit loads data, Chunks access them using a QIODevice interface. When the app uses 9 | * a QByteArray interface, QBuffer is used to provide again a QIODevice like interface. No data 10 | * will be changed, therefore Chunks opens the QIODevice in QIODevice::ReadOnly mode. After every 11 | * access Chunks closes the QIODevice, that's why external applications can overwrite files while 12 | * QHexEdit shows them. 13 | * 14 | * When the the user starts to edit the data, Chunks creates a local copy of a chunk of data (4 15 | * kilobytes) and notes all changes there. Parallel to that chunk, there is a second chunk, 16 | * which keep track of which bytes are changed and which not. 17 | * 18 | */ 19 | 20 | #include 21 | #include 22 | struct Chunk 23 | { 24 | QByteArray data; 25 | QByteArray dataChanged; 26 | qint64 absPos; 27 | }; 28 | 29 | class Chunks: public QObject 30 | { 31 | Q_OBJECT 32 | public: 33 | // Constructors and file settings 34 | Chunks(QObject *parent); 35 | Chunks(QIODevice &ioDevice, QObject *parent); 36 | bool setIODevice(QIODevice &ioDevice); 37 | 38 | // Getting data out of Chunks 39 | QByteArray data(qint64 pos=0, qint64 count=-1, QByteArray *highlighted=0); 40 | bool write(QIODevice &iODevice, qint64 pos=0, qint64 count=-1); 41 | 42 | // Set and get highlighting infos 43 | void setDataChanged(qint64 pos, bool dataChanged); 44 | bool dataChanged(qint64 pos); 45 | 46 | // Search API 47 | qint64 indexOf(const QByteArray &ba, qint64 from,bool isRegex,bool isCaseInsensitive); 48 | qint64 lastIndexOf(const QByteArray &ba, qint64 from); 49 | 50 | // Char manipulations 51 | bool insert(qint64 pos, char b); 52 | bool overwrite(qint64 pos, char b); 53 | bool removeAt(qint64 pos); 54 | 55 | // Utility functions 56 | char operator[](qint64 pos); 57 | qint64 pos(); 58 | qint64 size(); 59 | int matchSize = 0; 60 | 61 | 62 | private: 63 | int getChunkIndex(qint64 absPos); 64 | 65 | QIODevice * _ioDevice; 66 | qint64 _pos; 67 | qint64 _size; 68 | QList _chunks; 69 | 70 | #ifdef MODUL_TEST 71 | public: 72 | int chunkSize(); 73 | #endif 74 | }; 75 | 76 | /** \endcond docNever */ 77 | 78 | #endif // CHUNKS_H 79 | -------------------------------------------------------------------------------- /qhexedit/colortag.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/qhexedit/colortag.cpp -------------------------------------------------------------------------------- /qhexedit/colortag.h: -------------------------------------------------------------------------------- 1 | #ifndef COLORTAG_H 2 | #define COLORTAG_H 3 | 4 | #include 5 | #include "tagparser.hpp" 6 | #include 7 | 8 | 9 | typedef enum TagType_e 10 | { 11 | UNDEFINED_t, 12 | STRING_t, 13 | BE_t, 14 | LE_t, 15 | HEX_t 16 | }TagType_e; 17 | 18 | const string tagStrings[]={"undefined","string","beint","leint","hex"}; 19 | 20 | class ColorTag{ 21 | public: 22 | 23 | string name; 24 | int64_t pos; 25 | int64_t size; 26 | string color; 27 | TagType_e type; 28 | QByteArray data; 29 | YMLObj obj; 30 | }; 31 | 32 | 33 | 34 | 35 | 36 | 37 | #endif // COLORTAG_H 38 | -------------------------------------------------------------------------------- /qhexedit/commands.cpp: -------------------------------------------------------------------------------- 1 | #include "commands.h" 2 | #include 3 | 4 | 5 | // Helper class to store single byte commands 6 | class CharCommand : public QUndoCommand 7 | { 8 | public: 9 | enum CCmd {insert, removeAt, overwrite}; 10 | 11 | CharCommand(Chunks * chunks, CCmd cmd, qint64 charPos, char newChar, 12 | QUndoCommand *parent=0); 13 | 14 | void undo(); 15 | void redo(); 16 | bool mergeWith(const QUndoCommand *command); 17 | int id() const { return 1234; } 18 | 19 | private: 20 | Chunks * _chunks; 21 | qint64 _charPos; 22 | bool _wasChanged; 23 | char _newChar; 24 | char _oldChar; 25 | CCmd _cmd; 26 | }; 27 | 28 | CharCommand::CharCommand(Chunks * chunks, CCmd cmd, qint64 charPos, char newChar, QUndoCommand *parent) 29 | : QUndoCommand(parent) 30 | , _chunks(chunks) 31 | , _charPos(charPos) 32 | , _wasChanged(false) 33 | , _newChar(newChar) 34 | , _oldChar('\0') 35 | , _cmd(cmd) 36 | { 37 | } 38 | 39 | bool CharCommand::mergeWith(const QUndoCommand *command) 40 | { 41 | const CharCommand *nextCommand = static_cast(command); 42 | bool result = false; 43 | 44 | if (_cmd != CharCommand::removeAt) 45 | { 46 | if (nextCommand->_cmd == overwrite) 47 | if (nextCommand->_charPos == _charPos) 48 | { 49 | _newChar = nextCommand->_newChar; 50 | result = true; 51 | } 52 | } 53 | return result; 54 | } 55 | 56 | void CharCommand::undo() 57 | { 58 | switch (_cmd) 59 | { 60 | case insert: 61 | _chunks->removeAt(_charPos); 62 | break; 63 | case overwrite: 64 | _chunks->overwrite(_charPos, _oldChar); 65 | _chunks->setDataChanged(_charPos, _wasChanged); 66 | break; 67 | case removeAt: 68 | _chunks->insert(_charPos, _oldChar); 69 | _chunks->setDataChanged(_charPos, _wasChanged); 70 | break; 71 | } 72 | } 73 | 74 | void CharCommand::redo() 75 | { 76 | switch (_cmd) 77 | { 78 | case insert: 79 | _chunks->insert(_charPos, _newChar); 80 | break; 81 | case overwrite: 82 | _oldChar = (*_chunks)[_charPos]; 83 | _wasChanged = _chunks->dataChanged(_charPos); 84 | _chunks->overwrite(_charPos, _newChar); 85 | break; 86 | case removeAt: 87 | _oldChar = (*_chunks)[_charPos]; 88 | _wasChanged = _chunks->dataChanged(_charPos); 89 | _chunks->removeAt(_charPos); 90 | break; 91 | } 92 | } 93 | 94 | UndoStack::UndoStack(Chunks * chunks, QObject * parent) 95 | : QUndoStack(parent) 96 | { 97 | _chunks = chunks; 98 | _parent = parent; 99 | this->setUndoLimit(1000); 100 | } 101 | 102 | void UndoStack::insert(qint64 pos, char c) 103 | { 104 | if ((pos >= 0) && (pos <= _chunks->size())) 105 | { 106 | QUndoCommand *cc = new CharCommand(_chunks, CharCommand::insert, pos, c); 107 | this->push(cc); 108 | } 109 | } 110 | 111 | void UndoStack::insert(qint64 pos, const QByteArray &ba) 112 | { 113 | if ((pos >= 0) && (pos <= _chunks->size())) 114 | { 115 | QString txt = QString(tr("Inserting %1 bytes")).arg(ba.size()); 116 | beginMacro(txt); 117 | for (int idx=0; idx < ba.size(); idx++) 118 | { 119 | QUndoCommand *cc = new CharCommand(_chunks, CharCommand::insert, pos + idx, ba.at(idx)); 120 | this->push(cc); 121 | } 122 | endMacro(); 123 | } 124 | } 125 | 126 | void UndoStack::removeAt(qint64 pos, qint64 len) 127 | { 128 | if ((pos >= 0) && (pos < _chunks->size())) 129 | { 130 | if (len==1) 131 | { 132 | QUndoCommand *cc = new CharCommand(_chunks, CharCommand::removeAt, pos, char(0)); 133 | this->push(cc); 134 | } 135 | else 136 | { 137 | QString txt = QString(tr("Delete %1 chars")).arg(len); 138 | beginMacro(txt); 139 | for (qint64 cnt=0; cnt= 0) && (pos < _chunks->size())) 152 | { 153 | QUndoCommand *cc = new CharCommand(_chunks, CharCommand::overwrite, pos, c); 154 | this->push(cc); 155 | } 156 | } 157 | 158 | void UndoStack::overwrite(qint64 pos, int len, const QByteArray &ba) 159 | { 160 | if ((pos >= 0) && (pos < _chunks->size())) 161 | { 162 | QString txt = QString(tr("Overwrite %1 chars")).arg(len); 163 | beginMacro(txt); 164 | removeAt(pos, len); 165 | insert(pos, ba); 166 | endMacro(); 167 | } 168 | } 169 | -------------------------------------------------------------------------------- /qhexedit/commands.h: -------------------------------------------------------------------------------- 1 | #ifndef COMMANDS_H 2 | #define COMMANDS_H 3 | 4 | /** \cond docNever */ 5 | 6 | #include 7 | 8 | #include "chunks.h" 9 | 10 | /*! CharCommand is a class to provid undo/redo functionality in QHexEdit. 11 | A QUndoCommand represents a single editing action on a document. CharCommand 12 | is responsable for manipulations on single chars. It can insert. overwrite and 13 | remove characters. A manipulation stores allways two actions 14 | 1. redo (or do) action 15 | 2. undo action. 16 | 17 | CharCommand also supports command compression via mergeWith(). This enables 18 | the user to perform an undo command e.g. 3 steps in a single command. 19 | If you for example insert a new byt "34" this means for the editor doing 3 20 | steps: insert a "00", overwrite it with "03" and the overwrite it with "34". These 21 | 3 steps are combined into a single step, insert a "34". 22 | 23 | The byte array oriented commands are just put into a set of single byte commands, 24 | which are pooled together with the macroBegin() and macroEnd() functionality of 25 | Qt's QUndoStack. 26 | */ 27 | 28 | class UndoStack : public QUndoStack 29 | { 30 | Q_OBJECT 31 | 32 | public: 33 | UndoStack(Chunks *chunks, QObject * parent=0); 34 | void insert(qint64 pos, char c); 35 | void insert(qint64 pos, const QByteArray &ba); 36 | void removeAt(qint64 pos, qint64 len=1); 37 | void overwrite(qint64 pos, char c); 38 | void overwrite(qint64 pos, int len, const QByteArray &ba); 39 | 40 | private: 41 | Chunks * _chunks; 42 | QObject * _parent; 43 | }; 44 | 45 | /** \endcond docNever */ 46 | 47 | #endif // COMMANDS_H 48 | -------------------------------------------------------------------------------- /qhexedit/qhexedit.pro: -------------------------------------------------------------------------------- 1 | 2 | greaterThan(QT_MAJOR_VERSION, 4): QT += widgets 3 | 4 | QT += core gui 5 | TEMPLATE = lib 6 | 7 | VERSION = 4.2.0 8 | 9 | DEFINES += QHEXEDIT_EXPORTS 10 | 11 | HEADERS = \ 12 | qhexedit.h \ 13 | chunks.h \ 14 | commands.h 15 | 16 | 17 | SOURCES = \ 18 | qhexedit.cpp \ 19 | chunks.cpp \ 20 | commands.cpp 21 | 22 | Release:TARGET = qhexedit 23 | Debug:TARGET = qhexeditd 24 | 25 | 26 | unix:DESTDIR = /usr/lib 27 | win32:DESTDIR = ../lib 28 | -------------------------------------------------------------------------------- /qhexedit/qhexedit.sip: -------------------------------------------------------------------------------- 1 | %Module(name=qhexedit) 2 | 3 | %Import QtCore/QtCoremod.sip 4 | %Import QtGui/QtGuimod.sip 5 | 6 | %If (Qt_5_0_0 -) 7 | %Import QtWidgets/QtWidgetsmod.sip 8 | %End 9 | 10 | class QHexEdit : QAbstractScrollArea 11 | { 12 | %TypeHeaderCode 13 | #include "../qhexedit/qhexedit.h" 14 | %End 15 | 16 | public: 17 | explicit QHexEdit(QWidget *parent /TransferThis/ = 0); 18 | virtual ~QHexEdit(); 19 | 20 | bool setData(QIODevice &); 21 | QByteArray dataAt(qint64, qint64=-1); 22 | bool write(QIODevice &iODevice, qint64=0, qint64=-1); 23 | 24 | void insert(qint64, char); 25 | void remove(qint64, qint64); 26 | void replace(qint64, char); 27 | 28 | void insert(qint64, QByteArray &); 29 | void replace(qint64, qint64, QByteArray &); 30 | 31 | bool addressArea(); 32 | bool addressWidth(); 33 | bool asciiArea(); 34 | qint64 cursorPosition(QPoint); 35 | void ensureVisible(); 36 | qint64 indexOf(QByteArray &, qint64); 37 | bool isModified(); 38 | bool highlighting(); 39 | qint64 lastIndexOf(QByteArray &, qint64); 40 | QString selectionToReadableString(); 41 | QString selectedData(); 42 | void setFont(const QFont &); 43 | QString toReadableString(); 44 | 45 | QColor addressAreaColor(); 46 | void setAddressAreaColor(const QColor &); 47 | 48 | QColor addressFontColor(); 49 | void setAddressFontColor(const QColor &); 50 | 51 | QColor asciiAreaColor(); 52 | void setAsciiAreaColor(const QColor &); 53 | 54 | QColor asciiFontColor(); 55 | void setAsciiFontColor(const QColor &); 56 | 57 | QColor hexFontColor(); 58 | void setHexFontColor(const QColor &); 59 | 60 | qint64 addressOffset(); 61 | void setAddressOffset(qint64); 62 | 63 | qint64 cursorPosition(); 64 | void setCursorPosition(qint64); 65 | 66 | QByteArray data(); 67 | void setData(const QByteArray &); 68 | 69 | QColor highlightingColor(); 70 | void setHighlightingColor(const QColor &); 71 | 72 | bool overwriteMode(); 73 | void setOverwriteMode(bool); 74 | 75 | bool isReadOnly(); 76 | void setReadOnly(bool); 77 | 78 | QColor selectionColor(); 79 | void setSelectionColor(const QColor &); 80 | 81 | public slots: 82 | void redo(); 83 | void setAddressArea(bool); 84 | void setAddressWidth(int); 85 | void setAsciiArea(bool); 86 | void setHighlighting(bool); 87 | void undo(); 88 | 89 | signals: 90 | void currentAddressChanged(qint64); 91 | void currentSizeChanged(qint64); 92 | void dataChanged(); 93 | void overwriteModeChanged(bool); 94 | }; 95 | -------------------------------------------------------------------------------- /qhexedit/qhexeditplugin.pro: -------------------------------------------------------------------------------- 1 | #! [0] #! [1] 2 | greaterThan(QT_MAJOR_VERSION, 4) { 3 | QT += widgets uiplugin 4 | } 5 | 6 | lessThan(QT_MAJOR_VERSION, 5) { 7 | CONFIG += designer 8 | } 9 | 10 | CONFIG += plugin 11 | #! [0] 12 | TARGET = $$qtLibraryTarget($$TARGET) 13 | #! [2] 14 | TEMPLATE = lib 15 | #! [1] #! [2] 16 | QTDIR_build:DESTDIR = $$QT_BUILD_TREE/plugins/designer 17 | 18 | #! [3] 19 | HEADERS = \ 20 | qhexedit.h \ 21 | chunks.h \ 22 | commands.h \ 23 | QHexEditPlugin.h 24 | 25 | 26 | SOURCES = \ 27 | qhexedit.cpp \ 28 | chunks.cpp \ 29 | commands.cpp \ 30 | QHexEditPlugin.cpp 31 | 32 | #! [3] 33 | 34 | # install 35 | target.path = $$[QT_INSTALL_PLUGINS]/designer 36 | sources.files = $$SOURCES $$HEADERS *.pro 37 | sources.path = $$[QT_INSTALL_EXAMPLES]/designer/QHexEditPlugin 38 | INSTALLS += target 39 | 40 | symbian: include($$QT_SOURCE_TREE/examples/symbianpkgrules.pri) 41 | -------------------------------------------------------------------------------- /qhexedit/tagparser.hpp: -------------------------------------------------------------------------------- 1 | #ifndef TAGPARSER_HPP 2 | #define TAGPARSER_HPP 3 | #include 4 | #include 5 | #include 6 | using namespace std; 7 | 8 | enum Parser_States 9 | { 10 | START, 11 | INSIDE_OBJ 12 | }; 13 | class YMLObj 14 | { 15 | public: 16 | string name; 17 | string size; 18 | string offset; 19 | string color; 20 | string type; 21 | 22 | }; 23 | class YMLParser 24 | { 25 | public: 26 | YMLParser(); 27 | int loadFile(string filename); 28 | void saveFile(std::string filename); 29 | vector ymlobj; 30 | private: 31 | bool isComment(std::string line); 32 | std::string removeSpaces(std::string input); 33 | 34 | }; 35 | #endif 36 | -------------------------------------------------------------------------------- /screenshots/digits.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/digits.png -------------------------------------------------------------------------------- /screenshots/digits2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/digits2.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui0.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui1.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui10.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui10.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui11.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui11.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui12.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui12.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui13.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui13.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui14.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui14.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui15.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui15.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui16.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui16.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui17.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui17.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui2.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui3.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui4.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui5.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui6.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui7.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui7.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui8.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui8.png -------------------------------------------------------------------------------- /screenshots/hexwalk_gui9.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gcarmix/HexWalk/6f703551af561025f44687ee177fb70638248fbd/screenshots/hexwalk_gui9.png --------------------------------------------------------------------------------