1
0
mirror of synced 2024-11-23 23:31:02 +01:00
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
Go to file
descawed 6d14b3f6bd
Fix process memory provider on Linux (#1933)
### Problem description
The process memory provider currently doesn't function correctly on
Linux due to incorrect handling of the special procfs file
`/proc/<pid>/maps`. I don't know if some of this behavior could vary by
distro and/or kernel version, but I've observed the following issues in
my Ubuntu 24.04 environment.

- The current code in master calls `file.readString()` which attempts to
determine the size of the file by [seeking to the
end](https://github.com/WerWolv/libwolv/blob/master/libs/io/source/io/file_unix.cpp#L148).
However, procfs files don't have a defined size, so this fails with a
return of -1. libwolv [interprets this as the file size and attempts to
allocate an enormous
buffer](https://github.com/WerWolv/libwolv/blob/master/libs/io/source/io/file.cpp#L30),
which results in an exception, so ultimately the process memory provider
is unusable on the current code.
- The previous version of the code that went out in 1.35.4 was calling
`readString` with a fixed maximum size of `0xF'FFFF`. This avoids the
seek issue, but when working with special files, a single `read` call
isn't guaranteed to read the requested number of bytes even if that many
bytes are available. In practice, on my machine, this call only ever
reads the first few dozen lines of the file. So the feature works in
this version, but it's unable to see the vast majority of the process'
address space.
- On a more minor note, on rows in the `maps` file that have a filename,
the filenames are visually aligned by padding spaces between the inode
column and filename column. ImHex includes these spaces as part of the
filename, resulting in most of the path being pushed out of the visible
area of the window.

### Implementation description

- To ensure the entire `maps` file is read, I've changed the code to
read from the file in a loop until we stop getting data. I've also set a
fixed limit on the maximum number of bytes to read in one go to avoid
issues with trying to determine the file size.
- I've added a `trim` call to remove any padding around the filename.

### Screenshots
Exception in `file.readString()` in current code (for some reason this
also causes the window to become transparent):

![mem_regions_exception](https://github.com/user-attachments/assets/ac9f472b-3d60-446d-be9c-b028b041e547)

Abridged memory region list in 1.35.4:

![mem_regions_truncated](https://github.com/user-attachments/assets/44e60b23-49f8-41b9-a56b-54cb5c82ee72)

Complete memory region list after this PR:

![mem_regions_working](https://github.com/user-attachments/assets/bdb42dc6-bcd3-42b1-b605-a233b98e8d2e)

### Additional things
I was focused on fixing this ImHex feature here, but I wonder if some of
this should be addressed in libwolv. Maybe `readBuffer` in file_unix.cpp
should read in a loop until it has the requested number of bytes or
encounters EOF/error?

---------

Co-authored-by: Justus Garbe <55301990+jumanji144@users.noreply.github.com>
2024-11-07 13:41:04 +01:00
.github git: Increase stale issue operations to 200 2024-08-03 20:10:09 +02:00
cmake fix: re-enable C/C++ languages in CMake (#1942) 2024-10-24 08:14:07 +02:00
dist lang: Update Chinese (Simplified) translations (#1894) 2024-09-15 15:17:25 +02:00
lib fix: Multiple race conditions with pattern sorting 2024-10-22 16:20:08 +02:00
main fix: Multiple race conditions with pattern sorting 2024-10-22 16:20:08 +02:00
plugins Fix process memory provider on Linux (#1933) 2024-11-07 13:41:04 +01:00
resources feat: Added limited support for the process memory provider to macOS 2024-06-07 19:17:14 +02:00
tests fix: Remove last remaining getDefaultPaths 2024-06-22 12:57:13 +02:00
.clang-tidy feat: Added Experiments 2023-11-10 14:48:26 +01:00
.dockerignore build: Add .dockerignore (#1430) 2023-11-17 09:53:35 +00:00
.gdbinit feat: Add ignore case and UTF16 search options to sequence searching 2023-12-19 14:34:35 +01:00
.gitattributes feat: Added decompressing support 2023-12-24 13:14:51 +01:00
.gitignore fix: Multiple race conditions with pattern sorting 2024-10-22 16:20:08 +02:00
.gitmodules git: Fix broken .gitmodules 2024-05-01 20:51:44 +02:00
CMakeLists.txt fix: Multiple race conditions with pattern sorting 2024-10-22 16:20:08 +02:00
CMakePresets.json build: Xcode accomodating CMake setup (#1688) 2024-05-20 10:12:57 +00:00
CODE_OF_CONDUCT.md git: Added Code of Conduct 2023-04-18 16:11:41 +02:00
CONTRIBUTING.md git: Added pull request template and renamed contributing guide (#1133) 2023-06-11 13:10:30 +02:00
INSTALL.md git: Make install instructions reflect actual release names 2023-01-16 18:20:22 +01:00
LICENSE Create LICENSE 2020-12-03 15:34:58 +01:00
PLUGINS.md git: Added pcap plugin to plugin list (#1395) 2023-10-30 17:47:47 +00:00
README.md git: Improve GPU information in the readme 2024-07-01 20:09:30 +02:00
SECURITY.md git: Fix broken handle in Security.md (#1437) 2023-11-19 13:17:37 +01:00
VERSION build: Bumped version to 1.36.0.WIP 2024-06-29 18:48:36 +02:00

A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
/ˈɪmhɛks/

'Build' workflow Status Discord Server Total Downloads Code Quality Translation Plugins

Download the latest version of ImHex! Download the latest nightly pre-release version of ImHex Use the Web version of ImHex right in your browser! Read the documentation of ImHex!

Supporting

If you like my work, please consider supporting me on GitHub Sponsors, Patreon or PayPal. Thanks a lot!

GitHub donate button Patreon donate button PayPal donate button

Screenshots

Hex editor, patterns and data information Bookmarks, disassembler and data processor

More Screenshots

Data Processor decrypting some data and displaying it as an image STL Parser written in the Pattern Language visualizing a 3D model Data Information view displaying various stats about the file

Features

Featureful hex view
  • Byte patching
  • Patch management
  • Infinite Undo/Redo
  • "Copy bytes as..."
    • Bytes
    • Hex string
    • C, C++, C#, Rust, Python, Java & JavaScript array
    • ASCII-Art hex view
    • HTML self-contained div
  • Simple string and hex search
  • Goto from start, end and current cursor position
  • Colorful highlighting
    • Configurable foreground highlighting rules
    • Background highlighting using patterns, find results and bookmarks
  • Displaying data as a list of many different types
    • Hexadecimal integers (8, 16, 32, 64 bit)
    • Signed and unsigned decimal integers (8, 16, 32, 64 bit)
    • Floats (16, 32, 64 bit)
    • RGBA8 Colors
    • HexII
    • Binary
  • Decoding data as ASCII and custom encodings
    • Built-in support for UTF-8, UTF-16, ShiftJIS, most Windows encodings and many more
  • Paged data view
Custom C++-like pattern language for parsing highlighting a file's content
  • Automatic loading based on MIME types and magic values
  • Arrays, pointers, structs, unions, enums, bitfields, namespaces, little and big endian support, conditionals and much more!
  • Useful error messages, syntax highlighting and error marking
  • Support for visualizing many different types of data
    • Images
    • Audio
    • 3D Models
    • Coordinates
    • Time stamps
Theming support
  • Doesn't burn out your retinas when used in late-night sessions
    • Dark mode by default, but a light mode is available as well
  • Customizable colors and styles for all UI elements through shareable theme files
  • Support for custom fonts
Importing and Exporting data
  • Base64 files
  • IPS and IPS32 patches
  • Markdown reports
Data Inspector
  • Interpreting data as many different types with endianness, decimal, hexadecimal and octal support and bit inversion
    • Unsigned and signed integers (8, 16, 24, 32, 48, 64 bit)
    • Floats (16, 32, 64 bit)
    • Signed and Unsigned LEB128
    • ASCII, Wide and UTF-8 characters and strings
    • time32_t, time64_t, DOS date and time
    • GUIDs
    • RGBA8 and RGB65 Colors
  • Copying and modifying bytes through the inspector
  • Adding new data types through the pattern language
  • Support for hiding rows that aren't used
Node-based data pre-processor
  • Modify, decrypt and decode data before it's being displayed in the hex editor
  • Modify data without touching the underlying source
  • Support for adding custom nodes
Loading data from many different data sources
  • Local Files
    • Support for huge files with fast and efficient loading
  • Raw Disks
    • Loading data from raw disks and partitions
  • GDB Server
    • Access the RAM of a running process or embedded devices through GDB
  • Intel Hex and Motorola SREC data
  • Process Memory
    • Inspect the entire address space of a running process
Data searching
  • Support for searching the entire file or only a selection
  • String extraction
    • Option to specify minimum length and character set (lower case, upper case, digits, symbols)
    • Option to specify encoding (ASCII, UTF-8, UTF-16 big and little endian)
  • Sequence search
    • Search for a sequence of bytes or characters
    • Option to ignore character case
  • Regex search
    • Search for strings using regular expressions
  • Binary Pattern
    • Search for sequences of bytes with optional wildcards
  • Numeric Value search
    • Search for signed/unsigned integers and floats
    • Search for ranges of values
    • Option to specify size and endianness
    • Option to ignore unaligned values
Data hashing support
  • Many different algorithms available
    • CRC8, CRC16 and CRC32 with custom initial values and polynomials
      • Many default polynomials available
    • MD5
    • SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
    • Adler32
    • AP
    • BKDR
    • Bernstein, Bernstein1
    • DEK, DJB, ELF, FNV1, FNV1a, JS, PJW, RS, SDBM
    • OneAtTime, Rotating, ShiftAndXor, SuperFast
    • Murmur2_32, MurmurHash3_x86_32, MurmurHash3_x86_128, MurmurHash3_x64_128
    • SipHash64, SipHash128
    • XXHash32, XXHash64
    • Tiger, Tiger2
    • Blake2B, Blake2S
  • Hashing of specific regions of the loaded data
  • Hashing of arbitrary strings
Diffing support
  • Compare data of different data sources
  • Difference highlighting
  • Table view of differences
Integrated disassembler
  • Support for all architectures supported by Capstone
    • ARM32 (ARM, Thumb, Cortex-M, AArch32)
    • ARM64
    • MIPS (MIPS32, MIPS64, MIPS32R6, Micro)
    • x86 (16-bit, 32-bit, 64-bit)
    • PowerPC (32-bit, 64-bit)
    • SPARC
    • IBM SystemZ
    • xCORE
    • M68K
    • TMS320C64X
    • M680X
    • Ethereum
    • RISC-V
    • WebAssembly
    • MOS65XX
    • Berkeley Packet Filter
Bookmarks
  • Support for bookmarks with custom names and colors
  • Highlighting of bookmarked region in the hex editor
  • Jump to bookmarks
  • Open content of bookmark in a new tab
  • Add comments to bookmarks
Featureful data analyzer and visualizer
  • File magic-based file parser and MIME type database
  • Byte type distribution graph
  • Entropy graph
  • Highest and average entropy
  • Encrypted / Compressed file detection
  • Digram and Layered distribution graphs
YARA Rule support
  • Scan a file for vulnerabilities with official yara rules
  • Highlight matches in the hex editor
  • Jump to matches
  • Apply multiple rules at once
Helpful tools
  • Itanium, MSVC, Rust and D-Lang demangler based on LLVM
  • ASCII table
  • Regex replacer
  • Mathematical expression evaluator (Calculator)
  • Graphing calculator
  • Hexadecimal Color picker with support for many different formats
  • Base converter
  • Byte swapper
  • UNIX Permissions calculator
  • Wikipedia term definition finder
  • File utilities
    • File splitter
    • File combiner
    • File shredder
  • IEEE754 Float visualizer
  • Division by invariant multiplication calculator
  • TCP Client/Server
  • Euclidean algorithm calculator
Built-in Content updater
  • Download all files found in the database directly from within ImHex
    • Pattern files for decoding various file formats
    • Libraries for the pattern language
    • Magic files for file type detection
    • Custom data processor nodes
    • Custom encodings
    • Custom themes
    • Yara rules
Modern Interface
  • Support for multiple workspaces
  • Support for custom layouts
  • Detachable windows
Easy to get started
  • Support for many different languages
  • Simplified mode for beginners
  • Extensive documentation
  • Many example files available on the Database
  • Achievements guiding you through the features of ImHex
  • Interactive tutorials

Pattern Language

The Pattern Language is the completely custom programming language developed for ImHex. It allows you to define structures and data types in a C-like syntax and then use them to parse and highlight a file's content.

Database

For format patterns, libraries, magic and constant files, check out the ImHex-Patterns repository.

Feel free to PR your own files there as well!

Requirements

To use ImHex, the following minimal system requirements need to be met.

Important

ImHex requires a GPU with OpenGL 3.0 support in general. There are releases available (with the -NoGPU suffix) that are software rendered and don't require a GPU, however these can be a lot slower than the GPU accelerated versions.

If possible at all, make ImHex use the dedicated GPU on your system instead of the integrated one. ImHex will usually run fine with integrated GPUs as well but certain Intel HD GPU drivers on Windows are known to cause graphical artifacts.

  • OS:
    • Windows: Windows 7 or higher (Windows 10/11 recommended)
    • macOS: macOS 12.1 (Monterey) or higher,
      • Lower versions are supported, but you'll need to compile ImHex yourself
    • Linux: "Modern" Linux. The following distributions have official releases available. Other distros are supported through the AppImage and Flatpak releases.
      • Ubuntu and Debian
      • Fedora
      • RHEL/AlmaLinux
      • Arch Linux
      • Basically any other distro will work as well when compiling ImHex from sources.
  • CPU: x86_64 (64 Bit)
  • GPU: OpenGL 3.0 or higher
    • Integrated Intel HD iGPUs are supported, however certain drivers are known to cause various graphical artifacts, especially on Windows. Use at your own risk.
    • In case you don't have a GPU available, there are software rendered releases available for Windows and macOS
  • RAM: 256MB, more may be required for more complicated analysis
  • Storage: 150MB

Installing

Information on how to install ImHex can be found in the Install guide

Compiling

To compile ImHex on any platform, GCC (or Clang) is required with a version that supports C++23 or higher. On macOS, Clang is also required to compile some ObjC code. All releases are being built using latest available GCC.

Note

Many dependencies are bundled into the repository using submodules so make sure to clone it using the --recurse-submodules option. All dependencies that aren't bundled, can be installed using the dependency installer scripts found in the /dist folder.

For more information, check out the Compiling guide.

Contributing

See Contributing

Plugin development

To develop plugins for ImHex, use the following template project to get started. You then have access to the entirety of libimhex as well as the ImHex API and the Content Registry to interact with ImHex or to add new content.

Credits

Contributors

  • iTrooz for getting ImHex onto the Web as well as hundreds of contributions in every part of the project
  • jumanji144 for huge contributions to the Pattern Language and ImHex's infrastructure
  • Mary for her immense help porting ImHex to MacOS and help during development
  • Roblabla for adding MSI Installer support to ImHex
  • Mailaender for getting ImHex onto Flathub
  • Everybody else who has reported issues on Discord or GitHub that I had great conversations with :)

Dependencies

  • Thanks a lot to ocornut for their amazing Dear ImGui which is used for building the entire interface
    • Thanks to epezent for ImPlot used to plot data in various places
    • Thanks to Nelarius for ImNodes used as base for the data processor
    • Thanks to BalazsJako for ImGuiColorTextEdit used for the pattern language syntax highlighting
  • Thanks to nlohmann for their json library used for configuration files
  • Thanks to vitaut for their libfmt library which makes formatting and logging so much better
  • Thanks to btzy for nativefiledialog-extended and their great support, used for handling file dialogs on all platforms
  • Thanks to danyspin97 for xdgpp used to handle folder paths on Linux
  • Thanks to aquynh for capstone which is the base of the disassembly window
  • Thanks to rxi for microtar used for extracting downloaded store assets
  • Thanks to VirusTotal for Yara used by the Yara plugin
  • Thanks to Martinsos for edlib used for sequence searching in the diffing view
  • Thanks to ron4fun for HashLibPlus which implements every hashing algorithm under the sun
  • Thanks to mackron for miniaudio used to play audio files
  • Thanks to all other groups and organizations whose libraries are used in ImHex

License

The biggest part of ImHex is under the GPLv2-only license. Notable exceptions to this are the following parts which are under the LGPLv2.1 license:

  • /lib/libimhex: The library that allows Plugins to interact with ImHex.
  • /plugins/ui: The UI plugin library that contains some common UI elements that can be used by other plugins

The reason for this is to allow for proprietary plugins to be developed for ImHex.