flat assembler
Message board for the users of flat assembler.

Index > Projects and Ideas > a hex viewer in FASM

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 02 Jul 2023, 06:01
i wrote a hex viewer in FASM ..

it's simple .. displays the hex values and ASCII for the file ...


Description:
Filesize: 119.91 KB
Viewed: 4772 Time(s)

Capture.JPG


Post 02 Jul 2023, 06:01
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20300
Location: In your JS exploiting you and your system
revolution 02 Jul 2023, 06:02
Where is the source?
Post 02 Jul 2023, 06:02
View user's profile Send private message Visit poster's website Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 02 Jul 2023, 06:08
@revolution .. i have not hosted the source .. shall put it on Github soon and share it ...
Post 02 Jul 2023, 06:08
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20300
Location: In your JS exploiting you and your system
revolution 02 Jul 2023, 06:13
Post it here.
Code:
; source goes here    
Post 02 Jul 2023, 06:13
View user's profile Send private message Visit poster's website Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 02 Jul 2023, 06:28
this is the routine that does hex print .. file is already opened and address of the file content is passed ...

Code:

section '.text' code readable executable

proc print_hex hexprint_buffer_total_lines_to_display, \
                    hexprint_buffer_total_columns_to_display, \
                    hexprint_buffer_last_line_columns_to_display, \
                    inputfile_read_buffer_address

    local row_address_print rb 0x4
    
    ; r14d - row_index
    ; r15d - col_index
    ; esi - buffer_index_save
    ; edi - buffer_index

    mov dword [hexprint_buffer_total_lines_to_display], ecx
    mov dword [hexprint_buffer_total_columns_to_display], edx
    mov [hexprint_buffer_last_line_columns_to_display], r8
    mov [inputfile_read_buffer_address], r9

    pushall
    mov dword [row_address_print], dword 0x00000000

    xor rsi, rsi
    xor rdi, rdi
    xor r14, r14
    xor r15, r15

    .iteration_loop_each_rows_start:
        xor rcx, rcx
        mov esi, edi
        xor ecx, ecx        
        cmp dword [hexprint_buffer_total_lines_to_display], r14d
        je .iteration_loop_each_rows_end

        xor rdx, rdx
        xor rcx, rcx
        xor r15, r15

        invoke printf, "0x%08x [ ", dword [row_address_print]        
        .iteration_loop_cols_start:
            cmp r15b, byte [hexprint_buffer_total_columns_to_display]
            je .iteration_loop_cols_end

            xor edx, edx
            mov eax, edi
            add eax, dword [inputfile_read_buffer_address]
            mov dl, byte [eax]
            invoke printf, "%02x", dl

            invoke printf, " "  ; space between every hex
            inc edi
            inc r15b
            jmp .iteration_loop_cols_start
        .iteration_loop_cols_end:
        invoke printf, "] "

        xor ecx, ecx
        mov edi, esi        
        xor r15d, r15d

        invoke printf, "[ "
        .iteration_loop_cols_ascii_start:
            cmp r15b, byte [hexprint_buffer_total_columns_to_display]
            je .iteration_loop_cols_ascii_end
            
            mov ecx, edi
            add ecx, dword [inputfile_read_buffer_address]
            mov ecx, [ecx]
            fastcall print_ascii_character, ecx

            inc edi
            inc r15b
            jmp .iteration_loop_cols_ascii_start
        .iteration_loop_cols_ascii_end:
        invoke printf, " ] "

        inc r14d            ; one row is over

        mov dword ecx, dword [hexprint_buffer_total_columns_to_display]
        add dword [row_address_print], dword ecx    
        
        call print_newline
        jmp .iteration_loop_each_rows_start
    .iteration_loop_each_rows_end:

    cmp byte [hexprint_buffer_last_line_columns_to_display], 0x0
    je .print_hex_return

    xor rcx, rcx
    mov esi, edi

    xor rcx, rcx
    xor rdx, rdx
    xor r15, r15

    invoke printf, "0x%08x [ ", dword [row_address_print]

    .iteration_loop_last_row_start:
        cmp r15b, byte [hexprint_buffer_total_columns_to_display]
        je .iteration_loop_last_row_end

        cmp r15b, byte [hexprint_buffer_last_line_columns_to_display]
        jl .iteration_loop_last_row_col_1
        invoke printf, "  "
        jmp .iteration_loop_last_row_col_2

        .iteration_loop_last_row_col_1:
            xor edx, edx
            mov eax, edi

            add eax, dword [inputfile_read_buffer_address]
            mov dl, byte [eax]
            invoke printf, "%02x", dl

        .iteration_loop_last_row_col_2:

            inc r15b    ; one column is over
            inc edi

            invoke printf, " "
            jmp .iteration_loop_last_row_start
        .iteration_loop_last_row_end:
        invoke printf, "] "

        mov edi, esi
        xor r15, r15

        invoke printf, "[ "
        .iteration_loop_last_row_col_ascii_start:
            cmp r15b, byte [hexprint_buffer_total_columns_to_display]
            je .iteration_loop_last_row_ascii_end

            cmp r15b, byte [hexprint_buffer_last_line_columns_to_display]
            jl .iteration_loop_last_last_row_col_1
            invoke printf, " "
            jmp .iteration_loop_last_last_row_col_2

            .iteration_loop_last_last_row_col_1:
                mov ecx, edi

                add ecx, dword [inputfile_read_buffer_address]
                mov ecx, [ecx]
                fastcall print_ascii_character, ecx

            .iteration_loop_last_last_row_col_2:

            inc edi
            inc r15b    ; one column is over

            jmp .iteration_loop_last_row_col_ascii_start
        .iteration_loop_last_row_ascii_end:
        invoke printf, " ]"


.print_hex_return:

    popall
    ret
endp



proc print_ascii_character, char_to_print
    ; ascii - 0x21 to 0x7e looks readable

    pushall

    mov byte [char_to_print], byte cl
    cmp byte [char_to_print], 0x21
            jge .check_ascii_readable_1
            jmp .ascii_not_normal_print
            .check_ascii_readable_1:
                cmp byte [char_to_print], 0x7e
                jle .ascii_normal_print
                jmp .ascii_not_normal_print
            .ascii_normal_print:
                invoke printf, "%c", [char_to_print]
                jmp .check_ascii_readable_1_out
            .ascii_not_normal_print:
                invoke printf, "."
            .check_ascii_readable_1_out:

    popall
    ret
endp


    
Post 02 Jul 2023, 06:28
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 02 Jul 2023, 08:13
I think space (0x20) can also be printable, format-hex cmdlet in PowerShell, for example, prints the white space in hexdump.

64-bit code is nice, I see you use printf to also convert to hexadecimal values.
Post 02 Jul 2023, 08:13
View user's profile Send private message Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 02 Jul 2023, 08:28
@Flier-Mate, thanks ..
"I see you use printf to also convert to hexadecimal values." -> you are suggesting any alternative ?

thanks for pointing the space .. changed the code to include whitespace ...


Description:
Filesize: 56.58 KB
Viewed: 4731 Time(s)

Capture.JPG


Post 02 Jul 2023, 08:28
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 02 Jul 2023, 08:36
int0x50 wrote:
@Flier-Mate, thanks ..
"I see you use printf to also convert to hexadecimal values." -> you are suggesting any alternative ?


You're most welcomed!

If you don't use printf, you can consider Tomasz's routine to convert number to hex, in his video:
https://www.youtube.com/watch?v=WceSGixAWSg&list=PLXIsc9dApNXogHjSTIqbhvYBw5WODn7Yb&index=9

Tomasz Grysztar wrote:
In one of the parts of my video tutorial I show an implementation of a "ShowHex" routine in detail. Even though it is shown under Windows, these instructions and snippets are not really OS-dependent.
Post 02 Jul 2023, 08:36
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 02 Jul 2023, 21:52
I suggest can also do color visualization tool based on hex viewer.
For example, see attached picture.

But then my question is, what color code to be assigned to each byte? Binary file and text file might end up distinct colors.

Any ideas?

If I understand correctly, color visualization analysis can also tell whether a file is encrypted or not (by judging from how random the color )?


Description: https://github.com/FireyFly/pixd
Filesize: 222.3 KB
Viewed: 4655 Time(s)

examples.png


Post 02 Jul 2023, 21:52
View user's profile Send private message Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 03 Jul 2023, 02:46
@Flier-Mate

that's a great suggestion .. shall add this option too ..

'If I understand correctly, color visualization analysis can also tell whether a file is encrypted or not (by judging from how random the color )?" -> I think you are talking about entropy ... you are right, the more unique values, the more chances of file being compressed (or packed) ...

but yes, i think should apply your idea ...

we need to assign 256 unique colors to the values ...if it's graphics mode, i think we can bring in variation ...
Post 03 Jul 2023, 02:46
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 03 Jul 2023, 05:50
int0x50 wrote:
@Flier-Mate

that's a great suggestion .. shall add this option too ..

'If I understand correctly, color visualization analysis can also tell whether a file is encrypted or not (by judging from how random the color )?" -> I think you are talking about entropy ... you are right, the more unique values, the more chances of file being compressed (or packed) ...

but yes, i think should apply your idea ...

we need to assign 256 unique colors to the values ...if it's graphics mode, i think we can bring in variation ...


The example color visualization is the result of using "SGR escape sequence", according to the repo owner. It is not graphics mode I think.
But what color map to have for these 256 bytes is an interesting question.
Post 03 Jul 2023, 05:50
View user's profile Send private message Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 27 Jul 2023, 01:27
the speed of the Format-Hex command (Windows Powershell) is very fast compared to the one I have written ...

what could be the reasons?

my code is hosted at https://github.com/vlabsc/file_in_hex
Post 27 Jul 2023, 01:27
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4022
Location: vpcmpistri
bitRAKE 27 Jul 2023, 03:58
Windows Powershell Format-Hex looks like they are processing 16 bytes at a time (not printf()) and then outputting the whole line. Changing your code to a single printf() per line (using SIMD to convert the bytes) should be sufficient to beat PowerShell.

Having a single printf() should make changing the line layout quite easy as well:
Code:
printf <"0x%08x [ %s ] [ %s ]",13,10>,\
        dword [row_address_print], addr hex_buffer, addr filter_string    
Like, I'm kind of partial to the classic look:
Code:
printf <"%08X: %s | %s",13,10>, \
        dword [row_address_print], addr hex_buffer, addr filter_string    
... easy to change.
Post 27 Jul 2023, 03:58
View user's profile Send private message Visit poster's website Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 27 Jul 2023, 06:50
@bitRAKE .. i am missing something ...

when you use %s it's going to print characters until it sees a NULL byte right? how is that this prints only 16bytes only ?

printf <"%08X: %s | %s",13,10>, dword [row_address_print], addr hex_buffer, addr filter_string
Post 27 Jul 2023, 06:50
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4022
Location: vpcmpistri
bitRAKE 27 Jul 2023, 17:00
I left out the code for the two functions that translate the data.
Code:
hex_buffer rb 48
        db 0 ; null terminate hexadecimal bytes

filter_string rb 16
        db 0 ; null terminate filtered bytes    
The 16 bytes of data need to be translated into 48 ASCII bytes of hexadecimal, and filtered into 16 bytes of printable characters. These are fixed size fields - all non-printable characters are made spaces.

Both translations can be done with SIMD - the filtering of the bytes and the conversion to hexadecimal.

There are many threads on the board about hexadecimal conversion.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 27 Jul 2023, 17:00
View user's profile Send private message Visit poster's website Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 30 Jul 2023, 02:09
@bitRAKE ... i modified the code as per you idea and now it's much faster than powershell ...

earlier, i called printf 32 times per row and now calling it only twice per row ... used bit operations, xlatb ...

much precise information on performance, i shall post soon .. it's almost 8 times faster now ..

new code: https://raw.githubusercontent.com/vlabsc/file_in_hex/main/printhex.asm
Post 30 Jul 2023, 02:09
View user's profile Send private message Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 30 Jul 2023, 03:30
measured the time through powershell


Description: the image is for powershell command ...
Filesize: 9.59 KB
Viewed: 4272 Time(s)

POWR.PNG


Description: the image is for the assembly code ..
Filesize: 9.08 KB
Viewed: 4272 Time(s)

FASM.PNG


Post 30 Jul 2023, 03:30
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 30 Jul 2023, 13:05
Can your hex viewer / PE parser run in Command Prompt? I encountered filename parsing error the other day.
Post 30 Jul 2023, 13:05
View user's profile Send private message Reply with quote
int0x50



Joined: 19 Jul 2019
Posts: 54
int0x50 30 Jul 2023, 13:48
@Flier-Mate ... yes it runs over command prompt ...

the command yes fih.exe <filename> ...

pleas let me know what error you get ..
Post 30 Jul 2023, 13:48
View user's profile Send private message Reply with quote
Flier-Mate



Joined: 26 May 2023
Posts: 88
Flier-Mate 30 Jul 2023, 14:09
int0x50 wrote:
@Flier-Mate ... yes it runs over command prompt ...

the command yes fih.exe <filename> ...

pleas let me know what error you get ..


I got this error in Commnad Prompt, but okay in PowerShell.

Quote:
C:\Users\BOO\Projects\file_in_hex>fih \windows\write.exe
file in hex 10 in FASM
error in opening the file \windows\write.ex. error code: 3

exiting ...


Also, your latest fih.asm has typo, "printf" is misspelled as "printn".
Post 30 Jul 2023, 14:09
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.