Last update: 5 August 2023

Hiew External Module

HemLoad receives a pointer on function called HiewGate for back communication with Hiew, and a unique handle that module should pass for self-identification in each HiewGate call. HemLoad code is expected to keep these values for future use. It is also expected to fill a structure describing module. Structure contains things like module's text description, as well as flags specifying Hiew states module will be invoked in. Any Hem module can provide its functions for direct calls from other modules via its gate. After successfully passing load and initialization phases module is registered as valid.

1.  VerInfoX

VERSIONINFO Resource Viewer. A Hiew plugin that allows to locate and view compiled VS_VERSIONINFO resources

Added: 8 Oct 2005  Author: FSC  Compiled HEM: VerInfoX.zip (~20Kb)  Hiew version minimal: 7.22  HEM SDK version: 0.30  Source:*) VerInfoX_src.zip (~14Kb)

2.  PeVerify ver 0.43

Verificator of the PE file. Checking: stub, header, sections table, directory table, export, import (bound and delay include), resource. Info: overlay.

Updated: 8 Oct 2012  Author: SEN  Compiled HEM: PeVerify043.zip (~26Kb)  Hiew version minimal: 7.22  HEM SDK version: 0.30

3.  PE Sniffer ver 1.02

PE Sniffer can analyze PE file and guess packer/compiler.

Added: 3 Oct 2006  Author: Jupiter  Compiled HEM: PESniffer102.zip (~30Kb)  Hiew version minimal: 7.22  HEM SDK version: 0.30

4.  MapAndJump

First, it lets you quickly navigate through currently open file. Second, it does a very basic analyzis of the file and shows which areas of the file are filled with zeros or other constants, and which contain usual pseudo-random data.

Added: 1 Mar 2007  Author: FSC  Compiled HEM: MapAndJump.zip (~20Kb)  Hiew version minimal: 7.22  HEM SDK version: 0.30

5.  HiewLua ver 1.02  (Hem2Hem plugin)

HiewLua is a Hiew plugin that provides other Hiew plugins with Lua script engine.

Updated: 29 Jan 2009  Author: FSC  Compiled HEM2HEM: HiewLua102.zip (~50Kb)  HiewLua SDK: HiewLuaSDK102.zip (~25Kb)

6.  SciView ver 1.02  (Hem2Hem plugin)

SciView is a Hiew plugin that helps other Hiew plugins to overcome console ouput limitations and provides a rather powerful graphical text editor/viewer that is directly callable from any Hiew plugin.

Updated: 29 Jan 2009  Author: FSC  Compiled HEM2HEM: SciView102.zip (~52Kb)

7.  CalcLuator ver 1.02

CalcLuator is a Hiew plugin that serves two main purposes. First, it demonstrates how to use HiewLua and SciView plugins and therefore is distributed along with its source code. Second, it provides its users with a very nice programmable and extendable Lua calculator that may be used for a huge variety of things in everyday life.

Updated: 29 Jan 2009  Author: FSC  Compiled HEM: CalcLuator102.zip (~20Kb)  Hiew version minimal: 7.22  HEM SDK version: 0.30  HEM requirements: HiewLua,   SciView  Source:*) inside  Additional users scripts: UsersScripts.zip (~4Kb)

8.  FileWalker ver 1.12

Show some details for specific files. JPG: show markers ZIP: show markers, filenames, compress/uncompress sizes

Updated: 15 Aug 2007  Author: SEN  Compiled HEM: FileWalker112.zip (~21Kb)  Hiew version minimal: 7.22  HEM SDK version: 0.30

9.  XorBlock ver 1.00

Xor block with line. (this feature was deleted from exefile since version 7.40)

Added: 31 Jul 2007  Author: SEN  Compiled HEM: XorBlock.zip (~18Kb)  Hiew version minimal: 7.45  HEM SDK version: 0.35  Source:*) inside  Additional files: AddBlock.zip (~30Kb)

10.  WhereComesFrom ver 2.02

List of references for PE

Updated: 29 Jan 2008  Author: SEN  Compiled HEM: WhereComesFrom202.zip (~26Kb)  Hiew version minimal: 7.47  HEM SDK version: 0.40

11.  NamesPeMap ver 1.30

Import names from standart map-file

Added: 19 Feb 2008  Author: SEN  Compiled HEM: NamesPeMap130.zip (~26Kb)  Hiew version minimal: 7.50  HEM SDK version: 0.42

12.  LoadMapEx [PE] ver 1.00

LoadMapEx [PE] allows load into HIEW .map files generated for PE files by Visual C++\Borland C++\DeDe\GNU compilers.

Added: 19 Feb 2008  Author: Tim Sobolev  Compiled HEM: LoadMapEx100.zip (~6Kb)  Hiew version minimal: 7.50  HEM SDK version: 0.42

13.  PE CheckSum Adjuster ver 1.33

PE CheckSum Adjuster can modify PE file to conform PE checksum. New and original checksums are the same! This means that checksum will be intact! Useful when you need to keep original checksum, for ex. for Themida patching

Added: 15 Dec 2008  Author: Jupiter  Compiled HEM: CheckSumAdjust133.zip (~3Kb)  Hiew version minimal: 7.45  HEM SDK version: 0.35

14.  TempLuator ver 1.03

TempLuator is a Hiew plugin that lets the user to see data in a neatly formatted way according to selected template. Templates are ordinary Lua scripts that may use extended data formatting and processing capabilities provided by TempLuator. The end user can write his own (or edit existing) templates in order to satisfy his particular needs in data representation.

Updated: 22 Sep 2009  Author: FSC  Compiled HEM: TempLuator103.zip (~95Kb)  Hiew version minimal: 7.22  HEM SDK version: 0.30  HEM requirements: HiewLua,   SciView

15.  PeEntryPointHere ver 1.05

PE files: set EntryPoint at current offset

New: 27 Mar 2009  Author: SEN  Compiled HEM: PeEntryPointHere105.zip (~2Kb)  Hiew version minimal: 8.00  HEM SDK version: 0.46

16.  ElTorito ver 1.00

Show entries of boot catalog for bootable CD/DVD (Hint: Enter - goto sector)

New: 25 Aug 2009  Author: SEN  Compiled HEM: ElTorito100.zip (~3Kb)  Hiew version minimal: 8.00  HEM SDK version: 0.46

17.  mbytes2csrc

Marked bytes in the Hiew to C-source and put it in the clipboard.

New: 17 Apr 2010  Author: NT Visigoth  Compiled HEM: mbytes2csrc.zip (~33Kb)  Source:*) inside

18.  PyHiew

PyHiew is a Hiew External Module that allows users to write Python scripts that interface with Hiew

Updated: 3 Apr 2011  Author: Elias Bachaalany  Home page: GitHub - 0xeb/pyhiew  Compiled HEM: pyhiew030.zip (~315Kb)  Additional requirement: python-2.7.msi

19.  DSymLoad

DSymLoad.HEM (and configuration file DSymLoad.ini) allows you to immediately load a local name list from the target file (using debugging information).

Updated: 4 Aug 2015  Author: EreTIk  Home page: https://dsymload.codeplex.com/releases/view/616604  Compiled HEM: DSymLoad0105.zip (~75Kb)

20.  Detect It Easy

Detect It Easy is a packer identifier.

New: 15 Jan 2014  Authors: hors(die),  exet0l(hem)  Home page: http://ntinfo.biz/index.php/detect-it-easy  Compiled HEM: DetectItEasy.zip (~1,6Mb)  Source:*) inside

21.  Entropy Analyzer

This is the first Hiew plugin partially written in C#. Entropy Analyzer is a Hiew plugin that shows in a convenient graphical form the entropy of each block of a file thus allowing to see where the data in the file is... well, special and differs from other data.

Updated: 20 Apr 2015  Author: FSC  Compiled HEM: EntropyAnalyzer102.zip (~100Kb)  Source:*) by request  Additional requirement: .NET v4.0

22.  PInvoke Viewer

PInvoke Viewer shows which unmanaged resources a managed assembly uses and which resources it provides for the unmanaged world.

Updated: 11 May 2015  Author: FSC  Compiled HEM: PInvoker100.zip (~100Kb)  Source:*) by request  Additional requirement: .NET v4.0

23.  LibView

LibView is a Hiew plugin that displays all public symbols defined in a COFF .lib file. In addition, it may show such symbols for other types of libraries (*nix .a files, for example).

New: 11 Jan 2016  Author: FSC  Compiled HEM: LibView101.zip (~50Kb)

24.  Elevate ver 1.03

When you are normally examining files with Hiew, running Hiew under UAC (User Account Control) is enough, but if you need to modify objects in protected locations like %ProgramFiles%, you need to elevate Hiew process to grant admin permissions. "Elevate" module lets you to elevate current Hiew process to grant admin rights and to modify protected objects.

New: 4 May 2016  Author: Jupiter  Compiled HEM: Elevate103.zip (~4Kb)

25.  MSVC Demangler/Undecorator ver 1.0

This plugin does one simple thing: it converts such crippled names back into much more readable representation.

New: 2 Mar 2020  Author: FSC  Compiled HEM: MSVCUndec10.zip (~141Kb)  Source:*) by request

26.  Kiewtai

Kiewtai lets you use the library of Kaitai Struct parsers from within Hiew. There are lots of binary formats already supported by Kaitai, so you get templates for lots of things (Zip, Rar, Gzip, Png, Jpeg, etc, etc).

New: 21 May 2020  Author: Tavis Ormandy  HEM: github

27.  Hashes

HIEW module to calculate MD5, SHA-1, and SHA-256 hashes of a given file/block

New: 21 April 2023  Author: Fernando Merces  HEM: github

28.  CopyAs

External Module (HEM) to copy block data in different formats.

New: 5 August 2023  Author: Fernando Merces  HEM: github