For binary-diving reverse engineers, the hex editor is of great importance. It allows you to perform a deep inspection on every byte in a file, and as such is one of the first tools any reverse engineer should grab.
Up till now, I've been using XVI32; it's a rather simple hex editor, and when I'm digging around in hexadecimal, the last thing I want to do is mess with an unruly tool. Normally, I would recommend this program to anyone.
Today I was thinking about my choice of hex editor, and I was wondering if anything new had come along over the years that was worth looking into. Sure enough, 2 minutes with Google and I found exactly what I was looking for:
010 Editor
Now, normally I don't get overly excited with this kind of software. IDA-Pro and SoftICE can barely get a smile at me. With 010 Editor, the fun still hasn't ended. Let's take a look at it.
After you've been delving around with a binary file for long enough, you often find yourself repeating the same tasks over and over again. 010 simplifies this with a built-in C-like scripting language, with the usability of Python. You simply create a script file, type in some code, save, and it's ready to execute!
When reversing file formats, the goal is usually to map out all kinds of arbitrary structures. 010 Editor supports a template system, by which you can use the aforementioned scripting language to essentially map out the structures of the file format. The definitions look just like C-structs, and you can even use typedefs and enumerations to help make the data that comes out more easily understandable. What's more, the struct definitions support inline code, so if, say, the first byte of a structure determines how the rest of the structure is laid out, you can put that logic right into the structure definition!
This all sounds well and good, but how practical is it? Well, after I downloaded the software, I put about 5 minutes into reading the documentation on scripting and templates. After that, I used various file format definitions I have laying around to write a set of templates (with the format spec. in front of me, each took about 2 minutes). That's fast! I can already tell how this type of functionality will greatly improve future reversing endeavors.
Of course, the templates feature and the scripting aren't the only cool things that 010 packs, but they certainly were what made it stand out. If you want to look into this nifty piece of software, you can try it for free for 30 days, or buy it for $50 for a home license. Here are a couple shots of my play with it:
Viewing a file with a custom template
Looking at my templates (not too many...for now)
