software

Better Data Analysis, Myers Diffing Algorithm And UI Improvements – Enhancing ImHex

The latest update to ImHex introduces significant enhancements aimed at improving the user experience for data analysis enthusiasts and developers alike.

With the integration of Myers’ diffing algorithm, users can now enjoy a more intuitive diff view that highlights insertions, deletions, and modifications with precision.

This update also brings a plethora of UI improvements, including customizable toolbar icons, a new font picker, and an enriched Out of the Box experience, making data analysis more accessible and efficient than ever.

Additions

  • All main menu entries now have pretty icons
  • Added Myers’ diffing algorithm to the diff view
    • This algorithm can display insertions and removals as well as modifications
    • Huge thanks to the maintainer of Malcat!
  • Added option to customize toolbar icons
  • Added a much improved Out of the Box experience when first starting up ImHex
  • Added many new hash algorithms
    • This includes basic sum checksums, Snefru, Haval, various SHA versions, Keccak, RIPEMD, many CRC presets and many more
  • Greatly improved the data information view
    • Sections can now be switched on and off
    • Magic information now includes more than one entry if there’s multiple concatenated files
    • The Digram and Layered distribution graphs now perform a lot better
    • There’s now built-in yara rules that are being run on files to detect compilers, programming languages and more for executables
  • Greatly improved the pattern editor
    • Thanks a lot to @paxcut
    • This adds support for find and replace, better highlighting and many other smaller things
  • Added Mini Map to the Hex Editor
    • This can be enabled by clicking on the map icon in the hex editor footer
    • There’s also config options when right clicking that icon
  • Added Edit -> Jump to -> Pattern option to jump directly from hex editor highlights to patterns
    • Clicking on patterns in the pattern data view also jumps to their definition in the pattern editor now
  • Added a font picker to the settings
  • Added option to highlight parent pattern regions in the hex editor when hovering over them
  • Added support for searching for other string encodings and endianess. Thanks a lot to @PerikiyoXD
  • Added a pretty drag-n-drop overlay when dragging files onto ImHex
  • Added support for virtual file systems through the pattern language
  • Added option to keep ImHex always on top of other windows
  • Added option to use ImHex in fullscreen mode
  • Added support for switching to other providers through the command palette
  • Added a setting to always show all provider tabs, even if there’s only one
  • Added option to export a selection to a file
  • Added a comments column to the pattern data view. It can be enabled by right clicking on the table header and selecting it there
  • Added option to turn off borderless window mode
  • Added option to export the results of the find view to a file
  • Added option to disable command palette button in header
  • Added a search bar to the file chooser popup
  • Added support for opening multiple files at once
  • Added support for macOS’s Right click -> Open with option

Improvements

  • ImHex now uses Atomic File I/O instead of mapping files into memory
    • This solves various issues where certain files couldn’t be opened, files on network drives not working well and more
  • macOS M1 build now only requires macOS 12.1 instead of 14.0 to run
  • Bookmark moving now uses ImGui’s native drag n drop feature
  • Syncing pattern language source code between providers should work better now
  • Custom encodings that don’t have multi-byte values now display immediately when selected
  • The macOS build now uses a custom titlebar
  • ImHex windows are now being unfocused properly if the main window loses focus
    • No more blinking cursors when ImHex is in the background!
  • Overwriting individual characters in the edit mode of the hex editor now works much better
  • Copy-Paste now works correctly in the Web version of ImHex. Thanks a lot to @exsilium
  • The find popup now remembers its content
  • The crash restore popup doesn’t show anymore now if there’s nothing to restore
  • Opening the same file multiple times is no longer possible now

Bug Fixes

  • Fixed signing issues with macOS builds
  • Fixed CTRL + S not removing red highlights of bytes
  • Fixed address bound checks in Edit -> Jump to option
  • Fixed menu bar collapsing into hamburger menu even if there’s enough space
  • Fixed RGBA8 data processor node not setting output buffer correctly
  • Fixed provider information in information view always showing infos about the current provider instead of about the analyzed provider
  • Fixed issues when using certain window management tools on Windows
  • Fixed crashes when launching ImHex with file arguments
  • Fixed crash when trying to use too many hex editor rows
  • Fixed native theme detection of Linux. Thanks to @iTrooz
  • Fixed issues where workspaces are not correctly saved sometimes
  • Fixed issues where default magic database wasn’t being bundled correctly
  • Fixed crashes when loading very old settings files
  • Fixed data inspector not updating correctly when the underlying data changed
  • Fixed a crash when specifying invalid hash parameters in the hashing view
  • Fixed additional folder paths not being loaded from the config file correctly
  • Fixed data inspector showing two negative signs sometimes
  • Fixed various issues with non-zero base addresses

Pattern Language

  • Huge refactor of the Preprocessor, Lexer and Parser
    • Massive thanks to @jumanji144
    • Compile errors are a lot more helpful now and include more context information
  • Added support for import statements
  • Added stacktrace to runtime errors
  • Patterns can now be placed inside of custom sections from within other types
  • Pattern formatters now properly respect a patterns visibility
    • This means hidden patterns don’t end up in exported json, yaml or html files anymore
  • Fixed writing to big endian bitfield entries
  • Changing pattern setting now re-evaluates the code if auto evaluation is enabled
Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

4 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

4 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

4 weeks ago