WinHex是一款专业的十六进制编辑器和磁盘恢复工具,具备多种实用功能,如驱动克隆、RAM编辑、文件分析、安全擦除等。它支持多种文件类型的数据恢复,并可用于计算机取证。
Here are some key features of WinHex:
· Drive cloning, drive imaging
to produce exact duplicates of disks/drives, e.g. to save the time for a full installation of the operating system and other software for several computers/disks of the same type, or to be able to restore a running installation in case of data loss/screwed up Windows (restoration of a backup). Also for computer forensics specialists, since they need to work on a copy when searching for evidence on the object disk. You can clone directly, or from an image file. Menu: Tools | Disk Tools | Clone Disk
· RAM editor
e.g. for debugging purposes (programming), for examining/manipulating any running program and in particular computer games (cheating). Tools | RAM Editor
· Analyzing files
e.g. to determine the type of data recovered as lost cluster chains by ScanDisk or chkdsk. Examples. Tools | Analyze File
· Wiping confidential files or disks
...so no one (not even computer forensics specialists) will be able to retrieve them. To securely erase a file, use File Manager | Delete Irreversibly. For disk wiping, open the disk with the disk editor and use Edit | Fill Disk Sectors. E.g. fill with zero bytes (hexadecimal value 00) or random bytes. WinHex works in accordance with the standard outlined in DoD 5220.22-M (for details, please see this white paper). Also see X-Ways Security.
· Wiping unused space and slack space
...either to close security leaks, to securely destroy previously existing classified files that have been deleted in the traditional way only, or to minimize the size of your disk backups (like WinHex backups or Norton Ghost backups), since initialized space can be compressed 99%. On NTFS drives, WinHex will even offer to wipe all currently unused $Mft (Master File Table) file records, as they may still contain names and fragments of files previously stored in them. File slack can be found in the unused end of the last cluster allocated to a file, which usually contains traces of previously existing files. Slack space - like everything else - is processed by WinHex very fast. Also see X-Ways Security.
· ASCII - EBCDIC conversion
Allows to exchange text between mainframe computers and the PC in both directions. You may even tailor the character translation table in WinHex (ebcdic.dat) for your own needs. Edit | Convert
· Binary, Hex ASCII, Intel Hex, and Motorola S conversion
z. B. for (E)PROM programmers. Edit | Convert
· Unifying and dividing odd and even bytes/words
for (E)PROM programmers. File Manager | Unify/Dissect
· Conveniently editing data structure
using custom templates. Download a tutorial. View | Template Manager
· Splitting files that do not fit on a disk
File Manager | Split/Concatenate
· WinHex as a reconnaissance and learning tool
Are you sure Microsoft Word really discards previous states of your document? You may be surprised to find text deleted long ago in your .doc files. Maybe text that you really do not wish to be seen by the person you are going to pass the .doc file to? Discover what various software programs save in their files. Study unknown file formats and learn how they work. Investigate e.g. how executable files are structured and how they are loaded in RAM. The possibilities are practically unlimited.
· Finding interesting values (e.g. the number of lives, ammunition, etc.) in saved game files
using the Combined Search or using the File Comparison utility, for later manipulation
· Manipulating saved game files
for any computer game, following existing instructions from cheat sites on the Internet or for developing your own cheats.
· Upgrading MP3 jukeboxes and Microsoft Xbox with larger hard drive
To upgrade, the new hard disk must be prepared first. This is where you need WinHex. Instructions for Creative's Nomad MP3 jukebox, DAP jukebox and Microsoft Xbox. You can also change the name of your Xbox.
· Manipulating text
...that one is not supposed to edit, e.g. in binary files. It is not convenient, but possible to translate practically any software into another language by editing text in the executable files, e.g. if the source code is not available (e.g. lost). Or you would like to edit text in files of a certain binary type that the native application does not let you modify. For instance, programmers may find their compiler automatically creates a configuration file for their project whose filename (application name + .cfg) conflicts with a file their own software uses. If your local laws and the license permit that, edit the compiler's executable file such that it works without problems (e.g. with the filename extension “.cnf”).
· Viewing and manipulating files that usually cannot be edited
because they are protected by Windows (e.g. the swap file, temporary files of the Internet Explorer), using the disk editor. Tools | Disk Editor
· Viewing, editing, and repairing system areas
such as the Master Boot Record with its partition table and boot sectors. Tools | Disk Editor | Access button
· Hiding data or discovering hidden data
...e.g. behind the supposed end of .jpg files (steganography), or in unused parts of logical drives or physical disks. WinHex specifically supports access to surplus sectors that are not in use by the operating system because they do not add to an entire cluster or cylinder.
· Copy & Paste
Use copy & paste or copy & write (=overwrite) with files, disks, and RAM. You may freely copy from a disk and write the clipboard contents to a disk, without regard to sector boundaries!
· Unlimited Undo
When editing, reverse any of your steps. Only restricted by available disk space. Edit | Undo
· Jump back and forward
WinHex keeps a history of your offset jumps, and lets you go back and forward in the chain, like an Internet browser does. Position | Back/Forward
· Scripting
Automated file editing using scripts, to accelerate recurring routine tasks or to carry out certain tasks on unattended remote computers. The ability to execute scripts other than the supplied sample scripts is limited to owners of a professional license. Scripts can be run from the Start Center or the command line. While a script is executed, you may press Esc to abort. With its wider range of application, scripting supersedes the Routine feature known from previous WinHex versions. Find out more about scripts in the program help.
· API (Application Programming Interface)
Professional users may also make good use of WinHex' advanced capabilities in their own programs written in Delphi, C/C++, or Visual Basic. The WinHex API provides a convenient interface for random access to files and disks (at the sector level). The provided functions are similar to the scripting commands. Details
· Data recovery
for erroneously deleted files or generally after an experienced loss of data. Can be done manually (see undeleting files) or automatically. There is an automatic recovery mode for FAT12, FAT16, FAT32, and NTFS drives called “File Recovery by Name” that simply requires you to specify one or more file masks (like *.gif, John*.doc, etc.). WinHex will do the rest. Via the Access button menu, a recovery mechanism is available for FAT drives which re-creates entire nested directory structures (details here). Another mechanism (“File Recovery by Type”, formerly “file retrieval”) can be used on any file system and recovers all files of a certain type at a time. Supported file types: jpg, png, gif, tif, bmp, dwg, psd, rtf, xml, html, eml, dbx, xls/doc, mdb, wpd, eps/ps, pdf, qdf, pwl, zip, rar, wav, avi, ram, rm, mpg, mpg, mov, asf, mid. In particular owners of digital cameras quite often encounter problems with their media. WinHex is likely to help with this automated function that makes good use of the existence of file headers (characteristic signatures at the beginning of a file). Tools | Disk Tools | File Retrieval
· Computer examination/forensics
WinHex is an invaluable tool in the hands of computer investigative specialists in private enterprise and law enforcement. Details
· Trusted download (a security issue)
When transferring unclassified material from a classified hard disk drive to unclassified media, you need to be certain that a copied file will have no extraneous information in any cluster or sector “overhang” spuriously copied along with the actual file, since this slack space may still contain classified data from a time when it was allocated to a different file. The command Tools | Specialist Tools | Copy exactly copies the file in its current size, no entire sectors or clusters. Not one byte beyond the end of the file will be copied to the destination disk. Minimize your IT risks. Requires a specialist license.
· 128-bit encryption
to make files unreadable by others. Edit | Convert
· Drive cloning, drive imaging
to produce exact duplicates of disks/drives, e.g. to save the time for a full installation of the operating system and other software for several computers/disks of the same type, or to be able to restore a running installation in case of data loss/screwed up Windows (restoration of a backup). Also for computer forensics specialists, since they need to work on a copy when searching for evidence on the object disk. You can clone directly, or from an image file. Menu: Tools | Disk Tools | Clone Disk
· RAM editor
e.g. for debugging purposes (programming), for examining/manipulating any running program and in particular computer games (cheating). Tools | RAM Editor
· Analyzing files
e.g. to determine the type of data recovered as lost cluster chains by ScanDisk or chkdsk. Examples. Tools | Analyze File
· Wiping confidential files or disks
...so no one (not even computer forensics specialists) will be able to retrieve them. To securely erase a file, use File Manager | Delete Irreversibly. For disk wiping, open the disk with the disk editor and use Edit | Fill Disk Sectors. E.g. fill with zero bytes (hexadecimal value 00) or random bytes. WinHex works in accordance with the standard outlined in DoD 5220.22-M (for details, please see this white paper). Also see X-Ways Security.
· Wiping unused space and slack space
...either to close security leaks, to securely destroy previously existing classified files that have been deleted in the traditional way only, or to minimize the size of your disk backups (like WinHex backups or Norton Ghost backups), since initialized space can be compressed 99%. On NTFS drives, WinHex will even offer to wipe all currently unused $Mft (Master File Table) file records, as they may still contain names and fragments of files previously stored in them. File slack can be found in the unused end of the last cluster allocated to a file, which usually contains traces of previously existing files. Slack space - like everything else - is processed by WinHex very fast. Also see X-Ways Security.
· ASCII - EBCDIC conversion
Allows to exchange text between mainframe computers and the PC in both directions. You may even tailor the character translation table in WinHex (ebcdic.dat) for your own needs. Edit | Convert
· Binary, Hex ASCII, Intel Hex, and Motorola S conversion
z. B. for (E)PROM programmers. Edit | Convert
· Unifying and dividing odd and even bytes/words
for (E)PROM programmers. File Manager | Unify/Dissect
· Conveniently editing data structure
using custom templates. Download a tutorial. View | Template Manager
· Splitting files that do not fit on a disk
File Manager | Split/Concatenate
· WinHex as a reconnaissance and learning tool
Are you sure Microsoft Word really discards previous states of your document? You may be surprised to find text deleted long ago in your .doc files. Maybe text that you really do not wish to be seen by the person you are going to pass the .doc file to? Discover what various software programs save in their files. Study unknown file formats and learn how they work. Investigate e.g. how executable files are structured and how they are loaded in RAM. The possibilities are practically unlimited.
· Finding interesting values (e.g. the number of lives, ammunition, etc.) in saved game files
using the Combined Search or using the File Comparison utility, for later manipulation
· Manipulating saved game files
for any computer game, following existing instructions from cheat sites on the Internet or for developing your own cheats.
· Upgrading MP3 jukeboxes and Microsoft Xbox with larger hard drive
To upgrade, the new hard disk must be prepared first. This is where you need WinHex. Instructions for Creative's Nomad MP3 jukebox, DAP jukebox and Microsoft Xbox. You can also change the name of your Xbox.
· Manipulating text
...that one is not supposed to edit, e.g. in binary files. It is not convenient, but possible to translate practically any software into another language by editing text in the executable files, e.g. if the source code is not available (e.g. lost). Or you would like to edit text in files of a certain binary type that the native application does not let you modify. For instance, programmers may find their compiler automatically creates a configuration file for their project whose filename (application name + .cfg) conflicts with a file their own software uses. If your local laws and the license permit that, edit the compiler's executable file such that it works without problems (e.g. with the filename extension “.cnf”).
· Viewing and manipulating files that usually cannot be edited
because they are protected by Windows (e.g. the swap file, temporary files of the Internet Explorer), using the disk editor. Tools | Disk Editor
· Viewing, editing, and repairing system areas
such as the Master Boot Record with its partition table and boot sectors. Tools | Disk Editor | Access button
· Hiding data or discovering hidden data
...e.g. behind the supposed end of .jpg files (steganography), or in unused parts of logical drives or physical disks. WinHex specifically supports access to surplus sectors that are not in use by the operating system because they do not add to an entire cluster or cylinder.
· Copy & Paste
Use copy & paste or copy & write (=overwrite) with files, disks, and RAM. You may freely copy from a disk and write the clipboard contents to a disk, without regard to sector boundaries!
· Unlimited Undo
When editing, reverse any of your steps. Only restricted by available disk space. Edit | Undo
· Jump back and forward
WinHex keeps a history of your offset jumps, and lets you go back and forward in the chain, like an Internet browser does. Position | Back/Forward
· Scripting
Automated file editing using scripts, to accelerate recurring routine tasks or to carry out certain tasks on unattended remote computers. The ability to execute scripts other than the supplied sample scripts is limited to owners of a professional license. Scripts can be run from the Start Center or the command line. While a script is executed, you may press Esc to abort. With its wider range of application, scripting supersedes the Routine feature known from previous WinHex versions. Find out more about scripts in the program help.
· API (Application Programming Interface)
Professional users may also make good use of WinHex' advanced capabilities in their own programs written in Delphi, C/C++, or Visual Basic. The WinHex API provides a convenient interface for random access to files and disks (at the sector level). The provided functions are similar to the scripting commands. Details
· Data recovery
for erroneously deleted files or generally after an experienced loss of data. Can be done manually (see undeleting files) or automatically. There is an automatic recovery mode for FAT12, FAT16, FAT32, and NTFS drives called “File Recovery by Name” that simply requires you to specify one or more file masks (like *.gif, John*.doc, etc.). WinHex will do the rest. Via the Access button menu, a recovery mechanism is available for FAT drives which re-creates entire nested directory structures (details here). Another mechanism (“File Recovery by Type”, formerly “file retrieval”) can be used on any file system and recovers all files of a certain type at a time. Supported file types: jpg, png, gif, tif, bmp, dwg, psd, rtf, xml, html, eml, dbx, xls/doc, mdb, wpd, eps/ps, pdf, qdf, pwl, zip, rar, wav, avi, ram, rm, mpg, mpg, mov, asf, mid. In particular owners of digital cameras quite often encounter problems with their media. WinHex is likely to help with this automated function that makes good use of the existence of file headers (characteristic signatures at the beginning of a file). Tools | Disk Tools | File Retrieval
· Computer examination/forensics
WinHex is an invaluable tool in the hands of computer investigative specialists in private enterprise and law enforcement. Details
· Trusted download (a security issue)
When transferring unclassified material from a classified hard disk drive to unclassified media, you need to be certain that a copied file will have no extraneous information in any cluster or sector “overhang” spuriously copied along with the actual file, since this slack space may still contain classified data from a time when it was allocated to a different file. The command Tools | Specialist Tools | Copy exactly copies the file in its current size, no entire sectors or clusters. Not one byte beyond the end of the file will be copied to the destination disk. Minimize your IT risks. Requires a specialist license.
· 128-bit encryption
to make files unreadable by others. Edit | Convert
扫一扫
906
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
