Ru-Board.club
← Вернуться в раздел «Программы»

» X-Ways WinHex

Автор: campoviy
Дата сообщения: 23.05.2011 16:33
firewall2006
Цитата:
Я уж было подумал, что это только у меня такой глюк.
А-а: вот оно как, а примерно в 19 часов 21.05 (совсем скоро после анонса fimdiraf) - вообще не шла закачка.
Автор: SAT31
Дата сообщения: 23.05.2011 16:43
firewall2006
campoviy
http://forum.ru-board.com/topic.cgi?forum=35&topic=47558&start=140#9
Автор: firewall2006
Дата сообщения: 23.05.2011 17:20
SAT31
Цитата:
http://forum.ru-board.com/topic.cgi?forum=35&topic=47558&start=140#9
Пост в Варезнике я видел, вот только не понимаю, в чём варезность данного вопроса.
Кроме того, для тех кто не заметил, намекну, что название темы на оф.форуме звучит как X-Ways Forensics 16.0, а последняя тема в анонсах по X-Ways WinHex версии 13.2.
Автор: SAT31
Дата сообщения: 23.05.2011 18:05
firewall2006

Цитата:
вот только не понимаю, в чём варезность данного вопроса.

это меня спрашиваете?))
спросили тут, точнее продолжили тут, я черканул, дабы между двух тем не метаться.
Автор: fimdiraf
Дата сообщения: 14.06.2011 19:32
WinHex 16.0 SR-8

Цитата:
* Fixed memory leak in particularly thorough file system data structure search for ReiserFS file systems.
* Some memory-intensive functions were slow in SR-7. That was fixed.
* Some minor improvements.

http://www.x-ways.net/winhex.zip
Автор: embrace909
Дата сообщения: 25.06.2011 19:31
WinHex Russian Fixer
Автор: CHELDAN
Дата сообщения: 12.07.2011 10:00
WinHex 16.0 SR-11
http://www.x-ways.net/winhex.zip


Цитата:
* An error was fixed in the file header signature search in v16.0 that could occur with some signatures when searching at the byte level.
* Avoided a rare error that could apparently occur when interpreting evidence file containers that contained files without names.
* Avoided an exception error that could occur when taking a snapshot of large Ext4 volumes with many inodes and small blocks.
* Disk cloning did not report the complete number of sectors copied correctly if over 2 TB. That was fixed.
* Ready to open case files created by v16.1 Beta 2 and later.
* Some minor fixes and improvements.
Автор: fimdiraf
Дата сообщения: 17.07.2011 19:33
WinHex 16.1
http://www.x-ways.net/winhex.zip
Автор: CHELDAN
Дата сообщения: 20.07.2011 10:36

Цитата:
WinHex 16.1

[more=Что нового?]What's new in v16.1?

X-Ways Forensics can now process Exchange EDB databases and extract user mailboxes with their e-mail, attachments, contacts, appointments and tasks. Requires X-Ways Forensics to run under Windows Vista or later. Still in a testing stage, and can be very slow for huge databases.

File editing and tools

Ability to edit files without using operating system file write commands, directly on a disk/in a raw disk image in any file system supported, even if not supported by Windows, even files not seen by Windows (e.g. deleted files), even in partitions not seen by Windows (e.g. by damaged or deleted), without changing any timestamps or attributes, in in-place mode. For this new editing capability, the file must been opened from within the already opened volume that contains it, via the Open command in the directory browser context menu or in File mode (forensic license only). Compressed files or generally files within other files (e.g. e-mails and attachments in e-mail archives) cannot be edited, except in an evidence file container if they have been copied there from the original disk/image.

Previously it was only possible to edit files when opened via File | Open, using operating system file write commands or indirectly by editing disk sectors. In File mode (forensic license only) and when opening files from within already opened volumes, the only available mode so far was read-only mode. All of this has changed. Note that files cannot be shortened or expanded that way, only the data in already allocated areas can be modified. Editing files opened directly from within disks/raw images as described above is possible in WinHex only, not in X-Ways Forensics or X-Ways Investigator, where sector level write access (to which file editing is internally translated) is disabled and where the only mode available for disks and interpreted images and files opened from within volumes continues to be read-only mode. For owners of a license for X-Ways Forensics, this change only affects the special WinHex version that they receive additionally, not X-Ways Forensics itself.

In forensic computing, electronic discovery and IT security, the new edit capability can be helpful to manually redact (e.g. overtype) specific data that should not be examined/disclosed/seen or to securely erase specific areas within files (e.g. define as a block and fill the block). Note that evidence file containers are raw images if they have not been converted to the .e01 evidence file format and thus allow for retroactive file editing, which, however will invalidate any accompanying hash values. It is even possible to edit directories, i.e. the clusters with directory data, e.g. INDX buffers in NTFS, for example if you need to redact the names of certain files.

New file wiping functionality for files and directories that are selected in the directory browser, via a command in the context menu. The data in the logical portion of a file (i.e. excluding the file slack) and the major data structures of a directory (such as INDX buffers in NTFS and directory entries in FAT) will be erased/overwritten with a hex value pattern of your choice. The existence status of the file in its file system will not be changed. No file system level metadata such as timestamps or attributes will updated because no operating system file level write commands are used. No file system data data structures are changed, and no filenames will be erased, only the contents of files will be overwritten. Compressed files or generally files within other files (e.g. e-mails and attachments in e-mail archives) cannot be erased. Previously existing files whose clusters are known to have been reused will not be erased. Note that by erasing deleted files you might erase data in clusters that belong to other files, so only select existing files if you want to avoid that (assuming consistent file systems). Also note that by erasing carved files you may erase too much or not enough data, depending on the detected file size and depending on whether the file was originally fragmented. This functionality is only available in WinHex, not in X-Ways Forensics.

Useful for example if copies of images are forwarded to investigators/examiners who are not allowed to see the contents of certain files. Useful also if you have to return computer media on which child pornography has been found to the owner after clearing these files. Also useful if you are preparing images for training purposes that you would like to publish and would like to retroactively erase the contents of copyrighted files (e.g. operating system or application program files).

Both successfully erased files and files that could not be successfully erased will be added to separate report tables by which you can filter to verify the result.

Cool new function to create hard links of files on NTFS volumes. Useful for example to play around with hard links during our File Systems Revealed training, or if you would like to add the same image to the same case again, which is only possible under a different name. The hard links will be created in the same directory and of course can be renamed and moved by you after they have been created. Tools | Disk Tools | Create Hard Link.

Case management

More powerful and convenient batch processing thanks to an option to automatically trigger logical searches (previously only indexing) after volume snapshot refinement and thanks to an option to trigger the volume snapshot refinement (and therefore indirectly also logical searches) immediately after adding images to the case. That means you click through all the dialog windows initially and then run the selected operations without further user interaction. The operations will be run in this order: First all images are added to the case. Then the volume snapshots will be taken and refined if selected. After that, for selected evidence objects (previous or newly added ones) a logical search will be run if selected. Finally for each selected evidence object an index can be created.

Ability to invoke the menu commands to refine volume snapshots and run logical searches in selected evidence objects even when no data window is open at that time. As always, these operations will open data windows themselves when needed and close them automatically when no longer needed, to avoid unnecessary main memory utilization by loaded volume snapshots.

A new case tree context menu command that allows to export any portion of the tree to a Unicode text file. The tree will be represented exactly in its current state of expansion and can span all evidence objects. To export a subtree, right-click a directory while holding the control key. Use a fixed font to view the text file. Remember to fully recursively expand a portion of the tree that you want to export, you can click the root of that portion and press the asterisk (multiplication) key on the numeric keypad.

Ability to change the order of evidence objects in the case tree, via the properties dialog window, except for "dependent" evidence objects (partitions that belong to a physical disk).

Shorter and language-independent case subdirectory names in all cases created by v16.1 and later.

More convenient procedure when the path or drive letter of an image in a case has changed, especially if the image was added to the case in v16.1 and later and you have updated the standard directory for images in the General Options already.

Notification when opening a case if it can only be opened as read-only because of the read-only file attribute or because of insufficient file permissions.

Images

Ability to interpret VMware's Virtual Machine Disk images (VMDK) in addition to .e01 evidence files, raw/dd images, ISO images and VHD images.

Ability to automatically hibernate the system after disk imaging, image restoration and disk cloning. (Previously the only option was to shut down the system.) If Windows signals that hibernation fails, X-Ways Forensics will instead try to shut down the system.

Imaging with compressed .e01 evidence files as the output format accelerated for disks that contain large areas of binary zeroes, for example because they were wiped by the user some time or zeroed out by the manufacturer and never completely filled.

New "sparse" compression option for .e01 evidence files that only compresses large areas of zero value bytes in a very efficient way.

Additional information included in imaging log.

Registry viewer

Additional edit window in the registry viewer that tells you the logical size of the selected value and the size of its slack. It also interprets registry values of the following types, as known from the registry report: MRUListEx, BagMRU, ItemPos, ItemOrder, Order (menu), ViewView2, SlowInfoCache, IconStreams (Tray notifications), UserAssist, Timestamps (FILETIME, EPOCHE, Epoche8), MountedDevices, OpenSavePidlMRU, LastVisitedPidlMRU, and more. The new edit window now also displays the access rights/permissions of the registry keys if (Default) is selected.

New special table "External Memory Device" included in registry report that can be retrieved from Software hives of Windows Vista and later that lists external media with access timestamps, hardware serial number, volume label, volume serial number and volume size (size often only under Vista). Select the definition file "Reg Report Devices.txt" to get the table.

New special table in the registry report called "Browser Helper Objects", compiled with data from the hives NTUSER.DAT and SOFTWARE, about browser usage.

New Export List command in the registry viewer context menu allows to export all values in the selected hive to a tab-delimited text file.

Several small improvements in the registry viewer/report.

Miscellaneous

New version of the internally used graphics viewing library.

New version of the internally used library for archive decompression.

Many additional file signature definitions, mostly for file type verification only.

The thorough file system data structure search will now check for INDX buffers for index records referencing existing files that are not referenced in the $MFT any more because the $MFT is in a corrupt or incomplete state, for example because the image is incomplete.

The metadata extraction functionality has been removed from the directory browser context menu. It is now part of the Refine Volume Snapshot command and thus cannot be applied to selected files any more, but to either all files, tagged files or not hidden files.

You can now conveniently close viewer windows (whose contents are provided by the viewer component) by hitting the Esc key on your keyboard.

It is now possible to close filter dialogs by clicking the "x" in the upper right corner or by pressing Alt+F4 without deactivating the filter if its active and without losing selection and scroll position in the directory browser.

When using the Recover/Copy command and the output filename has to be shortened to fit in the maximum path length specified by the user, the filename is now shortened in a nicer way, by preserving the extension whenever possible. (forensic license only)

Indexing slightly accelerated.

Many minor improvements.

[/more]
Автор: CHELDAN
Дата сообщения: 20.07.2011 20:51
Русификатор WinHex 16.1 от Localiz2
http://msilab.net/rus.6516
Автор: fimdiraf
Дата сообщения: 31.07.2011 00:40
WinHex 16.1 SR-1

Цитата:
* Dongle insurance. It has always been the policy of X-Ways that lost, misplaced or stolen dongles are not replaced. If you are afraid that your dongle eventually might get lost or stolen, in particular when travelling or working on site (not only in your own office) or when leaving it to contractors, consultants, auditors, lawyers, externally working or temporary employees, or students, you will be happy to hear that it is now possible to insure your dongle against loss! Only if your dongle is insured, you can buy a replacement dongle. Read more.
* Use of intelligent and interactive file write operations that allow you to retry when running out of drive space, after you have freed up more space, without data loss, for volume snapshots and search hits.
* Exchange EDB processing accelerated.
* Support for ShellBags and related data structures in registry viewer and report further improved.
* Some minor improvements.
* Already in original v16.1: Fixed an instability error that could occur in v15.6 through v16.0 when reading from ISO images.

http://www.x-ways.net/winhex.zip
Автор: folta
Дата сообщения: 11.08.2011 18:20
не хочу открывать новую тему, поэтому спрошу тут.
тут ближе всех к сути.
есть ли такая программа, которая может анализировать файл и подсчитывать все символы, а потом выдавать подробную статистику?
буть то приложение, архив или текстовый файл, невзирая на расширение.

пока нешел только freq.
но ей не хватает гибкости.
Автор: SAT31
Дата сообщения: 25.08.2011 11:54
WinHex 16.1 SR-4


Цитата:
* Fixed errors in Exchange EDB extraction.
* Exception prevented that could occur when naming certain carved JPEG files.
* Accelerated loading of registry hives.
* Decoding of V values of the SAM hive directly in the registry viewer.
* Error fixed that could prevent the output of registry reports.
* Registry report: Modification dates are now displayed in gray for values that are not the only values in their respective key, as a visual aid to remind the reader that they are not the modification dates of the values.
* Additional information output in registry report.
* Several minor improvements.

http://www.x-ways.net/winhex.zip
Автор: TNG
Дата сообщения: 30.08.2011 00:35
Есть ли конвертер для перевода значений из вида (даже не знаю как сказать)
37 BF 39 07 => 0x739bf37
Может он лайновый или утиль какая, а на крайний случай где можно почитать про это? Только на русском (почитать), т.к. в буржуинских не силен.
Автор: Victor_VG
Дата сообщения: 30.08.2011 02:04
TNG

Любой Рex редактор это умеет. Первый вариант это LE, второй BE запись. Т.е в первом сначала идут младшие цифры, а во втором старшие. За эту свистопляску благодарим Intel - LE вариант записи это их "изобретение" чтобы люди не могли использовать их код на других процессорах.
Автор: SAT31
Дата сообщения: 17.09.2011 14:04
WinHex 16.1 SR-6

Цитата:
SR-5:

* Fixed an exception that could occur when decoding e-mail messages for logical searches in SR-2 to SR-4.
* Fixed an error that could prevent to get search hits at the physical end of a file in v16.0 and v16.1.
* Fixed inactivity of multipliers that occur at the end of GREP expressions.
* Improved extraction of certain e-mail header fields if non-standard formatted.
* Jump list metadata presentation in Details mode was incomplete since v16.0. This was fixed.
* Sorting of keys in Registry Viewer fixed.
* Registry report: Output of dummy entries fixed.
* SECURITY hive processing slightly further improved.
* Interpretation of V account structure in SAM hives now almost perfect.
* Fixed an exception error that could occur when searching in an index for characters that were not indexed.
* Some minor improvements.

SR-6

* Improved ability to show text encoded in multi-byte code pages in the text column in Windows 7.
* Avoided message boxes during volume snapshot refinement.
* Avoided message about invalid or unsupported owner ID when including the evidence object level of Windows 7 NTFS volumes in file containers.
* Fixed memory leak that could occur in v16.1 when exploring Gzip archives.
* Automatic file size detection fo Gzip archives in the file header signature search.
* v16.1 did not associate LFN entries in FAT file systems with SFN entries if the latter contained code page dependent characters. That was fixed.
* Some minor improvements.

=======
http://www.x-ways.net/winhex.zip
Автор: SevereK20
Дата сообщения: 12.10.2011 23:35
Не знаю, сюда ли вопрос...
В WinHex создавал клон жесткого диска в .img файл.
Жесткий диск, клон которого создавался, был разбит на 2 раздела. На обоих была разрушена файловая система.
Сейчас имеется один .img файл 160gB. Можно ли его как-то смонтировать на виртуальный диск?
Клоны дисков, на которых на разрушена файловая сисема, успешно открывал в WinImage... этот же образ открывается в WinImage, можно выбрать раздел (видны все 2), но как только выбираешь выкидывает ошибку и программа сама закрывается..
Кто подскажет варианты, кроме как сделать посекторку на другой диск?
Автор: SAT31
Дата сообщения: 14.10.2011 18:03
WinHex 16.2
[more=Изменения]A preview version of X-Ways Forensics 16.2 is now available. The download link can be retrieved as always by querying one's license status.

What's new?

* Ability to search and index in up to 5 code pages simultaneously (including UTF-16 Unicode), 2 more than before. Useful for languages for which severalcode pages are commonly in use, e.g. Chinese and Japanese.
* Code pages are now always listed for selection in ascending order of their numeric identifiers.
* Ability to visually compare different single-byte code pages thanks to simultaneous code page tables (View | Tables | Hexadecimal / Code Page).
* Code page independent GREP searches for exact byte values enabled by selecting a "non" code page called "Direct byte-wise translation for GREP", which translates byte values without any mapping for certain code pages or case matching.
* Ability to search in big-endian UTF-16 Unicode. (However, the search hits are readable only in Western European languages.)
* Some other improvements to the GREP search engine.
* Each search hit now remembers in which code page it was found. You can see the code page in the search hit description column.
* X-Ways Forensics now preserves and displays paths/directories when exploring file archives.
* Ability to only include the number of items in a report table in the report, not a list of those items.
* The volume snapshot options are now available directly via the Options menu.
* A new option among the directory browser options allows you tag or hide files in the directory browser non-recursively, such that tagging/untagging/hiding/unhiding a file has no effect on parent or child objects or parent or subdirectories. Useful for example if all child objects of a file should processed in volume snapshot refinement or searched, but not the parent object. Previously it was not possible to have an untagged parent object whose child objects are all tagged. If the recursive tagging option is in its middle state, that means that child objects still inherit the tagged state from their parent at the moment when they are newly added to the volume snapshot, e.g. when you extract e-mail and attachment from an e-mail archive.
* Whether tagging and hiding works recursively or not can now also be controlled by holding the Shift key.
* If main memory is represented as a physical disk, for example because it is the RAM of a remote computer accessible via F-Response or because it is an raw memory dump or .e01 evidence file with a memory dump interpreted as a physical disk, it is now possible to open a "Volume" from within the "physical disk" in which X-Ways Forensics offers its main memory analysis.
* Newly created .e01 evidence files of memory will be internally marked as as images of volumes rather than physical disks such that even older versions will be able to recognize them as memory dumps.
* If a memory dump is misinterpreted as a physical disk image with a sector size of 512 bytes, the "volume" that can be opened from within will be successfully re-interpreted as having the appropriate sector size (or actually page size in this case) of 4 KB.
* Exceptions in metadata extraction fixed.
* .lnk shortcut file interpretation revised.
* Several minor improvements.

Preview 2:

* Support for Outlook compressible encryption as a code page for the text column and simultaneous searches.
* Ability to display certain TIFF pictures with old-style JPEG compression.
* Ability to check the consistency of the format of files of known types and output "OK" or "corrupt" in the Type Status column and filter for these properties. In later releases the consistency will be checked, depending on the file type, during file header signature search, file type verification and/or metadata extraction. In this release only the consistency of JPEG files is checked, and only when running a file header signature search.
* Recover/Copy: Ability to copy only direct children and not all descendents recursively, by checking the box only half. That can be useful for example when you want to copy e-mails off the image and embed their attachments, but don't care for further children of the attachments that X-Ways Forensics has extracted from them.
* E-mail extraction from Exchange EDB databases improved (same revision level as v16.1 SR-7).
* Dynamic adaption of the video still export interval based on the video play length when using MPlayer. The longer the video, the longer the interval.
* Until now, report tables were not a good means to categorize more than 10, 000 or 100, 000 files in volume snapshots with millions of files. Filtering and sorting by report tables was slow with such huge numbers. That has changed. It is now quick to filter and sort by report tables with several 100, 000 associations in huge volume snapshots.
* Report table items are now output in the case report in the order of the internal ID within each evidence objects, no longer in the order in which the files were added to the report tables.
* Recover/Copy: The length of the names of artificial subdirectories created in the output folder to accommodate child objects of files is now limited to a user-defined number of characters, 32 by default. This is useful in particular for e-mail messages that are named after the subject line and of course can contain attachments as child objects, to avoid overlong paths.
* Recover/Copy: The suffix used to name artificial subdirectories created in the output folder to accommodate child objects of files is now fully user-definable.
* Proximity searches did not work in the first preview version. That was fixed.
* Several minor improvements.
* Older versions of X-Ways Forensics cannot read the volume snapshot format used by v16.2 and later.

Preview 3:

* Ability to sort in the directory browser by up to 3 criteria (instead of 2 as before).
* Sorting by Name and Path is now case-insensitive.

A note about sorting: A few times I got the impression that some users have a wrong idea about how multi-criteria sorting works. They believe that somehow when sorting for example by modification date and access date that both files with either very late modification dates and very late access dates will be listed near the bottom. However, that is a misconception. There is a clear hierarchy. The secondary sort criterion is used to sort items only if these items have exactly the same value for the primary sort criterion (and that is *very* rarely the case for timestamps with such a high precision as provided by the NTFS file system). The separate criteria are not somehow magically "merged" to a unified single criterion that based on some model linearly orders all items. Similarly now with 3 sort criteria, the tertiary criterion is used only if items have exactly the same values for the primary and the secondary sort criterion.

* Option to output files in the report either grouped by evidence object (as before) and sorted by internal ID or (and this is new) in the order as they are currently listed in the case root window, where you can freely change the order thanks to now up to 3 sort criteria. Note that if you choose the second option, files that are not listed in the case root window will not be output, even if they are part of a report table. That means that current filter settings now can have an effect on the generation of the report, too. If files are omitted because they are not listed in the case root window at the time of report generation, you will be notified of that in the report and in a message box.
* Ability to deal with NTFS volumes with more than 2^31 (and up to 2^32) clusters.
* Speed quadrupled (!) for unused areas when imaging volumes with the option to exclude data in free clusters. Depends on compression level.
* Some minor improvements.

Preview 4:

* Supports skipping free clusters now even for partitions when imaging MBR- and GPT-partitioned physical disks, not only when imaging pure volumes.

Beta:

* Improved support for volumes with more than 2^31 clusters.
* The search engine now assigns search hits to more than one GREP expression if multiple expressions are equivalent.
* Ability to watermark optionally omitted free space in an image at the start of each sector with a Unicode text string, so that when working with the image you are reminded of the omission when you look at data in drive free space.
* Recover/Copy: Ability to copy files with a partial path from the case root window. In that case only the evidence object name is used as the path, not the path within the evidence object.
* Several minor improvements.

Also to be expected in v16.1 SR-8:

* Avoided an exception error that could occur after failed memory allocations.
* Improved compatibility with new viewer component version 8.3.7.

Beta 2:

* Includes the computer name and user name in the imaging log.
* The file header signature search classifies found RAR archives as corrupt if they cannot be carved completely.
* Accelerated filling of containers in certain situations.
* Some minor improvements.

v16.2 has just been released.

Additional changes since the last beta version:


* Correct encoding of angled brackets that occur in Windows registry values for the output in registry HTML reports based on advice by TronicGuard / Martin Wundram.
* Improved ability to deal with certain corrupt registry hives.[/more]
================
http://www.x-ways.net/winhex.zip
================
Русификатор WinHex 16.2 от Localiz2
http://msilab.net/rus.6641
Автор: Skandalli
Дата сообщения: 17.10.2011 11:48
Товарищи, просветите пожалуйста.. Никогда не сталкивался с такими темами.

00434360 33C0 XOR EAX,EAX
00434362 40 INC EAX
00434363 C3 RETN
00434364 90 NOP

Надо перейти к смещению в DEC форме, найти поле из среднего столбца и заменить на значения из правого столбца? А где менять в редакторе ? То, что дано в ASCII символах или то что в среднем столбце редактора (шеснадцатеричные значения) ?

Автор: SevereK20
Дата сообщения: 18.10.2011 00:36
Skandalli
del
Автор: Victor_VG
Дата сообщения: 18.10.2011 10:11
Skandalli

Hex. ASCII автоматом сменится.
Автор: Lonely_Soul
Дата сообщения: 20.10.2011 23:45
SevereK20

Цитата:
В WinHex создавал клон жесткого диска в .img файл.
Жесткий диск, клон которого создавался, был разбит на 2 раздела. На обоих была разрушена файловая система.
Сейчас имеется один .img файл 160gB. Можно ли его как-то смонтировать на виртуальный диск?
Клоны дисков, на которых на разрушена файловая сисема, успешно открывал в WinImage... этот же образ открывается в WinImage, можно выбрать раздел (видны все 2), но как только выбираешь выкидывает ошибку и программа сама закрывается..
Кто подскажет варианты, кроме как сделать посекторку на другой диск?

WinImage чрезвычайно глючная, сам так мучался. Ближайший аналог WinMount по идее должен уметь работать с "сырыми" образами.
1. Установить виртуальную машину, например, бесплатный VirtualBox, подмонтировать к ней, хотя "сырые" образы почему-то не совсем штатная функция (см. Using a raw host hard disk from a guest).
2. Через OSFMount.
3. В любом вменяемом дистре Linux используя утилиты losetup и kpartx примонтировать нужный раздел.
Автор: SevereK20
Дата сообщения: 25.10.2011 22:22
Lonely_Soul
спасибо огромное. будем пробовать.
Автор: SAT31
Дата сообщения: 01.11.2011 15:16
WinHex 16.2 SR-3

Цитата:
SR-1

* Recover/Copy: Fixed inability to preserve timestamps when copying extracted e-mail messages.
* Fixed inability of the original v16.2 release to run a file header signature search when at the same time verifying file types.

SR-2

* Fixed an exception error that could occur when running a file header signature search for Gzip archives in v16.1 SR-6 and later.
* Under certain circumstances, files with child objects were often copied twice to evidence file containers by v16.2. That was fixed.
* Child objects of zip-styled Office documents were not correctly copied to evidence file containers using volume snapshots refined by v16.2. The volume snapshot refinement was fixed.
* Fixed an exception error that could occur when extracting metadata from certain ASF/WMV files.

SR-3

* The file header signature search did not work for some file types in v16.2 SR-2. That was fixed.
* Chinese translation of the user interface updated.
* Slightly more complete e-mail header field extraction.
* Avoided exception error when processing certain corrupt registry hives.
* The registry report could be slightly incomplete for certain hives. That was fixed.
* Fixed problem with very long strings in registry viewer.

--------------------------
http://www.x-ways.net/winhex.zip
Автор: Uncle KILLER
Дата сообщения: 08.11.2011 03:23
Skandalli, Витя сказал уже.... HEX, средний столбец.. Первый столбец - это адреса просто )
Автор: firefly2005
Дата сообщения: 12.11.2011 05:16
c чешского файлохранилища ничего скачать не полуается даже rus fix
Автор: Engaged Clown
Дата сообщения: 12.11.2011 09:02
firefly2005
http://sendfile.su/467349
Автор: MrDarkGT
Дата сообщения: 28.11.2011 22:22
У меня вот такая проблема. Запускаю WinHex, создаю новый файл, указываю размер (100 мб, например),



жму ОК. После этого программа сама закрывается. Что интересно, со второй-третей попытки всё начинает работать. Эта бага так же касается и других операций, (Tools->File Tools->Split, например). После перезапуска ОС проблема опять появляется. Пользуюсь последней версией, 16.2 SR3. ОС Windows XP, полностью обновленная.
Автор: Engaged Clown
Дата сообщения: 28.11.2011 22:32
MrDarkGT
Кривая регистрация, для некритичных задач можно использовать и старые версии.
Автор: MrDarkGT
Дата сообщения: 28.11.2011 23:27
Engaged Clown
Спасибо за ответ.
Ключ вводится без проблем, пишет, что всё зарегистрировано. Вроде как прога лезит в инет и после этого перестаёт работать. Или же дело в самом кейгене? Кейген от Z.W.T для версии 15.7 SR-3.

Страницы: 123456789101112131415161718192021222324252627

Предыдущая тема: Как грузануть RedHat при NTLoader в MBR?


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.