Ru-Board.club
← Вернуться в раздел «Программы»

» X-Ways WinHex

Автор: Victor_VG
Дата сообщения: 29.11.2011 04:33
MrDarkGT

А стенка для кого ставится? Брандмауэром (не встроенным в ХР дуршлагом, а нормальным - Jetico, Comodo, (Online Armor лучше вообще не рассматривать - кривой на редкость, сам никак снести не соберусь - в произвольный момент у него мозги клинит и он блокирует всю сеть до рестарта ОС.)) блокируем WinHex-у доступ на сайт разработчика - нечего ему там делать, а обновы можно и руками скачать через браузер.
Автор: dev2null
Дата сообщения: 29.11.2011 05:07
MrDarkGT (01:27 29-11-2011)
Цитата:
Вроде как прога лезит в инет и после этого перестаёт работать. Или же дело в самом кейгене? Кейген от Z.W.T для версии 15.7 SR-3.
WinHex не проверяет регистрацию через сеть. Просто на новых версиях все кейгены теперь не работают. Почитайте здесь последние несколько страниц; там уже было обсуждение этой проблемы.

Автор: shok
Дата сообщения: 05.12.2011 22:42
Вcем привет
Кто поскажет, почему не отображаются нули точками. Причём все последнии версии.
Мож галку хде поставить.
Вопрс снят.
И второе:
- Кто имел дело со скриптами. Как вызвать Modifi Data, чтобы изменить блок --> XOR x.



Автор: SAT31
Дата сообщения: 16.12.2011 09:08
WinHex 16.3
[more=Изменения:]
Цитата:
Preview 2:
* Support for Windows 8 registry hives
* Separate menu command to add memory dumps to the case.
* Fixed disk imaging bug in original v16.3 Preview version.
* Some minor improvements.

Beta:

Evidence file containers
* Evidence file containers of the new format now store examiner comments and report table associations internally, no longer in separate files in a metadata subdirectory. Both comments and report table associations can also be seen in 3rd party tools that understand the new container format.

Usability
* It is now possible to press the Esc key in the search hit list to leave the search hit list (i.e. return to the normal directory browser) and navigate to the file that the selected search hit is contained in, if any.
* It is now possible to press the multiplication key on the numeric keypad of the keyboard or the asterisk key to explore a directory or file with child objects. Useful if you have selected to use double-clicks and the Enter key already for the View command.
* It is now possible to use the asterisk key just like the multiplication key (Windows standard) to fully recursively expand the directory tree from the selected directory downwards.
* It is now possible to navigate back and forward by pressing Ctrl and the cursor keys left and right, just like with the Back and Forward menu and toolbar commands.
* The Back and Forward commands now also remember switches from the normal directory browser to the search hit list and back and are able to undo them.
* It is now possible to explore a directory or file with child objects that contain search hits from within the search hit list. Just that note that you would see any of the child objects only if they also contain search hits. If they don't contain any search hits, you will see a reminder that you can use the Back functionality or press Esc to return to the normal directory browser.
* The number of filtered out search hits in the search hit list when a filter is active is now a more intuitively understandably count.

File format support
* Support for file archives revised. Proven ability to find and read files in corrupt zip archives that WinZip, WinRAR and 7-Zip cannot find.
* Support for pictures with extremely high resolutions (larger than ~ 25 MP).
* Ability to filter for pictures with a skin color percentage of x % or *less*. For example a very low percentage or 0% only can be useful to find scanned documents that have been scanned with full color depth instead of just with a gray scale.
* Additional overview of log-in and log-off operations at the end of the interpretation of .evtx event logs.
* No internal metadata extraction is attempted any more for files marked with a red X.
* A report table association is now created for multi-page TIFF files when extracting metadata.
* Ability to extract internal creation dates from certificates (*.cat, *.cer, *.ctl).
* Performance of JPEG consistency check improved.
* Several minor improvements.
* Same fix level as v16.2 SR-6.

Beta 2:
* Avoided exception error that could occur in the original beta version when switching between windows.
* Ability to distinguish between user-created and application-created report tables in evidence file containers.
* v16.3 Beta version also available for X-Ways Investigator.

Beta 3:
* Exchange EDB extraction accelerated by a factor of 2-3.
* File Header Signature Search.txt: Another flag "h" can now be set in the new last column to indicate that the specified header signature is used to find data that is not part of the file any more and should excluded. Ordinary headers are included in the carved file.
* Better support for pictures with an extremely high resolution.
* Revised standard e-mail extraction mask now includes MS Office 2011 for Mac .olk14MsgSource files to allow for extraction of attachments.
* Original individual e-mail message files present on a disk (like .eml, .emlx or .olk14MsgSource) are now marked in the Attr. column as processed original .eml once they have been processed (e-mail extraction in Refine Volume Snapshot) and thus can be filtered as such. Useful to cover all original individual e-mail files and artifically produced .eml files (representing extracted e-mail) with a single filter (the Attr. filter).
* Avoid exception error that could occur in v16.3 Preview/Beta when starting a file header signature search.
* Fixed a rare "Internal error 2010" that could occur in earlier versions when running logical searches.
* Several minor improvements.

Beta 4:
* Ability to reconstruct RAID level 6 systems, more precisely these variants: backward parity (Adaptec), forward parity, and forward delayed parity with non-zero start component (as used by WiebeTech/CRU-Dataport). Information on which manufacturers use which variant and which other variants need to be supported would be very welcome.
* Ability to reconstruct RAID level 5 forward delayed parity (in case it's used anywhere).

Beta 5:
* The parameters of reconstructed RAID level 6 systems can now be remembered by cases.
* The new container format is now compatible with Mount Image Pro v4 (first add image, then mount file system).
* More Exif metadata extracted from JPEG files: focal length, lens model, F number, serial number, firmware, image unique ID
* Signing date extracted from executable files (.exe, .dll, ...) where present.
* Internal creation timestamp extracted from certificate files (.cat, .cer).
* Path representation of the registry report's verbose mode for printing revised.
* The crash safe decoding option, if fully selected, now also applies to .eml files, which in previouos versions for performance reasons it did not.

Beta 6:
* Ability to reconstruct RAID level 5 forward dynamic delayed parity.
* Mode Disk/Partition/Container in X-Ways Investigator now hides the hex/text column and instead shows some useful information about the container and the volume snapshot.
* Template for GPT partition tables included and invocable via the directory browser context menu (when right-clicking the virtual file that represents the beginning of a GPT-partitioned disk) and via the drop-down menu of the white arrow button.
* When unlocked with a dongle just for disk imaging purposes, X-Ways Forensics now identifies itself as X-Ways Imager, and a smaller download of just the files that are needed to run X-Ways Forensics as X-Ways Imager is now available separately.

Beta 7:
* Memory requirements for Exchange EDB e-mail extraction limited and reduced.
* Prepared to carve .itc2 iTunes artwork cache files and PNG files within them.
* Files in evidence files containers that had child objects in the original volume are no longer shown as having child objects if none of the child objects have not been included in the container.
* Some minor improvements. Same fix level as v16.2 SR-8.

Beta 8:
* Ability to use File | Create Disk Image for physical RAM when opened under Windows XP or 2000.
* Search hits and their context can now also be correctly displayed if in UTF-8.
* Interpretation of timestamps in Ext* file systems now independent of data interpreter settings for UNIX/C timestamps as it should be
* new investigator.ini options:
+40 prevent GREP searches
+41 prevent skin tone detection
+42 prevent inclusion of log in report
+43 prevent inclusion of basic report in report
+44 prevent export of report table associations
+45 prevent file export for analysis
+46 prevent export tree command
* Minor improvements and fixes.

Beta 9:
* Exchange EDB extraction improved
* New investigator.ini options:
+47 prevent export list command
+48 prevent metadata extraction
* Security option to verify the chunk CRCs when reading from .e01 evidence files.
* Some minor improvements.

Beta 10:
* Some fixes.

Beta 11:
* Some exception errors fixed that could occur during metadata extraction.
* Output of dummy entries in registry report fixed.
* Ability to sort by search term column.
* Fixes for Exchange EDB extraction.
* Relative path to viewer component (like .\viewer) now fully supported.
* Some minor improvements.

v16.3 has just been released.
[/more]
Автор: Lomex
Дата сообщения: 01.01.2012 05:20
Hi,

sorry to ask. But which is the last Version, which could be unlocked as a Forensic Edition. None of the older Released accpected a Forensic License. Tried different Keygens.

Thanks for any info

cu

Lomex
Автор: SAT31
Дата сообщения: 01.01.2012 12:19
WinHex 16.3 SR-1

Цитата:
* Improved UTF-8 encoding of GREP expressions.
* Fixed code page display problem with very long search terms.
* Fixed non-acceptance of containers of the new format with certain investigator.ini settings.
* Avoided one more situation where writing sectors could fail under Windows Vista and later.
* Fixed inability of v16.3 to explore nested archives.
Автор: SAT31
Дата сообщения: 26.01.2012 10:29
WinHex 16.3 SR-2

Цитата:
* Fixed an exception error that could occur when opening files with certain filenames when Asian code pages were active in Windows.
* Fixes and improvements for Exchange EDB extraction.
* Some minor fixes.
Автор: severek2v
Дата сообщения: 10.03.2012 10:55
Подскажите, пожалуйста..
Есть дамп 3200-3250 секторов одним файликом.
Как залить его на винт winhex-ом?
спасибо
Автор: unreal666
Дата сообщения: 10.03.2012 11:08
severek2v

- открываешь файл дампа, открываешь нужный раздел/винт.
- выделяешь содержимое дампа, копируешь его и вставляешь в нужные сектора в открытом разделе/винте.

короче обычный копи-паст.
Автор: SAT31
Дата сообщения: 22.03.2012 09:02
WinHex 16.4
[more=Изменения:]Performance

* A 64-bit version is now available, first as a 64-bit WinHex add-on for licensed users of X-Ways Forensics. This add-on is added to an installation of the 32-bit version of X-Ways Forensics (where the 32-bit WinHex add-on may also be present), and the 64-bit .exe file must be located in the same directory as the 32-bit .exe file, with some 64-bit versions of other files located in a subdirectory named \x64. Otherwise all files are shared by both versions. That means that all your settings, search terms, file type signature definitions, file type category definitions etc. etc are conveniently remembered and commonly used by both versions. Both versions use exactly the same format for case files and volume snapshots. While this 64-bit version is not yet fully tested (hash computation not optimized yet, progress notification via e-mail and SMART data not yet available), it can already be very helpful in situations where the 32-bit memory address space is insufficient, when dealing with disks or images that contain many millions of files, or when dealing with many millions of search hits, provided that you have plenty of physical RAM installed. A 64-bit version of the viewer component is now also provided. Comments welcome!
* Copying large files (Recover/Copy and adding to containers) accelerated.
* New buffer system at work when reading from .e01 evidence file, which can speed up processing in certain situations.
* Supports more complex GREP search expressions now than before. Such complex expressions required too much main memory in previous versions to run.

File system support

* When running a particularly thorough file system data structure search on NTFS volumes, X-Ways Forensics now specially deals with any existing or previously existing volume shadow copies and includes valuable information in the volume snapshot that would not be available otherwise, such as files that cannot be found in the current $MFT any more or old versions of files whose contents have changed (unlike in previous versions for files of any size), and now does that relatively quickly even if you choose not to use the potentially very time consuming "Search FILE records everywhere" option. Processing of volume shadow copies, if any, occurs before all the other operations that are part of the particularly thorough file system data structure search (parsing $LogFile, optionally searching for FILE record outside of $MFT and outside of VSC, searching for index records in the slack of INDX buffers). If there are volume shadow copies, the caption of the small progress indicator window will tell you when they are being parsed.
* The software now distinguishes between deleted files whose contents may have changed and deleted files whose original contents are known to be still available. See Legend for icons. Virtual files now have a different icon, with a "v" for "virtual".
* Reparse points are no longer highlighted by a virtual file whose name reveals the target, but by a comment that is attached to the reparse point host directory.

File format support

* E-mail extraction revised for certain e-mail archive file types such as Exchange EDB, DBX, MBOX, and MSG, in particular better support for e-mails in e-mails (e-mails as attachments).
* Metadata extracted from XML files in Office documents are now attached to the outer Office document, no longer to the inner XML files in which they were actually found, but where some users do not expect them.
* OLE2 timestamps can now be translated by the Data Interpreter and in templates optionally in big endian, as they appear in ICQ 7 chat messages.

Usability

* Ability to open a directory (File | Open Directory). This new function can list the files and subdirectories of any accessible directory in the directory browser.
* Abilily to add any accessible directory to the case. Useful if a directory or a file of interest resides on a drive with many irrelevant files, if you merely wish to view, hash, or search a few of those files, check their metadata or copy them to an evidence file container etc.
* When pressing a Ctrl+number key combination that is not currently assigned to any report table (e.g. accidentally), X-Ways Forensics now produces an error sound.
* More information in progress indicator window when copying files.
* Several minor improvements.

Preview 2:

Usability

Automate investigative tasks and extend the functionality of X-Ways Forensics with X-Tensions.

The X-Ways Forensics X-Tension API (application programming interface) allows you to use many of the advanced capabilities of the X-Ways Forensics computer software programmatically and extend them with your own functionality. For example, you could implement some specialized file carving for certain file types, automated triage functionality, alternative report generation, or automatically filter out unwanted search hits depending on your requirements etc.

Among other things, X-Tensions allow you to:
- read from a disk/partition/volume/image
- retrieve abundant information about each file and directory in the volume snapshot
- read from any file
- create new objects in the volume snapshot
- assign files to report tables
- add comments to files
- process, validate and delete search hits
- and do practically everything else that is possible with a Windows program! (thanks to the Windows API)

You can use your programming language of choice, e.g. C++, Delphi, or Visual Basic, and do not have to learn any new programming language. You can use your compiler of choice, for example Visual Studio Express (freeware).

Since an extension is not an interpreted script, but regular compiled executable code that is running in the address space of the application itself, you can expect highest performance, the same as with internally implemented functionality. X-Tensions give you easy and direct access to crucial and powerful functions deep inside X-Ways Forensics.

When X-Tensions functions can get called:
- when refining the volume snapshot
- when running a simultaneous search
- in future versions of X-Ways Forensics via the directory browser context menu
- in future versions of X-Ways Forensics via the search hit context menu

You may distribute your XWF extension DLLs that you compile and/or your source code free of charge or even for a fee, under whatever license terms you see fit.

For more information please see http://www.x-ways.net/forensics/x-tensions/api.html.

* More convenient ability to specify nature, sector size and additional storage location of raw images when holding the Shift key when interpreting images.
* When reading files in the volume snapshot fails when refining the snapshot or running a logical search for example because the storage location of some of the clusters is unknown or because they are contained in corrupt file archives, then only one read error message is output per session and the user is informed of a newly introduced attribute by which you can also filter: "file contents unknown, partially".

Performance

* Some corrections in 64-bit version.
* Previously existing files whose first cluster is known to have been overwritten or whose first cluster is unknown (i.e. red X files) are now generally excluded from volume snapshot refinement except if you specifically target them via tagging. They are also excluded from logical searches and from indexing if the recommendable data reduction is active unless targeted specifically via tagging or selection.

File system support

* Processing of volume shadow copies further improved.

File format support

* Ability to carve MP3 files without ID3 tags with automatic file size detection.
* New flag "c" supported in the file type signature definitions which, if taken into account (depends on user interface settings), ignores header signatures that are found not aligned at cluster boundaries.
* Files carved with the new flag "g" greedily allocate all their sectors exclusively. The file type signature search continues its search for further file headers only after the presumed end of such files.
* Several minor improvements.
* 64-bit X-Ways Forensics add-on now available in addition to the 64-bit WinHex add-on.
* Chinese user interface now available under 64-bit.

Preview 2b:

* Fixed inability of 64-bit version to take volume snapshots of FAT volumes.

Preview 3:

* Prevented exception errors that could occur during byte level file header signature search in Preview 1 and 2.
* Cases now remember non-standard sector sizes of raw images so that you do not have to specify them again when re-opening a raw image evidence object.
* Specially intercepts and reports exceptions that might occur in X-Tensions.
* Some minor improvements and fixes.

Preview 4:

* Improved ability to take a snapshot of volumes with many millions of files, especially in the 64-bit version, but also in the 32-bit version (if used with the /3GB switch or better in a 64-bit Windows).
* File header signature search further accelerated. Automatic file size detection for MPEG, MP3 in general, and index.dat.
* Option to copy child objects of selected files from search hit lists.
* Fixed some errors in earlier 16.4 Preview versions.
* Several minor improvements.

Preview 5:

* File header signature search: For each file type that the internally implemented algorithms in X-Ways Forensics know well and support with automatic size detection, the ID of the corresponding algorithm is now specified in the "File Type Signatures Search.txt" definition instead of a footer signature, following a tilde symbol (~). For example that can be useful if you create alternative definitions for a certain file type (e.g. to match a certain subtype only), to ensure that the sophisticated file size detection at work in X-Ways Forensics is still applied.
* Improved slow loading and saving of search hits in the 64-bit edition.
* Warns when trying to load the 64-bit viewer component from the 32-bit edition of X-Ways Forensics. (Some users now think the 64-bit viewer component is for 64-bit Windows, but it is for 64-bit X-Ways Forensics.)
* Fix for EDB processing in the 64-bit edition.
* Some minor fixes, several minor improvements, some internal restructuring.

Preview 6:

* Ability to run X-Tensions from the directory browser context menu and apply them to selected files.
* Fixes for several issues in Preview 4 and Preview 5.

Preview 7:

* Improved responsiveness when decompressing large file archives.
* Some minor improvements.
* Fixes for some more issues in v16.4 Preview.
* Ability to identify Btrfs file systems.

Preview 8:

* Speed for sorting by filename more than tripled.
* Accelerated file carving for large volume snapshots when finding many more files.
* Improvements for Exchange EDB extraction.
* Ability to add a selected block to the volume snapshot as a virtual file even from the case root window (in File mode).
* Ability to use the Name filter for keyword searches in filenames not only with GREP syntax.
* New flag "u" for the file header signature search that allows to carve files in unused clusters only.
* Several fixes and minor improvements.

Beta 1:

* Hashing with the MD5 algorithm (the mere computation, excluding disk I/O for reading data) further accelerated in the 32-bit edition by ~30%, with SHA-1 by ~20% (depends on the processor), and in the 64-bit edition it is now optimized, too, and even slightly faster than in the 32-bit edition!
* Further accelerated sorting by various columns.
* Several fixes and minor improvements.

Beta 2:

* MD4 and ed2k hash computation now optimized in the 64-bit edition, too.
* New file carving flag "F" (upper case) that makes X-Ways Forensics discard hits of the file header signature search if no corresponding footer can be found, provided that a footer signature is specified in the definition. Can be useful to reduce the number of or totally avoid false positives.
* In newly taken volume snapshots of physical disks, all virtual files covering unpartitioned areas will not be subject any more to volume snapshot refinement (e.g. hash computation) unless specifically targeted via tagging, to save time and because it does not make much sense. The same applies to partitioned areas on GPT+LDM disks that are not treated like partitions because they never contain a file system (only the dynamic volumes do).

Beta 3:

* Virtual files are now counted separately in the caption line of the directory browser and no longer included in the count of existing or previously existing files. The icons of virtual files and directories have been changed.
* If not using the crash-safe decoding option and if the viewer component crashes X-Ways Forensics when decoding a certain file, on the next start-up X-Ways Forensics points out more precisely that the crash occurred during the decoding step and recommends to activate crash-safe decoding (which is an option in Options | Viewer Programs).
* New flag "t" for the file header signature search that prevents X-Ways Forensics from listing carved files immediately with a confirmed file type. Useful for example for file format families such as XML, to determine the exact subtype later during file type verification.
* Several fixes and minor improvements.

Beta 4:

* When printing multiple selected files (using the viewer component), only a single print job will be submitted, for all files and (if selected) cover pages, such that no other print jobs sent to a shared printer can get in between and such that if you are printing to PDF you will only be prompted for a filename only once and all pages are printed to the same output file.
* Some fixes.

Beta 5:

* Files found in volume shadow copies are now specially marked if they are previous versions of files that were known to the volume snapshot already before the thorough file system data structure search. Remember you can sort by ID to see the files they are a previous version of next to them.
* Several minor improvements, some fixes.

Beta 6:

* Filter for the Owner column.
* More detailed filter for previously existing files.
* When activating or deactivating a filter, X-Ways Forensics now automatically selects the item in the directory browser again that you had clicked last, if it is still listed in the directory browser.
* Option to avoid that previous versions of files in volume shadow copies are added to the volume snapshot if they are exact duplicates (identical file contents) so that it is much easier to focus on files for which actually previous data is still available. See Options | Volume Snapshot. If fully selected, X-Ways Forensics will compare files up to 128 MB, if half selected, only up to 16 MB, as to not waste too much time on this feature.
* Fixed an error in the direct byte-wise translation for GREP that could cause some additional false hits.

Beta 7:

* AES encryption and decryption accelerated by 70% in the 64-bit edition and by 30% in the 32-bit edition.
* Ability to mark important evidence objects in the case root window with a yellow flag.
* More information evidence object selection dialog windows that show the number of files in each evidence object and the yellow flag, if it has one.
* Ability to tag or untag all items in the volume snapshots of all open evidence objects by clicking the case root icon with the middle mouse button.
* Ability to represent large offsets in decimal.
* Several fixes and minor improvements.

Beta 8:

* New encryption algorithm for .e01 evidence files: 128-bit AES in BE CTR mode, which is ~67% faster than the already accelerated implementation of 256-bit AES in LE CTR mode, for both encryption and decryption. Previous versions of X-Ways Forensics cannot open .e01 evidence file created with the new algorithm.
* That an iterative SHA-256 hash of both the password and the salt is stored in encrypted .e01 evidence file for password verification purposes is now optional when using the 256-bit AES option (see Security Options). Previous versions of X-Ways Forensics cannot open .e01 evidence file created without such a hash.
* Several fixes.

Beta 9:

* Ability to select file types for the file header signature search more conveniently grouped by categories instead of in a flat list.
* If a certain file for which a hash value was computed before or for which a hash value is computed at the same time (volume snapshot refinement) crashes X-Ways Forensics (of which you are usually informed in great detail when restarting X-Ways Forensics), identical files are now skipped automatically if you (continue to) refine the volume snapshot and compute hash values (at least if the protection against identical crasher files is active in the properties of the case). To make the case forget previous crasher files, click the Delete button in the case properties. Skipped files are automatically added to the report table "Reason for crash?".
* Several minor improvements.
* Some fixes.

Beta 10:

* Both Position submenus have been renamed Navigation.
* Two neat commands for navigation in the directory browser have been added to the context menu (Navigation submenu):

1) "See selected item in its directory" will show you the selected file or directory among its siblings. Useful to quickly check out whether there are more notable files in the same directory or to better understand the function of the file when you see it in context.

2) "See selected item from volume root" will show you the selected file among all other files in the same volume. Useful for example to see whether there are any files with the same name, the same ID (e.g. previous version from a volume shadow copy), same owner, same sender, or similar timestamps etc. etc. in the same file system (just sort accordingly).

Both commands can be also be used from within the case root window and from within search hit lists (so the previous "Go to file in directory browser" command becomes obsolete). Remember you can click the Back button in the toolbar to conveniently return to the previous view.

* When toggling between normal and recursive exploration of the same directory, e.g. by clicking the button with the turquoise curly arrow, X-Ways Forensics now automatically selects the last selected item again if it is still contained in the directory browser after the change.
* Ability to copy the text in the cell of the directory browser that you right-click to the clipboard. Previously users had to copy from Details mode.
* File format consistency check now supported for EXE, ZIP, RAR, JPEG, GIF, PNG, RIFF, BMP, PDF.
* A few minor improvements.

Beta 11:

* The user manual and program help have been updated for v16.4.
* File carving further improved for video files (MP4, f4v, pnot, FLV), iPhone files (sms.db, AddressBook.sqlitedb, notes.db) and binary plists.
* Some small fixes.

v16.4 will be officially released on March 22, 2012.[/more]
Автор: fire4x
Дата сообщения: 22.03.2012 21:14
И ведь вроде же есть в заразе этой русские буквы:

только она их понимать, собака, не хочет...
Автор: MrDarkGT
Дата сообщения: 22.03.2012 23:20

Цитата:
WinHex 16.4

Кейген от FFF для версии 16.2 уже не работает. Пишет вот такое:

"It seems you are still eligible to get this update for free. However, you cannot run this version as a full version using the detected license file "user.txt". Please visit http://www.x-ways.net/winhex/license.html and enter your registered e-mail address for more information."

Ну и окно About:



Так что велкам версия 16.3 SR-2, так всё работает хорошо.
Автор: SAT31
Дата сообщения: 23.03.2012 08:46
MrDarkGT
в варезник с этим
Автор: Magadan69
Дата сообщения: 09.04.2012 00:37
Ребята, покажите пожалуйста примерный порядок команд в скрипте для WinHex-а, чтобы открыть RAM запущенного приложения, поменять там пару байт и сохранить эти байты в памяти?
Просто почитал хелп по скриптам, но какими командами работать с памятью там не нашел. С файлами есть, может и памятью так-же? Сделайте пожалуйста набросочек.
Спасибо, что помогаете.
Автор: mikroberus
Дата сообщения: 17.04.2012 20:05
Меня тоже посылает......на сайт.Как зарегить эту версию 16.4 Может кто знает, уже сумел зарегить.

Добавлено:
Кто нашел полный ХЕЛП по проге поделитесь.
Автор: SAT31
Дата сообщения: 28.05.2012 10:23
WinHex 16.5
[more=Изменения:]Preview 1:

File Format Support

* Ability to view browser SQLite databases after generating previews for them using a new option in Specialist | Refine Volume Snapshot | Extract internal metadata, browser history and more, which also requires that the files have been checked for their true file type. Supports Firefox history, Firefox downloads, Firefox form history, Firefox sign-ons, Chrome cookies, Chrome archived history, Chrome history, Chrome log-in data, Chrome web data, Safari cache, and Safari feeds. Still testing.
* Ability to view Internet Explorer index.dat files after generating previews for them with the same function.
* Ability to generate previews as child objects for Windows Event Logs (.evt and .evtx).

(Future releases are supposed to generate such previews for even more file formats.)
* The new HTML child objects can not only be used internally by X-Ways Forensics for previews of the parent file. You can also view all of these tables in an external program such as your preferred browser or in MS Excel by sending these child object to the program of your choice (directory browser context menu). The existence of HTML child object with searchable text for browser data, event logs and more data sources in future releases also improves effectiveness of searches and indexing.
* Ability to view Outlook NK2 auto-complete files, Outlook WAB address books, and Internet Explorer travellog files (a.k.a. RecoveryStore).
* Ability to extract metadata from MS Access database files.

File System Support

* Support for MBR LVM2 and GPT LVM2 partitioned disks as commonly used by Fedora/Red Hat and also available in Debian. Single-disk approaches (like the default behaviour when installing Fedora on an ordinary hard drive) and spanned volumes (i.e. logical volumes spanning several physical disks) are supported, the latter require all constituent disks/images to be open in X-Ways Forensics in order to find all data required.
* NTFS FILE record 0x30 attribute timestamps are now displayed in Details mode next to their 0x10 counterparts.
* Ability to recognize the new ReFS file system as such.

File Carving

* File header signature search: That the start sectors of files that are already known to the volume snapshot are always excluded from file carving is now optional. Of course, X-Ways Forensics still tries to prevent duplicates, but if the file header signature definition or the internal file size detection is strong enough to suggest that a known deleted file was overwritten with a new file, then that new file will be carved although it shares the same start sector with the known file.
* If you intentionally abort the file header signature search or if the file header signature search causes X-Ways Forensics to crash, next time when you start a file header signature search in the same evidence object, you will find an option to resume it right where you had interrupted it, or where it was when the volume snapshot was last saved before the crash occurred (depends on the auto-save interval of the case).

Image Support

* Support for VMDK snapshot images. The base image and any preceding snapshot images have to be open and interpreted already when interpreting a later snapshot.
* Ability to create evidence file containers from File | Create Disk Image where some new users may expect that kind of functionality. (X-Ways Forensics only, not WinHex)
* The field to include notes in an .e01 evidence file when creating an image is now larger and allows to use line breaks. Useful if you wish to use it for more information and structure the notes more clearly.

Usability

* When starting volume snapshot refinements, simultaneous searches or indexing, most other functionality now remains accessible and usable. The directory browser, the case tree and all other user interface elements including all menus remain reasonably responsive most of the time. That means for example you can continue to view files, enter comments about them, add them to report tables, explore directories, activate or deactivate filters, sort files, print files, open and close other evidence objects. BTW, there is an option to minimize the small progress indicator window if you right-click its caption.
* Multiple dongles attached to the same computer (e.g. terminal server) are now supported, to allow for multiple simultaneous users at the same computer not only with multi-user dongles (cf. http://www.x-ways.net/forensics/dongle.html). Each user can select which dongle to use when starting up the software. The ID of the dongle that he or she had used last will be preselected. The textual notes that are stored in the dongles, if any, will also be displayed to make it easier to choose the right dongle.
* If the only filter that is active is the "naturally active" filter that causes hidden items not to be listed, and when items that are hidden are actually filtered out in the directory browser, then the additional filter icons that indicate an active filter are now displayed in gray, no longer in glaring blue, to reinforce the notion that is it *normal* that hidden items are not listed and nothing else is filtered out.
* Options in Name filter dialog clarified.
* The option to power down or hibernate the computer after completion of imaging or disk cloning is now available in the progress indicator window, so that you can still see during the process whether you had selected it and so that you can still change your mind.
* Virtually attached files now have a paperclip icon.
* Pressing the backspace key and spacebar now work in the case tree.
* Several minor improvements. Same fix level as v16.4 SR-5.

Preview 2:

* Revised extraction of e-mail messages and attachments from MSG files that does not require MAPI. Still testing.
* Ability to use the General Position Manager in File mode.
* Automatic highlighting of aligned FILETIME values in Disk/Partition/Volume and File mode. Useful when manually inspecting files of various Microsoft formats which may contain more timestamps than can be automatically extracted (try e.g. with index.dat, registry hives, .lnk shortcut files etc. etc.). If the lower half of a data window has the focus and FILETIME values are highlighted, you may also hover the mouse cursor over such a value to get a human readable interpretation of the timestamp. Alternatively, of course, you could get it from the data interpreter if you click the first byte of the value.
* The volume snapshot option "Include files whose clusters are unknown" has turned into one of the infamous 3-state options. If fully checked, all previously existing files of which metadata only is known will be included in a volume snapshot. If not checked at all, those files will be ignored. If half checked, only files for which more than just the name is known (e.g. size, attributes, and timestamps) will be included, e.g. found in index records in INDX buffers or in $LogFile in NTFS, but not directory entry remnants in Ext* or Reiser file systems.
* Some fixes and improvements, among them for Internet browser previews.

Preview 3:

* Some fixes.

Preview 4:

* Support for various UDF file system versions and specialties revised and considerably extended: Improved support for UDF when used on media other than optical discs, as well as added support for UDF virtual partitions and UDF metadata partitions.
* Several minor improvements.

Beta 1:

* New X-Tension API functions: XWF_CreateContainer, XWF_CopyToContainer, XWF_CloseContainer, XWF_CreateEvObj. New functionality was added to the XWF_SetItemInformation function. Cf. http://www.x-ways.net/forensics/x-tensions/api.html.
* A plug-in to run Python scripts as X-Tensions can now be downloaded from the X-Tension API web page, along with 2 sample scripts. Still in a testing stage!
* Automatic extraction of .lnk shortcut files from automaticdestinations-ms jump lists during volume snapshot refinement.
* Revised extraction of attachments from original .eml files.
* Preview available for Outlook Express DBX e-mail archives.
* Registry report definition files revised. New definition file Reg Report Autorun.txt included.
* View command now works for SQLite database and index.dat files that have HTML child object in the same way as Preview mode. Improved processing of SQLite databases.
* Support for named streams in UDF (the UDF implementation of alternate data streams as known from NTFS).
* Fixed inability to read from flat VMDK images.

Beta 2:

* Ability to reconstruct Linux software RAIDs from partitions. The partitions need to be opened before they can be selected.
* Revised support for SQLite databases.
* Ability to split HTML tables for browser databases and event logs after an arbitrary number of rows. You can set this number much higher if you do view the HTML previews externally with your preferred Internet browser and not with the viewer component.
* Ability to interpret certain VMDK images that previous v16.5 releases could not deal with.
* Improved ability to deal with corrupt .evtx event log files.
* Minor improvements.

Beta 3:

* The X-Tension API was noticeably extended:
Ability to load X-Tension DLLs from any directory. By default, X-Ways Forensics expects X-Tension DLL in the directory for scripts and templates.
Only selected X-Tensions will be executed, not all X-Tensions that were added to the list.
A new version of the Python plug-in and a minimal Python installation are now downloadable.
3 important new functions XWF_Search, XWF_OpenItem and XWF_Close were added.
XT_ProcessSearchHit now receives a handle of the item or volume in which a search hit was found, for optional further reading.
More return values for XT_Prepare supported.
New flag for XWF_OutputMessage function.
* A permanent preview can now be generated for $UsnJrnl:$J as part of metadata extraction, so that it does not have to be generated on demand when viewing or previewing this journal, which can be potentially time-consuming for large specimen (0.5 - 1.5 GB).
* Ability to only include associations with user-created report tables in evidence file containers, not those created by X-Ways Forensics itself. To make use of this feature, make sure that the option to export report table associations is only half checked when you create a container. This is now also the new default setting.
* Several minor improvements, some bug fixes.

Beta 4:

* Metadata extraction from Manifest.mbdx and Manifest.mbdb iPhone backup files.
* Revised extraction of e-mail messages and attachments from DBX e-mail archives. Still testing.
* HTML preview generation for certain file types updated.
* Fixed a byte level file header signature search error that occurred in Beta 3.
* Fixed error that occurred when sorting by the ST# column.
* Last parameter in XWF_GetItemInformation API function fixed.

Beta 5:

* Ability to select new e-mail extraction methods individually for PST, MSG, DBX, MBOX, and EML. The old extraction method for PST and MSG is a method previously described as "MAPI". The new method for PST was introduced long ago already and is the recommended standard setting. The new methods for all other file types are really new in v16.5. The old extraction methods will probably not be offered any more in future versions of X-Ways Forensics.
* One more option for the Internal ID filter.
* The simultaneous search could not be started from the context menu in some earlier beta versions. That was fixed.
* Some minor improvements.

v16.5 was just released.

Changes since the last beta version:
* Ability to generate previews of Skype's main.db database with contacts and file transfers.
* Extraction of e-mail messages and miscellaneous Outlook data from PST archives slightly updated and completed.
* Path filter extended. Multiple substrings (one per line) are now permitted, and there is a NOT option.
* Fix for NTFS support for media with a sector size of 4096 bytes.[/more]
Автор: MrDarkGT
Дата сообщения: 05.06.2012 00:09
У меня вот такая проблема: нужно от выбраной позиции выделить все до конца файла. Насколько понимаю, для этого предназначен инструмент 'Define block' из меню 'Edit'. В первом дропбоксе выбираю 'Current position', во втором - 'End of file'. Должно выделится всё до конца файла от заданой позиции (?) Но получается по другому:



В обоих полях устанавливаются одинаковые значения (текущей позиции). Приходится вручную вставлять адрес конца файла, тогда выделять (что не очень удобно). Так и должно быть? Или я что-то неправильно делаю?
Вот еще видео того, что я хотел сделать: http://rghost.ru/38481682
Кстати, в версии 16.1 (та, что с старым кейгеном) всё отлично работает. А дальше - фиг

Версия 16.3 SR-2
Спасибо.
Автор: SAT31
Дата сообщения: 06.06.2012 10:18
WinHex 16.5 SR-4
[more=Изменения:]SR-1:
* Certain types of VMDK snapshots failed to be recognized as such. This has been fixed.
* The new extraction method for e-mail attachments had flaws. Those were fixed.
* The attempt to view files externally or explore archives during ongoing other operations closed the progress indicator window for those other operations. That was fixed.

SR-2:
* The preview of $UsnJrnl:$J is now a true tab-delimited text file, according to user wishes. That means columns are not aligned any more when displayed internally by the viewer component.
* Avoided possible exception error that could occur when identifying SQLite databases.
* Fixed inability to sort in the case root window in certain situations.
* The Replace Hex Values command sometimes failed to find a sequence of hex values. That was fixed.

SR-3:
* Ability to carve in evidence file containers of the new format at the byte level. Useful as a work-around to find unaligned small files in selected other larger files (which have to be copied to the container first, though), without having to run the file header signature search at the byte level on an entire image or disk, which would output too many garbage files and require too much time.
* Hitting the Esc key now closes all filter dialog windows without activating or deactiving the filter. Before the same behavior was possible to achieve already by clicking the "x" button in the upper right corner of a dialog window.
* Important for those users who have customized the "File Type Categories.txt" file, file types had to be written in lower case characters, just like in the original file as provided by us, or else the file type filter and the category filter did not work correctly any more. This requirement has been removed.
* Adding the block as a virtual file to the volume snapshot did not work in search hit lists. This was fixed.

SR-4:
* Message "Please stop ongoing operation first" avoided in situations during logical searches where it should not occur.
* Extracting files from small other files using File Recovery by Type failed with a read error. That was fixed.
* Fixed an exception error that could occur under certain circumstances when using the Search | Continue Search command.
* Some minor improvements.[/more]
Автор: SAT31
Дата сообщения: 14.06.2012 15:41
WinHex 16.5 SR-6

Цитата:
SR-5:
* Improved stability when parsing corrupted $UsnJrnl:$J.
* Virtual directory "Modules" in Windows memory dumps preserved when running a thorough file system data structure search.
* Some fields in sent e-mails in Outlook PST/PST e-mail archives were not parsed correctly in v16.5. That was fixed.
* Several minor improvements/fixes.

SR-6:
* Faster, less memory intensive, and slightly more error-tolerant processing of Exchange EDB databases.
* Improved ability to list processes and DLL names in a 64-bit Windows via Tools | Open RAM.
* Filter for viewed items fixed.
* Fixed an error that could occur when searching for embedded pictures in files with a very long path.
* Error in Chinese user interface in v16.5 fixed.
* Avoided the message "Invalid, corrupt or simply unexpected directory entry found at offset ..." and the omission of invalid directory entries in FAT that can sometimes be found for files or directories with East Asian names.
* Some minor fixes and improvements.
Автор: Aqel
Дата сообщения: 21.06.2012 10:32
Nep перезалей пожалуйста ссылку на WinHex Russian Fixer, а то там хрень какая то грузится...
Автор: unreal666
Дата сообщения: 21.06.2012 10:51
Nep тут ни при чем. Он создатель темы, а не заливальщик файлов. Последний раз он отписывался в данной теме в январе 2004.
Автор: Aqel
Дата сообщения: 25.06.2012 10:39
unreal666
... я уже в другом форуме скачал Russian Fixer. Как в версии 16.0 кракозябы в меню winhex исправить, только без манипуляций с C_1252.NLS?
Автор: addhaloka
Дата сообщения: 25.06.2012 10:50
Aqel 11:39 25-06-2012
Цитата:
Как в версии 16.0 кракозябы в меню winhex исправить, только без манипуляций с C_1252.NLS?
Использовать english версию. Russian Fixer вообще никаким боком к кракозябрам в меню не относится.
Автор: Aqel
Дата сообщения: 25.06.2012 11:15
addhaloka
... да я знаю, что Russian Fixer исправляет ввод русских букв в Winhex. Английский я не уважаю, автор (нацист хренов) не собирается русский добавить, хотя ему предлагали уже готовый полный перевод winhex...
В старых версиях же переводили энтузиасты - всё путём было...
Автор: SAT31
Дата сообщения: 28.06.2012 10:29
WinHex 16.5 SR-8
[more=Изменения:]SR-7:
* Slight further improvements of Exchange EDB processing.
* More stable when extracting metadata from corrupt iPhone Backup files.
* More stable when processing .evtx event log files.
* More stable when detecting the size of SQLite databases when carving.
* More stable when extracting metadata from flash video files.
* More stable when extracting attachments from DBX e-mail archives (new method).
* Avoided endless loop when processing .msg files.
* Now based on libpng 1.5.11. Includes vulnerability fix of libpng 1.5.10.
* Some minor improvements and fixes.

SR-8:
* Accepts invalid FAT short filename directory entries as seen on Android smartphones. Previous versions reported such entries as invalid.
* Ability to display certain JPEG variants in the gallery that previous were not displayed.
* Avoided DLL dependencies that existed in v16.5 SR-7 x86.
* Fixed inability to display a list of physical search hits.
* Some minor improvements and fixes[/more]
Автор: SAT31
Дата сообщения: 29.06.2012 10:40
Русификатор WinHex 16.5 sr-8 от Localiz2
Автор: Nexusesus
Дата сообщения: 31.07.2012 01:38
Итак, в новых версиях поменяли защиту.
Для тех, кто хочет "на лету зафиксить" свой Winhex следуем инструкциям:
1. Для поддержки ввода кириллицы (да и не только) нужно открыть файл Winhex.exe (уже после русификации) тем же самым Winhex'ом и найти там строчку PeekMessageW и поменять её на PeekMessageA. DispatchMessageA трогать уже не нужно!!!
2. Если вы поставили русификатор и половина русских слов отображается каким-то хламом, то нужно сделать то же самое что и в ранних версиях, а именно - открыть Winhex.exe опять же в Winhex'е и найти пятую по очереди (именно пятую!) последовательность HEX значений 66 BE E4 04 и поменять на 66 BE E3 04. Вроде все, но в некоторых местах появляется непонятное ЧЧЧЧЧ. Для этого нужно уже найти последовательность (она только одна) HEX значений 66 BA E4 04 и поменять на 66 BA E3 04.
Автор: SAT31
Дата сообщения: 02.08.2012 17:43
WinHex 16.6
[more=Изменения:]What's new?
* Support for the XFS file system. Requires a forensic license.
* Ability to add a single file in a directory to the case using the File | Add File command in the Case Data window or via drag & drop to the Case Data window. If you wish to add more than 1 file from the same directory, continue to add the whole directory, just hide or remove those files that are irrelevant. This new kind of evidence object is backward compatible with v16.4 and v16.5. That means if you add a single file to the case, you can also work it in those older versions as well!
* .e01 evidence files with larger chunk sizes supported.
* Ability to use the registry viewer during ongoing other operations such as simultaneous searches and volume snapshot refinement.
* The progress indicator window now displays filenames in the same color in which they are displayed in the directory browser, as described in the legend.
* When indexing multiple evidence objects in a single step, those that are opened automatically by X-Ways Forensics for indexing will now be automatically closed again when indexing has completed for them (and the same again for optimization), so that the screen is not cluttered with data windows and not all volume snapshots need to be loaded at the same time, which can consume a lot of memory if they contain many millions of files.
* Many other minor improvements.
* Same fix level as v16.5 SR-7.

Preview 2:

* The contents of JAR archives are now included in volume snapshots only optionally. These archives usually contains many, many irrelevant files and are often deeply nested.
* Further improved stability when parsing corrupted $UsnJrnl:$J.
* Same fix level as v16.5 SR-8.

By way of exception, the 64-bit edition of v16.5 SR-8 may be added on top of the 32-bit v16.6 Preview 2. (Usually only exactly identical versions may be mixed in the same directory.)

Preview 3:

* Exchange EDB extraction further improved.
* For the Export List command all control codes <0x20 now filtered out from the Metadata column, except for line breaks and tabs that are still replaced with semicolons.
* Unlimited path substring lengths in the Path filter.
* Deals more gracefully with temporary dongle connection problems. Automatically resumes normal operation once the connection is re-established without user interaction. Useful for example if the dongle is attached to a dongle server when the network connection temporarily does not work.
* Some minor improvements.

Preview 4:

* XFS file system support further completed. Now traces of deleted files can be found. (In future releases only when running the particularly thorough file system data structure search.)
* Avoids duplicate search hits when searching unnecessarily in multiple code pages that are essentially equivalent for all or some of the search terms used. For example, many users seem to select both Latin-1 and UTF-8 even when searching for English language words only.
* Certain HTML e-mails extracted from PST/EDB are now more clearly marked as HTML format which in some cases helps to view them properly.
* Reliability of Exchange EDB processing further improved.
* Options | Volume Snapshot | [x] "NTFS: Search FILE records everywhere" is now one of the infamous three-state checkboxes. If fully checked, FILE records are searched as part of the particularly thorough file system data structure search everywhere in an NTFS partition, if half checked (default setting) only in volume shadow copy host files.
* Some minor improvements. Same fix level as v16.5 SR-9.

Preview 5:

* If the particularly thorough file system data structure search in an NTFS volume is aborted, X-Ways Forensics now remembers which volume shadow copies (if any) have been processed already and will skip those when you run this operation again.
* When extracting received e-mails from e-mail archives with no Delivery-Date: line in the header, X-Ways Forensics now takes the modification date from the end of the first Received: line.
* The paths for cases, images, temporary files, and the hash database maybe now be relative to the directory from where X-Ways Forensics is executed, e.g. like .\Cases and .\Temp. Useful as a configuration that you take on site to preview live systems so that all files will be created on your own external drive, yet in separate directories.
* That the slack of files that are omitted from logical searches is still searched is now optional. If the box for "Open and search files incl. slack" is fully checked, this option still has priority over all the options that can cause files to be omitted from the search, but not any more if only half checked.
* XFS file system support slightly revised.
* Some minor improvements.

* A few fixes for Exchange EDB support.

Beta 1:

* Revised representation of wtmp/utmp/btmp log-in records.
* Supports high-precision timestamps and creation timestamps in Ext4 file systems, where available.
* XFS support further revised.
* Now supports relative paths in Options | General starting with .. (the parent directory of the directory from where X-Ways Forensics is executed), not only . (the directory from where X-Ways Forensics is executed).
* Ability to extract all kinds of files from Safari cache.db browser cache files when refining the volume snapshot.
* Fixed a rare heap corruption error that was caused by a certain kind of GIF files.
* Some minor improvements and fixes.

Beta 2:

* Ability to verify multiple selected images in a case in a single operation, i.e. compute their hash values and automatically compare it to already known hash values, if any. You can find the menu command in the context menu of the case (i.e. the context menu that appears when right-clicking the case title where it is printed in bold letters).
* External viewer programs can now be specified with a relative path, too (one that starts with .\ or ..\).
* The Tools | Analyze ... command did not work in the 64-bit edition before. That was fixed.
* Some minor improvements.
* Fixes of v16.5 SR-10.

Error in 64-bit edition of Beta 2 fixed.

Beta 3:

* Ability to define search hits manually. Whenever you come across some relevant text, for example floating around in free space in Disk/Partition/Volume mode or within a certain file in File mode, you can select it as a block and right-click the block to add it as a so-called user search hit (i.e. some kind of search hit not found by the program). You can assign the search hit to an arbitrarily named search term/category. For example, if what you have found is related to suspect A, assign it as a search hit to a search term named after suspect A. If also related to suspect B, you can also assign it to another search term. You could also assign it to a real search term that you have used for an automatic search.

User search hits can be conveniently listed in and nicely exported from search hit lists just like ordinary (automatically generated) search hits. You can specify the correct code page for user search hits yourself when you define them, which may be essential to get the text displayed correctly. User search hits are stored related to an object in the volume snapshot if you define them in File mode. User search hits are forward compatible, i.e. older versions (v16.2 and later) can also see user search hits created by v16.6.
* Search hits may now have a theoretical maximum length of 65,535 bytes and are no longer truncated after 255 bytes.
* The maximum amount of context that can be included when exporting search hits was increased from 340 bytes to 1000 bytes, and can now be specified separately for context that precedes and context that follows the search hit, even 0 for one or the other. The latter is useful especially for technical searches (not keyword searches), where you have searched for example for a signature that indicates the start of a certain data record, where the data before the hit is irrelevant.
* Ability to execute X-Tensions in X-Ways Forensics directly from the main menu (Extra | Run X-Tensions). Useful for X-Tensions that don't interact with the volume snapshot or search hits of any particular volume, but for example create or otherwise manage evidence objects themselves. The nOpType parameter in the XT_Prepare function is XT_ACTION_RUN when executed that way. (http://www.x-ways.net/forensics/x-tensions/api.html)
* Ability to create a second copy of an image immediately when imaging a disk, which is much quicker than copying the image file later and makes sense if the 2nd copy is created on a different drive. Only the first copy will be automatically verified if desired. File spanning (i.e. when to start another image file segment) is kept in sync between both copies even when running out of space on one of the two target drives only.
* Deals more gracefully with the situation when the connection to the dongle is lost because the computer has been put in hibernation or on standby.
* Ability to center full window pictures views (not using the viewer component) on a 2nd monitor if you are operating windows with a desktop that spans two monitors.

Beta 4:

* Imaging write error of Beta 3 fixed.

Beta 5:

* Fixed index search error that appeared in v16.5.

Beta 6:

* Two new columns in the directory browser are now available with a forensic license: "Parent name" and "Child objects". Both columns come with filters. The filter for child object allows you for example to quickly find all e-mails that have an attachment with a certain name. The filter for parent name for example allows you to quickly find all attachments that were attached to e-mail with a subject that contains certain words. Note that filters for the columns Name, Parent name, and Child objects share the same settings and are mutually exclusive (cannot be active at the same time, one will deactivate the other).
* Revised support for word boundary anchors (\b) and whole word searches in the Simultaneous Search. (forensic license only) You can now define which characters should be considered parts of word. This is useful to avoid false hits for short words in binary garbage data or Base64 code and generally for users that consider numbers to be parts of words (such as in "GIF89"). Example: An undesirable hit for "band" in "7HZsIF9BaND4TpkSbSBS" can be prevented if you search for it as a whole word and if you additionally redefine the alphabet of word characters to include digits 0-9, so that the positions between "9" and "B" as well as between "D" and "4" are not considered word boundaries.

v16.6 was just released.

Changes since the last beta version:

* New option in Options | Viewer Programs that allows to automatically close the preview picture viewer window when a new picture is viewed (only when the internal graphics viewing library is used for pictures, not the viewer component).
* Refresh error fixed in templates with the "multiple" option.
* Notices in the Messages window when files are not included in a container of the new format again because of duplication.[/more]
-------------------
Русификатор WinHex 16.6 by Localiz2
Автор: Nexusesus
Дата сообщения: 02.08.2012 22:13
Русификатор то работает... Но! Он панахает поддержку горячих клавиш, например Ctrl+C для копирования. Да и перевод какой-то мммм... Уважаемые переводчики! Не пользуйтесь прогой Resourse Hacker, потому как она часто гробит EXE файлы. Ну и неужели нельзя нормально перевод то сделать? Хоть бери и самому переводи...
Автор: Engaged Clown
Дата сообщения: 03.08.2012 06:50
Nexusesus

Цитата:
Не пользуйтесь прогой Resourse Hacker, потому как она часто гробит EXE файлы.

А какая не гробит?

Страницы: 123456789101112131415161718192021222324252627

Предыдущая тема: Как грузануть RedHat при NTLoader в MBR?


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.