Ru-Board.club
← Вернуться в раздел «Программы»

» X-Ways WinHex

Автор: myusssr
Дата сообщения: 08.08.2013 14:19
olegigor5555

Цитата:
Возьми russian.dat от 17.2, и переименуй russian2.dat.

Прошу прощения, а где взять этот файл?
Он в директории с установленной программой?
Автор: Victor_VG
Дата сообщения: 08.08.2013 15:30
myusssr

Да, в версии 17.2 он есть в оригинальном дистрибутиве, и для экономии места диске можно просто кинуть хардлинк на него под другим именем, но в бинарнике 17.2 нет упоминаний russian2.dat. И я думаю что в ответе olegigor5555 речь шла о более старой версии 17.х где он по ошибке требовался.
Автор: SAT31
Дата сообщения: 13.08.2013 12:43
WinHex 17.2 SR-6
[more=Изменения:]SR-1:
* Fixed an exception error that occurred with thumbcache_256.db files.
* Fixed an exception error that could occur when extracting e-mail from Outlook Express DBX archives.
* Resolving same-target references on FAT volumes is now faster.

SR-2:
* PST/OST e-mail extraction in v17.2 depended on the presence of MSVCR100.dll, which may not be present in all Windows systems. This was avoided.
* Fixed an error that could lead to freezing when extracting data from Skype databases.
* Fixed an exception error that could occur during metadata extraction.
* Prevented a rare infinite loop that could occur when processing certain hive fragment files.
* Special handling of # in filenames when generating the case report.
* Some minor fixes and improvements.

SR-3:
* Several minor improvements and fixes for handling of certain file types, including Windows Registry files.
* Pipes now allowed in Name filter expressions (can be useful for GREP expressions).
* Fixed an error that could cause a wrong file size display in the directory browser for certain files found in volume shadow copies that had alternate data streams.
* Fixed inability to explore certain TAR archives automatically.

SR-4:
* Empty volume snapshots of partitions could result in v17.2 from exploring recursively from the case root when no volume snapshots of partitions had been taken previously. That was fixed.
* Some fixes for handling of certain file types.

SR-5:
* Miscellaneous fixes.

SR-6:
* Better handling of corrupt archives.
* Fixed memory leak in new indexing.
* Improvements for Exchange EDB extraction.
* Miscellaneous fixes.[/more]
Автор: foio
Дата сообщения: 10.09.2013 10:26
В winhex открываешь диск или его образ и видишь файловую структуру дополнительно к шестнадцатеричному коду. В каком другом hex-редакторе есть подобная функциональность?
Автор: SAT31
Дата сообщения: 12.09.2013 12:07
WinHex 17.3
[more=Изменения:]What's new?

* Calendar mode now represents all timestamps from all 6 timestamp columns of the regular directory browser (instead of just 3) for all listed files (instead of only selected files). The darker the gray color in the calendar for a day, the more timestamps on that day. Hovering the mouse cursor over a day in the calendar tells you the number of timestamps that fall on that day. Left-clicking on a day sets that day as the left boundary for the combined timestamp filter. Right-clicking on a day sets that day as the right boundary. Middle-clicking on a day hones in on that particular day only. If the same file is listed more than once (which can happen in a search hit list if it contains more than 1 search hit), then its timestamps are also represented more than once in the calendar.

* For event lists, Calendar mode now shows the number of events on each day (all events that are currently listed) using different shades of gray (the darker, the more events on that day). That allows you to quickly figure out when there was most activity and when there was no activity. Hovering the mouse cursor over a day in the calendar tells you the number of events on that day. Left-clicking on a day sets that day as the left boundary for the event timestamp filter. Right-clicking on a day sets that day as the right boundary. Middle-clicking on a day filter for that particular day only.

* If the corresponding timestamp filter is active, years are printed in blue in Calendar mode to remind you of the filter. To turn off the filter as always click the blue filter symbol in the caption line of the directory browser.

* Event timestamps from FAT file systems are now output adequately. They are not translated to local time and do not show more precision than they actually have.

* Timestamps in the normal directory browser that meet the timestamp filter condition are now highlighted. Timestamps in an event list that are identical to the event timestamp are now also highlighted.

* Better support for high DPI settings in Windows (larger than 125, non-XP style scaling), display no longer blurred. Still settings in the 100-125 range are recommended.

* Ability to create report table associations for files based on search terms that they contain. Useful if you wish to keep the information about which file contains which search terms even after deleting search hits, or to preserve it in evidence file containers. Report tables representing contained search terms are the 3rd kind of report tables, the first two being report tables created by X-Ways Forensics to make the user aware of certain file specialities and user-created general purpose report tables. Report tables representing search terms are recognized in evidence file containers by v17.3 and later.

* Ability to automatically associate siblings of selected files with report tables. Useful for example when reviewing search hits, if you find a relevant search hit in the attachment of an e-mail message and want to be sure to include other attachments of the same e-mail message in further processing, even if they do not contain search hits.

* Gallery display accelerated and flickering avoided in certain situations.

* Gallery thumbnails remain visible when proceeding to the next page until replaced by the new thumbnails of the next page, and can usually still be double-clicked. Useful if you still spot a potentially relevant picture after having pressed Page Dn or rolled the mouse wheel too early.

* Progress shown in taskbar in Windows 7 and later.

* Relative progress displayed when indexing large files and in some other situations.

* Includes hardlinks of the same file in containers of the new file format even if they have the same name.

* When copying selected files to an evidence file container, reports how many files were selected in addition to the number of files that were actually copied, for reasons of convenience. If all selected files were copied, that will be pointed out by the word "all". Previously the number of selected files could only be seen in the selection statistics below the directory browser.

* New flag "W" (upper case) supported in File Type Header Signatures Check Only.txt", which identifies header signatures that are too weak to newly detect the type of a file and are merely used to confirm the type suggested by the name extension of the file.

* X-Ways Forensics now remembers the sort criteria and the "Group files and directories" option separately
1) for the normal directory browser of a volume,
2) for the normal directory browser of a partitioned disk,
3) for search hit lists and
4) for event lists.

* Whole word searches now work for words in Western European languages in UTF-16 BE.

* The virtual "Free space" file is now shown in gray if the "net free space computation" option is active, as a reminder of the fact that it does not represent the entire free space when opened.

* Clickable offsets in the HTML representation of Windows .evtx event logs.

* The presence of a file named winhex.nouser in the installation directory forces a generic (not user-specific) configuration. Useful for example for portable use on an external USB hard disk, to avoid that you will inadvertently use an existing user-specific configuration on the same system when executing X-Ways Forensics. For more information about storing configurations please see http://www.x-ways.net/winhex/setup.html.[/more]
Автор: SAT31
Дата сообщения: 03.10.2013 09:26
WinHex 17.3 SR-5
[more=Изменения:]SR-1:
* Support for more event types in .evtx event logs.
* Fixed an exception error that could occur when embedding attachments in .eml files as Base64 code.
* Fixed an error in the Edit | Convert | Base64 -> Binary function.
* Avoided unnecessary error messages that could occur when generating events based on 0x30 timestamps.

SR-2:
* Some collisions of report table shortcuts resolved.
* Improved identification of .emlx files.
* Avoided a rare exception error when getting out of Calendar mode.

SR-3:
* Fixed an exception error that could occur when extracting 0x30 timestamps of certain previously existing files as events.
* Fixed an exception error that could occur when processing certain file archives.
* Some minor improvements.

SR-4:
* Tools | Disk Tools | Initialize MFT Records did not work when using WinHex in languages other than Western European ones. That was fixed.
* Prefetch file viewing and metadata extraction support was not active in SR-3. That was fixed.
* Some special code pages were not offered for selection in all functions related to code pages in SR-3. That was fixed.
* Some pictures were not checked for their amount of skin colors in v17.3, resulting in "?" in the SC% column. That was fixed.

SR-5:
* Fixed an exception error that occurred in v17.3 under Windows PE/FE when starting operations with a progress bar.
* Fixed some rare exception errors.
* Improved processing of volume shadow copies.
* Some minor improvements.[/more]
Автор: DollHack
Дата сообщения: 13.11.2013 20:41
WinHex 17.4
[more=Изменения..](please note that most changes affect the forensic edition of WinHex only, i.e. X-Ways Forensics)

Keyword Searches


Ability to conveniently run non-GREP index searches for search terms that contain spaces, just like in conventional searches. This is very important for names (e.g. "John Doe" or "XYZ Technology Ltd") and spaced compound words (e.g. "bank account" or "credit card limit"). New index only.

This works even if the individual components of the compound already exceed the maximum word length that was indexed (by default 7 characters), so that you will have no trouble finding "basketball positions" (10+9 letters) or "skyscraper architecture" (10+12 letters). Just as always the components are only matched up to the length that was indexed, which is not a big problem because there are not many words other than "basketball" and "skyscraper" that start with "basketb" or "skyscra", respectively.

In fact the spaces in the search terms match unindexed word delimiters other than space characters as well, such as hyphens, so you will also find "Spider-Man" and "freeze-dried" when searching for "spider man" and "freeze dried", or underscores as in "bank_account" (think of a filename like "bank_account.html") or plus signs as in "credit+card" (e.g. common in Google search URLs when searching for more than 1 word). So in that respect index searches are now even more powerful than conventional searches.

Defining spaces as being part of words is now finally a big no-no.


NEAR combination of search hits is now supported for more than 2 selected search terms. The effect is that a search hit is listed only if any of the other selected search terms occurs nearby.

File Analysis


Block-wise hashing may allow to identify complete or incomplete remnants of known notable files that are still floating around in free drive space even if they were fragmented and the location of the fragments is unknown, to show with some or very high certainty that these files once existed on that medium.

Most suitable for selected notable files larger than a few sectors, files that are ideally compressed or at least not only sparsely populated with non-zero data and do not contain otherwise trivial combinations of bytes values that occur frequently. Good examples are zip-styled Office documents, pictures and video files. Very trivial blocks within a file that consist of mostly just 1 hash value are ignored and not hashed (the same already when creating the hash set). For quicker matching, ideally work with a small hash database and do not select a hash type stronger than MD5.

Hash sets of block hashes can be created or imported in the same way as ordinary hash sets, but are handled by a separate hash database, which internally is stored in a subdirectory of the main hash database directory. You can create hash sets consisting of the block hashes of 1 file at a time, or combined hash sets of multiple selected files. The block size is currently always 512 bytes.

Block hash matches may be found as part of volume snapshot refinements. The hash values are computed when reading from the evidence object sector-wise, and that happens at the same time when running a file header signature search if selected, to avoid unnecessary duplicated I/O, with the same sector scope. Matches are returned as a special kind of search hits. Multiple matches for contiguous block are more meaningful than isolated individual matches, as they are even less likely the result of some coincidence, and they are usually combined in a single hit. The size of all such hits is shown when listing search hits. The larger the size, the higher the evidentiary value of the match. Please note that X-Ways Forensics does not verify itself that contiguous matching blocks are in the same order as in the original file(s), but that can be verified manually, and for data that is as unique as compressed data that is most likely the case.


Ability to freely carve any kind of file within any kind of file, not just those marked with the "e" flag, with a second sub-operation of "Uncover embedded data in certain file types". Use great caution to avoid delays and copious amounts of garbage files (false positives) and duplicates.

Signatures marked with the "E" flag (upper case) are never carved within other files, to prevent the worst effects, for example MPEG frames carved within MPEG videos, zip records carved within zip archives, .eml, .html and .mbox files carved within e-mail archives, .hbin registry fragments carved within registry hives. If you know what you are doing (e.g. if you are an X-PERT), of course you could remove the E flag.

Please apply this new function very carefully and only with a good reason to specifically targeted files only, such as swap files or storage files in which backup application concatenate other files without compression. Do not apply this function blindly to all files or random files. Remember with great power comes great responsibility.

There is an option to apply the carving procedure recursively, that means to those files again that were already carved within other files. This can lead to many duplicates if the outer file at level 1 is carved too big so that files can be carved in it that were also carved at level 0 (the original file).

For situations were you want to carve embedded files that are not aligned at 512-byte boundaries in the original file, you may make use of the extensive byte-level option. In such a case one of the biggest mistakes to make would be to carve at the byte level in $MFT, which typically contains many small files stored as resident/inline, but which of course is fully processed already when taking the volume snapshot. Hence the option to always exclude $MFT at the very least.


Uncovering embedded data in various files based on byte-level file carving with the "e" flag is no longer limited to file types with a tilde ("~") method.


Prevents a crash that could occur in the 64-bit edition under Windows 8 when running the encryption test.

Gallery


For large JPEG, PNG, GIF and TIFF files, at the same time when analyzing the colors in the pictures during volume snapshot refinement, X-Ways Forensics can now optionally also create thumbnails in advance for much quicker display updates in Gallery mode later. Internal thumbnails are only created if no original thumbnails are embedded in the files and extracted at the same time, and they are actually utilized for the gallery only if auxiliary thumbnails are enabled (see Options | General).

(To discard all internal thumbnails, but keep the computed skin color percentages, you may delete the file "Secondary 1" in the "_" subdirectory of an evidence object behind X-Ways Forensics' back, when the evidence object is not currently open.)


Improved representation of videos with extracted stills in the gallery, showing all stills in a loop, to give a much more complete impression of the contents of videos without further user interaction (without having to explore them).

An alternative efficient way to review a large number of videos now seems to be this: Explore recursively, filter for videos, sort in descending order by number of child objects (so that videos with a similar number of stills are shown together), and activate Gallery mode. Watch the various video stills for each video. Proceed to the next gallery page when you are confident that no incriminating videos are represented on the current page, for example when all stills have been shown, which you will know is the case when the gallery has rotated back to the first still for each video.

"Allow auxiliary thumbnails" is now a 3-state checkbox. To disable the new representation of videos described above, you can half-check that box.


When a View window displays a picture, if limited to one such window, that window will be updated with the next picture when you hit the cursor keys in the gallery. Useful especially if the View window is centered on the second monitor if the gallery is on the first monitor, on a spanned desktop. Avoids having to press the Enter key to view the picture and another key to close the View window to get the input focus back to the gallery.


X-Ways Forensics now by default extracts embedded JPEG thumbnails from .cr2 raw files. The first extracted thumbnail becomes the preview and gallery representation of a .cr2 raw file.

File Format Support


Support for Windows.edb of Windows 8.1.


Improved support for thumbcaches in Windows 8 and Windows 8.1.


Greatly improved ability to repair inconsistent EDB databases. Several changes and fixes which improve reliability when processing EDB databases in general.


.evtx event log preview shows the username, old time and new time for system time changes.


Minor fixes and improvements for EDB and SQLite database extraction.


Reduced memory consumption of the registry viewer.


Separate file type category for spreadsheets.


New file type category "Page Layout".


New file types in the ZIP and XML families defined.


Several new and revised file type signature definitions.

Timestamps & Events


A filter for event descriptions is now available.


Improved tooltips in Calendar mode.


When in Calendar mode and not showing events, you can now select which column's timestamp should be included in the calendar. Columns that are hidden (have a width of 0 pixels) are excluded, all other columns are included. The status bar reminds you which columns are included even if not currently visible because of horizontal scrolling.


More timestamps extracted from Prefetch files.


X-Ways Forensics now outputs all entries in .evtx event log files as events. Most of these events now come with a description that includes the event source, the event ID and the record number. The record number allows you to quickly search for the record in the HTML preview if you need further details about that particular event.


Extraction of MS Windows operating system update events from DataStore.edb.


The directory browser column "Internal creation" is now called "Content creation".

Usability & User Interface


Ability to filter for duplicates of files in X-Ways Investigator, by right-clicking a given file in the directory browser with an available hash value. Actually filters for that hash value. As in previous versions, the actual hash values are not displayed in X-Ways Investigator. The same command is also used in X-Ways Forensics and supersedes the "Filter by [hash value]" command that required to right-click the cell with the hash value.


New investigator.ini option +51 prevents listing of excluded items (opposite of +31). Useful to intentionally keep users of X-Ways Investigator from seeing certain files.


Greatly accelerated loading of large registry hives into the registry viewer.


No longer loses the block definition when switching from Partition to File mode and back.


Chinese and Italian translation of the user interface updated.


Acoustic signals before shutdowns (e.g. after imaging or volume snapshot refinement) to give users a better chance to abort it if they have changed their mind.

File System Support


When taking a volume snapshot, symbolic links are now connected to their targets in the volume snapshot as so-called related files, so that you can conveniently navigate to the target by pressing Shift+Backspace. Also one of potentially several symlinks pointing to a certain target will become the related file of the target, so that you can conveniently navigate to the symlink or quickly see in the first place that one or more symlinks exist that point to a certain target, since any file that has a "related" file in the volume snapshot is marked with a tiny blue arrow next to its icon. Also the same arrow will tell you whether the target of a symlink can actually be found in the file system. If a symlink links to other symlinks, those are not recursively linked. If resolving symlink takes to long because there are many symlinks in a volume, you may safely abort that step at any time.


When taking a snapshot of volumes with Windows installations, certain reparse points (a.k.a. junction points) are now connected to their targets in the volume snapshot just like as symlinks in Unix-based file systems, so that you can conveniently navigate to the target by pressing Shift+Backspace. Also there will be a back-reference to one reparse point, so that you can conveniently navigate to that reparse point or quickly see in the first place that one or more reparse points exist that link to a certain directory, since any directory that has a "related" directoy in the volume snapshot is marked with a tiny blue arrow next to its icon. Forensic license only. Reparse points that do not get connected with their target directories will still show a comment that advises you of the target path as in earlier versions of X-Ways Forensics.


For reparse points in NTFS, File mode now shows the reparse point target information instead of the directory's empty index root.


A secondary tooltip now appears for files with a "related" file when hovering the mouse cursor over the icon, which tells you the path and name of that related file, for example the target of a symbolic link.


Improved support for volume shadow snapshot properties files of Windows 8.1.


Improved ability to write certain sectors on drive letters.

Image Support


Support for .e01 evidence file with an exotic internal chunk size of more than 0.5 MB as apparently used by default by Wiebetech Ditto devices. (Note that the standard size is 32 KB).


It is now possible to store the hash values of files in evidence file containers even when including only metadata of the files, as long as the hash value of the files have been computed already and stored in the volume snapshot.


The non-forensic version of WinHex did not write the hash value of created raw images into the text file. That will be fixed with v17.4.

Miscellaneous


New X-Tensions API function XWF_GetVSProp introduced.


Support for Unicode characters in template filenames.


New Venezuela time zone defined.


User manual and program help were updated.


Various minor improvements and some small bug fixes.[/more]
Автор: EjikNET
Дата сообщения: 10.01.2014 13:40
С прошедшими праздниками всех!

Ребят, подскажите пожалуйста (решение наверно простецкое, но я в этом деле "ни бум бум" )..

Ситуация такая: Нужно было в телефоне поменять карту 16Гб (microSD) на бОльшую (32Гб) сохранив все данные... Полазив по сети натыкался на много статей - в большинстве, советовали воспользоваться WinHex'ом (типа просто и надежно - клониорвал, записал и радуешься)..

Итак.. Клонировал карту в WinHex и решил записать на другую флешку.. Записал опять таки с помощь хекса...

В итоге - все работает (читается), только 32-х гиговая карта отображается как 15 - т.е. по размеру клонированного в хексе образа), что в телефоне, что в винде...


Причем видно, что место есть и прога показывает его отдельным файлом:




Посмотрел с помощью R-Studio Network 7.1 - нашел "Свободное место", пустое, как раз с отсутствующим объемом.. Но в Студии не смог объединить - вроде нет такой функции..




Копался в WinHex - тоже не смог ничего (пытался найти пункт, где размер указать можно было б, но, увы..) т.к. хоть и руссифицированная прога, но +/- 50% один фиг на английском..

Каким образом можно "растянуть" карту до заводских размеров?? Или объединить как нибудь, чем нибудь?? ОЧЕНЬ желательно оставив на карте все данные...

Очень надо... Заранее благодарю!

P.S. Эта тема для многих полезна будет, т.к. вопросов точно таких же море, а внятного ответа (я по крайней мере не нашел) нет...

Автор: olegigor5555
Дата сообщения: 11.01.2014 23:23
EjikNET, доброй ночи

Цитата:
В итоге - все работает (читается), только 32-х гиговая карта отображается как 15 - т.е. по размеру клонированного в хексе образа), что в телефоне, что в винде...

Понятно, ты ж всЁ клонировал - включая и MBR (со старым "размером").

Цитата:
Каким образом можно "растянуть" карту до заводских размеров??...

Прямо в любой СемЁрке/ВосьмЁрке зайди в "Управление дисками" и расширь раздел. До нужных тебе пределов. Не говоря о том, что (если вдруг не получится) проделать это в какком-нибудь не очень старом ParagonHard Disk Manager-e.
[more=Картинка...] [/more]
[more=ЕщЁ картинка...] [/more]
Автор: alpost
Дата сообщения: 28.01.2014 14:40
17.5
[more=What's new? ]* Extended multi-user support for large cases. Useful when multiple examiners process the same case at different times or different evidence objects of the same case at the same time, and wish to tell apart their own results from their colleagues' results. Report table associations, comments and search terms/hits of different examiners can optionally be distinguished, by showing the creating examiner's initials (default) or other abbreviations of their names or (if no abbreviation is specified) their complete usernames. The same file can be associated with the same report table only by 1 examiner.

Examiners can choose whether or not they get to see report table associations of other users. All related options can be found by clicking the "..." button for the extended multi-user support. Extended multi-user support can only be enabled for new cases, in the case properties dialog window. Older versions cannot open cases with support enabled. Examiners are recognized internally by their Windows user accounts. A maximum of 255 examiners is supported per case.

* Ability to review the processing history of a case in its properties, which reveals which versions were used on it (recorded only by v17.3 SR-10 and later, v17.4 SR-4 and later and v17.5 and later) and by which users (recorded only by v17.5 and later, even without extended multi-user support).

* The existence of extended attributes for files in NTFS ($EA attributes) is now revealed in the Attr. column in newly taken volume snapshots, and you can filter for the presence of such attributes. Useful to detect certain malware as seen in recent high-profile cases.

* Considerably improved treatment of hard-linked files in HFS+. Resolving hard links is now much faster and thorough in current HFS+ volumes that heavily use hard links because of Time Machine. Hard links to directories and resource-only files are now also resolved. The hard link count is accurately represented. All hard links except for 1 are optionally omitted from logical searches, just as in NTFS, to avoid excessive duplication of data to be searched and duplication of search hits. Hard links that are ignored are identified by a grayed out hard-link count (no longer by an asterisk as in previous versions). Additionally, iNode files (indirect node files) that got connected with the hard links that reference them as so-called "related items" in the volume snapshot are omitted. Should the hard-link count of an iNode file be not grayed out, that indicates an orphaned iNode file (one that is not referenced by any hard-linked file, at least not in the volume snapshot). Comments are no longer used for hard-linked files in HFS+.

* The names of the authors of documents of various types (DOC, XLS, PPT, RTF, PDF, more in future releases) are now output in a new column named "Author" after metadata extraction.

* The page count is now extracted from PDF and some Office file types (more in future releases) as part of metadata extraction and shown in a new column.

* Extraction of pictures that are embedded as Base64 in VCF files (electronic business cards).

* Option to create report table associations for files that were successfully added to a skeleton image using the directory browser context menu command.

* Extraction of events from Unix/Linux/Macintosh system logs. These events are practically of significance especially for USB device history examinations.

* File type identification of MMAP, IDML, INCX, EDX, ENML, NBI.

* Sorting and filtering by comments and extracted metadata greatly accelerated for huge volume snapshots in which a huge number of files have comments or extracted metadata.

* Sorting by certain directory browser columns such as owner, author, sender, recipients, report tables, comments, extracted metadata, search terms, hash set is now more user-friendly, in that items with blanks (i.e. unknown owner, unknown author, no report table associations, no comments, ...) are listed last, not first. Also, the default sort order of the hash category column is now descending.

* Improved detection of non-standard LVM2 container partitions.

* Several minor improvements.

* Same fix level as v17.4 SR-4.[/more]
Автор: DimitarSerg
Дата сообщения: 30.01.2014 15:23
Интерфейс стал приятнее, но и баги появились (

Автор: Victor_VG
Дата сообщения: 30.01.2014 15:51
DimitarSerg

Ща поправит, а в новой версии 17.6 будут новые ошибки. Хотя по идее знать бы какой там стоит акселератор и самому поправить не сложно.
Автор: DimitarSerg
Дата сообщения: 30.01.2014 16:14

Цитата:
самому поправить не сложно.

Я его не ковырял и черт его знает, нету ли там проверок целостности Поэтому подожду фикс от автора.
Это так, мелочь, я давно хоткеи выучил, так как это один из мои основных инстр-тов.

Добавлено:
p.s. А бага во 2-м ресурсе MENU, и не только во втором. Первых 6 перенес из 17.4 - вроде робит.
Автор: addhaloka
Дата сообщения: 30.01.2014 16:16
Victor_VG 17:51 30-01-2014
Цитата:
Хотя по идее знать бы какой там стоит акселератор и самому поправить не сложно.

Похоже, меню надо править:


p.s. У меня так показывает:

Так и задумывалось или всё же баг (у DimitarSerg на скрине явно баг, а тут хз)?
Автор: Nexusesus
Дата сообщения: 30.01.2014 16:19

Цитата:
Интерфейс стал приятнее, но и баги появились (

Глюков - немеряно, особенно при открытии нескольких копий WinHex. Также глюки при поиске HEX и текстовых значений с конца файла в начало, то есть, реверсивный поиск. Уже которую версию наблюдаю, одни и те же баги в программе. Приходится постоянно сидеть на 16 версии, так как на 17-х иногда возникают критические неточности в работе.
Автор: DimitarSerg
Дата сообщения: 30.01.2014 16:24
addhaloka
можно байты глянуть в хексе, имхо явный баг.


Nexusesus
Какая последняя 16-ая ? Выложи пожалуйста. А то я ооочень долго на 15.8 сидел, недавно апгрейд делал на 17.4, теперь вот 17.5 на свою голову (
Автор: addhaloka
Дата сообщения: 30.01.2014 16:27
DimitarSerg 18:24 30-01-2014
Цитата:
можно байты глянуть в хексе, имхо явный баг.

Да, уже понял. Я сначала подумал, что только Shift в таком виде, а оказалось и некоторые другие клавиши так же.

Добавлено:
DimitarSerg 18:14 30-01-2014
Цитата:
вроде робит.

Тоже поправил - проблем вроде нет. Правда у меня уже до этого правленный был (фикс кириллицы), поэтому на проверки целостности как-то уже пох.
Автор: Victor_VG
Дата сообщения: 30.01.2014 16:41
addhaloka

Дельфи - структура характерная, её сразу по RCData можно узнать...
Автор: Nexusesus
Дата сообщения: 30.01.2014 17:20

Цитата:
Какая последняя 16-ая ? Выложи пожалуйста. А то я ооочень долго на 15.8 сидел, недавно апгрейд делал на 17.4, теперь вот 17.5 на свою голову (

У меня старье - 16.0 SR3. Вот его архив: http://rghost.ru/52065237
Пытался перейти на более новые, но там постоянно какие-то новые тараканы выскакивали. Короче, не срослось у меня с новыми версиями.
Автор: andrejka_k
Дата сообщения: 20.02.2014 21:27
Пoдcкaжитe, пoжaлyйcтa, мoжнo ли пpи пoмoщи WinHex paзpeзaть бoльшoй фaйл нa пpoизвoльнoe чиcлo фpaгмeнтoв paзнoгo paзмepa, чтoбы зaтeм eгo coбpaть вoeдинo.
Haпpимep, нeoбxoдимo paзбить фaйл нa 3 чacти в cлeдyющиx пoзицияx:
1) c нaчaлa фaйлa дo пoзиции 1005 бaйт;
2) c пoзиции 1006 бaйт дo пoзиции 34567 бaйт;
3) c пoзиции 34568 бaйт дo кoнцa фaйлa.
A пoтoм eгo coбpaть, т.e. пoлyчить иcxoдный фaйл.
Мoгy oшибaтьcя в пoнятияx, нo cмыcл зaдaчи пocтapaлcя излoжить пpeдeльнo яcнo
Kcтaти, coбpaнный из фpaгмeнтoв фaйл бyдeт идeнтичeн иcxoднoмy (т.e. пpи pacчeтe дacт тaкиe жe знaчeния кoнтpoльныx cyмм, кaк и иcxoдный)?
Cпacибo.
Автор: olegigor5555
Дата сообщения: 20.02.2014 22:07
andrejka_k

Цитата:
мoжнo ли пpи пoмoщи WinHex paзpeзaть бoльшoй фaйл нa пpoизвoльнoe чиcлo фpaгмeнтoв paзнoгo paзмepa, чтoбы зaтeм eгo coбpaть вoeдинo

Да, и наверное не только при помощи WinHEX-а.
Автор: andrejka_k
Дата сообщения: 21.02.2014 04:44
olegigor5555
А как это сделать (в т.ч. без помощи WinHex)? Помню много лет назад была малюсенькая утилита под DOS, которая резала файлы как угодно. Но ее название забыл, а все программы, которые я находил в гугле имели опцию разрезки на любое число фрагментов строго фиксированного размера.
Автор: olegigor5555
Дата сообщения: 21.02.2014 10:27
andrejka_k

Цитата:
не только при помощи WinHEX-а

Подразумевалось, и другими hex-редакторами. Чтоб разрезать - выделяешь каждый "кусок", копируешь его и вставляешь в новый файл. Чтоб собрать - создаЁшь пустой файл (с общим размером, как у старого). И вставляешь в него, в правильном порядке, все "куски".
Автор: A1eksandr1
Дата сообщения: 21.02.2014 10:45
andrejka_k
Если цель - перетащить крупный файл на носителях более мелкого размера, не проще в каком нибудь winrar создать многотомный архив без сжатия
Автор: olegigor5555
Дата сообщения: 21.02.2014 10:58
A1eksandr1

Цитата:
создать многотомный архив без сжатия

В том то и дело - стоит конкретная задача: порезать на "куски" произвольного разного размера.
Автор: alpost
Дата сообщения: 17.03.2014 15:30
WinHex 17.5 SR-9
[more]* Some minor improvements.

* Fixed an exception error that occurred in the original and regular WinHex 17.5 when displaying the Data Interpreter context menu.[/more]
Автор: addhaloka
Дата сообщения: 17.03.2014 20:11

Цитата:
WinHex 17.5 SR-9

Косяк в меню не исправлен.
Автор: Nexusesus
Дата сообщения: 17.03.2014 22:04

Цитата:
Косяк в меню не исправлен.

Да ну его нахрен... Автор уже, наверное, сошел с ума раз не видит что он делает. Это ж как нужно писать программу, чтобы в упор не увидеть явнейший баг!!! Я уже было хотел приступить к более качественной русификации программы, да и заодно и справку перевести к ней, но увидел, что программа становится все хуже и хуже...
Автор: DollHack
Дата сообщения: 26.03.2014 12:24
17.6 качается.
Автор: SAT31
Дата сообщения: 26.03.2014 12:35
DollHack

Цитата:
17.6 качается.

X-Ways Imager:
1) Ability to immediately verify newly created images.
2) Ability to convert raw images to .e01 evidence files or vice versa (after opening and interpreting the existing images).
3) Ability to open ordinary binary files in X-Ways Imager.
4) Ability to copy selected sectors or byte ranges from ordinary files, images or disks into the clipboard or into new files.
5) Ability to navigate to specific sector numbers.

* Metadata extraction from IconCache.db files. Important Windows artifact that can help to prove executions of programs for example in malware investigations.
* Ability to reconstruct e-mail messages from the Livecomm.edb database, which is used by the Windows Mail client (Windows 7 and newer) as part of the "uncover embedded data" operation. Also extracts contact and account information.
* File type detection and categorization updated.
* X-Tensions API: A new function named XWF_AddEvent was introduced, which allows to add events to the event hit list of an evidence object. XT_Prepare and XT_Finalize now receive a handle to the evidence object that the X-Tension is applied to.
* The old indexing engine was removed.
* Some minor improvements.

Страницы: 123456789101112131415161718192021222324252627

Предыдущая тема: Как грузануть RedHat при NTLoader в MBR?


Форум Ru-Board.club — поднят 15-09-2016 числа. Цель - сохранить наследие старого Ru-Board, истории становления российского интернета. Сделано для людей.