To add info about file-stucture for binaries: MZ-PE, ELF, Mach-O

[MikhailKasimov]

Hello!

Would be nice and useful, if wxHE has a separate window for displaying file-structure of MZ-PE, ELF and Mach-O formats. Doable?

[1] http://www.skyfree.org/linux/references/ELF_Format.pdf [2] https://source.winehq.org/source/include/winnt.h [3] https://www.microsoft.com/en-us/download/confirmation.aspx?id=19509 [4] https://lowlevelbits.org/parsing-mach-o-files/

[EUA]

It's possible to do that. But it requires a parser code for that. Doesn't it? Also it depends on which "info" do you wanted to see. wxHexEditor is built for really big files, primarily, not for small executable files.

If you like to find special offsets on binary file, tt's better to build a generic parser that support almost all different files via small parser scripts also discussed at #20 With such a structure, we also could easily inspect our S/HDD MBR and Partitions or image files.

If you asking like such a generic information like "file" command on linux, I can make some arrangement for that. Otherwise a file feature is definitely not on my schedule, yet. Sorry.

[MikhailKasimov]

But it requires a parser code for that. Doesn't it?

Yes, of course.

Also it depends on which "info" do you wanted to see.

Generally: Number of sections, their sizes, offsets (ideally - with highlighting in hex-window), file header info, file entry-point detection, CPU_type, flags, Export Allocation Table, Import Allocation Table (for PE/PE+), section's entropy and entire file entropy.

And yes, this is desirable feature, that can be released in future. We can discuss more closely on its specific features, when it is in you schedule-list.

Thanks!

[MikhailKasimov]

Number of sections, their sizes, offsets (ideally - with highlighting in hex-window)

Something in this way, for example: https://twitter.com/binitamshah/status/834221401787740160

Highlighting should be off by default.

[EUA]

That image from https://www.endgame.com/blog/lessons-trenches-obfuscation-and-pattern-recognition and he uses WinHex Unfortunately he does not use wxHexEditor with XORview Thru feature. Indeed I develop that feature just for Samsungs TV firmware binaries years ago while inspecting them at https://www.samygo.tv project. Not thought about if it could be useful some other files that much.

Well this is not possible with generic parser code on wxHexEditor and it does not come before v0.26 or better v0.30...