GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
DHEX(1) FreeBSD General Commands Manual DHEX(1)

dhexhex editor with a diff mode

dhex [-x]

dhex [-h] [-v] [-g] [-k] [-ab -ad -ah -ao base address] [-f config-file] [-m marker-file] [-ob -od -oh -oo offset] [-r searchlog] [-sa -sab string (ascii)] [-sh -shb string (hex)] [-w searchlog] [file]

dhex [-h] [-v] [-g] [-k] [-a1b -a1d -a1h -a1o base address 1] [-a2b -a2d -a2h -a2o base address 2] [-cb] [-cd upper-limit] [-cl] [-f config-file] [-m marker-file] [-o1b -o1d -o1h -o1o offset1] [-o2b -o2d -o2h -o2o offset2] [-r1 searchlog1] [-r2 searchlog2] [-s1a -s1ab -s1h -s1hb string (ascii/hex)] [-s2a -s2ab -s2h -s2hb string (ascii/hex)] [-w1 searchlog1] [-w2 searchlog2] [file1 file2]

dhex is a hex editor. It can be used to alter individual bytes in large files. Since it is a text-mode programm based on ncurses, it can run in numerous scenarios. Its special feature is the diff mode: With it, the user has a visual tool for file comparison. This mode is invoked when dhex is called with two instead of one file as parameters.

All the options are case-insensitive and can be given as either upper- or lowercase characters.

-ad -ah -ao base address
After loading a file, every address gets a base address other than 0. With this, it is easier to work on partial memory dumps. The base address can be given as a binary one with [-ab] , as a decimal one with [-ad] , as a hexadecimal one with [-ah] or an octal with [-ao].
-a1d -a1h -a1o base address 1
 
-a2d -a2h -a2o base address 2
For the diff mode, it is possible to set two different base addresses. Again, a binary address can be given as [-a1b -a2b] , as decimal one with [-a1d -a2d] , as hexadecimal one with [-a1h -a2h] or an octal one with [-a1o -a2o].

This base address is calculated into the marker files as well as the searchlogs.

-cl
Diff mode only: The input files can be correlated from the command line with the best -cb or longest -cl match. This is very slow.
upper-limit
Diff mode only: The input files can be correlated from the command line with the minimum difference. To improve the correlation speed, an upper limit can be provided.
configfile
Usually, .dhexrc is being read from the invoker's home directory. With this parameter, any other config file can be loaded. See dhexrc(5) for a description of its file format.
Shows the license
Starts the hexcal
Shows the help screen
Starts the keyboard setup manually before any file is being loaded. This is very helpful when calling dhex from an exotic terminal.
markerfile
It is possible in dhex to set bookmarks and store them in a markerfile for later use. With this parameter, the markerfile is being read at start time, making it unnecesarry to read them later through the gui. Their file format is described in dhex_markers(5).
-od -oh -oo offset
After loading a file, the cursor is set to 0, and the first page of bytes is being shown on the screen. With one of those parameters it is possible to start at any other location in the file. The cursorposition could be given as a binary number with [-ob] , as a decimal one with [-od] , as a hexadecimal one with [-oh] or an octal with [-oo].
-o1d -o1h -o1o offset1
 
-o2d -o2h -o2o offset2
For the diff mode, it is possible to set two different cursorpositions at start time. Again, the cursorpositions can be given as a binary number with [-o1b -o2b] , as decimal one with [-o1d -o2d] , as hexadecimal one with [-o1h -o2h] or an octal one with [-o1o -o2o].

This way, the first few bytes in a file can be skipped, and just the rest can be compared.

searchlog
When searching from the command line, the offsets are being read from this searchlog. Its format is being decribed in dhex_searchlog(5).
searchlog1
 
searchlog2
When searching in two files simultanously, the offsets can be read from two different searchlogs.
-sab -sh -shb string
Instead of setting the cursor offset to an absolute value, it is possible to search for a specific string from the command line. If there is an additional [-ob -od -oh -oo offset] present, the search will start there. It is possible to read and write search logs with [-r searchlog] and [-w searchlog] respectively. With [-sa string] is being interpreted as ASCII. [-sh string] interprets it as hex. For backwards search, [-sab string] or [-shb string] can be applied.
-s1ab -s1h -s1hb string1
 
-s2ab -s2h -s2hb string2
In the diff mode, it is possible to search for two strings in two files simultanously.
Prints out the version of dhex.
searchlog
When searching from the command line, write the results into this searchlog and quit. It is being written in the format described in dhex_searchlog(5.)
searchlog1
 
searchlog2
When searching in two files simultanously, write the results from both searches into those log files.

Menus have hotkeys, they are being presented in a different color. To jump from one menu item to the next, the cursor keys or the TAB key can be used.

Input fields can be closed by pressing ESC, ENTER, or any cursor key. Only pressing ESC will not save the changes made in there.

When running dhex for the first time, without any configfile present, or with the parameter -k, the first screen shown is that of the keyboard setup. In this screen, the program asks the user to press certain keys. Which are (in order) ESCAPE, F1, F2, F3, F4, F5, F6, F7, F8, F9, F10, BACKSPACE, DEL, ENTER, TAB, UP, DOWN, RIGHT, LEFT, PG UP, PG DOWN, HOME, END. It also tells the user what it intends to do with those keys later. So the user can decide on any alternative he chooses. If he does not want to bind a specific function to a certain key, he can simply press ESCAPE and skip to the next question.

After pressing all the keys, the user can chose whether or not to write those keys into the config file.

The main screen is broken down into three columns: The first column contains the offset within the file for the current line. The second column contains the bytes in the file in hex format. Finally, the third coumn contains the same bytes, but this time in ascii format. If a byte is not printable, it is being substituted with a '.'. How many bytes are are being shown in a line depends on the width of the terminal. For example, if the terminal is 80 characters wide, 16 bytes are being shown in each line.

If no other [-o] or [-a] parameter was given at start time, the cursor is being set to offset 0. It is also being shown in the hex column. Here, it can be moved with the cursor keys. When entering a hexadecimal number, the file is being edited. The file can be edited in the ascii column as well, simply by pressing the TAB key (or whichever key was substituted for it in the keyboard setup). Pressing TAB again will return the cursor to the hex column. Pressing F9 (or its substitute) will undo the last of the changes. Changes are being shown in a differnt color.

Editing is not possible in the diff mode. Here, pressing the cursor keys will move both files synchronously.

Pressing F1 (or its substitute) will open the Goto... screen. Here, it is possible to jump to a specific address directly, without the need of scrolling there with the cursor keys. The address can be entered in the 'To' field, either absolute or relative (to leap over a specified amount of bytes). An absolute address is being chosen by pressing '=', and a relative one by pressing '+' or '-', for a positive or negative leap respectively. Regardless of the adressing mode, it has to be entered as a hexadecimal number.

It is also possible to set up to ten bookmarks in this screen: Pressing '0'...'9' will select one of them. Moving the cursor to "Set" and pressing ENTER will alter one of those book marks. The "Diff:" fields are showing the difference between the actual cursor position and the bookmark.

Bookmarks can be stored and loaded, for this there are the "Save Markers" and "Load Markers" items on the bottom. Upon selecting one of them, the user is being prompted for a filename. It is possible to load a marker file at start time, by providing the [-m markerfile] parameter. dhex_markers(5) describes the format of the marker files.

Pressing F2 (or its subsitute) will open the Search... screen. Here, a short string can be entered (either in hex, or in ascii). If no logfiles are being selected, the cursor will jump to the next occurance of this search string upon selection of "Go". It can be chosen if the search is supposed to be conducted forward of backwards.

To jump to the next occurance, F3 (or its substitute) has to be pressed. To jump to the previous one, F4 has to be pressed. The search itself wraps at the edges of the file, meaning that when it reaches the end, it will start from the beginning and vice versa.

Searchlogs are an advanced way of searching: Writing to the searchlog does not jump the cursor from one occurance to the next. Instead, it will write the offsets of all of them into the logfile. Their format is described in dhex_searchlog(5).

Reading from this searchlog means that the search does not cover the whole file: Only the addresses which have been provided in this file are being searched. Thus it is possible to search for specific changes. Like for example the number of lives stored in the save file of a game. dhex_searchlog(5) describes the format of the searchlog.

Pressing F5 (or its substitute) will open a small 64 bit calculator. This calculator is capable of not only performing arithmetic operations (+, -, *, /, modulo), but also logic ones. (and, or, xor, shift). There are three columns to enter numbers as hexadecimals, decimals or in binary format. Pressing 'x' will close this screen. Using the command line argument [-x] will start it from the commandline.

When dhex(1) is running in diff mode, pressing F6 (or its substitute) will open the dialog for file correlation. This will try to find the optimal offset between the two files. There are three algorithms available for finding this offset: Searching for the best match (as many bytes as possible are the same), the longest match (as many consecutive bytes match as possible), or the minimum difference (as little differences between the bytes as possible).

Even though it seems like the same at first, looking for the minimum difference is in fact faster. This can be improved even more, if the user sets an upper difference limit.

Upon selecting Go, the program will search for the optimal offset. This will take some time.

Pressing F10 (or its substitute) will close dhex. In case there have been changes made to the file, a save dialog opens up. Here, it is possible to select whether or not to write the changes back into the file.

$HOME/.dhexrc: The default location of the config file. If the $HOME-variable is not set, its location has to be provided manually.

Report bugs to ⟨dettus@dettus.net⟩. Make sure to include DHEX somewhere in the subject.

Written by Thomas Dettbarn

dhexrc(5), dhex_markers(5), dhex_searchlog(5)

January 19, 2019 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.