HexDive finds interesting strings in binary files

HexDive

You’ve found a mystery executable on your PC. What is it? Could it be malware? You check the file’s Properties dialog, and search for its name online, but can’t find anything useful.

One common next step is to open it in an editor. If the file isn’t packed then you might find it contains meaningful text strings -- company names, URLs, prompts, paths, Registry keys -- which will give you much more information about its origins and purpose.

There’s a problem: spotting any relevant text can be a challenge, especially when it’s scattered across hundreds of pages of binary garbage. But the free console-based HexDive can help, quickly finding and displaying the most interesting strings while ignoring everything else.

If you’ve tried analyzing executables then this will seem a familiar idea, and there are similar programs around. Typically they’ll scan through some binary file and spit out any lengthy string of printable characters, which does a reasonable basic job, but also means you get plenty of "W:BBnw#+SZX"-like junk amongst the valuable data.

HexDive is smarter, because it comes with a dictionary of keywords (which is also why it’s an 18.4MB download) and by default only displays the matches. Run something like hdive file.exe at the command line to view the results, or try hdive file.exe | clip to send them to the clipboard.

This extra intelligence really can save you time and hassle, but there’s also the possibility HexDive might leave out something important. Fortunately the developer has provided additional switches, like hdive -a file.exe to display all strings within a file.

We particularly like hdive -c file.exe , which displays every detected keyword with its context (the 80 surrounding bytes, see the screenshot).

If you ever need to analyze executables then HexDive really can help ensure you don’t miss anything important. Give it a try.

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.