StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>In the end, Hex Fiend turned out to be <em>just</em> enough. What I was expecting to do:</p> <ol> <li>Convert a known value into hex</li> <li>Search for it</li> </ol> <p>What I actually did:</p> <ol> <li>Pick a random chunk of hex that looked like it might be a useful value</li> <li>Tell Hex Fiend to display it as integer, or as float, in either little endian or big endian, until it gave a plausible looking result (ie, 45.000 is a lot more plausible than some huge integer)</li> <li>Search for that result in the results I had from the closed source program.</li> <li>Document it, go back to step 1. (Except that normally the next chunk wouldn't be 'random', but would follow sequentially.)</li> </ol> <p>In this case there were really only three (binary) variables for how to interpret data:</p> <ol> <li>float or integer</li> <li>2 bytes or 4 bytes</li> <li>little or big endian</li> </ol> <p>With more variables the task would be a lot harder. It would have been nice if Hex Fiend could search for integers/floats directly, perhaps trying out the different combinations. Perhaps other hex viewers do.</p> <p>And to answer one of my original questions, 74078 turned out to be stored as 5E2101. A bit more trial and error and I would have got there. :)</p> <p><strong><em>UPDATE</em></strong> If I was doing this over, I'd use "<a href="http://www.synalysis.net/" rel="nofollow noreferrer">Synalyze It</a>!", a tool designed for exactly this purpose.</p> <p><img src="https://i.stack.imgur.com/16cYP.png" alt="enter image description here"></p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload