Introducing PyHiew

PyHiew (open source project) is a Hiew external module (HEM) that allows users to write Python scripts that can interface with Hiew.

It wraps most of the functionality present in the HEM SDK, thus allowing the users to programmatically access Hiew and do things like:

  • Create windows
  • Create menus
  • Show messages
  • Get input from user
  • File I/O: Read, Write, Find
  • etc…

For example, here is a “Hello world” script:

import hiew

hiew.Message(“Hi”, “Hello world!”)

hello_world

To demonstrate how it works, let us download the pre-compiled package and install it:

  • Unzip the package to %HIEW%
  • Verify that %HIEW%\pyhiew folder exists
  • Make sure that Python 2.7 is installed
  • Run hiew32 against an input file
  • Press F11 to launch Hiew’s the external modules browser

hem_list

If other HEMs are installed they will be listed too.

Pressing ENTER to select “Python Hiew” will take you to PyHiew’s script browser:

cliptext_hem

What you see is a list of PyHiew scripts (in %HIEW%\pyhiew) that come with the package:

  • ClipText: a script that allows you to copy Hiew selection to clipboard into various formats (C source, Pascal, text, …)
  • Decompress: a script that will allow you to decompress a gzip compatible stream from inside Hiew
  • hello: the hello world script
  • test_pyshell: a simple script that allows you to execute Python statements

Let us now play with ClipText by making a block selection with Hiew and pressing F11 –> PyHiew –> ClipText

cliptext_menu_c

We select “Copy as C array” and press ENTER:

cliptext_copied_c

To verify that it works, let us open a text editor and paste from the clipboard:

cliptext_out_c

It works! :)

Let us now run the Decompress script by first loading a PDF file that got some streams with FlateDecode filter:

decompress1_select_stream

We manually select the stream (we don’t have to if we write a small script that detected the boundaries for us) and press F11 –> PyHiew –> Decompress:

decompress1_outfile

The script will ask for an output file name, and after that we can open that file and verify if decompression went okay:

decompress1_out

Neat huh?! :)

If you’re curious, here’s the Decompress.py source code:

decompress_src

That’s it for now. Make sure you refer to the “doc” folder if you want to write your own scripts.

A discussion group has been created to share useful scripts and address technical problems.

Last but not least, for those who do not know, you can have process editing facilities in Hiew simply by using my old utility Hiew+  (which still works with the latest versions of Hiew). Get it from http://lgwm.org/projects/hiewplus/.

Stay tuned!
Elias

About these ads

About 0xeb

I am a programmer and reverse engineer. I like to write software utilities, designing APIs and reverse engineering interesting stuff.
This entry was posted in Programming, Python. Bookmark the permalink.

3 Responses to Introducing PyHiew

  1. Ange says:

    great idea – hiew was one of the last great tools not (correctly) pythonized.

    what’s next ? an unifying python layer for hiew/imdbg/ida ? ;)

    • 0xeb says:

      Yes, now that Python can access almost every tool, one can easily talk to each of them :)

      So was Hiew pythonized before (at least incorrectly, referring to your words) ? I would be interested to see previous work.

  2. Thank you!
    >>what’s next ? an unifying python layer for hiew/imdbg/ida
    +1, Funny! )

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s