mtivadar / qiew Goto Github PK

Should display sleected region, adn any other info, for exemple display when copied to clipboard

when mbr plugin is loaded and in hexview mode, if you go pageup/pagedown, mbrsignature 0x55aa seems to be far away from partition selection. seems to be a problem with text selection.

probably current section, header (IAT) for example. overlay, selection, etc

Create wiki and app documentation, shortcuts, plugins, etc

This is probably a leftover from Python 2. find is no longer available in the Python string module. Consequently, the following error occurs:

[+] binary
[+] elf
Choosed plugin: elf
Traceback (most recent call last):
  File "/home/alex/work/qiew/plugins/format/elf.py", line 101, in skip_block
    x = string.find(self.dataModel.getData(), '\x00'*8, off)
AttributeError: module 'string' has no attribute 'find'

I found the bug in plugins/format/elf.py, but the same piece of code is used in plugins/format/ntfs.py.

I'm going to make a PR for the fix.

It would be really necessary for reversing structures and protocols

also, add some info about it maybe

Qiew wasn't tested on MAC OS X. It should work, hopefully with minor modifications.

If font is scaled (200%) , exception is thrown on drowing: y > cols

it would be nice to have it in all views

0 was jumping to overlay. Either add a shortcut or maybe add the overlay in the PE plugin Sections tab.
1,2,3,4 could jump to the first, second,... section.

it should be nice to have some referenced strings and branch arrows and symbols (api calls)

decryption/encryption
basic XOR, bit rotates, ROT13, RC4 ?

Use / to show a search window.
It should support searching for string (both normal and unicode at the same time) and hex. If you open the window a second time it should remember the last search value and the last search mode (string/hex).

Pressing n should be search next, and maybe N search previous. I'm not so set ATM on N :)

dd if=/dev/zero of=zzz bs=1M count=20
qiew.py zzz
press s

wait... wait...
I had a 24MB file today and I wanted to see if it only contains 0s but this was to slow.
The competitor product takes under 0.5 seconds I would say.

Qiew can't open files that are locked for writing.

  File "C:\tools\qiew\qiew\DataModel.py", line 173, in __init__
    self._f = open(filename, "r+b")
IOError: [Errno 13] Permission denied: 'C:\\Windows\\explorer.exe'

We need a way to signal current operational modes. For examples to signal RVA/FA/VA, to signal View/Edit mode and so on...

Add the underscore (_) to the list of characters recognized as strings.

Maybe also < and > ?

It would also be nice to have 'insert' mode, growing the data size.

Investigate
http://www.capstone-engine.org/

seems to be a more potent disassambler

.

Just a quick reminder that 4.40 is available: http://sourceforge.net/projects/terminus-font/files/terminus-font-4.40/terminus-font-4.40.exe/download

What are the implications using Qt, distorm, terminus, yaspi, pefile ?

it works only with small fonts (form windows display)
shouldn't care about that

it help to rapidly screen the file

something that shows the progress in file. simple or something more complex with metadata showing sections, IAT, resources

it crashes when user makes the window very small (in hexview for example), because hexcolumns goes outside window.

Currently mbr plugins sets address start to 0x7c00. We should change this with F3 ti switch from FileAddress and LoadAddress, and goto (alt+g) should also have fileaddress/memaddress. Currently goto works with memaddress

When I resize the window from small to bigger, paint signal is not received. only when the cursor is moved

seems that: thumb mode is not correctly recognized

Similar to #21, I would like to use 'e' (end) to jump over all characters until a QWORD == \0.

apk plugin has to be finished:
functionalities:
permissions/services/activities/receivers/providers
zip files (can hit enter and will open another qiew window)
banners contains info from apk

info from dex file? or this one could be another module..

should have at least minimal support for the beginning

What is the status of this project?

useful for ctrl+shift+end to select till the eof

elf support is minimal, should do more.

Last byte in file can't be selected using shift+arrows.

If I'm pressing 's' I am expecting to jump over all characters that are equal to the current char. For example to skip big zones that are filled with \0s.

pagedown goes out of the page when reached eof.