HEX DEREF is a professional 64-bit reverse engineering software written in C# .NET and C++. It has a bit of everything. Combining some of the best features of the existing tools into one. Simplicity. User-friendly. It has unique functionality that the competition does not offer. The memory viewer is the best available in this category.

The tool has been primarily designed for dynamic analysis. One of the most advanced memory viewer ever released, if not the most advanced that can draw real time process memory.

If you have not never programmed tools like HEX DEREF, it will be easily for the disassembler alone several years. The tool has been developed for about (4) years as of 11/2020 but it is not released anywhere.

Estimated release date: 01/2021



  • x64 disassembler powered by the BeaEngine
  • Switch on the fly between disassembly and normal mode
  • Includes a full memory editor
  • Change the alignment on the fly in between 8 Bytes, 4 Bytes, 2 Bytes and 1 Byte
  • The view is ReClass++
  • Tab support
HEX DEREF - Memory Viewer - Normal mode


  • A sequence of values scan with padding
  • Find instances of classes in memory with the hex scan and of course you can scan for IDA-style assembly signatures.


  • Built-in x64 disassembly signature generator plugin that generates both IDA-style and code style signatures
  • HEX DEREF - IDA style


  • Windows debugger that uses windows debug API's: DebugActiveProcess, DebugActiveProcessStop, WaitForDebugEvent and ContinueDebugEvent.
  • A VEH debugger written in C++ (x86_64)
  • All major breakpoint methods are supported (Hardware (HWBP), INT3 and page faults) in both debugger modes.
x64 debugger

. . .

The software is not a port of any of the existing tool though. I did not wanted to reinvent the wheel. However though, the most used features are there. The tool attempts to be more user-friendly than the competition and this is a WIP (work in progress).

The goal was to combine the best features of the most advanced reverse engineering tools into one, most importantly reduce the time required to do your daily reverse engineering task whether the task was about malware analysis or something else.

The author of the program does not take a position on what is allowed and what is not. It is the user's responsibility to decide.