HEX DEREF PRO

HEX DEREF is a professional 64-bit reverse engineering software written in C#/C++. Attempts are being made to develop the software to be more user-friendly, simpler to use and combine the most needed features into one making the software suitable for reverse engineering in general and for malware analysis.

The larger the binary is, the more you will benefit off a multi-threaded disassembler. The benchmark below translates machine instructions into human-readable assembly language statements using the BeaEngine.
HEX DEREF disassembly benchmark
The long story short. HEX DEREF is basically the same as a 64-bit version of IDA-like disassembler | x64dbg simplified | CE core functionality | ReClass.NET++.

The exception to the listed tools is that some features are more sophisticated and/or made faster in HEX DEREF.

As a result, the time spent on the task is significantly reduced and even the hobbyist can get involved without having to know how to script in Python.



As of 06/2021, the tool has been developed for about (5) five years, usually on a daily basis. The release of the first public version is planned to happen during the summer 2021. Developing a program like this is so demanding and time consuming that virtually all of my free time goes to the software development. The project literally requires a sponsor.

KEY FEATURES

  • In active development. Simpler to use, more sophisticated and user-friendly than most of the competition
  • An advanced memory viewer with full memory editor, capable of drawing real-time process memory (Data/structures mode)
  • Multi-threaded 64-bit disassembler with a disassembly benchmark. Some of the disassembler functionality is IDA PRO equivalent
  • Cheat Engine's (CE equivalent) core functionality with AVX2 optimized memory scanner

MEMORY VIEWER

HEX DEREF - Memory Viewer
  • The memory viewer includes also a 64-bit disassembler powered by the BeaEngine
  • Switch on the fly between disassembly and "Data/structures" mode
  • Change the alignment on the fly (8 Bytes, 4 Bytes, 2 Bytes and 1 Byte)
  • Some of the features in the "Data/structures" mode are ReClass++
  • Tab support
  • Fully dynamic (for example, static pointer references are shown in 'Data/structures' mode on the fly just like in IDA PRO after the initial analysis)

WHAT IS THE MEMORY VIEWER'S DATA/STRUCTURES MODE?

It is a memory structure analysis mode that attempts to find out the structure of classes in memory without source code, the offsets are automatically applied to a given address. This functionality is considerably better version of the Cheat Engine's "Dissect data/structures" feature, making it easier to find different data that is needed. The debug viewer tool extends fore mentioned functionality to the next level as it can grab the data behind the pointers.

DISASSEMBLER FUNCTIONALITY

  • Shows all intermodular function calls to the external (API) functions
  • Code execution cross-references (XREF's)
  • Static pointer references
  • String references
  • Fully dynamic multi-threaded 64-bit disassembler
  • The import address table (IAT) auto-detect feature that attempts to detect also redirected IAT's without the need to use WINAPI functions.
  • The disassembler includes a built-in assembly signature maker plugin that attempts to generate unique signatures
HEX DEREF - 64-bit disassembler

DEBUGGER FUNCTIONALITY

  • Windows debugger that uses windows debug API's to debug: DebugActiveProcess, DebugActiveProcessStop, WaitForDebugEvent and ContinueDebugEvent.
  • A VEH debugger written in C++ (x86_64)
  • All major breakpoint methods are supported (Hardware (HWBP), INT3 and page faults) in both debugger modes.
x64 debugger

THE SOURCE CODE

The source code of the software has not been released anywhere. A few features of the software are using the MIT licensed code, otherwise the software is coded and owned by White Byte at hexderef.com. If you have not never programmed tools like this, it will be easily for the memory viewer alone several years.
BLA BLA BLA.

. . .