Softpedia >Windows >Programming >Debuggers/Decompilers/Disassemblers >HEX DEREF >  Changelog

HEX DEREF Changelog

What's new in HEX DEREF 1.10

May 18, 2022
  • Main view:
  • Added support for physical memory scans as follows: Physical memory scan options
  • Fixed an issue with the process name when dumping a process

New in HEX DEREF 1.09 (May 14, 2022)

  • Main view:
  • Fixed an issue in kernel mode (KM) when retrieving the base address and size of an image
  • Fixed an issue in result files with reading and writing UInt64 values
  • Added support for kernel memory scans (Byte, 2 Bytes, 4 Bytes, 8 Bytes and Hex)
  • Default memory scans as follows: 2 Bytes (UInt16), 4 Bytes (UInt32), 8 Bytes (Int64), Hex (UInt64)
  • Memory viewer:
  • Fixed an issue with pointer validation in a non-kernel mode
  • Draw a primitive value from the address pointed by the instruction in disassembly mode. e.g "FFFFF80646DA1783 - 44 84 3D 48 89 88 00 - test byte ptr [FFFFF8064762A0D2h], r15L"
  • Tools->Dump or disassemble the module->Sections->Added "Use the file on the disk for comparison instead of memory"
  • Tools->Dump or disassemble the module->Sections->Added an option to scan selected section for memory patches or the entire image
  • Fixed a "flicker" problem when pointer values were changing constantly
  • Tools->Search->Find a sequence of bytes->Search the entire kernel memory for the byte pattern
  • Fixed a logic issue in the disassembly mode. Draw the data in the following order at the address pointed by the instruction: 1) Draw API information 2) Draw a string reference. A string reference is a string at the address pointed by the instruction. 3) If the first and the latter one does not exists, draw a primitive value such a byte

New in HEX DEREF 1.08 (Apr 1, 2022)

  • Main view:
  • Fixed logic issue with automatic process attach
  • Fixed unhandled exceptions with protected processes where an anti-cheat downgraded handle access
  • Added an option in settings to refresh the process list automatically
  • "C" kernel driver:
  • Added process handle elevation DKOM feature (elevate a handle PROCESS_ALL_ACCESS 0x1FFFFF). All possible access rights for a process object
  • Added DKOM based process hiding functionality
  • Memory viewer:
  • Minor UI optimizations (a slightly less lag when drawing user process memory)
  • By default show the values as unsigned
  • When you modify a value in memory, the value entered can also be a hexadecimal number
  • Fixed various unhandled exceptions with protected processes

New in HEX DEREF 1.07 (Feb 14, 2022)

  • Main view:
  • Added an option to sort processes by PID
  • Show protected processes in gray in the process list
  • Added an option to dump with the right-click the protected user mode process (a stripped handle access) with the driver
  • Edit−>Settings−>General−>The size of the buffer when reading memory is customizable
  • Memory viewer:
  • Filter non-printable characters also when reading the Unicode UTF-16 string
  • Tools−>Process modules−>When listing kernel modules, translate the path of the NT namespace to the actual module path
  • Tools−>Views−>Sections−>Map the PE file as SEC_IMAGE so the sections gets correctly aligned and displayed in section view
  • Tools−>Views−>Sections−>Added an option to find an array of bytes in the selected section
  • Tools−>Views−>Sections−>Added an option to scan the selected section for memory patches
  • Fixed an issue in the logic that determines whether or not the section is executable
  • Take a peek behind the pointer feature shows the values as unsigned
  • "C" kernel driver:
  • Implemented a page table walk which is pretty much effectively able to find every allocated user or kernel memory page in a matter of few seconds