Hex Workshop editor's structure library for the Microsoft's PE/COFF file formats.
The pe.hsl file contains:
- Structure viewer's definitions for the PE format (Mostly comes from the winnt.h header file).
- An auto-parse function that tries to locate structures based on the PE format specifications.
Common filename extensions for this format includes:
- exe - Executable program for Windows.
- dll - Dynamic library for Windows.
- obj - Object file, usualy temporary between compilation and linking.
- lib - Static library produced by Microsoft's compiler.
- sys - Driver for Windows.
- mui - Compiled language pack for windows.
Use cases of analysing PE files mostly includes understanding the format, analyse compiled object files and linked executables, manipulating structures to test loaders, repair corrupted files, understand malwares, ...
- The AutoParseFile function currently supports only PE executable and COFF object files for x86 and AMD64 architectures. ARM is not implemented for example but you are free to contribute if you know the format.
- If for any reason your pe.hsl file does not have the Windows line-break format the editor will fail loading it. Please ensure that this file only contains CRLF line-breaks.
This software is released into the public domain, so you are free and very welcome to contribute if some structures are missing or the function does not parse a format you would like.
As of the time of writing (2016), Hex Workshop's editor seems to be a discontinued project but it is still the only one advanced enough to propose this structure-way of looking/editing files at a hex editor level using its own scripting language.
- You may either copy the pe.hsl file directly into the Hex Workshop's "Structures" folder place it wherever you want.
- Show the "Structure Viewer Window" and load the file by clicking on the "Select Structure Library" button.
- Manually adding structures.
- Using the AutoParseFile function to discover structures.
And for an Object file.
