AnalyzeBin

Overview

  AnalyzeBin is a binary editor that analyzes binary data using C language data types, and displays and edits data grids.
  When I was analyzing the internals of Windows, I thought it would be nice to have a tool that could visualize data using C language data types, so I created it. This program adds a binary editor function to that program. Although the current binary editor part lacks functionality as an editor, we have released it because we believe it can be used to understand and edit data structures.

Feature

1. You can analyze C language data types, display binary data in a data grid, and edit it.
2. Array data can refer to and update the data of the specified index in the data grid.
3. Even without binary data, you can analyze the data type and create data for specified items.
4. The data type to be analyzed can be mapped from any address using JMP instructions.
5. When loading a binary file, you can specify the file reading start position. (Usage example: PointerToRawData of section data in PE file format)
6. When loading a binary file, you can specify the display start position to be mapped. (Usage example: VirtualAddress of section data in PE file format)

Operating environment

• OS：Windows 10, 11
*.NET 6.0 or higher is required. If it is not installed, the installation screen will be displayed.

Terms of use

Free software. Available for free.
Use this software at your own risk. The author is not liable for any damages or disadvantages resulting from use.

Download

AnalyzeBin.zip(64bit) Version 1.0.7.2
AnalyzeBin32.zip(32bit) Version 1.0.7.2
*When the message "Windows protected youru PC" is displayed after starting the exe file, click the "More info" link and then click the "Run anyway" button.

About donations

If you like this software, please consider donating with PayPal. The donations received will be used for development costs.
I cannot respond to refunds of donations once sent.
In addition, there will be no difference in the addition of functions and support depending on whether or not there is a donation.
Please note.

Donate with PayPal

1. $3.00 USD 2. $5.00 USD 3. $10.00 USD 4. $20.00 USD 5. $30.00 USD

Usage overview

1. Unzip the downloaded compressed file and copy it to an appropriate folder.


2. Start "AnalyzeBin.exe" in the folder.


3. This application is divided into three areas.
   From left to right:
   
   • Binary editor area
   • Analysis text area
   • Data grid area
   The data grid part displays the data for each line of the analysis text area.


4. Load the file you want to analyze with "File" - "Open binary file".
   The file is displayed as binary data in the binary editor area.
   *If text is entered in the analysis text area, analysis processing and display on the data grid area are also performed.


5. Enter the text you want to analyze in the analysis text area and press the "Analyze" button or the F5 key.
   ex）
   char a[10]
   int b
   word c
   


6. If the parsing is successful, the variables in analysis text area will be underlined and the data will be displayed in data grid area.

Binary editor area

1. >When reading a binary file, the maximum size is 2GBytes.Since everything is processed on-memory, it will be heavy if the file size is large. If it becomes heavy, please adjust the file read size.


2. The character display area can be switched to the following character codes.
   
   • ASCII
   • ShiftJIS
   • UTF-8
   • UTF-16


3. Search can be done in hexadecimal (append 0x) or as a string. Strings are searched with binary values corresponding to character codes.


4. When you open a binary file, if you specify the file reading start position or the file read size and save it, after copying the original file, the file will be saved from the file read start position.

Analysis text area

1. The following C language data types and keywords can be written in the analysis text area. Assuming that the structure or union definition in the header file will be pasted and used as is, it can be written in the form of a "type variable". You can also specify arrays up to one dimension. There is no problem even if the ; (semicolon) at the end of the line is omitted.


2. After pressing the "Analyze" button, clicking the head of the structure or the line describing the data type with the mouse will select the corresponding binary editor area and data grid area.


3. Recognized data types
   The initial state is as follows. The data type also recognizes lowercase letters.

   data type	byte	with sign or unsign
   BYTE	1	unsign
   CHAR	1	with sign
   SHORT	2	with sign
   WORD	2	unsign
   INT	4	with sign
   LONG	4	with sign
   DWORD	4	unsign
   LONGLONG	8	with sign
   ULONGLONG	8	unsign
   FLOAT	4	with sign
   DOUBLE	8	with sign

   
   You can also add data types on the "Set data type" daialog displayed by selecting "Edit (E)" - "Set data type" from the menu.
   
   *For keywords, lowercase letters, uppercase letters, numbers, and _ (underbar) can be registered, but
     when executing "Analyze", lowercase letters and uppercase letters are not distinguished.
   *The number of bytes can only be set to 1, 2, 4, or 8.
   *For floating point numbers, only "signed" can be set.
   *The settings made in set data type daialog will be saved as a "DataType.csv" file under the directory
     where the EXE file is located when the program ends.
   


4. recognizable keywords
   • struct
   • union
   • #define *1
   • //
   • /* */
   • jmp *2
   
       *１・・・ The replacement value can be a hexadecimal value (add 0x), a decimal value, or a #define
       　　　　　value.
       　　　　　You can also perform four arithmetic operations on them.
         Example）
                      #define D_A  5
                      #define D_B  (0x10 - D_A)*2    // (16 - 5)*2 = 22
                      
                      #define D_C  3+D_A                //  3 +  5 =   8 
                      
                      jmp     D_B+3                         // 22 +  3 =  25
                      char    a[D_C + 0xd]               //  8 + 13 =  21
   
       *２・・・ Although jmp is not C language, you can specify the start address of the next line.
       　　　　　The address can be in the same format as *1, define values, and variables described later.
         Example）
                      JMP 0xF0
                       struct { // The address here will be 0xF0
   


5. variable
   The variable gets the binary data from the offset and sets it as a number. Variables can be specified in the jmp address and array subscript. Variables can be specified in the jmp address and array subscript.
   The conditions for obtaining variable data are that the variable declaration is written above, and the variable to be used and that binary data can be obtained.
      Example）
                struct sA {
                   short  size;
                   long   addr;
               }A[3];
               
               JMP A[1].addr            // The binary value of A[1].addr becomes the starting address of the next line.
               char test[ A[1].size ];  // The binary value of A[1].size is the test array size.
   


6. endian combobox
   Change endianness.The endian changes the Value (Hex) and Value (Dec) of the data grid area.


7. memory alignment combobox
   The Memory Alignment combobox sets whether to perform memory alignment adjustments for variables, currently "None" and "x86 | MS VisualC" can be selected.
   • If "x86 | MS VisualC" is selected, the offset is the calculated alignment adjustment generated by MS VisualC.
     Example）
         struct A {
             char    a1; // Set the offset here to 0.
             double b1; // The offset here is 1 for "NONE" and 8 for "x86 | MS VisualC".
         }
     


8. In the analyzing process, consider row matching with the data grid,The following C language descriptions cannot be recognized.
   • Structure inside structure or union
     →  Copy the structure definition.
         unrecognized example）
                typedef struct {
                  char a1;
                } A;
                
                struct B {
                  A C[10];
                }
         
         Correction example）Copy and insert the structure definition
                struct B {
                  typedef struct {
                    char a1;
                  } C[10];
                }
     
   
   
   • Description spanning multiple lines
         →  keep it in one line
         unrecognized example)
             char a
                 [100];
     

Data grid area

1. In analysis text area, perform the "Analyze" process and display the data of the line whose data type has been recognized. Comment lines and blank lines are gray lines.


2. Selecting a line selects the corresponding binary editor part and analysis text part.


3. The editable columns are: For other columns, edit the analysis text area and perform the "Analyze" process again.
   • Value(Hex）*excluding floating point(float, double)
   • Value(Dec)
   • array index *for only arrays

Change log

• Version 1.0.0.0 2023/04/21 First release
• Version 1.0.1.0 2023/05/09
1. Fixed to display the search results in the binary editor area on the scroll bar.
2. Fixed display bug in search results.
3. High DPI support.
4. 32bit version release.
• Version 1.0.2.0 2023/05/12
1. Manages the history of searches in the binary editor area while the application is running.
2. Manages the history of file information opened in the binary editor area while the application is running.
3. Change underline color for binary editor and analysis text area.
• Version 1.0.3.0 2023/05/19
1. Implementation of cut, copy and paste functions in the binary editor area.
2. Character code combo box in binary editor area.
3. Search bug fix.
• Version 1.0.3.1 2023/05/22
1. Implementation of the context menu (displayed by right-clicking) in the binary editor area.
2. Display the cursor position in the binary editor area by changing the color of the header and line number.
3. Fixed so that you can scroll the mouse wheel when the scroll bar of the binary editor area is not displayed.
4. When saving a binary file, even if the file read size is specified, the original file is overwritten with the current binary value..
• Version 1.0.4.0 2023/06/30
1. Added memory alignment combo box.
• Version 1.0.4.1 2023/08/08
1. Bug fix for PageUp and PageDown.
2. Fixed to save selected directory in file dialog.
• Version 1.0.4.2 2023/08/17
1. If there is a union in the Analysis text area, the underline in the binary editor area is displayed so that the first item in the union is selected if not selected. Changed so that when inside a union is selected, the selection is underlined.
2. Corrected to clear the previous analysis result when reading the analysis text file.
• Version 1.0.4.3 2023/08/24
1. Fixed to be able to comment with /**/ in the Analysis text area.
• Version 1.0.5.0 2023/10/05
1. Modified the analysis text area to allow string searches. The string search in the analysis text area is not case sensitive.
2. Corrected so that if a hexadecimal number is specified in the analysis text area, it will be converted to a decimal number by internal processing. Modified to be able to perform four arithmetic operations with decimal numbers.
3. Corrected so that if another #define value is written in #define in the analysis text area, it will be replaced.
• Version 1.0.5.1 2023/10/16
1. Fixed a bug where the previous search would not work when searching for strings in the analysis text area.
• Version 1.0.6.0 2023/11/10
1. Added set data type dialog and modified to be able to perform analysis processing with any data type.
2. Changed toolbar search, endian, and memory alignment labels to tooltips.
3. Corrected so that input can be canceled using the ESC key in the data grid area.
4. Fixed a bug in the data grid area where key input would sometimes become ineffective when changing values.
• Version 1.0.7.0 2023/12/22
1. Support for using variables in JMP and array subscripts.
2. Support for displaying the path of the analysis file in the status bar.
3. Fixed a bug where structures were specified consecutively during memory alignment calculation, and memory alignment calculation was performed for the starting position of the subsequent structure.
4. Fixed an issue where the offset was incorrect when changing the data grid index when there were two or more layers.
• Version 1.0.7.1 2024/02/20
1. Added a jump function (Ctrl+J) that allows you to move to any position in the binary editor area.
2. Analysis processing can now be performed using the F5 key.
3. Fixed a bug where the click position could not be recognized correctly when the only newline symbol in the analysis text was LF.
4. If the JMP address in the analysis text area is already used in a structure definition, etc., you can now select whether to continue the analysis in a message box.
• Version 1.0.7.2 2024/06/18
1. Fixed a bug in which calculations between variables were not performed correctly during analysis.

Feedback

• If you have any feedback, please email do_more51@yahoo.co.jp.

---

Go back to previous page