Show HN: High-performance Hex editor in C# with a custom …

Article URL: https://github.com/pumpkin-bit/EUVA Comments URL: https://news.ycombinator.com/item?id=47075698 Points: 1 # Comments: 1

The definitive open-source binary analysis workstation for the modern researcher. Zero bloat. Zero vendor lock-in. Maximum signal. Most likely, this program answers the question: what if hex editors were written from scratch in 2026? EUVA is a WPF/C# native application that operates directly on the binary layer. No heavy runtime frameworks handling PE parsing. No scripting interpreters bolted on as afterthoughts.

No 200-MB installs for features you'll never use. What EUVA provides instead: This program is under active development. Experimental builds may contain bugs or lead to unexpected behavior. Use with caution. This software is provided "as is", without warranty of any kind. EUVA is a high-precision instrument designed for educational purposes and security research. The author is not responsible for any system instability, data loss, or legal consequences resulting from the misuse of this tool.

By using EUVA, you acknowledge that: You are solely responsible for your actions. You understand the risks of modifying binary files and process memory. You will respect the laws and regulations of your jurisdiction. EUVA does not load files into byte[] arrays. It maps them directly through the OS virtual memory system via System.IO.MemoryMappedFiles. This is a fundamental architectural choice, not an optimization.

The renderer operates in a fully virtualized coordinate system. _currentScrollLine is the only state separating screen-space from file-space: Dirty Tracking is EUVA's mechanism for instant, zero-latency verification of binary modifications. It is not a diff engine. It is a live coordinate index. Every write operation — whether from the script engine, manual editing, or assembler output — registers the exact file offset in _modifiedOffsets.

The renderer queries this set for every byte it draws: Modified bytes receive a distinct visual overlay in the same render pass as unmodified bytes. There is no diff phase, no second pass, no "compare mode." The moment a byte is written, it is visually distinct from the surrounding data. This enables rapid verification workflows: run a script patch, press F3 repeatedly to audit every modified byte individually, verify against expected values in the Inspector.

PEMapper implements IBinaryMapper and produces a fully navigable BinaryStructure tree from raw PE binary data. Parsing is delegated to AsmResolver for header extraction, but the semantic decomposition, region mapping, and tree construction are native EUVA logic. PE header fields vary across library versions and AsmResolver API surfaces. PEMapper uses a multi-candidate reflection probe to resolve properties robustly without hard-coded field names: This makes PEMapper resilient to upstream API changes without requiring conditional compilation.

The Inspector panel provides simultaneous multi-type interpretation of any selected file offset. All reads go directly through _accessor.ReadArray() — no intermediate copies, no allocation. All multi-byte reads respect the current endian mode (IsLittleEndian). Toggling via BtnEndian_Click immediately re-parses the current selection: A zero-allocation, ReadOnlySpan<byte>-native pattern matching engine with wildcard support.

Patterns are space-delimited hex byte strings. ?? or ? denotes a wildcard position that matches any byte value. The outer scan loop slices ReadOnlySpan<byte> at each candidate position — no allocations, no copies. The detection subsystem is a priority-ordered, async plugin chain. Each registered IDetector receives the full file buffer and the parsed BinaryStructure tree, then produces a DetectionResult with a confidence score in [0.0, 1.0].

Third-party detectors can be distributed as standalone .dll files and loaded at runtime: Any class implementing IDetector (or IDetectorPlugin for richer metadata) is automatically instantiated and registered. IDetectorPlugin adds lifecycle hooks: EUVA includes a proprietary x86 assembler compiled entirely from scratch in C#. No NASM. No Keystone. No external assembly library of any kind. The assembler translates mnemonic strings to raw opcode byte sequences inline, with full support for automatic relative offset calculation.

This is the most architecturally significant instruction in the assembler. jmp requires the computation of a signed 32-bit relative displacement — the delta between the target address and the instruction's post-execution program counter. The +5 accounts for the 5-byte length of the jmp rel32 instruction itself (1 opcode byte + 4 displacement bytes). The CPU's instruction pointer advances past the full instruction before the relative offset is applied.

This calculation is critical for cross-section jumps. When the script engine injects a trampoline from .text to injected code in .data, the absolute target address must be resolved at assembly time and the relative displacement recalculated. EUVA performs this automatically. Two-operand ALU instructions are encoded using the ModRM byte. In register-to-register mode, ModRM has the format 11 src dst (mod=11b, indicating direct register operands): EUVA scripts are structured text files with .euv extension.

The script engine parses and executes them either on-demand (F5) or automatically via file-system watch when the file changes on disk. Declares a named method block. Methods are the primary unit of logical grouping. A method may be public: (can export symbols via clink) or private: (local execution only). After finalization, exported symbols are accessible to subsequent methods as MethodName.SymbolName in the global scope.

Scans the loaded binary for the first occurrence of a byte pattern and assigns the file offset to a local variable. Pattern format: space-separated hex bytes. ?? is a wildcard matching any byte value. On match, MyFunc is set to the file offset of the first byte of the pattern. On no match, the variable is set to -1. The console logs the result: Assigns a computed value to a local variable. The right-hand side is evaluated by ParseMath(), which supports hex literals, arithmetic operators, and variable substitution.

The core write instruction. The address expression is on the left of :, the payload on the right. Reads bytes at the given address and halts the patch if they do not match. Used to verify pre-conditions before writing. If the bytes at MyFunc do not equal 48 83 EC 28, the command returns early without executing subsequent patch lines. Declares which local variables should be exported from the current method to the global scope after execution.

Only valid inside public: methods. All address expressions in EUVA scripts pass through ParseMath(), a full arithmetic evaluator supporting variable substitution, hex literals, and standard operators. On any change event, the engine waits 400ms (debounce), then re-executes the full script. Save the file in your editor → EUVA re-patches the binary immediately. This enables a tight iterative loop: write a patch, save, see the Dirty Track overlay update, verify in the Inspector, refine, repeat.

EUVA's visual presentation is fully controlled by .themes files — plain-text palettes defining 30 canonical UI color tokens. The table is regenerated on encoding change and the viewport invalidated immediately. A secondary render mode that streams raw binary files as grayscale ASCII art video at 60 FPS, using the hex viewport as a canvas. Brightness is mapped through a 10-character density ramp: Byte value 0x00 maps to space (black).

Byte value 0xFF maps to @ (white). The ASCII panel effectively becomes a 24×N-row grayscale display. The engine uses CompositionTarget.Rendering for frame delivery, synchronized to the WPF composition clock, and reads raw frames sequentially from a FileStream with FileOptions.SequentialScan: Drop the compiled .dll into the plugins directory. EUVA loads it automatically at startup. Never worry about corrupting a binary again.

EUVA HexEngine features a robust, multi-level undo system:

Summary

This report covers the latest developments in android. The information presented highlights key changes and updates that are relevant to those following this topic.

---