- Toolbar
- Statusbar
- Keyboard shortcuts
- Open capabilities
- Multiple views of same document
- Command line support
 |
Create file or allocate memory (Ctrl+N) |
 |
Open files, process memory, kernel memory, partition, drive, S-Record or Intel Hex (Ctrl+O) See Open menu |
 |
Save current document (Ctrl+S) |
 |
Discard all changes of current document |
 |
Save all changes in all opened documents |
 |
Save As / Export current document. Full or partial document saving or export.Export can be done in text, rtf, html, C array, Java array, Asm array, S-Record or Intel Hex |
 |
Display current document properties. Properties dialog depends of current document type |
 |
Delete current file |
 |
Release allocated memory (process memory, kernel memory) |
 |
Display all basics type (int8, int16, int32, int64) in different format for the current document location |
 |
Display the struct viewer dialog |
 |
Display bytes distribution for the active document |
 |
Compute and display entropy for the active document (used to identify the different parts of a file) |
 |
Compute and display entropy across multiple documents or multiple network packets (used to analyze files header or network protocols) |
 |
Display the cryptography dialog |
 |
Display the disassembly dialog |
 |
Display the data identifier dialog |
 |
Display the Portable Executable (PE) dialog |
 |
Display the compare dialog |
 |
Display the join dialog |
 |
Display the split dialog |
 |
Display the resize file dialog |
|
Display the change file date and time dialog |
 |
Plugin menu. Depends of available plugins. Plugins folder location is "HeliumPlugins64" for 64 bits version, and "HeliumPlugins" for 32 bits version Plugin software development kit is available under directory "HexControlPluginsSDK" |
 |
Opened window list. Allow quick navigation to an opened window |
 |
Close multiple dialogs or search results |
 |
Address and size display mode (hexadecimal or integer) |
 |
Select little endian (Intel) representation |
 |
Select big endian (Motorola) representation |
 |
Display / Hide ascii column |
 |
Display / Hide unicode column |
 |
Display the options dialog |
 |
Display Help / Help menu (about , register, check for update, bug report) |
 |
Refresh the content of the current document |
 |
Undo the last operation on the current document |
 |
Redo the last operation on the current document |
 |
Display the set current selection dialog |
 |
Cut |
 |
Copy / Copy As |
 |
Paste |
 |
Display the insert dialog |
 |
Display the fill selection with dialog |
 |
Display the data operation dialog |
 |
Navigate backward |
 |
Navigate forward |
 |
Display the goto dialog |
 |
For memory containing valid and invalid blocks, this menu allows to quickly jump to begin and end of current block, or to go to previous or next valid memory block |
 |
Display the bookmarks dialog |
 |
Display the search dialog |
 |
Display the replace dialog |
 |
Display the search strings dialog |
 |
Display the strings / hexa quick converter dialog |
- Mouse position for active document
- Caret position for active document
- Size of active document
- OVR / INS : Overwrite or Insert mode for active document
- RW / RO : Read Write or Read Only mode for active document
| Shortcut | Description |
| Ctrl + N | New |
| Ctrl + O | Open |
| Ctrl + S | Save |
| Ctrl + G | Goto |
| Ctrl + F | Find |
| Ctrl + H | Replace |
| Ctrl + A | Select All |
| Ctrl + C | Copy |
| Ctrl + X | Cut |
| Ctrl + V | Paste |
| Ctrl + Ins | Copy |
| Shift + Del | Cut |
| Shift + Ins | Paste |
| Ctrl + Z | Undo |
| Ctrl + Y | Redo |
| Ctrl + + | Zoom In |
| Ctrl + - | Zoom Out |
| Ctrl + Mouse Wheel | Zoom In / Out |
On Win 10, to access OS protected processes, the driver ProtectedProcessesAccess64.sys must have been signed
|
|
To open process memory, first select the process in the process list (You can
refresh the list if new processes were launched after the display of the current
dialog) Next you can choose to open the full process memory, or specific module or raw addresses range |
A reboot may be required the first time to enable OS changes to be taken into account.
Next Helium Hex Editor must be run with administrator rights, and driver (KernelMemoryAccess64_v3s.sys for 64 bit or KernelMemoryAccess_v3s.sys for 32 bit) must have been signed
|
|
To open kernel memory, first you need to specify which kind of memory you want to access: - Virtual Memory : like kernel modules or virtual allocated kernel memory - Physical Memory : direct access to devices IO or device memory |
|
| Kernel Module Selection |
|
| Computer Resource Selection |
|
| To open a disk or a partition, just select the disk or the partition and next click Open |
Saving document will directly generate the S-Record / Intel Hex
Header, start address, records types, memory block remapping, memory block addition or removal
can be done from the
properties dialog for the active document
|
|
By right clicking the tab of a document, you can clone it (right or bottom) This allows to get multiple views of the same document. Document is opened only once and will be closed when all views will have been closed |
|
HeliumHexEditor64.exe FilePath [OptArgs] : opens specified file in Helium Hex Editor Optional arguments: ReadOnly open file in read only mode Goto= set caret at specified offset SelSize= selection size from goto Type=file/memory/disk/drive/srec/intelhex (file by default) ProcessId= specify process id (only for memory Type) DiskId= specify disk id (only for disk and drive if no drive letter) PartitionId= specify partition id (only for drive if no drive letter) DriveLetter= specify drive letter (only for drive if no DiskId and PartitionId) |