The Find tool can be used to find a string, a set of hex bytes, or a number of different data types within the file. The Find tool can be accessed from the 'Search > Find...' menu option, the Tool Bar, or by pressing Ctrl+F.

Find Dialog

When performing a search, the Find Dialog will be displayed. Enter which data type to interpret the data as in the Type field. The following types are supported:

• ASCII String (a)

• EBCDIC String (e)

• UNICODE String (u)

• Hex Bytes (h)

• Signed Byte (i8)

• Unsigned Byte (ui8)

• Signed Short (i16)

• Unsigned Short (ui16)

• Signed Int (i32)

• Unsigned Int (ui32)

• Signed Quad (i64)

• Unsigned Quad (ui64)

• Float (f)

• Double (lf)

The value in brackets is the type specifier and can be used in the Find Field of the Tool Bar to search for different data types (see below). Enter a string, value, or hex bytes to search for in the Value field. The data in the Value field will automatically be converted to hexadecimal bytes and displayed in the Hex Bytes field. Note that when converting numbers, the endian of the current file is used (see Introduction to Byte Ordering).

If the Find All Occurrences toggle is set, clicking the Find All button will find all instances of the target value in the file and display the results in the Output Window (see below). If the Find All Occurrences toggle is not set, the Find All button will instead say Find Next if the Down toggle is selected, or Find Prev if the Up toggle is selected. Clicking Find Next or Find Prev will search for the next or previous occurrence of the target value respectively.

Use the Range box to limit the bytes searched in the file to a selected range. If no bytes are selected when the Find Dialog is opened or the Entire File toggle is selected, the search will occur over the whole file. If a selection is made and the Selection toggle is selected, only the selected bytes will be searched. Note that only the Find All button is available when searching a selection, not the Find Next or Find Previous buttons.

When searching for strings, two options are available: If the Match Case toggle is enabled, the target string will only match if the bytes match exactly. When the toggle is disabled, characters that are not the same case will match. If the Match Whole Word Only toggle is set, the target string will not match partial words.

When searching for strings or hex bytes, enable the Search with Wildcards toggle to allow the characters '*' and '?' to be used as wildcards in the Value field. The '?' wildcard must match exactly one byte, and the '*' wildcard can match zero up to a certain maximum number of bytes. For example, the value 'adv*e?' would match both the strings 'advantages' and 'advised'. The maximum number of bytes for a match can be specified using the Find Options dialog as described below. When the Search with Wildcards toggle is turned on, the special syntax '\*' and '\?' can be used to literally search for the characters '*' (ASCII code 0x2A) or '?' (ASCII code 0x3F).

When searching for floats or doubles, the Float Find Tolerance field will be displayed. This field can be used to search for numbers that are very close to other numbers. Because of numerical precision, sometimes floating-point numbers are stored as 2.00000001 instead of 2. Enter a tolerance value in the Float Find Tolerance field. Numbers that are within the tolerance above or below the target value will match.

If the Allow Multiple Find Ranges toggle is enabled, 010 Editor can store the search results from a number of different queries and can optionally color each query by a different color in the Hex Editor Window. When this toggle is enabled, each query that is performed will add another section of results to the Find tab of the Output Window (see Output Window below for more information). Also, the coloring of the file can be controlled with the Find Options dialog as discussed below.

Output Window

When searching for all occurrences of a target value using the Find All button, the results are displayed in the Output Window. The top row will be a dark gray header line that indicates the search target and number of occurrences found. Each row of the table indicates a match with the target value. The starting address, number of bytes, and value searched for are displayed in the Address, Size, and Value fields respectively. On the left side of the Output Window is a graph representing the file. Blue lines indicate the position of matches in the file. When a row is selected in the table, the corresponding line in the graph will be displayed as a yellow line. The number displayed below the graph indicates the number of matches that were found. Bytes in the main Hex Editor Window will be colored blue if those bytes are part of a match. Selecting a row in the table will also select the bytes in the editor. The display format for each column can be set to hexadecimal or decimal by right-clicking on the Output Window and selecting 'Column Display Format'. Right click the table and select 'Clear' to clear all find results, or press the Esc key to hide the Output Window.

If multiple searches were performed and the Allow Multiple Find Ranges toggle is enabled, each search will be displayed in the Output Window in a different section of the table separated by a dark gray header line. Click the '+' or '-' buttons beside the header, or double-click the header to hide or show the results from that search. Right-click the table and click the 'Expand All' or 'Shrink All' menu options to show or hide the search results for all queries.

Find Next/Find Previous

After a search has been made, the 'Find > Find Next' or 'Find > Find Previous ' menu options can be used to step through the file, searching for the next or previous occurrences of the target value.

Find Options

The Find Options dialog is used to control wildcard and coloring options for the Find tools and can be accessed by clicking the Options button in the Find, Replace, or Find in Files tools. Specify the maximum number of bytes that the wildcard character '*' can match in the Maximum Wildcard Match Length' (default of 24). Wildcards are only used when the Search with Wildcards toggle is turned on in the Find dialog. If the Allow Multiple Find Ranges toggle is turned on, the Multiple Range Colors area controls the coloring that is applied to the bytes in the Hex Editor Window. Choose the Use Default Find Color toggle to color the bytes by the color specified in the Color Options dialog, or the Custom Color toggle to color the bytes using the Fore and Back color boxes. The Fore color indicates the text color to be displayed, and the Back color indicates the background color behind the text. Click the OK button to accept the changes, or the Cancel button to dismiss the dialog and ignore any changes.

Find Field

The Find Field in the Tool Bar can be used to search for a value without opening the Find dialog. Enter a value as it would be entered in the Value field of the dialog and press Enter to start the search. By default the target value is assumed to be a string, but any data type can be found by including a comma and a type specifier from the type list above. For example, the value "453f,h" would search for the hex bytes 0x45 and 0x3f, the value "0x100,i32" would search for the integer 256, or the value "2.5,lf" would search for the double '2.5'.