The following is a list of functions that allow running many of the tools in the Tools Menu or Search Menu, as well as functions for working with drives and processes.

quad Checksum( int algorithm, quad start=0, quad size=0 )
Runs a simple checksum on a file and returns the result as a quad. The algorithm can be one of the following constants:

• CHECKSUM_SUM8
• CHECKSUM_SUM16
• CHECKSUM_SUM32
• CHECKSUM_SUM64
• CHECKSUM_CRC16
• CHECKSUM_CRCCCITT
• CHECKSUM_CRC32
• CHECKSUM_ADLER32

If start and size are zero, the algorithm is run on the whole file. If they are not zero then the algorithm is run on size bytes starting at address start. See the ChecksumAlgBytes and ChecksumAlgStr functions to run more complex algorithms. A negative number is returned on error.

int ChecksumAlgStr(
    int algorithm,
    char result[],
    quad start=0,
    quad size=0,
    char ignore[]="" )
Similar to the Checksum algorithm except the following algorithm constants are supported:

• CHECKSUM_SUM8
• CHECKSUM_SUM16
• CHECKSUM_SUM32
• CHECKSUM_SUM64
• CHECKSUM_CRC16
• CHECKSUM_CRCCCITT
• CHECKSUM_CRC32
• CHECKSUM_ADLER32
• CHECKSUM_MD2
• CHECKSUM_MD4
• CHECKSUM_MD5
• CHECKSUM_RIPEMD160
• CHECKSUM_SHA1
• CHECKSUM_SHA256
• CHECKSUM_TIGER

The result argument specifies a string which will hold the result of the checksum. The return value indicates the number of characters in the string, or is negative if an error occurred. Any ranges to ignore can be specified in string format with the ignore argument (see Check Sum/Hash Algorithms).

int ChecksumAlgBytes(
    int algorithm,
    uchar result[],
    quad start=0,
    quad size=0,
    char ignore[]="" )
This function is identical to the ChechsumAlgStr function except that the checksum is returned as a byte array in the result argument. The return value is the number of bytes returned in the array.

TCompareResults Compare(
    int type,
    int fileNumA,
    int fileNumB,
    quad startA=0,
    quad sizeA=0,
    quad startB=0,
    quad sizeB=0,
    int matchcase=true,
    quad maxlookahead=10000,
    quad minmatchlength=8,
    quad quickmatch=512 )
Runs a comparison between two files or between two blocks of data. The type argument indicates the type of comparison that should be run and can be either:

• COMPARE_SYNCHRONIZE
• COMPARE_SIMPLE

fileNumA and fileNumB indicate the numbers of the file to compare (see GetFileNum). The file numbers may be the same to compare two blocks in the same file. The startA, sizeA, startB, and sizeB arguments indicate the size of the blocks to compare in the two files. If the start and size are both zero, the whole file is used. If matchcase is false, then letters of mixed upper and lower cases will match. See Comparing Files for details on the maxlookahead, minmatchlength and quickmatch arguments. The return value is TCompareResults structure with contains a count variable indicating the number of resulting ranges, and an array of record. Each record contains the variables type, startA, sizeA, startB, and sizeB to indicate the range. The type variable will be one of:

• COMPARE_MATCH=0
• COMPARE_DIFFERENCE=1
• COMPARE_ONLY_IN_A=2
• COMPARE_ONLY_IN_B=3

For example:

    int i, f1, f2;
    FileOpen( "C:\\temp\\test1" );
    f1 = GetFileNum();
    FileOpen( "C:\\temp\\test2" );
    f2 = GetFileNum();
    TCompareResults r = Compare( COMPARE_SYNCHRONIZE, f1, f2 );
    for( i = 0; i < r.count; i++ )
    {
         Printf( "%d %Ld %Ld %Ld %Ld\n", 
             r.record[i].type, 
             r.record[i].startA, 
             r.record[i].sizeA, 
             r.record[i].startB, 
             r.record[i].sizeB ); 
    }

char ConvertASCIIToEBCDIC( char ascii )
Converts the given ASCII character into an EBCDIC character and returns the result.

void ConvertASCIIToUNICODE(
    int len,
    const char ascii[],
    ubyte unicode[],
    int bigendian=false )
Converts an ASCII string into an array of bytes and stores them in the unicode argument. len indicates the number of characters to convert and the unicode array must be of size at least 2*len. If bigendian is true, the bytes are stored in big-endian mode, otherwise the bytes are stored in little-endian mode.

void ConvertASCIIToUNICODEW(
    int len,
    const char ascii[],
    ushort unicode[] )
Converts an ASCII string into an array of words and stores the array in the unicode argument. The number of characters to convert is given by the len argument and the unicode argument must have size at least len.

char ConvertEBCDICToASCII( char ebcdic )
Converts the given EBCDIC character into an ASCII character and returns the result.

void ConvertUNICODEToASCII(
    int len,
    const ubyte unicode[],
    char ascii[],
    int bigendian=false )
Converts an array of UNICODE characters in the unicode argument into ASCII bytes and stores them in the ascii array. len indicates the number of characters to convert. unicode must be of size at least size 2*len and ascii must be of size at least len. If bigendian is true, the bytes are stored in big-endian mode, otherwise the bytes are stored in little-endian mode.

void ConvertUNICODEToASCIIW(
    int len,
    const ushort unicode[],
    char ascii[] )
Converts the array of words in the unicode argument to ASCII bytes and saves them to the ascii argument. The number of characters to convert is given by len. unicode and ascii must be of size at least size len.

int ExportFile(
    int type,
    char filename[],
    quad start=0,
    quad size=0,
    quad startaddress=0,
    int bytesperrow=16,
    int wordaddresses=0 )
Exports the currently open file to a file on disk given by filename using one of the following type formats:

• EXPORT_HEXTEXT
• EXPORT_DECTEXT
• EXPORT_CCODE
• EXPORT_JAVACODE
• EXPORT_INTEL8
• EXPORT_INTEL16
• EXPORT_INTEL32
• EXPORT_S19
• EXPORT_S28
• EXPORT_S37
• EXPORT_TEXT_AREA
• EXPORT_HTML
• EXPORT_RTF
• EXPORT_BASE64
• EXPORT_UUENCODE

TFindResults FindAll(
    <datatype> data,
    int matchcase=true,
    int wholeword=false,
    int wildcards=false,
    double tolerance=0.0,
    int dir=1,
    quad start=0,
    quad size=0 )
This function converts the argument data into a set of hex bytes and then searches the current file for all occurrences of those bytes. data may be any of the basic types or an array of one of the types. If data is an array of signed bytes, it is assumed to be a null-terminated string. To search for an array of hex bytes, create an unsigned char array and fill it with the target value. If the type being search for is a string, the matchcase and wholeworld arguments can be used to control the search (see Using Find for more information). If wildcards is true and the target is a string, the '*' and '?' characters can be used for wildcards. If the target is a float or double, the tolerance argument indicates that values that are only off by the tolerance value still match. If dir is 1 the find direction is down, otherwise the direction is up. start and size can be used to limit the area of the file that is searched. If start and size are both zero, the whole file is searched. The return value is a TFindResults structure. This structure contains a count variable indicating the number of matches, and a start array holding an array of starting positions, plus a size array which holds an array of target lengths. For example, use the following code to find all occurrences of the ASCII string "Test" in a file:

    int i;
    TFindResults r = FindAll( "Test" );
    Printf( "%d\n", r.count );
    for( i = 0; i < r.count; i++ )
        Printf( "%Ld %Ld\n", r.start[i], r.size[i] );

quad FindFirst(
    <datatype> data,
    int matchcase=true,
    int wholeword=false,
    int wildcards=false,
    double tolerance=0.0,
    int dir=1,
    quad start=0,
    quad size=0 )
This function is identical to the FindAll function except that the return value is the position of the first occurrence of the target found. A negative number is returned if the value could not be found.

TFindInFilesResults FindInFiles(
    <datatype> data,
    char dir[],
    char mask[],
    int subdirs=true,
    int openfiles=false,
    int matchcase=true,
    int wholeword=false,
    int wildcards=false,
    double tolerance=0.0 )
Searches for a given set of data across multiple files. See the FindAll function for information on the data, matchcase, wholeword, wildcards, and tolerance arguments. The dir argument indicates the starting directory where the search will take place. mask indicates which file types to search and may contain the characters '*' and '?'. If subdirs is true, all subdirectories are recursively searched for the value as well. If openfiles is true, only the currently open files are searched. The return value is the TFindInFilesResults structure which contains a count variable indicate the number of files found plus an array of file variables. Each file variable contains a count variable indicating the number of matches, plus an array of start and size variables indicating the match position. For example:

    int i, j;
    TFindInFilesResults r = FindInFiles( "PK", 
        "C:\\temp", "*.zip" );   
    Printf( "%d\n", r.count );
    for( i = 0; i < r.count; i++ )
    {
        Printf( "   %s\n", r.file[i].filename );
        Printf( "   %d\n", r.file[i].count );
        for( j = 0; j < r.file[i].count; j++ )
            Printf( "       %Ld %Ld\n", 
                r.file[i].start[j], 
                r.file[i].size[j] );
    }

See Using Find In Files for more information.

quad FindNext( int dir=1 )
This function will move the cursor to the next find occurrence of the target value specified with the FindFirst function. If dir is 1, the find direction is down. If dir is 0, the find direction is up. The return value is the address of the found data, or -1 if the target is not found.

int GetSectorSize()
Returns the size in bytes of the sectors for this drive. If this file is not a drive, the current sector size is defined using the 'View > Division Lines > Set Sector Size' menu option.

quad Histogram( quad start, quad size, quad result[256] )
Counts the number of bytes of each value in the file from 0 up to 255. The bytes are counting starting from address start and continuing for size bytes. The resulting counts are stored in the quad array results. For example, result[0] would indicate the number of 0 bytes values found in the given range of data. The return value is the total number of bytes read.

int ImportFile( int type, char filename[], int wordaddresses=false )
Attempts to import the file specified by filename in one of the supported import formats. The format is given by the type argument and may be:

• IMPORT_HEXTEXT
• IMPORT_DECTEXT
• IMPORT_SOURCECODE
• IMPORT_INTEL
• IMPORT_MOTOROLA
• IMPORT_BASE64
• IMPORT_UUENCODE

If successful, the file is opened as a new file in the editor. If the function fails, a negative number is returned. If wordaddresses is true and the file is an Intel Hex file, the file is imported using word-based addressing. See Importing/Exporting Files for more information on importing.

int IsDrive()
Returns true if the current file is a physical or logical drive, or false otherwise (see Editing Drives).

int IsLogicalDrive()
Returns true if the current file is a logical drive, or false otherwise (see Editing Drives).

int IsPhysicalDrive()
Returns true if the current file is a physical drive, or false otherwise (see Editing Drives).

int IsProcess()
Returns true if the current file is a process, or false otherwise (see Editing Processes).

int OpenLogicalDrive( char driveletter )
Opens the drive with the given driveLetter as a new file in the editor. For example, 'OpenLogicalDrive('c');'. This function returns a negative number on failure. See Editing Drives for more information on drive editing.

int OpenPhysicalDrive( int physicalID )
Opens the physical drive physicalID as a new file in the editor (see Editing Drives). For example, 'OpenPhysicalDrive(0);'. This function returns a negative number on failure.

int OpenProcessById( int processID, int openwriteable=true )
Opens a process identified by the processID number (see Editing Processes). If openwriteable is true, only bytes that can be modified are opened, otherwise all readable bytes are opened. A negative number if returned if this function fails.

int OpenProcessByName( char processname[], int openwriteable=true )
Attempts to open a process given by the name processname as a new file in the editor. For example: 'OpenProcessByName( "cmd.exe" );' If openwriteable is true, only bytes that can be modified are opened, otherwise all readable bytes are opened. A negative number if returned if this function fails. See Editing Processes for more information.

int ReplaceAll(
    <datatype> finddata,
    <datatype> replacedata,
    int matchcase=true,
    int wholeword=false,
    int wildcards=false,
    double tolerance=0.0,
    int dir=1,
    quad start=0,
    quad size=0,
    int padwithzeros=false )
This function converts the arguments finddata and replacedata into a set of bytes, and then finds all occurrences of the find bytes in the file and replaces them with the replace bytes. The arguments matchcase, wholeword, wildcards, tolerance, dir, start, and size are all used when finding a value and are discussed in the FindAll function above. If padwithzeros is true, a set of zero bytes are added to the end of the replace data until it is the same length as the find data. The return value is the number of replacements made.