Reverse Engineering & Security Tools
Open Source

Pro Hex Analyzer & Binary Patcher

PythonTkinterCapstone EngineKeystone EngineStatic AnalysisBinary Patching

A lightweight, heavily multi-threaded desktop utility for rapid static binary triage. It provides real-time x86-64 disassembly, heuristic string extraction (IoC tagging), and live assembly injection.

Tech Stack

PythonTkinterCapstone EngineKeystone EngineStatic AnalysisBinary Patching

System Metrics

Prevents UI thread freezing during high-latency file reading and disassembly loops
Mitigates Out-Of-Memory (OOM) crashes by implementing strict 1,000-line UI buffer caps for large binaries
Optimized Regex compilation for rapid, multi-pass byte decoding and string extraction

Why Did I Build This?

"Firing up heavyweight disassemblers like IDA Pro or Ghidra just to peek at a binary's strings, grab an MD5, or patch a single `jz` to `jmp` is massive overkill. I engineered this tool to serve as an immediate, first-line triage and patching workbench. It allows me to safely inspect potentially malicious executables, isolate network indicators, and inject compiled assembly instructions directly into raw hex offsets without leaving the interface."

Architecture & Decisions

The application is built on a responsive Tkinter frontend decoupled from the heavy processing logic via a strict producer-consumer threading model and `queue.Queue` polling. This prevents UI lockups during intensive I/O operations. It natively integrates the Capstone framework for x86-64 disassembly and the Keystone framework to compile human-readable assembly back into raw machine code bytes for live patching. To ensure absolute memory stability, I implemented a safety threshold: binaries over 20MB are fully processed and dumped directly to Markdown artifacts, while the GUI strictly caps its visualization buffer to the first 1,000 instructions to prevent Tkinter text widget memory exhaustion.

Key Features

  • 01.Non-blocking Tkinter GUI utilizing asynchronous thread queues
  • 02.Live binary patching via Keystone engine (Assembly to Hex compilation)
  • 03.Real-time x86-64 disassembly via Capstone engine
  • 04.Heuristic Regex engine for automated IoC categorization (IPv4, URLs, Paths)
  • 05.Memory-safe Markdown artifact generation for massive payloads
  • 06.Built-in hex offset calculator and targeted search engine
This project showcases the intersection of low-level binary manipulation and efficient desktop UI design. By leveraging Capstone and Keystone in a decoupled thread architecture, the tool provides the power of a reverse-engineering suite with the startup time of a text editor. It acts as a critical component in my workflow for rapid malware analysis, hot-patching legacy executables, and inspecting packed binaries before shifting to heavier dynamic analysis tools.