Bytehist a tool for generating byte-usage-histograms for all types of files with a special focus on binary executables in PE-format (Windows). Pack and unpack binary file test them with anti malwares and other security tool and find what needs to be improved.
Features of bytehist
Makes byte-usage-histograms of any file of any size
Histograms are generated as sorted and unsorted diagrams
Sub-histograms for each section of binary executables (PE)
Quick overview with GUI navigation in case of sub-histograms
Percentage for the share in the total filesize for sub-histograms
Sourcerelated names for sub-histograms (= section-names in case of PEs)
Results can be saved as .jpg, .bmp and .png files
Works as GUI and also as commandline tool (for scripting purposes)
How to use bytehist
bytehist [options file]
Executing bytehist without any parameters activates full GUI-mode.
options: -nogui … don’t bring up any GUI
-save file … save histogram to given file (bmp, png or jpg)
-h … show a short help
Sample usage bytehist
Statistics can be a very good method if you want to detect encrypted or packed data. Data that has been manipulated in such a way usually comes up with a very even distribution of bytes being used. In contrast normal data typically has some bytes that are used constantly, which is caused by any kind of structures. So the byte-distribution of unencrypted and unpacked clear text, database-files, … and even executable binaries differ massevily from the encrypted and/or packed ones. By putting this “phenomenon” into a picture this difference can be easily visualized by histograms.
The first example shows an unpacked file. In fact the source of this histogram was a log-file – so that’s human readable information.
Operating system supported
Windows
Linux
Source code is also available.
Download Bytehist Here
Searches leading to this post:bytehist
You must log in to post a comment.