For those of you who don't know of TreeHugger, its one of several must-have apps written by grigri. It skins the explorer treeview pane. See it in use here. You can get it here.

If you're familiar with using Resource Hacker this is a bit like changing the value of a string. The only thing to remember with hex-editing is that we cannot replace the 'string' value, in this case "Skins..." with a larger value such as "The Skins Button" but we can replace the value to be shorter or equal to whats already there in the code. Neat!

First, you will need a good hex editor. There are many available, some free, some not. For this tutorial I suggest using Hexplorer as its very easy to use, has some great features (more on those later!) and best of all, is free. You can get it here.

Before we begin you will need to unregister the treehugger.dll if you have already got it installed. This will make editing alot easier. Double-click the unregister.reg file and reboot.

Next, we need to make a backup. Make a copy of treehugger.dll and rename this to treehugger.dll.bkup. For now, keep this in the same directory as the original.

Now, unzip and run Hexplorer. You'll need to configure it first via View/Options. I have mine set to System Fixed Font, Matrix, 12 column grouped by 4, with the toolbar hidden and "Show offsets" unchecked.

Open up treehugger.dll. [Ctrl]+[F] will bring up the find box. We already know the string we are looking for, so type in "Skins..." (without the "") and hit [Enter]. You should now see something like this:

The string we searched for is highlighted. You'll notice there are two tables: on the left is three columns of hexidecimal, and on the right is the same data in ascii. The string in hexidecimal is 536B696E732E2E2E. Now click on the S. It has a hex value of 53. The status bar tells us the address of this value, 7894h. The "h" at the end tells us it is a hexidecimal address. We can go there directly by using the Go To Address function. Press [F5], and type in 7894. Notice that hexidecimal is the base default. If we were to enter 7894 as a decimal address, it would take us to a completely different location in the file. It is standard to give our offsets in hexidecimal.

Now, in this tutorial we are going to remove the "Skins..." text from the button. To do this, you'll need to edit the hexidecimal values. We can change values by simply moving the cursor and typing, either entering hex values in the left table or plain text in the right. Click on 53 in the hex table. Note that cursor is red for the active table, with its corresponding value in the adjacent table highlighted with in grey. Type in 00, and continue, replacing the entire string specified above with zeroes. You should end up with something like this:

Hit save and re-register the .dll. Reboot, open explorer and voila!

~Serenity