在python 2.x中读取后如何在HEX中写入转储文件 [英] How to write to dump file in HEX after reading in python 2.x

问题描述

根据标题，我需要在写入转储文件中的特定字节时需要帮助.到目前为止，我可以使用以下代码读取512字节:

As per the title I need help with writing to a specific byte in a dump file. So far I'm able to read 512 byte with the following code :

sectorcount = 0;
bytecount= 0;
with open('a2.dump', 'rb') as f:
    for chunk in iter(lambda: f.read(16), b''):
        #16 bytes per chunk aka 32 characters
        item = chunk.encode('hex')
        #to filter display output so it shows 2 character per array element
        filtered_item= [item[i:i+2] for i in range(0, len(item), 2)]
        #to display in "hex" form
        #filtered_item[0] = "E5"


        print ' '.join(filtered_item)
        sectorcount = sectorcount +1
        #to display 1 sector use the value 32. adjust accordingly"
        if sectorcount ==32:
            break

显示的结果是

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21
03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa

如您所见，我将需要帮助来编辑结果中的其中一个值(例如，将"77"的值更改为"E1")

As you can see I would need help in editing one of those values in the results (e.g. changing the value of "77" to maybe "E1")

我尝试以with open('a2.dump', 'wb') as f:格式打开文件，但我的转储文件为空.我相信我需要对文件使用写操作，但不确定如何在Python中以十六进制(又名二进制)形式进行操作.

I tried opening the file as with open('a2.dump', 'wb') as f: but my dump file got nulled. I believe i need to use the write operation to the file but unsure how to do it in Hex aka binary form in Python.

提前感谢您的帮助！谢谢 ！

Appreciate any help in advance ! Thanks !

根据James Sebastian的要求，我创建了一个.dump文件，并在HexEdit中对其进行了编辑，其结果如上所示.

As per James Sebastian request the I created a .dump file and edited them in HexEdit with my results shown above.

然后我执行代码print repr(open('input.dump', 'rb').read()) 结果如下:

I then execute the code print repr(open('input.dump', 'rb').read()) Results as shown are:

'\x00w\x8a\x1c"\x00'

相应的预期输出(替换后的结果):

The corresponding expected output (the result after the replacements):

'\x00\xe1\x8a\x1c"\x00'

推荐答案

以下是进行十六进制搜索和演示的简短演示.替换为二进制文件.我摘录了一个32字节的数据；这是它的十六进制转储(在Linux上使用hd生产).

Here's a short demo of doing hex search & replace in a binary file. I took a 32 byte excerpt of your data; here's its hex dump (produced using hd on Linux).

00000000  00 00 00 00 00 00 00 00  77 8a 1c 22 00 00 00 21  |........w.."...!|
00000010  03 00 83 37 ee fb 00 08  00 00 00 b8 3d 00 00 00  |...7........=...|
00000020

代码如下:

fname = 'qdata'
with open(fname, 'r+b') as f:
    #save position of the start of the data block
    fprev = f.tell()
    stringdata = f.read(32)
    print stringdata.encode('hex')

    #replace the first occurence of \x77\x8a with \xe1\x8a
    newdata = stringdata.replace('\x77\x8a', '\xe1\x8a')
    print newdata.encode('hex')

    #rewind file to the start of the data block
    f.seek(fprev)
    f.write(newdata)

请注意，文件模式为'r+b'.这使我们可以读取文件并进行修改.如果以w模式打开文件，则该文件将被截断，即，其先前的内容将被清除，并且文件大小将重置为零.如果以a模式打开文件指针，则文件指针将位于文件末尾以允许附加数据.

Note that file mode is 'r+b'. This lets us read the file and also modify it. If you open it with a w mode the file is truncated, i.e., its previous contents get wiped out, and the file size is reset to zero. If you open it in an a mode the file pointer is positioned at the end of the file to allow data to be appended.

以下是上面代码打印的输出:

Here's the output that the above code prints:

0000000000000000778a1c220000002103008337eefb0008000000b83d000000
0000000000000000e18a1c220000002103008337eefb0008000000b83d000000

我们不需要执行那些.encode('hex')和print步骤，它们只是提供信息，因此我们可以查看程序的工作.

We don't need to do those .encode('hex') andprint steps, they're purely informational, so we can see what the program's doing.

这是修改后的文件的十六进制转储:

Here's the hexdump of the modified file:

00000000  00 00 00 00 00 00 00 00  e1 8a 1c 22 00 00 00 21  |..........."...!|
00000010  03 00 83 37 ee fb 00 08  00 00 00 b8 3d 00 00 00  |...7........=...|
00000020

在上面的代码中，我将整个文件内容读入RAM；这当然不是必须的，您可以逐块扫描它，也可以根据需要进行扫描.但是，您必须在文件.read()和.write()操作之间进行文件.seek()调用.

In the above code I read the entire file contents into RAM; that's certainly not necessary, you can scan it block by block, or however you see fit. But you must do a file .seek() call in between file .read() and .write() operations.

此外，请非常小心，以确保正确定位.并且不要意外地写入错误的数据长度.它不会改变文件的长度，但是如果替换数据不是您认为的长度，它仍然会使您的文件混乱.

Also, be very careful that you get the positioning correct. And don't accidentally write the wrong data length. It won't change the file length, but it can still make a mess of your file if your replacement data isn't the length you think it is.

这是一个以给定偏移量修改文件数据的功能.由于其动作可能会造成危险，因此该功能会提示用户确保正确的数据被覆盖.在测试代​​码中，我使用与以前相同的32字节文件，在偏移量0x12处覆盖了3个字节'\x83\x37\xee'.

Here's a function that modifies file data at a given offset. Because its action is potentially dangerous the function prompts the user to make sure that the correct data is being overwritten. In the test code I use the same 32 byte file as before, overwriting the 3 bytes '\x83\x37\xee' at offset 0x12.

def binedit(fname, offset, newdata):
    with open(fname, 'r+b') as f:
        #Show current contents
        f.seek(offset)
        stringdata = f.read(len(newdata))
        print 'Current data:'
        print '%08X: %s\n' % (offset, stringdata.encode('hex'))

        prompt = 'Replace with %s ? (y/N) ' % newdata.encode('hex')
        s = raw_input(prompt)
        if s != 'y':
            print 'Aborting'
            return

        #Replace data at offset with newdata
        f.seek(offset)
        f.write(newdata)


fname = 'qdata'
offset = 0x12
newdata = 'dead42'.decode('hex')
binedit(fname, offset, newdata)

输出

Current data:
00000012: 8337ee

Replace with dead42 ? (y/N) y

之前"和之后"十六进制转储:

The "before" and "after" hex dumps:

00000000  00 00 00 00 00 00 00 00  77 8a 1c 22 00 00 00 21  |........w.."...!|
00000010  03 00 83 37 ee fb 00 08  00 00 00 b8 3d 00 00 00  |...7........=...|
00000020

00000000  00 00 00 00 00 00 00 00  77 8a 1c 22 00 00 00 21  |........w.."...!|
00000010  03 00 de ad 42 fb 00 08  00 00 00 b8 3d 00 00 00  |....B.......=...|
00000020

免责声明:如果您使用此代码销毁有价值的数据，那不是我的错！

Disclaimer: If you destroy valuable data using this code it's not my fault!

这篇关于在python 2.x中读取后如何在HEX中写入转储文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！