通过 Powershell 十六进制编辑二进制文件的方法 [英] Methods to hex edit binary files via Powershell

问题描述

我正在尝试仅使用 powershell 从命令行执行二进制十六进制编辑.使用此片段执行十六进制替换已取得部分成功.当 123456 多次出现并且替换只应该发生在特定位置时，问题就会出现.

Am trying to perform binary hex edit from the command line using only powershell. Have had partial success performing a hex replace with this snip. Problem springs up when 123456 occurs multiple times and the replacement was only supposed to occur at a specific location.

注意:该片段需要在此处找到的 Convert-ByteArrayToHexString 和 Convert-HexStringToByteArray 函数.

NOTE: The snip requires the Convert-ByteArrayToHexString and Convert-HexStringToByteArray functions found here.

http://www.sans.org/windows-security/2010/02/11/powershell-byte-array-hex-convert

$readin = [System.IO.File]::ReadAllBytes("C:OldFile.exe");
$hx = Convert-ByteArrayToHexString $readin -width 40 -delimiter "";
$hx = $hx -replace "123456","FFFFFF";
$hx = "0x" + $hx;
$writeout = Convert-HexStringToByteArray $hx;
set-content -value $writeout -encoding byte -path "C:NewFile.exe";

我们如何在 powershell 中指定偏移位置来替换这个粗略的 -replace 命令.

How can we specify an offset position into powershell to replace this sketchy -replace command.

推荐答案

您已经有了一个字节数组，因此您可以简单地修改任意给定偏移量处的字节.

You already have a byte array, so you could simply modify the bytes at any given offset.

$bytes  = [System.IO.File]::ReadAllBytes("C:OldFile.exe")
$offset = 23

$bytes[$offset]   = 0xFF
$bytes[$offset+1] = 0xFF
$bytes[$offset+2] = 0xFF

[System.IO.File]::WriteAllBytes("C:NewFile.exe", $bytes)

这篇关于通过 Powershell 十六进制编辑二进制文件的方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！