通过PowerShell的方法，以十六进制编辑二进制文件 [英] Methods to hex edit binary files via Powershell

问题描述

我试图执行从仅使用PowerShell的命令行二进制十六进制编辑。有执行六角本剪断替换部分成功。问题弹簧若123456出现多次和置换只应该在特定位置发生

Am trying to perform binary hex edit from the command line using only powershell. Have had partial success performing a hex replace with this snip. Problem springs up when 123456 occurs multiple times and the replacement was only supposed to occur at a specific location.

注：剪断要求这里找到转换-ByteArrayToHexString 和转换-HexStringToByteArray 功能。

NOTE: The snip requires the Convert-ByteArrayToHexString and Convert-HexStringToByteArray functions found here.

的http://www.sans.org/windows-security/2010/02/11/powershell-byte-array-hex-convert

$readin = [System.IO.File]::ReadAllBytes("C:\OldFile.exe");
$hx = Convert-ByteArrayToHexString $readin -width 40 -delimiter "";
$hx = $hx -replace "123456","FFFFFF";
$hx = "0x" + $hx;
$writeout = Convert-HexStringToByteArray $hx;
set-content -value $writeout -encoding byte -path "C:\NewFile.exe";

我们

如何指定偏移位置到PowerShell来替换这个​​粗略-replace命令。

How can we specify an offset position into powershell to replace this sketchy -replace command.

推荐答案

您已经有了一个字节数组，所以你可以随心所欲地修改字节任何给定的偏移量。

You already have a byte array, so you could simply modify the bytes at any given offset.

$bytes  = [System.IO.File]::ReadAllBytes("C:\OldFile.exe")
$offset = 23

$bytes[$offset]   = 0xFF
$bytes[$offset+1] = 0xFF
$bytes[$offset+2] = 0xFF

[System.IO.File]::WriteAllBytes("C:\NewFile.exe", $bytes)

这篇关于通过PowerShell的方法，以十六进制编辑二进制文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！