通过PowerShell的方法,以十六进制编辑二进制文件 [英] Methods to hex edit binary files via Powershell
问题描述
我试图执行从仅使用PowerShell的命令行二进制十六进制编辑。有执行六角本剪断替换部分成功。问题弹簧若123456出现多次和置换只应该在特定位置发生
Am trying to perform binary hex edit from the command line using only powershell. Have had partial success performing a hex replace with this snip. Problem springs up when 123456 occurs multiple times and the replacement was only supposed to occur at a specific location.
注:剪断要求这里找到转换-ByteArrayToHexString
和转换-HexStringToByteArray
功能。
NOTE: The snip requires the Convert-ByteArrayToHexString
and Convert-HexStringToByteArray
functions found here.
的http://www.sans.org/windows-security/2010/02/11/powershell-byte-array-hex-convert
$readin = [System.IO.File]::ReadAllBytes("C:\OldFile.exe");
$hx = Convert-ByteArrayToHexString $readin -width 40 -delimiter "";
$hx = $hx -replace "123456","FFFFFF";
$hx = "0x" + $hx;
$writeout = Convert-HexStringToByteArray $hx;
set-content -value $writeout -encoding byte -path "C:\NewFile.exe";
我们
如何指定偏移位置到PowerShell来替换这个粗略-replace命令。
How can we specify an offset position into powershell to replace this sketchy -replace command.
推荐答案
您已经有了一个字节数组,所以你可以随心所欲地修改字节任何给定的偏移量。
You already have a byte array, so you could simply modify the bytes at any given offset.
$bytes = [System.IO.File]::ReadAllBytes("C:\OldFile.exe")
$offset = 23
$bytes[$offset] = 0xFF
$bytes[$offset+1] = 0xFF
$bytes[$offset+2] = 0xFF
[System.IO.File]::WriteAllBytes("C:\NewFile.exe", $bytes)
这篇关于通过PowerShell的方法,以十六进制编辑二进制文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!