Menu
Am trying to perform binary hex edit from the command line using only powershell. Have had partial success performing a hex replace with this snip. Problem springs up when 123456 occurs multiple times and the replacement was only supposed to occur at a specific location.
NOTE: The snip requires the Convert-ByteArrayToHexString and Convert-HexStringToByteArray functions found here.
http://www.sans.org/windows-security/2010/02/11/powershell-byte-array-hex-convert
$readin = [System.IO.File]::ReadAllBytes("C:\OldFile.exe");
$hx = Convert-ByteArrayToHexString $readin -width 40 -delimiter "";
$hx = $hx -replace "123456","FFFFFF";
$hx = "0x" + $hx;
$writeout = Convert-HexStringToByteArray $hx;
set-content -value $writeout -encoding byte -path "C:\NewFile.exe";
How can we specify an offset position into powershell to replace this sketchy -replace command.
278
You already have a byte array, so you could simply modify the bytes at any given offset.
$bytes = [System.IO.File]::ReadAllBytes("C:\OldFile.exe")
$offset = 23
$bytes[$offset] = 0xFF
$bytes[$offset+1] = 0xFF
$bytes[$offset+2] = 0xFF
[System.IO.File]::WriteAllBytes("C:\NewFile.exe", $bytes)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
