windows 转换exe到hexdump与powershell

vltsax25  于 2023-11-21  发布在  Windows
关注(0)|答案(2)|浏览(151)

我如何从cmd运行此命令而不运行powershell?

> [byte[]] $hex = get-content -encoding byte -path C:\temp\nc.exe
> [System.IO.File]::WriteAllLines("C:\temp\hexdump.txt", ([string]$hex))

字符串
我试着这样做,但不工作
powershell -command“[byte[]] $hex = get-content -encoding byte -path C:\Users\evilcode1\Desktop\nc.exe; [System.IO.File]::WriteAllLines('C:\Users\evilcode1\hexdump1.txt',([string]$hex))”
我怎么能做到这一点!然后我需要用这个命令从文本文件中重建可执行文件:
[string]$hex = get-content -path C:\Users\user\Desktop\hexdump.txt [Byte[]] $temp = $hex -split ' ' [System.IO.File]::WriteAlllog(“C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\nc.exe”,$temp)
我如何可以运行他们直接从cmd没有打开powershell

anhgbhbe

anhgbhbe1#

将字节**转换为十六进制字符串:

# read the binary data as byte array
[byte[]]$data = [System.IO.File]::ReadAllBytes('D:\Test\blah.exe')

# write to new file as string of hex encoded characters
[System.IO.File]::WriteAllText('D:\Test\blah.hex',[System.BitConverter]::ToString($data).Replace('-',''), [System.Text.Encoding]::ASCII)

字符串
要转换回FROM十六进制字符串:

# read the textfile as single ASCII string
$hex = [System.IO.File]::ReadAllText('D:\Test\blah.hex', [System.Text.Encoding]::ASCII)

# convert to bytes and write these as new binary file
[System.IO.File]::WriteAllBytes('D:\Test\blahblah.exe', ($hex -split '(.{2})' -ne '' -replace '^', '0X'))

0kjbasz6

0kjbasz62#

我的答案是基于@theo的https://stackoverflow.com/a/66303318/2394635,但有一些改进:

  • 每个命令都是一行程序。
  • 输入和输出文件可以直接传递给脚本
  • 与其他PowerShell函数不同,它不需要文件之前就存在
  • 兼容任何PowerShell版本,5或7

要将文件转换为十六进制字符串,请调用脚本:

# .\bin2hex.ps1 binfile hexfile
# write to new file as string of hex encoded characters
# $args[0] is binary, to $args[1] which is text
[.System.IO.File]::WriteAllText([io.path]::getfullpath([io.path]::combine($pwd.providerpath, $args[1])),[System.BitConverter]::ToString([byte[]][System.IO.File]::ReadAllBytes([io.path]::getfullpath([io.path]::combine($pwd.providerpath, $args[0])))).Replace('-',''), [System.Text.Encoding]::ASCII)

字符串
要将文件转换为十六进制字符串,只需执行以下命令:

[System.IO.File]::WriteAllText($ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath("file.hex"),[System.BitConverter]::ToString([byte[]][System.IO.File]::ReadAllBytes($ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath("file.bin"))).Replace('-',''), [System.Text.Encoding]::ASCII)


要转换回FROM十六进制字符串,请使用脚本:

# .\bin2hex.ps1 hexfile binfile
# convert to bytes and write these as new binary file
# $args[0] is text, to $args[1] which is binary
[System.IO.File]::WriteAllBytes([io.path]::getfullpath([io.path]::combine($pwd.providerpath, $args[1])), (([System.IO.File]::ReadAllText([io.path]::getfullpath([io.path]::combine($pwd.providerpath, $args[0])), [System.Text.Encoding]::ASCII)) -split '(.{2})' -ne '' -replace '^', '0X'))


要转换回FROM十六进制字符串,只需执行以下命令:

[System.IO.File]::WriteAllBytes($ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath("fileb.bin"), (([System.IO.File]::ReadAllText($ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath("file.hex"), [System.Text.Encoding]::ASCII)) -split '(.{2})' -ne '' -replace '^', '0X'))

相关问题