Search code examples
powershellbinaryhexpatchbytestream

Methods to hex edit binary files via Powershell


I am trying to perform a binary hex edit from the command line using only PowerShell. I have had partial success performing a hex replace with this snippet. My problem arises when 123456 occurs multiple times, since the replacement was only supposed to take place at a specific location.

Note: This snippet requires the Convert-ByteArrayToHexString and Convert-HexStringToByteArray functions shown here.

$readin = [System.IO.File]::ReadAllBytes("C:\OldFile.exe");
$hx = Convert-ByteArrayToHexString $readin -Width 40 -Delimiter "";
$hx = $hx -replace "123456","FFFFFF";
$hx = "0x" + $hx;
$writeout = Convert-HexStringToByteArray $hx;
Set-Content -Value $writeout -Encoding byte -Path "C:\NewFile.exe";

How can I specify an offset position into PowerShell rather than use this sketchy -replace command?


Solution

  • You already have a byte array, so you could simply modify the bytes at any given offset.

    $bytes  = [System.IO.File]::ReadAllBytes("C:\OldFile.exe")
    $offset = 23
    
    $bytes[$offset]   = 0xFF
    $bytes[$offset+1] = 0xFF
    $bytes[$offset+2] = 0xFF
    
    [System.IO.File]::WriteAllBytes("C:\NewFile.exe", $bytes)