I am trying to perform a binary hex edit from the command line using only PowerShell. I have had partial success performing a hex replace with this snippet. My problem arises when 123456 occurs multiple times, since the replacement was only supposed to take place at a specific location.
Note: This snippet requires the
Convert-ByteArrayToHexStringandConvert-HexStringToByteArrayfunctions shown here.
$readin = [System.IO.File]::ReadAllBytes("C:\OldFile.exe");
$hx = Convert-ByteArrayToHexString $readin -Width 40 -Delimiter "";
$hx = $hx -replace "123456","FFFFFF";
$hx = "0x" + $hx;
$writeout = Convert-HexStringToByteArray $hx;
Set-Content -Value $writeout -Encoding byte -Path "C:\NewFile.exe";
How can I specify an offset position into PowerShell rather than use this sketchy -replace command?
You already have a byte array, so you could simply modify the bytes at any given offset.
$bytes = [System.IO.File]::ReadAllBytes("C:\OldFile.exe")
$offset = 23
$bytes[$offset] = 0xFF
$bytes[$offset+1] = 0xFF
$bytes[$offset+2] = 0xFF
[System.IO.File]::WriteAllBytes("C:\NewFile.exe", $bytes)