![](/img/trans.png)
[英]Getting the leaf from a path string in Windows Command Prompt/batch file
[英]How to write binary file from hex string in Windows command prompt
我想从 windows cmd 中的十六进制字符串制作二进制可执行文件。 我使用了“echo” cmd 命令,但它是以普通字符串而不是二进制格式编写的。 因此无法执行 output exe 文件。
input: "\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\..." (this is first part of PE)
output: binary executable file
windows cmd 中是否有可能? 如果可能,请帮助我。 提前致谢。
已经有一段时间了,但我认为这在旧的 DOS 调试中是可能的。 看看这里: https://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/DOS-Debug.shtml
是的,有一种方法:有一个名为CertUtil.exe
的工具(自 Windows XP 起可用,尽管某些动词可能已被更改),它具有一个名为-decodehex
的动词(对于可选参数type
,请查看参数dwFlags
function CryptBinaryToStringA
的):
Usage: CertUtil [Options] -decodehex InFile OutFile [type] Decode hexadecimal-encoded file type -- numeric CRYPT_STRING_* encoding type [...]
但是,这不理解您输入数据的十六进制代码,需要删除\x
。
以下脚本从文件中读取您的输入十六进制字符串,将每个\x
替换为临时文件中的空格,并使用certutil -decodehex
将其转换为二进制文件:
@echo off
setlocal EnableExtensions DisableDelayedExpansion
rem // Define constants here:
set "_INPF=%~1" & rem // (input file; `%~1` is first command line argument)
set "_OUTF=%~2" & rem // (output file; `%~2` is second command line argument)
set "_TMPF=%TEMP%\%~n0_%RANDOM%.tmp" & rem // (temporary file)
rem // Prepare input file by replacing `\x` with ` ` and writing result to temp. file:
< nul set /P ="Preparing data... "
< "%_INPF%" > "%_TMPF%" call :PREPARE
echo done.
rem // Convert temporary file with hex codes into binary output file:
certutil -f -v -decodehex "%_TMPF%" "%_OUTF%" 4
rem // Clean up temporary file:
del "%_TMPF%"
endlocal
exit /B
:PREPARE
setlocal EnableDelayedExpansion
rem // Initialise auxiliary variables:
set "REST="
rem /* Read input file in chunks of 1 KBytes using `set /P`; `for /F` is avoided
rem for reading the file, because it would limit line lengths to 8 KBytes: */
:PREPARE_LOOP
rem // Read a chunk or line of hex codes:
set "LINE=" & set /P LINE=""
rem // Read chunk is empty, hence end of data is reached, so terminate loop:
if not defined LINE goto :PREPARE_NEXT
rem // Prepend potential fragment from previous chunk:
set "LINE=!REST!!LINE!" & set "REST="
rem // Now replace every `\x` by ` `:
set "LINE=!LINE:\x= !"
rem // Store remaining fragment of search string to be processed with next chunk:
if "!LINE:~-1!"=="\" (set "LINE=!LINE:~,-1!" & set "REST=\")
rem /* Return converted chunk without trailing line-break in order to avoid hex
rem codes to become torn apart: */
< nul set /P ="!LINE!"
rem // Loop back at this point:
goto :PREPARE_LOOP
:PREPARE_NEXT
endlocal
exit /B
请注意, certutil
将文件大小限制为几十兆字节(也如此处所述)。
set input=\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff
del out.exe
echo la >t
set input=%input:\x= %
fsutil file createnew 0 1
chcp 1252 >nul
for %i in (%input%) do (
if /i %i==ff (
set /p=ÿ<nul>> out.exe
) else (
if %i==00 (
type 0 >> out.exe
) else (
forfiles /m "t" /c "cmd /c set /p=0x%i>> out.exe"< nul
)
)
)
某些字节需要 escaping 才能与forfiles
一起使用; 一种解决方法是找到“毒字符”,然后从不同代码页中的不同字符生成字节码,然后再生成二进制文件,例如。 437 vs 1252 为相同的字符提供不同的字节:ÿ - 0x98 vs 0xFF
dir out.exe
14/10/2021 12:31 14 out.exe
1 File(s) 14 bytes
在 Win 10 cmd 上测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.