如何在 Windows 命令提示符下从十六进制字符串写入二进制文件
How to write binary file from hex string in Windows command prompt
我想在 windows cmd 中从十六进制字符串生成二进制可执行文件。我使用 "echo" cmd 命令,但它写在
普通字符串,不是二进制格式。所以无法执行输出的exe文件。
input: "\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\..." (this is first part of PE)
output: binary executable file
在windows cmd 中可以吗?如果可能的话,请帮助我。提前致谢。
已经有一段时间了,但我认为这在旧的 DOS 调试中是可能的。看这里:https://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/DOS-Debug.shtml
是的,有一个方法:有一个名为CertUtil.exe (available since Windows XP, though some verbs may have been altered), which features a verb called -decodehex (for the optional parameter type take a look at the argument dwFlags of the function CryptBinaryToStringA)的工具:
Usage:
CertUtil [Options] -decodehex InFile OutFile [type]
Decode hexadecimal-encoded file
type -- numeric CRYPT_STRING_* encoding type
[...]
但是,这无法理解您输入数据的十六进制代码,需要删除 \x。
以下脚本从文件中读取您输入的十六进制字符串,在临时文件中用 SPACE 替换每个 \x 并将其转换为使用 certutil -decodehex:
的二进制文件
@echo off
setlocal EnableExtensions DisableDelayedExpansion
rem // Define constants here:
set "_INPF=%~1" & rem // (input file; `%~1` is first command line argument)
set "_OUTF=%~2" & rem // (output file; `%~2` is second command line argument)
set "_TMPF=%TEMP%\%~n0_%RANDOM%.tmp" & rem // (temporary file)
rem // Prepare input file by replacing `\x` with ` ` and writing result to temp. file:
< nul set /P ="Preparing data... "
< "%_INPF%" > "%_TMPF%" call :PREPARE
echo done.
rem // Convert temporary file with hex codes into binary output file:
certutil -f -v -decodehex "%_TMPF%" "%_OUTF%" 4
rem // Clean up temporary file:
del "%_TMPF%"
endlocal
exit /B
:PREPARE
setlocal EnableDelayedExpansion
rem // Initialise auxiliary variables:
set "REST="
rem /* Read input file in chunks of 1 KBytes using `set /P`; `for /F` is avoided
rem for reading the file, because it would limit line lengths to 8 KBytes: */
:PREPARE_LOOP
rem // Read a chunk or line of hex codes:
set "LINE=" & set /P LINE=""
rem // Read chunk is empty, hence end of data is reached, so terminate loop:
if not defined LINE goto :PREPARE_NEXT
rem // Prepend potential fragment from previous chunk:
set "LINE=!REST!!LINE!" & set "REST="
rem // Now replace every `\x` by ` `:
set "LINE=!LINE:\x= !"
rem // Store remaining fragment of search string to be processed with next chunk:
if "!LINE:~-1!"=="\" (set "LINE=!LINE:~,-1!" & set "REST=\")
rem /* Return converted chunk without trailing line-break in order to avoid hex
rem codes to become torn apart: */
< nul set /P ="!LINE!"
rem // Loop back at this point:
goto :PREPARE_LOOP
:PREPARE_NEXT
endlocal
exit /B
请注意,certutil 将文件大小限制为几十兆字节(here 也提到了)。
set input=\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff
del out.exe
echo la >t
set input=%input:\x= %
fsutil file createnew 0 1
chcp 1252 >nul
for %i in (%input%) do (
if /i %i==ff (
set /p=ÿ<nul>> out.exe
) else (
if %i==00 (
type 0 >> out.exe
) else (
forfiles /m "t" /c "cmd /c set /p=0x%i>> out.exe"< nul
)
)
)
有些字节需要转义才能与 forfiles 一起使用;解决方法是找到 'the poison characters',然后从不同代码页中的不同字符生成字节码,然后再生成二进制文件,例如。 437 与 1252 为相同的字符提供不同的字节:ÿ - 0x98 与 0xFF
dir out.exe
14/10/2021 12:31 14 out.exe
1 File(s) 14 bytes
已在 Win 10 cmd 上测试。
我想在 windows cmd 中从十六进制字符串生成二进制可执行文件。我使用 "echo" cmd 命令,但它写在 普通字符串,不是二进制格式。所以无法执行输出的exe文件。
input: "\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\..." (this is first part of PE)
output: binary executable file
在windows cmd 中可以吗?如果可能的话,请帮助我。提前致谢。
已经有一段时间了,但我认为这在旧的 DOS 调试中是可能的。看这里:https://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/DOS-Debug.shtml
是的,有一个方法:有一个名为CertUtil.exe (available since Windows XP, though some verbs may have been altered), which features a verb called -decodehex (for the optional parameter type take a look at the argument dwFlags of the function CryptBinaryToStringA)的工具:
Usage: CertUtil [Options] -decodehex InFile OutFile [type] Decode hexadecimal-encoded file type -- numeric CRYPT_STRING_* encoding type [...]
但是,这无法理解您输入数据的十六进制代码,需要删除 \x。
以下脚本从文件中读取您输入的十六进制字符串,在临时文件中用 SPACE 替换每个 \x 并将其转换为使用 certutil -decodehex:
@echo off
setlocal EnableExtensions DisableDelayedExpansion
rem // Define constants here:
set "_INPF=%~1" & rem // (input file; `%~1` is first command line argument)
set "_OUTF=%~2" & rem // (output file; `%~2` is second command line argument)
set "_TMPF=%TEMP%\%~n0_%RANDOM%.tmp" & rem // (temporary file)
rem // Prepare input file by replacing `\x` with ` ` and writing result to temp. file:
< nul set /P ="Preparing data... "
< "%_INPF%" > "%_TMPF%" call :PREPARE
echo done.
rem // Convert temporary file with hex codes into binary output file:
certutil -f -v -decodehex "%_TMPF%" "%_OUTF%" 4
rem // Clean up temporary file:
del "%_TMPF%"
endlocal
exit /B
:PREPARE
setlocal EnableDelayedExpansion
rem // Initialise auxiliary variables:
set "REST="
rem /* Read input file in chunks of 1 KBytes using `set /P`; `for /F` is avoided
rem for reading the file, because it would limit line lengths to 8 KBytes: */
:PREPARE_LOOP
rem // Read a chunk or line of hex codes:
set "LINE=" & set /P LINE=""
rem // Read chunk is empty, hence end of data is reached, so terminate loop:
if not defined LINE goto :PREPARE_NEXT
rem // Prepend potential fragment from previous chunk:
set "LINE=!REST!!LINE!" & set "REST="
rem // Now replace every `\x` by ` `:
set "LINE=!LINE:\x= !"
rem // Store remaining fragment of search string to be processed with next chunk:
if "!LINE:~-1!"=="\" (set "LINE=!LINE:~,-1!" & set "REST=\")
rem /* Return converted chunk without trailing line-break in order to avoid hex
rem codes to become torn apart: */
< nul set /P ="!LINE!"
rem // Loop back at this point:
goto :PREPARE_LOOP
:PREPARE_NEXT
endlocal
exit /B
请注意,certutil 将文件大小限制为几十兆字节(here 也提到了)。
set input=\x4d\x5a\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff
del out.exe
echo la >t
set input=%input:\x= %
fsutil file createnew 0 1
chcp 1252 >nul
for %i in (%input%) do (
if /i %i==ff (
set /p=ÿ<nul>> out.exe
) else (
if %i==00 (
type 0 >> out.exe
) else (
forfiles /m "t" /c "cmd /c set /p=0x%i>> out.exe"< nul
)
)
)
有些字节需要转义才能与 forfiles 一起使用;解决方法是找到 'the poison characters',然后从不同代码页中的不同字符生成字节码,然后再生成二进制文件,例如。 437 与 1252 为相同的字符提供不同的字节:ÿ - 0x98 与 0xFF
dir out.exe
14/10/2021 12:31 14 out.exe
1 File(s) 14 bytes
已在 Win 10 cmd 上测试。