如何在 python 2.x 中读取后以 HEX 写入转储文件
How to write to dump file in HEX after reading in python 2.x
根据标题,我需要帮助写入转储文件中的特定字节。到目前为止,我可以使用以下代码读取 512 字节:
sectorcount = 0;
bytecount= 0;
with open('a2.dump', 'rb') as f:
for chunk in iter(lambda: f.read(16), b''):
#16 bytes per chunk aka 32 characters
item = chunk.encode('hex')
#to filter display output so it shows 2 character per array element
filtered_item= [item[i:i+2] for i in range(0, len(item), 2)]
#to display in "hex" form
#filtered_item[0] = "E5"
print ' '.join(filtered_item)
sectorcount = sectorcount +1
#to display 1 sector use the value 32. adjust accordingly"
if sectorcount ==32:
break
显示的结果是
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21
03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa
如您所见,我需要帮助来编辑结果中的其中一个值(例如,将“77”的值更改为 "E1")
我尝试以 with open('a2.dump', 'wb') as f: 打开文件,但我的转储文件被取消了。我相信我需要对文件使用写操作,但不确定如何以 Python.
中的十六进制或二进制形式执行此操作
提前感谢任何帮助!谢谢 !
编辑:
根据 James Sebastian 的要求,我创建了一个 .dump 文件并在 HexEdit 中对其进行了编辑,结果如上所示。
然后我执行代码print repr(open('input.dump', 'rb').read())
结果如图:
'\x00w\x8a\x1c"\x00'
对应的预期输出(替换后的结果):
'\x00\xe1\x8a\x1c"\x00'
这是一个在二进制文件中进行十六进制搜索和替换的简短演示。我从你的数据中摘录了 32 字节;这是它的十六进制转储(在 Linux 上使用 hd 生成)。
00000000 00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21 |........w.."...!|
00000010 03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00 |...7........=...|
00000020
代码如下:
fname = 'qdata'
with open(fname, 'r+b') as f:
#save position of the start of the data block
fprev = f.tell()
stringdata = f.read(32)
print stringdata.encode('hex')
#replace the first occurence of \x77\x8a with \xe1\x8a
newdata = stringdata.replace('\x77\x8a', '\xe1\x8a')
print newdata.encode('hex')
#rewind file to the start of the data block
f.seek(fprev)
f.write(newdata)
注意文件模式是'r+b'。这让我们可以读取文件并修改它。如果您使用 w 模式打开它,文件将被截断,即,其之前的内容将被清除,文件大小将重置为零。如果以 a 模式打开它,文件指针位于文件末尾以允许附加数据。
这是上面代码打印的输出:
0000000000000000778a1c220000002103008337eefb0008000000b83d000000
0000000000000000e18a1c220000002103008337eefb0008000000b83d000000
我们不需要执行那些.encode('hex')和print步骤,它们纯粹是信息性的,所以我们可以看到程序在做什么.
这是修改后文件的十六进制转储:
00000000 00 00 00 00 00 00 00 00 e1 8a 1c 22 00 00 00 21 |..........."...!|
00000010 03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00 |...7........=...|
00000020
在上面的代码中,我将整个文件内容读入RAM;这当然不是必需的,您可以逐块扫描它,或者您认为合适的方式。但是你必须在文件.read()和.write()操作之间做一个文件.seek()调用。
另外,非常小心,确保定位正确。并且不要不小心写错了数据长度。它不会改变文件长度,但如果您的替换数据不是您认为的长度,它仍然会弄乱您的文件。
这是一个在给定偏移处修改文件数据的函数。由于其操作具有潜在危险,因此该功能会提示用户确保覆盖了正确的数据。在测试代码中,我使用与以前相同的 32 字节文件,覆盖偏移量 0x12.
处的 3 个字节 '\x83\x37\xee'
def binedit(fname, offset, newdata):
with open(fname, 'r+b') as f:
#Show current contents
f.seek(offset)
stringdata = f.read(len(newdata))
print 'Current data:'
print '%08X: %s\n' % (offset, stringdata.encode('hex'))
prompt = 'Replace with %s ? (y/N) ' % newdata.encode('hex')
s = raw_input(prompt)
if s != 'y':
print 'Aborting'
return
#Replace data at offset with newdata
f.seek(offset)
f.write(newdata)
fname = 'qdata'
offset = 0x12
newdata = 'dead42'.decode('hex')
binedit(fname, offset, newdata)
输出
Current data:
00000012: 8337ee
Replace with dead42 ? (y/N) y
"before" 和 "after" 十六进制转储:
00000000 00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21 |........w.."...!|
00000010 03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00 |...7........=...|
00000020
00000000 00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21 |........w.."...!|
00000010 03 00 de ad 42 fb 00 08 00 00 00 b8 3d 00 00 00 |....B.......=...|
00000020
免责声明:如果您使用此代码破坏有价值的数据,那不是我的错!
要替换二进制文件中的字节,您不需要十六进制转储,例如,将 b'\x77' 替换为 b'\xE1':
#!/usr/bin/env python
import mmap
from contextlib import closing
with open('a2.dump', 'r+b') as file, \
closing(mmap.mmap(file.fileno(), 0, access=mmap.ACCESS_WRITE)) as s:
i = -1
while 1:
i = s.find(b'\x77', i+1)
if i < 0: # not found
break
s[i] = b'\xE1'[0] # replace
它就地执行替换。它适用于任意大文件。
例如,如果输入文件是使用以下方法创建的:
open('a2.dump','wb').write(b'\x00w\x8a\x1c"\x00')
那么输出(在 77 -> E1 替换之后)是:
print(repr(open('a2.dump','rb').read()))
# -> b'\x00\xe1\x8a\x1c"\x00'
注意 0x77 字节被替换为 0xE1。
见。
根据标题,我需要帮助写入转储文件中的特定字节。到目前为止,我可以使用以下代码读取 512 字节:
sectorcount = 0;
bytecount= 0;
with open('a2.dump', 'rb') as f:
for chunk in iter(lambda: f.read(16), b''):
#16 bytes per chunk aka 32 characters
item = chunk.encode('hex')
#to filter display output so it shows 2 character per array element
filtered_item= [item[i:i+2] for i in range(0, len(item), 2)]
#to display in "hex" form
#filtered_item[0] = "E5"
print ' '.join(filtered_item)
sectorcount = sectorcount +1
#to display 1 sector use the value 32. adjust accordingly"
if sectorcount ==32:
break
显示的结果是
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21
03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa
如您所见,我需要帮助来编辑结果中的其中一个值(例如,将“77”的值更改为 "E1")
我尝试以 with open('a2.dump', 'wb') as f: 打开文件,但我的转储文件被取消了。我相信我需要对文件使用写操作,但不确定如何以 Python.
提前感谢任何帮助!谢谢 !
编辑: 根据 James Sebastian 的要求,我创建了一个 .dump 文件并在 HexEdit 中对其进行了编辑,结果如上所示。
然后我执行代码print repr(open('input.dump', 'rb').read())
结果如图:
'\x00w\x8a\x1c"\x00'
对应的预期输出(替换后的结果):
'\x00\xe1\x8a\x1c"\x00'
这是一个在二进制文件中进行十六进制搜索和替换的简短演示。我从你的数据中摘录了 32 字节;这是它的十六进制转储(在 Linux 上使用 hd 生成)。
00000000 00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21 |........w.."...!|
00000010 03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00 |...7........=...|
00000020
代码如下:
fname = 'qdata'
with open(fname, 'r+b') as f:
#save position of the start of the data block
fprev = f.tell()
stringdata = f.read(32)
print stringdata.encode('hex')
#replace the first occurence of \x77\x8a with \xe1\x8a
newdata = stringdata.replace('\x77\x8a', '\xe1\x8a')
print newdata.encode('hex')
#rewind file to the start of the data block
f.seek(fprev)
f.write(newdata)
注意文件模式是'r+b'。这让我们可以读取文件并修改它。如果您使用 w 模式打开它,文件将被截断,即,其之前的内容将被清除,文件大小将重置为零。如果以 a 模式打开它,文件指针位于文件末尾以允许附加数据。
这是上面代码打印的输出:
0000000000000000778a1c220000002103008337eefb0008000000b83d000000
0000000000000000e18a1c220000002103008337eefb0008000000b83d000000
我们不需要执行那些.encode('hex')和print步骤,它们纯粹是信息性的,所以我们可以看到程序在做什么.
这是修改后文件的十六进制转储:
00000000 00 00 00 00 00 00 00 00 e1 8a 1c 22 00 00 00 21 |..........."...!|
00000010 03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00 |...7........=...|
00000020
在上面的代码中,我将整个文件内容读入RAM;这当然不是必需的,您可以逐块扫描它,或者您认为合适的方式。但是你必须在文件.read()和.write()操作之间做一个文件.seek()调用。
另外,非常小心,确保定位正确。并且不要不小心写错了数据长度。它不会改变文件长度,但如果您的替换数据不是您认为的长度,它仍然会弄乱您的文件。
这是一个在给定偏移处修改文件数据的函数。由于其操作具有潜在危险,因此该功能会提示用户确保覆盖了正确的数据。在测试代码中,我使用与以前相同的 32 字节文件,覆盖偏移量 0x12.
处的 3 个字节'\x83\x37\xee'
def binedit(fname, offset, newdata):
with open(fname, 'r+b') as f:
#Show current contents
f.seek(offset)
stringdata = f.read(len(newdata))
print 'Current data:'
print '%08X: %s\n' % (offset, stringdata.encode('hex'))
prompt = 'Replace with %s ? (y/N) ' % newdata.encode('hex')
s = raw_input(prompt)
if s != 'y':
print 'Aborting'
return
#Replace data at offset with newdata
f.seek(offset)
f.write(newdata)
fname = 'qdata'
offset = 0x12
newdata = 'dead42'.decode('hex')
binedit(fname, offset, newdata)
输出
Current data:
00000012: 8337ee
Replace with dead42 ? (y/N) y
"before" 和 "after" 十六进制转储:
00000000 00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21 |........w.."...!|
00000010 03 00 83 37 ee fb 00 08 00 00 00 b8 3d 00 00 00 |...7........=...|
00000020
00000000 00 00 00 00 00 00 00 00 77 8a 1c 22 00 00 00 21 |........w.."...!|
00000010 03 00 de ad 42 fb 00 08 00 00 00 b8 3d 00 00 00 |....B.......=...|
00000020
免责声明:如果您使用此代码破坏有价值的数据,那不是我的错!
要替换二进制文件中的字节,您不需要十六进制转储,例如,将 b'\x77' 替换为 b'\xE1':
#!/usr/bin/env python
import mmap
from contextlib import closing
with open('a2.dump', 'r+b') as file, \
closing(mmap.mmap(file.fileno(), 0, access=mmap.ACCESS_WRITE)) as s:
i = -1
while 1:
i = s.find(b'\x77', i+1)
if i < 0: # not found
break
s[i] = b'\xE1'[0] # replace
它就地执行替换。它适用于任意大文件。
例如,如果输入文件是使用以下方法创建的:
open('a2.dump','wb').write(b'\x00w\x8a\x1c"\x00')
那么输出(在 77 -> E1 替换之后)是:
print(repr(open('a2.dump','rb').read()))
# -> b'\x00\xe1\x8a\x1c"\x00'
注意 0x77 字节被替换为 0xE1。
见