HezzelQuartz Posted August 15, 2023 Share Posted August 15, 2023 How to use StringRegExp or StringRegExpReplace To Hex File / Code? I try to use these code below While 1 While $Standby = True $hlib = FileOpen(@ScriptDir & "\" & "lib.so", 16) $rlib = FileRead($hlib) FileClose($hlib) ; $rlibnew = StringRegExpReplace($rlib, 'FF4301D1 FE0B00F9 F85F02A9 F65703A9 F44F04A9 58D03BD5 F30308AA 081740F9' & '[[:xdigit:]]{8}' & 'F50300AA E80700F9 43FEFF97 9F060071 F603002A AB000054', 'FF4301D1 FE0B00F9 F85F02A9 F65703A9 F44F04A9 58D03BD5 F30308AA 081740F9' & '11223344' & 'F50300AA E80700F9 43FEFF97 9F060071 F603002A AB000054') FileWrite(@ScriptDir & "\" & "newlib.so", $rlibnew) ; $Standby = False WEnd WEnd But, everytime I run that code, the file result will be bigger (twice) than before Link to comment Share on other sites More sharing options...
Andreik Posted August 15, 2023 Share Posted August 15, 2023 (edited) If you want to write back as binary then you should open the file for binary write. FileWrite(@ScriptDir & "\" & "newlib.so", $rlibnew) should be something like $hlib = FileOpen(@ScriptDir & "\newlib.so", 16 + 2) FileWrite($hlib, $rlibnew) FileClose($hlib) Edited August 15, 2023 by Andreik When the words fail... music speaks. Link to comment Share on other sites More sharing options...
HezzelQuartz Posted August 18, 2023 Author Share Posted August 18, 2023 @Andreik If I changed it to 16+2 then the source file and the result file, both size become 0 If I use only 16 then nothing happened to the source file, but the result file size will always be bigger (twice) Link to comment Share on other sites More sharing options...
Andreik Posted August 18, 2023 Share Posted August 18, 2023 (edited) We don't know what's in your lib.so and what's the best approach in this particular case. You can't open the file for binary read (16) and then in your regex pattern to assume you have spaces between bytes. Is your data really binary? If it's not binary and your lib.so contains something like this: Quote FF4301D1 FE0B00F9 F85F02A9 F65703A9 F44F04A9 58D03BD5 F30308AA 081740F9 00000000 F50300AA E80700F9 43FEFF97 9F060071 F603002A AB000054 Assuming that you want to replace 00000000 group, you can use this code HotKeySet('{ESC}', 'Quit') HotKeySet('{F1}', 'StandbyTrue') Global $sBefore = 'FF4301D1 FE0B00F9 F85F02A9 F65703A9 F44F04A9 58D03BD5 F30308AA 081740F9' Global $sAfter = 'F50300AA E80700F9 43FEFF97 9F060071 F603002A AB000054' Global $hFile, $Standby = False While 1 While $Standby = True ; Open the file for binary read and load content $hFile = FileOpen(@ScriptDir & '\lib.so', 0) $dRead = FileRead($hFile) FileClose($hFile) ; Do your processing stuff $dNew = StringRegExpReplace($dRead, $sBefore & ' [[:xdigit:]]{8} ' & $sAfter, $sBefore & ' 11223344 ' & $sAfter) ; Open the file for binary write and save content $hFile = FileOpen(@ScriptDir & '\newlib.so', 2) FileWrite($hFile, $dNew) FileClose($hFile) $Standby = False WEnd Sleep(10) WEnd Func Quit() Exit EndFunc Func StandbyTrue() $Standby = True EndFunc and newlib.so will look like that Quote FF4301D1 FE0B00F9 F85F02A9 F65703A9 F44F04A9 58D03BD5 F30308AA 081740F9 11223344 F50300AA E80700F9 43FEFF97 9F060071 F603002A AB000054 If your data is binary and your lib.so looks like that Quote ÿCÑþ ùø_©öW©ôO©XÐ;Õóª@ùõ ªè ùCþÿ—Ÿ qö *« T or like this in binary format Quote 0xFF4301D1FE0B00F9F85F02A9F65703A9F44F04A958D03BD5F30308AA081740F912121212F50300AAE80700F943FEFF979F060071F603002AAB000054 Assuming that you want to replace the 12121212 group, you can use this code HotKeySet('{ESC}', 'Quit') HotKeySet('{F1}', 'StandbyTrue') Global $sBefore = 'FF4301D1FE0B00F9F85F02A9F65703A9F44F04A958D03BD5F30308AA081740F9' Global $sAfter = 'F50300AAE80700F943FEFF979F060071F603002AAB000054' Global $hFile, $Standby = False While 1 While $Standby = True ; Open the file for binary read and load content $hFile = FileOpen(@ScriptDir & '\lib.so', 16) $dRead = FileRead($hFile) FileClose($hFile) ; Do your processing stuff $dNew = StringRegExpReplace($dRead, '0x' & $sBefore & '[[:xdigit:]]{8}' & $sAfter, '0x' & $sBefore & '11223344' & $sAfter) ; Open the file for binary write and save content $hFile = FileOpen(@ScriptDir & '\newlib.so', 18) FileWrite($hFile, $dNew) FileClose($hFile) $Standby = False WEnd Sleep(10) WEnd Func Quit() Exit EndFunc Func StandbyTrue() $Standby = True EndFunc and newlib.so will look like that Quote ÿCÑþ ùø_©öW©ôO©XÐ;Õóª@ù"3Dõ ªè ùCþÿ—Ÿ qö *« T or like this in binary format Quote 0xFF4301D1FE0B00F9F85F02A9F65703A9F44F04A958D03BD5F30308AA081740F911223344F50300AAE80700F943FEFF979F060071F603002AAB000054 Now you have an example of both cases so you should be able to figure it out. Just don't mix binary with plain text. Edited August 18, 2023 by Andreik HezzelQuartz 1 When the words fail... music speaks. Link to comment Share on other sites More sharing options...
mikell Posted August 18, 2023 Share Posted August 18, 2023 (edited) On 8/15/2023 at 10:29 AM, HezzelQuartz said: the file result will be bigger (twice) than before Did you visually control the content of the target "newlib.so" file ? Edit BTW you should provide a sample "lib.so" file - to make answers easier Edited August 18, 2023 by mikell Link to comment Share on other sites More sharing options...
HezzelQuartz Posted August 23, 2023 Author Share Posted August 23, 2023 (edited) @Andreik, @mikell, and everyone I try modify the code like this below but why $sAfter disappear at the result after I run the code. Could you explain which part I do it wrong? HotKeySet("{F1}", "Standby") Global $sBefore = 'FE0B00F9F85F02A9F65703A9F44F04A958D03BD5F30308AA081740F9' Global $sAfter = 'F50300AAE80700F943FEFF979F060071F603002AAB000054' Global $hFile, $Standby = False Func Standby() If $Standby = False Then $Standby = True Else $Standby = False EndIf EndFunc While 1 While $Standby = True ; Open the file for binary read and load content $hFile = FileOpen(@ScriptDir & '\libexample.so', 16) $dRead = FileRead($hFile) FileClose($hFile) ; ; Do your processing stuff $dNew = StringRegExpReplace($dRead, $sBefore & '\K(.*)?', '11223344') ; ; Open the file for binary write and save content $hFile = FileOpen(@ScriptDir & '\libexamplenew.so', 18) FileWrite($hFile, $dNew) FileClose($hFile) ; $Standby = False WEnd WEnd Could I remove $sAfter at StringRegExpReplace? What if the $sBefore and $sAfter Extremely Long? Thank you I Attach the file sample I use from Sir @Andreik at the script above libexample.so The code before the script run: FF 43 01 D1 FE 0B 00 F9 F8 5F 02 A9 F6 57 03 A9 F4 4F 04 A9 58 D0 3B D5 F3 03 08 AA 08 17 40 F9 12 12 12 12 F5 03 00 AA E8 07 00 F9 43 FE FF 97 9F 06 00 71 F6 03 00 2A AB 00 00 54 The code after the script run: FF 43 01 D1 FE 0B 00 F9 F8 5F 02 A9 F6 57 03 A9 F4 4F 04 A9 58 D0 3B D5 F3 03 08 AA 08 17 40 F9 11 22 33 44 There is sequence disappear: F5 03 00 AA E8 07 00 F9 43 FE FF 97 9F 06 00 71 F6 03 00 2A AB 00 00 54 ============================================================================================================================= @mikell Actually I want to upload the lib.so above, but it seems the file is too big too be uploaded Edited August 23, 2023 by HezzelQuartz Link to comment Share on other sites More sharing options...
mikell Posted August 23, 2023 Share Posted August 23, 2023 37 minutes ago, HezzelQuartz said: why $sAfter disappear at the result after I run the code You might try this $dNew = StringRegExpReplace($dRead, $sBefore & '\K([[:xdigit:]]{8})', '11223344') Link to comment Share on other sites More sharing options...
HezzelQuartz Posted August 23, 2023 Author Share Posted August 23, 2023 @mikell The code works Perfect, Thank you With these code below, I can search and replace using $sBefore $dNew = StringRegExpReplace($dRead, $sBefore & '\K([[:xdigit:]]{8})', '11223344') Is there alternative way, I can search without $sBefore, but using only $sAfter? I want to "ilustrate" it with code below (only for ilustration) $dNew = StringRegExpReplace($dRead, '([[:xdigit:]]{8})' & $sAfter, '11223344') If \K means "forget what was matched before" so you won't replace these parts Is there any symbol means "forget what was matched after" so you won't replace these parts? Link to comment Share on other sites More sharing options...
mikell Posted August 23, 2023 Share Posted August 23, 2023 Maybe with a lookahead (whitch is non-capturing) $dNew = StringRegExpReplace($dRead, '([[:xdigit:]]{8})(?=' & $sAfter & ')', '11223344') Link to comment Share on other sites More sharing options...
HezzelQuartz Posted August 23, 2023 Author Share Posted August 23, 2023 @mikell Works Perfect again Thank you Could you please explain What is the function of ( and ) before and after $sAfter? Does ?= means lookahead? I think I do not see it in help file, maybe I should be more careful Why [[:xdigit:]] ? not [:xdigit:]? Link to comment Share on other sites More sharing options...
mikell Posted August 23, 2023 Share Posted August 23, 2023 2 hours ago, HezzelQuartz said: Does ?= means lookahead? The whole expression is (?=...). So a(?=bc) means "a followed by bc" In the helpfile look for "Assertions" 2 hours ago, HezzelQuartz said: Why [[:xdigit:]] ? not [:xdigit:]? It's to avoid confusion between "character class" and "Posix class", which are named sets specifications to be used themselves within a character class. Look for these classes in the helpfile Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now