hex查找和替换
如何在二进制文件中更改二进制文件hex字符?
#include #include #include #define BUFFER_SIZE 4096 int main(void) { uint8_t *buffer; // Explicit 8 bit unsigned, but should equal "unsigned char" FILE *file; char filename[512] = "test.bin"; // We could also have used buffer[BUFFER_SIZE], but this shows memory alloc if (NULL == (buffer = malloc(BUFFER_SIZE))) { fprintf(stderr, "out of memory\n"); return -1; } // Being inside a { }, crlf won't be visible outside, which is good. char *crlf; if (NULL != (crlf = strchr(filename, '\n'))) *crlf = 0x0; if (NULL == (file = fopen(filename, "rb"))) { fprintf(stderr, "File not found: '%s'\n", filename); return -1; } while(!feof(file) && !ferror(file)) { size_t i, n; if (0 == (n = (size_t)fread(buffer, sizeof(uint8_t), BUFFER_SIZE, file))) if (ferror(file)) fprintf(stderr, "Error reading from %s\n", filename); // Here, n = 0, so we don't need to break: next i-cycle won't run for (i = 0; i < n; i++) { printf("%02X ", buffer[i]); if (15 == (i % 16)) printf("\n"); // Every 16th byte, a newline } } fclose(file); // file = NULL; // This ensures file won't be useable after fclose free(buffer); // buffer = NULL; // This ensures buffer won't be useable after free printf("\n"); return 0; } 读取hex=“00 EB 00 00 50 E3 02”替换hex =“00 EB 01 00 37 E3 02”
首先,一些命名法, 即挑剔:你不想改变文件中的hex字符,而是改变字节缓冲区中的字节,然后以hex格式打印出来。
如果你的数据是chars ,你可以使用string.h strstr找到你的针,然后用memcpy用相同长度的字符串覆盖那里的数据。 您需要一个类似的函数来查找字节数组中可能包含零的任何数据。 GNU有memmem ,但它是非标准的,所以让我们写一个:
/* * Find needle of length len in byte haystack [p, end). */ uint8_t *buf_find(uint8_t *p, uint8_t *end, uint8_t *needle, int len) { end = end - len + 1; while (p < end) { if (memcmp(p, needle, len) == 0) return p; p++; } return NULL; }
你可以
uint8_t what[] = {0x00, 0xEB, 0x00, 0x00, 0x50, 0xE3, 0x02}; uint8_t repl[] = {0x00, 0xEB, 0x01, 0x00, 0x37, 0xE3, 0x02}; char *p = buffer; char *end = buffer + n; for (;;) { uint8_t *q = buf_find(p, end, what, sizeof(what)); if (q == NULL) break; memcpy(q, repl, sizeof(repl)); p = q + sizeof(text); }
当然,这不会捕获位于您读入的4096字节块边界的针。 您可以通过在单个块中读取整个文件或通过一些巧妙的块管理来捕获这些,这些管理允许您扫描前一个块的最后七个字节。