sed命令行工具的使用
[System.BitConverter]::ToString([char[]]'U3dApi') -replace "-"," "
55 33 64 41 70 69
[System.BitConverter]::ToString([System.Text.Encoding]::Unicode.GetBytes("U3dApi")) -replace "-"," "
55 00 33 00 64 00 41 00 70 00 69 00
将二进制文件中的"U3dApi"替换为"golang"
[root@instance-c5406h9u ~]# s1="U3dApi";for ((i=0;$i<${#s1};i=$i+1)); do printf "\\\x%x" \'${s1:$i:1}; done;echo;s2="golang";for ((i=0;$i<${#s2};i=$i+1)); do printf "\\\x%x" \'${s2:$i:1}; done;echo;
\x55\x33\x64\x41\x70\x69
\x67\x6f\x6c\x61\x6e\x67
[root@instance-c5406h9u ~]# str1="\x55\x33\x64\x41\x70\x69";str2="\x67\x6f\x6c\x61\x6e\x67";echo ${str1//\\x/\\\\x}|xargs printf;echo;echo ${str2//\\x/\\\\x}|xargs printf;echo;
U3dApi
golang
[root@instance-c5406h9u ~]# sed -b -i 's/'"$str1"'/'"$str2"'/g' Findgolanginmdb.exe
[root@instance-c5406h9u ~]# s1="U3dApi";for ((i=0;$i<${#s1};i=$i+1)); do printf "\\\x%x" \'${s1:$i:1}; done;echo
\x55\x33\x64\x41\x70\x69
[root@instance-c5406h9u ~]# str="\x55\x33\x64\x41\x70\x69";echo ${str//\\x/\\\\x}|xargs printf;echo
U3dApi
root@yiyouserver:~# printf "%x\n" \'U;printf "%x\n" \'3;printf "%x\n" \'d;printf "%x\n" \'A;printf "%x\n" \'p;printf "%x\n" \'i
55
33
64
41
70
69
sed -b -i 's/\x55\x33\x64\x41\x70\x69/\x67\x6f\x6c\x61\x6e\x67/g' Findgolanginmdb.exe
将二进制文件中的"winapi"替换为"golang"
root@yiyouserver:~# printf "%x\n" \'w;printf "%x\n" \'i;printf "%x\n" \'n;printf "%x\n" \'a;printf "%x\n" \'p;printf "%x\n" \'i
77
69
6e
61
70
69
sed -b -i 's/\x77\x69\x6e\x61\x70\x69/\x67\x6f\x6c\x61\x6e\x67/g' Findgolanginmdb.exe
将二进制文件中的"cppMFC"替换为"golang"
sed -b -i 's/\x63\x70\x70\x4d\x46\x43/\x67\x6f\x6c\x61\x6e\x67/g' FindcppMFCinmdb.exe
root@yiyouserver:/home/hxh# printf "%x\n" \'c
63
root@yiyouserver:/home/hxh# printf "%x\n" \'p
70
root@yiyouserver:/home/hxh# printf "%x\n" \'p
70
root@yiyouserver:/home/hxh# printf "%x\n" \'M
4d
root@yiyouserver:/home/hxh# printf "%x\n" \'F
46
root@yiyouserver:/home/hxh# printf "%x\n" \'C
43
root@yiyouserver:/home/hxh# printf "%x\n" \'g
67
root@yiyouserver:/home/hxh# printf "%x\n" \'o
6f
root@yiyouserver:/home/hxh# printf "%x\n" \'l
6c
root@yiyouserver:/home/hxh# printf "%x\n" \'a
61
root@yiyouserver:/home/hxh# printf "%x\n" \'n
6e
root@yiyouserver:/home/hxh# printf "%x\n" \'g
67
[root@centosvm1 home]# sed -b -i 's/\x55\x33\x64\x41\x70\x69/\x67\x6f\x6c\x61\x6e\x67/g' Findgolanginmdb.exe
[root@centosvm1 home]# sed -b -i 's/\x55\x33\x64\x41\x70\x69/\x44\x42\x32\x30\x31\x39/g' FindDB2019inmdb.exe
[root@centosvm1 home]# sed -b -i 's/\x55\x33\x64\x41\x70\x69/\x4d\x48\x54\x45\x52\x50/g' FindMHTERPinmdb.exe
[root@centosvm1 home]# sed -b -i 's/\x55\x33\x64\x41\x70\x69/\x4c\x69\x6e\x41\x70\x69/g' FindLinApiinmdb.exe
浙公网安备 33010602011771号