#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Change2CUI=y #AutoIt3Wrapper_Run_Tidy=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** AutoItSetOption("MustDeclareVars", 1) ;~ A demonstration to show how to perform search over binary files from command line. ;~ https://www.autoitscript.com/forum/topic/188564-use-regexp-on-binary-data ;~ Examples: ;~ HexFind "C:\Windows\System32\notepad.exe" "0x4D5A" ;~ HexFind "C:\Windows\System32\notepad.exe" "0x8984" #include #include If $CmdLine[0] <> 2 Then ConsoleWrite("Wrong command line arguments." & @CRLF & @CRLF & "Usage: HexFind <0xFFFF...>" & @CRLF) ; Exit EndIf Local Const $sFilePath = $CmdLine[1] Local Const $dSequence = Binary($CmdLine[2]) If Not FileExists($sFilePath) Then ConsoleWrite("File not found: " & $sFilePath & @CRLF) Exit EndIf ConsoleWrite("Filename: " & $sFilePath & @CRLF) ConsoleWrite("Hexadecimal sequence: " & String($dSequence) & @CRLF) ; Get the binary data Local $hFileOpen = FileOpen($sFilePath, $FO_READ + $FO_Binary) If $hFileOpen = -1 Then ConsoleWrite("An error occurred when reading the file." & @CRLF) Exit EndIf Local $BinaryData = FileRead($hFileOpen) FileClose($hFileOpen) ; Perform a linear search over the binary data. Local $iOffset = 1, _ $iMatches = 0 While 1 $iOffset = _HexFind($BinaryData, $dSequence, $iOffset) If @error Then ExitLoop $iMatches += 1 ConsoleWrite("Offset: 0x" & Hex($iOffset - 1) & " ") ; convert to zero-based file offset ConsoleWrite("Length: " & BinaryLen($dSequence) & " ") ConsoleWrite("Bytes: ") For $j = 1 To BinaryLen($dSequence) Local $iByte = BinaryMid($dSequence, $j, 1) ConsoleWrite("0x" & Hex($iByte, 2) & " ") Next ConsoleWrite(@CRLF) $iOffset += BinaryLen($dSequence) ; seek to end of match WEnd If $iMatches = 0 Then ConsoleWrite("No matches could be found." & @CRLF) EndIf ; #FUNCTION# ==================================================================================================================== ; Name ..........: _HexFind ; Description ...: Search for a byte sequence in a binary data and return the position. ; Syntax ........: _HexFind($dBinaryData, $dSequence[, $iStart = 1]) ; Parameters ....: $dBinaryData - The binary data to search. ; $dSequence - The byte sequence to search for. ; $iStart - [optional] The starting position of the search. Default is 1. ; Return values .: Success: The position of the byte sequence. ; Failure: 0 and sets the @error flag to non-zero. ; Remarks .......: The first binary position is 1. ; Related .......: ; Link ..........: ; Example .......: No ; =============================================================================================================================== Func _HexFind($dBinaryData, $dSequence, $iStart = 1) Local $iBinaryLength = BinaryLen($dBinaryData), _ $iSeqLength = BinaryLen($dSequence) If $iBinaryLength = 0 Or _ $iSeqLength = 0 Or _ $iStart < 1 Or _ $iStart > $iBinaryLength - $iSeqLength + 1 Then Return SetError(2, @extended, 0) EndIf For $iPosition = $iStart To ($iBinaryLength - $iSeqLength + 1) For $i = 1 To $iSeqLength Local $iTemp1 = BinaryMid($dBinaryData, $iPosition + $i - 1, 1) Local $iTemp2 = BinaryMid($dSequence, $i, 1) If $iTemp1 <> $iTemp2 Then ContinueLoop 2 EndIf Next Return SetError(0, @extended, $iPosition) Next Return SetError(1, @extended, 0) EndFunc ;==>_HexFind