Kiron

Sorry Robertico, the hex formatting of the bytes was my fault but you can easily fix it by replacing the lowercase 'x' to an uppercase 'X', or by adding the 'IgnoreCase' option --or its numerical value 1-- to the [RegeEx]::Matches method, this is safer.
My system is LittleEndian, I get the same output after adding the extra code and removing the separating hyphens as without the extra code. Also the second code works on PowerShell version 2.0 CTP, if you're running version 1.0 it won't work, I added it just in case you had version 2.0 CTP.

Anyway try it and let us know if the output is what you're looking for.

# change te case of 'x' in this line:
$bytes = [string]::join('', (gc $file -en byte | % {'{0:x2}' -f $_}))
# to...
$bytes = [string]::join('', (gc $file -en byte | % {'{0:X2}' -f $_}))

# add the 'IgnoreCase' option in this line:
[regex]::matches($bytes, $pattern, 'ignoreCase') |
# or its numerical value...
[regex]::matches($bytes, $pattern, 1) |

-< Here are the fixed code for the two versions of PowerShell: >-
# v1
$file = <file's path>
$pattern = '131B1B087C156108AE151B'
$prevBytes = 8
$bytes = [string]::join('', (gc $file -en byte | % {'{0:X2}' -f $_}))
[regex]::matches($bytes, $pattern, 1) |
% {
$i = $_.index - $prevBytes * 2
[string]::join('', $bytes[$i..($i + $prevBytes * 2 - 1)]) |
% {
$hexBytes = $_
$byteArray = 0..($hexBytes.length - 1) | ? {!($_ -band 1)} |
% {
$i = $_
# [char][int]
"0x$($hexBytes.subString($i,2))"
}
[bitConverter]::toString($byteArray) -replace '-'
}
}

# v2 CTP
$file = <file's path>
$pattern = '131B1B087C156108AE151B'
$prevBytes = 8
$bytes = (gc $file -en byte | % {'{0:X2}' -f $_}) -join ''
select-string $pattern -inp $bytes -all |
% {
$_.matches |
% {
$i = $_.index - $prevBytes * 2
$bytes[$i..($i + $prevBytes * 2 - 1)] -join '' |
% {
$hexBytes = $_
$byteArray = 0..($hexBytes.length - 1) | ? {!($_ -band 1)} |
% {
$i = $_
[char][int]"0x$($hexBytes.subString($i,2))"
}
[bitConverter]::toString($byteArray) -replace '-'
}
}
}

--
Kiron