Vista Forums - View Single Post

04-08-2008

Kiron,

Thanks for the explanation. I'am running version 1.0.
I didn't notice the meaning off v1 and v2. I thought that is was just an
other approach.

I need to convert the returning 'prevoius bytes' from "Big Endian" to
'Little Endian'' . The binary file is in "Big Endian".
The code " [bitConverter]::toString($byteArray) -replace '-' " indeed
doesn't convert to "Little Endian".
So i need some advice to fix this.

Robertico

"Kiron" <Kiron@xxxxxx> wrote in message
news:C356B032-5EF9-4337-B341-4BECD0AB2C21@xxxxxx
Sorry Robertico, the hex formatting of the bytes was my fault but you can
easily fix it by replacing the lowercase 'x' to an uppercase 'X', or by
adding the 'IgnoreCase' option --or its numerical value 1-- to the
[RegeEx]::Matches method, this is safer.
My system is LittleEndian, I get the same output after adding the extra code
and removing the separating hyphens as without the extra code. Also the
second code works on PowerShell version 2.0 CTP, if you're running version
1.0 it won't work, I added it just in case you had version 2.0 CTP.

Anyway try it and let us know if the output is what you're looking for.

# change te case of 'x' in this line:
$bytes = [string]::join('', (gc $file -en byte | % {'{0:x2}' -f $_}))
# to...
$bytes = [string]::join('', (gc $file -en byte | % {'{0:X2}' -f $_}))

# add the 'IgnoreCase' option in this line:
[regex]::matches($bytes, $pattern, 'ignoreCase') |
# or its numerical value...
[regex]::matches($bytes, $pattern, 1) |

-< Here are the fixed code for the two versions of PowerShell: >-
# v1
$file = <file's path>
$pattern = '131B1B087C156108AE151B'
$prevBytes = 8
$bytes = [string]::join('', (gc $file -en byte | % {'{0:X2}' -f $_}))
[regex]::matches($bytes, $pattern, 1) |
% {
$i = $_.index - $prevBytes * 2
[string]::join('', $bytes[$i..($i + $prevBytes * 2 - 1)]) |
% {
$hexBytes = $_
$byteArray = 0..($hexBytes.length - 1) | ? {!($_ -band 1)} |
% {
$i = $_
# [char][int]
"0x$($hexBytes.subString($i,2))"
}
[bitConverter]::toString($byteArray) -replace '-'
}
}

# v2 CTP
$file = <file's path>
$pattern = '131B1B087C156108AE151B'
$prevBytes = 8
$bytes = (gc $file -en byte | % {'{0:X2}' -f $_}) -join ''
select-string $pattern -inp $bytes -all |
% {
$_.matches |
% {
$i = $_.index - $prevBytes * 2
$bytes[$i..($i + $prevBytes * 2 - 1)] -join '' |
% {
$hexBytes = $_
$byteArray = 0..($hexBytes.length - 1) | ? {!($_ -band 1)} |
% {
$i = $_
[char][int]"0x$($hexBytes.subString($i,2))"
}
[bitConverter]::toString($byteArray) -replace '-'
}
}
}

--
Kiron

04-08-2008	#9 (permalink)
Robertico n/a posts	Re: Read and search through a binary file Kiron, Thanks for the explanation. I'am running version 1.0. I didn't notice the meaning off v1 and v2. I thought that is was just an other approach. I need to convert the returning 'prevoius bytes' from "Big Endian" to 'Little Endian'' . The binary file is in "Big Endian". The code " [bitConverter]::toString($byteArray) -replace '-' " indeed doesn't convert to "Little Endian". So i need some advice to fix this. Robertico "Kiron" <Kiron@xxxxxx> wrote in message news:C356B032-5EF9-4337-B341-4BECD0AB2C21@xxxxxx Sorry Robertico, the hex formatting of the bytes was my fault but you can easily fix it by replacing the lowercase 'x' to an uppercase 'X', or by adding the 'IgnoreCase' option --or its numerical value 1-- to the [RegeEx]::Matches method, this is safer. My system is LittleEndian, I get the same output after adding the extra code and removing the separating hyphens as without the extra code. Also the second code works on PowerShell version 2.0 CTP, if you're running version 1.0 it won't work, I added it just in case you had version 2.0 CTP. Anyway try it and let us know if the output is what you're looking for. # change te case of 'x' in this line: $bytes = [string]::join('', (gc $file -en byte \| % {'{0:x2}' -f $_})) # to... $bytes = [string]::join('', (gc $file -en byte \| % {'{0:X2}' -f $_})) # add the 'IgnoreCase' option in this line: [regex]::matches($bytes, $pattern, 'ignoreCase') \| # or its numerical value... [regex]::matches($bytes, $pattern, 1) \| -< Here are the fixed code for the two versions of PowerShell: >- # v1 $file = <file's path> $pattern = '131B1B087C156108AE151B' $prevBytes = 8 $bytes = [string]::join('', (gc $file -en byte \| % {'{0:X2}' -f $_})) [regex]::matches($bytes, $pattern, 1) \| % { $i = $_.index - $prevBytes * 2 [string]::join('', $bytes[$i..($i + $prevBytes * 2 - 1)]) \| % { $hexBytes = $_ $byteArray = 0..($hexBytes.length - 1) \| ? {!($_ -band 1)} \| % { $i = $_ # [char][int] "0x$($hexBytes.subString($i,2))" } [bitConverter]::toString($byteArray) -replace '-' } } # v2 CTP $file = <file's path> $pattern = '131B1B087C156108AE151B' $prevBytes = 8 $bytes = (gc $file -en byte \| % {'{0:X2}' -f $_}) -join '' select-string $pattern -inp $bytes -all \| % { $_.matches \| % { $i = $_.index - $prevBytes * 2 $bytes[$i..($i + $prevBytes * 2 - 1)] -join '' \| % { $hexBytes = $_ $byteArray = 0..($hexBytes.length - 1) \| ? {!($_ -band 1)} \| % { $i = $_ [char][int]"0x$($hexBytes.subString($i,2))" } [bitConverter]::toString($byteArray) -replace '-' } } } -- Kiron
My System Specs