I want to write the hexadecimal values to a binary file in order they look the same when I open in hex editor.
My current code is this:
Sub Write2Binary()
Dim i As Integer
Dim nFileNum As Integer
Dim sFilename As String
sFilename = "D:\OutputPath\Test.bin"
strBytes = "F3 A1 02 00 04 00 8D 24 44 C3 8C 03 83 49 26 92 B5"
arrBytes = Split(strBytes)
nFileNum = FreeFile
Open sFilename For Binary Lock Read Write As #nFileNum
For i = LBound(arrBytes) To UBound(arrBytes)
Put #nFileNum, , arrBytes(i)
Next i
Close #nFileNum
End Sub
This code produces the following binary file that when I open it in a Hex editor looks like this:
08 00 02 00 46 33 08 00 02 00 41 31 08 00 02 00
30 32 08 00 02 00 30 30 08 00 02 00 30 34 08 00
02 00 30 30 08 00 02 00 38 44 08 00 02 00 32 34
08 00 02 00 34 34 08 00 02 00 43 33 08 00 02 00
38 43 08 00 02 00 30 33 08 00 02 00 38 33 08 00
02 00 34 39 08 00 02 00 32 36 08 00 02 00 39 32
08 00 02 00 42 35
That is different to the content I want to have in binary file. When I open the file in Hex editor I like to see the following content:
F3 A1 02 00 04 00 8D 24 44 C3 8C 03 83 49 26 92 B5
How can I do this?
Your data represents Hex values of bytes to be wriiten to a binary file. Split produces an array of strings, each element being a string represention of a hex value. As Comintern told you, you need to convert them to numbers.
Put uses the type of the Varname parameter to determine the length (number of bytes) to write, so in this case you need to convert to Byte, so use CByte to convert. CByte also needs to know the values are Hex, so prepend with &H
All up, your code becomes
Sub Write2Binary()
Dim i As Long
Dim nFileNum As Integer
Dim sFilename As String
Dim strBytes As String
Dim arrBytes As Variant
sFilename = "D:\OutputPath\Test.bin"
strBytes = "F3 A1 02 00 04 00 8D 24 44 C3 8C 03 83 49 26 92 B5"
arrBytes = Split(strBytes)
nFileNum = FreeFile
Open sFilename For Binary Lock Read Write As #nFileNum
For i = LBound(arrBytes) To UBound(arrBytes)
Put #nFileNum, , CByte("&H" & arrBytes(i))
Next i
Close #nFileNum
End Sub
Related
I want to modify icmp.unused value in scapy. But no matter what value I set for it, the value of icmp.unused is still 0. I know which byte in my packet is responsible for its value. So I want to modify the byte directly. hexstr and hexdump don't work. The end of the packet is messed up. How to do this?
hex_packet = scapy.hexstr(packet)
print(type(hex_packet))
list_packet = list(hex_packet)
list_packet[38] = '\x05'
list_packet[39] = '\x14'
hex_packet = ''.join(list_packet)
packet_hex = scapy.Ether(scapy.import_hexcap())
08 00 27 78 FE 4B 52 54 00 12 35 00 080 45 00 00 38 00 01 00 00 40 01 31 6D C0 A8 64 01 C0 A8 64 05 03 04 41 5E 00 00 05 14 45 00 00 1C 00 01 00 00 40 11 31 74 C0 A8 64 05 C0 A8 64 06 FC F1 00 35 00 08 B9 5A ..'x.KRT..5...E..8....#.1m..d...d...A^....E.......#.1t..d...d....5...Z
I have a .txt that i want to import into excel to plot the values converted from hex. The textfile is much larger (up to 40000 lines) so doing it manually is not an option.
here is an example of the .txt file:
Line DCE(hex)
1
2
3
4 41 14 00 00 9a 7e 00 00
5 00 00 00 00 00 00 00 00
6 00 01 6d 45
7
8
9
10 41 14 00 00 9a 99 00 00
11 00 00 00 00 00 00 00 00
12 00 01 88 45
13
14
15
16 41 14 00 00 9a b0 00 00
17 00 00 00 00 00 00 00 00
18 00 01 9f 45
19
20
21
22 41 14 00 00 9a c7 00 00
23 00 00 00 00 00 00 00 00
24 00 01 b6 45
25
26
27
28 41 14 00 00 9a df 00 00
29 00 00 00 00 00 00 00 00
30 00 01 ce 45
from the DCE(hex) line i need only the part i have written in quotation marks here:
4 41 14 00 00 "9a 7e" 00 00
5 00 00 00 00 00 00 00 00
6 00 01 6d 45
7
8
9
10 41 14 00 00 "9a 99" 00 00
11 00 00 00 00 00 00 00 00
12 00 01 88 45
13
14
15
16 41 14 00 00 "9a b0" 00 00
17 00 00 00 00 00 00 00 00
18 00 01 9f 45
i want the values at the end like this so i can import it in to excel and plot a diagramm.
How can i do this the best way?
1 9a 7e
2 9a 99
3 9a b0
4 9a c7
Thank you very much!
Here is my function calling code:
(Instructions start at 0x00403000)
6A 28 (Stack Push 0x28)
EB 0A (Jump 10)
40 80 04 25 03 10 40 00 05 (Add 5 to address 0x00401003)
C3 (Near return)
FF 14 25 04 30 40 00 (Call 0x00403004)
This causes my program to blow up instead of calling MessageBoxA later in the code. Here is the functional code that works but without the function call:
(Instructions start at 0x00403000)
6A 28 (Stack Push 0x28)
EB 0A (Jump 10)
40 80 04 25 03 10 40 00 05 (Add 5 to address 0x00401003)
C3 (Near return)
40 80 04 25 03 10 40 00 05 (Add 5 to address 0x00401003)
Here's the code after these snippets:
48 B9 00 00 00 00 00 00 00 00 (Copy 0 to 64-register 1)
48 BA 00 10 40 00 00 00 00 00 (Copy 0x00401000 to 64-register 2)
49 B8 06 10 40 00 00 00 00 00 (Copy 0x00401006 to 64-register 3)
49 B9 00 00 00 00 00 00 00 00 (Copy 0 to 64-register 4)
FF 14 25 78 20 40 00 (Call MessageBoxA)
48 B9 00 00 00 00 00 00 00 00 (Copy 0 to 64-register 1)
FF 14 25 88 20 40 00 (Call End Process)
For example: How would one decode the following ethernet frame?
00 26 b9 e8 7e f1 00 12 f2 21 da 00 08 00 45 00 05 dc e3 cd 20 10 35 06 25 eb 0a 0a 0a 02 c0 a8 01 03 c3 9e 0f 40 00 00 10 00 00 00 14 00 70 10 00 5c 59 99 00 00 02 04 05 b4 01 03 03 06 00 00 01 98 64 34 e8 90 84 98 20 12 18 19 04 85 80 00
I know that the first 6 bytes are the MAC destination address : 00 26 b9 e8 7e f1 The next 6 bytes are the source MAC address : 00 12 f2 21 da 00 The next 2 bytes show the ethernet type : 08 00 The next 4 bytes are : 45 00... Ipv4... "5" the number of bytes in the header.. and "00" means there are no differentiated services.
What I don't know is what anything after that is or how to read it.
Anyone help?
Rearranging a bit your packet, we have:
00 26 b9 e8 7e f1 00 12 f2 21 da 00 08 00 45 00
05 dc e3 cd 20 10 35 06 25 eb 0a 0a 0a 02 c0 a8
01 03 c3 9e 0f 40 00 00 10 00 00 00 14 00 70 10
00 5c 59 99 00 00 02 04 05 b4 01 03 03 06 00 00
01 98 64 34 e8 90 84 98 20 12 18 19 04 85 80 00
If you know that the first 6 octets form the destination mac address, that means that it is an Ethernet layer 2 packet.
According to IEEE 802.3, $3.1.1:
First 6 octets are the destination mac address (00 26 b9 e8 7e f1)
Next 6 octets are the source mac address (00 12 f2 21 da 00)
Next 4 octets are, optionally the 802.1Q tag (present, 08 00 45 00)
Next 2 octets are either:
Maximum payload size - aka MTU (if <= 1500, which is the case, 05 dc is 1500)
Ethernet 2 frame (if >= 1536)
Next is the payload ranging from 46 octets (if the 802.1Q tag is absent) or 42 octets (if the 802.1Q tag is present) to up to 1500 octets (starts at e3 cd 20 10 ..., ends either at 20 12 18 19 or at 03 06 00 00, depends on the 7th item)
Last 4 octets form the CRC32 code (either 01 98 64 34 or 04 85 80 00, depending on the 7th item)
There is also 12 octets used for padding (random - not so random - bytes), that may or may not be inserted in this packet. (if inserted, the padding is e8 90 84 98 20 12 18 19 04 85 80 00)
I use node-canvas;
....
var content = canvas.toBuffer();
var length=content.length;
console.log(content);
result:
<SlowBuffer 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 ...>
And
var buf=new SlowBuffer(length);
buf.write(content.toString());
console.log(buf);
result:
<Buffer ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 28 00 28 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 ...>
They are not equal:( ,so when I store it into redis ,I can't get it back;
Depending on the format you want, you can use the following methods:
buf.toJSON() // Straight to JSON format
buf.toString('utf8') ; // UTF8 format
Read on for more alternatives: https://nodejs.org/api/buffer.html#buffer_buf_tostring_encoding_start_end
You can't just call Buffer.toString and assume that everything will be all right, since the default encoding is utf8. If you want to encode binary data, you need base64 encoding.