脚本代码
#!/usr/bin/env python
import zlib
import sys
import re
import binascii
if(len(sys.argv) < 2 or sys.argv[1] == "-h"):
print("usage: python DecompNewDell.py <biosupdate.exe>")
exit()
f = open(sys.argv[1], "rb")
string = f.read()
pat = re.compile(r'.{4}\xAA\xEE\xAA\x76\x1B\xEC\xBB\x20\xF1\xE6\x51.{1}\x78\x9C')
match = pat.search(string)
(start_match, end_match) = match.span()
compessed_len = string[start_match:start_match+4]
compessed_len = binascii.b2a_hex(compessed_len[::-1])
compessed_len = long(compessed_len, 16)
f.seek(start_match+16)
string = f.read(compessed_len)
o = zlib.decompress(string)
f2 = open(sys.argv[1] + "_decompressed.hdr", "wb")
f2.write(o)
f.close()
f2.close()
print("Decompressed data written to %s_decompressed.hdr" % sys.argv[1])
我从命令行执行(文件位于脚本旁边,即在桌面上.exe),结果它在行上发出警报match = pat.search(string)

如果您使用二进制数据,则必须以字节为单位指定模式