PowerShell怎么读取dll文件中的字符串？[已解决]

czjt1234

@%SystemRoot%\System32\ActionCenterCPL.dll,-1

比如这个，对应字符串是：操作中心

请问怎么用ps读取该字符串？

Five66

winapi
loadStringA或loadStringW
https://learn.microsoft.com/zh-c ... winuser-loadstringw

czjt1234

1. Add-Type @"
   
2. using System;
   
3. using System.Runtime.InteropServices;
   
4. using System.Text;
   
5. 
   
6. public class winAPI
   
7. {
   
8.     [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
   
9.     private static extern int LoadStringW(IntPtr hInstance, uint uID, StringBuilder lpBuffer, int cchBufferMax);
   
10. 
    
11.     [DllImport("kernel32.dll", SetLastError = true)]
    
12.     private static extern IntPtr LoadLibraryEx(string lpFileName, IntPtr hFile, uint dwFlags);
    
13. 
    
14.     [DllImport("kernel32.dll", SetLastError = true)]
    
15.     private static extern bool FreeLibrary(IntPtr hModule);
    
16. 
    
17.     private const uint LOAD_LIBRARY_AS_DATAFILE = 0x00000002;
    
18. 
    
19.     public static string LoadString(string dllPath, uint stringId)
    
20.     {
    
21.         IntPtr hModule = LoadLibraryEx(dllPath, IntPtr.Zero, LOAD_LIBRARY_AS_DATAFILE);
    
22.         if (hModule == IntPtr.Zero)
    
23.         {
    
24.             return "无法加载 DLL: " + dllPath;
    
25.         }
    
26. 
    
27.         try
    
28.         {
    
29.             StringBuilder buffer = new StringBuilder(1024);
    
30.             int charsCopied = LoadStringW(hModule, stringId, buffer, buffer.Capacity);
    
31.             
    
32.             if (charsCopied > 0)
    
33.             {
    
34.                 return buffer.ToString();
    
35.             }
    
36.             else
    
37.             {
    
38.                 return "未找到 ID 为 " + stringId.ToString() + " 的字符串。";
    
39.             }
    
40.         }
    
41.         finally
    
42.         {
    
43.             FreeLibrary(hModule);
    
44.         }
    
45.     }
    
46. }
    
47. "@
    
48. 
    
49. $dllPath = [System.Environment]::ExpandEnvironmentVariables("%SystemRoot%\System32\ActionCenterCPL.dll")
    
50. # Write-Host "DLL路径: $dllPath"
    
51. # Write-Host "是否存在: $(Test-Path $dllPath)"
    
52. $result = [winAPI]::LoadString($dllPath, 1)
    
53. Write-Host "$result"

复制代码

注册表中读取一般是这样 @%systemroot%\system32\ActionCenterCPL.dll,-1
这是手动指定文件和ID的ps

czjt1234

1. param(
   
2.     [Parameter(Mandatory=$true)]
   
3.     [string]$ResourceString
   
4. )
   
5. 
   
6. function Parse-ResourceString {
   
7.     param([string]$inputString)
   
8.    
   
9.     $cleanString = $inputString.TrimStart('@')
   
10.     $parts = $cleanString -split ','
    
11.     if ($parts.Count -ne 2) {
    
12.         throw "无效的资源字符串格式: $inputString。正确格式: 路径,-ID"
    
13.     }
    
14.     $dllPathRaw = $parts[0].Trim()
    
15.     $idRaw = $parts[1].Trim()
    
16.     if ($idRaw -match '^-?(\d+)$') {
    
17.         $stringId = [uint32]$matches[1]
    
18.     } else {
    
19.         throw "无效的 ID 格式: $idRaw"
    
20.     }
    
21.     $dllPath = [System.Environment]::ExpandEnvironmentVariables($dllPathRaw)
    
22. 
    
23.     return @{
    
24.         DllPath = $dllPath
    
25.         StringId = $stringId
    
26.     }
    
27. }
    
28. 
    
29. Add-Type @"
    
30. using System;
    
31. using System.Runtime.InteropServices;
    
32. using System.Text;
    
33. 
    
34. public class winAPI {
    
35.     [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Unicode)]
    
36.     private static extern int LoadStringW(IntPtr hInstance, uint uID, StringBuilder lpBuffer, int cchBufferMax);
    
37. 
    
38.     [DllImport("kernel32.dll", SetLastError = true)]
    
39.     private static extern IntPtr LoadLibraryEx(string lpFileName, IntPtr hFile, uint dwFlags);
    
40. 
    
41.     [DllImport("kernel32.dll", SetLastError = true)]
    
42.     private static extern bool FreeLibrary(IntPtr hModule);
    
43. 
    
44.     private const uint LOAD_LIBRARY_AS_DATAFILE = 0x00000002;
    
45. 
    
46.     public static string LoadString(string dllPath, uint stringId)
    
47.     {
    
48.         IntPtr hModule = LoadLibraryEx(dllPath, IntPtr.Zero, LOAD_LIBRARY_AS_DATAFILE);
    
49.         if (hModule == IntPtr.Zero)
    
50.         {
    
51.             return "无法加载 DLL: " + dllPath;
    
52.         }
    
53. 
    
54.         try
    
55.         {
    
56.             StringBuilder buffer = new StringBuilder(1024);
    
57.             int charsCopied = LoadStringW(hModule, stringId, buffer, buffer.Capacity);
    
58.             
    
59.             if (charsCopied > 0)
    
60.             {
    
61.                 return buffer.ToString();
    
62.             }
    
63.             else
    
64.             {
    
65.                 return "未找到 ID 为 " + stringId.ToString() + " 的字符串。";
    
66.             }
    
67.         }
    
68.         finally
    
69.         {
    
70.             FreeLibrary(hModule);
    
71.         }
    
72.     }
    
73. }
    
74. "@
    
75. 
    
76. try {
    
77.     # Write-Host "输入资源字符串: $ResourceString" -ForegroundColor Cyan
    
78.     $parsed = Parse-ResourceString -inputString $ResourceString
    
79.     # Write-Host "解析结果:" -ForegroundColor Green
    
80.     # Write-Host "  DLL路径: $($parsed.DllPath)"
    
81.     # Write-Host "  字符串ID: $($parsed.StringId)"
    
82.     # Write-Host ""
    
83.     if (-not (Test-Path $parsed.DllPath)) {
    
84.         Write-Host "错误: DLL 文件不存在 - $($parsed.DllPath)" -ForegroundColor Red
    
85.         exit 1
    
86.     }
    
87.     $result = [winAPI]::LoadString($parsed.DllPath, $parsed.StringId)
    
88.     # Write-Host "读取结果:" -ForegroundColor Green
    
89.     Write-Host $result
    
90. } catch {
    
91.     Write-Host "错误: $_" -ForegroundColor Red
    
92.     exit 1
    
93. }

复制代码

这是可供调用的ps，参数格式 @%systemroot%\system32\ActionCenterCPL.dll,-1

比如一个批处理调用的例子

1. @echo off
   
2. 
   
3. set "RESOURCE_STRING=@%%systemroot%%\system32\DeviceCenter.dll,-1000"
   
4. powershell -Exec Bypass -F ".\ReadDllString.ps1" -ResourceString "%RESOURCE_STRING%"
   
5. 
   
6. pause

复制代码