#!/usr/bin/env python3
import os
import re

def search_hex_pattern():
    # 目标文件路径
    target_file = "Payload/Yuanshen.app/Yuanshen"
    
    # 要搜索的十六进制模式（去除空格和换行）
    hex_pattern = ""
    
    # 清理十六进制字符串（去除所有空格）
    hex_pattern_clean = re.sub(r'\s+', '', hex_pattern)
    
    print(f"搜索文件: {target_file}")
    print(f"十六进制模式长度: {len(hex_pattern_clean)} 字符")
    print(f"模式: {hex_pattern_clean[:100]}...")
    print("-" * 80)
    
    if not os.path.exists(target_file):
        print(f"错误: 文件 {target_file} 不存在")
        return
    
    try:
        with open(target_file, 'rb') as f:
            content = f.read()
        
        # 将二进制内容转换为十六进制字符串
        hex_content = content.hex().upper()
        
        print(f"文件大小: {len(content)} 字节")
        print(f"十六进制内容长度: {len(hex_content)} 字符")
        
        # 搜索模式
        occurrences = []
        start = 0
        while True:
            pos = hex_content.find(hex_pattern_clean, start)
            if pos == -1:
                break
            occurrences.append(pos // 2)  # 转换为字节偏移
            start = pos + 1
        
        print(f"\n找到 {len(occurrences)} 个匹配:")
        for i, offset in enumerate(occurrences):
            print(f"  匹配 {i+1}: 偏移 0x{offset:08X} ({offset} 字节)")
            
            # 显示匹配位置前后的内容
            start_show = max(0, offset - 32)
            end_show = min(len(content), offset + len(hex_pattern_clean)//2 + 32)
            
            print(f"    前32字节: {content[start_show:offset].hex().upper()}")
            print(f"    匹配内容: {content[offset:offset+len(hex_pattern_clean)//2].hex().upper()}")
            print(f"    后32字节: {content[offset+len(hex_pattern_clean)//2:end_show].hex().upper()}")
            print()
        
        if len(occurrences) == 0:
            print("未找到匹配的十六进制模式")
            
    except Exception as e:
        print(f"读取文件时出错: {e}")

if __name__ == "__main__":
    search_hex_pattern()