In another ariticle Grep using examples, I described how to search text/pattern in a text file. What about binary file?

On linux, there is a command strings which can search strings in binary file.

For each file given, GNU strings prints the printable character sequences that are at least 4 characters long (or the number given with the options below) and are followed by an unprintable character.

Here are some examples:

1. Search stings in a binary file

$strings /usr/bin/md5sum
...
help
version
Try `%s --help' for more information.
Usage: %s [OPTION]... [FILE]...
Print or check %s (%d-bit) checksums.
With no FILE, or when FILE is -, read standard input.
  -b, --binary            read in binary mode
  -c, --check             read %s sums from the FILEs and check them
  -t, --text              read in text mode (default)
  Note: There is no difference between binary and text mode option on GNU system
...

2. Search for at least specified characters long strings

Default is 4, so search >10 characters long strings

$strings -n10 /usr/bin/md5sum | more
/lib64/ld-linux-x86-64.so.2
[]A\A]A^A_
[]A\A]A^A_
[]A\A]A^A_
Report %s bugs to %s
This email address is being protected from spambots. You need JavaScript enabled to view it.
...

3. Search the entire binary file

       -   Do not scan only the initialized and loaded sections of object
           files; scan the whole files.

Here you can see the different

#strings /usr/bin/zip |wc
   2114    7260   45681
#strings -a /usr/bin/zip |wc
   2145    7291   45987

4. Print file name before each string

$strings -a -n20 -f /usr/bin/zip | more
/usr/bin/zip: /lib64/ld-linux-x86-64.so.2
/usr/bin/zip: Zip environment options:set
/usr/bin/zip: bad flag to add_filter
/usr/bin/zip: null pattern to add_filter
/usr/bin/zip: missing file after @
/usr/bin/zip: %c pattern file '%s'
...

5. Print strings offset in the file

$strings -n20 -f -t d /usr/bin/zip | more
/usr/bin/zip:     568 /lib64/ld-linux-x86-64.so.2
/usr/bin/zip:  148372 Zip environment options:
/usr/bin/zip:  148544 bad flag to add_filter
/usr/bin/zip:  148567 null pattern to add_filter
/usr/bin/zip:  148594 missing file after @
/usr/bin/zip:  148615 %c pattern file '%s'
/usr/bin/zip:  148662 was creating pattern list

The single character argument specifies the radix of the offset

    o for octal
    x for hexadecimal
    d for decimal

Note: option -o equivelant to -t o

6. last praticle example:

Search multiple files copyright info

$strings -f -n9 /usr/bin/* | grep Copyright | more
/usr/bin/[: Copyright %s %d Free Software Foundation, Inc.
/usr/bin/a2ping: (epstopdf 2.7 Copyright 1998-2001 by Sebastian Rahtz et al.)\n"
;
/usr/bin/a2ping:       #: Copyright (C) 2000 Aladdin Enterprises, Menlo Park, CA
.  All rights reserved.
/usr/bin/a2ping:         elsif (length($line)==0 or $line=~/^(?:Copyright |This
software )/) {}
/usr/bin/a2ps: Copyright (c) 1988-1993 Miguel Santana

 

Comments powered by CComment