[ale] Binary Grep
Byron A Jeff
byron at cc.gatech.edu
Tue Nov 16 19:31:55 EST 2004
On Tue, Nov 16, 2004 at 05:53:32PM -0500, Greg Freemyer wrote:
> Does anyone know of a grep like tool that works for binary files?
>
> In particular, I have a binary file I want to find all occurrances of
> 16 hex FF chars in a row.
>
> ie. 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
>
> It would be great if it also provided some surrounding detail, but at
> a minimum I need the offset in the file.
Well the offset is the problem.
What I would do first is convert the file into ASCII by using 'od -x' on it.
What would be even better is if each of the values had to occur within some
boundary like a 32 or 64 byte block.
You have ASCII now. Use orinary grep or editor to search it.
The reason that the offsets are the problem is that the offsets break up
the actual binary values in the file. So they will kill your search.
I just tried something interesting in this command:
od -x binaryfile | cut -d' ' -f2- | tr -d '\n ' > hugefile
You get a file filled with hex digits like this:
d8ffe0ff1000464a464901000001010001000000dbff43000800060606070805070
It's all in a single line, so you could bring it into vim, search for the
target and use the offset from the beginning of the file to indicate the
offset in the original.
Just some quick thoughts.
BAJ
More information about the Ale
mailing list