[ale] Binary Grep
Greg Freemyer
greg.freemyer at gmail.com
Wed Nov 17 10:03:30 EST 2004
On Tue, 16 Nov 2004 19:30:35 -0500, Byron A Jeff <byron at cc.gatech.edu> wrote:
> On Tue, Nov 16, 2004 at 05:53:32PM -0500, Greg Freemyer wrote:
>
>
> > Does anyone know of a grep like tool that works for binary files?
> >
> > In particular, I have a binary file I want to find all occurrances of
> > 16 hex FF chars in a row.
> >
> > ie. 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
> > 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
> >
> > It would be great if it also provided some surrounding detail, but at
> > a minimum I need the offset in the file.
>
> Well the offset is the problem.
>
> What I would do first is convert the file into ASCII by using 'od -x' on it.
> What would be even better is if each of the values had to occur within some
> boundary like a 32 or 64 byte block.
>
> You have ASCII now. Use orinary grep or editor to search it.
>
> The reason that the offsets are the problem is that the offsets break up
> the actual binary values in the file. So they will kill your search.
> I just tried something interesting in this command:
>
> od -x binaryfile | cut -d' ' -f2- | tr -d '\n ' > hugefile
>
> You get a file filled with hex digits like this:
>
> d8ffe0ff1000464a464901000001010001000000dbff43000800060606070805070
>
> It's all in a single line, so you could bring it into vim, search for the
> target and use the offset from the beginning of the file to indicate the
> offset in the original.
>
> Just some quick thoughts.
>
> BAJ
>
Thanks,
I will give both your method and Fletch's perl code a spin.
I may need to do this repeatedly, so I suspect the perl will work better.
Greg
More information about the Ale
mailing list