如何转储二进制文件的一部分 [英] How to dump part of binary file
问题描述
我有二进制文件和要提取它的一部分,知道从字节串(即FF FF D8 D0)开始,与已知的字节串(AF FF D9)结束
在过去,我已经使用 DD 来削减从开始/结束的二进制文件的一部分,但该命令似乎并不支持我问。
在终端有什么工具可以做到这一点?
在一个单管:
XXD -C1 -p文件|
AWK -v B =ffd8ffd0-v E =aaffd9'
发现== 1 {
打印$ 0个
海峡= STR $ 0个
如果(STR == E){发现= 0;出口}
如果(长度(STR)==长度(E))海峡= SUBSTR(STR,3)}
发现== 0 {
海峡= STR $ 0个
如果(STR == B){发现= 1;打印海峡;海峡=}
如果(长度(STR)==长度(b))的海峡= SUBSTR(STR,3)}
END {退出发现}'|
XXD -r -p> NEW_FILE
测试$ {PIPESTATUS [1]} -eq 0 || RM NEW_FILE
我们的想法是与两个 XXD 来选择所需要的文件的一部分,使用 AWK 。一旦第一个模式中被发现, AWK ,直到第二个模式是发现和打印字节退出。
,其中第一图案被发现,但第2不必须考虑的情况下。它在到底做了些什么的 AWK 脚本,该脚本返回一个非零退出状态的一部分。这是由庆典的 $ {PIPESTATUS [1]} ,我决定删除新的文件。<抓/ p>
需要注意的是EN空文件还意味着什么也没有找到。
I have binary and want to extract part of it, starting from know byte string (i.e. FF D8 FF D0) and ending with known byte string (AF FF D9)
In the past I've used dd to cut part of binary file from beginning/ending but this command doesn't seem to support what I ask.
What tool on terminal can do this?
In a single pipe:
xxd -c1 -p file |
awk -v b="ffd8ffd0" -v e="aaffd9" '
found == 1 {
print $0
str = str $0
if (str == e) {found = 0; exit}
if (length(str) == length(e)) str = substr(str, 3)}
found == 0 {
str = str $0
if (str == b) {found = 1; print str; str = ""}
if (length(str) == length(b)) str = substr(str, 3)}
END{ exit found }' |
xxd -r -p > new_file
test ${PIPESTATUS[1]} -eq 0 || rm new_file
The idea is to use awk between two xxd to select the part of the file that is needed. Once the 1st pattern is found, awk prints the bytes until the 2nd pattern is found and exit.
The case where the 1st pattern is found but the 2nd is not must be taken into account. It is done in the END part of the awk script, which return a non-zero exit status. This is catch by bash's ${PIPESTATUS[1]} where I decided to delete the new file.
Note that en empty file also mean that nothing has been found.
这篇关于如何转储二进制文件的一部分的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
