使用grep在文件中搜索字符串十六进制 [英] Using grep to search for hex strings in a file
问题描述
我一直在试图整天得到这个工作。
有谁知道怎么弄的grep或类似的东西,找回十六进制字符串的偏移量在一个文件?
我有一堆,我需要检查字符串,然后再次运行,并检查值已更改hexdumps的。
我曾尝试hexdump都和DD,但问题是,因为它是一个流,我失去了我的文件偏移。
有人一定有过这样的问题和解决方法。我该怎么办?
要澄清一下,我有一个从GDB一系列转储的内存区域。
我想通过搜索出来的号码存储的所有地方,然后做一遍,如果新的值存储在相同的内存位置检查,以缩小数字。
我不能让grep的做任何事情,因为我找的十六进制值,因此所有我曾尝试倍(如bazillion,大致),它不会给我正确的输出。
十六进制转储只是完整的二进制文件,该paterns是浮点值内的拉尔让8?字节?
该模式不包装我所知道的线条。我知道的是什么改变为,我可以做同样的过程,比较列表查看匹配。
十六进制转储正常结束(共)100兆十岁上下。
Perl的可能是一个选项,但在这一点上,我会承担我的知识缺乏与bash和它的工具是主要的罪魁祸首。
它有点难以解释我越来越因为我真的没有得到任何输出的输出。
我期待(和预期)的线沿线的东西:
<偏移GT;:<搜索值>
这是pretty以及标准输出,我通常会用得到的grep -URbFo<搜索关键词> 。 > <输出>
问题是,当我尝试搜索十六进制值,我得到的,如果只是没有寻找的十六进制值的问题,所以如果我搜索00我应该得到像万的点击率,因为多数民众赞成总是blankspace,但而不是它的搜索00文本,所以在十六进制,3030。
任何想法的?
我可以强制它通过hexdump都或链接的东西,但由于其流不会给我的补偿和文件名,它发现一个对垒
使用的grep -b 选项似乎没有任何工作,我曾尝试一切,似乎我的情况是有用的,并没有什么工作的标志。
使用 XXD -u的/ usr / bin中/ XXD 作为一个例子,我得到一个输出将是有益的,但我不能使用搜索..
0004760:73CC 6446 161E 266A 3140 5E79 4D37 FDC6 s.dF ..&放大器; J1 @ ^ yM7 ..
0004770:BF04 0E34 A44E 5BE7 229F 9EEF 5F4F DFFA ...... 4.N [..._Ø..
0004780:FADE 0C01 0000 000C 0000 0000 0000 0000 ................
尼斯输出,刚才我看到瓦纳,但在这种情况下,我只是不工作。
这是一些从张贴这我已经试过的东西:
XXD -u的/ usr / bin中/ XXD | grep的DF
00017b0:4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @ .........小号.....根#grep的-ibH东风的/ usr / bin中/ XXD
二进制文件在/ usr /斌/ XXD比赛
XXD -u的/ usr / bin中/ XXD | grep的-HDF
(标准输入):00017b0:4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @ .........小号.....
我们在一个可接受的方案之前到达尝试几件事情:
XXD -u的/ usr / bin中/ XXD | grep的DF
00017b0:4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @ .........小号.....
根#grep的-ibH东风的/ usr / bin中/ XXD
二进制文件在/ usr /斌/ XXD比赛
XXD -u的/ usr / bin中/ XXD | grep的-HDF
(标准输入):00017b0:4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @ .........小号.....
随后发现,我们可以得到与有用的结果。
XXD -u的/ usr / bin中/ XXD> /tmp/xxd.hex; grep的-HDF的/ tmp / XXD
请注意,使用像'DF'一个简单的搜索目标将错误匹配跨字节界限跨越字符,即
XXD -u的/ usr / bin中/ XXD | grep的DF
00017b0:4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @ .........小号.....
-------------------- ^^
因此,我们使用正则表达式或运算搜索'DF'或'DF'(的searchTarget preceded或后面有一个空格字符)。
最后的结果似乎是
XXD -u -ps -c百亿DumpFile可> DumpFile.hex
egrep的DF | DF'Dumpfile.hex0001020:0089 0424 8D95 D8F5 FFFF 89F0 E8DF F6FF ... $ ............
----------------------------------------- ^^
0001220:0C24 E871 0B00 0083 F8FF 89C3 0F84 DF03 $ Q ............。
-------------------------------------------- ^^
我希望这有助于。
每通过贝利萨留书面一个很好的提醒,
请允许我欢迎你到计算器并提醒你的四件事情我们做的:
。 1)阅读常见问题解答
。 2)请接受最好的解决您的问题,如果有的话,由pressing的对勾标志的答案。这使得与信誉的最佳答案15分答辩。它不扣除(如一些人似乎认为)从问题的海报信誉分; - )
。 3)当你看到很好的Q&安培; A,投起来使用灰色三角形,随着信誉系统基于用户通过分享他们的知识赢得了声誉。
。 4)当你得到帮助,试图给它也是如此,在你的专业领域回答问题
I have been trying all day to get this to work. Does anyone know how to get grep, or something of the like, to retrieve offsets of hex strings in a file?
I have a bunch of hexdumps that I need to check for strings and then run again and check if the value has changed.
I have tried hexdump and dd, but the problem is because it's a stream, I lose my offset for the files.
Someone must have had this problem and a workaround. What can I do?
To clarify, I have a series of dumped memory regions from GDB.
I am trying to narrow down a number by searching out all the places the number is stored, then doing it again and checking if the new value is stored at the same memory location.
I cannot get grep to do anything because I am looking for hex values so all the times I have tried (like a bazillion, roughly) it will not give me the correct output.
The hex dumps are just complete binary files, the paterns are within float values at larges so 8? bytes?
The patterns are not wrapping the lines that I am aware of. I am aware of the what it changes to, and I can do the same process and compare the lists to see which match. The hex dumps normally end up (in total) 100 megs-ish.
Perl COULD be a option, but at this point, I would assume my lack of knowledge with bash and its tools is the main culprit.
Its a little hard to explain the output I am getting since I really am not getting any output..
I am anticipating (and expecting) something along the lines of:
<offset>:<searched value>
Which is the pretty well standard output I would normally get with grep -URbFo <searchterm> . > <output>
Problem is, when I try to search for hex values, I get the problem of if just not searching for the hex values, so if I search for 00 I should get like a million hits, because thats always the blankspace, but instead its searching for 00 as text, so in hex, 3030. Any idea's?
I CAN force it through hexdump or something of the link but because its a stream it will not give me the offsets and filename that it found a match in.
Using grep -b option doesnt seem to work either, I did try all the flags that seemed useful to my situation, and nothing worked.
Using xxd -u /usr/bin/xxd as an example I get a output that would be useful, but I cannot use that for searching..
0004760: 73CC 6446 161E 266A 3140 5E79 4D37 FDC6 s.dF..&j1@^yM7..
0004770: BF04 0E34 A44E 5BE7 229F 9EEF 5F4F DFFA ...4.N[."..._O..
0004780: FADE 0C01 0000 000C 0000 0000 0000 0000 ................
Nice output, just what I wana see, but it just doesnt work for me in this situation..
This is some of the things i've tried since posting this:
xxd -u /usr/bin/xxd | grep 'DF'
00017b0: 4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @.........S.....
root# grep -ibH "df" /usr/bin/xxd
Binary file /usr/bin/xxd matches
xxd -u /usr/bin/xxd | grep -H 'DF'
(standard input):00017b0: 4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @.........S.....
We tried several things before arriving at an acceptable solution:
xxd -u /usr/bin/xxd | grep 'DF'
00017b0: 4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @.........S.....
root# grep -ibH "df" /usr/bin/xxd
Binary file /usr/bin/xxd matches
xxd -u /usr/bin/xxd | grep -H 'DF'
(standard input):00017b0: 4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @.........S.....
Then found we could get usable results with
xxd -u /usr/bin/xxd > /tmp/xxd.hex ; grep -H 'DF' /tmp/xxd
Note that using a simple search target like 'DF' will incorrectly match characters that span across byte boundaries, i.e.
xxd -u /usr/bin/xxd | grep 'DF'
00017b0: 4010 8D05 0DFF FF0A 0300 53E3 0610 A003 @.........S.....
--------------------^^
So we use an ORed regexp to search for ' DF' OR 'DF ' (the searchTarget preceded or followed by a space char).
The final result seems to be
xxd -u -ps -c 10000000000 DumpFile > DumpFile.hex
egrep ' DF|DF ' Dumpfile.hex
0001020: 0089 0424 8D95 D8F5 FFFF 89F0 E8DF F6FF ...$............
-----------------------------------------^^
0001220: 0C24 E871 0B00 0083 F8FF 89C3 0F84 DF03 .$.q............
--------------------------------------------^^
I hope this helps.
Per an excellent reminder written by belisarius, Allow me to welcome you to StackOverflow and remind you of four things we do:
. 1) Read the FAQs
. 2) Please accept the answer that best solves your problem, if any, by pressing the checkmark sign. This gives the respondent with the best answer 15 points of reputation. It is not subtracted (as some people seem to think) from question posters reputation points ;-)
. 3) When you see good Q&A, vote them up by using the gray triangles, as the credibility of the system is based on the reputation that users gain by sharing their knowledge.
. 4) As you receive help, try to give it too, answering questions in your area of expertise
这篇关于使用grep在文件中搜索字符串十六进制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
![对勾标志](\"http://i.stack.imgur.com/uqJeW.png\"){kind=link}
![灰色三角形](\"http://i.stack.imgur.com/kygEP.png\"){kind=link}
