Reputation: 309891
"grep" offset of ascii string from binary file
I'm generating binary data files that are simply a series of records concatenated together. Each record consists of a (binary) header followed by binary data. Within the binary header is an ascii string 80 characters long. Somewhere along the way, my process of writing the files got a little messed up and I'm trying to debug this problem by inspecting how long each record actually is.
This seems extremely related, but I don't understand perl, so I haven't been able to get the accepted answer there to work. The other answer points to bgrep which I've compiled, but it wants me to feed it a hex string and I'd rather just have a tool where I can give it the ascii string and it will find it in the binary data, print the string and the byte offset where it was found.
In other words, I'm looking for some tool which acts like this:
tool foobar filename
or
tool foobar < filename
and its output is something like this:
foobar:10
foobar:410
foobar:810
foobar:1210
...
e.g. the string which matched and a byte offset in the file where the match started. In this example case, I can infer that each record is 400 bytes long.
Other constraints:
- ability to search by regex is cool, but I don't need it for this problem
- My binary files are big (3.5Gb), so I'd like to avoid reading the whole file into memory if possible.
Upvotes: 43
Views: 38185
Answers (3)
Reputation: 29
I wanted to do the same task. Though strings | grep worked, I found gsar was the very tool I needed.
The output looks like:
>gsar.exe -bic -sfoobar filename.bin
filename.bin: 0x34b5: AAA foobar BBB
filename.bin: 0x56a0: foobar DDD
filename.bin: 2 matches found
Upvotes: 2
Reputation: 35405
grep --byte-offset --only-matching --text foobar filename
The --byte-offset option prints the offset of each matching line.
The --only-matching option makes it print offset for each matching instance instead of each matching line.
The --text option makes grep treat the binary file as a text file.
You can shorten it to:
grep -oba foobar filename
It works in the GNU version of grep, which comes with linux by default. It won't work in BSD grep (which comes with Mac by default).
Upvotes: 57
Reputation: 47099
You could use strings for this:
strings -a -t x filename | grep foobar
Tested with GNU binutils.
For example, where in /bin/ls does --help occur:
strings -a -t x /bin/ls | grep -- --help
Output:
14938 Try `%s --help' for more information.
162f0 --help display this help and exit
Upvotes: 31
Related Questions
- How can I extract the text portion of a binary file in Linux/Bash?
- Find the offset of data in a binary file
- How to grep a text file which contains some binary data?
- how to find offset of a pattern from binary file (without grep -b)
- Grep --byte-offset not returning the offset (Grep version 2.5.1)
- Grep byte offset in consecutive lines of piped output
- How to get the offset of a string in a large (binary) file?
- Character offset with grep
- Grep print byte-offset without printing match
- Bash matching binary pattern