 |
|
Finding Strings in Binary Files
Linux Tips by Burleson Consulting |
If a user encounters a binary file and does not know
what it is used for or where it came from, they may gain some insight into its
origins and use by searching for character strings within the file. If the cat
command is used to list a binary file, the user will get a screen full of
garbage that will more often than not change the display characteristics.
Instead, the strings command should be used, as demonstrated in the following
examples:
Find All Strings in the Binary File
$ strings echo
/lib/ld-linux.so.2
libc.so.6
stdout
getopt_long
__fpending
getenv
...
Copyright (C) 2002 Free Software Foundation, Inc.
This is free software; see the source for copying
conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
%s (%s) %s
Written by %s.
%s %s
memory exhausted
Again the above output has been abbreviated to save
trees, but you can see that there is some useful information here. Just knowing
that "This is free software" and that it is copyrighted by the Free Software
Foundation can give you some great insight on where this came from and why it
might be there.
Finding Occurrences of a String in a Binary File
Here we show how the output of the strings command can
be piped into the grep command to look for specific words within a binary file.
$ strings echo|grep GLIBC
GLIBC_2.3
GLIBC_2.1.3
GLIBC_2.1
GLIBC_2.0
GLIBC_2.2
This shows how grep can be used to limit the output of a
command to only lines that contain certain text.
Finding Strings in Multiple Files
Earlier in this chapter we used find to search for
recently modified files to find a file who's name we didn't know. Now we'll see
how grep can actually search the contents of files to find specific text.
Finding a File Containing a Particular Text String
$ ls ?Al
total 12
-rw-r--r-- 1 tclark authors 2229 Jan 13 21:35 declaration.txt
-rw-rw-r-- 1 tclark presidents 1310 Jan 13 17:48 gettysburg.txt
-rw-rw-r-- 1 tclark tclark 360 Feb 3 22:38 preamble.txt
$ grep -ri 'We the people' .
./preamble.txt:We the People of the United States, in
Order to form a more perfect Union,
Here we use grep with the ?ri options. The -r option
causes grep to search all files in the specified directory and any
subdirectories and the ?i option tells grep to ignore character case. We then
specify what string we want to search for. Since this string is more than one
word we enclose it in single quotes. Finally we specify where we want to look,
in this case the current directory. The grep command not only outputs the line
which contains the string we asked for, but also prepends it with the file which
contains that line.
Find processes
In chapter 8, information will be presented that allows
the location of processes by process number, user name, etc. using the ps
command. Some examples are included here as processes are a typical thing to
search for. There will be more discussion of this in chapter 8.
Finding Process Information by Process ID
Sometimes you will need to find more information about a
specific process. In that case the ?u option can be used with the ps command to
specify the process number
$ ps u 4444
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
bb 4444 0.0 0.0 1548 412 ? S Jan20 0:00 /home/bb/bb/bin/bbrun
-a /home/bb/bb/ext/bb-memory.sh
This command will search for process number 444 and
return some information about it.
Find Processes Belonging to a Specific User
Using the ?u option we can look for only processes owned
by a specific user. In this example the user's name is bb.
$ ps -u bb
PID TTY TIME CMD
3811 ? 00:00:00 runbb.sh
3814 ? 00:00:00 bbrun
3815 ? 00:00:00 runbb.sh
3818 ? 00:00:00 runbb.sh
3821 ? 00:00:00 runbb.sh
3822 ? 00:00:00 bbrun
3913 ? 00:00:00 bbrun
4444 ? 00:00:00 bbrun
This is an excerpt from "Easy
Linux Commands" by Linux guru Jon Emmons. You can purchase it for only
$19.95 (30%-off) at
this link.
and include the URL for the page.
