Re: binary grep

To: debian-user@lists.debian.org
Subject: Re: binary grep
From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
Date: Fri, 18 Sep 2009 22:08:32 +0200
Message-id: <[🔎] 200909182208.32998.jesus.navarro@undominio.net>
In-reply-to: <[🔎] a4b9b8210909180755n47d0d2bfs44f5a6081ec1c367@mail.gmail.com>
References: <[🔎] a4b9b8210909180755n47d0d2bfs44f5a6081ec1c367@mail.gmail.com>

Hi, Rob:

On Friday 18 September 2009 16:55:37 Rob Gom wrote:
> Hello,
> are you aware of a tool, which would allow me to search for given
> pattern in a binary file, then at least output file position (so that
> I could pass the number to dd) or output next few bytes?
> For text files I use e.g .grep (grep -A 3 file pattern to output 3
> lines after match). I would like to output e.g. 13 bytes after binary
> match.
> Dd is fine when I know the position, so I can use skip option. But how
> to know the position?
> The pattern could be either fixed bytes or even regular expression, if
> that's possible.

What's the problem with grep itself?
ie.:
grep -aobE 'x509.{0,45}' /usr/lib/libssl.so.0.9.8
282596:x509 libDTLS1_PROCESS_OUT_OF_SEQ_MESSAGE
284448:x509 verification setup problems

My example will match "x509" plus up to 45 chars and it shows that happening 
twice on libssl on positions (decimal) 282596 and 284448.  With this kind of 
match, you won't see always the aforementioned 45 chars, since it may happen 
that a \0x0 or CR/LF is in the middle thus breaking the match (try changing 
the above regexp to  'x509.{45}' and see what happens).  You migth find a 
more clever regexp or you can feed the offset to dd.

Reply to:

Follow-Ups:
- Re: binary grep
  - From: Rob Gom <rgom.debian@gmail.com>

References:
- binary grep
  - From: Rob Gom <rgom.debian@gmail.com>

Prev by Date: Re: Chat Server Software
Next by Date: very slow window minimizing?
Previous by thread: binary grep
Next by thread: Re: binary grep
Index(es):
- Date
- Thread