Want to see the text in a binary or data file? The Linux strings command extracts these bits of text (called "strings") for you.
Linux is full of commands that can look like solutions in search of problems. The command of ropes definitely falls in this camp. Just what is his purpose? Is there a point to a command that lists printable strings from a binary file?
Let's take a step back. Binaries, such as program files, can contain strings of human-readable text. But how can you see them? If you use chat or less, you may end up with a terminal window hanging. Programs designed to work with text files do not work well if non-printable characters are introduced.
Most bytes of a binary file are not human readable and can not be printed in the terminal window in a way that makes sense. There are no standard characters or symbols to represent binary values that do not match alphanumeric characters, punctuation or spaces. Collectively, these characters are called "printable" characters. The others are "non-printable" characters.
It is therefore difficult to display or search text strings in a binary file or a data file. And that's where the strings come in. He extracts printable character strings from files so that other commands can use strings without having to deal with non-printable characters.
Using the strings command
The strings command is not complicated, and its basic use is very simple. We provide the name of the file we want the strings to search on the command line.
Here we will use strings on a binary file – an executable file – called "jibber". We type strings, a space, "jibber" and press Enter.
The strings are extracted from the file and listed in the terminal window.
Definition of the minimum length of the chain
By default, strings look for strings of four or more characters. To set a minimum length that is longer or shorter, use the -n option (minimum length).
Note that the shorter the length, the more likely you will see more junk.
Some binary values have the same numeric value as the value that represents a printable character. If two of these numeric values are side by side in the file and you specify a minimum length of two, these bytes will be reported as if it were a string.
To have the strings use two as the minimum length, use the following command.
strings -n 2 jibber
We now have two-letter strings included in the results. Note that spaces are counted as a printable character.
Ropes pass less
Because of the length of the output of the channels, we will make it pass less. We can then scroll through the file looking for interesting text.
jibber strings | less
The list is now presented to us in less, the top of the list being displayed first.
Using strings with object files
Typically, the program's source code files are compiled into object files. These are linked to the library files to create a binary executable file. We have the jibber object file on hand, so let's look inside this file. Note the ".o" file extension.
jibber.o | less
The first set of strings is all that is encapsulated in the eighth column if it has more than eight characters. If they were encapsulated, an "H" character appears in the nine column. You can recognize these strings as SQL statements.
Scrolling the output reveals that this formatting is not used throughout the file.
It is interesting to see the differences in the text strings between the object file and the executable completed.
Search in specific areas of the file
Compiled programs have in them different domains used to store text. By default, strings search for text throughout the file. It's as if you had used the -a option (all). For strings to look only in the initialized and loaded data sections of the file, use the -d (data) option.
jibber-strings | less
Unless otherwise noted, you can also use the default setting and search the entire file.
Chain offset printing
We can cause the strings to print the offset from the beginning of the file where each string is located. To do this, use the -o (offset) option.
chains -o parse_phrases | less
The offset is given in octal.
For the offset to be displayed in a different numeric base, such as decimal or hexadecimal, use the -t (radix) option. The basic option must be followed by d (decimal), X (hexadecimal) or o (octal). Use -t o returns to use -o.
chains -t d parse_phrases | less
The offsets are now printed in decimal.
strings -t x parse_phrases | less
Offsets are now printed in hexadecimal.
Strings consider that tab and space characters are part of the found strings. Other space characters, such as line breaks and line breaks, are not treated as if they were part of the strings. The -w (spaces) option causes strings to treat all space characters as if they were part of the string.
chains -w add_data | less
We can see the empty line in the output, result of the line return (invisible) and new line characters at the end of the second line.
We are not limited to files
We can use strings with anything that is, or can produce, a stream of bytes.
With this command, we can look through the RAM (RAM) of our computer.
We need to use sudo because we access / dev / mem. This is a character device file that contains an image of the main memory of your computer.
sudo / dev / mem chains | less
The list does not represent all the contents of your RAM. These are just the chains that can be extracted.
Simultaneous search for multiple files
Wildcards can be used to select groups of files to search. The * character represents several characters and the symbol? the character represents any simple character. You can also choose to provide multiple file names on the command line.
We will use a wildcard and search in all executable files in the / bin directory. Since the list will contain the results of many files, we will use the -f option (file name). This will print the file name at the beginning of each line. We can then see in which file each string was found.
We are analyzing the results grepand looking for strings containing the word "Copyright".
chains -f / bin / * | grep Copyright
We get a careful list of copyright statements for each file in the / bin directory, with the file name at the beginning of each line.
There is no mystery in the ropes; it's a typical Linux drive. He does something very specific and does it very well.
This is another of the nuts and bolts of Linux, and comes alive when it works with other commands. When you see how it can sit between binary files and other tools such as grep, you start to appreciate the features of this slightly obscure command.