قالب وردپرس درنا توس
Home / Tips and Tricks / Using the strings command on Linux

Using the strings command on Linux



  Linux terminal on a laptop
Fatmawati Achmad Zaenuri / Shutterstock.com

Do you want to see the text in a binary or data file? The Linux command strings will extract the parts of the text called "strings" for you.

Linux is full of commands that may look like solutions to finding problems. The command strings definitely falls into this camp. What exactly is its purpose? Is there a point for a command listing the printable strings in a binary file?

Let's take a step back. Binary files ̵

1; such as For example, program files – may contain strings of readable text. But how do you come to see her? If you use cat or less you probably have a stuck terminal window. Programs designed to work with text files do not get along well when typing unprintable characters.

Most bytes in a binary file are unreadable and can not be printed in the terminal window in any way that makes no sense. There are no standard characters or symbols to represent binary values ​​that are not alphanumeric, punctuation or spaces. Together these are called "printable" characters. The rest are "non-printable" characters.

Attempting to search a binary or data file for text strings is therefore a problem. And here come strings into play. They extract strings of printable characters from files so that other commands can use the strings without competing with unprintable characters.

Using the strings Command

There is nothing complicated about the strings command, and its basic use is very simple. We specify the name of the file in which strings should be searched in the command line.

Here we use strings for a binary file – an executable – called "jibber" strings a space, "jibber", and then press Enter.

  string jibber 

  string jibber in a terminal window

The strings are extracted from the file and listed in the list of terminal windows.

 Strings issued in a terminal window

Setting the minimum string length

By default, strings search for strings that are four characters or longer. To specify a longer or shorter minimum length, use -n (minimum length).

Note that the shorter the minimum length, the higher the likelihood that you will see more junk.

Some binary values ​​have the same numeric value as the value representing a printable character. If two of these numeric values ​​occur side by side in the file and you specify a minimum length of two, these bytes are reported as a string.

Ask for the use of strings Use the following command as a minimum length:

  strings -n 2 jibber 

  strings -n 2 jibber in a terminal window

We now have two-letter strings in the results. Note that spaces are counted as printable characters.

 Strings output with two letters in a terminal window.

Passing Strings Through Less

Due to the length of the output of strings we derive it by less . We can then scroll through the file and search for interesting text.

  strings jibber | less 

  Strings Jibber | less in a terminal window

The listing is now displayed for us in less with the beginning of the listing being displayed first.

 Strings are less output in a terminal window

Using strings with object files

Typically, program source code files are compiled into object files. These are linked to library files to create an executable binary file. We have the jibber object file at hand. So let's take a look at this file. Note the file extension ".o".

  jibber.o | less 

  jibber.o | less in a terminal window

The first set of strings wraps in column eight if it is longer than eight characters. If they have been broken, an "H" will appear in column nine. You may recognize these strings as SQL statements.

 Strings output less in a terminal window.

Scrolling through the output will find that this formatting is not used throughout the file.

 Strings Outputting Less in a Terminal Window

It is interesting to see the differences in the text strings between the object file and the finished executable file.

Searching for specific areas in the file

Compiled programs have different areas in them that are used to store text. By default, Strings searches the entire file for text. This is as if you had used the option -a (all). Use the option -d (data) to find strings only in initialized, loaded pieces of data in the file.

  strings -d jibber | less 

  strings -d jibber | less in a terminal window

If you do not have a good reason, you can also use the default setting and search the entire file.

Printing the string offset

There may be strings prints the offset from the beginning of the file where each string resides. Use the option -o (offset).

  strings -o parse_phrases | less 

  strings -o parse_phrases | less

The offset is specified in octal.

 Character strings with octal offset in a terminal window.

To display the offset on a different numeric basis, z or hexadecimal, use the option -t (radix). The Radix option must follow d (decimal number), x (hexadecimal number) or o (octal number). The use of -t o corresponds to the use of -o .

  strings -t d parse_phrases | less 

  strings -t d parse_phrases | less in a terminal window

The offsets are now printed decimally.

 Strings are issued with offsets in decimal in a terminal window.

  strings -t x parse_phrases | less 

  strings -t x parse_phrases | less in a terminal window

The offsets are now printed in hexadecimal.

 Strings are output with offsets hexadecimal in a terminal window.

Including spaces

Strings consider tabs and spaces as part of the found strings. Other spaces, such as line breaks and line breaks, are not treated as part of the strings. The option -w (whitespace) causes strings to treat all whitespace characters as if they were parts of the string.

  strings -w add_data | less 

  strings -w add_data | less in a terminal window

The output shows the blank line that results from the (invisible) line break and the newline character at the end of the second line.

 String output in a terminal window

We are not limited to files

We can use strings with anything that is or can produce a byte stream.

With this command we can browse the RAM of our computer.

We need to use sudo because we access / dev / mem. This is a device file with characters containing an image of the main memory of your computer.

  sudo strings / dev / mem | less 

  sudo strings / dev / mem | less in a terminal window

The listing is not the entire contents of your RAM. It's just the strings that can be extracted from them.

 In a terminal window in fewer output strings

RELATED: What does "Everything is a file" mean? Linux?

Searching Multiple Files Simultaneously

Wildcards can be used to select groups of files to be searched. The character * stands for several characters and the character ? stands for a single character. You can also specify many file names on the command line.

We will use a wildcard and search all executables in the / bin directory. Since the collection contains results from many files, we use the option -f (filename). This prints the file name at the beginning of each line. We can then see in which file the individual strings were found.

We pass the results through grep and look for strings containing the word "copyright".

  strings -f / bin / * | grep Copyright 

  Strings -f / bin / * | grep Copyright in a Terminal Window

We get a clear listing of the copyright notices for each file in the / bin directory with the name of the file at the beginning of each line.

 String output with copyright information in a terminal window

Strings Unraveled

Strings are no secret. It's a typical Linux command. It does something very specific and does it very well.

It's another of Linux's gears and really comes alive when it works with other commands. If you see how it can stand between binaries and other tools like grep you will appreciate the functionality of this somewhat opaque command.




Source link