Do you want to see the text in a binary or data file? The Linux command
strings will extract the parts of the text called "strings" for you.
Linux is full of commands that may look like solutions to finding problems. The command
strings definitely falls into this camp. What exactly is its purpose? Is there a point for a command listing the printable strings in a binary file?
Let's take a step back. Binary files ̵
lessyou probably have a stuck terminal window. Programs designed to work with text files do not get along well when typing unprintable characters.
Most bytes in a binary file are unreadable and can not be printed in the terminal window in any way that makes no sense. There are no standard characters or symbols to represent binary values that are not alphanumeric, punctuation or spaces. Together these are called "printable" characters. The rest are "non-printable" characters.
Attempting to search a binary or data file for text strings is therefore a problem. And here come
strings into play. They extract strings of printable characters from files so that other commands can use the strings without competing with unprintable characters.
Using the strings Command
There is nothing complicated about the
strings command, and its basic use is very simple. We specify the name of the file in which
strings should be searched in the command line.
Here we use strings for a binary file – an executable – called "jibber"
strings a space, "jibber", and then press Enter.
The strings are extracted from the file and listed in the list of terminal windows.
Setting the minimum string length
By default, strings search for strings that are four characters or longer. To specify a longer or shorter minimum length, use
-n (minimum length).
Note that the shorter the minimum length, the higher the likelihood that you will see more junk.
Some binary values have the same numeric value as the value representing a printable character. If two of these numeric values occur side by side in the file and you specify a minimum length of two, these bytes are reported as a string.
for the use of strings Use the following command as a minimum length:
strings -n 2 jibber
We now have two-letter strings in the results. Note that spaces are counted as printable characters.
Passing Strings Through Less
Due to the length of the output of
strings we derive it by
less . We can then scroll through the file and search for interesting text.
strings jibber | less
The listing is now displayed for us in
less with the beginning of the listing being displayed first.
Using strings with object files
Typically, program source code files are compiled into object files. These are linked to library files to create an executable binary file. We have the jibber object file at hand. So let's take a look at this file. Note the file extension ".o".
jibber.o | less
The first set of strings wraps in column eight if it is longer than eight characters. If they have been broken, an "H" will appear in column nine. You may recognize these strings as SQL statements.
Scrolling through the output will find that this formatting is not used throughout the file.
It is interesting to see the differences in the text strings between the object file and the finished executable file.
Searching for specific areas in the file
Compiled programs have different areas in them that are used to store text. By default,
Strings searches the entire file for text. This is as if you had used the option
-a (all). Use the option
-d (data) to find strings only in initialized, loaded pieces of data in the file.
strings -d jibber | less
If you do not have a good reason, you can also use the default setting and search the entire file.
Printing the string offset
There may be
strings prints the offset from the beginning of the file where each string resides. Use the option
strings -o parse_phrases | less
The offset is specified in octal.
To display the offset on a different numeric basis, z or hexadecimal, use the option
-t (radix). The Radix option must follow
d (decimal number),
x (hexadecimal number) or
o (octal number). The use of
-t o corresponds to the use of
strings -t d parse_phrases | less
The offsets are now printed decimally.
strings -t x parse_phrases | less
The offsets are now printed in hexadecimal.
Strings consider tabs and spaces as part of the found strings. Other spaces, such as line breaks and line breaks, are not treated as part of the strings. The option
-w (whitespace) causes strings to treat all whitespace characters as if they were parts of the string.
strings -w add_data | less
The output shows the blank line that results from the (invisible) line break and the newline character at the end of the second line.
We are not limited to files
We can use
strings with anything that is or can produce a byte stream.
With this command we can browse the RAM of our computer.
We need to use
sudo because we access / dev / mem. This is a device file with characters containing an image of the main memory of your computer.
sudo strings / dev / mem | less
The listing is not the entire contents of your RAM. It's just the strings that can be extracted from them.
RELATED: What does "Everything is a file" mean? Linux?
Searching Multiple Files Simultaneously
Wildcards can be used to select groups of files to be searched. The character
* stands for several characters and the character
? stands for a single character. You can also specify many file names on the command line.
We will use a wildcard and search all executables in the / bin directory. Since the collection contains results from many files, we use the option
-f (filename). This prints the file name at the beginning of each line. We can then see in which file the individual strings were found.
We pass the results through grep and look for strings containing the word "copyright".
strings -f / bin / * | grep Copyright
We get a clear listing of the copyright notices for each file in the / bin directory with the name of the file at the beginning of each line.
Strings are no secret. It's a typical Linux command. It does something very specific and does it very well.
It's another of Linux's gears and really comes alive when it works with other commands. If you see how it can stand between binaries and other tools like
grep you will appreciate the functionality of this somewhat opaque command.