ansaurus

Question

"tailing" a binary file based on string location using bash?

Answer 1

A:

Would strings and grep do you want?

e.g.

strings -n 3 myfilename | grep XXX

Colin Pickard 2010-03-30 14:18:15

It only returns the string, not the bit that follows. I need everything from the start of the string till the end of the file.

ilitirit 2010-03-30 14:26:50

Answer 2

+1 A:

In PERL, there is a variable built in that specifically refers to the part of the string after the matched regular expression. That would be the method I would use. It is not just Bash and utilities, but PERL is so commonly installed that you should be OK.

Grant Johnson 2010-03-30 14:25:40

Most text oriented utilities in the unix standard command line handle binary data poorly and/or incorrectly as they make assumptions like no '\0' characters in the file. This is why you will have more success using a program like Perl or Python which has no such limitations.

msw 2010-03-30 15:16:30

Answer 3

A:

 strings -n3 file_binary | awk '/XXX/{gsub(/.*XXX/,"");print}'

ghostdog74 2010-03-30 14:30:08

Prints a single blank line on my system.

ilitirit 2010-03-30 14:36:55

This output stops at the next newline character!

ypnos 2010-03-30 14:37:01

... `awk '/XXX/{gsub(/.*XXX/,"");p=1}p{print}'`

vladr 2010-03-31 08:40:21

Answer 4

+1 A:

Following is a small hack shell solution that is not very performant. But it works.

Write the script file tail.sh as follows:

#!/bin/sh
dd bs=1 if=$1 of=$2 skip=`grep --binary-files=text -m1 -b -o $3 $1 | cut -d ':' -f 1 | head -1`

Call tail.sh INPUTNAME OUTPUTNAME PATTERN

p.s.: sorry forgot one option to grep in first post

ypnos 2010-03-30 14:34:49

Gives me this error: "dd: invalid number `'". By the way, this was on a test file. I let it run for a few minutes on a 9mb file and it didn't complete.

ilitirit 2010-03-30 14:46:25

Well as I said it is very slow. Maybe it was even slower for you as the grep didn't work right. better try again.

ypnos 2010-03-30 14:50:58

Now it gives me the error dd: invalid number `\r'

ilitirit 2010-03-30 14:53:29

I cannot reproduce your error. are you using bash?

ypnos 2010-03-30 15:52:41

Answer 5

A:

Try this:

grep -ao string.* filename

Since you have binary data, you might want to redirect the output to a file.

grep -ao string.* filename > binary.out

Or pipe it through hexdump or similar for testing:

grep -ao string.* filename | hd

Dennis Williamson 2010-03-30 15:12:36

Thanks, it fails when it hits a newline character though.

ilitirit 2010-03-30 15:50:09

This output stops at the next newline character!

ypnos 2010-03-30 15:51:16

Answer 6

A:

I came up with this solution:

ls -1 *.bin | xargs strings -n4 --radix=d -f | grep "string" | awk '{sub(/:/, ""); print $2 " " $1 " " $1".";}' | xargs -l1 split -b && rm *.aa

ls -1 *.bin Print only the filenames with the extension "bin" in a list format

xargs strings -n4 --radix=d -f List all the strings in the file and their positions and include the filename in the output

grep "string" Print lines containing "string" (it only occurs once in each file)

awk '{sub(/:/, ""); print $2 " " $1 " " $1".";}' Remove the colon after the filename added by strings, and print the position of the string, the filename, and the filename with a period (this line is used as the arguments for the split command

xargs -l1 split -b Execute the split command for each line using the output of awk as the rest of the arguments

rm *.aa Delete the first parts of the split files. "aa" is the default suffix for the part of the split files.

There are probably better/faster/safer ways of doing this but it's fine for my purposes.

ilitirit 2010-03-31 08:42:14

ansaurus

tags:

views:

answers:

"tailing" a binary file based on string location using bash?

related questions