grep offset to a string in a binary file

terminalPeople using grep should be familiar with the following output in a grep result:

Binary file www_browser matches

What if you are interested in the offset to the string in the binary file because, say, you are trying to reverse engineer something? Yes, there are hex editors available to handle that but good old grep is smart enough too. Here’s how.

$ grep -baron flashplayer.so *
www_browser:87101:85138113:flashplayer.so
www_browser:87101:85138165:flashplayer.so
www_browser:95935:87170022:flashplayer.so
www_browser:95937:87170981:flashplayer.so

where,

b: show the byte offset
a: treat the binary file as a text file (otherwise grep skips)
r: recursive search
o: show only matching (less cluttered output without full "text" lines)
n: show line number

in the output,

column 1: file name
column 2: line number in decimal (as grep treats the file as text)
column 3: file offset in decimal
column 4: matching string

Probably you won’t be interested in the file name and line number if you know the file. You can refine the command as:

$ grep -bao flashplayer.so www_browser 
85138113:flashplayer.so
85138165:flashplayer.so
87170022:flashplayer.so
87170981:flashplayer.so

One thought on “grep offset to a string in a binary file”

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s