Shulou(Shulou.com)06/01 Report--

This article mainly shows you "how to use Hexdump", the content is easy to understand, clear, hope to help you solve your doubts, the following let the editor lead you to study and learn "how to use Hexdump" this article.

Hexdump is a binary file viewing tool under Linux, which can convert binary files to ASCII, octal, decimal, and hexadecimal formats for viewing.

Learn basic usage

Hexdump lets you get the output effortlessly, and depending on the size of the file you are looking at, the output may be very large. In this article, we will create a 1 × 1 pixel PNG file. You can create the file using an image processing application such as GIMP or Mtpaint, or you can create it with ImageMagick in the terminal.

The command to generate a 1 × 1 pixel PNG file with ImagiMagick is as follows:

$convert-size 1x1 canvas:black pixel.png

You can use the file command to confirm that this file is in PNG format:

$file pixel.pngpixel.png: PNG image data, 1 x 1, 1-bit grayscale, non-interlaced

You may wonder how the file command determines what type of file it is. Coincidentally, that's exactly how hexdump is going to reveal. Right now you can use your usual image viewing software to see your single-pixel image (it looks like this:.), or you can use hexdump to look inside the file:

$hexdump pixel.png0000000 5089 474e 0a0d 0a1a 0000 0d00 4849 52440000010 0000 01000000 0100 0001 0000 3700 f96e0000020 0024 0000 6704 4d41 0041 b100 0b8f 61fc0000030 0005 0000 6320 5248 004d 7a00 0026 800000040 0084 fa00 0000 00e8 75000030 ea000000050 0060 3a00 0098 1700 9c70 51ba 00000060 202474b 0044 dd01 138a 00a4 000074070000070 4d49 0745 07e3 081a 3539 a487 46b0 0000000080 0a00 4449 5441 d7063 0000 0000 020000000090 21e2 33bc 02500457488664 657400000a0 633a 6572 7461 0065 3931 302d 2d3700000b0 3532 3254 3a30 373535 32b33 3331 303a00000c0 ac30 5dcd 00c1 0000 0425 58474 353a 3a37 3335 312b 3a3200000f0 3030 90dd 7de5 0000 0000 4549 444e 42ae0000100 82600000102

From a perspective that you may have never used before, what you see is the contents of the sample PNG file. It's exactly the same data you see in image viewing software, but it's encoded in a way that you may not be familiar with.

Extract familiar strings

Although the default data output seems meaningless, that doesn't mean there is no valuable information in it. You can use the-canonical option to translate the output, or at least the translatable part of it, into a more familiar character set:

$hexdump-- canonical foo.png00000000 89 50 4e 47 0d 0a 0a 0a 0d 49 48 44 52 | .PNG.IHDR | 00000010 000000 01 01 000000 01 00000000 37 6e f9 | .7n. | 00000020 24000000 04 67 4d 41 0000b1 8f 0b fc 61 | $.... gAMA.a | 0000300000020 63 48 52 4d 00007a 26 000080 |. CHRM..z&... | 00000040 84 0000 fa 000000 80 e8 0000 75 30 0000 ea | .u0... | 00000050 60 0000 3a 98 0000 17 70 9c ba 51 3c 000000 | `..:.... p..Qcd 5d c1 000000 25 74 45 58 74 64 61 74 | 0.]% tEXtdat | 000000d0 65 3a 6d 6f 64 69 66 79 00 32 31 39 2d 30 37 | e:modify.2019-07 | 000000e0 2d 32 35 54 32 30 3a 35 37 3a 35 33 2b 31 32 3a |-25T20:57:53+12: | 000000f0 30 30 dd 90 e5 7d 000000 00 49 45 4e 44 ae 42 | 00. IEND.B | 00000100 60 82 | `. | 00000102

In the column on the right, you see the same data as on the left, but in ASCII code. If you look carefully, you can pick out some useful information, such as the file format (PNG) and the date and time when the file was created and modified (look at the bottom of the file). The file command gets the file type from the first 8 bytes. Programmers will refer to the libpng specification to know what to look at. Specifically, that is the string PNG that you can see in the first 8 bytes of the image file. This fact is obvious because it reveals how the file command knows the type of file to report. You can also control how many bytes hexdump displays, which is useful when dealing with files larger than one pixel:

$hexdump-- length 8 pixel.png0000000 5089 474e 0a0d 0a1a0000008

Hexdump is not limited to viewing PNG or image files. You can also use hexdump to view your daily binaries, such as ls, rsync, or any binaries you want to check.

Using hexdump to realize cat Command

When reading the PNG specification, you may notice that the data in the first 8 bytes looks different from the results provided by hexdump. In fact, it's the same data, but presented in a different way. So the output of hexdump is correct, but depending on the information you are looking for, the output is not always straightforward for you. For this reason, hexdump has some options for defining the format and transforming the raw data it dumps. Conversion options can be complex, so it's practical to practice with things that don't matter. The following simple introduction demonstrates how to format the output of hexdump by reimplementing the cat command. First, run hexdump on a text file to view its raw data. You can usually find a copy of the GNU General license GNU General Public License (GPL) somewhere on your hard drive, or you can use any text file you have. Your output may be different, but here's how to find a copy of GPL (or at least part of it) on your system:

$find / usr/share/doc/-type f-name "COPYING" | tail-1/usr/share/doc/libblkid-devel/COPYING

Run hexdump on it:

$hexdump / usr/share/doc/libblkid-devel/COPYING0000000 6854 7369 6c20 6269 6172 7972 6920 20730000010 7266 6565 7320 666f 7774 7261 3b65 792000020 756f 6320 6e61 7220 6465 7369 274 62690000030 7475 2065 7469 6120 646 e 6f2f 0a72 6f6d0000040 6964 7966 6920 6e75 6564 2072 68740000050 206574 6d72 2073 666f 7420 6568 47000060 554e 4c20 7365 657756e 61700070 206c 6c62 6369 6e65 657300000806120 207570 6c62 7369 7968 7962 [.

If the output of the file is long, use-length (or short option-n) to control the length of the output to make it easy to manage. Raw data may not make much sense to you, but you already know how to convert it into ASCII codes:

Hexdump-canonical / usr/share/doc/libblkid-devel/COPYING00000000 54 68 69 73 20 6c 69 62 72 61 72 79 20 69 73 20 | This library is | 00000010 66 66 65 65 20 73 6f 66 74 77 61 72 65 3b 20 79 | free software Y | 00000020 6f 75 20 63 61 6e 20 72 65 64 69 73 74 72 69 62 | ou can redistrib | 00000030 75 74 65 20 69 74 20 61 6e 64 2f 6f 72 0a 6d 6f | ute it and/or.mo | 00000040 64 69 66 79 20 69 69 74 20 75 6e 64 65 72 20 74 68 | dify it under th | 00000050 65 20 74 65 72 6d 73 20 65 65 20 47 | e terms of the G | 000060 4e 55 204c 65 73 65 72 72 20 47 65 6e 65 72 61 | NU Lesser Genera | 0000706c 2075 6c 2075 6c 690a 4c 690a 463 6e 73 6e 73 | l Public.License |

This output is helpful but too cumbersome and difficult to read. To convert the output of hexdump to other formats that are not supported by its options, use a combination of-format (or-e) and specialized format codes. Code that uses custom formats is similar to the printf command, so if you are familiar with printf statements, you may find it easy to learn hexdump custom formats. In hexdump, the string% _ p tells hexdump to output characters using your system's default character set. All format symbols for the-format option must be enclosed in single quotation marks:

$hexdump-e'"% p"'/ usr/share/doc/libblkid-devel/COPYINGThis library is fre*software; you can redistribute it and/or.modify it under the terms of the GNU Les*er General Public.License as published by the Fre*Software Foundation; either.version 2.1of the License, or (at your option) any later.version..*The complete text of the license is available in the..*/Documentation/licenses/COPYING.LGPL-2.1-or-later file..

The output is better this time, but it is still not easy to read. Traditionally, UNIX text files assume an output width of 80 characters (because a long time ago, a display could only display 80 characters per line).

Although this output is not limited by the custom format, you can use additional options to force hexdump to process 80 bytes at a time. Specifically, by dividing 80 by 1, you can tell hexdump to treat 80 bytes as a unit:

$hexdump-eBay 80 of the License 1 "_ p" / usr/share/doc/libblkid-devel/COPYINGThis library is free software; you can redistribute it and/or.modify it under the terms of the GNU Lesser General Public.License as published by the Free Software Foundation; either.version 2.1 of the License, or (at your option) any later.version...The complete text of the license is available in the.../Documentation/licenses/COPYING.LGPL-2.1-or-later file..

The file is now split into 80-byte blocks without any line breaks. You can add your own newline with the\ ncharacter, which represents a newline in UNIX:

$hexdump-eBay 80 of the License 1 "% _ p"\ n" 'This library is free software; you can redistribute it and/or.modify it under the terms of the GNU Lesser General Public.License as published by the Free Software Foundation; either.version 2.1 of the License, or (at your option) any later.version...The complete text of the license is available in the.../Documentation/licenses/COPYING.LGPL-2.1-or-later file..

Now you have (roughly) implemented the cat command in the hexdump custom format. Controlling the output is actually a way to make hexdump useful by customizing the format. Now that you are (at least in principle) familiar with the hexdump custom format, you can match the output of hexdump-n 8 to the PNG file header described in the official libpng specification.

First of all, you know that you want hexdump to process PNG files in 8-byte blocks. In addition, you may know that the PNG format specification is expressed as a decimal number by identifying these integers, which, according to the hexdump document, is represented by% d:

$hexdump-N8-eBay 8ax 1 "% d"\ n" 'pixel.png13780787113102610

You can add a space after each integer to perfect the output:

$hexdump-N8-eBay 8swap 1 "% d"\ n" 'pixel.png137 80 78 71 13 10 26 10

Now the output matches the PNG specification perfectly.

The above is all the contents of this article "how to use Hexdump". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.