strings command in Linux
Do not miss this exclusive book on Binary Tree Problems. Get it now for free.
In this article we discuss the strings command which is used to obtain human readable strings from unreadable files such as binaries, executables and other unreadable file formats.
Table of contents.
- Introduction.
- Syntax.
- Commands.
- Summary.
- References.
Introduction.
The strings command prints printable character sequences that are at least four characters long and are followed by an unprintable character.
It is commonly used to print contents of non-text files e.g .bin, .exe, .pdf, .odt.
Apart from determining the type of file, it extracts text/information from the file.
Developers include ASCII text in binary files so as to better understand the executable file. The strings command aids in determining the content of this executable after the software has already been released.
Syntax.
The syntax is as follows,
strings [OPTION(s)] [FILE(s)]
Commands.
To extract information from ping's binary file, we write,
strings /usr/bin/ping
To get binary files of commands,use whereis -b cmd command.
You can also examine a .pdf file since it cannot be viewed in the terminal or .odt file formats as saved by LibreOffice Writer.
You can also compile a c++ program and check strings from there.
#include<stdio.h>
int main(){
printf("Hello world \n");
return 0;
}
Compilation commands:
#compilation
gcc test.c -o test
## create object file
gcc -g -O -c test.c
Now try to concatenate test or test.o files. You will see that the file contents are not readable.
Sometimes strings command by default will just read loadable or initialized data section, however assuming we want it to read the complete file, we use the -a option as follows,
strings -a test.o
To read only loadable, initialized data(reduce garbage output) sections we use the -d option,
strings -d test.o
By default the strings command prints character sequences that are at least four characters long. We can change this by using the -n option.
An example
strings -n 2 test.o
From the output we can now see 2 character strings.
To include 5 character strings in the output we write,
strings -n 5 test.o
To print strings while displaying their offset character sequences we use the -t option accompanied by single character input specifying the radix of the offset i.e -o, -x, -d for octal, hexadecimal and decimal respectively.
strings -t d test.o
From the output the strings are now preceded by their respective offsets in decimal form.
The default string separator is a newline, we can change this by using the -s option,
strings -s [--] test.o
where [--] acts as the separator.
The -f option formats the output, such that the file name is displayed alongside text.
strings -f test
To read from multiple files we use the * wildcard,
strings -f /usr/bin/* | less
we have piped the output to less command so as to display output line by line.
We can also change the encoding by using -e option accompanied with the type of encoding e.g s for 7-bit byte, S for 8-bit byte, b for 16-bit bigendian or l for 16-bit bigendian.
An example
strings -e S test
We can also use strings look through data currently in computer RAM as follows,
sudo strings /dev/mem | less
Summary.
This command is useful when examining binary files and executables for information.
We can also use it to determine information from files without extensions from a recovered disk after which for example after determining it is a .odt file and since .odt files are a compressed version we can rename it with a .zip format then unzip(decompress) it to view its contents.
We can combine this command with other Linux text filtering commands e.g grep to achieve a desired output.
References.
- Execute strings --help for other strings command options.
- Execute man strings for the manual.
- which command
- grep command
Sign up for FREE 3 months of Amazon Music. YOU MUST NOT MISS.