How to use the strings command on Linux

Would you like to see the text in a binary or data file? The Linux strings Command pulls out these text parts – so-called “strings” – for you.

Linux is full of commands that can look like solutions to solving problems. the strings Orders definitely fall into this camp. Just what is its purpose? Is there any point in having a command that lists the printable strings from a binary file?

Let’s take a step back. Binary files – like program files – can contain strings of human readable text. But how do you get to see them? When you use cat or less You will likely have a hanging terminal window. Programs designed to work with text files do not do well when cycling through non-printable characters.

Most of the bytes in a binary file cannot be read and cannot reasonably be output in the terminal window. There are no characters or standard symbols used to represent binary values ​​that match non-alphanumeric characters, punctuation marks, or spaces. Collectively, these are referred to as “printable” characters. The rest are “non-printable” characters.

Therefore, attempting to view or search a binary or data file for text strings is a problem. And that’s where strings come in. It extracts Strings of printable characters from files so that other commands can use the strings without having to deal with non-printable characters.

Using the string command

There is nothing complicated about that strings Command, and its basic usage is very simple. We indicate the name of the desired file strings browse on the command line.

Here we are using strings for a binary file – an executable file – called “Jibber”. We type strings, a space, “Jibber”, and then press Enter.

strings jibber

The strings are extracted from the file and listed in the terminal window.

Setting the minimum string length

By default, Strings searches for strings that are four or more characters long. To set a longer or shorter minimum length, use the -n (Minimum length) option.

Note that the shorter the minimum length, the more likely you will see more junk.

Some binary values ​​have the same numeric value as the value that represents a printable character. If two of these numeric values ​​are adjacent in the file and you specify a minimum length of two, these bytes are reported as a string.

ask strings To use two as the minimum length, use the following command.

strings -n 2 jibber

The results now contain two-letter strings. Note that spaces are counted as printable characters.

Piping strings through less

Because of the length of the output of strings, we will pass it through less. We can then scroll through the file and look for text of interest.

strings jibber | less

The ad is now presented to us in less, with the top of the list displayed first.

Using strings with object files

Typically, program source code files are compiled into object files. These are linked to library files to create a binary executable file. We have the Jibber object file on hand, so let’s take a look at that file. Note the file extension “.o”.

jibber.o | less

The first set of strings are all wrapped in column eight if they are longer than eight characters. If they have been broken, there will be an “H” character in column nine. You may recognize these strings as SQL statements.

Scrolling through the output shows that this formatting is not used throughout the file.

It’s interesting to see the differences in text strings between the object file and the finished executable.

Search in specific areas of the file

Compiled programs have different areas within them that are used to store text. By default, strings searches the entire file for text. It’s like you’ve used that -a (all) possibility. Use the -d (Data) option.

strings -d jibber | less

Unless you have a compelling reason, you can also use the default setting and search the entire file.

Printing the string offset

We can have strings Print the offset from the beginning of the file where each string is located. Use the -o (Offset) option.

strings -o parse_phrases | less

The offset is in. specified Octal.

To display the offset in a different numeric base, e.g. For example, decimal or hexadecimal, use the -t (Radix) option. Must follow the radix option d (Decimal), x (hexadecimal), or o (Octal). Using -t o is the same as using -o.

strings -t d parse_phrases | less

The offsets are now printed in decimal.

strings -t x parse_phrases | less

The offsets are now printed in hexadecimal.

Including spaces

strings regards tabs and spaces as part of the found strings. Other spaces, such as line breaks and line breaks, are not treated as if they were part of the strings. the -w (whitespace) option causes strings to treat all whitespace characters as if they were part of the string.

strings -w add_data | less

In the output we see the blank line created by the (invisible) carriage return and the line break characters at the end of the second line.

We’re not limited to files

We can use strings with everything that is or can generate a byte stream.

With this command we can go through the random access memory (RAM) of our computer.

We have to use sudo because we are accessing / dev / mem. This is a drawing device file that contains an image of your computer’s main memory.

sudo strings /dev/mem | less

The listing is not all of the contents of your RAM. It’s only the strings that can be extracted from it.

What does “everything is a file” mean in Linux?

Search many files at the same time

Wildcards can be used to select groups of files to search. the * Character stands for multiple characters, and the ? Character stands for any single character. You can also specify many filenames on the command line.

We’re going to use a wildcard and search through all executable files in the / bin directory. Since the listing contains results from many files, we will use the -f (Filename) option. This will print the file name at the beginning of each line. We can then see in which file each string was found.

We pass the results through grepand look for any strings that contain the word copyright.

strings -f /bin/* | grep Copyright

We get a neat listing of the copyright instructions for each file in the / bin directory, with the name of the file at the beginning of each line.

Strings unraveled

Strings are no secret; it’s a typical Linux command. It does something very specific and it does it very well.

It’s another cog of Linux, and it doesn’t really come to life until it starts working with other commands. When you see it like it between binaries and other tools like grep, you are beginning to appreciate the functionality of this somewhat obscure command.

Linux commands
Filestar · pv · cat · tac · chmod · grep · difference · sed · With · man · pushed · popd · fsck · Test disk · seq · fd · pandoc · CD · $ PATH · awk · join · jq · wrinkles · unique · Journalctl · tail · stat · ls · fstab · echo · fewer · chgrp · chown · rev · look · Strings · Type · rename · Postal code · unzip · assemble · ummount · To install · fdisk · mkfs · rm · rmdir · rsync · df · gpg · weather · Nano · mkdir · from · ln · Patch · Convert · rclon · Scraps · srm
Processesalias · screen · above · kind · renice · progress · strace · system · tmux · chsh · story · at · Batch · for free · which · dmesg · chfn · User mod · ps · chroot · xargs · tty · pinkie finger · lsof · vmstat · Time out · Wall · Yes sir · kill · sleep · sudo · it is · Time · groupadd · User mod · groups · lshw · switch off · start anew · Stop · switch off · passwd · lscpu · crontab · date · bg · fg
Networkingnetstat · Ring · Trace route · ip · ss · who is · fail2ban · bmon · she · finger · nmap · ftp · curl · wget · who · who am I · w · iptables · ssh-keygen · ufw

Best Linux Laptops for Developers and Enthusiasts

Related Posts