Is there any linux command to extracts all the ascii strings from an executable or other binary file? I suppose I could do it with a grep, but I remember hearing somewhere that such a command existed?
Asked
Active
Viewed 1.5e+01k times
6 Answers
96
The command you are looking for is strings
Its name is quite self-explanatory, it retrieves any printable string from a given file.
man strings gives:
STRINGS(1)
NAME
strings - find the printable strings in a object, or other binary, fileSYNOPSIS
strings [ - ] [ -a ] [ -o ] [ -t format ] [ -number ] [ -n number ] [--] [file ...]
drAlberT
- 11,099
21
The strings command is the way to go for this particular type of problems. Sometimes you also have to pipe it out to grep.
For example:
strings somebinaryfile | grep textuwanttofind
luis.espinal
- 519
- 3
- 6
4
A problem with using strings is that you don't see surrounding non printables and you have to be careful with the minimum string length.
A problem using
od -c FILEor
hexdump -C FILEis that a sequence can be difficult to find if it wraps a line.
Something I like a lot for this is ZTreeWin running in WINE on Linux - you can do a lot with it but the searching in any file or editing binaries can be particularly useful.
The awesome ytree package is available for many Linux and Unix variants and has a good Hex dump view of any file but doesn't have the search that ZTreeWin (and its 16bit predecessor, XTree) have.
qeff
- 41
2
If strings is not available (like with git-bash on Windows) - try something like this:
tr -d -c '[:print:]\n'
Explanation: Delete (-d) all characters other than printable and newline.
Complement (-c): gives the opposite/inverse of the translate character list. In this case all non-printable non-newline characters.
Reference for the tr (translate) command: https://www.gnu.org/software/coreutils/manual/html_node/tr-invocation.html
Similar answer from Stack Overflow: https://stackoverflow.com/a/55360597/226625
Mister_Tom
- 506