"Grep-ing" from A to B in hexdump's output

Question

Here is the situation: I have to find in the output from an hexdump the bytes between a string A and a string B. The structure of the hexdump is something like:

-random bytes
-A + useful bytes + B
-random bytes
-A + useful bytes + B
-random bytes

And now, the questions: - Is it possible to grep "from A to B"? I haven't seen anything like that in the man page or in the internet. I know i can do it manually, but I need to script it. - Is it possible to show the hexdump output without the line numbers? It seems very reasonable, but I haven't found the way to do it.

Thanks!

score 1 · Answer 1 · edited May 23 '17 at 12:27

You can use Perl-like lookaround assertions to match everything between A and B, not including A and B:

$ echo 'TEST test A foo bar B test' | grep -oP '(?<=A).*(?=B)'
 foo bar

However, taking Michael's answer into account, you'll have to convert the hexdump output to a single string to use grep. You can strip off the 'line numbers' on your way:

hexdump filename | sed -r 's/\S{5,}//g' | tr '\n' ' '

or better

hexdump filename | cut -d ' ' -f 2- | tr '\n' ' '

Now everything is on one line, so grep has to be lazy, not greedy:

$ echo 'TEST test A foo bar B test A bar foo B test' | grep -oP '(?<=A).*?(?=B)'
 foo bar 
 bar foo

But Michael has a point, maybe you should use something more high-level, at least if you need to do it more than once.

P.S. If you are OK with including A and B in the match, just do

$ echo 'TEST test A foo bar B test A bar foo B test' | grep -oP 'A.*?B'
A foo bar B
A bar foo B

score 0 · Answer 2 · answered May 08 '12 at 17:48

grep the program only works on one line at a time; you won't be able to get it to work intelligently on a hex dump.

my suggestion: use the regex functionality in perl or ruby or your favorite scripting language, to grep the raw binary data for the string. This example in ruby:

ARGF.read.force_encoding("BINARY").scan(/STR1(.*?)STR2/);

This will produce an array containing all the binary strings between occurences of STR1 and STR2. From there you could run each one through hexdump(1).

"Grep-ing" from A to B in hexdump's output

2 Answers2