How does bgrep work?

我与影子孤独终老i 提交于 2021-02-08 05:31:34

问题


I am studying the command bgrep found here. I run bgrep "fafafa" test_27.6.2015.bin | less -M on the the binary data called test_27.6.2015.bin but I get

test_27.6.2015.bin: 00005ee4
test_27.6.2015.bin: 0000bd3c

I would suspect to get matches containing the term fafafafa. Two matches is the correct amount of matches. These hex numbers are probably of some segment containing fafafafa.

How does bgrep form its search result?


回答1:


bgrep's search result are formatted this way:

printf("%s: %08llx\n", filename, (unsigned long long)(offset + o - len));

Hence, it displays the filename, and then the hex offset where the search string started, as illustrated here:

$ xxd test_27.6.2015.bin | grep 5ee0
0005ee0: 0c89 0c88 fafa fafa 585e 0000 fe5a 1eda  ........X^...Z..


来源:https://stackoverflow.com/questions/31135561/how-does-bgrep-work

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!