问题
I am studying the command bgrep found here.
I run bgrep "fafafa" test_27.6.2015.bin | less -M
on the the binary data called test_27.6.2015.bin but I get
test_27.6.2015.bin: 00005ee4
test_27.6.2015.bin: 0000bd3c
I would suspect to get matches containing the term fafafafa. Two matches is the correct amount of matches. These hex numbers are probably of some segment containing fafafafa.
How does bgrep form its search result?
回答1:
bgrep's search result are formatted this way:
printf("%s: %08llx\n", filename, (unsigned long long)(offset + o - len));
Hence, it displays the filename, and then the hex offset where the search string started, as illustrated here:
$ xxd test_27.6.2015.bin | grep 5ee0
0005ee0: 0c89 0c88 fafa fafa 585e 0000 fe5a 1eda ........X^...Z..
来源:https://stackoverflow.com/questions/31135561/how-does-bgrep-work