A really quick post this time to just take note of the strings tool which is part of the Binutils collection of binary tools

The strings tool allows you to print all printable characters in a given file or files. This can be very useful for a number of different tasks from extracting metadata from a file to retrieving a certain level of information from unknown executables such as what URLs it has contained within it.

So how to install it on your system.

Under Ubuntu or Debian

sudo apt-get install binutils

Under Gentoo

sudo emerge sys-devel/binutils

Now for a usage example lets say you have a PDF file if you do `strings mypdf.pdf` you will get output similar to this.

%PDF-1.3
1 0 obj
/Pages 2 0 R
/Type /Catalog
endobj
2 0 obj
/Type /Pages
/Kids [ 3 0 R ]
/Count 1
endobj
3 0 obj
/Type /Page
/Parent 2 0 R
/Resources <<
/XObject << /Im0 8 0 R >>
/ProcSet 6 0 R >>
/MediaBox [0 0 1075 720]
/CropBox [0 0 258 173]
/Contents 4 0 R
/Thumb 11 0 R
endobj
4 0 obj
/Length 5 0 R
stream
258 0 0 172.8 0 0 cm
/Im0 Do
endstream
endobj
5 0 obj
endobj
6 0 obj
[ /PDF /Text /ImageC ]
endobj
7 0 obj
endobj
8 0 obj
/Type /XObject
/Subtype /Image
/Name /Im0
/Filter [ /RunLengthDecode ]
/Width 1075
/Height 720
/ColorSpace 10 0 R
/BitsPerComponent 8
/Length 9 0 R
stream
endstream
endobj
9 0 obj
3096046
endobj
10 0 obj
/DeviceCMYK
endobj
11 0 obj
/Filter [ /RunLengthDecode ]
/Width 106
/Height 71
/ColorSpace 10 0 R
/BitsPerComponent 8
/Length 12 0 R
stream
endstream
endobj
12 0 obj
30105
endobj
13 0 obj
endobj
14 0 obj
30105
endobj
15 0 obj
endobj
16 0 obj
30105
endobj
17 0 obj
/Title (My PDF)
/CreationDate (D:20100310110120)
/ModDate (D:20100310110120)
/Producer (ImageMagick 6.4.5 2009-06-04 Q16 OpenMP http://www.imagemagick.org)
endobj
xref
0 18
0000000000 65535 f
0000000010 00000 n
0000000059 00000 n
0000000118 00000 n
0000000301 00000 n
0000000386 00000 n
0000000404 00000 n
0000000442 00000 n
0000000463 00000 n
0003096696 00000 n
0003096719 00000 n
0003096747 00000 n
0003126997 00000 n
0003127019 00000 n
0003127035 00000 n
0003127057 00000 n
0003127079 00000 n
0003127101 00000 n
trailer
/Size 18
/Info 17 0 R
/Root 1 0 R
startxref
3127298
%%EOF

As you can see you get quite a lot of information out of it follow that with a grep you can easily extract specific pieces of data. For example `strings mypdf.pdf | grep Title` will return.

/Title (My PDF)

Not terribly exciting I do appreciate but shows a quick example. Its one of these things that is damn useful when you need it and not terribly exciting the rest of the time.

Share this post

Leave a Reply

CAPTCHA (required) Time limit is exhausted. Please reload CAPTCHA.

This entry was posted on Friday, May 28th, 2010 at 11:44 and is filed under Life the Universe and Everything.