A really quick post this time to just take note of the strings tool which is part of the Binutils collection of binary tools
The strings tool allows you to print all printable characters in a given file or files. This can be very useful for a number of different tasks from extracting metadata from a file to retrieving a certain level of information from unknown executables such as what URLs it has contained within it.
So how to install it on your system.
Under Ubuntu or Debian
sudo apt-get install binutils
Under Gentoo
sudo emerge sys-devel/binutils
Now for a usage example lets say you have a PDF file if you do `strings mypdf.pdf` you will get output similar to this.
%PDF-1.3 1 0 obj /Pages 2 0 R /Type /Catalog endobj 2 0 obj /Type /Pages /Kids [ 3 0 R ] /Count 1 endobj 3 0 obj /Type /Page /Parent 2 0 R /Resources << /XObject << /Im0 8 0 R >> /ProcSet 6 0 R >> /MediaBox [0 0 1075 720] /CropBox [0 0 258 173] /Contents 4 0 R /Thumb 11 0 R endobj 4 0 obj /Length 5 0 R stream 258 0 0 172.8 0 0 cm /Im0 Do endstream endobj 5 0 obj endobj 6 0 obj [ /PDF /Text /ImageC ] endobj 7 0 obj endobj 8 0 obj /Type /XObject /Subtype /Image /Name /Im0 /Filter [ /RunLengthDecode ] /Width 1075 /Height 720 /ColorSpace 10 0 R /BitsPerComponent 8 /Length 9 0 R stream endstream endobj 9 0 obj 3096046 endobj 10 0 obj /DeviceCMYK endobj 11 0 obj /Filter [ /RunLengthDecode ] /Width 106 /Height 71 /ColorSpace 10 0 R /BitsPerComponent 8 /Length 12 0 R stream endstream endobj 12 0 obj 30105 endobj 13 0 obj endobj 14 0 obj 30105 endobj 15 0 obj endobj 16 0 obj 30105 endobj 17 0 obj /Title (My PDF) /CreationDate (D:20100310110120) /ModDate (D:20100310110120) /Producer (ImageMagick 6.4.5 2009-06-04 Q16 OpenMP http://www.imagemagick.org) endobj xref 0 18 0000000000 65535 f 0000000010 00000 n 0000000059 00000 n 0000000118 00000 n 0000000301 00000 n 0000000386 00000 n 0000000404 00000 n 0000000442 00000 n 0000000463 00000 n 0003096696 00000 n 0003096719 00000 n 0003096747 00000 n 0003126997 00000 n 0003127019 00000 n 0003127035 00000 n 0003127057 00000 n 0003127079 00000 n 0003127101 00000 n trailer /Size 18 /Info 17 0 R /Root 1 0 R startxref 3127298 %%EOF
As you can see you get quite a lot of information out of it follow that with a grep you can easily extract specific pieces of data. For example `strings mypdf.pdf | grep Title` will return.
/Title (My PDF)
Not terribly exciting I do appreciate but shows a quick example. Its one of these things that is damn useful when you need it and not terribly exciting the rest of the time.
Recent Comments