What is hexadecimal dump
- On a computer, a hexadecimal dump is a hexadecimal view of the computer's data (on screen or paper), either from RAM or from a file or storage device
- Viewing hexadecimal data dumps is usually done as part of debugging or reverse engineering.
- In a hexadecimal dump, each byte (8 bits) is represented as a two-digit hexadecimal number.
- Hexadecimal dumps are usually organized into eight or hexadecimal rows, sometimes separated by spaces.
- Some hexadecimal dumps have hexadecimal memory addresses at the beginning or checksum bytes at the end of each line
- Some common names for this program function are hexdump, od, xxd, simple dump and even D.
hexdump
The hexdump command is generally used to view the hexadecimal encoding of binary files, but in fact it is used for more than that. The statement on the manual page is "ascii, decimal, hexadecimal, octal dump", which is why the title of this article calls "hexadecimal" "Given the cause, and it can view any file, not just binary files. There are also xxd and od that can do similar things, but I've never used them. When a program outputs a file in binary format, hexdump is often used to check if the output is correct. Of course, you can also use tools like UltraEdit32 on Windows to see the hexadecimal number of files." Code, but there are ready-made tools on Linux, so why not use them?
Example: Confirm the format of file text
Text files on different operating systems have different end-of-line flags, which often cause problems. For example, many commands on Linux do not handle DOS-formatted text files very well. Text files under Windows/DOS end with \r\n, while text files under Linux/Unix end with \n.
Example 1
[root@localhost oceanstar]# cat test.bc 123*321 123/321 scale=4;123/321 [root@localhost oceanstar]# hexdump -C test.bc 00000000 31 32 33 2a 33 32 31 0a 31 32 33 2f 33 32 31 0a |123*321.123/321.| 00000010 73 63 61 6c 65 3d 34 3b 31 32 33 2f 33 32 31 0a |scale=4;123/321.| 00000020
Note: Hexadecimal representation of common ASCII characters
- \r 0D
- \n 0A
- \t 09
- DOS/Windows line break\rn hexadecimal representation 0D 0A
- The line breakn for Linux/Unix is hexadecimal representation 0A (00000000 31 33 2A 33 32 31 0A 31 32 33 2F 33 32 31 0A |123*321.123/321. |)
Example 2
cat >test.txt ABCDEFGHIJKLMNODF12*DFDF
Parameter: -C, displays the characters in the file in hexadecimal and corresponding ASCII characters
[root@DB-Server ~]# hexdump -C test.txt 00000000 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 44 |ABCDEFGHIJKLMNOD| 00000010 46 31 32 2a 44 46 44 46 0a |F12*DFDF.| 00000019 //-n Set to output only the first n characters (ABCDE only) [root@DB-Server ~]# hexdump -C -n 5 test.txt 00000000 41 42 43 44 45 |ABCDE| 00000005 //The -s parameter is set to output after the nth character (no previous ABCDE output) [root@DB-Server ~]# hexdump -C -s 5 test.txt 00000005 46 47 48 49 4a 4b 4c 4d 4e 4f 44 46 31 32 2a 44 |FGHIJKLMNODF12*D| 00000015 46 44 46 0a |FDF.| 00000019
Parameter: -c, display the characters in the file as ASCII characters
//Line breaks can be output, which can be used to check whether a file is a Linux or Widows line break. [root@DB-Server ~]# hexdump -c test.txt 0000000 A B C D E F G H I J K L M N O D 0000010 F 1 2 * D F D F \n 0000019
Parameter: -b, display the characters in the file in octal
//One line shows 16 bytes, less than 16 bytes in test.txt is filled with the next line, and more than 16 bytes are displayed in a new line [root@DB-Server ~]# hexdump -b test.txt 0000000 101 102 103 104 105 106 107 110 111 112 113 114 115 116 117 104 0000010 106 061 062 052 104 106 104 106 012 0000019
Example: View binaries
Get ready
#include <stdio.h>
#include <stdlib.h>
int main() {
FILE *fp_in;
fp_in = fopen("test", "wb");
if (fp_in == NULL) {
printf("open test failed\n");
return -1;
}
else {
for (unsigned char i = 0; i < 100; i++) {
fwrite(&i ,sizeof(unsigned char), 1, fp_in);
}
fclose(fp_in);
}
return 0;
}
operation
Compile:
[root@localhost oceanstar]# g++ main.cpp -o main # Generate binary file test
cat View Files in Generated Files
[root@localhost oceanstar]# cat main
` /lib64/ld-linux-x86-64.so.2GNU GNU���9��������ne� GAZLSlibstdc++.so.6__gmon_start__libm.so.6libgcc_s.so.1libc.so.6fopenputsfclosefwrite__libc_start_mainGLIBC_2.2.57ui l�`` `(`0`8`H�H�U
H��t�sH���5B
�%D
@�%B
h������%:
h������%2
h������%*
h������%"
h������%�
f�1�I��^H��H���PTI��@H���@H��@������fD�O`UH-H`H��H��w]øH��t�]�H`����H`UH-H`H��H��H��H��?H�H��u]úH��t�]H�ƿH`����=m
uUH���~���]�Z
`H����]�{����s���UH��H���0@�3@�����H�E�H�}�u�8@�����������F�E��'H�U�H�E�H�Ѻ�H��������E����E��E�<cv�H�E�H���o�������AWA��AVI��AUI��ATL�%( UH�-( SL)�1�H��H������H��t�L��L��D��A��H��H9�u�H�[]A\A]A^A_Ðf.���H�H��wbtestopen test failed;0t���|����L�����T��������
zRx
�����*zRx
�$����`FJ
v �?;*3$"D%���{A�C
Dd����eB�E�E �E(�H0�H8�M@l8A0A(B BB������@�@)7
`���o�@`@�@ �@
x
`�@�@�@@@GCC: (GNU) 4.8.5 20150623 (Red Hat 4.8.5-36)GCC: (GNU) 4.8.5 20150623 (Red Hat 4.8.5-44)8@T@t@�@�@`@�@�@ @
@
�@
`�``@`D`��
`� @`@�0@. =(@Ob� @�@`�H`�(@��@e�D`�H`���D`@{�
�@crtstuff.c__JCR_LIST__deregister_tm_clones__do_global_dtors_auxcompleted.6355__do_global_dtors_aux_fini_array_entryframe_dummy__frame_dummy_init_array_entrymain.cpp__FRAME_END____JCR_END____GNU_EH_FRAME_HDR_GLOBAL_OFFSET_TABLE___init_array_end__init_array_start_DYNAMIC__libc_csu_fini__gmon_start__puts@@GLIBC_2.2.5fopen@@GLIBC_2.2.5__libc_start_main@@GLIBC_2.2.5_IO_stdin_used__data_start__TMC_END____dso_handle__libc_csu_init__bss_startfclose@@GLIBC_2.2.5fwrite@@GLIBC_2.2.5_edatamain.symtab.strtab.shstrtab.interp.note.ABI-tag.note.gnu.build-id.gnu.hash.dynsym.dynstr.gnu.version.gnu.version_r.rela.dyn.rela.plt.init.plt.got.text.fini.rodata.eh_frame_hdr.eh_frame.init_array.fini_array.jcr.dynamic.got.plt.data.bss.comment8@8#T@T 1t@t$D���o�@�N
�@��V`@`x^���o�@�k���o�@� z�B @ x��`�@`@D`D0DZ�H ��L@L4��@���
[root@localhost oceanstar]#
Format Output File
$ hexdump main 0000000 457f 464c 0102 0001 0000 0000 0000 0000 0000010 0002 003e 0001 0000 0530 0040 0000 0000 0000020 0040 0000 0000 0000 1a00 0000 0000 0000 0000030 0000 0000 0040 0038 0009 0040 001f 001e 0000040 0006 0000 0005 0000 0040 0000 0000 0000 0000050 0040 0040 0000 0000 0040 0040 0000 0000 0000060 01f8 0000 0000 0000 01f8 0000 0000 0000 0000070 0008 0000 0000 0000 0003 0000 0004 0000 0000080 0238 0000 0000 0000 0238 0040 0000 0000 0000090 0238 0040 0000 0000 001c 0000 0000 0000 00000a0 001c 0000 0000 0000 0001 0000 0000 0000 00000b0 0001 0000 0005 0000 0000 0000 0000 0000 00000c0 0000 0040 0000 0000 0000 0040 0000 0000 00000d0 0874 0000 0000 0000 0874 0000 0000 0000 00000e0 0000 0020 0000 0000 0001 0000 0006 0000 00000f0 0de0 0000 0000 0000 0de0 0060 0000 0000 0000100 0de0 0060 0000 0000 0264 0000 0000 0000 0000110 0268 0000 0000 0000 0000 0020 0000 0000 ...
Format the first 10 bytes of the output file
$ hexdump -n 10 test 0000000 0100 0302 0504 0706 0908 000000a
Format the first 80 bytes of the output file and display it in hexadecimal
$ hexdump -n 80 -C test 00000000 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f |................| 00000010 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f |................| 00000020 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f | !"#$%&'()*+,-./| 00000030 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d 3e 3f |0123456789:;<=>?| 00000040 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f |@ABCDEFGHIJKLMNO| 00000050
Formatted output 200 bytes starting at 30 and displayed in hexadecimal
$ hexdump -n 200 -C test -s 30 0000001e 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d |.. !"#$%&'()*+,-| 0000002e 2e 2f 30 31 32 33 34 35 36 37 38 39 3a 3b 3c 3d |./0123456789:;<=| 0000003e 3e 3f 40 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d |>?@ABCDEFGHIJKLM| 0000004e 4e 4f 50 51 52 53 54 55 56 57 58 59 5a 5b 5c 5d |NOPQRSTUVWXYZ[\]| 0000005e 5e 5f 60 61 62 63 |^_`abc| 00000064