hexgrep: versatile binary data search tool

Xyne · 2013-08-26 05:35:02

Introduction

I was playing around with Higan and needed a way to find values in the dumped memory files to create codes. dhex and the other hex editors that I tried just weren't versatile enough when searching for values. I found hgrep and bgrep, but neither of them were particularly versatile either.

At first I wrote a simple script in Python but I soon realized that I could make something much more generic. I think this will be useful for anyone who needs to find sequences of bytes in binary data.

So, I give you hexgrep.

Project Page

http://xyne.archlinux.ca/projects/hexgrep/

hexgrep is a command-line tool for searching for byte sequences in binary data. The tool implements its own simplified query language that supports inequalities and wild cards. Values may be given in decimal, hexadecimal, octal or string format, and the formats may be freely mixed. Multibyte values are supported and their byte translation can be controlled with the endianness flag.

Example

Find all instances of "p" followed by "man" with up to 20 bytes between in the pacman binary file:

$ hexgrep /p '#<=20'  /man -f /usr/bin/pacman -c
007b2e 70 61 63 6d 61 6e
007c27 70 61 63 6d 61 6e
007c64 70 61 63 c7 40 10 75 70 67 2f c6 40 14 00 48 89 08 48 b9 6d 61 6e
007c6b 70 67 2f c6 40 14 00 48 89 08 48 b9 6d 61 6e
008783 70 61 63 48 ba 6d 61 6e
013a6d 70 61 63 6d 61 6e
013a7e 70 61 63 6d 61 6e
013a94 70 61 63 6d 61 6e
013e56 70 61 63 6d 61 6e
0148a7 70 61 63 6d 61 6e
0148b4 70 61 63 6d 61 6e
014989 70 61 63 6d 61 6e
017ddb 70 61 63 6b 61 67 65 20 6d 61 6e

With colored output (shown on the project page), the matched bytes are highlighted, which is very useful when you have multiple wildcards in a sequence. See the project page for more examples.

Feedback

Feedback is welcome as always. In particular, if anyone has suggestions for improving the code, please feel free to share.

Arch Linux

#1 2013-08-26 05:35:02