码迷,mamicode.com
首页 > 系统相关 > 详细

linux命令 xxd

时间:2019-04-22 00:13:01      阅读:251      评论:0      收藏:0      [点我收藏+]

标签:creat   lines   nop   max   bre   relative   osi   数组   param   

xxd,能够查看linux下文件的二进制表示。man一下xxd。能够得到下面信息

NAME
       xxd - make a hexdump or do the reverse.


SYNOPSIS
       xxd -h[elp]
       xxd [options] [infile [outfile]]
       xxd -r[evert] [options] [infile [outfile]]


DESCRIPTION
       xxd  creates  a hex dump of a given file or standard input.  It can also convert a hex dump back to its original binary form.  Like uuencode(1) and uudecode(1) it allows the
       transmission of binary data in a `mail-safe‘ ASCII representation, but has the advantage of decoding to standard output.  Moreover, it can be used  to  perform  binary  file
       patching.


OPTIONS
       If no infile is given, standard input is read.  If infile is specified as a `-‘ character, then input is taken from standard input.  If no outfile is given (or a `-‘ charac‐
       ter is in its place), results are sent to standard output.


       Note that a "lazy" parser is used which does not check for more than the first option letter, unless the option is followed by a parameter.  Spaces between a  single  option
       letter and its parameter are optional.  Parameters to options can be specified in decimal, hexadecimal or octal notation.  Thus -c8, -c 8, -c 010 and -cols 8 are all equiva‐
       lent.


       -a | -autoskip
              toggle autoskip: A single ‘*‘ replaces nul-lines.  Default off.


       -b | -bits
              Switch to bits (binary digits) dump, rather than hexdump.  This option writes octets as eight digits "1"s and "0"s instead of a normal hexadecimal dump. Each line  is
              preceded by a line number in hexadecimal and followed by an ascii (or ebcdic) representation. The command line switches -r, -p, -i do not work with this mode.


       -c cols | -cols cols
              format <cols> octets per line. Default 16 (-i: 12, -ps: 30, -b: 6). Max 256.


       -E | -EBCDIC
              Change  the character encoding in the righthand column from ASCII to EBCDIC.  This does not change the hexadecimal representation. The option is meaningless in combi‐
              nations with -r, -p or -i.


       -g bytes | -groupsize bytes
              separate the output of every <bytes> bytes (two hex characters or eight bit-digits each) by a whitespace.  Specify -g 0 to suppress grouping.  <Bytes> defaults  to  2
              in normal mode and 1 in bits mode.  Grouping does not apply to postscript or include style.


       -h | -help
              print a summary of available commands and exit.  No hex dumping is performed.

      -i | -include
              output in C include file style. A complete static array definition is written (named after the input file), unless xxd reads from stdin.


       -l len | -len len
              stop after writing <len> octets.


       -p | -ps | -postscript | -plain
              output in postscript continuous hexdump style. Also known as plain hexdump style.


       -r | -revert
              reverse operation: convert (or patch) hexdump into binary.  If not writing to stdout, xxd writes into its output file without truncating it. Use the combination -r -p
              to read plain hexadecimal dumps without line number information and without a particular column layout. Additional Whitespace and line-breaks are allowed anywhere.


       -seek offset
              When used after -r: revert with <offset> added to file positions found in hexdump.


       -s [+][-]seek
              start at <seek> bytes abs. (or rel.) infile offset.  + indicates that the seek is relative to the current stdin file  position  (meaningless  when  not  reading  from
              stdin).   - indicates that the seek should be that many characters from the end of the input (or if combined with +: before the current stdin file position).  Without
              -s option, xxd starts at the current file position.


       -u     use upper case hex letters. Default is lower case.


       -v | -version
              show version string.

 

举例说明:

比方有以下这个文件叫proces_watch,假设记不住选项也没什么关系

1)、由于有些文件比較大,假设直接xxd 。那么刷屏刷的你也看不到你想要的。能够结合一下more命令进行查看

即 

xxd 输入文件  |  more

这个时候,就能够一屏一屏的查看!

!!

2)、命令选项 -l。能够查看从文件起始查看多少个字节。比如查看前16个字节的内容

能够例如以下

xxd -l 长度 输入文件

 

root@user-virtual-machine:/tftpboot# xxd -l 16 process_watch
0000000: 7f45 4c46 0101 0103 0400 0000 0000 0000  .ELF............


3)、假设,这样的显示风格看着不舒服,能够使用 -g 选项,选择分组字节数,默觉得2

 

root@user-virtual-machine:/tftpboot# xxd -g1 -l 16 process_watch

 

0000000: 7f 45 4c 46 01 01 01 03 04 00 00 00 00 00 00 00  .ELF............

 

4)、假设想把输入文件,定位成一个数组形式。那么选择 -i选项

 

root@user-virtual-machine:/tftpboot# xxd -i process_watch | more
unsigned char process_watch[] = {
  0x7f, 0x45, 0x4c, 0x46, 0x01, 0x01, 0x01, 0x03, 0x04, 0x00, 0x00, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x28, 0x00, 0x01, 0x00, 0x00, 0x00,
  0x20, 0xf6, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x02, 0x00, 0x00, 0x04, 0x34, 0x00, 0x20, 0x00, 0x02, 0x00, 0x28, 0x00,
  0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x00, 0x80, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x7f, 0x7e, 0x00, 0x00,
  0x7f, 0x7e, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00,
  0x01, 0x00, 0x00, 0x00, 0x60, 0x2e, 0x00, 0x00, 0x60, 0x2e, 0x02, 0x00,
  0x60, 0x2e, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  0x06, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0xf2, 0xa0, 0xad, 0xd4,
  0x55, 0x50, 0x58, 0x21, 0x7c, 0x08, 0x0d, 0x17, 0x00, 0x00, 0x00, 0x00,
  0x40, 0x87, 0x01, 0x00, 0x40, 0x87, 0x01, 0x00, 0x34, 0x01, 0x00, 0x00,
  0x92, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0xf9, 0x7f, 0x45, 0x4c,
  0x46, 0x01, 0x64, 0x00, 0x3f, 0x02, 0x00, 0x28, 0x00, 0x7e, 0x0d, 0xbc,


5)、假设想从文件某个偏移量開始显示数据。须要用的-s选项。即s=seek

root@user-virtual-machine:/tftpboot# xxd -g1 -s 16 -l 16 process_watch
0000010: 02 00 28 00 01 00 00 00 20 f6 00 00 34 00 00 00  ..(..... ...4...



 

linux命令 xxd

标签:creat   lines   nop   max   bre   relative   osi   数组   param   

原文地址:https://www.cnblogs.com/aerfa828/p/10747698.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!