5+ “strings” Command Usage Examples in Linux

«
»

This tutorial explains Linux “strings” command, options and its usage with examples.

strings – print the strings of printable characters in files.

Description :

advertisement

For each file given, GNU strings prints the printable character sequences that are at least 4 characters long (or the number given with the options below) and are followed by an unprintable character. By default, it only prints the strings from the initialized and loaded sections of object files; for other types of files, it prints the strings from the whole file.

strings is mainly useful for determining the contents of non-text files.

Usage :

strings [-afov] [-min-len] [-n min-len] [–bytes=min-len] [-t radix] [–radix=radix] [-e encoding] [–encoding=encoding] [-] [–all] [–print-file-name] [–target=bfdname] [–help] [–version] file…

advertisement
advertisement

Options :

-a, –all
Do not scan only the initialized and loaded sections of object files; scan the whole files.
-f, –print-file-name
Print the name of the file before each string.
–help
Print a summary of the program usage on the standard output and exit.
-min-len, -n min-len, –bytes=min-len
Print sequences of characters that are at least min-len characters long, instead of the default 4.
-o
Like -t o. Some other versions of strings have -o act like -t d instead. Since we can not be compatible with both ways, we simply chose one.
-t radix, –radix=radix
Print the offset within the file before each string. The single character argument specifies the radix of the offset—o for octal, x for hexadecimal, or d for decimal.
-e encoding, –encoding=encoding
Select the character encoding of the strings that are to be found. Possible values for encoding are: s = single-7-bit-byte characters (ASCII, ISO 8859, etc., default), S = single-8-bit-byte characters, b = 16-bit bigendian, l = 16-bit littleendian, B = 32-bit bigendian, L = 32-bit littleendian. Useful for finding wide character strings.
–target=bfdname
Specify an object code format other than your system’s default format.
-v, –version
Print the program version number on the standard output and exit.

Examples :

1. Display printable characters from an object file

advertisement

Let us create a sample object file of a C code as shown below.

$ cat welcome.c
# include <stdio.h>
 
main()
{
 char a[]="strings program";
 printf("Welcome to tutorial\n");
 system("ls");
 printf("%s",a);
}

Create an object file for the above code as shown below.

 
$ cc -o welcome welcome.c

Let us assume that we want to search for the string “welcome” in the above object file. If we do a search using grep command, it will give you whether the binary file matches the given string or not. i.e Grep output on binary files will not show you the exact matched words.

advertisement

Unlike grep command, strings command will list all the printable characters from binary file.

The following code snippet displays the difference between doing a grep and strings on a binary file.

$ grep "Welcome" welcome
Binary file welcome matches
 
$ strings welcome
/lib64/ld-linux-x86-64.so.2
__gmon_start__
libc.so.6
puts
printf
system
__libc_start_main
GLIBC_2.2.5
l$ L
t$(L
|$0H
Welcome to tutorial
strings program

Using strings command, you will be able to view all the printable strings from the binary file. The above C source code, calls the system command, to execute the Unix ls command.

2. Search for user defined number of characters

advertisement

If we want to search for this “ls” string, we’ll not get anything as shown below.

$ strings welcome | grep ls
$

By default strings command will be looking for sequences of at least 4 printable characters that are terminated by a NULL character.

To change the total number of characters that needs to be searched in the binary files, use option -n as shown below, which tells strings command to return strings which are at least the number of that integer in length.

The following example searches for ls from the object file.

$ strings -n 2 welcome | grep ls
ls

3. Search the entire Binary file for a specific String

By default strings command displays the printable character only from the data segment of the object file. If we want to search the full file, we should use strings -a option as shown below.

# strings -a welcome
/lib64/ld-linux-x86-64.so.2
__gmon_start__
libc.so.6
puts
printf
system
__libc_start_main
GLIBC_2.2.5
l$ L
t$(L
|$0H
Welcome to tutorial
strings program
.
.
.
__libc_csu_init
__bss_start
_end
_edata
main
_init

Note: Strings command reads the value of the environment variable TK_STRINGS_DEFAULT_SECTIONS, which indicates which sections has to be searched for printable characters. If TK_STRINGS_DEFAULT_SECTIONS variable is empty, it uses only data segment by default. The following values can be given for the TK_STRINGS_DEFAULT_SECTIONS variable.

TEXT read only code and static strings
DATA initialized data
BSS uninitialized data
SYM symbol table
RELT read only code and static strings
RELD initialized data
STACK function call stack

4. Find out application details from a binary file by searching it’s content

Strings command is frequently used for looking through the executables to uncover copyright notices, error messages, undocumented features and so on.

For example, we can search for the copyright information in a Linux executable as shown below.

$ strings /bin/ls | grep Copyright
Copyright %s %d Free Software Foundation, Inc.

5. Print Text Strings from Executable Files with Offset

When ywe get the printable characters with offset, it will be useful to identify which portion/location of the file has these strings. -o option with strings command displays each string with its octal offset within the file as shown below.

$ strings -o welcome
   1000 /lib64/ld-linux-x86-64.so.2
   1361 __gmon_start__
   1400 libc.so.6
   1412 puts
   1417 printf
   1426 system
   1435 __libc_start_main
   1457 GLIBC_2.2.5
   3011 l$ L
   3016 t$(L
   3023 |$0H
   3170 Welcome to tutorial
   3226 strings program

6. Use Strings Command on Multiple Binary Files

Strings command accepts multiple files and displays the printable strings for all the given files. If we use grep command on the strings output of multiple files, the output will be meaningful where we’ll get a file name and matched strings as shown below.

$ strings -f /bin/* | grep Copy
/bin/rpm: Copyright (C) 1998-2002 - Red Hat, Inc.
/bin/sed: Copyright (C) 2003 Free Software Foundation, Inc.
/bin/sh: Copyright (C) 2005 Free Software Foundation, Inc.
/bin/dbus-cleanup-sockets: Copyright (C) 2003 Red Hat, Inc.
/bin/dbus-cleanup-sockets: Copyright (C) 2002 Michael Meeks
/bin/dbus-daemon: Copyright (C) 2002, 2003 Red Hat, Inc., CodeFactory AB, and others

Sanfoundry Global Education & Learning Series – 1000 Linux Tutorials.

If you wish to look at all Linux commands and their usage examples, go to Linux Commands Tutorial.

Participate in the Sanfoundry Certification contest to get free Certificate of Merit. Join our social networks below and stay updated with latest contests, videos, internships and jobs!
advertisement
advertisement
Manish Bhojasia, a technology veteran with 20+ years @ Cisco & Wipro, is Founder and CTO at Sanfoundry. He is Linux Kernel Developer & SAN Architect and is passionate about competency developments in these areas. He lives in Bangalore and delivers focused training sessions to IT professionals in Linux Kernel, Linux Debugging, Linux Device Drivers, Linux Networking, Linux Storage, Advanced C Programming, SAN Storage Technologies, SCSI Internals & Storage Protocols such as iSCSI & Fiber Channel. Stay connected with him @ LinkedIn | Youtube | Instagram | Facebook | Twitter