This tutorial explains Linux “strings” command, options and its usage with examples.
Description :
For each file given, GNU strings prints the printable character sequences that are at least 4 characters long (or the number given with the options below) and are followed by an unprintable character. By default, it only prints the strings from the initialized and loaded sections of object files; for other types of files, it prints the strings from the whole file.
strings is mainly useful for determining the contents of non-text files.
Usage :
strings [-afov] [-min-len] [-n min-len] [–bytes=min-len] [-t radix] [–radix=radix] [-e encoding] [–encoding=encoding] [-] [–all] [–print-file-name] [–target=bfdname] [–help] [–version] file…
Options :
-a, –all
Do not scan only the initialized and loaded sections of object files; scan the whole files.
-f, –print-file-name
Print the name of the file before each string.
–help
Print a summary of the program usage on the standard output and exit.
-min-len, -n min-len, –bytes=min-len
Print sequences of characters that are at least min-len characters long, instead of the default 4.
-o
Like -t o. Some other versions of strings have -o act like -t d instead. Since we can not be compatible with both ways, we simply chose one.
-t radix, –radix=radix
Print the offset within the file before each string. The single character argument specifies the radix of the offset—o for octal, x for hexadecimal, or d for decimal.
-e encoding, –encoding=encoding
Select the character encoding of the strings that are to be found. Possible values for encoding are: s = single-7-bit-byte characters (ASCII, ISO 8859, etc., default), S = single-8-bit-byte characters, b = 16-bit bigendian, l = 16-bit littleendian, B = 32-bit bigendian, L = 32-bit littleendian. Useful for finding wide character strings.
–target=bfdname
Specify an object code format other than your system’s default format.
-v, –version
Print the program version number on the standard output and exit.
Examples :
1. Display printable characters from an object file
Let us create a sample object file of a C code as shown below.
$ cat welcome.c # include <stdio.h> main() { char a[]="strings program"; printf("Welcome to tutorial\n"); system("ls"); printf("%s",a); }
Create an object file for the above code as shown below.
$ cc -o welcome welcome.c
Let us assume that we want to search for the string “welcome” in the above object file. If we do a search using grep command, it will give you whether the binary file matches the given string or not. i.e Grep output on binary files will not show you the exact matched words.
Unlike grep command, strings command will list all the printable characters from binary file.
The following code snippet displays the difference between doing a grep and strings on a binary file.
$ grep "Welcome" welcome Binary file welcome matches $ strings welcome /lib64/ld-linux-x86-64.so.2 __gmon_start__ libc.so.6 puts printf system __libc_start_main GLIBC_2.2.5 l$ L t$(L |$0H Welcome to tutorial strings program
Using strings command, you will be able to view all the printable strings from the binary file. The above C source code, calls the system command, to execute the Unix ls command.
2. Search for user defined number of characters
If we want to search for this “ls” string, we’ll not get anything as shown below.
$ strings welcome | grep ls $
By default strings command will be looking for sequences of at least 4 printable characters that are terminated by a NULL character.
To change the total number of characters that needs to be searched in the binary files, use option -n as shown below, which tells strings command to return strings which are at least the number of that integer in length.
The following example searches for ls from the object file.
$ strings -n 2 welcome | grep ls ls
3. Search the entire Binary file for a specific String
By default strings command displays the printable character only from the data segment of the object file. If we want to search the full file, we should use strings -a option as shown below.
# strings -a welcome /lib64/ld-linux-x86-64.so.2 __gmon_start__ libc.so.6 puts printf system __libc_start_main GLIBC_2.2.5 l$ L t$(L |$0H Welcome to tutorial strings program . . . __libc_csu_init __bss_start _end _edata main _init
Note: Strings command reads the value of the environment variable TK_STRINGS_DEFAULT_SECTIONS, which indicates which sections has to be searched for printable characters. If TK_STRINGS_DEFAULT_SECTIONS variable is empty, it uses only data segment by default. The following values can be given for the TK_STRINGS_DEFAULT_SECTIONS variable.
TEXT read only code and static strings
DATA initialized data
BSS uninitialized data
SYM symbol table
RELT read only code and static strings
RELD initialized data
STACK function call stack
4. Find out application details from a binary file by searching it’s content
Strings command is frequently used for looking through the executables to uncover copyright notices, error messages, undocumented features and so on.
For example, we can search for the copyright information in a Linux executable as shown below.
$ strings /bin/ls | grep Copyright Copyright %s %d Free Software Foundation, Inc.
5. Print Text Strings from Executable Files with Offset
When ywe get the printable characters with offset, it will be useful to identify which portion/location of the file has these strings. -o option with strings command displays each string with its octal offset within the file as shown below.
$ strings -o welcome 1000 /lib64/ld-linux-x86-64.so.2 1361 __gmon_start__ 1400 libc.so.6 1412 puts 1417 printf 1426 system 1435 __libc_start_main 1457 GLIBC_2.2.5 3011 l$ L 3016 t$(L 3023 |$0H 3170 Welcome to tutorial 3226 strings program
6. Use Strings Command on Multiple Binary Files
Strings command accepts multiple files and displays the printable strings for all the given files. If we use grep command on the strings output of multiple files, the output will be meaningful where we’ll get a file name and matched strings as shown below.
$ strings -f /bin/* | grep Copy /bin/rpm: Copyright (C) 1998-2002 - Red Hat, Inc. /bin/sed: Copyright (C) 2003 Free Software Foundation, Inc. /bin/sh: Copyright (C) 2005 Free Software Foundation, Inc. /bin/dbus-cleanup-sockets: Copyright (C) 2003 Red Hat, Inc. /bin/dbus-cleanup-sockets: Copyright (C) 2002 Michael Meeks /bin/dbus-daemon: Copyright (C) 2002, 2003 Red Hat, Inc., CodeFactory AB, and others
Sanfoundry Global Education & Learning Series – 1000 Linux Tutorials.
- Check Linux Books
- Practice Programming MCQs
- Check Information Technology Books
- Apply for Programming Internship