Equivalent command to grep binary files

Question

I have a bunch of binaries and I know that inside these binaries there are strings I want to find.

I want to do a:

grep -lir "the string I am looking for"

and get a list of all binaries inside a particular directory that contain that string but grep -lir is apparently not working with these files.

Is there a command that can do this kind of search from terminal?

score 44 · Answer 1 · answered Jul 23 '15 at 21:05

44

The command strings will extract all ascii data from a file, if you then grep its output, you can search for your data:

strings <filename> | grep "search text"

answered Jul 23 '15 at 21:05

NZD

1,422

This should be the accepted answer. This binary is good fit for this task. – Vladislavs Dovgalecs Jul 23 '15 at 22:47
7

@xeon: It's not always good to use strings, read here for more details. – cuonglm Jul 24 '15 at 01:55
5

Since the goal is to determine which binaries contain the string, strings -f would be more appropriate. – jamesdlin Jul 24 '15 at 09:51
This is a better answer. – Xofo Dec 07 '17 at 03:28
the best answer. thanks a lot – acgbox Jul 09 '20 at 19:39

cuonglm · Accepted Answer · 2016-11-10T11:33:20.013

36

With GNU grep, you can use -a option to make it treats binary files as text files:

grep -ali -- string file

If your grep version does not support -a, you can use ack instead. With ack 1.x, you need to include -a option, with ack 2.x, you don't, since when searching include non-text file by default (only ignored non-text file when you did not specify any files).

edited Nov 10 '16 at 11:33

answered Jul 23 '15 at 17:52

cuonglm

153,898

Am I misreading ack's self-description? (in the manual) "ack 2.x will search through every regular, non-binary file that is not explicitly ignored [by blah blah]" So it sounds like ack 2.x should still stop reading a file early if the contents look binary. – Peter Cordes Jul 24 '15 at 04:09
1

@PeterCordes: That's occured when no files were selected. Try ack grep /bin/grep and you will get the result. I updated my answer to prevent confusing. – cuonglm Jul 24 '15 at 04:15
1

Try using the strings command to get the strings from your binary. – Uwe Burger Jul 24 '15 at 21:10

score 16 · Answer 3 · answered Jul 23 '15 at 21:22

Your question is about find binary files that contain a pattern (and we have already very good answers!). Complementary we may like to get the occurrences.

I often use

grep -aPo '.{0,20}pattern.{0,20}'  binfile

to get a surrounding context of 20-char.

score 0 · Answer 4 · answered Oct 10 '23 at 07:44

bgrep if lines don't necessarily fit into memory

I keep coming back to this random repo from time to time: https://github.com/tmbinc/bgrep Install:

curl -L 'https://github.com/tmbinc/bgrep/raw/master/bgrep.c' | gcc -O2 -x c -o $HOME/.local/bin/bgrep -

Use:

bgrep `printf %s saf | od -t x1 -An -v | tr -d '\n '` myfile.bin

Sample output:

myfile.bin: c80000003
\x02abc
myfile.bin: c80000007
dabc

I have tested it on files that don't fit into memory, and it worked just fine.

I've given further details at: Best way to grep a big binary file?

Equivalent command to grep binary files

4 Answers4

Linked