Geek Answers Handbook

Count the number of occurrences of binary data

Do I need to count the occurrences of the binary string 0xFF 0x84 0x03 0x07 in a binary file, without any extra hassle ... is there a quick way to grepping this data from the linux command line or should I write dedicated code to do this?

+4
source share
5 answers

If your version of grep accepts the -P option, you can use grep -a -P to search for an arbitrary binary string inside the binary. This is close to what you want:

 grep -a -c -P '\xFF\x84\x03\x07' myfile.bin

  • -a ensures that binaries are not skipped

  • -c prints a counter

  • -P indicates that your pattern is a Perl regular expression that allows you to contain strings of hexadecimal characters in the above \xNN format.

Unfortunately, grep -c will only count the number of "lines" the pattern appears on, even if it appears several times in a line. (I'm not sure why this would be a desirable feature).

To get the exact number of occurrences using grep , you need to do:

 grep -a -o -P '\xFF\x84\x03\x07' myfile.bin | wc -l

grep -o splits each match into its own line, and wc -l counts the lines. Note that this depends on the fact that your binary string does not contain strings.

+1
source

Have you tried grep -a ?

on grep man page:

 -a, --text Process a binary file as if it were text; this is equivalent to the --binary-files=text option.
0
source

use hexdump as

hexdump -v -e '"0x" 1/1 "%02X" " "' <filename> | grep -oh "0xFF 0x84 0x03 0x07" |wc -w

hexdump outputs a binary file in a given format such as 0xNN

grep will find all occurrences of the string, ignoring the ones that are repeated in the string

wc will give you the final score

0
source

What about:

 $ hexdump a.out | grep -Ec 'ff ?84 ?03 ?07'
0
source

This will not quite answer your question, but will solve the problem when the search string is ASCII, but the file is binary:

 cat binaryfile | sed 's/SearchString/SearchString\n/g' | grep -c SearchString

Basically, "grep" was almost there, except that it only took into account one event if there was no newline byte between them, so I added newline bytes.

0
source

More articles:


All Articles