strings command

 

strings

Purpose

The strings command is used to extract and display readable text (ASCII or Unicode strings) from binary files, such as executables, object files, or core dumps.

It’s very useful to:

  • Find hidden text or messages inside compiled programs or data files

  • Inspect binaries for debugging or reverse engineering

  • Check what libraries, error messages, or paths a binary uses

🧩 Basic Syntax

strings [options] filename

If used without options, strings prints all readable text sequences of 4 or more characters found in the file.

🧪 Example 1: Using strings on an Executable

Suppose you have a compiled C program:

gcc -o hello hello.c

Now run:

strings hello

Example Output:

/lib64/ld-linux-x86-64.so.2
libc.so.6
Hello, world!
printf
__libc_start_main
GLIBC_2.2.5

🧩 Explanation:

  • It shows text strings inside the binary file.

  • You can see library names (libc.so.6), system paths, and even your program’s output string ("Hello, world!").

🧪 Example 2: Using strings on Any File

You can also run it on a non-text file:

strings image.png | head

This will display readable text within the image file, such as:

  • File metadata

  • Author name

  • Software used to create the image

🧩 Example 3: Searching for Specific Strings

Combine strings with grep to find specific text patterns.

strings a.out | grep "error"

This filters and shows only lines containing the word “error”.

🧩 Example 4: Minimum String Length

By default, strings prints sequences of 4 or more characters.
You can change this with the -n option:

strings -n 6 myfile

This will print only strings 6 characters or longer.

🧩 Example 5: Show Offset of Each String

strings -t d myfile

This prints the byte offset (in decimal) where each string occurs in the file.

Example output:

1234 Hello
2056 File not found
4120 /usr/lib/libc.so

Here, the numbers represent the positions in the binary file where each string starts.

🧩 Example 6: Reading from Standard Input

You can pipe data into strings:

cat myfile | strings

🧾 Useful Options Summary

OptionDescription
-a            Scan the entire file (default)
-n <number>            Minimum string length (default = 4)
-t <format>            Print offset (format: d=decimal, o=octal, x=hex)
-e <encoding>            Specify character encoding (e.g., s=single-byte, l=16-bit little-endian)
-f            Print the filename before each string (useful with multiple files)

🧠Summary

  • It demonstrates how executables and binary files still contain human-readable data.

  • Helps students see the difference between source code and compiled output.

  • Useful for understanding binary inspection, debugging, and security basics.

  • Builds a foundation for reverse engineering concepts later in the course.

🧪 Simple Lab Exercise

Task:

  1. Write a C program that prints a message and compile it:

    #include <stdio.h>
int main() {
    printf("Operating System Lab Test\n");
    return 0;
}

    gcc -o test test.c

  2. Use the strings command:

    strings test | grep "Operating"

  3. Observe how your program’s message appears inside the compiled binary.

Comments

Post a Comment

Popular posts from this blog

Operating Systems OS Lab PCCSL407 Semester 4 KTU BTech CS 2024 Scheme - Dr Binu V P

 About Me Scheme and Syllabus Learn about the Linux Operating system Before You Start Learn The Operating System Theory Experiments 1.Familiarisation of Basic commands for OS programming     ps      top     strace      fuser      time     gdb     strings     objdump     nm     file     od     xxd 2.Use /proc file system to gather basic information about your machine: (a) Number of CPU cores (b) Total memory and the fraction of free memory (c) Number of processes currently running. (d) Number of processes in the running and blocked states. (e) Number of processes forked since the last bootup. How do you compare this value with the one in (c) above? (f) The number of context switches performed since the last bootup for a particular process. 3. Measuring process execution time Write a simple program to print the system time and exe...
Read more

Exploring the /proc file system

  Experiment: Exploring the /proc Filesystem 🎯 Aim: To use the /proc virtual filesystem to gather system information related to CPU, memory, and process statistics . Theory: The /proc directory is a virtual filesystem that provides an interface to kernel data structures . It does not contain real files on disk — instead, it provides real-time system information such as: CPU details Memory usage Process states Kernel parameters Each running process has its own directory under /proc (e.g., /proc/1 , /proc/2 , etc.), containing files that describe its current status. Tasks and Commands (a) Number of CPU Cores Command: grep -c ^processor /proc/cpuinfo Explanation: /proc/cpuinfo lists details of each logical CPU. Each CPU entry starts with the line processor : <number> . grep -c counts how many lines match processor , i.e., how many cores/logical CPUs are available. Sample Output: 4 ➡️ Means the system has 4 CPU cores . (b) Tot...
Read more

ps command

  ps (Process Status) Purpose The ps command is used to display information about the currently running processes on a system. It shows details such as process ID (PID) , terminal association , CPU usage , memory usage , and the command that started the process . Basic Syntax ps [options] If used without any options, ps displays only the processes running in the current terminal session . Common Examples 1. Basic Usage ps Output Example: PID TTY TIME CMD 1234 pts/0 00 :00:00 bash 1456 pts/0 00 :00:01 ps Explanation: PID: Process ID — unique number assigned to each process TTY: Terminal type (e.g., pts/0 → pseudo terminal) TIME: Total CPU time used by the process CMD: Command that started the process 2. View All Processes ps -e or ps -A Shows all processes running on the system (not just your terminal). 3. Detailed Information ps -f Output Example: UID PID PPID C STIME TTY TIME CMD u...
Read more