Grep on a binary file

canduc17 · September 17, 2010, 6:15am

Hi everyone.

I have a binary file in wich there is a date with format DDMMMYY, for example 02May09.

I can see it opening this file with vim: inside a binary mess, I can clearly read that string.

Now: do you know a way to extract this string from the file?
I woul like to do something like

grep "Jan | Feb | ... | Dec" binaryFile

Thanks in advance.

Scott · September 17, 2010, 6:22am

Hi.

Perhaps with strings ?

strings binaryFile | grep -E "Jan|Feb|..."

canduc17 · September 17, 2010, 6:39am

Yeah, great!

I'm almost done.

The remaining problem is that this date is on the same line with a lot of other stuff and when I launch your command, the whole line is retrieved.
I obtain only the date with

strings binaryFile | grep -E "Sep" | awk '{ print $21 }'

because there are only strings, separated by blanks or tabs.

But I have a lot of those file to parse...what if this date is not always at position 21?

Is there a way to generalize it?

john1212 · September 17, 2010, 7:51am

Try:

sed -n 's/[0-9][0-9]Jan\|Feb\|...Sep\|Oct\|Nov\|Dec[0-9][0-9]/&/g'

canduc17 · September 17, 2010, 8:01am

Excuse me, but I don't understand how to use your command.
I've tryed

strings binaryFile | sed -n 's/[0-9][0-9]Jan\|Feb\|Mar\|Apr\|Jun\|Jul\|Aug\|Sep\|Oct\|Nov\|Dec\[0-9][0-9]/&/g'

and several other combination with the commands above, but it didn't works...
Could you please post the complete command?

john1212 · September 17, 2010, 8:11am

cat binaryFile | sed -n 's/[0-9][0-9]Jan\|Feb\|...Sep\|Oct\|Nov\|Dec[0-9][0-9]/&/g'

It can don't work if line is too long, can be error. lenght from newline to newline.
some distribution sed no do:

\|

you can do:

cat binaryFile | sed -n 's/[0-9][0-9]Jan[0-9][0-9]/&/g';'s/[0-9][0-9]Feb[0-9][0-9]/&/g';'s/[0-9][0-9]Mar[0-9][0-9]/&/g'

your try is good too:

strings binaryFile | sed -n 's/[0-9][0-9]Jan[0-9][0-9]/&/g';'s/[0-9][0-9]Feb[0-9][0-9]/&/g';'s/[0-9][0-9]Mar[0-9][0-9]/&/g'

canduc17 · September 17, 2010, 8:20am

user@localhost ~ $ cat binaryFile | sed -n 's/[0-9][0-9]Jan\|Feb\|Mar\|Apr\|Jun\|Jul\|Aug\|Sep\|Oct\|Nov\|Dec\[0-9][0-9]/&/g'
user@localhost ~ $ strings binaryFile | sed -n 's/[0-9][0-9]Jan\|Feb\|Mar\|Apr\|Jun\|Jul\|Aug\|Sep\|Oct\|Nov\|Dec\[0-9][0-9]/&/g'
user@localhost ~ $ strings binaryFile | sed -n 's/[0-9][0-9]Sep[0-9][0-9]/&/g'
user@localhost ~ $

No errors reported, but it doesn't work...
If possible, the simpler way is to use this (which works):

user@localhost ~ $ strings binaryFile | grep -E "Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec" | awk '{ print $21 }'
09Sep09
candini@MEEO-office-007 ~ $

but instead to use "print $21", use a parametric "print $(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)".

But I don't know how to implement something like that...

ygemici · September 17, 2010, 8:24am

# cat infile
02May09 test data echo "this is a test" \^$$%$#%# May
test data echo "this is a test" \^$$%$#% 02Jul10 #
test data echo 02Aug11 "this is a test" \^$$%$

for i in Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
do
strings infile | sed -n "s/.*\([0-9][0-9]$i[0-9][0-9]\).*/\1/p"; done
02May09
02Jul10
02Aug11

canduc17 · September 17, 2010, 8:34am

user@localhost ~ $ for I in Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec ; do strings binaryFile | sed -n "s/.*\([0-9][0-9]${I}[0-9][0-9]\).*/\1/p" ; done
09Sep09
user@localhost ~ $

It works, but it's really slow...5 seconds to obtain the results.
I know, Bash is not C, but is there something faster?
No one knows the solution using awk as I suggested in my previous post?

strings binaryFile | grep -E "Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec" | awk '{ print $(variable with month inside) }'

john1212 · September 17, 2010, 8:36am

Of course:
CODE]cat binaryFile | sed -n 's/[0-9][0-9]Jan\|Feb\|Mar[0-9][0-9]/&/gp'[/CODE]

frans · September 17, 2010, 8:43am

What gives the following?

strings binaryFile | grep -Eo "[0-9]+Sep[0-9]+"

ygemici · September 17, 2010, 8:44am

strings infile | grep -Eo '[0-9][0-9]May[0-9][0-9]|[0-9][0-9]Jul[0-9][0-9]|[0-9][0-9]Aug[0-9][0-9]'
02May09
02Jul10
02Aug11

canduc17 · September 17, 2010, 8:59am

@john1212

user@localhost ~ $ cat binaryFile | sed -n 's/[0-9][0-9]Jan\|Feb\|Mar[0-9][0-9]/&/g/p'
sed: expression -e #1, char 40: `s' option unknown
user@localhost ~ $ strings binaryFile | sed -n 's/[0-9][0-9]Jan\|Feb\|Mar[0-9][0-9]/&/g/p'
sed: expression -e #1, char 40: `s' option unknown
user@localhost ~ $

@Frans

user@localhost ~ $ strings binaryFile | grep -Eo "[0-9]+Sep[0-9]+"
09Sep09
user@localhost ~ $

Great, it works!
How could I add the other 11 months?

---------- Post updated at 07:59 AM ---------- Previous update was at 07:53 AM ----------

Thanks ygemici!
This works perfectly:

user@localhost ~ $ strings binaryFile | grep -Eo '[0-9][0-9]Jan[0-9][0-9]|[0-9][0-9]Feb[0-9][0-9]|[0-9][0-9]Mar[0-9][0-9]|[0-9][0-9]Apr[0-9][0-9]|[0-9][0-9]May[0-9][0-9]|[0-9][0-9]Jun[0-9][0-9]|[0-9][0-9]Jul[0-9][0-9]|[0-9][0-9]Aug[0-9][0-9]|[0-9][0-9]Sep[0-9][0-9]|[0-9][0-9]Oct[0-9][0-9]|[0-9][0-9]Nov[0-9][0-9]|[0-9][0-9]Dec[0-9][0-9]'
09Sep09
user@localhost ~ $

And it is also very fast.

Frans, if you're still there, I'm interested in your solution also!

frans · September 17, 2010, 9:05am

You can combine both (ygeminici's and mine)

strings binaryFile | grep -Eo '[0-9]+Jan[0-9]+|[0-9]+Feb[0-9]+|[0-9]+Mar[0-9]+|[0-9]+Apr[0-9]+|[0-9]+May[0-9]+|[0-9]+Jun[0-9]+|[0-9]+Jul[0-9]+|[0-9]+Aug[0-9]+|[0-9]+Sep[0-9]+|[0-9]+Oct[0-9]+|[0-9]+Nov[0-9]+|[0-9]+Dec[0-9]+'

or try this one:

strings binaryFile | grep -Eo '[0-9][0-9][A-Z][a-z][a-z][0-9][0-9]'

canduc17 · September 17, 2010, 9:15am

user@localhost ~ $ strings binaryFile | grep -Eo '[0-9][0-9][A-Z][a-z][a-z][0-9][0-9]'
09Sep09
user@localhost ~ $

This is definitely the best one: simple, fast and elegant.

Thank you so much guys!