Home > Text Processing & Search > strings

strings: Extracting Strings from Binary Files

The `strings` command is a tool used to extract human-readable text strings from binary files (executables, libraries, etc.). It is useful for debugging programs, analyzing malware, or quickly checking the content of unknown files.

Overview

Binary files consist of 0s and 1s, which are directly executed by computers, and appear as garbled characters when opened with a standard text editor. The `strings` command finds and extracts sequences of 4 or more printable characters from these binary files as text. This allows you to identify useful information such as error messages, file paths, URLs, and configuration values embedded within binary files.

Key Features

The main features of the `strings` command are as follows:

  • Extracts human-readable strings from binary files.
  • By default, finds sequences of 4 or more printable characters.
  • Supports various character encodings (ASCII, UTF-16, etc.).
  • Useful for identifying library names or configuration information used by programs.

Applications of strings

strings can be used in various fields beyond simply inspecting files.

  • Malware Analysis: Extracts information such as C&C server addresses, filenames, and API calls from malware binaries.
  • Debugging: Finds error messages or debugging strings embedded in executable files to resolve issues.
  • Unknown File Analysis: When a file's extension is unclear, use strings to check its internal text and infer its nature.

Key Options

The main options for the `strings` command are grouped by purpose.

1) Extraction Options

2) Help

Generated command:

Try combining the commands.

Description:

`strings` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Learn the features of the `strings` command through various usage examples.

Extract basic strings from a binary file

strings /usr/bin/top

Extracts strings from the `/usr/bin/top` binary file using default settings (4 or more characters).

Extract only longer strings

strings -n 8 /usr/bin/top

Uses the `-n` option to extract only strings with 8 or more characters.

Output strings with hexadecimal offsets

strings -t x /usr/bin/top

Uses the `-t x` option to output each string along with its hexadecimal offset from the beginning of the file. Useful for binary analysis.

Use with pipe (|)

strings /usr/bin/top | grep error

Extracts and displays only strings containing 'error' from the `/usr/bin/top` file.

Extract UTF-16 encoded strings

strings -e l /path/to/binary

Uses the `-e` option to extract UTF-16 encoded strings. `l` means little-endian, and `b` means big-endian.

Installation

strings is part of the `binutils` package and is typically included by default in most Linux distributions. No separate installation is usually required.

Debian/Ubuntu

sudo apt update
sudo apt install -y binutils

RHEL/CentOS/Fedora

sudo dnf install -y binutils

Tips & Cautions

Here are some points to keep in mind when using the `strings` command.

Tips

  • `strings` provides much cleaner and more useful information from binary files than running `cat`. `cat` can output raw binary content and potentially corrupt your terminal.
  • Extracted strings may contain newlines or spaces, so piping them to tools like `grep` or `awk` for further processing can make them even more useful.

Related commands

These are commands that are functionally similar or are commonly used together.

cat

cat Command Guide: View and Concatenate File Contents

grep

Mastering the grep command

hexdump

hexdump: Output Hexadecimal Dump of a File

Same category commands

awk

Mastering the AWK Command: The Magician of Text Processing

cat

cat Command Guide: View and Concatenate File Contents

cmp

cmp: Compare two files byte by byte

column

column: Format text into columns

comm

comm: Compare common and unique lines of two sorted files