在我的 Mac 中,我有这个二进制“文件” /dev/disk0s1(512GB实际上是根据 AFPS 的驱动器或卷macOS),我需要找到这个十六进制序列(以 ASCII0x41, 0x50, 0x53, 0x42表示APSB)。
与 类似hexdump,我想控制移位(起点)和要分析的字节数。
这里有一些相关问题:问题和这个问题。也许grep或sed可以工作macOS,但我不知道如何使用它作为我的问题。
sh-3.2# hexdump -n 4096 -Cv /dev/disk0s1 -s 0
00000000 8d 1c 09 48 65 8c 3c 6e 01 00 00 00 00 00 00 00 |...He.<n........|
00000010 bd 04 00 00 00 00 00 00 01 00 00 80 00 00 00 00 |................|
00000020 4e 58 53 42 00 10 00 00 00 f4 01 00 00 00 00 00 |NXSB............|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000040 02 00 00 00 00 00 00 00 a8 8d 96 da 5a 95 46 e6 |............Z.F.|
00000050 82 3e fb 1e 40 7d 3e 79 16 04 00 00 00 00 00 00 |.>..@}>y........|
00000060 be 04 00 00 00 00 00 00 10 00 00 00 84 04 00 00 |................|
00000070 01 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 |................|
00000080 0a 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 |................|
000000a0 34 1e 00 00 00 00 00 00 01 04 00 00 00 00 00 00 |4...............|
000000b0 00 00 00 00 04 00 00 00 02 04 00 00 00 00 00 00 |................|
000000c0 06 04 00 00 00 00 00 00 08 04 00 00 00 00 00 00 |................|
000000d0 0a 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000130 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
当模式匹配时,我想知道距文件开头的偏移量(以十六进制表示)。搜索应在第一个匹配后停止。
提前致谢
答案1
“grep”应该可以工作。我的 Linux 发行版支持二进制文件。以八进制表示值,前面带有反斜杠和 0。
出色地。 POSIX 不允许您指定“-b offset”。如果您想使用 grep,则必须安装它。这是“unix.stackexchange.com”,所以我认为我的指令是合法的,并且反对是对手册页的抗议。我(和其他人)确实还有其他担忧。