There is a unix executable file and I want to read the contents of that file. It is in an unreadable format and needs to be deciphered. It does not have any extension, when I do a cat of it on the terminal its in an unreadable format.
Is there any command that I can use to decipher it or any tool that can help. Please help.
You don't need to decipher it (unless it has some binary-level obfuscation because it's an IOCCC entry). You can disassemble it using otool -tv or objdump and read what the program inside does.)
If it's unreadable with cat then it's probably an executable format such as a.out or, more likely, ELF (though it could be a different format).
If your executable is xyzzy, you should be able to find out what type it is by using file xyzzy on it, such as with:
pax> file /bin/ls
/bin/ls: ELF 32-bit LSB executable, Intel 80386,
version 1 (SYSV), dynamically linked
(uses shared libs), for GNU/Linux 2.6.18,
stripped
That file format is well documented (such as starting from here) if you search the web, and there are tools like gcb, nm, readelf and objdump which can look inside it to varying degrees, but all it's likely to deliver to you is the raw assembly language. Getting back to easily-understandable source code will be very hard.
Related
I received a network traffic capture that is partitioned is several hundred of small .pcap files with the following format:
name.pcap#
where # is a numeration from 1 to 630.
Something like this:
name.pcap1,name.pcap2,name.pcap3,...,name.pcap630
I know that all of them are from one continue capture but it seems that was partitioned.
I don't have a lot experience working with wireshark, and this type of files are new for me. I don't know how to read them as one file.
I was wondering what can I do to resemble all of them in just one file?
Many thanks in advance,
I was wondering what can I do to resemble all of them in just one file?
At least with the current version of Wireshark, if you:
start Wireshark without opening a file - just directly start the application;
select all 630 of the files in Windows Explorer/File Explorer (Windows), the Finder (macOS), or whatever file manager you are using in the GUI (other UN*Xes - Linux, *BSD, Solaris, AIX, etc.);
drag them into Wireshark;
Wireshark should read all the files and combine them into a single file, showing you all the packets.
I tested this on macOS; I have not tested it on Windows or, for example, Ubuntu, but I suspect it would work.
Note that you must select all the files and drag them all in one operation; if you try to drag them one at a time, they won't be combined, Wireshark will just close the currently open one and open the file that you're dragging and dropping.
Alternatively, Wireshark includes mergecap, which is a tool that "merges two or more capture files into one".
It is a command-line tool, so you will have to use it on the command line (UN*X - Linux, macOS, *BSD, Solaris, AIX, etc. - or Windows).
The command would be something such as
mergecap name.pcap* -w merged.pcap
(on UN*Xs) or
mergecap.exe name.pcap* -w merged.pcap
if you were to run it while your command-line shell is in the directory (folder) in which the files are stored. This command will put a new file, named merged.pcap, in that directory.
You will have to make sure that the directory containing mergecap is in your command-line shell's search path, or will have to type the full pathname rather than just mergecap. (The .exe may not be necessary on Windows with some command-line shells, but it doesn't hurt, and may be necessary with other command-line shells.)
On most UN*Xes, mergecap will probably be in /usr/local/bin or /usr/bin, both of which are in the command-line shell search path by default.
On macOS, mergecap will probably be in /Applications/Wireshark.app/Contents/MacOS/; however, if, when you installed Wireshark, you chose to install the Wireshark command-line tools, it will also be in /usr/local/bin, which is, again, in the command-line shell search path by default.
On Windows, mergecap will probably be in C:\Windows\Program Files\Wireshark. That is probably not in the command-line shell search path by default. If you don't put it in your command-line shell search path, you will have to run a command such as
`"C:\Windows\Program Files\Wireshark\mergecap.exe" name.pcap* -w merged.pcap
Adding it to the command-line shell search path is a painful process, so it's probably easier just to use the full path.
You must include the quote characters (because there's a space in "Program Files").
My apology for the "newbie trouble" that I created for myself & apology for my poor command of computer lingo
I am running a Windows 7 laptop and have a big text file (~4Gb) that I need to find certain string.
Most programs in Windows 7 cannot handle the task (file too big to open in any program in the Microsoft suite), so I downloaded cygwin and tried to grep the specific string.
The problem is
(a) the 4 Gb file is stored in the desktop of my non-admin account.
(b) I assume cygwin runs in the admin account (although I use the desktop cygwin icon to launch the environment). The reason being that under cygwin, I see the handle A#Admin-THINK (running it on a Lenovo Thinkpad laptop)
grep the file of interest results in "No such file or directory"
I tried to find the path of the file (readlink, realpath) but guess the commands were not applicable here?
Also tried /home/A/file or /home/A/desktop/file but it is clear that my random guess fails.
From windows, the file should be in
C:/Users/non_admin/desktop/folder/file
What would be the right path of the file to grep the string using cygwin ?
You can use /cygdrive to access the Windows filesystem. In your case, try
grep foo /cygdrive/c/Users/non_admin/Desktop/folder/file
From windows, you can get the correct file path from the context menu item Copy as path into the copy/paste buffer.
In Cygwin mintty, use
FilePath=<paste>
where <paste> means to use paste from mintty's context menu to make a variable with the value of that path.
Then use
grep <string> $(cygpath -u "$FilePath")
to search the file. The "'s are in case the file name contains spaces.
HTH
I look at the source code of file and see
I run file script and see
ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV),
for GNU/Linux 2.6.9, dynamically linked (uses shared libs), not stripped
I recall that I have been able to read this binary as plain text sometimes and saw that it is filesystem dependent script.
However, I forgot how I did it.
The script is just splitting a file and just interested in what is the split pattern what it is using.
However, with those ^# signs it is difficult to make sense of it.
However, there are rather much text which you can read.
How can you visualize such a binary file better?
I would suggest to use the strings command:
strings script | less
Note that despite its name, script is not a script but a binary executable, as file shows.
Where does the Arduino IDE save the binaries on Mac OS X?
In the Arduino software: go to File -> Preferences and then select Show verbose output during -> compilation.
Finally, when you are compiling, the program will show you lots of data. At the last lines, you will find the path1 to the .hex file.
1Every time the path changes!
Arduino 1.6.5 has a new command: Under the Sketch menu, select Export compiled Binary, then Show Sketch Folder. There it is.
Arduino IDE uses the mktemp command to create the temp directory on Mac and Linux. However, on Mac the default $TMPDIR env var is not /tmp/ as it is on Linux. On Mac it's under /var/folders and it is randomly generated on boot. That complicates things a little, but here are tricks you can add to your toolkit (as aliases, functions, shell scripts, etc.) to help you find what you need.
To find the hex files
find $TMPDIR -name \*.hex -exec ls -lrt {} \; #<-- you need that backslash before and space after the semicolon
To find build directories
ls -ldrt $TMPDIR/build*
NOTE: The ls flags of r and t cause the listing to be "reverse" sorted by "time" respectively. This means that the newest will be on the bottom.
What UDalillu said. The trick also works on Windows. On XP it ended up in C:\Documents and Settings\Your_User_Name\Local Settings\Temp\buildxxxxx\ (the xxx number changes for each build, pick the most recent).
The arduino web page http://arduino.cc/en/Hacking/BuildProcess
described
During a "Verify" the .hex file is written to /tmp (on Mac and Linux) or \Documents and Settings\\Local Settings\Temp (on Windows)
I am using fedora19 64bit, and when i check my /tmp the build directory created is
/tmp/build8102....tmp/
I made a simple tutorial here with images
It is very beautifully explained in the following blog
Where to find Arduino Hex files or Output Binaries
I hope this helps :)
I usually work on visual c++ 2010 for creating console applications as programming problems. There is this submission which requires me to give the source for the file "Makefile" by some command in unix environment
all:
g++ program.cc -o program
since i don't use unix and have never created a "makefile". I don't know how to make this submission. I have read about a makefile which is supposed to give the directions dependencies etc for compiling the program. I am using the header files iostream string and iterator in the program. i have tried the "all:" command . The bash returns command not found.
Can someone help me with this submission? The code is ready but the only thing stopping for submitting is this "makefile". please include the shell commands as well.
You're missing newline and two tabs (yes, you read right, not spaces) after the all: line, something like this:
all:
g++ helloworld.cc -o helloworld
To invoke make, type make in the directory with the Makefile. Dependencies on system headers are usually not considered, if your code has just one file, you can safely ignore that.