xxd工具虽然不能直接修改二进制文件,但xxd -r参数可把Hexdump文本转成二进制内容。convert (or patch) hexdump into binary.
因此,对于要修改的二进制文件,可以先转为Hexdump文本,再通过xxd -r命令把Hexdump文本转为二进制文件。
[mycc@wen*z:~]$ xxd file1.binary
0000000: 1234 0001 0000 0000 2022 0103 9900 000c .4...... "......
0000010: 22f9 0100 0041 3106 1992 6741 3106 1992 "....A1...gA1...
0000020: 6700 00f7 0100 001f 0933 0900 0000 0310 g........3......
0000030: 4800 0000 7156 0559 71fb 0102 2c01 0130 H...qV.Yq...,..0
[mycc@wen*z:~]$ xxd file1.binary > file1.txt
[mycc@wen*z:~]$ vi file1.txt
[mycc@wen*z:~]$ cat file1.txt
0000000: abcd 0001 0000 0000 2022 0103 9900 000c .4...... "......
0000010: 22f9 0100 0041 3106 1992 6741 3106 1992 "....A1...gA1...
0000020: 6700 00f7 0100 001f 0933 0900 0000 0310 g........3......
0000030: 4800 0000 7156 0559 71fb 0102 2c01 0130 H...qV.Yq...,..0
[mycc@wen*z:~]$ xxd -r file1.txt file1.binary
[mycc@wen*z:~]$ xxd file1.binary
0000000: abcd 0001 0000 0000 2022 0103 9900 000c ........ "......
0000010: 22f9 0100 0041 3106 1992 6741 3106 1992 "....A1...gA1...
0000020: 6700 00f7 0100 001f 0933 0900 0000 0310 g........3......
0000030: 4800 0000 7156 0559 71fb 0102 2c01 0130 H...qV.Yq...,..0
xxd修改二进制文件示例
2.1查看二进制文件
[mycc@wen*z:~]$ xxd file1.binary
0000000: 1234 0001 0000 0000 2022 0103 9900 000c .4...... "......
0000010: 22f9 0100 0041 3106 1992 6741 3106 1992 "....A1...gA1...
0000020: 6700 00f7 0100 001f 0933 0900 0000 0310 g........3......
0000030: 4800 0000 7156 0559 71fb 0102 2c01 0130 H...qV.Yq...,..0
2.2.查看指定字节数量内容:-l参数表示长度
xxd -l 32 file1.binary 查看前32个字节
[mycc@wen*z:~]$ xxd -l 32 file1.binary
0000000: 1234 0001 0000 0000 2022 0103 9900 000c .4...... "......
0000010: 22f9 0100 0041 3106 1992 6741 3106 1992 "....A1...gA1...
2.3查看指定偏移位置后的内容:-s参数表示偏移位置(从0开始),当值为负数时为从尾向前数偏移
xxd -s 16 file1.binary 查看从16字节开始的内容
[mycc@wen*z:~]$ xxd -s 16 file1.binary
0000010: 22f9 0100 0041 3106 1992 6741 3106 1992 "....A1...gA1...
0000020: 6700 00f7 0100 001f 0933 0900 0000 0310 g........3......
0000030: 4800 0000 7156 0559 71fb 0102 2c01 0130 H...qV.Yq...,..0
xxd -s -16查看最后16字节内容
[mycc@wen*z:~]$ xxd -s -16 file1.binary
0000030: 4800 0000 7156 0559 71fb 0102 2c01 0130 H...qV.Yq...,..0
2.4 限定每行输出的字节数:-c 参数,限定每行字节数量
xxd -c 8 file1.binary查看内容,每行8字节
[mycc@wen*z:~]$ xxd -c 8 file1.binary
0000000: 1234 0001 0000 0000 .4......
0000008: 2022 0103 9900 000c "......
0000010: 22f9 0100 0041 3106 "....A1.
0000018: 1992 6741 3106 1992 ..gA1...
0000020: 6700 00f7 0100 001f g.......
0000028: 0933 0900 0000 0310 .3......
0000030: 4800 0000 7156 0559 H...qV.Y
0000038: 71fb 0102 2c01 0130 q...,..0
2.5以纯Hex字符输出:-p参数表示无空格,无序号,无ascii格式部分
xxd -p file.binary
[mycc@wen*z:~]$ xxd -p file1.binary
1234000100000000202201039900000c22f9010000413106199267413106
1992670000f70100001f0933090000000310480000007156055971fb0102
2c010130
2.6将二进制文件内容转为C语言内容:-i参数
xxd -i file1.binary将二进制文件内容转为c数组,这在某些测试过程中是有用的
[mycc@wen*z:~]$ xxd -i file1.binary
unsigned char file1_binary[] = {
0x12, 0x34, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x20, 0x22, 0x01, 0x03,
0x99, 0x00, 0x00, 0x0c, 0x22, 0xf9, 0x01, 0x00, 0x00, 0x41, 0x31, 0x06,
0x19, 0x92, 0x67, 0x41, 0x31, 0x06, 0x19, 0x92, 0x67, 0x00, 0x00, 0xf7,
0x01, 0x00, 0x00, 0x1f, 0x09, 0x33, 0x09, 0x00, 0x00, 0x00, 0x03, 0x10,
0x48, 0x00, 0x00, 0x00, 0x71, 0x56, 0x05, 0x59, 0x71, 0xfb, 0x01, 0x02,
0x2c, 0x01, 0x01, 0x30
};
unsigned int file1_binary_len = 64;
2.7综合利用上面参数示例
xxd -p -s 16 -l 32 -c 8 file1.binary 偏移16字节,输出32个字节内容,每行输出8字节,以纯Hex方式显示
[mycc@wen*z:~]$ xxd -p -s 16 -l 32 -c 8 file1.binary
22f9010000413106
1992674131061992
670000f70100001f
0933090000000310
xxd --help
[mycc@wen*z:~]$ xxd --help
Usage:
xxd [options] [infile [outfile]]
or
xxd -r [-s [-]offset] [-c cols] [-ps] [infile [outfile]]
Options:
-a toggle autoskip: A single '*' replaces nul-lines. Default off.
-b binary digit dump (incompatible with -ps,-i,-r). Default hex.
-c cols format <cols> octets per line. Default 16 (-i: 12, -ps: 30).
-E show characters in EBCDIC. Default ASCII.
-g number of octets per group in normal output. Default 2.
-h print this summary.
-i output in C include file style.
-l len stop after <len> octets.
-ps output in postscript plain hexdump style.
-r reverse operation: convert (or patch) hexdump into binary.
-r -s off revert with <off> added to file positions found in hexdump.
-s [+][-]seek start at <seek> bytes abs. (or +: rel.) infile offset.
-u use upper case hex letters.
-v show version: "xxd V1.10 27oct98 by Juergen Weigert".