Hexdump notes

This post was written by eli on October 7, 2015
Posted Under: Linux,Software

General notes

For plain byte-per-byte hex dump,

$ hexdump -C

To dump a limited number of bytes, use the -n flag:

$ hexdump -C -n 64 /dev/urandom
00000000  9c 72 b0 43 da 6e 27 2f  f9 f1 34 06 60 d5 71 ad  |.r.C.n'/..4.`.q.|
00000010  cc 07 89 02 f7 f9 5f 85  f6 ba a5 24 cc 9f 2d d5  |......_....$..-.|
00000020  6d da 5b 91 a6 23 d4 94  51 1d 96 a7 5c 34 1a 48  |m.[..#..Q...\4.H|
00000030  6e 13 d4 3a 54 5d c5 c4  7b 1e f3 7b 6f 84 af 8b  |n..:T]..{..{o...|
00000040

And possibly add the -v flag so that repeated lines are printed out explicitly

$ hexdump -C -n 64 /dev/zero
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000040
$ hexdump -C -v -n 64 /dev/zero
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000040

Hexdump scripting

Hexdump has a somewhat weird one-liner scripting syntax. It consists of the -e flag(s) followed by a string, which must be enclosed in a single quote signs. Within this string, there may be several double quotes containing formatting info. Probably, the only way to really figure this out is trying some examples.

  • Everything in the expression runs as a loop.
  • n/m (n and m are integers) means n times consume m bytes regarding the expression following immediately.
  • If there is more than one -e, they consume the same data for each -e
  • %08_ax is the data offset in hex. Also try “%10_ad: ” for decimal position.
  • Anything not interpreted is printed (a bit like printf). That includes, of course, “\n”.
  • For editing hex data, ghex can be handy

Scripting examples

Print out the input as 32-bit hex integers, one per line:

$ hexdump -v -e '1/4 "%08x " "\n"'

Same, but as 32-bit decimal numbers:

$ hexdump -v -e '1/4 "%08d " "\n"'

Dump mouse raw motion data, three bytes per line, each as a hex number:

$ hexdump -v -e '3/1 "%02x " "\n"' /dev/input/mice

Like “hexdump -C”, only explicitly:

$ hexdump -e '"%08_ax " 16/1 "%02x "' -e '" |" 16/1 "%_p" "|\n"'

The manpage offers a lot more detail on this.

Add a Comment

required, use real name
required, will not be published
optional, your blog address

Next Post: