LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 08-03-2007, 06:14 AM   #1
son_t
Member
 
Registered: Sep 2006
Posts: 49

Rep: Reputation: 15
WinHex and od


I am looking at some binary data on a hard disk.

On Windows XP with WinHex I get this:
Code:
000000432   00 00 00 00 00 00 00 00  00 00 00 00 AF 00 00 00   
000000448   00 04 00 00 00 00 60 B5  00 00 00 00 AF 00 10 00   
000000464   08 00 00 00 00 00 00 00  00 04 00 00 AF 00 70 B5
000000480   A0 00 00 00 00 00 00 00  08 04 00 00 00 00 70 B5
000000496   00 00 00 00 00 00 00 00  00 00 00 00 AA 55 00 00
On Linux (Debian) and Mac OS X (Darwin), I get this:
Code:
$ dd if=/dev/disk1 bs=1 skip=0 count=1024|od -x
0000660      0000    0000    0000    0000    0000    0000    00af    0000
0000700      0400    0000    0000    b560    0000    0000    00af    0010
0000720      0008    0000    0000    0000    0400    0000    00af    b570
0000740      00a0    0000    0000    0000    0408    0000    0000    b570
0000760      0000    0000    0000    0000    0000    0000    55aa    0000
0001000      0000    0000    0000    0000    0000    0000    0000    0000
The questions are:
1. Why is the byte order displayed differently...
2. Why are the offsets different?

The WinHex data is presumed correct and so the Linux side is the puzzling aspect. Am I using dd and od correctly?

Any clues appreciated...

Last edited by son_t; 08-03-2007 at 06:19 AM.
 
Old 08-03-2007, 07:35 AM   #2
Hko
Senior Member
 
Registered: Aug 2002
Location: Groningen, The Netherlands
Distribution: ubuntu
Posts: 2,530

Rep: Reputation: 110Reputation: 110
Note how the offsets from windows addup nicely with 16 each row, and how thisisn't the case with you Linux od output.

Are you sure you're actually looking at the very same data from windows and linux?

Last edited by Hko; 08-03-2007 at 07:41 AM.
 
Old 08-03-2007, 07:37 AM   #3
son_t
Member
 
Registered: Sep 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Hko
Are you sure you're actually looking at the very same data from windows and linux?
Yes definitely.
 
Old 08-03-2007, 08:08 AM   #4
dgar
Member
 
Registered: Jun 2005
Location: Candia, NH
Distribution: Ubuntu, FC, RHE3, RHE4, CentOS
Posts: 121

Rep: Reputation: 15
I suspect it's the windows HAL.
 
Old 08-03-2007, 08:12 AM   #5
Hko
Senior Member
 
Registered: Aug 2002
Location: Groningen, The Netherlands
Distribution: ubuntu
Posts: 2,530

Rep: Reputation: 110Reputation: 110
Quote:
Originally Posted by son_t
Yes definitely.
Hmm, OK. But still: looking at the offset's, it seems the second line from you od output is missing.

Anyway. The default formatting and radix settings of 'od' are just different from WinHex's output format.

Like, WinHex uses decimal offsets, while od user octal (by default). WinHex print's byte-by-byte and od in byte-pairs (which, I conclude from this, are endian-dependant).

After having a look at the info-page (more comprehensive than the man-page), I found how to get a "WinHex"-compatible output from 'od':
Code:
dd if=/dev/disk1 bs=1 skip=0 count=1024|od -Ad -tx1
Alternatively you could use 'hexdump' instead of 'od':
Code:
dd if=/dev/disk1 bs=1 skip=0 count=1024|hexdump -C
This hexdump example does not give the "WinHex"-compatible output though. But hexdump's output is more configurable than od's. so, this should be 'fixable' if you want to use hexdump.

Last edited by Hko; 08-03-2007 at 08:15 AM.
 
Old 08-03-2007, 08:56 AM   #6
Hko
Senior Member
 
Registered: Aug 2002
Location: Groningen, The Netherlands
Distribution: ubuntu
Posts: 2,530

Rep: Reputation: 110Reputation: 110
I couldn't let it go :-)
Here how to get the WinHex-like output from hexdump:
Code:
dd if=/dev/disk1 bs=1 skip=0 count=1024 | hexdump -e '"%09_ad   " 16/1 "%02x " "\n"'
(take care with the space, single and double quotes)
 
Old 08-03-2007, 09:13 AM   #7
Lothar Schwab
LQ Newbie
 
Registered: Aug 2007
Location: Minnesota, USA
Distribution: Lubuntu
Posts: 19

Rep: Reputation: 2
I have a little alias definition in my .bashrc that
gives me a hex dump output much like WinHex:
alias "hd=od -Ax -tx1z -v"
 
Old 08-04-2007, 12:31 AM   #8
son_t
Member
 
Registered: Sep 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Many thanks for your answers. I will try it out and I am certain it is formatting in od too - I just didn't know how to do it. Now I do
 
Old 08-06-2007, 03:55 AM   #9
son_t
Member
 
Registered: Sep 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Hko
I couldn't let it go :-)
Here how to get the WinHex-like output from hexdump:
Code:
dd if=/dev/disk1 bs=1 skip=0 count=1024 | hexdump -e '"%09_ad   " 16/1 "%02x " "\n"'
(take care with the space, single and double quotes)
Many thanks Hko - that is perfect! I wonder if you can also give me a hexdump line to swap the byte order too? Please?

I think I need a dword(?) byte swap, so that 01 02 03 04 looks like 04 03 02 01:
Code:
000000432   00 00 00 00 00 00 00 00  00 00 00 00 AF 00 00 00   
000000448   00 04 00 00 00 00 60 B5  00 00 00 00 AF 00 10 00   
000000464   08 00 00 00 00 00 00 00  00 04 00 00 AF 00 70 B5
000000480   A0 00 00 00 00 00 00 00  08 04 00 00 00 00 70 B5
000000496   00 00 00 00 00 00 00 00  00 00 00 00 AA 55 00 00
becomes this:
Code:
000000432   00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 AF   
000000448   00 00 04 00 B5 60 00 00  00 00 00 00 00 10 00 AF   
000000464   00 00 00 08 00 00 00 00  00 00 04 00 b5 70 70 AF
000000480   00 00 00 a0 00 00 00 00  00 00 04 08 b5 70 00 00
000000496   00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 AA
At the moment I am piping the output through awk:
Code:
dd if=/dev/disk1 bs=1 skip=0 count=1024 | hexdump -e '"%09_ad   " 16/1 "%02x " "\n"' | awk '{print $1 " " $5 $4 " " $3 $2 " " $9 $8 " " $7 $6 " " $13 $12 " " $11 $10 " " $17 $16 " " $15 $14}'
and it does the trick for me but if hexdump and byte swap then using that would be ideal...
Quote:
Originally Posted by Lothar Schwab
I have a little alias definition in my .bashrc that
gives me a hex dump output much like WinHex:
alias "hd=od -Ax -tx1z -v"
Thanks for this, might come in handy but it doesn't remove all the empty lines and the offsets are in hex...

Last edited by son_t; 08-06-2007 at 04:06 AM.
 
Old 08-06-2007, 06:23 AM   #10
Hko
Senior Member
 
Registered: Aug 2002
Location: Groningen, The Netherlands
Distribution: ubuntu
Posts: 2,530

Rep: Reputation: 110Reputation: 110
Quote:
Originally Posted by son_t
I think I need a dword(?) byte swap, so that 01 02 03 04 looks like 04 03 02 01:
This is what you're asking?:
Code:
dd if=/dev/disk1 bs=1 skip=0 count=1024 | hexdump -e '"%09_ad   " 8/4 "%08x " "\n"'
 
Old 08-06-2007, 07:27 AM   #11
son_t
Member
 
Registered: Sep 2006
Posts: 49

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Hko
This is what you're asking?:
Code:
dd if=/dev/disk1 bs=1 skip=0 count=1024 | hexdump -e '"%09_ad   " 8/4 "%08x " "\n"'
Ooh! so close, I get this:
Code:
000000000   00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
*
000000416   00000000 00000000 00000000 00000000 00000000 00000000 00000000 000000af
000000448   00000400 b5600000 00000000 001000af 00000008 00000000 00000400 b57000af
000000480   000000a0 00000000 00000408 b5700000 00000000 00000000 00000000 000055aa
000000512   00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
*
I need it just 16 bytes wide, the above is 32 bytes (?)
 
  


Reply

Tags
od


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration