Issue
I have a memory dump file, I can view it in sublime in hexadecimal format and it looks like the following:
7f45 4c46 0201 0100 0000 0000 0000 0000
0400 3e00 0100 0000 0000 0000 0000 0000
4000 0000 0000 0000 a003 2900 0000 0000
0000 0000 4000 3800 1600 4000 1800 1700
0400 0000 0400 0000 1005 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
I'm writing a script to divide the memory dump to files, each file containing only one page (4096 on my system, should translate to 256 lines on sublime). I tried the following:
- I tried to copy lines using sed
sed -n -e "${start},${end}p" $file1.dmp > $file2.dmpthe problem with this approach is that sed seems to count lines different than sublime. even when I try$startand$endboth as 1, I get a huge output (a lot less than the original file, but certainly not a single line). - I tried using head to at least copy the first page of the file
head -n $num $file1.dmp > $file2.dmp. it seems to have the same problem as sed, copies differenet number of lines than sublime. - I tried using cut with a specific number of (-b or -c) bytes or characters, same as head and sed.
cut -c 1-$num $file1.dmp > $file2.dmp - also tried colrm to copy one line, I made some progress with this! when I used
cat $file1.dmp | colrm $num > $file2.dmp, in file2 I found7fwhen$numwas equal to 1,7f45when$numwas equal to 2,7f45 4cwhen$numwas equal to 3, but when it was 4 I found this:
7f45 4c46 0201 0100 0000 0000 0000 0000
0400
as numbers go higher it still behaves weirdly, adding two hexadecimal numbers or whole lines all of a sudden!
- I tried wc with option -c, -m and -l (bytes, characters and lines respectively) just to count the numbers in my original file, numbers are totally different than what they should be.
I've exhausted my options, I think part of the problem is that all these commands treat the file as utf8 and behave improperly with null characters. anyway, is there any way I can copy properly from one hex file to another?
Solution
split can split a file by number of bytes.
split -b 4K -d memory.dmp page
Answered By - Ignacio Vazquez-Abrams Answer Checked By - Katrina (WPSolving Volunteer)