I've got a few peculiar issues with trying to search for a string inside of a .db file. The way I tried was by using grep, which does apparently find the string(s), although this is the output:
在.db文件中搜索字符串时,我遇到了一些特殊的问题。我尝试的方法是使用grep,它显然找到了字符串,尽管这是输出:
$ grep "ext" *.db
Binary file enormous.db matches
There are a couple problems with this:
这其中有几个问题:
- I need to return the actual matching string.
- 我需要返回匹配的字符串。
- I only want to return a particular string out of the matching ones
- 我只想从匹配的字符串中返回一个特定的字符串
- The filename changes, so it's only the extensions match
- 文件名改变了,所以只有扩展名匹配
- The are more than one valid extension (ext, bin, fck)
- 超过一个有效的扩展(ext, bin, fck)
The thing that differentiates the string I'm looking for apart from the others is that it always contains some random character followed by a hexadecimal 02, then the filename.
区别我要查找的字符串与其他字符串的地方在于,它总是包含一些随机字符,后面跟着一个十六进制02,然后是文件名。
In the above horrid mess of gunk is TheFile.ext, which I'm hoping to grab (hex is shown below). Maybe grep isn't the right tool for this particular task? I'm not sure, but open to ideas - thanks.
在上面可怕的脏乱中是文件。ext,我希望抓取(hex如下图)。也许grep不是这个特定任务的合适工具?我不确定,但我愿意接受你的想法——谢谢。
2F46696C65204F6E652E65787400D60F950017416E6F746865722046696C652E657874001003230254686546696C652E65787400D70FA80FA80FA80FA8000F0FA80020416E6F746865722E65787400AE0FB9000FB9000FBA00204D6F726546696C65732E6578747C00000000000000000E52616E646F6D2E65787400BB0C030701404E00000000000003260351012F506174682F546F20536F6D652F66696C652E657874
3 个解决方案
#1
1
Using sqlite3 from bash on OS X seems fairly straightforward (I'm no expert at this, by the way).
在OS X上使用bash中的sqlite3似乎相当简单(顺便说一下,我对此并不精通)。
You will need to find out which table you need. You can do this with an interactive session. I'll show you with the database you suggested:
您需要知道需要哪个表。您可以通过交互式会话来实现这一点。我将向您展示您建议的数据库:
/Users/fredbloggs> sqlite3 ~/Library/Application\ Support/Dock/desktoppicture.db
SQLite version 3.8.5 2014-08-15 22:37:57
Enter ".help" for usage hints.
sqlite> .tables
data displays pictures preferences prefs spaces
sqlite> select * from data;
/Library/Desktop Pictures/Earth and Moon.jpg
sqlite> .exit
How did I know it was table data? I didn't, I tried each one until it looked right :-)
我怎么知道是表格数据?我没有,我试了每一个直到它看起来正确:
Now we need to run that from a bash script:
现在我们需要从bash脚本运行它:
cmd='select * from data'
fname=$(sqlite3 $HOME/Library/Application\ Support/Dock/desktoppicture.db "$cmd")
echo "filenames are: $fname"
Gotchas: seemed to be an issue with ~. I kept forgetting to \ the space in "Application Support".
看来是~的问题。我总是忘记在“应用程序支持”中留出空间。
Give that a try, and see where we get. Let me know!
试试看,看看我们能得到什么。让我知道!
#2
2
grep varies a lot between platforms. Here's how you can do it on GNU and presumably on OS X:
不同平台的grep差异很大。以下是如何在GNU和OS X上进行操作的方法:
$ grep -ao '[[:print:]]*\.ext' file.bin
/File One.ext
Another File.ext
TheFile.ext
Another.ext
MoreFiles.ext
Random.ext
/Path/To Some/file.ext
If you find that it doesn't work, please say which platform you are trying to use it on.
如果您发现它不工作,请说明您试图在哪个平台上使用它。
#3
0
You can use the -a option to make grep output the matches from binary files. You can reduce the output to just the file name if you know what type of characters make up the filename.
您可以使用-a选项使grep输出来自二进制文件的匹配。如果您知道文件名由什么类型的字符组成,那么可以将输出减少为文件名。
grep -ao '[[:print:]]*\.ext' *.db
For different file extensions, well, you need to create a list of files. You can use find
对于不同的文件扩展名,您需要创建一个文件列表。您可以使用发现
find . <search criteria> -exec grep -aoH '[[:print:]]*\.ext' {} \+
Updated to make use of the [[:print:]] search term that I hadn't known before.
更新以使用[[:print:]]搜索词,我以前不知道。
#1
1
Using sqlite3 from bash on OS X seems fairly straightforward (I'm no expert at this, by the way).
在OS X上使用bash中的sqlite3似乎相当简单(顺便说一下,我对此并不精通)。
You will need to find out which table you need. You can do this with an interactive session. I'll show you with the database you suggested:
您需要知道需要哪个表。您可以通过交互式会话来实现这一点。我将向您展示您建议的数据库:
/Users/fredbloggs> sqlite3 ~/Library/Application\ Support/Dock/desktoppicture.db
SQLite version 3.8.5 2014-08-15 22:37:57
Enter ".help" for usage hints.
sqlite> .tables
data displays pictures preferences prefs spaces
sqlite> select * from data;
/Library/Desktop Pictures/Earth and Moon.jpg
sqlite> .exit
How did I know it was table data? I didn't, I tried each one until it looked right :-)
我怎么知道是表格数据?我没有,我试了每一个直到它看起来正确:
Now we need to run that from a bash script:
现在我们需要从bash脚本运行它:
cmd='select * from data'
fname=$(sqlite3 $HOME/Library/Application\ Support/Dock/desktoppicture.db "$cmd")
echo "filenames are: $fname"
Gotchas: seemed to be an issue with ~. I kept forgetting to \ the space in "Application Support".
看来是~的问题。我总是忘记在“应用程序支持”中留出空间。
Give that a try, and see where we get. Let me know!
试试看,看看我们能得到什么。让我知道!
#2
2
grep varies a lot between platforms. Here's how you can do it on GNU and presumably on OS X:
不同平台的grep差异很大。以下是如何在GNU和OS X上进行操作的方法:
$ grep -ao '[[:print:]]*\.ext' file.bin
/File One.ext
Another File.ext
TheFile.ext
Another.ext
MoreFiles.ext
Random.ext
/Path/To Some/file.ext
If you find that it doesn't work, please say which platform you are trying to use it on.
如果您发现它不工作,请说明您试图在哪个平台上使用它。
#3
0
You can use the -a option to make grep output the matches from binary files. You can reduce the output to just the file name if you know what type of characters make up the filename.
您可以使用-a选项使grep输出来自二进制文件的匹配。如果您知道文件名由什么类型的字符组成,那么可以将输出减少为文件名。
grep -ao '[[:print:]]*\.ext' *.db
For different file extensions, well, you need to create a list of files. You can use find
对于不同的文件扩展名,您需要创建一个文件列表。您可以使用发现
find . <search criteria> -exec grep -aoH '[[:print:]]*\.ext' {} \+
Updated to make use of the [[:print:]] search term that I hadn't known before.
更新以使用[[:print:]]搜索词,我以前不知道。