[linux-elitists] Fun with SirCam

Karsten M. Self kmself@ix.netcom.com
Sat Aug 4 13:25:32 PDT 2001


on Sat, Aug 04, 2001 at 12:36:11AM -0700, Rick Moen (rick@linuxmafia.com) wrote:
> begin  Karsten M. Self quotation:
>  
> >     $ dd if=attachment bs=32 count=4228 of=worm
> > ...give or take a few bytes.
> 
> There's something oddly reassuring about being able to extract a binary
> executable's image without being off a few bytes.

You can extract the image precisely in dd.  I added the 'give or take'
as I'd not tested the recipie myself.  Adjust to suite.

More specifically:  dd allows on to specify:

  - A binary sequence length, in blocks.
  - An offset sequence, in blocks.
  - A blocksize, in bytes.

Using combinations of sequence lengths, offsets, and/or blocksizes, any
arbitrary sized portion of a file may be extracted or excluded.

The advantage to specifying larger blocksizes is that I/O typically
becomes more efficient with larger blocksizes.  For disk I/O operations,
blocksizes matching the disk block (8192 bytes, IIRC) tend to be
optimal, increasing blocksize to integral multiples of this does little.
For tape operations, blocksize can significantly increase speed of tape
I/O, though this can also be modified with various 'mt' commands.  When
_reading_ data, setting blocksize to match the value used in recording
is essential, a situation which may arise in working with, say,
mainframe data (been there, done that).

dd also performs other useful operations including case conversion to
and from ASCII/EBCDIC (or IBM EBCDIC), blocking and unblocking,
truncation, byte-swapping, and NUL-padding.  There are certain forms of
data that *aren't* handled properly by dd, including various packed and
zone-decimal formats, which should typically be handled by specialized
tools.  I've encountered this in SAS processing -- SAS offers specific
input formats to handle various mainframe data types.

Reading Kernighan and Pike, it appears that dd may actually date from
mainframe terminology, there's a similar 'DD' (data definition)
statement in MVS JCL, which is used to specify input or output data.
Due to the lower level of access to storage (DASD) under MVS, this is
actually a required parameter of a job.  The syntax of the MVS DD
statement is richer than the unix 'dd' command, though dd reflects it in
both syntax and several options.

> > Hmm...  How's this compare to, say, bvi?  It looks like a fusion of a
> > binary editor and 'dd'.
> 
> I'm not sure.  I'll have to compare, at some point.

bvi seems to be more interactive than fb, though it lacks some of the
binary manipulation tools of fb.

-- 
Karsten M. Self <kmself@ix.netcom.com>            http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?               There is no K5 cabal
  http://gestalt-system.sourceforge.net/                 http://www.kuro5hin.org
   Free Dmitry!! Boycott Adobe!! Repeal the DMCA!!   http://www.freesklyarov.org
Geek for Hire                          http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010804/709f6d63/attachment.pgp 


More information about the linux-elitists mailing list