In computing, a hex dump is a textual hexadecimal view (on screen or paper) of (often, but not necessarily binary) computer data, from memory or from a computer file or storage device. Looking at a hex dump of data is usually done in the context of either debugging, reverse engineering or digital forensics. [1] Interactive editors that provide a similar view but also manipulating the data in question are called hex editors.
In a hex dump, each byte (8 bits) is represented as a two-digit hexadecimal number. Hex dumps are commonly organized into rows of 8 or 16 bytes, sometimes separated by whitespaces. Some hex dumps have the hexadecimal memory address at the beginning.
Some common names for this program function are hexdump
, hd
, od
, xxd
and simply dump
or even D
.
A sample text file:
0123456789ABCDEF /* ********************************************** */ Table with TABs (09) 1 2 3 3.14 6.28 9.42
as displayed by Unix hexdump
:
00000003031323334353637383941424344454600000100a2f2a202a2a2a2a2a2a2a2a2a2a2a2a00000202a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a*00000402a2a202a2f0a095461626c6520776974000005068205441427320283039290a093109090000060320909330a09332e313409362e3238090000070392e34320a0000075
The leftmost column is the hexadecimal displacement (or address) for the values of the following columns. Each row displays 16 bytes, with the exception of the row containing a single *. The * is used to indicate multiple occurrences of the same display were omitted. The last line displays the number of bytes taken from the input.
An additional column shows the corresponding ASCII character translation with hexdump -C
or hd
:
0000000030313233343536373839414243444546|0123456789ABCDEF|000000100a2f2a202a2a2a2a2a2a2a2a2a2a2a2a|./* ************|000000202a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a|****************|*000000402a2a202a2f0a095461626c6520776974|** */..Table wit|0000005068205441427320283039290a09310909|h TABs (09)..1..|00000060320909330a09332e313409362e323809|2..3..3.14.6.28.|00000070392e34320a|9.42.|00000075
This is helpful when trying to locate TAB characters in a file which is expected to use multiple spaces.
The -v
option causes hexdump to display all data verbosely:
0000000030313233343536373839414243444546|0123456789ABCDEF|000000100a2f2a202a2a2a2a2a2a2a2a2a2a2a2a|./* ************|000000202a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a|****************|000000302a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a|****************|000000402a2a202a2f0a095461626c6520776974|** */..Table wit|0000005068205441427320283039290a09310909|h TABs (09)..1..|00000060320909330a09332e313409362e323809|2..3..3.14.6.28.|00000070392e34320a|9.42.|00000075
POSIX [2] command can be used to display a hex dump with the -t x option.
# od-tx1tableOfTabs.txt 0000000 30 31 32 33 34 35 36 37 38 39 41 42 43 44 45 460000020 0a 2f 2a 20 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a0000040 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a*0000100 2a 2a 20 2a 2f 0a 09 54 61 62 6c 65 20 77 69 740000120 68 20 54 41 42 73 20 28 30 39 29 0a 09 31 09 090000140 32 09 09 33 0a 09 33 2e 31 34 09 36 2e 32 38 090000160 39 2e 34 32 0a 0000165
Character evaluations can be added with the -c option:
0000000 0 1 2 3 4 5 6 7 8 9 A B C D E F 30 31 32 33 34 35 36 37 38 39 41 42 43 44 45 46 0000020 \n / * * * * * * * * * * * * * 0a 2f 2a 20 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0000040 * * * * * * * * * * * * * * * * 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0000100 * * * / \n \t T a b l e w i t 2a 2a 20 2a 2f 0a 09 54 61 62 6c 65 20 77 69 74 0000120 h T A B s ( 0 9 ) \n \t 1 \t \t 68 20 54 41 42 73 20 28 30 39 29 0a 09 31 09 09 0000140 2 \t \t 3 \n \t 3 . 1 4 \t 6 . 2 8 \t 32 09 09 33 0a 09 33 2e 31 34 09 36 2e 32 38 09 0000160 9 . 4 2 \n 39 2e 34 32 0a 0000165
In this output the TAB characters are displayed as \t and NEWLINE characters as \n.
In the CP/M 8-bit operating system used on early personal computers, the standard DUMP program would list a file 16 bytes per line with the hex offset at the start of the line and the ASCII equivalent of each byte at the end. [3] : 1-41, 5-40–5-46 Bytes outside the standard range of printable ASCII characters (20 to 7E) would be displayed as a single period for visual alignment. This same format was used to display memory when invoking the D command in the standard CP/M debugger DDT. [3] : 4-5 Later incarnations of the format (e.g. in the DOS debugger DEBUG) changed the space between the 8th and 9th byte to a dash, without changing the overall width.
This notation has been retained in operating systems that were directly or indirectly derived from CP/M, including DR-DOS, MS-DOS/PC DOS, OS/2 and Windows. On Linux systems, the command hexcat produces this classic output format, too. The main reason for the design of this format is that it fits the maximum amount of data on a standard 80-character-wide screen or printer, while still being very easy to read and skim visually.
1234:0000:57696B6970656469612C207468652066Wikipedia, the f1234:0010:72656520656E6379636C6F7065646961ree encyclopedia1234:0020:207468617420616E796F6E652063616Ethat anyone can1234:0030:20656469740000000000000000000000edit...........
Here the leftmost column represents the address at which the bytes represented by the following columns are located. CP/M and various DOS systems ran in real mode on the x86 CPUs, where addresses are composed of two parts (base and offset).
In the above examples the final 00s are non-existent bytes beyond the end of the file. Some dump tools display other characters so that it is clear they are beyond the end of the file, typically using spaces or asterisks, e.g.:
1234:0000:57696B6970656469612C207468652066Wikipedia, the f1234:0010:72656520656E6379636C6F7065646961ree encyclopedia1234:0020:207468617420616E796F6E652063616Ethat anyone can1234:0030:2065646974edit
or
1234:0000:57696B6970656469612C207468652066Wikipedia, the f1234:0010:72656520656E6379636C6F7065646961ree encyclopedia1234:0020:207468617420616E796F6E652063616Ethat anyone can1234:0030:2065646974**********************edit
In mathematics and computing, the hexadecimal numeral system is a positional numeral system that represents numbers using a radix (base) of sixteen. Unlike the decimal system representing numbers using ten symbols, hexadecimal uses sixteen distinct symbols, most often the symbols "0"–"9" to represent values 0 to 9, and "A"–"F" to represent values from ten to fifteen.
The Arctic Archipelago, also known as the Canadian Arctic Archipelago, is an archipelago lying to the north of the Canadian continental mainland, excluding Greenland and Iceland.
Abstract Syntax Notation One (ASN.1) is a standard interface description language (IDL) for defining data structures that can be serialized and deserialized in a cross-platform way. It is broadly used in telecommunications and computer networking, and especially in cryptography.
In computer programming, a magic number is any of the following:
The Second Happy Time was a phase in the Battle of the Atlantic during which Axis submarines attacked merchant shipping and Allied naval vessels along the east coast of North America. The First Happy Time was in 1940–1941 in the North Atlantic and North Sea. Adolf Hitler and Benito Mussolini declared war on the United States on 11 December 1941, and as a result their navies could begin the Second Happy Time.
A most-perfect magic square of order n is a magic square containing the numbers 1 to n2 with two additional properties:
Snappy is a fast data compression and decompression library written in C++ by Google based on ideas from LZ77 and open-sourced in 2011. It does not aim for maximum compression, or compatibility with any other compression library; instead, it aims for very high speeds and reasonable compression. Compression speed is 250 MB/s and decompression speed is 500 MB/s using a single core of a circa 2011 "Westmere" 2.26 GHz Core i7 processor running in 64-bit mode. The compression ratio is 20–100% lower than gzip.
Transaction Capabilities Application Part, from ITU-T recommendations Q.771-Q.775 or ANSI T1.114 is a protocol for Signalling System 7 networks. Its primary purpose is to facilitate multiple concurrent dialogs between the same sub-systems on the same machines, using Transaction IDs to differentiate these, similar to the way TCP ports facilitate multiplexing connections between the same IP addresses on the Internet.
The women's 3000 m speed skating competition at the 2006 Winter Olympics in Turin, Italy, was held on 12 February, the second day of competition at the Olympics.
OTA Bitmap was a specification designed by Nokia for black and white images for mobile phones.
The first world record in the 400 metres individual medley in long course (50 metres) swimming was recognized by the International Swimming Federation (FINA) in 1957, followed by the women a year later. In the short course (25 metres) swimming events the world's governing body recognizes world records since March 3, 1991.
The 2004 Betfair Premier League was a professional non-ranking snooker tournament that was played from 10 January to 14 March 2004.
The 2003 Hasseröder Premier League was a professional non-ranking snooker tournament that was played from 11 January to 11 May 2003.
The 2002 Daily Star Premier League was a professional non-ranking snooker tournament that was played from 5 January to 12 May 2002.
Avro is a row-oriented remote procedure call and data serialization framework developed within Apache's Hadoop project. It uses JSON for defining data types and protocols, and serializes data in a compact binary format. Its primary use is in Apache Hadoop, where it can provide both a serialization format for persistent data, and a wire format for communication between Hadoop nodes, and from client programs to the Hadoop services. Avro uses a schema to structure the data that is being encoded. It has two different types of schema languages; one for human editing and another which is more machine-readable based on JSON.