What Is a Hex Dump?
In calculations, a hexadecimal dump is a hexadecimal view of computer data (on screen or paper), from RAM or from a file or storage device. Viewing a hex data dump is usually done as part of debugging or reverse engineering. In a hexadecimal dump, each byte (8 bits) is represented as a two-digit hexadecimal number. Hex dumps are usually organized into 8- or 16-byte lines, sometimes separated by spaces. Some hex dumps have a hex memory address at the beginning and / or a checksum byte at the end of each line. Although the name implies the use of base-16 output, some hex dump software may have the option of base-8 (octal) or base-10 (decimal) output. Some common names for this program function are hexdump, od, xxd and simple dumps even D. [1]
- Example of a partial hex dump of the program, generated by the Unix program hexdump:
00105e0 e6b0 343b 9c74 0804 e7bc 0804 e7d5 0804 00105f0 e7e4 0804 e6b0 0804 e7f0 0804 e7ff 0804 0010600 e80b 0804 e81a 0804 e6b0 0804 e6b0 0804
- However, the above example represents an ambiguous form of a hexadecimal dump because the byte order may be undefined. Such a hex dump is only useful in the context of well-known byte order standards, or when values are intentionally given in full form (and may result in a variable number of bytes), for example:
00105e0 e6 b008 04e79e08 04e7bc 08 04 e7 d50804
- When explicit byte sequences are needed (for example, for a hex dump of machine code programs or ROM contents), byte-by-byte representations are advantageous, usually organized in 16-byte rows, between 8-byte groups With optional frequency divider:
00105e0 e6 b0 08 04 e7 9e 08 04-e7 bc 08 04 e7 d5 08 04 00105f0 e7 e4 08 04 e6 b0 08 04-e7 f0 08 04 e7 ff 08 04 0010600 e8 0b 08 04 e8 1a 08 04-e6 b0 08 04 e6 b0 08 04
- Rarely use the compact form without spaces between the values:
00105e0 e6b00804e79e0804e7bc0804e7d50804 00105f0 e7e40804e6b00804e7f00804e7ff0804 0010600 e80b0804e81a0804e6b00804e6b00804
- On modern x86 (little-endian) computers, Unix by default displays the same bytes as a two-byte word:
00105e0 b0e6 0408 9ee7 0408 bce7 0408 d5e7 0408 00105f0 e4e7 0408 b0e6 0408 f0e7 0408 ffe7 0408 0010600 0be8 0408 1ae8 0408 b0e6 0408 b0e6 0408
- Usually, additional columns show the corresponding ASCII text conversion (for example hexdump -C or hd):
0000: 57 69 6B 69 70 65 64 69 61 2C 20 74 68 65 20 66 Wikipedia, the f 0010: 72 65 65 20 65 6E 63 79 63 6C 6F 70 65 64 69 61 ree encyclopedia 0020: 20 74 68 61 74 20 61 6E 79 6F 6E 65 20 63 61 6E that anyone can 0030: 20 65 64 69 74 00 00 00 00 00 00 00 00 00 00 00 edit ...
- When a hexadecimal dump is intended to be entered manually into a computer, as in the case of printed magazine articles in the home computer era, a checksum byte (or two) is added at the end of each line, which is usually calculated as a simple 256-modulus line Sum of all values or more complex CRC. This checksum will be used to determine if the user entered the line correctly.
- Various hex dump file formats (including S-record, Intel HEX, and Tektronix extended HEX) have similar checksum values at the end of each line. 1872590
- In the Unix programs od and hexdump, not all display output lines containing the same data as the previous line are displayed; instead, the lines containing only one asterisk are displayed. For example, a block of all zeros is printed as:
0000000 0000 0000 0000 0000 0000 0000 0000 0000 * 0000030
- This compression feature provides a useful tool for checking irregularities of large files or complete devices. In modern Linux systems, it is convenient to scan the entire hard disk to check if it is all empty:
# hexdump / dev / sda (replace sda with the proper name for the device to be scanned)
- The -v option causes hexdump and od to explicitly display all input data:
0000000 0000 0000 0000 0000 0000 0000 0000 0000 0000010 0000 0000 0000 0000 0000 0000 0000 0000 0000020 0000 0000 0000 0000 0000 0000 0000 0000
- On Unix / POSIX / GNU systems: "Utilities od and hexdump output octal, hexadecimal or other encoded bytes from a file or stream. Depending on your system type, either or both of these utilities All are available-BSD system deprecation For hexdump, the GNU system is reversed. However, the two utilities have exactly the same purpose, with only slightly different switches.
- In the CP / M 8-bit operating system used on early personal computers, the standard DUMP program would list 16-byte files per line, beginning with a hexadecimal offset and ending with ASCII for each byte Equivalent. Bytes beyond the standard printable ASCII character range (20 to 7E) will be displayed as a single cycle of visual alignment. When calling the D command in the standard CP / M debugger DDT, the memory is displayed using the same format. Later formatters (for example in the DOS debugger DEBUG) changed the space between the 8th and 9th bytes to dashes without changing the overall width.
- This notation has been retained in operating systems derived directly or indirectly from CP / M, including DR-DOS, MS-DOS, OS / 2, and MS-Windows. On Linux systems, the command hexcat will also generate this classic output format. The main reason for designing this format is that it fits the maximum amount of data on a standard 80-character wide screen or printer, while still being very easy to read and navigate.
1234: 0000: 57 69 6B 69 70 65 64 69 61 2C 20 74 68 65 20 66 Wikipedia, the f 1234: 0010: 72 65 65 20 65 6E 63 79 63 6C 6F 70 65 64 69 61 ree encyclopedia 1234: 0020: 20 74 68 61 74 20 61 6E 79 6F 6E 65 20 63 61 6E that anyone can 1234: 0030: 20 65 64 69 74 00 00 00 00 00 00 00 00 00 00 edit ...