HEXIFIED FILE DUMP

external links: index . projects . home

in-file links: preamble - help - downloads - end

Preamble

2010-05-02: Minor update, added -exe:F, to follow the 'import' table, dumping each DLL found.

There are probably many such utilities that will dump the contents of a file in hexified byte format, but few with as many twists as this one ;=)) Over the years I have added various specialized file dumps to this utility.

In its simplest form, dump4 <file_name> will dump the file in the somewhat standard form of -
offset: hh hh - 16 bytes of hex - hh hh  followed by the ASCII (where control char replaced with a '.')
as shown in the sample below, a dump of a ZIP file, but as the HELP shows, it can do much more than this ;=))

0000:0000 50 4B 03 04 14 00 00 00  08 00 0A 75 9A 3B 9E 26 PK.........u.;.&
0000:0010 BB 6B A6 02 00 00 ED 06  00 00 09 00 00 00 74 65 .k............te
0000:0020 73 74 31 2E 74 78 74 A5  55 DB 6E DA 40 10 7D 47 st1.txt.U.n.@.}G
0000:0030 E2 1F E6 0D 23 D1 F5 85  5B 12 D4 07 0B 4C 40 E2 ....#...[....L@.
... etc, until end of file ...

HELP

Any non-valid command, like -?, will show the help -

Dump4 32-Bits - HEX DUMP UTILITY - 27 April, 2010
Usage   : Dump4 [@]InputFile[s] [Switches]
Switches: Each preceded by - or / space separated.
  -? or H This brief help. (?? or HH for more)
  -a[a][n] Dump ASCII only. 2nd 'a' for alphanumeric; n is min length. (Def=4).
  -bmp[n] Dump as a BITMAP file. n=1 for one line; 2 for add colors (24BBP).
  -bmp[:br=nn:bc=nn:er=nn:ec=nn] to set begin and end row and column of the BITMAP.
  -block:nn[Xn][:nn[Xn]] - Dump hex in BLOCKS.
  -cab    Dump as a MS Cabinet file.
  -cis    Dump as a Compuserve SUPPORT file. ADDRBOOK.DAT type
  -Bnnn   Begin at offset nnn into file.
  -Ennn   End at offset nnn into file.
  -exe    See -obj[:options] below.
  -dd[o]  Dump as fixed VOS table file. o=only
  -dfs    Dump as private DFS dataset.
  -dll    See -obj[:options] below.
  -dw[s]  Dump as DWORD entries, default as bytes. s=swap bigendians.
  -gif[n][t][:|+[outname.bmp]] GIF file. n=1 red.out t=xlat :|+=write bmp
  -i[@]Nm Input Name (alternative method).
  -lnk    Dump as a Microsoft SHORTCUT (LNK) file.
  -lib    See -obj[:options] below.
  -O[+|-]OutFile - Output to OutFile (+=append, -=new[default]
  -o:[h|n] - Output file OFFSET as H=Hex(default), or N=Number.
  -obj[:options] - Dump as a COFF/EXE/DLL/LIB Object file. (:? to see options)
  -p[pm]  Remove parity, [or convert ppm to bmp].
  -rgb    Dump as an SGI RGB graphic file.
  -shp    Dump as SHAPEFILE ...
  -sonic  Dump as Sonic project file.
  -tar    Dump as TAR file ...
  -m2ts   Dump as M2TS HD Video file ...
  -avi    Dump as AVI (Audio Video Interleave) file ...
  -v[n]   Verbosity. -v=-v1 -v0=Silent -vn=Level up to 9.
  -wav    Dump as WAVE file.
  -X[oha[u]] Exclude [Offset|Hex|Ascii] display. (-xohu=Unicode)
Notes  1: Up to 200 Input files can be given.
       2: Input File Names can contains wildcards.
       3: Preceded with @ means further commands in file.
                                                  Happy Dumping!

And for PE image dumping... -exe:? help...

Dump4 32-Bits - HEX DUMP UTILITY - 27 April, 2010
PEDUMP options - Switch -obj[:options[+|-] - '+' On (def), '-' Off
 A - include ALL, well BHILPRS, in dump.
 B - show Base relocations. (def=Off)
 C = dump seCtions: def = ON.
 D = dump DOS, or other File Header: def = ON.
 F = follow import trail, using PATH to find, and dump imported DLLs: def = OFF.
 G = dump debuG description: def = ON.
 H - include Hex dump of sections.(def=Off)
 I - include Import Address Table thunk addresses.(def=Off)
 L - include Line number information.(def=Off)
 M = dump iMport Names: def = ON.
 O = dump Optional Header: def = ON.
 P - include PDATA (runtime functions).(def=Off)
 R - include detailed Resources (stringtables and dialogs).(def=Off)
 S - show Symbol table.(def=Off)
 T = dump daTa directory: def = ON.
 special ':imports' - set all above off, except Import Names.
This applies to -dll, -exe, -lib with the same options, ABCDHILMOPRST.
Current DumpPE Options: B-CDF-GH-I-L-MOP-R-S-T
                                                        Happy Dumping!

Large, long listings can be limited using the -Bnnnn (begin offset), and -Ennnn (end offset), but mostly this only applies to the standard simple hex dump of a file. As can be seen there are many 'specialized' dumps, where the known format of the file type in question is used in the type of dump offered. If the input does not match the know specified format, then the standard dump will be done instead.

top


Downloads!

Some downloads ... as usual, take care downloading and running things from the web. It is highly recommended that you download the source, and compile it yourself. Microsoft offers an 'Express Edition' for free, of their C/C++ IDE tool, Visual C/C++, as well as the Windows SDK ...

Downloadable binary (e), and source (-) for WIN32
Date Link Size Notes Digest (MD5)
02/05/2010 dump4e18.zip 195,744 Runtime 31da6cba42299b9d7a12ea4f8c13fca1
02/05/2010 dump4-18.zip 557,049 Source 087c2a03eb04658dc82465103e0f877c
Older version
17/02/2010 dump4e17.zip 193,405 Runtime b41b3af20d416ba66c58e9e0c43bb822
17/02/2010 dump4-17.zip 553,220 Source 5b0b115589c9dee1f9ff8f67f989085b

If clicking on the above link does not start the download, try a right mouse click, and in the context menu that should appear, choose 'Save Target As...'. You will then have the choice where to save the zip file on your local disk... From Windows XP, Vista and up,  natively allow an unzip, or there are free tools like 7-zip to do this.

Have fun ;=))

top


checked by Tidy  Valid XHTML 1.0 Transitional