During FOR508, I kept getting tired of having to divide the byte location of
the string from the output of srch_strings by the block size. I figured
out a way to use bc on the command line on a case-by-case basis, but figured
it'd be easier to just have a couple scripts that could output in that
format. The original result was srch_strings_blk, srch_strings_pipe, and
srch_strings_wrap.sh.

Rob Lee put me in touch with Hal Pomeranz who had a similar idea and we
talked about some additional things to include in the srch_strings_wrap.sh.
I decided to conver the script to perl and added some new functionality.
Those changes became the current srch_strings_wrap which aims to be a complete
wrapper around srch_strings.

- Dave Lassalle, @superponible, dave@superponible.com

==============================================================================

srch_strings_wrap

This script is a wrapper around the regular srch_strings. It will pass all
arguments to srch_strings and execute it normally. The -b or -d option
must be given to enable additional functionality, otherwise it will just run
liek the normal srch_strings. If the -b option is specified, it will
calculate the block that matched using the block size given. If -d is used,
it will use fsstat on the file argument to determine the block size.
If -b or -d is specified but "-t d" is not used, then an error will be
displayed.

Files can be specified, otherwise stdin is used for input.

Other arguments (-H, -F, -C, -O) can be used to modify the output. See the usage
statement by running with -h.

Example:

# srch_strings_wrap -d -a -t d -e l filesystem.img
OR
# srch_strings_wrap -b 4096 -a -t -d -e l filesystem.img

This would be equivalent to

# srch_strings -a -t d -e l filesystem.img | srch_strings_pipe -b 4096

and

# srch_strings -a -t d -e l filesystem.img > strings.out
# srch_strings_blk -i filesystem.img -s strings.out

==============================================================================

srch_strings_blk

This script requires a file as input (-s) which is the output of a
srch_strings command run with the "-t d" option to produce the byte
location of the string in the original file. Additionally, if the
blocksize is known, specify it with -b. Otherwise, the original image file
can be specified with -i and the script will determine the block size
using fsstat

Example:

# srch_strings -a -t d -e l filesystem.img > strings.out
# srch_strings_blk -i filesystem.img -s strings.out
OR
# srch_strings_blk -b 4096 -s strings.out

The script will output to stdout or to the file specified with -o.

Note, if -b and -i are both specified, the argument given in -b will be used.

==============================================================================

srch_strings_pipe

This script can be used in a pipeline following srch_strings. It only
takes the -b argument for the block size and the -o argument for the optional
output file.

Example:

# srch_strings -a -t d -e l filesystem.img | srch_strings_pipe -b 4096

==============================================================================

srch_strings_wrap.sh

This script is a wrapper around the regular srch_strings. It will pass all
arguments to srch_strings and execute it normally. If the -b option is
specified, after running srch_strings, it will calculate the block like the
other scripts do. If -b is not specified, srch_strings will run as it
normally does. If -b is specified but "-t d" is not used, then an
error will be displayed.

Files can be specified, otherwise stdin is used for input.

Example:

# srch_strings_wrap -b 4096 -a -t -d -e l filesystem.img

This would be equivalent to

# srch_strings -a -t d -e l filesystem.img | srch_strings_pipe -b 4096

and

# srch_strings -a -t d -e l filesystem.img > strings.out
# srch_strings_blk -i filesystem.img -s strings.out