hexdump
Display file contents in hexadecimal format for malware analysis, enabling inspection of binary data with options for offset and length control.
Instructions
Display file contents in hexadecimal format
Example usage:
Standard hexdump: { "target": "suspicious.exe" }
With length limit: { "target": "suspicious.exe", "length": 256 }
With offset: { "target": "suspicious.exe", "offset": 1024 }
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target file or data to analyze | |
| options | No | Additional command-line options | |
| length | No | Number of bytes to display | |
| offset | No | Starting offset in the file |
Implementation Reference
- serverMCP.js:130-163 (handler)Core handler logic for the 'hexdump' tool (shared with other specialized tools). Validates input arguments using the tool's Zod schema, constructs the full hexdump shell command using the tool's buildCommand function, executes it via terminalManager.shellCommand, and returns the execution result.if (commands[name]) { try { const cmdConfig = commands[name]; // Validate arguments against schema const validationResult = cmdConfig.schema.safeParse(args); if (!validationResult.success) { return { content: [{ type: "text", text: `Error: Invalid parameters for ${name} command.\n${JSON.stringify(validationResult.error.format())}` }], isError: true, }; } // Build the command string const commandStr = cmdConfig.buildCommand(validationResult.data); console.error(`Executing specialized command: ${commandStr}`); // Execute the command via the terminal manager const result = await terminalManager.shellCommand(commandStr); console.error(`${name} command executed with PID: ${result.pid}, blocked: ${result.isBlocked}`); return { content: [{ type: "text", text: JSON.stringify(result) }], }; } catch (error) { console.error(`Error executing ${name} command:`, error); return { content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }], isError: true, }; }
- commands.js:73-76 (schema)Zod input schema for the hexdump tool, extending baseCommandSchema with optional length and offset parameters for controlling the hexdump output.schema: baseCommandSchema.extend({ length: z.number().optional().describe("Number of bytes to display"), offset: z.number().optional().describe("Starting offset in the file") }),
- serverMCP.js:113-117 (registration)Registers the 'hexdump' tool (and all other specialized tools from commands.js) in the MCP server's ListTools response by mapping command configurations to MCP tool definitions with name, description, and converted JSON schema.const specializedTools = Object.values(commands).map(cmd => ({ name: cmd.name, description: cmd.description + (cmd.helpText ? '\n' + cmd.helpText : ''), inputSchema: zodToJsonSchema(cmd.schema), }));
- commands.js:77-89 (helper)Helper function specific to hexdump tool that constructs the complete shell command string from input arguments, applying defaults and options for the external hexdump utility.buildCommand: (args) => { let options = args.options ? args.options : '-C'; // Default to canonical hex+ASCII display if (args.length) { options += ` -n ${args.length}`; } if (args.offset) { options += ` -s ${args.offset}`; } return `hexdump ${options} ${args.target}`; },