hexdump
View file contents in hexadecimal format for malware analysis. Analyze specific sections by setting offsets and byte lengths, providing detailed insights into file structure and data.
Instructions
Display file contents in hexadecimal format
Example usage:
Standard hexdump: { "target": "suspicious.exe" }
With length limit: { "target": "suspicious.exe", "length": 256 }
With offset: { "target": "suspicious.exe", "offset": 1024 }
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| length | No | Number of bytes to display | |
| offset | No | Starting offset in the file | |
| options | No | Additional command-line options | |
| target | Yes | Target file or data to analyze |
Input Schema (JSON Schema)
{
"$schema": "http://json-schema.org/draft-07/schema#",
"additionalProperties": false,
"properties": {
"length": {
"description": "Number of bytes to display",
"type": "number"
},
"offset": {
"description": "Starting offset in the file",
"type": "number"
},
"options": {
"description": "Additional command-line options",
"type": "string"
},
"target": {
"description": "Target file or data to analyze",
"minLength": 1,
"type": "string"
}
},
"required": [
"target"
],
"type": "object"
}
Implementation Reference
- serverMCP.js:130-164 (handler)Core handler for executing the 'hexdump' MCP tool and all specialized tools. Parses arguments, builds shell command via config.buildCommand, and spawns the process.if (commands[name]) { try { const cmdConfig = commands[name]; // Validate arguments against schema const validationResult = cmdConfig.schema.safeParse(args); if (!validationResult.success) { return { content: [{ type: "text", text: `Error: Invalid parameters for ${name} command.\n${JSON.stringify(validationResult.error.format())}` }], isError: true, }; } // Build the command string const commandStr = cmdConfig.buildCommand(validationResult.data); console.error(`Executing specialized command: ${commandStr}`); // Execute the command via the terminal manager const result = await terminalManager.shellCommand(commandStr); console.error(`${name} command executed with PID: ${result.pid}, blocked: ${result.isBlocked}`); return { content: [{ type: "text", text: JSON.stringify(result) }], }; } catch (error) { console.error(`Error executing ${name} command:`, error); return { content: [{ type: "text", text: `Error: ${error instanceof Error ? error.message : String(error)}` }], isError: true, }; } }
- serverMCP.js:113-121 (registration)Registers the 'hexdump' tool (and others from commands.js) dynamically in the MCP listTools endpoint by converting zod schemas to JSON schema.const specializedTools = Object.values(commands).map(cmd => ({ name: cmd.name, description: cmd.description + (cmd.helpText ? '\n' + cmd.helpText : ''), inputSchema: zodToJsonSchema(cmd.schema), })); return { tools: [...basicTools, ...specializedTools], };
- commands.js:14-17 (schema)Base Zod schema used by hexdump and other commands, validating target file and optional options.const baseCommandSchema = z.object({ target: z.string().min(1).describe("Target file or data to analyze"), options: z.string().optional().describe("Additional command-line options") });
- commands.js:73-76 (schema)Hexdump-specific Zod schema extension for optional length and offset parameters.schema: baseCommandSchema.extend({ length: z.number().optional().describe("Number of bytes to display"), offset: z.number().optional().describe("Starting offset in the file") }),
- commands.js:77-89 (helper)Helper function that constructs the exact hexdump shell command string from validated arguments, with defaults.buildCommand: (args) => { let options = args.options ? args.options : '-C'; // Default to canonical hex+ASCII display if (args.length) { options += ` -n ${args.length}`; } if (args.offset) { options += ` -s ${args.offset}`; } return `hexdump ${options} ${args.target}`; },