search for hex values and return hex value and offset

Question

Jack helped me last year with this Python script. It was very usefull. Now I want to use it again, but the output must be in Hex values this time, and it would be very nice to have the offset were the 'needle' is found in the haystack. Is that possible?

#!/usr/bin/python
import mmap
fd = open("file_to_search", "rb")
needle = "\x35\x5A\x3C\x2F\x74\x69\x6D\x65\x3E"
haystack = mmap.mmap(fd.fileno(), length = 0, access = mmap.ACCESS_READ)
i = haystack.find(needle)
while i >= 0:
    i += len(needle)
    print (haystack[i : i + 28])
    i = haystack.find(needle, i)

Answer 1

If what you want to change is the display, then you need to change the print statement. Also, as J-F Fabre mentioned, you'll need to change the search string to a bytes object if you are using Python3.

For Python3:

needle = b"\x35\x5A\x3C\x2F\x74\x69\x6D\x65\x3E"
...
print ("%08X: "%i, ', '.join("%02X"%(ch) for ch in haystack[i:i+28]))

For Python2:

print ("%08X: "%i), ', '.join("%02X"%ord(ch) for ch in haystack[i:i+28])

Answer 2

You could do it like this with Python 2:

import mmap

with open("file_to_search", "rb") as fd:
    needle = "\x35\x5A\x3C\x2F\x74\x69\x6D\x65\x3E"
    needle_len = len(needle)
    haystack = mmap.mmap(fd.fileno(), length=0, access=mmap.ACCESS_READ)
    offset = haystack.find(needle)
    while offset >= 0:
        hex_string = ''.join(r'\x%02X' % ord(b)
                                for b in haystack[offset: offset+needle_len])
        print('offset: {}, needle: "{}"'.format(offset, hex_string))
        offset += needle_len
        offset = haystack.find(needle, offset)

Sample output:

offset: 3, needle: "\x35\x5A\x3C\x2F\x74\x69\x6D\x65\x3E"

Since the value of needle never changes, it seems redundant to display its value every time a match is found.