 I've developed several dump programs, only dump is one of them, but I have several others, like ZipDump, EMLDump, B64Dump. I'm also working on a new one, RTFDump. And now, in all of those dump programs, I added a new feature, a new option, that allows you to select partial data from a data stream and I call this the cut option. Now, in my dump programs, I also include a man page, that you can view like this, with the option man. And then you get explanations about the program. And here, you can see a start of the man page for the cut option. So let me show you how this works. Here I have a sample doc, and we are interested to see what's in the data stream, so stream 5. So when I select this stream 5, well, a dump will do an ASCII dump, by default, on the content of that dump. So this is the start here, content. And here you can see this byte sequence, JFIF. So it's actually probably a GPEG that we are finding here. You can see FFD8 and so on. So we would like to go into that, and that's when you can use the cut option to select this stream. So you see that the byte FFD8 sequence here starts at extra decimal position 101. This is 100, this is 101. So we are going to select this with the cut option, like this. So cut. And the cut option takes two parameters. The start, where you want to cut, and the end, where you want to cut. And they are separated by a colon. So I'm going to start at 101. So that's 101 extra decimal. And I'm going to end at the end. So if I don't provide anything, it will be selected until the end of the stream. And now we see that the beginning here of the JPEG file is selected, the embedded JPEG file. And we can go on like this. Now, you can also say, okay, I'm going to select not to complete, but say to 111, like this. And then we get actually 17 bytes. Because you are selecting from 101 extra decimal to 111 extra decimal. And the 111 is included. So it's not like in Python, if you know Python, where the end here is not included, but the last byte here that you select is included. Now, if you just want to see 16 bytes, you can do it like this. You say 16 L, L stands for the length. So now I'm selecting 16 bytes. And also express this extra decimal. Like for example here, 32 bytes. Okay. Now, position, you can provide a position where you want the cut to start or to end. But you can also provide a stream or a byte sequence to search for. And then when that sequence is found, then it is selected as a start or the end depending on what parameter you're giving. So here it starts with FFD8. So instead of giving the position, we are going to tell the cut option that we search for FFD8. And when we find FFD8, the first instance of FFD8 we find in the stream, we take that as the start of the cut. Like this. Now let's take a closer look at what we find here. So we have a JPEG. And here you can see this program must be run under Win32. So this is probably a PE file that is appended to this JPEG file. Let's do this again. I'm not seeing it. Let me try again. Okay, yeah. Here it is mz. So the start of the PE file. So we can also search for that. Now we know we are searching for an ASCII string. So you provide the parameter here in single quotes. And here in the command line, we have to escape this. So like that. So this will search for the string mz and then start to cut. Okay. And now you can see that we are selecting the PE file. Like this. Now we know a dump. When we have selected this by default, it will be dumped in an ASCII dump. But you can also ask to dump it in X or just to dump it the bytes like they are. So that's with option minus D. And then you can pipe this into another program like my PE check program. Sorry. PE check. And this will check the PE file. It provides you lots of information about it. Like this. So you have the entropy, the hash, and here are the sections that you can find. A lot of information. And if we go at the end, you also see PE ID information. So you can see that it was compiled with BORL and C++. So that is the cut option. I included it in several of my dump files, which I will release soon. And also I made a standalone program that also can do this cut.