I have a feeling that it is strings which is thwarting my efforts here. The binary files I want to use strings on unfortunately yield several matches per file, even though it is a 100% rule that exactly one of these contains the string with a null-byte at the end. And THIS is the string I want. I'm also working this way to make sure that false positives are eliminated from the beginning.

Unfortunately, it seems that strings cannot be taught to preserve the null-bytes so I can grep for some_expression\0.

Sample line: (simplified)

$ find . -maxdepth 1 -type f -size +1M -print0 | xargs -0 strings -fwn 3 | grep -w 'XYZ'

If strings could be told to keep the \0 characters, it would even allow something like ... | grep -w 'XYZ[^[:print:]]' at the end of the pipe later. But of course, grep is powerless whenever the preceding command in the pipe has already eliminated the '\0'.

I've even thought of a (fairly ugly) way to tackle this problem by tr'ing each '\0' character to something like '\177' (decimal 255) in the whole file that's being processed. But that would probably yield too many false positives.

Any better solutions?