Didier Stevens

Monday 18 January 2010

Update: XORSearch Version 1.6.0

Filed under: My Software,Update — Didier Stevens @ 1:26

A couple of new features:

  • searching for Unicode
  • searching for Hex code
  • printing of neighbouring bytes

Unicode support is rather simple: I consider Unicode as ASCII with 2 bytes per character, last byte always equals 0.

Usage case of hexcode search: search for embedded and encoded PE-file by searching for the PE-magic bytes MZ:

XORSearch -h malware.exe 50450000

Remember that XORSearch is not limited to win32, you can compile it on *nix too: cc -o XORSearch XORSearch.c

Download here.

1 Comment »

  1. […] Nowa wersja XORSearch, czyli wyszukiwanie string√≥w w binariach: link […]

    Pingback by » Kierunkowskaz #2 -- Niebezpiecznik.pl -- — Thursday 4 February 2010 @ 13:04


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 239 other followers

%d bloggers like this: