Didier Stevens

Tuesday 8 March 2011

DumpStrings.1sc

Filed under: Forensics,My Software — Didier Stevens @ 0:00

I wrote another script for my 010 Editor.

Like its name implies, DumpStrings will dump all the strings (ASCII and UNICODE) found in a file, or a selection in a file, to the output tab.
Strings must be at least 5 characters long (defined with a #define statement in the script).
UNICODE support is very simple for the moment: 7-bit values in a 16-bit character (MSB or LSB).

Take into account that this is not designed for large files: it will take too long. But its easy to analyze partial files without having to save the selection for analysis with another strings tool.

Download:

DumpStrings_V0_0_1.zip (https)

MD5: 50C0C92F28020E7BCABBF46CA8775CCE

SHA256: 7EC688DBB0FD95C828067662C9ED8BBCFFEFBE5EA37B607DC8DFA1BDCB94365C

2 Comments »

  1. Hi Didier,

    This is a helpful tool. Looking at the strings will give you a hint (if you get lucky) what vulnerability is exploited by a malware.

    Comment by Zack — Tuesday 8 March 2011 @ 0:59

  2. Cool script as always :)

    Comment by DineshVenkatesan — Thursday 10 March 2011 @ 15:56


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 234 other followers

%d bloggers like this: