Comments on: XORSearch http://blog.didierstevens.com (blog 'DidierStevens) Mon, 15 Mar 2010 17:38:44 +0000 http://wordpress.com/ hourly 1 By: Chris S. http://blog.didierstevens.com/programs/xorsearch/#comment-37437 Chris S. Tue, 12 Jan 2010 14:34:13 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-37437 Hello, I tried out XORSearch and it found lots of neat stuff in chm and pdf files. One thing I searched for was ".exe" but I discovered there's no quick way to see text before the found text. Seems like a useful option may be to show N bytes after the found text but also some number of bytes before the text. It would be handy in not having to open each file in a hex editor and jump to the location and try to decode around that spot. Great tool. I hope you might think of adding this option sometime. BTW Using a linux gcc version here. Thanks. Hello,
I tried out XORSearch and it found lots of neat stuff in chm and pdf files.
One thing I searched for was “.exe” but I discovered there’s no quick way to see text before the found text. Seems like a useful option may be to show N bytes after the found text but also some number of bytes before the text. It would be handy in not having to open each file in a hex editor and jump to the location and try to decode around that spot.

Great tool. I hope you might think of adding this option sometime.
BTW Using a linux gcc version here.
Thanks.

]]> By: Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-37106 Didier Stevens Sun, 13 Dec 2009 17:49:24 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-37106 No, it doesn't, but it's a good idea. No, it doesn’t, but it’s a good idea.

]]> By: MarkF http://blog.didierstevens.com/programs/xorsearch/#comment-37040 MarkF Sat, 12 Dec 2009 01:59:22 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-37040 Does it support Unicode text in addition to ASCII? That would be a great feature! Does it support Unicode text in addition to ASCII? That would be a great feature!

]]> By: Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-34661 Didier Stevens Mon, 20 Apr 2009 18:27:56 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-34661 Yes, I use it on Linux too. You just have to compile it: gcc -o XORSearch XORSearch.c Yes, I use it on Linux too. You just have to compile it: gcc -o XORSearch XORSearch.c

]]> By: Mike http://blog.didierstevens.com/programs/xorsearch/#comment-34660 Mike Mon, 20 Apr 2009 18:23:44 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-34660 Hi Didier. Great program xorsearch is. I was curious if there is a linux compatible version out there. Thanks! Hi Didier. Great program xorsearch is. I was curious if there is a linux compatible version out there.

Thanks!

]]> By: Update: XORSearch V1.4.0 « Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-34658 Update: XORSearch V1.4.0 « Didier Stevens Sun, 19 Apr 2009 16:43:44 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-34658 [...] updated my XORSearch tool to support ROT encoding. Comments [...] [...] updated my XORSearch tool to support ROT encoding. Comments [...]

]]> By: XORSearch V1.3.0 « Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-26515 XORSearch V1.3.0 « Didier Stevens Wed, 16 Jan 2008 07:58:00 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-26515 [...] Stevens @ 7:57 Maarten Van Horenbeecks’s post gave me the idea for a new feature for my XORSearch tool: searching for a list of strings. This is achieved with the -f option, like [...] [...] Stevens @ 7:57 Maarten Van Horenbeecks’s post gave me the idea for a new feature for my XORSearch tool: searching for a list of strings. This is achieved with the -f option, like [...]

]]> By: Reversing ROL-1 Malware « Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-14199 Reversing ROL-1 Malware « Didier Stevens Sun, 16 Sep 2007 07:16:08 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-14199 [...] up with an unpacked PE file. BinText reveals some strings, but not URLs. Searching for HTTP with XORSearch (version 1.1) doesn’t reveal any XOR [...] [...] up with an unpacked PE file. BinText reveals some strings, but not URLs. Searching for HTTP with XORSearch (version 1.1) doesn’t reveal any XOR [...]

]]> By: XORSearch, descifrando binarios « TIDDER http://blog.didierstevens.com/programs/xorsearch/#comment-13056 XORSearch, descifrando binarios « TIDDER Tue, 21 Aug 2007 10:40:11 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-13056 [...] descifrando binarios XORSearch es una herramienta para buscar una cadena cualquiera de texto en un archivo binario, cuyos bytes [...] [...] descifrando binarios XORSearch es una herramienta para buscar una cadena cualquiera de texto en un archivo binario, cuyos bytes [...]

]]> By: XORSearch V1.2.0: XOR & ROL « Didier Stevens http://blog.didierstevens.com/programs/xorsearch/#comment-12660 XORSearch V1.2.0: XOR & ROL « Didier Stevens Tue, 14 Aug 2007 06:34:19 +0000 http://didierstevens.wordpress.com/programs/xorsearch/#comment-12660 [...] prompted me to update my XORSearch tool to deal with ROL encoding. Feeling lazy, I only coded ROL support, not ROR. Or did I, what do [...] [...] prompted me to update my XORSearch tool to deal with ROL encoding. Feeling lazy, I only coded ROL support, not ROR. Or did I, what do [...]

]]>