Strings (SysInternals)

Search for ANSI and UNICODE strings in binary files.

Syntax
      strings [-a] [-f offset] [-b bytes] [-n length] [-o] [-q] [-s]
         [-u] file_or_directory

Key
   -a  Ascii-only search (Unicode and Ascii is default)
   -b  Bytes of file to scan
   -f  File offset at which to start scanning.
   -o  Print offset in file string was located
   -n  Minimum string length (default is 3)
   -q  Quiet (no banner)
   -s  Recurse subdirectories
   -u  Unicode-only search (Unicode and Ascii is default)

Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.

If you run strings on a .jpg and it includes: 'This program cannot be run in DOS mode' that indicates, it is an executable, not a JPEG. Malware authors often disguise portable executables that end in .gif/.jpg/etc to evade human checks. [source]

Because strings will scan through the entirety of a binary file it can be useful for finding undocumented command line options.

Examples

Export the Unicode and ASCII content of an executable file to a csv file:

strings -q demo.exe > demo.csv

Search a jpg file for signs of executable code:

strings sample.jpg | findstr /i /c:"This program cannot be run in DOS mode"

Search multiple DLL files for the string 'quiet':

strings *.dll | findstr /i quiet

“My advice is, don’t spend money on therapy. Spend it in a record store” ~ Wim Wenders

Related commands:

ANSI colors - Use ANSI colors in the terminal.
FINDSTR - Search for strings in files.
TYPE - Display the contents of a text file.
BinText 3.0 - Free GUI utility, search/extract text from binary files.


 
Copyright © 1999-2022 SS64.com
Some rights reserved