Search for ANSI and UNICODE strings in binary files.
Syntax strings [-a] [-f offset] [-b bytes] [-n length] [-o] [-q] [-s] [-u] file_or_directory Key -a Ascii-only search (Unicode and Ascii is default) -b Bytes of file to scan -f File offset at which to start scanning. -o Print offset in file string was located -n Minimum string length (default is 3) -q Quiet (no banner) -s Recurse subdirectories -u Unicode-only search (Unicode and Ascii is default)
Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.
If you run strings on a .jpg and it includes: 'This program cannot be run in DOS mode' that indicates, it is an executable, not a JPEG. Malware authors often disguise portable executables that end in .gif/.jpg/etc to evade human checks. [source]
When installing strings.exe just ensure it is placed somewhere in either the system PATH or in the current directory.
Because strings will scan through the entirety of a binary file it can be useful for finding undocumented command line options.
Export the Unicode and ASCII content of an executable file to a csv file:
strings -q demo.exe > demo.csv
Search a jpg file for signs of executable code:
strings sample.jpg | findstr /i /c:"This program cannot be run in DOS mode"
Search multiple DLL files for the string 'quiet':
strings *.dll | findstr /i quiet
“My advice is, don’t spend money on therapy. Spend it in a record store” ~ Wim Wenders
ANSI colors - Use ANSI colors in the terminal.
FINDSTR - Search for strings in files.
TYPE - Display the contents of a text file.
BinText 3.0 - Free GUI utility, search/extract text from binary files.