Future4Tech

Strings – Windows CMD Command

by

Search for ANSI and UNICODE strings in binary files.

Syntax
      strings [-a] [-f offset] [-b bytes] [-n length] [-o] [-q] [-s]
         [-u] file_or_directory

Key
   -a  Ascii-only search (Unicode and Ascii is default)
   -b  Bytes of file to scan
   -f  File offset at which to start scanning.
   -o  Print offset in file string was located
   -n  Minimum string length (default is 3)
   -q  Quiet (no banner)
   -s  Recurse subdirectories
   -u  Unicode-only search (Unicode and Ascii is default)

Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.

if you run strings on a .jpg and one of them says ‘This program cannot be run in DOS mode‘ that’s no JPEG. Malware authors like to make Portable Executables that end in .gif/.jpg/etc to evade human checks.

Examples:

Search one or more files for the presence of a particular string:

strings *.dll | findstr /i TextToSearchFor

Search a jpg file for signs of executable code:

strings sample.jpg | findstr /i /c:"This program cannot be run in DOS mode"

You may also like...

1 Response

  1. Clone Rolex Dubai says:
    August 26, 2020 at 2:16 am

    Perfect!!!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *