Friday, June 1, 2012

Strings tool from Sysinternals: String Obfuscation Testing to find Hardcoded Strings in source code

It was in 1996, that Sysinternals website was Created. Mark Russinovich and Bryce Cogswell hosted their advanced system utilities and technical information. The Sysinternals utilities help you manage, troubleshoot and diagnose your Windows systems and applications.

One of these Tools is Strings. Current version is v2.5

At times, DLL, executable, .lib and object files have embedded UNICODE/ Ascii strings that you cannot easily see with a standard ASCII strings or grep programs. Strings is a utility that scans the file you pass it. By default, it searches for strings of length of 3 or more. Wonderful part is that it works on nearly all flavors of Windows including Win 95!

This became such a hit that even Microsoft has given great interest in this project. And, the result is that today you can download this utility directly from Microsoft Website. Yes!! MS holds it now!!
Download from: http://technet.microsoft.com/en-us/sysinternals/bb897439.aspx

Using Strings program:-
1. Open a command prompt
2. Run strings
3. There are multiple options that are described as below:-

usage: strings [-a] [-f offset] [-b bytes] [-n length] [-o] [-q] [-s] [-u]
Strings takes wild-card expressions for file names, and additional command line parameters are defined as follows:
-o Print offset (not of much use)
-n This is the minimum string length (default is 3)
-q Quiet mode
-s Recursive traversal of subdirectories
-a ASCIIonly search [default is Unicode and Ascii]
-b how many Bytes in file to scan
-f File offset from which to start scanning.
-u Unicode-only search (Unicode and Ascii is default)
Happy catching your hardcoded strings. Make your product more secure.

No comments:

Post a Comment