Description

Display printable strings in [file(s)] (stdin by default)

Usage

Syntax

Usage: srch_strings [option(s)] [file(s)]

Options

-a -

Scan the entire file, not just the data section

-f

Print the name of the file before each string

-n number

Locate & print any NUL-terminated sequence of at

-<number>

least [number] characters (default 4).

-t {o,x,d}

Print the location of the string in base 8, 10 or 16

-o

An alias for --radix=o

-e {s,S,b,l,B,L}

Select character size and endianness:

s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit

-h

Display this information

-v

Print the program's version number

Example

$ srch_strings lab1.img | grep "\.exe"
C:\WINDOWS\temp\labs\lab1.exe
ntoskrnl.exe
ntoskrnl.exe
ntoskrnl.exe
mekr386.exe
services.exe
svchost.exe
VMwareUser.exe
C:\Program Files\Outlook Express\msimn.exe /reg
svchost.exe
svchost.exe
alg.exe
explorer.exe
svchost.exe
csrss.exe
lsass.exe
msmsgs.exe
vmacthlp.exe
VMwareTray.exe
svchost.exe
winlogon.exe

Comments