Skip to content
strings2: An improved strings extraction tool.
Branch: master
Clone or download


Strings2 is a Windows 32bit and 64bit command-line tool for extracting strings from binary data. On top of the classical Sysinternals strings approach, this improved version is also able to dump strings from process address spaces and also reconstructs hidden assembly local variable assignment ASCII/unicode strings. Currently, the ASM-string extracting approach only supports the x86 instruction set.

I am maintaining a public binary release download page for this project at:


The command-line flags for strings2 are as follows:

Prints the filename/processname before each string.

Recursively process subdirectories.

Prints the type before each string. Unicode,
ASCII, or assembly unicode/ASCII stack push.

Only prints the extracted ASCII/unicode
assembly stack push-hidden strings.

Only prints the regular ASCII/unicode strings.

 -l [numchars]
Minimum number of characters that is
a valid string. Default is 4.

No header is printed in the output.

The strings from the process address space for the
specified PID will be dumped. Use a '0x' prefix to
specify a hex PID.
Dumps strings from all accessible processes on the
system. This takes awhile.

Example Usage

From the command prompt:

  • strings2 malware.exe
  • strings2 *.exe > strings.txt
  • strings2 *.exe -nh -f -t -asm > strings.txt
  • strings2 -pid 419 > process_strings.txt
  • strings2 -pid 0x1a3 > process_strings.txt
  • strings2 -system > all_process_strings.txt
  • cat abcd.exe | strings2 > out.txt


Contributions are welcome. Some possible contribution directions are as follows:

  • Only print unique strings.
  • Add flag support for dumping process strings by process/window title matching.
  • Add x64 assembly support for extracting ASM stack pushed strings.
You can’t perform that action at this time.