Skip to content
/ strings-rs Public

Extract static, stack, tight, decoded strings from a given file

License

Apache-2.0 license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

marirs/strings-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
assets/sigs
assets/sigs
 
 
data
data
 
 
examples
examples
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

STRINGS

This is a library to statically de-obufscate strings from malware binaries. It performs extraction of:

  • static strings: "regular" ASCII and UTF-16LE strings
  • stack strings: strings constructed on the stack at run-time
  • tight strings: special form of stack strings, decoded on the stack
  • decoded strings: strings decoded in a function

This is a rust port of the original Floss project initially written in python. See original.

Most of the work is also guided by the Goblin Project.

USAGE

[dependencies]
strings = { git = "https://github.com/marirs/strings-rs", branch = "master" }

And

use log::Level;
use simple_logger::init_with_level;
use floss::analyze;
use floss::results::{StaticString, StringOptions};

pub fn main(){
    init_with_level(Level::Trace);
    let signature_path = "(embedded signatures)";
    let results = analyze("data/test-decode-to-stack.exe", vec![StringOptions::StaticString(StaticString::default())], vec![], "sc32",signature_path, false);
    println!("{:?}", results);
}

LICENSE: Apache 2.0

About

Extract static, stack, tight, decoded strings from a given file

Topics

rust strings rust-lang floss rust-library rust-crate

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages