Skip to content

hepler/interestring

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

interestring

interesting things about strings

Use interestring to add informative annotations to output from static analysis tools like strings.exe or FLOSS.

Usage

usage: interestring.py [-h] [-a] [strings_input]

Learn more about strings

positional arguments:
  strings_input    A term or file to annotate (or pipe it in via stdin)

optional arguments:
  -h, --help       show this help message and exit
  -a, --annotated  Only show annotated output

Input can be provided via stdin:

$ strings example.exe | interestring

or as an argument:

$ interestring strings.txt

which also allows you to look up individual terms:

$ ./interestring.py GetProcAddress
GetProcAddress  > MSDN: Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). (http://msdn.microsoft.com/en-us/library/ms683212%28VS.85%29.aspx)

Sample

Using a snippet of the sample output from the FLOSS readme for demonstration purposes:

$ ./interestring.py -a floss.txt 
WS2_32.dll                                              > DLL: Win32 API DLL                    
FreeLibrary                                             > MSDN: Frees the loaded dynamic-link library (DLL) module and, if necessary, decrements its reference count. When the reference count reaches zero, the module is unloaded from the address space of the calling process and the handle is no longer valid. (http://msdn.microsoft.com/en-us/library/ms683152%28VS.85%29.aspx)
GetProcAddress                                          > MSDN: Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). (http://msdn.microsoft.com/en-us/library/ms683212%28VS.85%29.aspx)
LoadLibraryA                                            > MSDN: Loads the specified  module into the address space of the calling process. The specified module may cause other modules to be loaded. (http://msdn.microsoft.com/en-us/library/ms684175%28VS.85%29.aspx)
GetModuleHandleA                                        > MSDN: Retrieves a module handle for the specified module. The module must have been loaded by the calling process. (http://msdn.microsoft.com/en-us/library/ms683199%28VS.85%29.aspx)
GetVersionExA                                           > MSDN: [GetVersionEx may be altered or unavailable for releases after Windows 8.1. Instead, use the Version Helper functions] With the release of Windows 8.1, the behavior of the GetVersionEx API has changed in the value it will return for the operating system version. The value returned by the GetVersionEx function now depends on how the application is manifested. (http://msdn.microsoft.com/en-us/library/ms724451%28VS.85%29.aspx)
Sleep                                                   > MSDN: Suspends the execution of the current thread until the time-out interval elapses. (http://msdn.microsoft.com/en-us/library/ms686298%28VS.85%29.aspx)
GetLastError                                            > MSDN: Retrieves the calling thread's last-error code value. The last-error code is maintained on a per-thread basis. Multiple threads do not overwrite each other's last-error code. (http://msdn.microsoft.com/en-us/library/ms679360%28VS.85%29.aspx)
DeleteFileA                                             > MSDN: Deletes an existing file. (http://msdn.microsoft.com/en-us/library/aa363915%28VS.85%29.aspx)
WriteFile                                               > MSDN: Writes data to the specified file or input/output (I/O) device. (http://msdn.microsoft.com/en-us/library/aa365747%28VS.85%29.aspx)
Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings > REGISTRY:                             
Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings > REGISTRY:   

About

interesting things about strings

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages