https://github.com/marirs/strings-rs
Extract static, stack, tight, decoded strings from a given file
https://github.com/marirs/strings-rs
floss rust rust-crate rust-lang rust-library strings
Last synced: 4 months ago
JSON representation
Extract static, stack, tight, decoded strings from a given file
- Host: GitHub
- URL: https://github.com/marirs/strings-rs
- Owner: marirs
- License: apache-2.0
- Created: 2022-11-28T15:32:50.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2024-10-16T07:20:21.000Z (over 1 year ago)
- Last Synced: 2025-08-18T21:13:09.597Z (10 months ago)
- Topics: floss, rust, rust-crate, rust-lang, rust-library, strings
- Language: Rust
- Homepage:
- Size: 5.22 MB
- Stars: 0
- Watchers: 1
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# STRINGS
This is a library to statically de-obufscate strings from malware binaries. It performs extraction of:
- static strings: "regular" ASCII and UTF-16LE strings
- stack strings: strings constructed on the stack at run-time
- tight strings: special form of stack strings, decoded on the stack
- decoded strings: strings decoded in a function
This is a rust port of the original Floss project initially written in python.
[See original](https://github.com/mandiant/flare-floss).
Most of the work is also guided by the [Goblin Project.](https://github.com/m4b/goblin)
## USAGE
```toml
[dependencies]
strings = { git = "https://github.com/marirs/strings-rs", branch = "master" }
```
And
```rust
use log::Level;
use simple_logger::init_with_level;
use floss::analyze;
use floss::results::{StaticString, StringOptions};
pub fn main(){
init_with_level(Level::Trace);
let signature_path = "(embedded signatures)";
let results = analyze("data/test-decode-to-stack.exe", vec![StringOptions::StaticString(StaticString::default())], vec![], "sc32",signature_path, false);
println!("{:?}", results);
}
```
---
LICENSE: Apache 2.0