elf strings
v0.9.1
反向工程师更好的strings实用程序。
精灵串将在给定的二进制中编程读取精灵二进制的字符串部分。这与Unix Unix实用strings相似,但是是为小精灵二进制的目的。
这意味着您可以获取有关二进制字符串的合适信息,例如它们所居住的部分,部分中的偏移等等。该实用程序还具有“删除” C ++符号的功能,迭代链接的库和打印有关精灵的基本信息。
这对于在分析二进制时快速抓取字符串非常有用。
git clone https://github.com/LloydLabs/elf-strings
cd elf-strings
go build
-binary string
the path to the ELF you wish to parse
-demangle
demangle C++ symbols into their original source identifiers, prettify found C++ symbols (optional)
-hex
output the strings as a hexadecimal literal (optional)
-libs
show the linked libraries in the binary (optional)
-max-count uint
the maximum amount of strings that you wish to be output (optional)
-min uint
the minimum length of the string
-no-color
disable color output in the results
-no-human
don't validate that its a human readable string, this could increase the amount of junk.
-no-info
don't show any information about the binary
-no-trim
disable triming whitespace and trailing newlines
-offset
show the offset of the string in the section (default, recommended) (default true)
-output-file string
the path of the output file that you want to output to (optional)
-output-format string
the format you want to output as (optional, plain/json/xml) (default "plain")
一个例子抓住了echo实用程序中的字符串。
./elf-strings --binary=/bin/echo --min=4 --max-count=10
[+] Size: 31 kB
[+] Arch: x86_64
[+] Entry point: 0x401800
[+] Class: ELFCLASS64
[+] Byte order: LittleEndian
[.dynstr+0x0]: libc.so.6
[.dynstr+0xa]: fflush
[.dynstr+0x11]: __printf_chk
[.dynstr+0x1e]: setlocale
[.dynstr+0x28]: mbrtowc
[.dynstr+0x30]: strncmp
[.dynstr+0x38]: strrchr
[.dynstr+0x40]: dcgettext
[.dynstr+0x4a]: error
[.dynstr+0x50]: __stack_chk_fail
