Search for Strings within Executables

Search for embedded strings within binary files using the Strings command-line utility by Mark Russinovich. Executables and object files will many times have embedded UNICODE strings that you cannot easily see with a standard ASCII strings or Grep programs.  In combination with the Grep utility, Strings utility allows you to perform a search and find specific text such as, version numbers in binary files. It can also assist you in malware investigations such as, searching for URLs embedded within malicious binary files. However, the utility will not find any meaningful strings in compressed or encrypted binary files.

Strings utility scans the file for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters.

usage: strings.exe [-a] [-f offset] [-b bytes] [-n length] file or directory>

-a     Ascii-only search (Unicode and Ascii is default)
-b     Bytes of file to scan
-f     File offset at which to start scanning
-o     Print offset in file string was located
-n     Minimum string length (default is 3)
-q     Quiet (no banner)
-s     Recurse subdirectories
-u     Unicode-only search (Unicode and Ascii is default)

Download Strings from Sysinternals – http://technet.microsoft.com/en-gb/sysinternals/bb897439

Share