Xref: news2.mv.net comp.os.msdos.djgpp:2697 From: ao950 AT FreeNet DOT Carleton DOT CA (Paul Derbyshire) Newsgroups: comp.os.msdos.djgpp Subject: EXE analysing utility Date: 14 Apr 1996 08:09:54 GMT Organization: The National Capital FreeNet Lines: 163 Sender: ao950 AT freenet2 DOT carleton DOT ca (Paul Derbyshire) Message-ID: <4kqbsi$mg9@freenet-news.carleton.ca> Reply-To: ao950 AT FreeNet DOT Carleton DOT CA (Paul Derbyshire) NNTP-Posting-Host: freenet2.carleton.ca To: djgpp AT delorie DOT com DJ-Gateway: from newsgroup comp.os.msdos.djgpp The following DJGPP code creates an executable called DUMPSTRS.EXE (or a COF called DUMPSTRS.COF if you prefer) Use DUMPSTRS filename (or GO32 DUMPSTRS.COF filename) to run it. It will read the specified file, outputting to screen every string of five or more normal ASCII characters in a row. It will properly read past the ^Zs that trip up using "type" for this and goes around the binary chatter that clutters up conventional dump utilities to get straight to any text strings embedded in the code that may be of interest. Normal ASCII characters are defined between 32 and 127; inclusive. Graphics characters above 160 and control characters are ignored. One string is printed to each line. Many strings of ASCII found are still meaningless or nearly so, but many are the text messages a program is written to output. Interesting things can be found in EXEs, DLLs, COM files, and other binaries. There may be some Easter eggs in some programs only found this way. /* Dumpstrings utility source code, by PGD Freely distributable Prints all 5 or more character readable ASCII strings in a file. */ #include #include #include char printbuf (char i, char *buf); void dohelp (void); char wait1 (void); char checkargs (int argc, char *argv[], char *fname); FILE *f; unsigned long filelen; int main (int argc, char *argv[]) { char buf [81]; char ins=0; int ch; char i=0; char r=0; char g=0; char fname[81]; g= checkargs (argc, argv, fname); if (g == 2) { /* not enough args or too many args */ dohelp(); exit(0); } f = fopen (fname, "rb"); if (f==NULL) { printf ("File not found: %s", argv[1]); exit(1); } fseek (f,0,2); /* Move to end of file, */ filelen=ftell(f); /* get file length, */ fseek (f,0,0); /* and return to start of file. */ _setcursortype (_NOCURSOR); do { ch=getc(f); if ((ch>31 && ch<128) || (ch>159 && g)) { /* readable character */ buf[i]=ch; i++; if (i==5) { ins++; } else if (i==79) { r=printbuf(i, buf); i=0; } } else { /* not readable character */ if (ins) { /* End of string. Print buffer */ r=printbuf(i, buf); ins=0; } i=0; } } while (ch!=EOF && !r); fclose(f); _setcursortype (_NORMALCURSOR); printf ("\n"); } char printbuf (char i, char *buf) { static char ll; char l2; char r=0; buf[i]=0; l2=70-strlen(buf); printf ("%s", buf); for (i=0; i DUMPSTRS FILE.EXT\n"); printf ("Or: C:\\> DUMPSTRS FILE.EXT -g (show graphics characters too)\n\n"); } char wait1 (void) { char ch=0; char r=0; char buf[81]; cputs("\n"); textcolor (BLACK); textbackground (WHITE); do { gotoxy (1,24); if (ch!=0) cputs ("\x07"); sprintf (buf,"Shown %d%c of %u bytes. Press SPACE to continue, 'q' to quit\n" ,ftell(f)*100/filelen,'%',filelen); cputs(buf); do { ch=getch(); } while (ch == 10 || ch == EOF || ch == 0); } while (ch != ' ' && ch != 'q' && ch != 'Q'); if (ch!=' ') { /* must be q */ r=-1; } textcolor (WHITE); textbackground (BLACK); gotoxy (1,24); return(r); } char checkargs (int argc, char *argv[], char *fname) { char f=0; char g=0; char i; for (i=1; i3) { g=2; /* error! */ } return(g); } -- .*. "Clouds are not spheres, mountains are not cones, coastlines are not -() < circles, and bark is not smooth, nor does lightning travel in a `*' straight line." ,------------------------------------------------ -- B. Mandelbrot | Paul Derbyshire (PGD) ao950 AT freenet DOT carleton DOT ca