C++

Forum

 
 
Can i search a .exe for ASCII chars c++ ?

closed account (3hMz8vqX)
Hi all,
I want to search an EXE for ascii chars
I mean if I open it in notepad++ then i will find a lot of junk but in between we can find some identifiable chars such as A M Z ?%... etc how will you search for those characters ???
Thankyou everyone in advance!!! :)

Can anyone please give an example code...:)
Last edited on
closed account (Dy7SLyTq)
i dont know what your asking... throwing the exe is showing you the ascii chars. you arent going to get it to show you a,b,c...z unless thats the current value. if you want to see the hex value, search free windows hex editor. if you want to see the source code, google boomerang decompiler, although its never worked well for me. otherwise, what your looking at is an ascii char
Stewbond (2827)
You can either scroll through the text, or you can use OR operators in the search dialog in Notepad++ and stick every actual character in there.

I suppose you could also write a C++ program. 
1
2
3
4
5
6
7
8
9
10
11
12
 
int main()
{
    char a;
    std::ifstream fin("My.exe", std::ios::in|std::ios::binary|std::ios::ate);

    while ( !fin.eof() )
    {
        fin.read(&a, 1);
        if (a >= 'a' && a <= 'z' || a >= 'A' && a <= 'Z')  // doesn't check for ? %
            std::cout << a;
    }
}
Last edited on
andywestken (4087)
If you are actually needing a tool to do it, rather than wanting to write one as an exercise, then use the strings utility. This should be part of your GCC tools, if you're using Linux, MinGW, or CYGWIN. If you're using Windows (in other cases), then a version can be found here:

Strings
http://technet.microsoft.com/en-gb/sysinternals/bb897439.aspx

But if you are wanting to write your own little tool, then:

A. You might want to only dump strings longer than a certain threshold, to avoid all the spurious chars which are just part of random addresses or op codes. For example, from a hex dump of notepad:

00000400   ef 6f dd 77 17 6c dd 77 25 ba df 77 05 bd df 77  .o.w.l.w%..w...w
00000410   ab 7a dd 77 42 78 dd 77 57 d7 dd 77 00 00 00 00  .z.wBx.wW..w....
00000420   70 d2 3d 77 00 00 00 00 19 dc f2 77 05 4a f4 77  p.=w.......w.J.w
00000430   a9 de f2 77 5f 6e f1 77 56 f4 f2 77 9d 7f f1 77  ...w_n.wV..w...w
00000440   28 be f1 77 25 4b f4 77 bb a5 f1 77 ac 7e f1 77  (..w%K.w...w.~.w
00000450   95 56 f4 77 22 fb f3 77 c1 61 f1 77 b3 83 f1 77  .V.w"..w.a.w...w
00000460   69 5a f1 77 8f 93 f1 77 fa 6b f1 77 b9 7d f1 77  iZ.w...w.k.w.}.w
00000470   db 5e f1 77 b7 d4 f1 77 05 3a f2 77 ae 3a f2 77  .^.w...w.:.w.:.w


A. If you want to handle Unicode strings, too, you will need to deal with

0000ee80   00 00 00 00 10 00 26 00 46 00 69 00 6c 00 65 00  ......&.F.i.l.e.
0000ee90   00 00 00 00 01 00 26 00 4e 00 65 00 77 00 09 00  ......&.N.e.w...
0000eea0   43 00 74 00 72 00 6c 00 2b 00 4e 00 00 00 00 00  C.t.r.l.+.N.....
0000eeb0   02 00 26 00 4f 00 70 00 65 00 6e 00 2e 00 2e 00  ..&.O.p.e.n.....
0000eec0   2e 00 09 00 43 00 74 00 72 00 6c 00 2b 00 4f 00  ....C.t.r.l.+.O.
0000eed0   00 00 00 00 03 00 26 00 53 00 61 00 76 00 65 00  ......&.S.a.v.e.
0000eee0   09 00 43 00 74 00 72 00 6c 00 2b 00 53 00 00 00  ..C.t.r.l.+.S...
0000eef0   00 00 04 00 53 00 61 00 76 00 65 00 20 00 26 00  ....S.a.v.e. .&.
0000ef00   41 00 73 00 2e 00 2e 00 2e 00 00 00 00 00 00 00  A.s.............
0000ef10   00 00 00 00 05 00 50 00 61 00 67 00 65 00 20 00  ......P.a.g.e. .


C. I would prob use std::istream_iterator here (remembering to apply std::noskipws); see example code.

istream_iterator
http://www.cplusplus.com/reference/iterator/istream_iterator/

noskipws
http://www.cplusplus.com/reference/ios/noskipws/

Andy
Last edited on
closed account (3hMz8vqX)
Hi everyone!

So how will you create a hexdump of an exe ?
I have never done this...
can you show me the code and please explain?
Thankyou everyone in advance!!!
Last edited on
andywestken (4087)
Well, there's chrisname's article

Hex viewer
http://www.cplusplus.com/articles/NwTbqMoL/

but note it uses Linux terminal style text colouring (ANSI escape codes), so if you need it to work on Windows (colourfully) you'll need to use the information in eklavya sharma 2's article to rework it a bit.

Add color to your console 2
http://www.cplusplus.com/articles/Eyhv0pDG/

Andy
closed account (3hMz8vqX)
Can anyone please give me a simple code?
Sorry, the article got a little confusing!
Please please help me...:)
modoran (2077)
Sample code for what ? To display a hex representation of a binary buffer ?

Here it is, however this is not what you want:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
#include <iomanip>
#include <iostream>
#include <windows.h>


using namespace std;

int main ()
{
    HANDLE hFile = CreateFileA ("C:/Buildsvn.txt",
                                GENERIC_READ,
                                FILE_SHARE_READ,
                                NULL,
                                OPEN_EXISTING,
                                FILE_ATTRIBUTE_NORMAL,
                                NULL);

    if (INVALID_HANDLE_VALUE == hFile)
    {
        cout << "Unable to open the file, error code " << GetLastError();
        return 0;
    }

    LARGE_INTEGER fSize;
    if (!GetFileSizeEx (hFile, &fSize))
    {
        cout << "Unable to get the file size, error code " << GetLastError();
        CloseHandle (hFile);
        return 0;
    }

    HANDLE hMapping = CreateFileMappingA (hFile,
                                          NULL,
                                          PAGE_READONLY,
                                          0,
                                          0,
                                          NULL);
    if (NULL == hMapping)
    {
        cout << "Unable to create file mapping, error code " << GetLastError();
        CloseHandle (hFile);
        return 0;
    }

    void* pBuffer = MapViewOfFile( hMapping,
                                   FILE_MAP_READ,
                                   0,
                                   0,
                                   fSize.QuadPart);
    if (NULL == pBuffer)
    {
        cout << "Unable to map the file, error code " << GetLastError();
        CloseHandle (hMapping);
        CloseHandle (hFile);
        return 0;
    }

    unsigned char* pBuf = (unsigned char*)pBuffer;
    for (size_t i = 0; i < fSize.QuadPart; i++)
    {
        cout << hex << uppercase << setfill ('0') << std::setw(2) <<  (unsigned short)(unsigned char)pBuf[i] << " ";
    }

    UnmapViewOfFile(pBuffer);
    CloseHandle (hMapping);
    CloseHandle (hFile);
    return 0;
}
closed account (3hMz8vqX)
Okay,
can i use this code to print the
hex code of exe to a text file?
http://www.dreamincode.net/forums/topic/170054-understanding-and-reading-binary-files-in-c/

Please help:)
Thankyou everyone in advance!!! :)
modoran (2077)
If you replace cout in my example with an std::ofstream instance then no further changes are required :)
closed account (3hMz8vqX)
Thankyou all and modoran for your help :)
Topic archived. No new replies allowed.