你看看这个工具可以用吗?0 ^) \$ j$ |" j! t5 j
http://www.aluigi.org/mytoolz/exestringz.zip: v4 y8 {- P7 i9 A: u( a! a/ y
/ E; A! u/ Z2 J2 S
http://www.aluigi.org/mytoolz.htm' F' S9 q/ v+ O& k: o2 O7 K' x
Executable's strings lister and replacer 0.2.3 (exestringz) .image.
( Z6 r5 v" s( e# L1 G1 v5 Z; D" h# }this tool has the main purpose of finding any ASCII and unicode string inside PE and ELF executables with the possibility of modifying them using any external text editor and re-injecting them in the original executable.
, E( P* r& w- _4 K. ^6 l' utechnically the finding of the strings works in the following way: it disassembles all the executable sections of the input file (like .text, only x86 32 bit supported) and visualizes any string or any array of strings, so any instruction like push "string" or mov eax, "string" or mov eax, "[4*edx+array]" and so on is handled perfectly.
2 c- ^& t6 [ ]4 a. j+ ]instead the injecting of the modified strings back in the executable (ELF not supported) is performed through the adding of a new "stringz" section which contains all the new strings and the substituiting of all the pointers to those strings collected in the "finding" operation with the new ones (relocation).. `) a; n: e" T8 F
the tool can be also used as a quick and advanted strings program (the one available on *nix) with the difference that the strings found by exestringz are not casuals but are found and confirmed by the disassembled code avoiding false positives.8 G* |/ K" c& T' \* ^
anyway through the -b option the tool can acts exactly like the strings program and naturally can also re-import the modified strings.
3 s( t( G$ ]. E! v) gthere is also an "experimental" option specific for the asian utf8 which was also the reason of the initial creation of this tool for the translating of a japanese game.
, O& A ^7 O. qnote that for obvious technical reasons is not possible to export and reimport ever all the strings for any executable because in some cases (usually with big programs) could be generated false positives, anyway the output file generated by the tool is very easy to understand and edit so it's not a problem.
) i- y" v2 N- f/ Y7 Ytechnical limitations:
' `/ \1 W8 e$ d2 U- |+ p; f! Y, F6 V" ?% h& W4 @5 v5 P4 `3 X3 N
the end_of_line (carriage return/line feed) is left as was in the original string, so the result is that the output file could have a "mixed" style of unix ('\\n') and windows ('\\r\\n'), and some text editor could try to convert the whole text in or the other style causing troubles (for example overwriting other strings or resources in the executable) " n6 f9 x6 @, u( F' u, Y
the recognization of the english strings is ok since that charset is enough limited but for the others it's just a chaos anyway the tool is still a work-in-progress... |