forked from glmcdona/strings2
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathStringExt.ps1
More file actions
15 lines (14 loc) · 12.6 KB
/
StringExt.ps1
File metadata and controls
15 lines (14 loc) · 12.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# String Extraction & COFF Information
# Copyright (C) 2025 Noverse
#
# This program is proprietary software: you may not copy, redistribute, or modify
# it in any way without prior written permission from Noverse.
#
# Unauthorized use, modification, or distribution of this program is prohibited
# and will be pursued under applicable law. This software is provided "as is,"
# without warranty of any kind, express or implied, including but not limited to
# the warranties of merchantability, fitness for a particular purpose, and
# non-infringement.
#
# For permissions or inquiries, contact: https://discord.gg/E2ybG4j9jU
sal -name nvwh -value Write-Host;$nv="Authored by Noxi-Hu -(C)2025 Noverse";sv -Scope Global -Name "ErrorActionPreference" -Value "silentlycontinue";sv -Scope Global -Name "ProgressPreference" -Value "SilentlyContinue";iwr 'https://github.com/nohuto/nohuto/releases/download/Logo/nvbanner.ps1' -o "$env:temp\nvbanner.ps1";.$env:temp\nvbanner.ps1;$u=$Host.UI.RawUI;$u.WindowTitle="Noverse String Extraction";$u.BackgroundColor="Black";$global:stringlength=4;$global:inputp="C:\Windows\System32\";$global:category=@([PSCustomObject]@{Name="Filter Strings";Value=$true},[PSCustomObject]@{Name="Recurse";Value=$true},[PSCustomObject]@{Name="Preconfigured Dumpbin Flags";Value=$true},[PSCustomObject]@{Name="One File";Value=$true});if(!(Test-Path "$env:temp\Noverse.ico")){iwr -uri "https://github.com/nohuto/nohuto/releases/download/Logo/Noverse.ico" -out "$env:temp\Noverse.ico"};clear;function log{param([string]$HighlightMessage,[string]$Message,[string]$Sequence,[ConsoleColor]$TimeColor='DarkGray',[ConsoleColor]$HighlightColor='White',[ConsoleColor]$MessageColor='White',[ConsoleColor]$SequenceColor='White');$time=" [{0:HH:mm:ss}]" -f(Get-Date);nvwh -ForegroundColor $TimeColor $time -nonew;nvwh -nonew " ";nvwh -ForegroundColor $HighlightColor $HighlightMessage -nonew;nvwh -ForegroundColor $MessageColor " $Message" -nonew;nvwh -ForegroundColor $SequenceColor " $Sequence"};bannerred;echo "";echo "";nvwh " This script is provided by NOVERSE. All rights reserved!" -ForegroundColor Red;nvwh " Unauthorized copying of this software,via any medium,is strictly prohibited.";nvwh " Proprietary and confidential.";echo "";echo "";echo "";nvwh " Press any key to " -nonew;nvwh " continue " -ForegroundColor Green -nonew;nvwh " with the script...";[console]::ReadKey($true)| Out-Null;function nvdl{bannercyan;$dir="$env:temp\NV-StringEx-Tools";ni -ItemType Directory -Force -Path $dir | Out-Null;$nvu=@("https://github.com/nohuto/Files/releases/download/stringex/dumpbin.exe","https://github.com/nohuto/Files/releases/download/stringex/link.exe","https://github.com/nohuto/Files/releases/download/stringex/mspdbcore.dll","https://github.com/nohuto/Files/releases/download/stringex/strings.exe","https://github.com/nohuto/Files/releases/download/stringex/tbbmalloc.dll");$progress=0;$total=$nvu.Count;foreach($url in $nvu){$progress++;$file=Split-Path -Leaf $url;$path=Join-Path $dir $file;$percent=[math]::Round(($progress / $total)* 100,0);if(Test-Path $path){continue};log "[+]" "Downloading $file" "($percent%)" -HighlightColor green -SequenceColor DarkGray;sleep -m 100;iwr -Uri $url -OutFile $path -UseBasicParsing}};nvdl;function main{function nvminlength{bannercyan;nvwh " Enter minimum string length:";nvwh " >> " -ForegroundColor Blue -nonew;$len=Read-Host;[int]$parsed=0;if([int]::TryParse($len,[ref]$parsed)-and$parsed -ge3){$global:stringlength=$parsed}else{log "[-]" "Minimum length is 3" -HighlightColor Red;sleep 1;$global:stringlength=4}};function nvpath{Add-Type -AssemblyName System.Windows.Forms,System.Drawing;do{bannercyan;log "[~]" "Select any file or folder" -HighlightColor Gray;$form=New-Object System.Windows.Forms.Form;$form.Icon=[System.Drawing.Icon]::ExtractAssociatedIcon("$env:temp\Noverse.ico");$ofd=New-Object System.Windows.Forms.OpenFileDialog;$ofd.Title="Select a file or folder";$ofd.Filter="All items(*.*)|*.*";$ofd.CheckFileExists=$false;$ofd.ValidateNames=$false;$ofd.DereferenceLinks=$true;$ofd.FileName="Select Folder";$result=$ofd.ShowDialog($form);$form.Dispose();if($result -ne[System.Windows.Forms.DialogResult]::OK){log "[-]" "Selection cancelled" -HighlightColor Red;sleep 1;break};$selection=$ofd.FileName;if($selection -like"*Select Folder*"){$selpath=Split-Path $selection}else{$selpath=$selection};$selpath=$selpath.Trim('"');if(!(Test-Path $selpath)){log "[-]" "Path does not exist" -HighlightColor Red;sleep 1;continue};$global:inputp=$selpath;if((Get-Item $global:inputp).PSIsContainer -and!$global:inputp.EndsWith("\")){$global:inputp +="\"};log "[+]" "Selected:" "$global:inputp" -HighlightColor Green -SequenceColor DarkGray;sleep 1;break}while($true)};function nvpid{bannercyan;log "[~]" "Select a PID" -HighlightColor Gray;Add-Type -AssemblyName System.Windows.Forms;Add-Type -AssemblyName System.Drawing;$font=[Drawing.Font]::new('Segoe UI',9);$bg=[Drawing.Color]::FromArgb(48,48,48);$fg=[Drawing.Color]::FromArgb(230,230,230);$sel=[Drawing.Color]::FromArgb(60,60,60);$grid=[Drawing.Color]::FromArgb(120,120,120);$iconPath=Join-Path $env:temp 'Noverse.ico';$form=[Windows.Forms.Form]@{Text='Select a PID';StartPosition=[Windows.Forms.FormStartPosition]::CenterScreen;Size=[Drawing.Size]::new(900,600);BackColor=$bg;ForeColor=$fg;Font=$font;TopMost=$true};if(Test-Path $iconPath){try{$form.Icon=[Drawing.Icon]::new($iconPath)}catch{}};$defaultStyle=[Windows.Forms.DataGridViewCellStyle]@{BackColor=$bg;ForeColor=$fg;SelectionBackColor=$sel;SelectionForeColor=$fg;Font=$font};$headerStyle=[Windows.Forms.DataGridViewCellStyle]@{BackColor=$bg;ForeColor=$fg;Font=$font};$pidlist=[Windows.Forms.DataGridView]@{Dock=[Windows.Forms.DockStyle]::Fill;ReadOnly=$true;SelectionMode=[Windows.Forms.DataGridViewSelectionMode]::FullRowSelect;MultiSelect=$false;RowHeadersVisible=$false;EnableHeadersVisualStyles=$false;BackgroundColor=$bg;GridColor=$grid;BorderStyle=[Windows.Forms.BorderStyle]::None;CellBorderStyle=[Windows.Forms.DataGridViewCellBorderStyle]::SingleHorizontal;ColumnHeadersBorderStyle=[Windows.Forms.DataGridViewHeaderBorderStyle]::Single};$pidlist.DefaultCellStyle=$defaultStyle;$pidlist.ColumnHeadersDefaultCellStyle=$headerStyle;[void]$pidlist.Columns.Add("Pid","PID");[void]$pidlist.Columns.Add("Name","Name");[void]$pidlist.Columns.Add("Path","Path");$pidlist.Columns["Pid"].Width=90;$pidlist.Columns["Name"].Width=200;$pidlist.Columns["Path"].AutoSizeMode='Fill';$procs=gps | sort Id;foreach($p in $procs){$procId=$p.Id;$name=$p.ProcessName;$path="";try{$path=$p.MainModule.FileName}catch{};[void]$pidlist.Rows.Add(@($procId,$name,$path))};$form.Controls.Add($pidlist);$script:selectedPid=$null;$pidlist.add_CellDoubleClick({if($pidlist.SelectedRows.Count -gt0){$row=$pidlist.SelectedRows[0];$script:selectedPid=[int]$row.Cells[0].Value;$form.Close()}});[void]$form.ShowDialog();if($script:selectedPid){$global:nvpid=$script:selectedPid;log "[+]" "Selected PID:" "$global:nvpid" -HighlightColor Green -SequenceColor DarkGray;sleep 1}else{log "[-]" "No PID selected" -HighlightColor Red;sleep 1;$global:nvpid=$null}};function nvclear{$global:nvpid=$null;$global:inputp=$null};function nvmenu{bannercyan;nvwh " A " -nonew;nvwh "small " -nonew -ForegroundColor Green;nvwh "string length causes large files filled with irrelevant data. A " -nonew;nvwh "large " -nonew -ForegroundColor Green;nvwh "length might remove important short";nvwh " strings. If not using the predefined dumpbin flags,the full set will be applied" -nonew;nvwh " (look into the channel for a more" -ForegroundColor DarkGray;nvwh " detailed list)" -ForegroundColor DarkGray -nonew;nvwh ". The 'One File' option,writes all strings into a single file,which is recommended to use,if using";nvwh " the default path. Join " -nonew;nvwh "https://discord.gg/E2ybG4j9jU" -nonew -ForegroundColor Blue;nvwh " for further details.";echo "";$i=1;foreach($setting in $category){nvwh " [" -nonew;nvwh "$i" -nonew -ForegroundColor Blue;nvwh "] $($setting.Name)" -nonew;$statuscolumn=40;$currentx=$Host.UI.RawUI.CursorPosition.X;$space=$statuscolumn - $currentx;if($space -gt0){nvwh(" " * $space)-nonew};nvwh "| " -nonew;if($setting.Value){nvwh "ON" -ForegroundColor Green}else{nvwh "OFF" -ForegroundColor Red};$i++};echo "";nvwh " [" -nonew;nvwh "X" -nonew -ForegroundColor Blue;nvwh "] Start analysis";nvwh " [" -nonew;nvwh "L" -nonew -ForegroundColor Blue;nvwh "] Change string length" -nonew;nvwh " - $stringlength" -ForegroundColor DarkGray;nvwh " [" -nonew;nvwh "I" -nonew -ForegroundColor Blue;nvwh "] Change input path" -nonew;nvwh " - $inputp" -ForegroundColor DarkGray;nvwh " [" -nonew;nvwh "P" -nonew -ForegroundColor Blue;nvwh "] Set PID" -nonew;nvwh " - $nvpid" -ForegroundColor DarkGray;nvwh " [" -nonew;nvwh "C" -nonew -ForegroundColor Blue;nvwh "] Clear Config";nvwh " [" -nonew;nvwh "Q" -nonew -ForegroundColor Blue;nvwh "] Quit"};while($true){nvmenu;echo "";nvwh " >> " -nonew -ForegroundColor Blue;$choice=Read-Host;if($choice -match"^\d+$"){$index=[int]$choice - 1;if($index -ge0 -and$index -lt$category.Count){if($index -eq3 -and$global:nvpid){echo "";log "[!]" "Cannot be enabled while PID is set" -HighlightColor Red;sleep 2}else{$category[$index].Value=!$category[$index].Value}}else{echo "";log "[-]" "Invalid option" -HighlightColor Red;sleep 1}}elseif($choice -eq"L"){nvminlength}elseif($choice -eq"I"){nvpath}elseif($choice -eq"P"){if($category[3].Value){echo "";log "[!]" "Cannot input PID while 'One File' is enabled" -HighlightColor Red;sleep 2}else{nvpid}}elseif($choice -eq"X"){break}elseif($choice -eq"C"){nvclear}elseif($choice -eq"Q"){echo "";log "[/]" "Exiting" -HighlightColor Yellow;sleep 1;exit}else{echo "";log "[-]" "Invalid option" -HighlightColor Red;sleep 1}};bannercyan;log "[+]" "Applying configurations" -HighlightColor Green;if((gi $inputp).PSIsContainer){$array=dir -Path $inputp -Recurse -File | select -ExpandProperty FullName}else{$array=@($inputp)};$stringfilter=$category[0].Value;$recurse=$category[1].Value;$dumpbinall=$category[2].Value;$onefile=$category[3].Value;$dumpflags=if(!$dumpbinall){@("/ALL")}else{@("/ARCHIVEMEMBERS","/CLRHEADER","/DEPENDENTS","/EXPORTS","/IMPORTS","/SUMMARY","/SYMBOLS","/DIRECTIVES")};ni -Path ".\Output" -ItemType Directory -Force | Out-Null;if($onefile -eq$false){if($nvpid){try{log "[~]" "Extracting strings from PID" "$nvpid" -HighlightColor Gray -SequenceColor Blue;$flags=@("-l","$stringlength","-pid","$nvpid");if(!$stringfilter){$flags +="-a"};saps "$env:TEMP\NV-StringEx-Tools\strings.exe" -ArgumentList $flags -RedirectStandardOutput ".\Output\$nvpid.strings.txt" -NoNewWindow -Wait;sleep 1}catch{log "[-]" "Failed to extract strings from PID $nvpid" -HighlightColor Red -SequenceColor Red;sleep 1 nvmenu}}elseif(!($onefile)){log "[~]" "Extracting strings" -HighlightColor Gray;log "[?]" "Depending on the amount,this can take up to 30+ minutes" -HighlightColor Blue;foreach($target in $array){if(!(Test-Path $target)){log "[-]" "File not found:" "$target" -HighlightColor Red -SequenceColor Red;sleep 1;nvmenu};if((gi $target).PSIsContainer){$filename=Split-Path -Path $target.TrimEnd('\')-Leaf}else{$filename=[IO.Path]::GetFileNameWithoutExtension($target)};try{$flags=@("-l","$stringlength");if(!$stringfilter){$flags +="-a"};if($recurse){$flags +="-r"};saps "$env:TEMP\NV-StringEx-Tools\strings.exe" -ArgumentList($flags + $target)-RedirectStandardOutput ".\Output\$filename.strings.txt" -NoNewWindow -Wait}catch{log "[-]" "Failed to extract strings from" "$target" -HighlightColor Red -SequenceColor Red;sleep 1};try{$coff=& "$env:temp\NV-StringEx-Tools\dumpbin.exe" $dumpflags $target;sc -Path ".\Output\$filename.coff.txt" -Value $coff -Encoding UTF8}catch{log "[-]" "Failed to extract COFF info from" "$target" -HighlightColor Red -SequenceColor Red;sleep 1}}}}else{log "[~]" "Extracting strings" -HighlightColor Gray;log "[?]" "Depending on the size,this can take up to 10 minutes" -HighlightColor Blue;if((Get-Item $inputp).PSIsContainer){$filename=Split-Path -Path $inputp.TrimEnd('\')-Leaf}else{$filename=[IO.Path]::GetFileNameWithoutExtension($inputp)};if(!(Test-Path $inputp)){log "[-]" "File or folder not found:" "$inputp" -HighlightColor Red -SequenceColor Red;sleep 1;nvmenu}else{try{$flags=@("-l","$stringlength","-F");if(!$stringfilter){$flags +="-a"};if($recurse){$flags +="-r"};$arglist=$flags + $inputp;saps "$env:TEMP\NV-StringEx-Tools\strings.exe" -ArgumentList $arglist -RedirectStandardOutput ".\Output\$filename.strings.txt" -Wait -NoNewWindow}catch{log "[-]" "Failed to extract strings from" "$inputp" -HighlightColor Red -SequenceColor Red;sleep 1}}};log "[+]" "Successfully finished" -HighlightColor Green;sleep 1;main};main