Home / Labs / Strings /

Text strings, or just “strings” for short, are pieces of human-readable text contained within a piece of code.

Consider the following code:

printf("Hello World!");

This code calls the function printf with the text string Hello World. This will result in the application outputting “Hello World”. While the printf function call will be translated into machine code, the string will remain intact and stored somewhere within the application.

Under normal circumstance, code is stored in the .text section and strings are stored in the .data or .rdata section. This can be somewhat confusing as the application’s code is compiled to binary, therefore is not “text”.

By browsing sections like .data or .rdata it’s possible to see many of the text strings embedded within a normal application. Often these strings can give us clues as to what the application is doing.

Most malware will attempt to conceal, encrypt, or obfuscate text strings to avoid making it too easy to write detection rules or reverse engineer the code. There are many different techniques by which this can be done. These challenges will introduce you to just some of the many ways malware can conceal text.

Strings 1

Lab Type:
Static Analysis
Languages:
x86_64
Platform:
Windows 64-bit
Difficulty:
An introduction to working with regular text strings in portable executables. Great for beginners who've never done reverse engineering before.

Strings 2

Lab Type:
Static Analysis
Languages:
x86_64
Platform:
Windows 64-bit
Difficulty:
There are many way malware can store strings. Let's test your skills with a very common method malware uses to embed text.

Strings 3

Lab Type:
Static Analysis
Languages:
x86_64
Platform:
Windows 64-bit
Difficulty:
This challenge introduces a popular way in which malware can store arbitrary data, not just text. See if you can figure out what it is.