Skip to content

NotRequiem/ntstrings

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
ntstrings
ntstrings
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
architecture.md
architecture.md
 
 
ntstrings.slnx
ntstrings.slnx
 
 

Repository files navigation

ntstrings

ntstrings is a string extraction tool for Windows. Designed as a high-performance alternative to standard tools like Sysinternals strings, bstrings, xxstrings, strings2, etc.

For a more in-depth explanation of the scanning approach, see the architecture documentation.

Usage

ntstrings [options] <path>

Core Options

Flag Description
-h Show the help menu.
-d <dir> Recursive directory scan. Instead of a single file, provide a directory path to scan all files inside it.
-o <file> Output file. Write the extracted strings to the specified file instead of printing them to the console (greatly improves performance for large outputs).

Search & Filtering

Flag Description
-f <str> Find needle. Only output strings that contain this specific substring. Highly optimized.
-i Case insensitive. Makes the -f needle search case-insensitive.
-n <len> Minimum length. Minimum number of characters for a string to be considered valid. (Default: 4)
-x <len> Maximum length. Maximum number of characters allowed. Strings longer than this are ignored. (Default: 0 / Unlimited)
-a <bool> Scan ASCII. Enable or disable scanning for standard 8-bit ASCII strings. (Default: true)
-u <bool> Scan Unicode. Enable or disable scanning for 16-bit UTF-16/Unicode strings. (Default: true)
-b <s[:e]> Scan byte range. Only scan a specific chunk of the file. Format: start or start:end (in bytes).

Regex & Bulk Filtering

(Note: If -f is used, Regex/List filters are ignored to prioritize the high-speed needle search).

Flag Description
-r <rgx> Regex filter. Only output strings that match the provided Regular Expression.
-fs <file> File Strings. Load a text file containing a list of fixed strings (one per line). Only extracts strings containing at least one of these patterns.
-fr <file> File Regex. Load a text file containing a list of regex patterns (one per line). Only extracts strings matching at least one of these patterns.

Sorting

Flag Description
-sa Sort Alphabetical. Buffers the results and sorts them alphabetically before outputting.
-sl Sort Length. Buffers the results and sorts them by string length before outputting.

Examples

1. Basic String Extraction Extract all ASCII and Unicode strings (minimum 4 chars) from a file:

ntstrings C:\path\to\memory.dmp

2. Needle Search Search a file for a specific case-insensitive string, outputting the results to a text file:

ntstrings -f "password" -i -o results.txt memory.dmp

3. Regex Filtering Extract only strings that look like URLs:

ntstrings -r "^https?://" target.bin

4. Recursive Directory Scanning Find all strings in a specific directory (and its subdirectories), ignoring Unicode strings, with a minimum length of 10 characters:

ntstrings -u false -n 10 -d C:\Windows\System32

5. Byte Range Scanning Only scan the first 1 Megabyte of a file:

ntstrings -b 0:1048576 target.bin

6. Bulk IOC Scanning Load a list of malicious strings/indicators from a text file and check an executable for them:

ntstrings -fs malicious_iocs.txt suspect.exe

Build

For MSVC or LLVM clang-cl, just open the .sln file located at the root of this repository and click on "Build".

For Clang or GCC, use CMake, located inside the nstrings folder.

Example on Clang:

cmake -B build -G "Ninja" ^
    -DCMAKE_C_COMPILER=clang ^
    -DCMAKE_CXX_COMPILER=clang++ ^
    -DCMAKE_BUILD_TYPE=Release

cmake --build build --config Release
image

About

Windows hardware-accelerated file scanner focused on performance

Topics

string-search

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

beta v1.0.0 Latest
Apr 12, 2026

Packages

 
 
 

Contributors

Languages