Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Video: Pascal Strings SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Video: Pascal Strings

Programs written in the Object Pascal (Delphi) programming language, have their strings stored in the executable file as Pascal strings. A Pascal string (or P-string) is a string that is internally stored with a length-prefix: an integer that counts the number of characters inside the string.

When analyzing Delphi malware, it is useful to extract its Pascal strings (in stead of extracting all strings). You can do this now with an update to my strings.py tool.

I've also recorded a video showing this new feature:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

505 Posts
ISC Handler
Oct 25th 2020

Sign Up for Free or Log In to start participating in the conversation!