Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qs: show interesting strings first within each section #797

Open
williballenthin opened this issue Jun 12, 2023 · 1 comment
Open

qs: show interesting strings first within each section #797

williballenthin opened this issue Jun 12, 2023 · 1 comment
Labels
QS QUANTUMSTRAND
Projects
QUANTUMSTRAND

Comments

@williballenthin
Copy link
Collaborator

via #761 and @r0ny123

Currently, QS ranks strings based on offsets within sections, can we use stringsifter or something like that to show the most relevant strings first within the sections?
@williballenthin williballenthin added the QS QUANTUMSTRAND label Jun 12, 2023
@williballenthin williballenthin added this to To do in QUANTUMSTRAND via automation Jun 12, 2023
@williballenthin
Copy link
Collaborator Author

this is a neat idea! keeping all the important data together should make it easier for humans to review.

i wonder if we can duplicate the important strings: show the group of important strings up top, and then continue to show all strings in linear order later on. for example:

32.exe                                                                                  #important         00028f5c              ┃┃┃┃┃┃┃┃┃┃┃┃
file size = %d bytes                                                                    #important         00029084              ┃┃┃┃┃┃
fseek(SEEK_SET) failed                                                                  #important         0002909c              ┃┃┃┃┃┃
---------------------------------------------------------------------------------------------------------------------------------┃┃┃┃┃┃
\\\\.\\a:                                                                                                  00028ec0              ┃┃┃┃┃┃
FILENAME                                                                                        #common    00028ec8              ┃┃┃┃┃┃
\\restore\\                                                                                                00028edc              ┃┃┃┃┃┃
Software\\Microsoft\\MSNetMng                                                                              00028ee8              ┃┃┃┃┃┃
Global\\DirectMarketing                                                                                    00028f08              ┃┃┃┃┃┃
Policy                                                                                          #common    00028f20              ┃┃┃┃┃┃
Version                                                                                           #curl    00028f28              ┃┃┃┃┃┃
Status                                                                                          #common    00028f34              ┃┃┃┃┃┃
Explorer.exe                                                                                    #common    00028f3c              ┃┃┃┃┃┃
32.exe                                                                                                     00028f5c              ┃┃┃┃┃┃
\\System32                                                                                      #common    00028f70              ┃┃┃┃┃┃
SYSTEMROOT                                                                                      #common    00028f7c              ┃┃┃┃┃┃
Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon                                       #common    00028f90              ┃┃┃┃┃┃
System\\CurrentControlSet\\Services\\USBSTOR\\Enum                                                         00028fcc              ┃┃┃┃┃┃
ProductId                                                                                       #common    00029010              ┃┃┃┃┃┃
RegisteredOrganization                                                                          #common    0002901c              ┃┃┃┃┃┃
RegisteredOwner                                                                                 #common    00029034              ┃┃┃┃┃┃
Software\\Microsoft\\Windows NT\\CurrentVersion                                                 #common    00029044              ┃┃┃┃┃┃
file size = %d bytes                                                                                       00029084              ┃┃┃┃┃┃
fseek(SEEK_SET) failed                                                                                     0002909c              ┃┃┃┃┃┃
System\\CurrentControlSet\\Services\\PartMgr\\Enum                                                         000290b8              ┃┃┃┃┃┃
WS     TMP                                                                                                 000290e8              ┃┃┃┃┃┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛┃┃┃┃┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛┃┃┃┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛┃┃┃
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛┃┃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
QS QUANTUMSTRAND
Projects
QUANTUMSTRAND
To do
Milestone
No milestone
Development

No branches or pull requests
1 participant
@williballenthin