Reversing is not only hours spent analyzing code. It’s also about collecting interesting data so that it can be used to quickly determine other programs’ functionality in the future.
Recognizing unique strings, GUIDs (classes, interfaces, references to strings, classes of devices, etc.), device names, exported and imported APIs , referenced API names that get resolved dynamically, references to mutexes, atoms, windows classes, windows names, environment variables, and other OS features has been always a great shortcut in analysis, and in my older post I explained a generic way to collect such interesting strings from executables by looking at clusters of strings that reside within close proximity to each other, and where at least one string is on the list of ‘interesting strings’ – resulting in string collections that I called ‘string islands’. Using this approach I collected many strings, and of course, added some manually, and as a result I had a lot of them aggregated in one place which in turn allowed me to add it to my personal sandbox…
This data is now a bit obsolete, so it’s time to release it publicly. With this post I am kicking off a week of ‘data dumps’ which will walk through a number of ‘string islands’ collections that I have built over the years. Not all of them are very useful today, not even trustworthy, and the quality is always to be improved, but hey… maybe someone will find it useful…
Here’s the first one — list of many device driver names…