Skip to content

String Searcher Extension #472

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ElektroKill merged 20 commits into from
Nov 29, 2025
Merged

String Searcher Extension #472

ElektroKill merged 20 commits into from
Nov 29, 2025

Conversation

@Washi1337
Copy link

@Washi1337 Washi1337 commented Nov 16, 2025

Problem

General-purpose disassemblers like Ghidra and IDA include cross-referencing for strings found in a binary. dnSpy, however, lacks this feature, which can make it awkward to use for tasks such as malware analysis where string literals frequently serve as indicators of compromise (IoC). Furthermore, strings are also useful for identifying obfuscators and in general for quickly locating and navigating related parts of a program.

Solution

This PR proposes a new string searcher extension that can enumerate string literals found in all method bodies of a selected module:

image

The strings are displayed in a new searchable and sortable pane which can be used to navigate around in the module easily:

output.mp4

Considered Alternatives

The existing search pane (activated by Ctrl+Shift+K) can also search for string literals, but this A) only displays the member it was referenced in and doesn't include the full string, and B) assumes you know the string you want to look for beforehand, making it not very useful for the scenarios described in the above.

ElektroKill
ElektroKill requested changes Nov 20, 2025
View reviewed changes
Copy link
Member

@ElektroKill ElektroKill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Aside from the comments regarding the code, I think it would be nice to have an option to display the strings view from the Edit/View toolbar menus, since that's how dnSpy tool windows are summoned.

I also think it would be a good addition to include strings that can be found in custom attributes, field constants, etc., in the string view.

Additional options when it comes to filtering, like case-insensitive compare or matching by whole words.

Let me know if you would be willing to add this as part of your PR, or if it's something I should add myself.

@Washi1337
Copy link
Author

Washi1337 commented Nov 22, 2025
edited
Loading

Aside from the comments regarding the code, I think it would be nice to have an option to display the strings view from the Edit/View toolbar menus, since that's how dnSpy tool windows are summoned.

Added:

image

I also think it would be a good addition to include strings that can be found in custom attributes, field constants, etc., in the string view.

Added both CA and Constant metadata provider to the search. I also added a Kind column to differentiate between the types of xrefs, plus some icons and richer "Referrer" column rendering:

image

Note on the implementation of this: I added FormatterOptions.ShowFieldTypes so that I can remove field types from the "Referrer" column cells for better clarity.

Additional options when it comes to filtering, like case-insensitive compare or matching by whole words.

Let me know if you would be willing to add this as part of your PR, or if it's something I should add myself.

I could add it, though the PR is already getting pretty big. Up to you.

@Washi1337 Washi1337 force-pushed the feature/string-xrefs branch from 5101eed to c70feb0 Compare November 22, 2025 17:03
ElektroKill
ElektroKill requested changes Nov 26, 2025
View reviewed changes
@Washi1337
Copy link
Author

Washi1337 commented Nov 28, 2025

Additional options when it comes to filtering, like case-insensitive compare or matching by whole words.

Added some basic options in an expandable menu similar to the original search pane:

image

Search should now also respect the "Show compiler generated / hidden members" option.

ElektroKill
ElektroKill requested changes Nov 29, 2025
View reviewed changes
Copy link
Member

@ElektroKill ElektroKill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than a few minor touchups and the license header in each file, LGTM!

@Washi1337 Washi1337 force-pushed the feature/string-xrefs branch from 6894b59 to d9c1e4a Compare November 29, 2025 21:08
ElektroKill
ElektroKill approved these changes Nov 29, 2025
View reviewed changes
Copy link
Member

@ElektroKill ElektroKill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Thanks for the contribution.

@ElektroKill ElektroKill merged commit 9a40876 into dnSpyEx:master Nov 29, 2025
4 checks passed
@ElektroKill ElektroKill mentioned this pull request Nov 29, 2025
Closed
@ElektroKill ElektroKill added this to the vNext milestone Nov 29, 2025
@ElektroKill ElektroKill added the enhancement New feature or request label Nov 29, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ElektroKill ElektroKill ElektroKill approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

vNext

Development

Successfully merging this pull request may close these issues.

2 participants

@Washi1337 @ElektroKill