Windows find strings in exe

Searches for a string of text in a file or files, and displays lines of text that contain the specified string.

Syntax

Parameters

Parameter	Description
/v	Displays all lines that don’t contain the specified .
/c	Counts the lines that contain the specified and displays the total.
/n	Precedes each line with the file’s line number.
/i	Specifies that the search is not case-sensitive.
[/off[line]]	Doesn’t skip files that have the offline attribute set.
Required. Specifies the group of characters (enclosed in quotation marks) that you want to search for.
[ :][

] Specifies the location and name of the file in which to search for the specified string. /? Displays help at the command prompt.

Remarks

If you don’t use /i, this command searches for exactly what you specify for string. For example, this command treats the characters a and A differently. If you use /i, however, the search becomes non-case-sensitive, and it treats a and A as the same character.

If the string you want to search for contains quotation marks, you must use double quotation marks for each quotation mark contained within the string (for example, «»This string contains quotation marks»»).

If you omit a file name, this command acts as a filter, taking input from the standard input source (usually the keyboard, a pipe (|), or a redirected file) and then displays any lines that contain string.

You can type parameters and command-line options for the find command in any order.

You can’t use wildcards (* and ?) in file names or extensions that you specify while using this command. To search for a string in a set of files that you specify with wildcards, you can use this command within a for command.

If you use /c and /v in the same command line, this command displays a count of the lines that don’t contain the specified string. If you specify /c and /n in the same command line, find ignores /n.

This command doesn’t recognize carriage returns. When you use this command to search for text in a file that includes carriage returns, you must limit the search string to text that can be found between carriage returns (that is, a string that is not likely to be interrupted by a carriage return). For example, this command doesn’t report a match for the string tax file if a carriage return occurs between the words tax and file.

Examples

To display all lines from pencil.ad that contain the string pencil sharpener, type:

To find the text, «The scientists labeled their paper for discussion only. It is not a final report.» in the report.doc file, type:

To search for a set of files, you can use the find command within the for command. To search the current directory for files that have the extension .bat and that contain the string PROMPT, type:

To search your hard disk to find and display the file names on drive C that contain the string CPU, use the pipe (|) to direct the output of the dir command to the find command as follows:

Because find searches are case-sensitive and dir produces uppercase output, you must either type the string CPU in uppercase letters or use the /i command-line option with find.

Strings v2.53

By Mark Russinovich

Published: July 4, 2016

Download StringsВ (506 KB)

Introduction

Working on NT and Win2K means that executables and object files will many times have embedded UNICODE strings that you cannot easily see with a standard ASCII strings or grep programs. So we decided to roll our own. Strings just scans the file you pass it for UNICODE (or ASCII) strings of a default length of 3 or more UNICODE (or ASCII) characters. Note that it works under Windows 95 as well.

Using Strings

usage:

Strings takes wild-card expressions for file names, and additional command line parameters are defined as follows:

Parameter	Description
-a	Ascii-only search (Unicode and Ascii is default)
-b	Bytes of file to scan
-f	File offset at which to start scanning.
-o	Print offset in file string was located
-n	Minimum string length (default is 3)
-s	Recurse subdirectories
-u	Unicode-only search (Unicode and Ascii is default)
-nobanner	Do not display the startup banner and copyright message.

To search one or more files for the presence of a particular string using strings use a command like this:

Download StringsВ (506 KB)

Runs on:

• Client: Windows Vista and higher
• Server: Windows Server 2008 and higher
• Nano Server: 2016 and higher

—>

How To Find Specified Strings In Files With Find Command In Windows From Command Line With Examples?

Windows operating systems provide the tool named find to search text files for a given term or string. Linux also have a command with the same name but it is used to search files and folders names not file contents. Windows find command is very simple and easy command to work.

Help information about the find command can be printed with the /? option like below.

Help

Syntax

Syntax of the find command provides options , string to search and file or drive or path to be searched.

Find String

We will simple made a search in files. We will do not provide any option. Given term will be search in given file , path or drive. In this example we will search the term ismail in C:\users.txt .

Find String

From output we can see that the term ismail is found. The filename also given because multi file search.

Search Multiple Files

In previous example we have searched single for for given string. Find command also supports for searching multiple file with a single command. We do not specify an option. We will just use * for file name. * means all files those exists given path. We can also specify a path before * .

Search Multiple Files

Or we will search a given paths all files.

As we see find command search all files like text, binary, picture etc.

Search Files With Specific Extension

Previous example show how to search all files without filtering them according to their extension. We can give specific extension to search. We will use * / asterisk again but we will also specify the extension of file. In this example we will search in text files where they extension is .txt

Search Files With Specific Extension

Print Line Numbers

While searching terms there may be more than one occurence of the given string. We may need to print the line number of the match. This can be done with /N option.

Print Line Numbers

As we can se from result USERS.TXT file line number 1 have a match

Ignore Case

While searching case sensitivity is important. The find command by default search case sensitive. We can change this behavior and search case insensitive mode. We will use /I option for this.

Ignore Case

Print Non Matching or Reverse Match

Find command have the ability to print reverse match or printing non matching lines. Using this options may create enourmous output according to the given files or files contents. We will use /V option for this feature.

Print Non Matching or Reverse Match

Select-String

Finds text in strings and files.

Syntax

Description

The Select-String cmdlet searches for text and text patterns in input strings and files. You can use Select-String similar to grep in UNIX or findstr.exe in Windows.

Select-String is based on lines of text. By default, Select-String finds the first match in each line and, for each match, it displays the file name, line number, and all text in the line containing the match. You can direct Select-String to find multiple matches per line, display text before and after the match, or display a Boolean value (True or False) that indicates whether a match is found.

Select-String uses regular expression matching, but it can also perform a match that searches the input for the text that you specify.

Select-String can display all the text matches or stop after the first match in each input file. Select-String can be used to display all text that doesn’t match the specified pattern.

You can also specify that Select-String should expect a particular character encoding, such as when you’re searching files of Unicode text. Select-String uses the byte-order-mark (BOM) to detect the encoding format of the file. If the file has no BOM, it assumes the encoding is UTF8.

Examples

Example 1: Find a case-sensitive match

This example does a case-sensitive match of the text that was sent down the pipeline to the Select-String cmdlet.

The text strings Hello and HELLO are sent down the pipeline to the Select-String cmdlet. Select-String uses the Pattern parameter to specify HELLO. The CaseSensitive parameter specifies that the case must match only the upper-case pattern. SimpleMatch is an optional parameter and specifies that the string in the pattern isn’t interpreted as a regular expression. Select-String displays HELLO in the PowerShell console.

Example 2: Find matches in text files

This command searches all files with the .txt file name extension in the current directory. The output displays the lines in those files that include the specified string.

In this example, Get-Alias and Get-Command are used with the Out-File cmdlet to create two text files in the current directory, Alias.txt and Command.txt.

Select-String uses the Path parameter with the asterisk ( * ) wildcard to search all files in the current directory with the file name extension .txt . The Pattern parameter specifies the text to match Get-. Select-String displays the output in the PowerShell console. The file name and line number precede each line of content that contains a match for the Pattern parameter.

Example 3: Find a pattern match

In this example, multiple files are searched to find matches for the specified pattern. The pattern uses a regular expression quantifier. For more information, see about_Regular_Expressions.

The Select-String cmdlet uses two parameters, Path and Pattern. The Path parameter uses the variable $PSHOME that specifies the PowerShell directory. The remainder of the path includes the subdirectory en-US and specifies each *.txt file in the directory. The Pattern parameter specifies to match a question mark ( ? ) in each file. A backslash ( \ ) is used as an escape character and is necessary because the question mark ( ? ) is a regular expression quantifier. Select-String displays the output in the PowerShell console. The file name and line number precede each line of content that contains a match for the Pattern parameter.

Example 4: Use Select-String in a function

This example creates a function to search for a pattern in the PowerShell help files. For this example, the function only exists in the PowerShell session. When the PowerShell session is closed, the function is deleted. For more information, see about_Functions.

The function is created on the PowerShell command line. The Function command uses the name Search-Help. Press Enter to begin adding statements to the function. From the >> prompt, add each statement and press Enter as shown in the example. After the closing bracket is added, you’re returned to a PowerShell prompt.

The function contains two commands. The $PSHelp variable stores the path to the PowerShell help files. $PSHOME is the PowerShell installation directory with the subdirectory en-US that specifies each *.txt file in the directory.

The Select-String command in the function uses the Path and Pattern parameters. The Path parameter uses the $PSHelp variable to get the path. The Pattern parameter uses the string About_ as the search criteria.

To run the function, type Search-Help . The function’s Select-String command displays the output in the PowerShell console.

Example 5: Search for a string in a Windows event log

This example searches for a string in a Windows event log. The variable $_ represents the current object in the pipeline. For more information, see about_Automatic_Variables.

The Get-WinEvent cmdlet uses the LogName parameter to specify the Application log. The MaxEvents parameter gets the 50 most recent events from the log. The log content is stored in the variable named $Events .

The $Events variable is sent down the pipeline to the Select-String cmdlet. Select-String uses the InputObject parameter. The $_ variable represents the current object and message is a property of the event. The Pattern parameter species the string Failed and searches for matches in $_.message . Select-String displays the output in the PowerShell console.

Example 6: Find a string in subdirectories

This example searches a directory and all of its subdirectories for a specific text string.

Get-ChildItem uses the Path parameter to specify C:\Windows\System32*.txt. The Recurse parameter includes the subdirectories. The objects are sent down the pipeline to Select-String .

Select-String uses the Pattern parameter and specifies the string Microsoft. The CaseSensitive parameter is used to match the exact case of the string. Select-String displays the output in the PowerShell console.

Dependent upon your permissions, you might see Access denied messages in the output.

Example 7: Find strings that do not match a pattern

This example shows how to exclude lines of data that don’t match a pattern.

The Get-Command cmdlet sends objects down the pipeline to the Out-File to create the Command.txt file in the current directory. Select-String uses the Path parameter to specify the Command.txt file. The Pattern parameter specifies Get and Set as the search pattern. The NotMatch parameter excludes Get and Set from the results. Select-String displays the output in the PowerShell console that doesn’t include Get or Set.

Example 8: Find lines before and after a match

This example shows how to get the lines before and after the matched pattern.

The Get-Command cmdlet sends objects down the pipeline to the Out-File to create the Command.txt file in the current directory. Select-String uses the Path parameter to specify the Command.txt file. The Pattern parameter specifies Get-Computer as the search pattern. The Context parameter uses two values, before and after, and marks pattern matches in the output with an angle bracket ( > ). The Context parameter outputs the two lines before the first pattern match and three lines after the last pattern match.

Example 9: Find all pattern matches

This example shows how the AllMatches parameter finds each pattern match in a line of text. By default, Select-String only finds the first occurrence of a pattern in a line of text. This example uses object properties that are found with the Get-Member cmdlet.

The Get-ChildItem cmdlet uses the Path parameter. The Path parameter uses the variable $PSHOME that specifies the PowerShell directory. The remainder of the path includes the subdirectory en-US and specifies each *.txt file in the directory. The Get-ChildItem objects are stored in the $A variable. The $A variable is sent down the pipeline to the Select-String cmdlet. Select-String uses the Pattern parameter to search each file for the string PowerShell.

From the PowerShell command line, the $A variable contents are displayed. There’s a line that contains two occurrences of the string PowerShell.

The $A.Matches property lists the first occurrence of the pattern PowerShell on each line.

The $A.Matches.Length property counts the first occurrence of the pattern PowerShell on each line.

The $B variable uses the same Get-ChildItem and Select-String cmdlets, but adds the AllMatches parameter. AllMatches finds each occurrence of the pattern PowerShell on each line. The objects stored in the $A and $B variables are identical.

The $B.Matches.Length property increases because for each line, every occurrence of the pattern PowerShell is counted.

Parameters

Indicates that the cmdlet searches for more than one match in each line of text. Without this parameter, Select-String finds only the first match in each line of text.

When Select-String finds more than one match in a line of text, it still emits only one MatchInfo object for the line, but the Matches property of the object contains all the matches.

This parameter is ignored when used in combination with the SimpleMatch parameter. If you wish to return all matches and the pattern that you are searching for contains regular expression characters, you must escape those characters rather than using SimpleMatch. See about_Regular_Expressions for more information about escaping regular expressions.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Indicates that the cmdlet matches are case-sensitive. By default, matches aren’t case-sensitive.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Captures the specified number of lines before and after the line that matches the pattern.

If you enter one number as the value of this parameter, that number determines the number of lines captured before and after the match. If you enter two numbers as the value, the first number determines the number of lines before the match and the second number determines the number of lines after the match. For example, -Context 2,3 .

In the default display, lines with a match are indicated by a right angle bracket ( > ) (ASCII 62) in the first column of the display. Unmarked lines are the context.

The Context parameter doesn’t change the number of objects generated by Select-String . Select-String generates one MatchInfo object for each match. The context is stored as an array of strings in the Context property of the object.

When the output of a Select-String command is sent down the pipeline to another Select-String command, the receiving command searches only the text in the matched line. The matched line is the value of the Line property of the MatchInfo object, not the text in the context lines. As a result, the Context parameter isn’t valid on the receiving Select-String command.

When the context includes a match, the MatchInfo object for each match includes all the context lines, but the overlapping lines appear only once in the display.

Type:	Int32 [ ]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Specifies a culture name to match the specified pattern. The Culture parameter must be used with the SimpleMatch parameter. The default behavior uses the culture of the current PowerShell runspace (session).

To get a list of all supported cultures, use Get-Culture -ListAvailable command.

In addition, this parameter accepts the following arguments:

• CurrentCulture, that is default;
• Ordinal, that is non-linguistic binary comparison;
• Invariant, that is culture independent comparison.

With Select-String -Culture Ordinal -CaseSensitive -SimpleMatch command you gets fastest binary comparison.

The Culture parameter uses tab completion to scroll through the list of arguments that specify the available cultures. To list all available arguments, use the following command:

For more information about .NET CultureInfo.Name property, see CultureInfo.Name.

The Culture parameter was introduced in PowerShell 7.

Type:	String
Position:	Named
Default value:	Culture of the current PowerShell session
Accept pipeline input:	False
Accept wildcard characters:	False

Specifies the type of encoding for the target file. The default value is utf8NoBOM .

The acceptable values for this parameter are as follows:

• ascii : Uses the encoding for the ASCII (7-bit) character set.
• bigendianunicode : Encodes in UTF-16 format using the big-endian byte order.
• bigendianutf32 : Encodes in UTF-32 format using the big-endian byte order.
• oem : Uses the default encoding for MS-DOS and console programs.
• unicode : Encodes in UTF-16 format using the little-endian byte order.
• utf7 : Encodes in UTF-7 format.
• utf8 : Encodes in UTF-8 format.
• utf8BOM : Encodes in UTF-8 format with Byte Order Mark (BOM)
• utf8NoBOM : Encodes in UTF-8 format without Byte Order Mark (BOM)
• utf32 : Encodes in UTF-32 format.

Beginning with PowerShell 6.2, the Encoding parameter also allows numeric IDs of registered code pages (like -Encoding 1251 ) or string names of registered code pages (like -Encoding «windows-1251» ). For more information, see the .NET documentation for Encoding.CodePage.

UTF-7* is no longer recommended to use. In PowerShell 7.1, a warning is written if you specify utf7 for the Encoding parameter.

Type:	Encoding
Accepted values:	ASCII, BigEndianUnicode, BigEndianUTF32, OEM, Unicode, UTF7, UTF8, UTF8BOM, UTF8NoBOM, UTF32
Position:	Named
Default value:	UTF8NoBOM
Accept pipeline input:	False
Accept wildcard characters:	False

Exclude the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as *.txt . Wildcards are permitted.

Type:	String [ ]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	True

Includes the specified items. The value of this parameter qualifies the Path parameter. Enter a path element or pattern, such as *.txt . Wildcards are permitted.

Type:	String [ ]
Position:	Named
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	True

Specifies the text to be searched. Enter a variable that contains the text, or type a command or expression that gets the text.

Using the InputObject parameter isn’t the same as sending strings down the pipeline to Select-String .

When you pipe more than one string to the Select-String cmdlet, it searches for the specified text in each string and returns each string that contains the search text.

When you use the InputObject parameter to submit a collection of strings, Select-String treats the collection as a single combined string. Select-String returns the strings as a unit if it finds the search text in any string.

Type:	PSObject
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

Only the first instance of matching text is returned from each input file. This is the most efficient way to retrieve a list of files that have contents matching the regular expression.

By default, Select-String returns a MatchInfo object for each match it finds.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Specifies the path to the files to be searched. The value of the LiteralPath parameter is used exactly as it’s typed. No characters are interpreted as wildcards. If the path includes escape characters, enclose it in single quotation marks. Single quotation marks tell PowerShell not to interpret any characters as escape sequences. For more information, see about_Quoting_Rules.

Type:	String [ ]
Aliases:	PSPath, LP
Position:	Named
Default value:	None
Accept pipeline input:	True
Accept wildcard characters:	False

By default, Select-String highlights the string that matches the pattern you searched for with the Pattern parameter. The NoEmphasis parameter disables the highlighting.

The emphasis uses negative colors based on your PowerShell background and text colors. For example, if your PowerShell colors are a black background with white text. The emphasis is a white background with black text.

This parameter was introduced in PowerShell 7.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

The NotMatch parameter finds text that doesn’t match the specified pattern.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Specifies the path to the files to search. Wildcards are permitted. The default location is the local directory.

Specify files in the directory, such as log1.txt , *.doc , or *.* . If you specify only a directory, the command fails.

Type:	String [ ]
Position:	1
Default value:	Local directory
Accept pipeline input:	True
Accept wildcard characters:	True

Specifies the text to find on each line. The pattern value is treated as a regular expression.

To learn about regular expressions, see about_Regular_Expressions.

Type:	String [ ]
Position:	0
Default value:	None
Accept pipeline input:	False
Accept wildcard characters:	False

Indicates that the cmdlet returns a Boolean value (True or False), instead of a MatchInfo object. The value is True if the pattern is found; otherwise the value is False.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Causes the cmdlet to output only the matching strings, rather than MatchInfo objects. This is the results in behavior that’s the most similar to the Unix grep or Windows findstr.exe commands.

This parameter was introduced in PowerShell 7.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Indicates that the cmdlet uses a simple match rather than a regular expression match. In a simple match, Select-String searches the input for the text in the Pattern parameter. It doesn’t interpret the value of the Pattern parameter as a regular expression statement.

Also, when SimpleMatch is used, the Matches property of the MatchInfo object returned is empty.

When this parameter is used with the AllMatches parameter, the AllMatches is ignored.

Type:	SwitchParameter
Position:	Named
Default value:	False
Accept pipeline input:	False
Accept wildcard characters:	False

Inputs

You can pipe any object that has a ToString method to Select-String .

Outputs

Microsoft.PowerShell.Commands.MatchInfo, System.Boolean, System.String

By default, the output is a set of MatchInfo objects with one for each match found. If you use the Quiet parameter, the output is a Boolean value indicating whether the pattern was found. If you use the Raw parameter, the output is a set of String objects that match the pattern.

Notes

Select-String is similar to grep in UNIX or findstr.exe in Windows.

The sls alias for the Select-String cmdlet was introduced in PowerShell 3.0.

According to Approved Verbs for PowerShell Commands, the official alias prefix for Select-* cmdlets is sc , not sl . Therefore, the proper alias for Select-String should be scs , not sls . This is an exception to this rule.

To use Select-String , type the text that you want to find as the value of the Pattern parameter. To specify the text to be searched, use the following criteria:

• Type the text in a quoted string, and then pipe it to Select-String .
• Store a text string in a variable, and then specify the variable as the value of the InputObject parameter.
• If the text is stored in files, use the Path parameter to specify the path to the files.

By default, Select-String interprets the value of the Pattern parameter as a regular expression. For more information, see about_Regular_Expressions. You can use the SimpleMatch parameter to override the regular expression matching. The SimpleMatch parameter finds instances of the value of the Pattern parameter in the input.

The default output of Select-String is a MatchInfo object, which includes detailed information about the matches. The information in the object is useful when you’re searching for text in files, because MatchInfo objects have properties such as Filename and Line. When the input isn’t from the file, the value of these parameters is InputStream.

If you don’t need the information in the MatchInfo object, use the Quiet parameter. The Quiet parameter returns a Boolean value (True or False) to indicate whether it found a match, instead of a MatchInfo object.

When matching phrases, Select-String uses the current culture that is set for the system. To find the current culture, use the Get-Culture cmdlet.

To find the properties of a MatchInfo object, type the following command: