oss and closed source: collect standard library strings (i.e., msvcrt)

[mr-tz]

From manual analysis of internal GP database:

• PE file format
  • DOS: This program cannot be run
  • exports: dll names and exports
• meta: VS_VERSION_INFO
• crt
  • c and c++
• Delphi
• C++ regex library

[mr-tz]

With some parsing we can extract CRT strings (and code/function association) from .lib/.obj files.

[mr-tz]

for Delphi strings here's an existing database: https://github.com/dzzie/MAP/blob/master/delphi_filter.txt

[mr-tz]

Visual Studio contains source code (.c, .cpp, .h, .asm) as well as .lib and .obj files we can parse for run-time related strings.

[williballenthin]

install steps for many MSVC configurations: https://github.com/mandiant/siglib/blob/fe945b3030028fb915d5e4b0ac8aaa9514a3ae90/Dockerfile#LL54C1-L121C1

[mr-tz]

initial lib/obj db: https://github.com/mandiant/flare-floss/commit/722f0e3c840d4af597785573547ebc77be2858d5 parsed via JH