使用正则表达式提取文件名列表的第一个内存地址。

huangapple go评论74阅读模式
英文:

Using regex fetch the first memory address of filename listings

问题

可以使用正则表达式来提取文件名与地址之间的信息。以下是示例正则表达式:

  • 对于 /bin/busybox.nosuid,正则表达式为 /([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为 busybox.nosuid7d60f000-7d67b000
  • 对于 /lib/libc-2.31.so,正则表达式为 /([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为 libc-2.31.sob3dfb000-b3ebe000
  • 对于 /lib/libm-2.31.so,正则表达式为 /([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为 libm-2.31.sob3ed3000-b3f24000
  • 对于 /usr/lib/libcrashlog.so.0.0.0,正则表达式为 /([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为 libcrashlog.so.0.0.0b3f35000-b3f36000
  • 对于 /lib/ld-2.31.so,正则表达式为 /([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为 ld-2.31.sob3f47000-b3f5d000

你可以使用这些正则表达式来提取所需的信息。

英文:

I have the following text as a response of a script:

7d60f000-7d67b000 r-xp 00000000 fb:00 11         /bin/busybox.nosuid
7d68b000-7d68c000 r--p 0006c000 fb:00 11         /bin/busybox.nosuid
7d68c000-7d68d000 rw-p 0006d000 fb:00 11         /bin/busybox.nosuid
b3dfb000-b3ebe000 r-xp 00000000 fb:00 1636       /lib/libc-2.31.so
b3ebe000-b3ecd000 ---p 000c3000 fb:00 1636       /lib/libc-2.31.so
b3ecd000-b3ecf000 r--p 000c2000 fb:00 1636       /lib/libc-2.31.so
b3ecf000-b3ed1000 rw-p 000c4000 fb:00 1636       /lib/libc-2.31.so
b3ed1000-b3ed3000 rw-p 00000000 00:00 0
b3ed3000-b3f24000 r-xp 00000000 fb:00 1655       /lib/libm-2.31.so
b3f24000-b3f33000 ---p 00051000 fb:00 1655       /lib/libm-2.31.so
b3f33000-b3f34000 r--p 00050000 fb:00 1655       /lib/libm-2.31.so
b3f34000-b3f35000 rw-p 00051000 fb:00 1655       /lib/libm-2.31.so
b3f35000-b3f36000 r-xp 00000000 fb:00 4296       /usr/lib/libcrashlog.so.0.0.0
b3f36000-b3f45000 ---p 00001000 fb:00 4296       /usr/lib/libcrashlog.so.0.0.0
b3f45000-b3f46000 r--p 00000000 fb:00 4296       /usr/lib/libcrashlog.so.0.0.0
b3f46000-b3f47000 rw-p 00001000 fb:00 4296       /usr/lib/libcrashlog.so.0.0.0
b3f47000-b3f5d000 r-xp 00000000 fb:00 1628       /lib/ld-2.31.so
b3f6b000-b3f6d000 rw-p 00000000 00:00 0
b3f6d000-b3f6e000 r--p 00016000 fb:00 1628       /lib/ld-2.31.so
b3f6e000-b3f6f000 rw-p 00017000 fb:00 1628       /lib/ld-2.31.so

I'm trying to fetch the address for each file name, eg:

  • for /bin/busybox.nosuid return 7d60f000-7d67b000
  • for /lib/libc-2.31.so return b3dfb000-b3ebe000
  • for /lib/libm-2.31.so return b3ed3000-b3f24000
  • for /usr/lib/libcrashlog.so.0.0.0 return b3f35000-b3f36000
  • for /lib/ld-2.31.so return b3f47000-b3f5d000

Can this be done with regex?

答案1

得分: 2

你可以尝试使用以下正则表达式:

(^[a-f0-9]{8}\-[a-f0-9]{8})\s[rwxp\-]+\s[a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2} \d+\s+(\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*)$

匹配结果将在以下位置找到:

  • 第 1 组:十六进制代码
  • 第 2 组:路径

正则表达式解释

  • ^:字符串的开头
  • ([a-f0-9]{8}\-[a-f0-9]{8}):十六进制代码
    • [a-f0-9]{8}:8 个十六进制字符
    • \:短横线
    • [a-f0-9]{8}:8 个十六进制字符
  • \:空格
  • [rwxp\-]{4}:Linux 文件权限字符
  • \:空格
  • [a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2}\d+:十六进制字符
  • \:空格
  • (\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*):路径
    • \/:斜杠
    • (?:bin|lib|usr\/lib\/):Linux 主文件夹之一
    • [^.]+:除了点号以外的任何字符(可以替换为可能的文件名字符)
    • (?:\.[^.\s]+)*:可选的点号和非点号字符序列
  • $:字符串的末尾

查看演示这里

英文:

You can try with the following regex:

(^[a-f0-9]{8}\-[a-f0-9]{8})\s[rwxp\-]+\s[a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2} \d+\s+(\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*)$

Your matches will be found in:

  • Group 1: hexadecimal code
  • Group 2: path

Regex Explanation:

  • ^: start of string
  • ([a-f0-9]{8}\-[a-f0-9]{8}): hexadecimal code
    • [a-f0-9]{8}: 8 hex characters
    • \-: dash
    • [a-f0-9]{8}: 8 hex characters
  • \s: space
  • [rwxp\-]{4}: linux file permission characters
  • \s: space
  • [a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2}\d+: hexadecimal characters
  • \s+: spaces
  • (\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*): path
    • \/: slash
    • (?:bin|lib|usr\/lib\/): one of the linux main folders
    • [^.]+: any character except dot (can be substituted with filename possible characters)
    • (?:\.[^.\s]+)*: optional sequence of dot and non-dot characters
  • $: end of string

Check the demo here.

答案2

得分: 1

对于单行数据,您可以使用以下模式来捕获数据。

```regex
^(?i)([a-f\d]{8}-[a-f\d]{8})

在Java中,您可以使用PatternMatcher对象来返回捕获的值。

String string = "7d60f000-7d67b000 r-xp 00000000 fb:00 11         /bin/busybox.nosuid";
String address = null;
Pattern pattern = Pattern.compile("^(?i)([a-f\\d]{8}-[a-f\\d]{8})");
Matcher matcher = pattern.matcher(string);
if (matcher.find()) 
    address = matcher.group(1);

输出

7d60f000-7d67b000

或者,如果您需要一次评估所有值,您可以使用以下方法。

Map<String, String> map(String string) throws IOException {
    BufferedReader reader = new BufferedReader(new StringReader(string));
    Map<String, String> map = new LinkedHashMap<>();
    String[] strings;
    String line;
    while ((line = reader.readLine()) != null) {
        strings = line.split(" +", 6);
        if (strings.length > 5) {
            if (!map.containsKey(strings[5]))
                map.put(strings[5], strings[0]);
        }
    }
    return map;
}

输出,格式化

{/bin/busybox.nosuid=7d60f000-7d67b000, 
 /lib/libc-2.31.so=b3dfb000-b3ebe000, 
 /lib/libm-2.31.so=b3ed3000-b3f24000, 
 /usr/lib/libcrashlog.so.0.0.0=b3f35000-b3f36000, 
 /lib/ld-2.31.so=b3f47000-b3f5d000}
英文:

For a single line, you can use the following pattern to capture the data.

^(?i)([a-f\d]{8}-[a-f\d]{8})

In Java, you can use the Pattern and Matcher objects to return captured values.

String string = &quot;7d60f000-7d67b000 r-xp 00000000 fb:00 11         /bin/busybox.nosuid&quot;;
String address = null;
Pattern pattern = Pattern.compile(&quot;^(?i)([a-f\\d]{8}-[a-f\\d]{8})&quot;);
Matcher matcher = pattern.matcher(string);
if (matcher.find()) 
    address = matcher.group(1);

Output

7d60f000-7d67b000

Alternatively, if you require all values to be evaluated at once, you can use the following.

Map&lt;String, String&gt; map(String string) throws IOException {
    BufferedReader reader = new BufferedReader(new StringReader(string));
    Map&lt;String, String&gt; map = new LinkedHashMap&lt;&gt;();
    String[] strings;
    String line;
    while ((line = reader.readLine()) != null) {
        strings = line.split(&quot; +&quot;, 6);
        if (strings.length &gt; 5) {
            if (!map.containsKey(strings[5]))
                map.put(strings[5], strings[0]);
        }
    }
    return map;
}

Output, formatted

{/bin/busybox.nosuid=7d60f000-7d67b000, 
 /lib/libc-2.31.so=b3dfb000-b3ebe000, 
 /lib/libm-2.31.so=b3ed3000-b3f24000, 
 /usr/lib/libcrashlog.so.0.0.0=b3f35000-b3f36000, 
 /lib/ld-2.31.so=b3f47000-b3f5d000}

huangapple
  • 本文由 发表于 2023年5月25日 23:23:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/76333929.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定