英文:
Using regex fetch the first memory address of filename listings
问题
可以使用正则表达式来提取文件名与地址之间的信息。以下是示例正则表达式:
- 对于
/bin/busybox.nosuid,正则表达式为/([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为busybox.nosuid和7d60f000-7d67b000。 - 对于
/lib/libc-2.31.so,正则表达式为/([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为libc-2.31.so和b3dfb000-b3ebe000。 - 对于
/lib/libm-2.31.so,正则表达式为/([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为libm-2.31.so和b3ed3000-b3f24000。 - 对于
/usr/lib/libcrashlog.so.0.0.0,正则表达式为/([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为libcrashlog.so.0.0.0和b3f35000-b3f36000。 - 对于
/lib/ld-2.31.so,正则表达式为/([^/]+)\s+([0-9a-fA-F]+-[0-9a-fA-F]+)/,提取结果为ld-2.31.so和b3f47000-b3f5d000。
你可以使用这些正则表达式来提取所需的信息。
英文:
I have the following text as a response of a script:
7d60f000-7d67b000 r-xp 00000000 fb:00 11 /bin/busybox.nosuid
7d68b000-7d68c000 r--p 0006c000 fb:00 11 /bin/busybox.nosuid
7d68c000-7d68d000 rw-p 0006d000 fb:00 11 /bin/busybox.nosuid
b3dfb000-b3ebe000 r-xp 00000000 fb:00 1636 /lib/libc-2.31.so
b3ebe000-b3ecd000 ---p 000c3000 fb:00 1636 /lib/libc-2.31.so
b3ecd000-b3ecf000 r--p 000c2000 fb:00 1636 /lib/libc-2.31.so
b3ecf000-b3ed1000 rw-p 000c4000 fb:00 1636 /lib/libc-2.31.so
b3ed1000-b3ed3000 rw-p 00000000 00:00 0
b3ed3000-b3f24000 r-xp 00000000 fb:00 1655 /lib/libm-2.31.so
b3f24000-b3f33000 ---p 00051000 fb:00 1655 /lib/libm-2.31.so
b3f33000-b3f34000 r--p 00050000 fb:00 1655 /lib/libm-2.31.so
b3f34000-b3f35000 rw-p 00051000 fb:00 1655 /lib/libm-2.31.so
b3f35000-b3f36000 r-xp 00000000 fb:00 4296 /usr/lib/libcrashlog.so.0.0.0
b3f36000-b3f45000 ---p 00001000 fb:00 4296 /usr/lib/libcrashlog.so.0.0.0
b3f45000-b3f46000 r--p 00000000 fb:00 4296 /usr/lib/libcrashlog.so.0.0.0
b3f46000-b3f47000 rw-p 00001000 fb:00 4296 /usr/lib/libcrashlog.so.0.0.0
b3f47000-b3f5d000 r-xp 00000000 fb:00 1628 /lib/ld-2.31.so
b3f6b000-b3f6d000 rw-p 00000000 00:00 0
b3f6d000-b3f6e000 r--p 00016000 fb:00 1628 /lib/ld-2.31.so
b3f6e000-b3f6f000 rw-p 00017000 fb:00 1628 /lib/ld-2.31.so
I'm trying to fetch the address for each file name, eg:
- for
/bin/busybox.nosuidreturn7d60f000-7d67b000 - for
/lib/libc-2.31.soreturnb3dfb000-b3ebe000 - for
/lib/libm-2.31.soreturnb3ed3000-b3f24000 - for
/usr/lib/libcrashlog.so.0.0.0returnb3f35000-b3f36000 - for
/lib/ld-2.31.soreturnb3f47000-b3f5d000
Can this be done with regex?
答案1
得分: 2
你可以尝试使用以下正则表达式:
(^[a-f0-9]{8}\-[a-f0-9]{8})\s[rwxp\-]+\s[a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2} \d+\s+(\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*)$
匹配结果将在以下位置找到:
- 第 1 组:十六进制代码
- 第 2 组:路径
正则表达式解释:
^:字符串的开头([a-f0-9]{8}\-[a-f0-9]{8}):十六进制代码[a-f0-9]{8}:8 个十六进制字符\:短横线[a-f0-9]{8}:8 个十六进制字符
\:空格[rwxp\-]{4}:Linux 文件权限字符\:空格[a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2}\d+:十六进制字符\:空格(\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*):路径\/:斜杠(?:bin|lib|usr\/lib\/):Linux 主文件夹之一[^.]+:除了点号以外的任何字符(可以替换为可能的文件名字符)(?:\.[^.\s]+)*:可选的点号和非点号字符序列
$:字符串的末尾
查看演示这里。
英文:
You can try with the following regex:
(^[a-f0-9]{8}\-[a-f0-9]{8})\s[rwxp\-]+\s[a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2} \d+\s+(\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*)$
Your matches will be found in:
- Group 1: hexadecimal code
- Group 2: path
Regex Explanation:
^: start of string([a-f0-9]{8}\-[a-f0-9]{8}): hexadecimal code[a-f0-9]{8}: 8 hex characters\-: dash[a-f0-9]{8}: 8 hex characters
\s: space[rwxp\-]{4}: linux file permission characters\s: space[a-f0-9]{8}\s[a-f0-9]{2}:[a-f0-9]{2}\d+: hexadecimal characters\s+: spaces(\/(?:bin|lib|usr\/lib\/)[^.]+(?:\.[^.\s]+)*): path\/: slash(?:bin|lib|usr\/lib\/): one of the linux main folders[^.]+: any character except dot (can be substituted with filename possible characters)(?:\.[^.\s]+)*: optional sequence of dot and non-dot characters
$: end of string
Check the demo here.
答案2
得分: 1
对于单行数据,您可以使用以下模式来捕获数据。
```regex
^(?i)([a-f\d]{8}-[a-f\d]{8})
在Java中,您可以使用Pattern和Matcher对象来返回捕获的值。
String string = "7d60f000-7d67b000 r-xp 00000000 fb:00 11 /bin/busybox.nosuid";
String address = null;
Pattern pattern = Pattern.compile("^(?i)([a-f\\d]{8}-[a-f\\d]{8})");
Matcher matcher = pattern.matcher(string);
if (matcher.find())
address = matcher.group(1);
输出
7d60f000-7d67b000
或者,如果您需要一次评估所有值,您可以使用以下方法。
Map<String, String> map(String string) throws IOException {
BufferedReader reader = new BufferedReader(new StringReader(string));
Map<String, String> map = new LinkedHashMap<>();
String[] strings;
String line;
while ((line = reader.readLine()) != null) {
strings = line.split(" +", 6);
if (strings.length > 5) {
if (!map.containsKey(strings[5]))
map.put(strings[5], strings[0]);
}
}
return map;
}
输出,格式化
{/bin/busybox.nosuid=7d60f000-7d67b000,
/lib/libc-2.31.so=b3dfb000-b3ebe000,
/lib/libm-2.31.so=b3ed3000-b3f24000,
/usr/lib/libcrashlog.so.0.0.0=b3f35000-b3f36000,
/lib/ld-2.31.so=b3f47000-b3f5d000}
英文:
For a single line, you can use the following pattern to capture the data.
^(?i)([a-f\d]{8}-[a-f\d]{8})
In Java, you can use the Pattern and Matcher objects to return captured values.
String string = "7d60f000-7d67b000 r-xp 00000000 fb:00 11 /bin/busybox.nosuid";
String address = null;
Pattern pattern = Pattern.compile("^(?i)([a-f\\d]{8}-[a-f\\d]{8})");
Matcher matcher = pattern.matcher(string);
if (matcher.find())
address = matcher.group(1);
Output
7d60f000-7d67b000
Alternatively, if you require all values to be evaluated at once, you can use the following.
Map<String, String> map(String string) throws IOException {
BufferedReader reader = new BufferedReader(new StringReader(string));
Map<String, String> map = new LinkedHashMap<>();
String[] strings;
String line;
while ((line = reader.readLine()) != null) {
strings = line.split(" +", 6);
if (strings.length > 5) {
if (!map.containsKey(strings[5]))
map.put(strings[5], strings[0]);
}
}
return map;
}
Output, formatted
{/bin/busybox.nosuid=7d60f000-7d67b000,
/lib/libc-2.31.so=b3dfb000-b3ebe000,
/lib/libm-2.31.so=b3ed3000-b3f24000,
/usr/lib/libcrashlog.so.0.0.0=b3f35000-b3f36000,
/lib/ld-2.31.so=b3f47000-b3f5d000}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论