[英]Trying to dynamically use regex findall to pick up registry keys. How to append single escape to regex string?
test_str = Monitor for deletion of Windows Registry keys and/or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers. Monitor for changes made to Windows Registry keys and or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender.
for path_found in iocs_found['windows_path']:
path_found = path_found.replace('\\', '\\\\')
print(path_found)
regex_pattern = f"[A-Z]+(?:{path_found})"
matches = re.findall(regex_pattern, test_str)
print(matches)
print('\n')
print statements are:打印语句是:
M:\SOFTWARE\Microsoft\AMSI\Providers. M:\SOFTWARE\Microsoft\AMSI\Providers。
['HKLM:\SOFTWARE\Microsoft\AMSI\Providers.'] ['HKLM:\SOFTWARE\Microsoft\AMSI\Providers.']
M:\SOFTWARE\Policies\Microsoft\Windows M:\SOFTWARE\Policies\Microsoft\Windows
['HKLM:\SOFTWARE\Policies\Microsoft\Windows'] ['HKLM:\SOFTWARE\Policies\Microsoft\Windows']
Two questions:两个问题:
HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows
becomes HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender
HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows
变为HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender
Please help.请帮忙。
For the particular input you showed above, the pattern HKLM:\\.*?(?=\.)
should work:对于您在上面显示的特定输入,模式
HKLM:\\.*?(?=\.)
应该可以工作:
test_str = "Monitor for deletion of Windows Registry keys and/or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers. Monitor for changes made to Windows Registry keys and or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender."
matches = re.findall(r'HKLM:\\.*?(?=\.)', test_str)
print(matches)
This prints:这打印:
['HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers',
'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender']
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.