[英]Trying to dynamically use regex findall to pick up registry keys. How to append single escape to regex string?
test_str = Monitor for deletion of Windows Registry keys and/or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers. Monitor for changes made to Windows Registry keys and or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender.
for path_found in iocs_found['windows_path']:
path_found = path_found.replace('\\', '\\\\')
print(path_found)
regex_pattern = f"[A-Z]+(?:{path_found})"
matches = re.findall(regex_pattern, test_str)
print(matches)
print('\n')
打印語句是:
M:\SOFTWARE\Microsoft\AMSI\Providers。
['HKLM:\SOFTWARE\Microsoft\AMSI\Providers.']
M:\SOFTWARE\Policies\Microsoft\Windows
['HKLM:\SOFTWARE\Policies\Microsoft\Windows']
兩個問題:
HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows
變為HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender
請幫忙。
對於您在上面顯示的特定輸入,模式HKLM:\\.*?(?=\.)
應該可以工作:
test_str = "Monitor for deletion of Windows Registry keys and/or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers. Monitor for changes made to Windows Registry keys and or values related to services and startup programs that correspond to security tools such as HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender."
matches = re.findall(r'HKLM:\\.*?(?=\.)', test_str)
print(matches)
這打印:
['HKLM:\\SOFTWARE\\Microsoft\\AMSI\\Providers',
'HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows Defender']
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.