Feature request: grep hex strings with -e
Carter Bullard
carter at qosient.com
Fri Oct 5 08:55:21 EDT 2012
Hey Markku,
I'll look into it today. Need to run under gdb() to see what actually makes it to recomp(). It maybe as dumb as double quotes vs single quotes, but I'll check it out before lunch.
Carter
Carter Bullard, QoSient, LLC
150 E. 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
On Oct 5, 2012, at 2:04 AM, Markku Parviainen <maketsi at gmail.com> wrote:
> 2012/10/4 Carter Bullard <carter at qosient.com>:
>> ra* clients use the available regular expression library, and should support hexadecimal codes for matching now.
>> So, there is nothing keeping ra* from doing hexidecimal code matching. Because you have to use '\xNN' to specify the
>> codes, when you provide it on the command line, you may need to escape the ' \ ' to get it past the shell.
>
> The param was already quoted so that the shell (bash) would not interfere.
> Anyway, for some reason it just doesn't work. I attached a sample (240
> bytes) for your analysis.
>
> # ra -r regex-anon.ra -M printer=encode32 -s suser:32
> srcUdata
> s[32]=333712F228948DABC9C0D199D1C3B00F
>
> # ra -r regex-anon.ra -e '\x33'
> # ra -r regex-anon.ra -e '\\x33'
> # ra -r regex-anon.ra -e '33'
>
> None of them produce anything (whereas only the first one should). Ideas?
>
> I tried enabling debug output, but even -D10 does not produce any
> lines about regex behaviour.
> The system is CentOS 5.7 64bit, gcc v4.1.2, ra v3.0.7.1.
>
>
> Btw. To confirm what the shell is delivering to the prog when \x is
> single quoted:
>
> # echo '\x33'
> \x33
> # echo \x33
> x33
> # perl -e 'print join(", ", @ARGV) ."\n"' -- -e '\x33'
> -e, \x33
> # echo '\\x33'
> \\x33
> <regex-anon.ra>
More information about the argus
mailing list