ansaurus

Question

Regular expression regex help; ignore random blocks of data

Answer 1

+1 A:

\x18\xC0\x40[\x42\x43][\x00\x01][^\x00\x00\x00]*\x00\x00\x00

Erik 2010-07-12 13:36:20

tried this, but it doesnt work.... used power grep as well but no luck

James 2010-07-12 13:58:06

which language / RegExpParser are you using?

Erik 2010-07-12 14:37:32

`[^\x00\x00\x00]*` - What do you expect that to do?

Alan Moore 2010-07-12 15:31:07

[] - group tag / [^] matches on anything except the following sequence / []* matches never or one time => so: [^\x00\x00\x00]* should match on anything except "\x00\x00\x00".

Erik 2010-07-12 15:41:06

[] is character class so [^\x00\x00\x00] is equivalent to [^\x00]

M42 2010-07-12 17:42:39

@Erik — You need a negative look-ahead for that: `(?:(?!\x00\x00\x00).)*` (I think)

Ben Blank 2010-07-12 18:08:13

@Ben: yes, that's right.

Alan Moore 2010-07-12 18:39:48

Answer 2

+2 A:

You should probably use two passes for your search. In the first pass you delete all these checksum block, which should be easy enough to identify, in the second pass you do your actual search.

Otherwise, you'd have to allow for a checksum block after each letter of your expression, resulting in a very long and hard to read one.

Jens 2010-07-12 15:16:19

Answer 3

+2 A:

Try this :

\x18\xC0\x40[\x42\x43][\x00\x01](?:\x00{8}[\x00-\xFF]*?\x47\x00)\x00{3}

Updated, this will work if checksum is everywhere. I inserted linefeeds for readability

\x18(?:\x00{8}[\x00-\xFF]*?\x47\x00)
\xC0(?:\x00{8}[\x00-\xFF]*?\x47\x00)
\x40(?:\x00{8}[\x00-\xFF]*?\x47\x00)
[\x42\x43](?:\x00{8}[\x00-\xFF]*?\x47\x00)
[\x00\x01](?:\x00{8}[\x00-\xFF]*?\x47\x00)
\x00(?:\x00{8}[\x00-\xFF]*?\x47\x00)
\x00(?:\x00{8}[\x00-\xFF]*?\x47\x00)
\x00

M42 2010-07-12 18:03:28

This worked, thanks. Problem is; it will only work if the checksum falls at that point in the data. I need to account for checksum happening at ANY point in the data. I think I'm either going to have a very large regex, or remvove the checksums on a first pass as Jens says.

James 2010-07-13 07:46:59

Hmmm, cant get this to work. I will keep tweaking it. Using your example it takes a long time to run, so I dont think it will be usable. I have tried improving the checksum search part as follows (note the first part is 8 FF not 8 00) (?:\xFF{8}[\x00-\xFF]{54}\x47\x00)This works on its own in power grep and finds all the checksums, but when I do the complete search, I get no results.

James 2010-07-13 09:02:35

ansaurus

tags:

views:

answers:

Regular expression regex help; ignore random blocks of data

related questions