-
-
[原创]在Windows驱动中使用PCRE正则表达式
-
发表于: 2014-6-27 15:49
-
业余时间测试了一下pcre 在Windows驱动中使用实例
sample.c
pcre_regex.h
加载示例
代码下载
pcre_driver_831.zip
sample.c
#define PCRE_STATIC
#include <ntddk.h>
#include "pcre_regex.h"
char* pattern = "(((file|gopher|news|nntp|telnet|http|ftp|https|ftps|sftp)://)|(www\.))+(([a-zA-Z0-9\._-]+\.[a-zA-Z]{2,6})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(/[a-zA-Z0-9\&%_\./-~-]*)?";
void OnUnload(IN PDRIVER_OBJECT DriverObject)
{
DbgPrint("OnUnload Called! \n");
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT theDriverObject, IN PUNICODE_STRING theRegisterPath)
{
ANSI_STRING aDbgString,aDbgString1,aDbgString2,aDbgString3;
char* src_address = "http://www.mydoop.com";
char* src_address1 = "http://192.168.2000";
char* src_address2 = "www.qq.com";
char* src_address3 = "ffqq.fff";
DbgPrint("DriverEntry loaded! \n");
theDriverObject->DriverUnload = OnUnload;
if(_ismatch(src_address,pattern) != -1)
{
RtlInitAnsiString(&aDbgString,src_address);
DbgPrint("%Z =>URL is Matched!!\n",&aDbgString);
}else{
RtlInitAnsiString(&aDbgString,src_address);
DbgPrint("%Z =>URL Not Match!!\n",&aDbgString);
}
if(_ismatch(src_address1,pattern) != -1)
{
RtlInitAnsiString(&aDbgString1,src_address1);
DbgPrint("%Z =>URL is Matched!!\n",&aDbgString1);
}else{
RtlInitAnsiString(&aDbgString1,src_address1);
DbgPrint("%Z =>URL Not Match!!\n",&aDbgString1);
}
if(_ismatch(src_address2,pattern) != -1)
{
RtlInitAnsiString(&aDbgString2,src_address2);
DbgPrint("%Z =>URL is Matched!!\n",&aDbgString2);
}else{
RtlInitAnsiString(&aDbgString2,src_address2);
DbgPrint("%Z =>URL Not Match!!\n",&aDbgString2);
}
if(_ismatch(src_address3,pattern) != -1)
{
RtlInitAnsiString(&aDbgString3,src_address3);
DbgPrint("%Z =>URL is Matched!!\n",&aDbgString3);
}else{
RtlInitAnsiString(&aDbgString3,src_address3);
DbgPrint("%Z =>URL Not Match!!\n",&aDbgString3);
}
return STATUS_SUCCESS;
}
pcre_regex.h
#define PCRE_STATIC // 静态库编译选项
#include "pcre.h"
#define OVECCOUNT 30 /* should be a multiple of 3 */
#define OVECCOUNTJIT 64 /*for jit*/
#define EBUFLEN 128
#define BUFLEN 1024
#define PCRE_BUG 0x80000000
#define MUA (PCRE_MULTILINE | PCRE_UTF8 | PCRE_NEWLINE_ANYCRLF)
#define MUAP (PCRE_MULTILINE | PCRE_UTF8 | PCRE_NEWLINE_ANYCRLF | PCRE_UCP)
#define CMUA (PCRE_CASELESS | PCRE_MULTILINE | PCRE_UTF8 | PCRE_NEWLINE_ANYCRLF)
#define CMUAP (PCRE_CASELESS | PCRE_MULTILINE | PCRE_UTF8 | PCRE_NEWLINE_ANYCRLF | PCRE_UCP)
#define MA (PCRE_MULTILINE | PCRE_NEWLINE_ANYCRLF)
#define MAP (PCRE_MULTILINE | PCRE_NEWLINE_ANYCRLF | PCRE_UCP)
#define CMA (PCRE_CASELESS | PCRE_MULTILINE | PCRE_NEWLINE_ANYCRLF)
/**
* @_ismatch 实现字符串并返回是否匹配
* @param src 源字符串
* @param pattern 正则表达式
* @return 如果返回非 -1 就是已匹配到
*/
int _ismatch( char* src, char* pattern)
{
pcre *re;
const char *error;
int erroffset;
int ovector[OVECCOUNT];
int result;
re = pcre_compile(pattern,// pattern, 输入参数,将要被编译的字符串形式的正则表达式
0, // options, 输入参数,用来指定编译时的一些选项
&error, // errptr, 输出参数,用来输出错误信息
&erroffset, // erroffset, 输出参数,pattern中出错位置的偏移量
NULL); // tableptr, 输入参数,用来指定字符表,一般情况用NULL
if (re == NULL) { //如果编译失败,返回错误信息
return -1;
}
result = pcre_exec(re, // code, 输入参数,用pcre_compile编译好的正则表达结构的指针
NULL, // extra, 输入参数,用来向pcre_exec传一些额外的数据信息的结构的指针
src, // subject, 输入参数,要被用来匹配的字符串
strlen(src), // length, 输入参数, 要被用来匹配的字符串的指针
0, // startoffset, 输入参数,用来指定subject从什么位置开始被匹配的偏移量
0, // options, 输入参数, 用来指定匹配过程中的一些选项
ovector, // ovector, 输出参数,用来返回匹配位置偏移量的数组
OVECCOUNT); // ovecsize, 输入参数, 用来返回匹配位置偏移量的数组的最大大小
if (result < 0) {
pcre_free(re);
return -1;
}
pcre_free(re);
return result;
}
加载示例
代码下载
pcre_driver_831.zip
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
|
|
|---|---|
|
|
|
|
|
~~~
|
|
|
|
|
|
|
|
|
[QUOTE=Qokelate;1296357]目测第6行转义不科学?
char* pattern = "(((file|gopher|news|nntp|telnet|http|ftp|https|ftps|sftp)://)|(www\.))+(([a-zA-Z0-9\._-]+\.[a-zA-Z]{2,6})|([0-9]{1,3}\.[...[/QUOTE] 具体哪个地方不科学还请指教~ 
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
