Trouble with regex

[Rnde]

Hello,

I'm trying to make my own custom script obfuscator, mostly to learn more about regular expression, however i have run into a generic problem that i've been stuck with for a few days even though it looks fairly easy.

I have this string:

Global $a = 1, $b

$c = $a + 1

 

I want to get all the variable names from lines starting with "Global", which is "$b" and "$a" in this case, in a single StringRegExp call.

 

I have tried this:

$sString = "Global $a, $b" & @CRLF & "$c = $a + 1" ;Given string
$aVariables = StringRegExp($sString, "\b(?U)Global (?:.*)\$(\w+)", 3)

 

And this:

$sString = "Global $a, $b" & @CRLF & "$c = $a + 1" ;Given string
$aVariables = StringRegExp($sString, "\b(?U)(?<=Global).*\$(\w+)", 3)

But so far it only captures the first variable with (?U) quantifier and the last variable without (?U).

Anyone knows what i'm doing wrong ? This will help me a lot of the future since i have come across problems similar like this many times before.

Thanks in advance.

Edited December 23, 2014 by Rnde

[mikell]

You will always get only one variable if you don't put an alternation in the lookbehind

Try this

#include <Array.au3>
$sString = 'Global $a, $b = 0, $c = "something"' & @CRLF & '$c = $a + 1'    ;Given string
$aVariables = StringRegExp($sString, "(?<=Global|,)\h*(\$\w+)", 3)
_ArrayDisplay($aVariables)

[guinness]

I will just say that you should temporarily remove comments and strings before using the above regular expression. I did alot of work for PreExpand on this subject.

[Rnde]

Hey

Thank you both for the replies.

@mikell: That's a brilliant and interesting take on the problem, i have been looking at it the wrong way the whole time.

But let's say now i have this string:

I have an eraser and 2 pencils

Jane has a ruler and a stapler

 

What if i want to get the name of the items that i have ?

The method you used for finding globally declared vars will apparently not work in this case. However i will give it a try and apply mikell's method, pardon if i'm being inept and cant come up with anyway more creative:

 

#include <array.au3>
$sString = 'I have 2 pencils and an eraser' & @CRLF & 'Jane has a ruler and a stapler'
$aMyItems = StringRegExp($sString, "(?<=I have|and) (?:a|an|\d+) (\w+)", 3)
_ArrayDisplay($aMyItems)

 

Apprently the above script will return both jane's and my items, i'm looking for a way to match a given string/expression at the absolute beginning of a line (or somewhere before the capturing group) if it's possible.

 

@guinness: Yes i actually process my target script with tidy.exe and au3stripper.exe before starting the obfuscation sequence.

 

Edited December 23, 2014 by Rnde

[mikell]

Alas, regex is not magic and can't solve all cases, and is a delicate thing which can easily fail

Sometimes the best way (as guinness warned) is to add some steps to make the code more secure

#include <array.au3>
$sString = 'I have 2 pencils and an eraser' & @CRLF & 'Jane has a ruler and a stapler' & @CRLF & 'I have also a brain'

Local $aMyItems[0]
$lines = StringSplit($sString, @crlf, 1)
For $i = 1 to $lines[0]
  If StringInStr($lines[$i], "I have") Then 
      $tmp = StringRegExp($lines[$i], "\h+(?:a|an|\d+)\h+(\w+)", 3)
      If IsArray($tmp) Then _ArrayAdd($aMyItems, $tmp)
  EndIf
Next  
_ArrayDisplay($aMyItems)

[guinness]

 

@guinness: Yes i actually process my target script with tidy.exe and au3stripper.exe before starting the obfuscation sequence.

 

 

Well this doesn't solve the problem if you have a string that contains "Global $aArray[] = [1, 2, 3, 4, 5]"

[SmOke_N]

Well this doesn't solve the problem if you have a string that contains "Global $aArray[] = [1, 2, 3, 4, 5]"

I had to step backwards in the code ( remove single and double quotes, continuation lines, comments, etc ) with EncodeIt obfuscator (before most of your time here).

I actually started writing another one 2 years ago just before I quit programming all together.

Anyway, It's funny, but just this morning, I had to do the single/double quote replacement for a pseudo function:

Take a look at $aDQ and $aSQ regex's.  Would probably use a larger number than %03d on stringformat, for a whole script though.

[guinness]

Oh cool. I came up with this a couple of years ago.

Edited December 24, 2014 by guinness

[kylomas]

F.Y.I.

This 

global _
            $a = 1, _
            $b = 2, _
            $c = 3

and many other variations are valid syntax...

[SmOke_N]

F.Y.I.

This 

global _
            $a = 1, _
            $b = 2, _
            $c = 3

and many other variations are valid syntax...

Exactly, which is what we're kind of talking about .

If you see my comment about what needs to be done:

store double quotes, replace them with temp val

store single quotes, replace them with temp val

remove comments: #comment/#ce/;

strip and remove continuation lines

Then you can start working on vars and funcs

Being sure to sort them from largest to smallest before replacing with obfuscated vars/func names

There's more, but you get the gist

[guinness]

F.Y.I.

This 

global _
            $a = 1, _
            $b = 2, _
            $c = 3

and many other variations are valid syntax...

Might want to check my link above.

Whoops, I was meant to post it: 

Edit: These functions might of be some use too: 

Edited December 24, 2014 by guinness

[Rnde]

Thanks all for the replies, those were some helpful info.

 

@guinness: i know what you mean now, i also looked at the referred threads, processing literal strings first is indeed the correct way, i have tried the method that grabs all the strings and replace them one by one but this method's performance was getting proportionally slow the more literal strings the script contains.

 

So, i came up with a way to do all the string processing in 1 call, this also works on strings that contain both single and double quote for me so far:

 

$sTargetDir = "SomeScript_stripped.au3" ;Only works on tidied and stripped scripts
$sScriptContent = FileRead($sTargetDir)
$sScriptContent = Execute('"' & StringRegExpReplace($sScriptContent, "( |, |\x28|\R|\x2C|\x5B)(?<quote>\x22|\x27)(.*?)(\k<quote>)(\R|\x2C|\x26|\x29| |\x3B|\x5D)", '$1" & _ObfConvertString($2$3$4) & "$5') & '"')

ConsoleWrite(@CRLF & $sScriptContent & @CRLF)

Func _ObfConvertString($sfString)
    $sBinaryString = StringToBinary($sfString, 4)
    $sfResult = 'BinaryToString' & '("' & $sBinaryString & '")'
    Return $sfResult
EndFunc

Main part of the above script:

$sScriptContent = Execute('"' & StringRegExpReplace($sScriptContent, "( |, |\x28|\R|\x2C|\x5B)(?<quote>\x22|\x27)(.*?)(\k<quote>)(\R|\x2C|\x26|\x29| |\x3B|\x5D)", '$1" & _ObfConvertString($2$3$4) & "$5') & '"')

 

@mikell: And i agree with you on the delicacies part, working with string regex is like building the Eiffel tower with toothpicks and duct tape. But regex is pure magic to me

Edited December 24, 2014 by Rnde