Regex string search on binary files crashing

[skinnedknuckles]

First, I love grepWin and could not live a day without it.

With help from AmigoJack I've discovered that 32-bit .NET dlls can be distinguished from 64-bit .NET dlls by searching the dll file for one of the following regex search strings.

For x64 (64 bit) search for ^MZ.{62,2046}PE\x00\x00\x64\x86.{18}\x0b[\x01\x02] for x86 (32 bit) search for ^MZ.{62,2046}PE\x00\x00\x4c\x01.{18}\x0b[\x01\x02]

We have confirmed these regex search strings work in Notepad++ for the following files: C:\Windows\SysWOW64\quartz.dll C:\Windows\System32\quartz.dll (this library should be 64-bit but was 32-bit on my computer so I used the file below which is 64-bit) C:\Windows\WinSxS\amd64_microsoft-windows-directshow-core_31bf3856ad364e35_10.0.19041.746_none_846982ad4cb57051\quartz.dll Or you can choose any other dll.

Reproducing the error I have been using the following directory which has 276 dlls both 32-bit and 64-bit in it for testing these regex search strings: C:\Windows\Microsoft.NET\Framework64\v4.0.30319
The issue should be revealed through the following 4 test senarios Use 32-bit search string ^MZ.{62,2046}PE\x00\x00\x4c\x01.{18}\x0b[\x01\x02] and "Treat files as binary unchecked" finds 220 files (this seems pausible). Use 64-bit search string ^MZ.{62,2046}PE\x00\x00\x64\x86.{18}\x0b[\x01\x02] and "Treat files as binary unchecked" finds 0 files (this should be 56 or at least some non-zero value). Use 32-bit search string ^MZ.{62,2046}PE\x00\x00\x4c\x01.{18}\x0b[\x01\x02] and "Treat files as binary checked" crashes. Use 64-bit search string ^MZ.{62,2046}PE\x00\x00\x64\x86.{18}\x0b[\x01\x02] and "Treat files as binary checked" crashes.

You can view screenshots of the first 2 scenarios above here or inserted below

Please let me know if you need more details beyond what is shown below.

A detailed background of my quest is available here on StackOverflow.

I'm using grepWin verion 2.0.8.1054 2021/05/24 18:08:22

Here are my Device Specificatons: Device name USRTC-JONAAND Full device name USRTC-JONAAND.emrsn.org Processor Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz 2.59 GHz Installed RAM 32.0 GB (31.8 GB usable) Device ID E24DD695-A862-4548-A537-C67B66ECC804 Product ID 00330-80000-00000-AA256 System type 64-bit operating system, x64-based processor Pen and touch No pen or touch input is available for this display

Here are my Windows specifications: Edition Windows 10 Enterprise Version 20H2 Installed on ‎2/‎15/‎2022 OS build 19042.2486 Experience Windows Feature Experience Pack 120.2212.4190.0

[stefankueng]

that's a crash in the boost regex engine. Can't really fix this myself...

[stefankueng]

Maybe I can try a workaround.

[stefankueng]

nope, workaround does not work :(

[skinnedknuckles]

I've discovered the following search strings work instead without crashing.

PE\x00\x00\x4c\x01.{18}\x0b[\x01\x02] PE\x00\x00\x64\x86.{18}\x0b[\x01\x02]

THanks!

[stefankueng]

closing this since it's a problem in boost::regex