Could someone please explain to me why the difference between matching in the two examples below?
Thanks!
q: type of value
"foo" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string A: REG_EXPAND_SZ I: singular string q: value
"foo" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string A: c:\foo, c:\bar%00 I: singular string q: regex
".*,.*" = (value
"foo" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string) A: False I: singular
boolean q: regex
".*,.*\x00" = (value
"foo" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string) A: False I: singular
boolean q: regex
".*,.*" = preceding text of first
"%00" of (value
"foo" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string) A: True I: singular
boolean
and -
q: type of value
"bar" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string A: REG_SZ I: singular string q: value
"bar" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string A: c:\foo, c:\bar I: singular string q: regex
".,." = (value
"bar" of key
"HKEY_LOCAL_MACHINE\SOFTWARE" of registry as string) A: True I: singular
Would this be related to their library or instead the understanding of the results passed back to the relevance debugger? Or am I missing the point entirely?
Thanks for the contains approach - I like that better than the regex = method.
Hmmm… well… I am not 100% sure… but if I had to guess I think that our regex inspectors are always in “text” mode and nulls terminate text strings. So looking for a null in text won’t work (but if we allowed for binary regex, it would work).