updated findSymbols.py

windows/README.md

@@ -49,15 +49,12 @@ Output filtering:
   
   Example run:
 ```
-cmd> py findSymbols.py "c:\Program Files\Microsoft Office" -r -u -s exec -s launch -s run -s process -s eval
+cmd> py findSymbols.py "c:\Program Files\Microsoft Office" -e -r -u -s exec -s launch -s run -s process -s eval -s dcom -s dde -s pipe
 ```
 
-  Searches for imports and exports in MS Office PE executables matching any of `'exec','launch','run','process','eval'` regular expressions.
+  Searches for unique exports in MS Office PE executables matching any of `'exec','launch','run','process','eval','dcom','dde','pipe'` regular expressions in their names.
 
 ```
-| 562 |  AppvIsvSubsystems64.dll | import |     rpcrt4.dll      |  RpcServerUnregisterIf  |  2004368  |     c:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll      |
-| 563 |        DBGCORE.DLL       | import |      ntdll.dll      |  RtlRunOnceExecuteOnce  |  175056   |           c:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL            |
-| 564 |       mscss7ge.dll       | export |    mscss7ge.dll     |    RunCssWordBreaker    |  556488   |           c:\Program Files\Microsoft Office\root\Office16\mscss7ge.dll           |
 | 565 |    PRIVATE_ODBC32.dll    | export | PRIVATE_ODBC32.dll  |      SQLExecDirect      |  734088   | c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for |
 |     |                          |        |                     |                         |           |                     Excel Integrated\bin\PRIVATE_ODBC32.dll                      |
 | 566 |    PRIVATE_ODBC32.dll    | export | PRIVATE_ODBC32.dll  |      SQLExecDirectA     |  734088   | c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for |

windows/findSymbols.py

@@ -108,36 +108,36 @@ def verifyCriterias(args, regexes, infos, uniqueSymbols):
 
     regexesVerified = sum([len(v) for k, v in regexes.items()])
 
-    for rex in regexes['not-name']:
+    for name, rex in regexes['not-name']:
         match = rex.search(infos['symbol'])
         if match:
-            verbose(args, f'(-) Skipping symbol {infos["module"]}.{infos["symbol"]} as it DID satisfy not-name regex.')
+            verbose(args, f'(-) Skipping symbol {infos["module"]}.{infos["symbol"]} as it DID satisfy not-name ({name}) regex.')
             return False
 
-    for rex in regexes['not-module']:
+    for name, rex in regexes['not-module']:
         match = rex.search(infos['module'])
         if match:
-            verbose(args, f'(-) Skipping symbol\'s module {infos["module"]}.{infos["symbol"]} as it DID satisfy not-module regex.')
+            verbose(args, f'(-) Skipping symbol\'s module {infos["module"]}.{infos["symbol"]} as it DID satisfy not-module ({name}) regex.')
             return False
 
     satisifed = False
     carryOn = False
 
     if len(regexes['module']) > 0:
-        for rex in regexes['module']:
+        for name, rex in regexes['module']:
             match = rex.search(infos['module'])
             if match:
-                verbose(args, f'(+) Symbol\'s module {infos["module"]}.{infos["symbol"]} satisfied module regex.')
+                verbose(args, f'(+) Symbol\'s module {infos["module"]}.{infos["symbol"]} satisfied module ({name}) regex.')
                 carryOn = True
                 break
     else:
         carryOn = True
 
     if carryOn:
-        for rex in regexes['name']:
+        for name, rex in regexes['name']:
             match = rex.search(infos['symbol'])
             if match:
-                verbose(args, f'(+) Symbol {infos["module"]}.{infos["symbol"]} satisfied name regex.')
+                verbose(args, f'(+) Symbol {infos["module"]}.{infos["symbol"]} satisfied name ({name}) regex.')
                 satisifed = True
                 break
 
@@ -312,16 +312,16 @@ def opts(argv):
     }
 
     for name in args.name:
-        regexes['name'].append(re.compile(accomodate_rex(name), re.I))
+        regexes['name'].append((name, re.compile(accomodate_rex(name), re.I)))
 
     for not_name in args.not_name:
-        regexes['not-name'].append(re.compile(accomodate_rex(not_name), re.I))
+        regexes['not-name'].append((not_name, re.compile(accomodate_rex(not_name), re.I)))
 
     for module in args.module:
-        regexes['module'].append(re.compile(accomodate_rex(module), re.I))
+        regexes['module'].append((module, re.compile(accomodate_rex(module), re.I)))
 
     for not_module in args.not_module:
-        regexes['not-module'].append(re.compile(accomodate_rex(not_module), re.I))
+        regexes['not-module'].append((not_module, re.compile(accomodate_rex(not_module), re.I)))
 
     return args, regexes