php/dos : How do you parse a regedit export file?

Posted by phill on Stack Overflow See other posts from Stack Overflow or by phill
Published on 2009-02-23T20:29:13Z Indexed on 2010/03/22 18:11 UTC
Read the original article Hit count: 325

Filed under:
|
|
|

My objective is to look for Company key-value in the registry hive and then pull the corresponding Guid and other keys and values following it. So I figured i would run the regedit export command and then parse the file with php for the keys I need.

So after running the dos batch command

>regedit /E "output.txt" "HKLM\System....\Company1"

The output textfile seems to be in some kind of UNICODE format which isn't regex friendly. I'm using php to parse the file and pull the keys.

Here is the php code i'm using to parse the file

<?php 

$regfile = "output.txt";


$handle = fopen ("c:\\\\" . $regfile,"r");
//echo "handle: " . $file . "<br>";
$row = 1;


while ((($data = fgets($handle, 1024)) !== FALSE) ) {

    $num = count($data);
    echo "$num fields in line $row: \n";

$reg_section = $data;   
//$reg_section = "[HKEY_LOCAL_MACHINE\SOFTWARE\TECHNOLOGIES\MEDIUS\CONFIG MANAGER\SYSTEM\COMPANIES\RECORD11]";

$pattern = "/^(\[HKEY_LOCAL_MACHINE\\\SOFTWARE\\\TECHNOLOGIES\\\MEDIUS\\\CONFIG MANAGER\\\SYSTEM\\\COMPANIES\\\RECORD(\d+)\])$/";
if ( preg_match($pattern, $reg_section )) { 

echo "<font color=red>Found</font><br>"; 

} else { 
echo "not found<br>"; 
echo $data . "<br>";
}
$row++;
} //end while 
fclose($handle);


?>

and the output looks like this....

1 fields in line 1: not found ÿþW?i?n?d?o?w?s? ?R?e?g?i?s?t?r?y? ?E?d?i?t?o?r? ?V?e?r?s?i?o?n? ?5?.?0?0? ? 1 fields in line 2: not found

1 fields in line 3: not found [?H?K?E?Y??L?O?C?A?L??M?A?C?H?I?N?E?\?S?O?F?T?W?A?R?E?\?I?N?T?E?R?S?T?A?R? ?T?E?C?H?N?O?L?O?G?I?E?S?\?X?M?E?D?I?U?S?\?C?O?N?F?I?G? ?M?A?N?A?G?E?R?\?S?Y?S?T?E?M?\?C?O?M?P?A?N?I?E?S?]? ? 1 fields in line 4: not found "?N?e?x?t? ?R?e?c?o?r?d? ?I?D?"?=?"?4?1?"? ? 1 fields in line 5: not found

Any ideas how to approach this?

thanks in advance

© Stack Overflow or respective owner

Related posts about php

Related posts about regedit