[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

Problem reading file sections

Hi all.

I'm monitoring an installation on Windows using Advanced Uninstaller PRO. This software produces a log file like the following:

==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

Open in new window


Using Php, from this file I need to get two or three arrays: the first one with all paths with no file name specified (like C:\Program Files\CollabNet), the second one listing all files installed (C:\Program Files\CollabNet\changelog.txt, C:\Program Files\CollabNet\diff.exe and so on) and last the third array holding all registry keys affected ( hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A and so on).

So far I have written the following code:

$path = 'C:/xampp/htdocs/test/instLogs/';
$source = 'monitored_report.txt';
$destPaths = 'paths.txt';
$destKeys = 'keys.txt';
$paths = array();
$keys = array();
$f = file_get_contents($path . $source);
$f = str_replace("\r", "", $f);
preg_match_all('/(?<=(Operation Added)|(Operation changed))[^-]*(?=--+)/', $f, $matches);
foreach ($matches[0] as $value) {
  if (stristr($value, "Path")){
    preg_match_all("/(?<=Path\s).*$/m", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    $p1 = preg_replace('/\sName\s/', '', $p1);
    if (!empty($p1)) array_push($paths, $p1);
  }elseif (stristr($value, "Key")){
    preg_match_all("/(?<=Key\s).*$/", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    if (!empty($p1)) array_push($keys, $p1);
  }
}
$keys2 = array_unique($keys);
file_put_contents($path.$destPaths, print_r($paths, true));
file_put_contents($path.$destKeys, print_r($keys2, true));

Open in new window


This code works but with some problem: for instance I have some registry keys in the paths file and some path in registry keys file. So I thought to divide the file in two section using this:

preg_match("/(?<=Files\sand\sfolders\sreport).*(?=Registry\sreport(\=){42})/sm", $f, $m);

Open in new window

and

preg_match("/(?<=Registry\sreport).*(?=INI\sfiles\sreport(\=){42})/sm", $f, $m);

Open in new window


but these two expressions work in RegexBuddy but within the php script they return empty array.

Can someone give me some help, please?

Thanks to all in advance

Marco
0
Marco Gasi
Asked:
Marco Gasi
  • 5
  • 3
1 Solution
 
Ray PaseurCommented:
See if this gets you any closer.
http://www.laprbass.com/RAY_temp_marqusG.php
<?php // RAY_temp_marqusg.php
error_reporting(E_ALL);

// USE NOWDOC NOTATION TO SIMULATE THE LOG FILE
$dat = <<<'EOD'
==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

EOD;

// SIMULATE READING THE LOG FILE
$arr = explode(PHP_EOL, $dat);

// PROCESS THE RECORDS
foreach ($arr as $str)
{
    // CORRECT DIRECTORY SEPARATORS
	$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

    // REMOVE EXTRANEOUS WHITE SPACE, IF ANY
    $str = trim($str);

    // IS THIS A PATH?
    if (substr($str,0,4) == 'Path')
    {
        $path = substr($str,5);
        $paths[$path] = $path;
    }

    // IS THIS A NAME?
    if (substr($str,0,4) == 'Name')
    {
        $name = substr($str,5);
        $names[$path . $name] = $path . $name;
    }

    // IS THIS A KEY
    if (substr($str,0,3) == 'Key')
    {
        $key = substr($str,4);
        $keys[$key] = $key;
    }
}

// SHOW THE WORK PRODUCTS
var_dump($paths, $names, $keys);

Open in new window

Best regards, ~Ray
0
 
Marco GasiFreelancerAuthor Commented:
Hi Ray.
Thanks for your assistance. Unfortunately, your snippets works great for keys, but returns empty arrays for names and paths.

I has tried something like what you suggested but it seems that the conditions

if (substr($str,0,4) == 'Path')

and

if (substr($str,0,4) == 'Name')

result to be always false!

So I used stristr function but since the string 'Path' is present even in some key value and the string 'Key' is present in some path I get some wrong line.

Then I tried to use regex. So the proble now is: why (substr($str,0,4) == 'Name') doesn't work?
0
 
Marco GasiFreelancerAuthor Commented:
The problem is with explode used with the file as it is formatted: it returns an array as following:
only one element which is a long long string and contains old Operation added Path name etc
one element for each registry key.

I checked the file with Notepad++ setting it to show all symbols and I saw that in the 'registry section' (let me call it this way) each line ends with CRLF whereas in the 'path section' where it lists installed files each line ends with CR only so PHP_EOL doesn't work... I go to try a thing
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Marco GasiFreelancerAuthor Commented:
Well, I got it!

Replacing PHP_EOL with "\r" (explode("\r", $dat);) it returns all data. Only a question: I expected to get correct values for path and names but explode function failed with keys since they are terminated with CRLF, that is "\r\n": why the simple "\r" works even against "\r\n"? If my question is not clear, just tell me and I'll try to make it more clear :)
0
 
Ray PaseurCommented:
PHP_EOL should be correct on all PHP machines, however when you move a file from Linux to Windows, edit it with Notepad++ or similar, etc., the end-of-line characters can get screwed up, and they wind up being "out of context."  And the Windows DIRECTORY_SEPARATOR character unfortunately happens to be the PHP escape character.  So there is always some tinkering and data normalization necessary to get to usable strings.  That's why I like to use trim() a lot. ;-)
0
 
Marco GasiFreelancerAuthor Commented:
Oh, and that's why you used

$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

which I didn't understand.

Thank you so mutch, Ray!

Cheers
Marco
0
 
Marco GasiFreelancerAuthor Commented:
Thanks again, Ray :)
0
 
Ray PaseurCommented:
Thanks for the points!  Best regards, ~Ray
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now