Solved

Problem reading file sections

Posted on 2013-05-15
8
230 Views
Last Modified: 2013-05-16
Hi all.

I'm monitoring an installation on Windows using Advanced Uninstaller PRO. This software produces a log file like the following:

==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

Open in new window


Using Php, from this file I need to get two or three arrays: the first one with all paths with no file name specified (like C:\Program Files\CollabNet), the second one listing all files installed (C:\Program Files\CollabNet\changelog.txt, C:\Program Files\CollabNet\diff.exe and so on) and last the third array holding all registry keys affected ( hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A and so on).

So far I have written the following code:

$path = 'C:/xampp/htdocs/test/instLogs/';
$source = 'monitored_report.txt';
$destPaths = 'paths.txt';
$destKeys = 'keys.txt';
$paths = array();
$keys = array();
$f = file_get_contents($path . $source);
$f = str_replace("\r", "", $f);
preg_match_all('/(?<=(Operation Added)|(Operation changed))[^-]*(?=--+)/', $f, $matches);
foreach ($matches[0] as $value) {
  if (stristr($value, "Path")){
    preg_match_all("/(?<=Path\s).*$/m", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    $p1 = preg_replace('/\sName\s/', '', $p1);
    if (!empty($p1)) array_push($paths, $p1);
  }elseif (stristr($value, "Key")){
    preg_match_all("/(?<=Key\s).*$/", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    if (!empty($p1)) array_push($keys, $p1);
  }
}
$keys2 = array_unique($keys);
file_put_contents($path.$destPaths, print_r($paths, true));
file_put_contents($path.$destKeys, print_r($keys2, true));

Open in new window


This code works but with some problem: for instance I have some registry keys in the paths file and some path in registry keys file. So I thought to divide the file in two section using this:

preg_match("/(?<=Files\sand\sfolders\sreport).*(?=Registry\sreport(\=){42})/sm", $f, $m);

Open in new window

and

preg_match("/(?<=Registry\sreport).*(?=INI\sfiles\sreport(\=){42})/sm", $f, $m);

Open in new window


but these two expressions work in RegexBuddy but within the php script they return empty array.

Can someone give me some help, please?

Thanks to all in advance

Marco
0
Comment
Question by:Marco Gasi
  • 5
  • 3
8 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39171326
See if this gets you any closer.
http://www.laprbass.com/RAY_temp_marqusG.php
<?php // RAY_temp_marqusg.php
error_reporting(E_ALL);

// USE NOWDOC NOTATION TO SIMULATE THE LOG FILE
$dat = <<<'EOD'
==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

EOD;

// SIMULATE READING THE LOG FILE
$arr = explode(PHP_EOL, $dat);

// PROCESS THE RECORDS
foreach ($arr as $str)
{
    // CORRECT DIRECTORY SEPARATORS
	$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

    // REMOVE EXTRANEOUS WHITE SPACE, IF ANY
    $str = trim($str);

    // IS THIS A PATH?
    if (substr($str,0,4) == 'Path')
    {
        $path = substr($str,5);
        $paths[$path] = $path;
    }

    // IS THIS A NAME?
    if (substr($str,0,4) == 'Name')
    {
        $name = substr($str,5);
        $names[$path . $name] = $path . $name;
    }

    // IS THIS A KEY
    if (substr($str,0,3) == 'Key')
    {
        $key = substr($str,4);
        $keys[$key] = $key;
    }
}

// SHOW THE WORK PRODUCTS
var_dump($paths, $names, $keys);

Open in new window

Best regards, ~Ray
0
 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171739
Hi Ray.
Thanks for your assistance. Unfortunately, your snippets works great for keys, but returns empty arrays for names and paths.

I has tried something like what you suggested but it seems that the conditions

if (substr($str,0,4) == 'Path')

and

if (substr($str,0,4) == 'Name')

result to be always false!

So I used stristr function but since the string 'Path' is present even in some key value and the string 'Key' is present in some path I get some wrong line.

Then I tried to use regex. So the proble now is: why (substr($str,0,4) == 'Name') doesn't work?
0
 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171808
The problem is with explode used with the file as it is formatted: it returns an array as following:
only one element which is a long long string and contains old Operation added Path name etc
one element for each registry key.

I checked the file with Notepad++ setting it to show all symbols and I saw that in the 'registry section' (let me call it this way) each line ends with CRLF whereas in the 'path section' where it lists installed files each line ends with CR only so PHP_EOL doesn't work... I go to try a thing
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171841
Well, I got it!

Replacing PHP_EOL with "\r" (explode("\r", $dat);) it returns all data. Only a question: I expected to get correct values for path and names but explode function failed with keys since they are terminated with CRLF, that is "\r\n": why the simple "\r" works even against "\r\n"? If my question is not clear, just tell me and I'll try to make it more clear :)
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39171855
PHP_EOL should be correct on all PHP machines, however when you move a file from Linux to Windows, edit it with Notepad++ or similar, etc., the end-of-line characters can get screwed up, and they wind up being "out of context."  And the Windows DIRECTORY_SEPARATOR character unfortunately happens to be the PHP escape character.  So there is always some tinkering and data normalization necessary to get to usable strings.  That's why I like to use trim() a lot. ;-)
0
 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171884
Oh, and that's why you used

$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

which I didn't understand.

Thank you so mutch, Ray!

Cheers
Marco
0
 
LVL 31

Author Closing Comment

by:Marco Gasi
ID: 39171886
Thanks again, Ray :)
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39171935
Thanks for the points!  Best regards, ~Ray
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question