Solved

Problem reading file sections

Posted on 2013-05-15
8
233 Views
Last Modified: 2013-05-16
Hi all.

I'm monitoring an installation on Windows using Advanced Uninstaller PRO. This software produces a log file like the following:

==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

Open in new window


Using Php, from this file I need to get two or three arrays: the first one with all paths with no file name specified (like C:\Program Files\CollabNet), the second one listing all files installed (C:\Program Files\CollabNet\changelog.txt, C:\Program Files\CollabNet\diff.exe and so on) and last the third array holding all registry keys affected ( hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A and so on).

So far I have written the following code:

$path = 'C:/xampp/htdocs/test/instLogs/';
$source = 'monitored_report.txt';
$destPaths = 'paths.txt';
$destKeys = 'keys.txt';
$paths = array();
$keys = array();
$f = file_get_contents($path . $source);
$f = str_replace("\r", "", $f);
preg_match_all('/(?<=(Operation Added)|(Operation changed))[^-]*(?=--+)/', $f, $matches);
foreach ($matches[0] as $value) {
  if (stristr($value, "Path")){
    preg_match_all("/(?<=Path\s).*$/m", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    $p1 = preg_replace('/\sName\s/', '', $p1);
    if (!empty($p1)) array_push($paths, $p1);
  }elseif (stristr($value, "Key")){
    preg_match_all("/(?<=Key\s).*$/", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    if (!empty($p1)) array_push($keys, $p1);
  }
}
$keys2 = array_unique($keys);
file_put_contents($path.$destPaths, print_r($paths, true));
file_put_contents($path.$destKeys, print_r($keys2, true));

Open in new window


This code works but with some problem: for instance I have some registry keys in the paths file and some path in registry keys file. So I thought to divide the file in two section using this:

preg_match("/(?<=Files\sand\sfolders\sreport).*(?=Registry\sreport(\=){42})/sm", $f, $m);

Open in new window

and

preg_match("/(?<=Registry\sreport).*(?=INI\sfiles\sreport(\=){42})/sm", $f, $m);

Open in new window


but these two expressions work in RegexBuddy but within the php script they return empty array.

Can someone give me some help, please?

Thanks to all in advance

Marco
0
Comment
Question by:Marco Gasi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 39171326
See if this gets you any closer.
http://www.laprbass.com/RAY_temp_marqusG.php
<?php // RAY_temp_marqusg.php
error_reporting(E_ALL);

// USE NOWDOC NOTATION TO SIMULATE THE LOG FILE
$dat = <<<'EOD'
==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

EOD;

// SIMULATE READING THE LOG FILE
$arr = explode(PHP_EOL, $dat);

// PROCESS THE RECORDS
foreach ($arr as $str)
{
    // CORRECT DIRECTORY SEPARATORS
	$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

    // REMOVE EXTRANEOUS WHITE SPACE, IF ANY
    $str = trim($str);

    // IS THIS A PATH?
    if (substr($str,0,4) == 'Path')
    {
        $path = substr($str,5);
        $paths[$path] = $path;
    }

    // IS THIS A NAME?
    if (substr($str,0,4) == 'Name')
    {
        $name = substr($str,5);
        $names[$path . $name] = $path . $name;
    }

    // IS THIS A KEY
    if (substr($str,0,3) == 'Key')
    {
        $key = substr($str,4);
        $keys[$key] = $key;
    }
}

// SHOW THE WORK PRODUCTS
var_dump($paths, $names, $keys);

Open in new window

Best regards, ~Ray
0
 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171739
Hi Ray.
Thanks for your assistance. Unfortunately, your snippets works great for keys, but returns empty arrays for names and paths.

I has tried something like what you suggested but it seems that the conditions

if (substr($str,0,4) == 'Path')

and

if (substr($str,0,4) == 'Name')

result to be always false!

So I used stristr function but since the string 'Path' is present even in some key value and the string 'Key' is present in some path I get some wrong line.

Then I tried to use regex. So the proble now is: why (substr($str,0,4) == 'Name') doesn't work?
0
 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171808
The problem is with explode used with the file as it is formatted: it returns an array as following:
only one element which is a long long string and contains old Operation added Path name etc
one element for each registry key.

I checked the file with Notepad++ setting it to show all symbols and I saw that in the 'registry section' (let me call it this way) each line ends with CRLF whereas in the 'path section' where it lists installed files each line ends with CR only so PHP_EOL doesn't work... I go to try a thing
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171841
Well, I got it!

Replacing PHP_EOL with "\r" (explode("\r", $dat);) it returns all data. Only a question: I expected to get correct values for path and names but explode function failed with keys since they are terminated with CRLF, that is "\r\n": why the simple "\r" works even against "\r\n"? If my question is not clear, just tell me and I'll try to make it more clear :)
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39171855
PHP_EOL should be correct on all PHP machines, however when you move a file from Linux to Windows, edit it with Notepad++ or similar, etc., the end-of-line characters can get screwed up, and they wind up being "out of context."  And the Windows DIRECTORY_SEPARATOR character unfortunately happens to be the PHP escape character.  So there is always some tinkering and data normalization necessary to get to usable strings.  That's why I like to use trim() a lot. ;-)
0
 
LVL 31

Author Comment

by:Marco Gasi
ID: 39171884
Oh, and that's why you used

$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

which I didn't understand.

Thank you so mutch, Ray!

Cheers
Marco
0
 
LVL 31

Author Closing Comment

by:Marco Gasi
ID: 39171886
Thanks again, Ray :)
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39171935
Thanks for the points!  Best regards, ~Ray
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses how to implement server side field validation and display customized error messages to the client.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

689 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question