Solved

Problem reading file sections

Posted on 2013-05-15
8
227 Views
Last Modified: 2013-05-16
Hi all.

I'm monitoring an installation on Windows using Advanced Uninstaller PRO. This software produces a log file like the following:

==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

Open in new window


Using Php, from this file I need to get two or three arrays: the first one with all paths with no file name specified (like C:\Program Files\CollabNet), the second one listing all files installed (C:\Program Files\CollabNet\changelog.txt, C:\Program Files\CollabNet\diff.exe and so on) and last the third array holding all registry keys affected ( hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A and so on).

So far I have written the following code:

$path = 'C:/xampp/htdocs/test/instLogs/';
$source = 'monitored_report.txt';
$destPaths = 'paths.txt';
$destKeys = 'keys.txt';
$paths = array();
$keys = array();
$f = file_get_contents($path . $source);
$f = str_replace("\r", "", $f);
preg_match_all('/(?<=(Operation Added)|(Operation changed))[^-]*(?=--+)/', $f, $matches);
foreach ($matches[0] as $value) {
  if (stristr($value, "Path")){
    preg_match_all("/(?<=Path\s).*$/m", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    $p1 = preg_replace('/\sName\s/', '', $p1);
    if (!empty($p1)) array_push($paths, $p1);
  }elseif (stristr($value, "Key")){
    preg_match_all("/(?<=Key\s).*$/", $value, $p);
    foreach ($p[0] as $v) $p1 = $v;
    if (!empty($p1)) array_push($keys, $p1);
  }
}
$keys2 = array_unique($keys);
file_put_contents($path.$destPaths, print_r($paths, true));
file_put_contents($path.$destKeys, print_r($keys2, true));

Open in new window


This code works but with some problem: for instance I have some registry keys in the paths file and some path in registry keys file. So I thought to divide the file in two section using this:

preg_match("/(?<=Files\sand\sfolders\sreport).*(?=Registry\sreport(\=){42})/sm", $f, $m);

Open in new window

and

preg_match("/(?<=Registry\sreport).*(?=INI\sfiles\sreport(\=){42})/sm", $f, $m);

Open in new window


but these two expressions work in RegexBuddy but within the php script they return empty array.

Can someone give me some help, please?

Thanks to all in advance

Marco
0
Comment
Question by:Marco Gasi
  • 5
  • 3
8 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
See if this gets you any closer.
http://www.laprbass.com/RAY_temp_marqusG.php
<?php // RAY_temp_marqusg.php
error_reporting(E_ALL);

// USE NOWDOC NOTATION TO SIMULATE THE LOG FILE
$dat = <<<'EOD'
==========================================
Files and folders report
==========================================



Operation Added
Path C:\Program Files\CollabNet
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name apr_ldap-1.dll
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name changelog.txt
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff3.exe
---------------------------------------

Operation Added
Path C:\Program Files\CollabNet\
Name diff4.exe
--------------------------------------

etc...

==========================================
Registry report
==========================================



Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
---------------------------------------

Operation Deleted
Key hkey_users\.DEFAULT\Software\Classes\Local Settings\MuiCache\1A\7F06864B
Value name @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Data Windows Defender
---------------------------------------

==========================================
INI files report
==========================================

The program performed no INI file operations

EOD;

// SIMULATE READING THE LOG FILE
$arr = explode(PHP_EOL, $dat);

// PROCESS THE RECORDS
foreach ($arr as $str)
{
    // CORRECT DIRECTORY SEPARATORS
	$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

    // REMOVE EXTRANEOUS WHITE SPACE, IF ANY
    $str = trim($str);

    // IS THIS A PATH?
    if (substr($str,0,4) == 'Path')
    {
        $path = substr($str,5);
        $paths[$path] = $path;
    }

    // IS THIS A NAME?
    if (substr($str,0,4) == 'Name')
    {
        $name = substr($str,5);
        $names[$path . $name] = $path . $name;
    }

    // IS THIS A KEY
    if (substr($str,0,3) == 'Key')
    {
        $key = substr($str,4);
        $keys[$key] = $key;
    }
}

// SHOW THE WORK PRODUCTS
var_dump($paths, $names, $keys);

Open in new window

Best regards, ~Ray
0
 
LVL 30

Author Comment

by:Marco Gasi
Comment Utility
Hi Ray.
Thanks for your assistance. Unfortunately, your snippets works great for keys, but returns empty arrays for names and paths.

I has tried something like what you suggested but it seems that the conditions

if (substr($str,0,4) == 'Path')

and

if (substr($str,0,4) == 'Name')

result to be always false!

So I used stristr function but since the string 'Path' is present even in some key value and the string 'Key' is present in some path I get some wrong line.

Then I tried to use regex. So the proble now is: why (substr($str,0,4) == 'Name') doesn't work?
0
 
LVL 30

Author Comment

by:Marco Gasi
Comment Utility
The problem is with explode used with the file as it is formatted: it returns an array as following:
only one element which is a long long string and contains old Operation added Path name etc
one element for each registry key.

I checked the file with Notepad++ setting it to show all symbols and I saw that in the 'registry section' (let me call it this way) each line ends with CRLF whereas in the 'path section' where it lists installed files each line ends with CR only so PHP_EOL doesn't work... I go to try a thing
0
 
LVL 30

Author Comment

by:Marco Gasi
Comment Utility
Well, I got it!

Replacing PHP_EOL with "\r" (explode("\r", $dat);) it returns all data. Only a question: I expected to get correct values for path and names but explode function failed with keys since they are terminated with CRLF, that is "\r\n": why the simple "\r" works even against "\r\n"? If my question is not clear, just tell me and I'll try to make it more clear :)
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
PHP_EOL should be correct on all PHP machines, however when you move a file from Linux to Windows, edit it with Notepad++ or similar, etc., the end-of-line characters can get screwed up, and they wind up being "out of context."  And the Windows DIRECTORY_SEPARATOR character unfortunately happens to be the PHP escape character.  So there is always some tinkering and data normalization necessary to get to usable strings.  That's why I like to use trim() a lot. ;-)
0
 
LVL 30

Author Comment

by:Marco Gasi
Comment Utility
Oh, and that's why you used

$str = str_replace("\\", DIRECTORY_SEPARATOR, $str);

which I didn't understand.

Thank you so mutch, Ray!

Cheers
Marco
0
 
LVL 30

Author Closing Comment

by:Marco Gasi
Comment Utility
Thanks again, Ray :)
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Thanks for the points!  Best regards, ~Ray
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now