CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Win32 Programming Help:
Problems reading Windows Registry dumps

 



shinzo_abe
New User

Oct 2, 2007, 6:00 PM

Post #1 of 3 (4826 views)
Problems reading Windows Registry dumps Can't Post

I'm trying to read a .reg file dumped out of regedit, do some simple search and replace processing, and write it back to file. While this should be an incredibly simple operation, I'm having what appear to be some encoding issues that are preventing perl from understanding the read in file and spitting a lot of garbage back out the other end. For example, a registry file beginning this way:


Code
Windows Registry Editor Version 5.00 

[HKEY_CURRENT_USER]

[HKEY_CURRENT_USER\AppEvents]

[HKEY_CURRENT_USER\AppEvents\EventLabels]

[HKEY_CURRENT_USER\AppEvents\EventLabels\.Default]
@="Default Beep"
"DispFileName"="@mmsys.cpl,-5824"

[HKEY_CURRENT_USER\AppEvents\EventLabels\ActivatingDocument]
@="Complete Navigation"
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,33,00,32,00,31,00,00,00


and run through this code (which isn't even doing any processing mind you):


Code
my $reg = ""; 
open IN, "< $infile" || die "$0: $infile: $!";
open OUT, "> $outfile" || die "$0: $outfile: $!";
while(<IN>) { $reg .= $_; }
print OUT $reg;
close IN;
close OUT;


produces the following output:


Code
Windows Registry Editor Version 5.00 
???
[HKEY_CURRENT_USER]
???
[HKEY_CURRENT_USER\AppEvents]
???
[HKEY_CURRENT_USER\AppEvents\EventLabels]
???
[HKEY_CURRENT_USER\AppEvents\EventLabels\.Default]
???????????????????
"DispFileName"="@mmsys.cpl,-5824"
???
[HKEY_CURRENT_USER\AppEvents\EventLabels\ActivatingDocument]
??????????????????????????
"DispFileName"=hex(2):40,00,69,00,65,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
???????????????????????????????????????????????????????????????????


I've tried playing around with the Encode module and only succeeded in creating different types of garbage, and I've also tried playing with the Win32::Registry::File module only to discover that it can't figure these files out any more than I can. I have succeeded by opening the file in any editor and saving it in ANSI, after which everything works as expected, but I need some way of doing this automatically and can't seem to figure it out. Any help is greatly appreciated.


KevinR
Veteran


Oct 2, 2007, 10:49 PM

Post #2 of 3 (4824 views)
Re: [shinzo_abe] Problems reading Windows Registry dumps [In reply to] Can't Post

see if this helps:


Code
my $reg = "";  
open IN, "< $infile" || die "$0: $infile: $!";
open OUT, "> $outfile" || die "$0: $outfile: $!";
while(my $line = <IN>) {
chomp $line;
next if ($line =~ /^\s*$/);
$reg .= $line;
}
print OUT $reg;
close IN;
close OUT;

-------------------------------------------------


shinzo_abe
New User

Oct 3, 2007, 1:26 PM

Post #3 of 3 (4821 views)
Re: [KevinR] Problems reading Windows Registry dumps [In reply to] Can't Post

Thanks, but that only removes the nonsense at empty lines and compacts things a little.

Looking at the .reg file in binary reveals that it begins with \xFF\xFE and then proceeds from there with an alternating sequence of <character>\x00. Saving the file in ANSI removes the first word and all of the nulls, which is why things worked as expected that way. My solution, in case you're interested, ended up being this:


Code
my $reg = ""; 
open IN, "< $infile" || die "$0: $infile: $!";
open OUT, "> $outfile" || die "$0: $outfile: $!";
$/ = "";
for (1...2) {
if ((getc IN) !~ /\xFF|\xFE/) { $reg .= $_; }
}
$reg .= <IN>;
$reg =~ s/\x00//g;
# Processing stuff...
print OUT $reg;
close IN;
close OUT;


I only stuck the conditional inside the for loop to make sure that two useful characters aren't thrown out in the case of a different format.

Thanks again.

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives