My objective is to look for Company key-value in the registry hive and then pull the corresponding Guid and other keys and values following it. So I figured i would run the regedit export command and then parse the file with php for the keys I need.
So after running the dos batch command
>regedit /E "output.txt" "HKLM\System....\Company1"
The output textfile seems to be in some kind of UNICODE format which isn't regex friendly. I'm using php to parse the file and pull the keys.
Here is the php code i'm using to parse the file
<?php
$regfile = "output.txt";
$handle = fopen ("c:\\\\" . $regfile,"r");
//echo "handle: " . $file . "<br>";
$row = 1;
while ((($data = fgets($handle, 1024)) !== FALSE) ) {
$num = count($data);
echo "$num fields in line $row: \n";
$reg_section = $data;
//$reg_section = "[HKEY_LOCAL_MACHINE\SOFTWARE\TECHNOLOGIES\MEDIUS\CONFIG MANAGER\SYSTEM\COMPANIES\RECORD11]";
$pattern = "/^(\[HKEY_LOCAL_MACHINE\\\SOFTWARE\\\TECHNOLOGIES\\\MEDIUS\\\CONFIG MANAGER\\\SYSTEM\\\COMPANIES\\\RECORD(\d+)\])$/";
if ( preg_match($pattern, $reg_section )) {
echo "<font color=red>Found</font><br>";
} else {
echo "not found<br>";
echo $data . "<br>";
}
$row++;
} //end while
fclose($handle);
?>
and the output looks like this....
1 fields in line 1: not found ÿþW�i�n�d�o�w�s� �R�e�g�i�s�t�r�y� �E�d�i�t�o�r� �V�e�r�s�i�o�n� �5�.�0�0� � 1 fields in line 2: not found
1 fields in line 3: not found [�H�K�E�Y��L�O�C�A�L��M�A�C�H�I�N�E�\�S�O�F�T�W�A�R�E�\�I�N�T�E�R�S�T�A�R� �T�E�C�H�N�O�L�O�G�I�E�S�\�X�M�E�D�I�U�S�\�C�O�N�F�I�G� �M�A�N�A�G�E�R�\�S�Y�S�T�E�M�\�C�O�M�P�A�N�I�E�S�]� � 1 fields in line 4: not found "�N�e�x�t� �R�e�c�o�r�d� �I�D�"�=�"�4�1�"� � 1 fields in line 5: not found
Any ideas how to approach this?
thanks in advance