2017-02-04 173 views
1

我有一些.reg文件來自我想用python熊貓解析的幾臺機器。使用python熊貓讀取.reg文件

如果換行開頭[它是,如果換行開始爲下面的項目

路徑以」新生產線,以等號是開始時的產品與通路的關鍵是是它

以上如果該行包含一個:且不是路徑,=符號後的項目和冒號之前被認爲是類型

如果沒有類型,比後的項等號是值

if該類型包含十六進制,而不是在需要將其添加到完整鍵值之後的行中,而沒有在數據框中的一行上基本上具有十六進制的反斜槓。

數據集如下所示,在實際的文件更:

[HKEY_CURRENT_USER\System\GameConfigStore\Children\f198275c-96a8-45b6-a936-a5218456ebe3] 
"Type"=dword:00000001 
"Revision"=dword:00000517 
"Flags"=dword:00000033 
"Parent"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 
    00,00,db,b0,ca,53,b8,b8,23,4c,80,98,d7,99,bf,60,50,ce,04,00,00,00,02,00,00,\ 
    00,00,00,10,66,00,00,00,01,00,00,20,00,00,00,80,ea,2c,6e,63,eb,73,4a,72,b1,\ 
    77,6d,b5,8d,22,fb,e0,3b,62,3a,e5,22,a8,41,43,e0,df,a3,14,a7,6a,93,00,00,00,\ 
    00,0e,80,00,00,00,02,00,00,20,00,00,00,f0,cc,de,f3,db,dd,3f,e0,9d,f2,eb,c9,\ 
    8c,f2,23,88,33,58,de,2a,9b,42,b3,1f,e0,0d,19,ea,00,df,2a,e4,20,00,00,00,5a,\ 
    7c,32,2e,fc,1a,c3,c3,50,77,77,ae,56,f8,b0,b1,ef,13,8f,23,f0,89,50,7e,cd,12,\ 
    6c,e1,b2,c4,c4,e6,40,00,00,00,b1,fe,1e,bb,ee,89,16,f2,8e,01,7d,92,ee,46,5e,\ 
    7e,6e,16,4c,0b,90,8d,58,e3,94,35,c4,4a,8e,32,c8,2c,7b,0d,05,ed,5e,b4,fe,0a,\ 
    90,47,6e,57,62,be,1e,1f,43,a2,55,a6,da,38,c1,7c,4d,1c,ec,9c,dc,67,65,fc 
"GameDVR_GameGUID"="c2f1cd5f-ede9-4e9e-81b1-1c0d96cd1f38" 
"TitleId"="1664882211" 

[HKEY_CURRENT_USER\System\GameConfigStore\Parents] 

[HKEY_CURRENT_CONFIG\Software\Fonts] 
"LogPixels"=dword:00000060 
"LogPixel2s"=dword:00000070 

[HKEY_CURRENT_CONFIG\Software\S] 

[HKEY_CURRENT_USER\System\GameConfigStore\Parents\1bc1327236aea4735af068c406dfd7d7b60f8d9c] 
"Children"=hex(7):32,00,35,00,62,00,36,00,65,00,62,00,36,00,34,00,2d,00,65,00,\ 
    30,00,65,00,32,00,2d,00,34,00,65,00,33,00,62,00,2d,00,38,00,32,00,64,00,36,\ 
    00,2d,00,64,00,65,00,65,00,32,00,32,00,32,00,37,00,62,00,36,00,31,00,64,00,\ 
    32,00,00,00 

我怎樣才能得到數據幀閱讀,如果有空白與所有的路徑,鑰匙,類型和值隱含加入NONE如下?實施例(不包括數據集由於尺寸)如下:

Path         Key    Type  Value 
[HKEY_CURRENT_CONFIG\Software\Fonts] LogPixels   dword  00000060 
[HKEY_CURRENT_CONFIG\Software\Fonts] LogPixel2s   dword  00000070 
[HKEY_CURRENT_CONFIG\Software\S]  None    None  None 
+0

您的輸入是'reg'文件或者可能在pc中運行一些powershell腳本以從'registry'值創建'csv'值什麼是更簡單的解決方案? – jezrael

+0

不幸的是,我的輸入是很多reg文件 – johnnyb

回答

0

這個解決方案最終更加優雅和快速處理多個hklm文件。

newlist = [] 
for section in config.sections(): 
    for (key, val) in config.items(section): 
     newlist.append([section, key, val]) 

df = pd.DataFrame(newlist) 




      Path     Name                    Data 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...  "ActivationType"                 dword:00000000 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...     "CLSID"           "{12345665-3CFA-4322-F36F-9880D9BF5604}" 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...    "DllPath" "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2txyewy\\Analog.Environments... 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...    "Threading"                 dword:00000000 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...   "TrustLevel"                 dword:00000000 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...  "ActivationType"                 dword:00000000 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...     "CLSID"           "{123456D5A-343D-89E2-4986-82B497E980F8}" 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...    "DllPath" "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2zzzzzz\\Analog.Environments... 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...    "Threading"                 dword:00000000 
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...   "TrustLevel"                 dword:00000000 
1

嘗試這種情況:

import re 
import io 
from configparser import ConfigParser 
import pandas as pd 


def read_reg(filename, encoding='utf-16'): 
    with io.open(filename, encoding=encoding) as f: 
     data = f.read() 
    # get rid of non-section strings in the beginning of .reg file 
    data = re.sub(r'^[^\[]*\n', '', data, flags=re.S) 
    cfg = ConfigParser(strict=False) 
    # dirty hack for "disabling" case-insensitive keys in "configparser" 
    cfg.optionxform=str 
    cfg.read_string(data) 
    data = [] 
    # iterate over sections and keys and generate `data` for pandas.DataFrame 
    for s in cfg.sections(): 
     if not cfg[s]: 
      data.append([s, None, None, None]) 
     for key in cfg[s]: 
      tp = val = None 
      if cfg[s][key]: 
       # take care of value type 
       if ':' in cfg[s][key]: 
        tp, val = cfg[s][key].split(':') 
       else: 
        val = cfg[s][key].replace('"', '').replace(r'\\\n', '') 
      data.append([s, key.replace('"', ''), tp, val]) 
    df = pd.DataFrame(data, columns=['Path','Key','Type','Value']) 
    # make `hex` values "one-line" 
    df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value'] = \ 
     df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value'].str.replace(r'\\\n','') 
    return df 

filename = '/path/to/regfile.reg'  
# NOTE: you might have to specify the encoding: example: `encoding='utf-8-sig'`, default: 'utf-16' - default for Windows Registry files 
df = read_reg(filename) 
print(df.loc[df.Path.str.contains(r'Software\\(?:Fonts|S)')]) 

結果:

In [236]: print(df.loc[df.Path.str.contains(r'Software\\(?:Fonts|S)')]) 
           Path   Key Type  Value 
7 HKEY_CURRENT_CONFIG\Software\Fonts LogPixels dword 00000060 
8 HKEY_CURRENT_CONFIG\Software\Fonts LogPixel2s dword 00000070 
9  HKEY_CURRENT_CONFIG\Software\S  None None  None 

十六進制值:

In [45]: df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value'] 
Out[45]: 
3  01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b0,ca,53,b8,b8,23,4c,80,98,d7,99,bf,60,50,ce,04,00,00,00,02 
,00,00,00,00... 
10 32,00,35,00,62,00,36,00,65,00,62,00,36,00,34,00,2d,00,65,00,30,00,65,00,32,00,2d,00,34,00,65,00,33,00,62,00,2d,00,38,00,32,00,64,00,36 
,00,2d,00,64... 
Name: Value, dtype: object 

In [46]: df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value'].str.len() 
Out[46]: 
3  737 
10 221 
Name: Value, dtype: int64 

注:我沒有實現任何錯誤處理 - 這生產代碼可能是必需的。所以你可能想要實現它...

+0

目前無法檢查,但是是否對十六進制類型進行了計算並將全套行設置爲單個值? – johnnyb

+1

@johnnyb,是的,查看更新的答案 – MaxU

+0

必須切換到rawconfigparser以允許某些問題,但總體上按預期工作。非常感謝! – johnnyb