使用python读取.reg文件
我有一组来自一些机器的.reg文件,我想用python解析它们 如果换行符以[开头,则为以下项目的路径 如果换行符以“a”开头,则从换行符开始到等号的项目是其上方路径的键 如果该行包含:且不是路径,则在=号之后、冒号之前的项被视为该类型 如果没有类型,则等号后面的项为值 如果类型包含十六进制,而不是后面的行,则需要将其添加到完整的键值中,而不使用反斜杠,因为数据帧中的一行基本上包含十六进制 数据集的外观如下所示,实际文件中有更多内容:使用python读取.reg文件,python,python-3.x,pandas,registry,Python,Python 3.x,Pandas,Registry,我有一组来自一些机器的.reg文件,我想用python解析它们 如果换行符以[开头,则为以下项目的路径 如果换行符以“a”开头,则从换行符开始到等号的项目是其上方路径的键 如果该行包含:且不是路径,则在=号之后、冒号之前的项被视为该类型 如果没有类型,则等号后面的项为值 如果类型包含十六进制,而不是后面的行,则需要将其添加到完整的键值中,而不使用反斜杠,因为数据帧中的一行基本上包含十六进制 数据集的外观如下所示,实际文件中有更多内容: [HKEY_CURRENT_USER\System\Game
[HKEY_CURRENT_USER\System\GameConfigStore\Children\f198275c-96a8-45b6-a936-a5218456ebe3]
"Type"=dword:00000001
"Revision"=dword:00000517
"Flags"=dword:00000033
"Parent"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,db,b0,ca,53,b8,b8,23,4c,80,98,d7,99,bf,60,50,ce,04,00,00,00,02,00,00,\
00,00,00,10,66,00,00,00,01,00,00,20,00,00,00,80,ea,2c,6e,63,eb,73,4a,72,b1,\
77,6d,b5,8d,22,fb,e0,3b,62,3a,e5,22,a8,41,43,e0,df,a3,14,a7,6a,93,00,00,00,\
00,0e,80,00,00,00,02,00,00,20,00,00,00,f0,cc,de,f3,db,dd,3f,e0,9d,f2,eb,c9,\
8c,f2,23,88,33,58,de,2a,9b,42,b3,1f,e0,0d,19,ea,00,df,2a,e4,20,00,00,00,5a,\
7c,32,2e,fc,1a,c3,c3,50,77,77,ae,56,f8,b0,b1,ef,13,8f,23,f0,89,50,7e,cd,12,\
6c,e1,b2,c4,c4,e6,40,00,00,00,b1,fe,1e,bb,ee,89,16,f2,8e,01,7d,92,ee,46,5e,\
7e,6e,16,4c,0b,90,8d,58,e3,94,35,c4,4a,8e,32,c8,2c,7b,0d,05,ed,5e,b4,fe,0a,\
90,47,6e,57,62,be,1e,1f,43,a2,55,a6,da,38,c1,7c,4d,1c,ec,9c,dc,67,65,fc
"GameDVR_GameGUID"="c2f1cd5f-ede9-4e9e-81b1-1c0d96cd1f38"
"TitleId"="1664882211"
[HKEY_CURRENT_USER\System\GameConfigStore\Parents]
[HKEY_CURRENT_CONFIG\Software\Fonts]
"LogPixels"=dword:00000060
"LogPixel2s"=dword:00000070
[HKEY_CURRENT_CONFIG\Software\S]
[HKEY_CURRENT_USER\System\GameConfigStore\Parents\1bc1327236aea4735af068c406dfd7d7b60f8d9c]
"Children"=hex(7):32,00,35,00,62,00,36,00,65,00,62,00,36,00,34,00,2d,00,65,00,\
30,00,65,00,32,00,2d,00,34,00,65,00,33,00,62,00,2d,00,38,00,32,00,64,00,36,\
00,2d,00,64,00,65,00,65,00,32,00,32,00,32,00,37,00,62,00,36,00,31,00,64,00,\
32,00,00,00
import re
import io
from configparser import ConfigParser
import pandas as pd
def read_reg(filename, encoding='utf-16'):
with io.open(filename, encoding=encoding) as f:
data = f.read()
# get rid of non-section strings in the beginning of .reg file
data = re.sub(r'^[^\[]*\n', '', data, flags=re.S)
cfg = ConfigParser(strict=False)
# dirty hack for "disabling" case-insensitive keys in "configparser"
cfg.optionxform=str
cfg.read_string(data)
data = []
# iterate over sections and keys and generate `data` for pandas.DataFrame
for s in cfg.sections():
if not cfg[s]:
data.append([s, None, None, None])
for key in cfg[s]:
tp = val = None
if cfg[s][key]:
# take care of value type
if ':' in cfg[s][key]:
tp, val = cfg[s][key].split(':')
else:
val = cfg[s][key].replace('"', '').replace(r'\\\n', '')
data.append([s, key.replace('"', ''), tp, val])
df = pd.DataFrame(data, columns=['Path','Key','Type','Value'])
# make `hex` values "one-line"
df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value'] = \
df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value'].str.replace(r'\\\n','')
return df
filename = '/path/to/regfile.reg'
# NOTE: you might have to specify the encoding: example: `encoding='utf-8-sig'`, default: 'utf-16' - default for Windows Registry files
df = read_reg(filename)
print(df.loc[df.Path.str.contains(r'Software\\(?:Fonts|S)')])
In [236]: print(df.loc[df.Path.str.contains(r'Software\\(?:Fonts|S)')])
Path Key Type Value
7 HKEY_CURRENT_CONFIG\Software\Fonts LogPixels dword 00000060
8 HKEY_CURRENT_CONFIG\Software\Fonts LogPixel2s dword 00000070
9 HKEY_CURRENT_CONFIG\Software\S None None None
In [45]: df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value']
Out[45]:
3 01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b0,ca,53,b8,b8,23,4c,80,98,d7,99,bf,60,50,ce,04,00,00,00,02
,00,00,00,00...
10 32,00,35,00,62,00,36,00,65,00,62,00,36,00,34,00,2d,00,65,00,30,00,65,00,32,00,2d,00,34,00,65,00,33,00,62,00,2d,00,38,00,32,00,64,00,36
,00,2d,00,64...
Name: Value, dtype: object
In [46]: df.loc[df.Type.notnull() & df.Type.str.contains(r'^hex'), 'Value'].str.len()
Out[46]:
3 737
10 221
Name: Value, dtype: int64
注意:我没有实现任何错误处理-这可能是生产代码所必需的。因此,您可能希望实现它…此解决方案在处理多个hklm文件时更加优雅和快速
newlist = []
for section in config.sections():
for (key, val) in config.items(section):
newlist.append([section, key, val])
df = pd.DataFrame(newlist)
Path Name Data
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "ActivationType" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "CLSID" "{12345665-3CFA-4322-F36F-9880D9BF5604}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "DllPath" "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2txyewy\\Analog.Environments...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "Threading" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "TrustLevel" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "ActivationType" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "CLSID" "{123456D5A-343D-89E2-4986-82B497E980F8}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "DllPath" "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2zzzzzz\\Analog.Environments...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "Threading" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "TrustLevel" dword:00000000
您的输入是
reg注册表创建csv
值。什么是更简单的解决方案?我的输入是许多reg文件,不幸的是,目前无法检查,但这是否考虑到十六进制类型,并将全套行放入一个值中?必须切换到rawconfigparser以允许出现一些问题,但总体效果与预期一致。非常感谢!
newlist = []
for section in config.sections():
for (key, val) in config.items(section):
newlist.append([section, key, val])
df = pd.DataFrame(newlist)
Path Name Data
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "ActivationType" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "CLSID" "{12345665-3CFA-4322-F36F-9880D9BF5604}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "DllPath" "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2txyewy\\Analog.Environments...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "Threading" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "TrustLevel" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "ActivationType" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "CLSID" "{123456D5A-343D-89E2-4986-82B497E980F8}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "DllPath" "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2zzzzzz\\Analog.Environments...
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "Threading" dword:00000000
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA... "TrustLevel" dword:00000000