Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npcap diag generator regex doesn't handle continuation lines properly #337

Closed
jay opened this issue Sep 25, 2019 · 1 comment
Closed

npcap diag generator regex doesn't handle continuation lines properly #337

jay opened this issue Sep 25, 2019 · 1 comment

Comments

@jay
Copy link

jay commented Sep 25, 2019

I used npcap to generate a diag file and it was full of lines that were whited out at the beginning, for example:

HKLM:\SYSTEM\CurrentControlSet\Services\npcap:


                   M\CurrentControlSet\Services\npcap
                   M\CurrentControlSet\Services
Type             : 1
Start            : 1
ErrorControl     : 1
Tag              : 92
ImagePath        : system32\DRIVERS\npcap.sys
DisplayName      : Npcap Packet Driver (NPCAP)
Group            : NDIS
Description      : Npcap Packet Driver (NPCAP)
NdisMajorVersion : 6
NdisMinorVersion : 1


                   M\CurrentControlSet\Services\npcap
                   M\CurrentControlSet\Services

they're continuation lines the start line filtered by ? { $_ -NOTMATCH '^ps.+' }:

PSPath           : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTE
                   M\CurrentControlSet\Services\npcap
PSParentPath     : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTE
                   M\CurrentControlSet\Services

that's because out-string is using terminal width (I think). there's no unwrap option but you can specify width Int32 max like object | out-string -stream -Width 2147483647 | regex

write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap:")
(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap | out-string -stream -Width 2147483647 | ? { $_ -NOTMATCH '^ps.+' })

Windows 7 x64 Ultimate, Wireshark 3.0.5, npcap .09983
@dmiller-nmap
Copy link
Contributor

Thanks for the solution! I had noticed these lines but didn't think it necessary to pursue where they were coming from. This will make the report files much cleaner.

@fyodor fyodor transferred this issue from nmap/nmap May 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jay @dmiller-nmap