npcap diag generator regex doesn't handle continuation lines properly

[jay]

I used npcap to generate a diag file and it was full of lines that were whited out at the beginning, for example:

HKLM:\SYSTEM\CurrentControlSet\Services\npcap:


                   M\CurrentControlSet\Services\npcap
                   M\CurrentControlSet\Services
Type             : 1
Start            : 1
ErrorControl     : 1
Tag              : 92
ImagePath        : system32\DRIVERS\npcap.sys
DisplayName      : Npcap Packet Driver (NPCAP)
Group            : NDIS
Description      : Npcap Packet Driver (NPCAP)
NdisMajorVersion : 6
NdisMinorVersion : 1

                   M\CurrentControlSet\Services\npcap
                   M\CurrentControlSet\Services

they're continuation lines the start line filtered by ? { $_ -NOTMATCH '^ps.+' }:

PSPath           : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTE
                   M\CurrentControlSet\Services\npcap
PSParentPath     : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTE
                   M\CurrentControlSet\Services

that's because out-string is using terminal width (I think). there's no unwrap option but you can specify width Int32 max like object | out-string -stream -Width 2147483647 | regex

write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap:")
(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap | out-string -stream -Width 2147483647 | ? { $_ -NOTMATCH '^ps.+' })

Windows 7 x64 Ultimate, Wireshark 3.0.5, npcap .09983

[dmiller-nmap]

Thanks for the solution! I had noticed these lines but didn't think it necessary to pursue where they were coming from. This will make the report files much cleaner.