Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npcap diag generator regex doesn't handle continuation lines properly #337

Closed
jay opened this issue Sep 25, 2019 · 1 comment
Closed

npcap diag generator regex doesn't handle continuation lines properly #337

jay opened this issue Sep 25, 2019 · 1 comment

Comments

@jay
Copy link

@jay jay commented Sep 25, 2019

I used npcap to generate a diag file and it was full of lines that were whited out at the beginning, for example:

HKLM:\SYSTEM\CurrentControlSet\Services\npcap:


                   M\CurrentControlSet\Services\npcap
                   M\CurrentControlSet\Services
Type             : 1
Start            : 1
ErrorControl     : 1
Tag              : 92
ImagePath        : system32\DRIVERS\npcap.sys
DisplayName      : Npcap Packet Driver (NPCAP)
Group            : NDIS
Description      : Npcap Packet Driver (NPCAP)
NdisMajorVersion : 6
NdisMinorVersion : 1

                   M\CurrentControlSet\Services\npcap
                   M\CurrentControlSet\Services

they're continuation lines the start line filtered by ? { $_ -NOTMATCH '^ps.+' }:

PSPath           : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTE
                   M\CurrentControlSet\Services\npcap
PSParentPath     : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTE
                   M\CurrentControlSet\Services

that's because out-string is using terminal width (I think). there's no unwrap option but you can specify width Int32 max like object | out-string -stream -Width 2147483647 | regex

write_report ("HKLM:\SYSTEM\CurrentControlSet\Services\npcap:")
(Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\npcap | out-string -stream -Width 2147483647 | ? { $_ -NOTMATCH '^ps.+' })

Windows 7 x64 Ultimate, Wireshark 3.0.5, npcap .09983

@dmiller-nmap
Copy link
Contributor

@dmiller-nmap dmiller-nmap commented Sep 30, 2019

Thanks for the solution! I had noticed these lines but didn't think it necessary to pursue where they were coming from. This will make the report files much cleaner.

@fyodor fyodor transferred this issue from nmap/nmap May 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants