/usr/share/doc/libparse-win32registry-perl/examples/regfind.pl is in libparse-win32registry-perl 1.0-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 | #!/usr/bin/perl
eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
if 0; # not running under some shell
use strict;
use warnings;
use Encode;
use File::Basename;
use Getopt::Long;
use Parse::Win32Registry qw(:REG_ hexdump);
binmode(STDOUT, ':utf8');
Getopt::Long::Configure('bundling');
GetOptions('key|k' => \my $search_keys,
'value|v' => \my $search_values,
'data|d' => \my $search_data,
'type|t' => \my $search_type,
'hexdump|x' => \my $show_hexdump);
my $filename = shift or die usage();
my $regexp = shift or die usage();
if (!$search_keys && !$search_values && !$search_data && !$search_type) {
warn usage();
die "\nYou need to specify at least one of -k, -v, -d, or -t\n";
}
my $registry = Parse::Win32Registry->new($filename)
or die "'$filename' is not a registry file\n";
my $root_key = $registry->get_root_key
or die "Could not get root key of '$filename'\n";
traverse($root_key);
sub traverse {
my $key = shift;
my $matching_key = "";
my %matching_values = ();
if ($search_keys && $key->get_name =~ /$regexp/oi) {
$matching_key = $key;
}
if ($search_values || $search_data || $search_type) {
foreach my $value ($key->get_list_of_values) {
if ($search_type && $value->get_type_as_string =~ /$regexp/oi) {
$matching_key = $key;
$matching_values{$value->get_name} = $value;
}
if ($search_values && $value->get_name =~ /$regexp/oi) {
$matching_key = $key;
$matching_values{$value->get_name} = $value;
}
if ($search_data && defined($value->get_data)) {
if ($value->get_type_as_string =~ /SZ$/) {
{
no warnings; # hide malformed UTF-8 warnings
if ($value->get_data =~ /$regexp/oi) {
$matching_key = $key;
$matching_values{$value->get_name} = $value;
}
}
}
elsif ($value->get_type == REG_DWORD) {
if ($value->get_data_as_string =~ /$regexp/oi) {
$matching_key = $key;
$matching_values{$value->get_name} = $value;
}
}
else {
if ($value->get_data =~ /$regexp/o) {
$matching_key = $key;
$matching_values{$value->get_name} = $value;
}
no warnings; # hide malformed UTF-8 warnings
if (decode("UCS-2LE", $value->get_raw_data) =~ /$regexp/oi) {
$matching_key = $key;
$matching_values{$value->get_name} = $value;
}
}
}
}
}
if ($matching_key) {
print $matching_key->get_path, "\n";
foreach my $name (keys %matching_values) {
my $value = $matching_values{$name};
if (!$show_hexdump) {
print $value->as_string, "\n";
}
else {
my $value_name = $value->get_name;
$value_name = "(Default)" if $value_name eq "";
my $value_type = $value->get_type_as_string;
print "$value_name ($value_type):\n";
print hexdump($value->get_raw_data);
}
}
print "\n" if $search_values || $search_type || $search_data;
}
foreach my $subkey ($key->get_list_of_subkeys) {
traverse($subkey);
}
}
sub usage {
my $script_name = basename $0;
return <<USAGE;
$script_name for Parse::Win32Registry $Parse::Win32Registry::VERSION
Searches a registry file for anything that matches the specified string.
$script_name <filename> <search-string> [-k] [-v] [-d] [-t] [-x]
-k or --key search key names for a match
-v or --value search value names for a match
-d or --data search value data for a match
-t or --type search value types for a match
-x or --hexdump display value data as a hex dump
USAGE
}
|