1

我有如下文本的注册表数据:

/Classes/CLSID/AppID,SZ,{0010890e-8789-413c-adbc-48f5b511b3af},
/Classes/CLSID/InProcServer32,KEY,,2011-10-14 00:00:33
/Classes/CLSID/InProcServer32/,EXPAND_SZ,%SystemRoot%\x5Csystem32\x5CSHELL32.dll,
/Classes/CLSID/InProcServer32/ThreadingModel,SZ,Apartment,
/Classes/CLSID/,KEY,,2011-10-14 00:00:36
/Classes/CLSID/,SZ,,
/Classes/CLSID/InprocServer32,KEY,,2011-10-14 00:00:36
/Classes/CLSID/InprocServer32/,C:\x5CWINDOWS\x5Csystem32\x5Cmstime.dll,

然后我做 $registry = explode "\n" 并在下面创建数组列表:

var_dump($registry);

[1]=> string(121) "/Classes/CLSID/AppID,SZ,{0010890e-8789-413c-adbc-48f5b511b3af}," 
[2]=> string(139) "/Classes/CLSID/InProcServer32,KEY,,2011-10-14 00:00:33" 
[3]=> string(89) "/Classes/CLSID/InProcServer32/,EXPAND_SZ,%SystemRoot%\x5Csystem32\x5CSHELL32.dll," 
[4]=> string(103) "/Classes/CLSID/InProcServer32/ThreadingModel,SZ,Apartment," 
[5]=> string(103) "/Classes/CLSID/,KEY,,2011-10-14 00:00:36"
[6]=> string(121) "/Classes/CLSID/,SZ,," 
[7]=> string(139) "/Classes/CLSID/InprocServer32,KEY,,2011-10-14 00:00:36" 
[8]=> string(89) "/Classes/CLSID/InprocServer32/,C:\x5CWINDOWS\x5Csystem32\x5Cmstime.dll,"

我也有数组形式的关键字

var_dump($keywords);

[1]=> string(12) "Math.dll"
[2]=> string(12) "System.dll"
[3]=> string(12) "inetc.dll"
[4]=> string(12) "time.dll"

我想在 $registry 中显示包含 $keywords 中的字符串的行,所以我在下面创建了 1 个函数:

    function separate($line) {
      global $keywords;
      foreach ($keywords as $data_filter) {
          if (strpos($line, $data_filter) !== false) {
        return true;
          }
      }
      return false;
    }

$separate = array_filter($registry, 'separate');

因为在 $keywords 中包含“time.dll”,所以代码产生的结果如下:

var_dump($seperate);

[1]=> string(89) "/Classes/CLSID/InprocServer32/,C:\x5CWINDOWS\x5Csystem32\x5Cmstime.dll,"

就我而言,结果不正确,因为 mstime.dll != time.dll 并且信息不正确。

输出应该是空的。

假设我将“\x5C”替换为空格,有什么功能可以完成这项工作吗?先感谢您。

4

1 回答 1

2

preg_match

要使用 array_filter 方式,您必须执行以下操作:

function separate($line) {
    global $keywords;
    foreach ($keywords as $data_filter) {
        // '.' means any character in regex, while '\.' means literal period
        $data_filter = str_replace('.', '\.', $data_filter);
        if (preg_match("/\\x5C{$data_filter}/", $line)) {
            return true;
        }
    }
    return false;
}

这将返回 false

/Classes/CLSID/InprocServer32/,C:\x5CWINDOWS\x5Csystem32\x5Cmstime.dll,

但对于

/Classes/CLSID/InprocServer32/,C:\x5CWINDOWS\x5Csystem32\x5Ctime.dll,

如果您不熟悉正则表达式,它们非常棒且功能强大。您可以根据需要自定义我的以适应您的情况。

于 2012-04-20T17:12:21.963 回答