Sign in to follow this  
Followers 0
raptor25

Get total infected items from Malwarebytes log

13 posts in this topic

Hi. I am trying to use a malwarebytes logfile to add up all the infected items and get a total. It seems like they are always found on lines 16-22 in the log:

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Is there a function that will get the last number of each lines 16-22 so that they can be added up for a total?

Thanks

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

FIleReadLine followed by a StringRegExp should work for you :D

EDIT: Thanks kaotbliss for noticing the StringRight. StringRegExp is much better in this case however I don't think anyone would really have more than 99 of each Infected Processes/Keys/etc, then again...

Edited by rcmaehl

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

StringRight is a bad choice because the number can be any number of digits long

StringRegExp would be the better choice


010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

Here is a very basic example of what you want, there are many other ways to achieve the same result.

Look at examples of some other functions mentioned and adapt them.

#include <String.au3>                                     ; Include the String UDFs library
#include <Array.au3>                                       ; Include the Array UDFs library for visual purpose
$str = "Memory Processes Infected: 10" & @CRLF _           ; Create a string representation of your file
   & "Memory Modules Infected: 2" & @CRLF _
   & "Registry Keys Infected: 100" & @CRLF _
   & "Registry Values Infected: 6" & @CRLF _
   & "Registry Data Items Infected: 0" & @CRLF _
   & "Folders Infected: 5" & @CRLF _
   & "Files Infected: 2"
$astr = _StringBetween($str, ": ", @CRLF)                 ; Create an array of matches
_ArrayDisplay($astr)                                       ; Just to show what you are dealing with
Local $result = 0                                         ; Create a variable to hold the result
For $i = 0 To UBound($astr) -1                           ; Add array matches via a loop
$result += Int($astr[$i])
Next
MsgBox(0,0,$result)                                     ; Show result

AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

Okay. Well I have a log called mbam.txt in the script directory and have tried using stringregexp to get anything with a digit at the end of each line and return an array to just to learn how to use it but I get nothing on this.

$hFile = FileOpen(@ScriptDir & "\mbam.txt", 0)
 
While 1
    $line = FileReadLine($hFile)
    If @error = -1 Then ExitLoop
 
    $text = StringRegExp($line, "[:digit:]$", 3)
 
    For $i = 0 To UBound($text) - 1
         MsgBox(0, 'Info', $text[$i])
    Next
 
Wend
 
FileClose($hFile)

Any suggestions on what I am doing wrong on this?

Share this post


Link to post
Share on other sites

Try this

#include <String.au3>
$hFile = FileOpen(@ScriptDir & "\mbam.txt", 0)
$lines = ''
For $i = 16 to 22
    $lines &= FileReadLine($hFile,$i)
Wend

FileClose($hFile)
$astr = _StringBetween($lines, ": ", @CRLF)               ; Create an array of matches
Local $result = 0                                         ; Create a variable to hold the result
For $i = 0 To UBound($astr) -1                           ; Add array matches via a loop
$result += Int($astr[$i])
Next
MsgBox(0,0,$result)


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

Nope. I just get a 0 when I run that one even though there are numbers to add up in the log. (I had to change that Wend to Next for the for loop). Thanks for you help so far though.

Share this post


Link to post
Share on other sites

I wonder if the $lines &= FileReadLine($hFile,$i) isn't putting a @CRLF to find to parse it..?

Share this post


Link to post
Share on other sites

raptor25,

By using StringRegExp directly you avoid that problem: :rip:

#include <Array.au3>                                       ; Include the Array UDFs library for visual purpose
$str = "Memory Processes Infected: 10" & @CRLF _           ; Create a string representation of your file
         & "Memory Modules Infected: 2" & @CRLF _
         & "Registry Keys Infected: 100" & @CRLF _
         & "Registry Values Infected: 6" & @CRLF _
         & "Registry Data Items Infected: 0" & @CRLF _
         & "Folders Infected: 5" & @CRLF _
         & "Files Infected: 2"
$astr = StringRegExp($str, "\d+", 3)                        ; Create an array of matches
_ArrayDisplay($astr)
Local $result = 0                                           ; Create a variable to hold the result
For $i = 0 To UBound($astr) - 1                             ; Add array matches via a loop
    $result += Int($astr[$i])
Next
MsgBox(0, "Result", $result)                                ; Show result

Any better? :D

M23

P.S.

stringbetween would be a lot simpler than stringregexp

What do you think _StringBetween uses internally? :oops:

Take a look inside String.au3! :)


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Ahh. I've never used StringBetween before and I'm horrible with stringregexp, so my thinking is just entering the 2 characters that surround what you want is a lot easier than formulating an expression to grab the numbers after a :


010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

kaotkbliss,

I'm horrible with stringregex

My normal response to that is suggest ressions.info/tutorial.html'>this site - the best SRE tutorial I have come across. :D

Seriously, it is worth getting to grips with SREs - even to the basic level I have managed so far. They can prove extremely useful - and at times they are absolutely essential. :oops:

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0