Search code examples
pythonpython-3.xpandasregistry

Reading .reg files with python pandas

I have a set of .reg files from a few machines that I would like to parse with python pandas.

if newline starts with [ it is the path for the below items

if the newline starts with a ", the item from the start of the new line to the equals sign is is the key with the path that is above it

If the line contains a : and is not a path, the item after the = sign and preceding the colon is considered the type.

if the there is no type, than the item after the equals sign is the value

if the type contains hex at all than the lines following it need to be added to the full key valuewithout the backslashes basically having the hex all on one line in the dataframe.

Dataset looks as follows with much more in the actual files:

[HKEY_CURRENT_USER\System\GameConfigStore\Children\f198275c-96a8-45b6-a936-a5218456ebe3]
"Type"=dword:00000001
"Revision"=dword:00000517
"Flags"=dword:00000033
"Parent"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
  00,00,db,b0,ca,53,b8,b8,23,4c,80,98,d7,99,bf,60,50,ce,04,00,00,00,02,00,00,\
  00,00,00,10,66,00,00,00,01,00,00,20,00,00,00,80,ea,2c,6e,63,eb,73,4a,72,b1,\
  77,6d,b5,8d,22,fb,e0,3b,62,3a,e5,22,a8,41,43,e0,df,a3,14,a7,6a,93,00,00,00,\
  00,0e,80,00,00,00,02,00,00,20,00,00,00,f0,cc,de,f3,db,dd,3f,e0,9d,f2,eb,c9,\
  8c,f2,23,88,33,58,de,2a,9b,42,b3,1f,e0,0d,19,ea,00,df,2a,e4,20,00,00,00,5a,\
  7c,32,2e,fc,1a,c3,c3,50,77,77,ae,56,f8,b0,b1,ef,13,8f,23,f0,89,50,7e,cd,12,\
  6c,e1,b2,c4,c4,e6,40,00,00,00,b1,fe,1e,bb,ee,89,16,f2,8e,01,7d,92,ee,46,5e,\
  7e,6e,16,4c,0b,90,8d,58,e3,94,35,c4,4a,8e,32,c8,2c,7b,0d,05,ed,5e,b4,fe,0a,\
  90,47,6e,57,62,be,1e,1f,43,a2,55,a6,da,38,c1,7c,4d,1c,ec,9c,dc,67,65,fc
"GameDVR_GameGUID"="c2f1cd5f-ede9-4e9e-81b1-1c0d96cd1f38"
"TitleId"="1664882211"

[HKEY_CURRENT_USER\System\GameConfigStore\Parents]

[HKEY_CURRENT_CONFIG\Software\Fonts]
"LogPixels"=dword:00000060
"LogPixel2s"=dword:00000070

[HKEY_CURRENT_CONFIG\Software\S] 

[HKEY_CURRENT_USER\System\GameConfigStore\Parents\1bc1327236aea4735af068c406dfd7d7b60f8d9c]
"Children"=hex(7):32,00,35,00,62,00,36,00,65,00,62,00,36,00,34,00,2d,00,65,00,\
  30,00,65,00,32,00,2d,00,34,00,65,00,33,00,62,00,2d,00,38,00,32,00,64,00,36,\
  00,2d,00,64,00,65,00,65,00,32,00,32,00,32,00,37,00,62,00,36,00,31,00,64,00,\
  32,00,00,00

How can I get the dataframe to read as follows with all paths, keys, types, and values implicitly adding NONE if there are blanks? Example (not inclusive of the dataset due to sizes) below:

Path                                 Key                Type       Value
[HKEY_CURRENT_CONFIG\Software\Fonts] LogPixels          dword      00000060
[HKEY_CURRENT_CONFIG\Software\Fonts] LogPixel2s         dword      00000070
[HKEY_CURRENT_CONFIG\Software\S]     None               None       None
Solution

  • This solution ended up being much more elegant and faster processesing over multiple hklm files. 

    newlist = []
for section in config.sections():
    for (key, val) in config.items(section):
        newlist.append([section, key, val])

df = pd.DataFrame(newlist)




             Path                    Name                                                                             Data
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...        "ActivationType"                                                                   dword:00000000
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...                 "CLSID"                                         "{12345665-3CFA-4322-F36F-9880D9BF5604}"
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...               "DllPath"  "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2txyewy\\Analog.Environments...
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...             "Threading"                                                                   dword:00000000
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...            "TrustLevel"                                                                   dword:00000000
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...        "ActivationType"                                                                   dword:00000000
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...                 "CLSID"                                         "{123456D5A-343D-89E2-4986-82B497E980F8}"
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...               "DllPath"  "C:\\Windows\\SystemApps\\EnvironmentsApp_cw5n1h2zzzzzz\\Analog.Environments...
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...             "Threading"                                                                   dword:00000000
   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActivatableClasses\Package\EnvironmentsA...            "TrustLevel"                                                                   dword:00000000