标题: [文本处理] [已解决]批处理怎样获取从含特定字符串的行到另一个含特定字符串的行之间的内容? [打印本页]
作者: batpro 时间: 2011-6-15 16:15 标题: [已解决]批处理怎样获取从含特定字符串的行到另一个含特定字符串的行之间的内容?
本帖最后由 pcl_test 于 2016-7-13 00:28 编辑
1.txt中- 2011-06-15,15:22:33
- System Repair Engineer 2.8.4.1331
- Smallfrogs (http://www.KZTechs.com)
- Windows 7 Ultimate Edition (Build 7600) - 管理权限用户 - 完整功能
- 以下内容被选中:
- 所有的启动项目(包括注册表、启动文件夹、服务等)
- 浏览器加载项
- 正在运行的进程(包括进程模块信息)
- 文件关联
- Winsock 提供者
- Autorun.inf
- HOSTS 文件
- 进程特权扫描
- 计划任务
- Windows 安全更新检查
- API HOOK
- 隐藏进程
-
- 启动项目
- 注册表
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- <Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows]
- <Beike Antiarp><"C:\Program Files\Beike\Antiarp\beikearpmain.exe" -startup> [(Verified)Beike Internet Security Technology Co.,Ltd]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
- <Apoint><C:\Program Files\DellTPad\Apoint.exe> [(Verified)Alps Electric Co., LTD.]
- <StartCCC><"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun> [File is missing]
- <wdcertm_ccb><C:\Windows\system32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe> [ Beijing WatchData System Co., Ltd.]
- <USBKeyTools.exe><C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe> [北京华大智宝电子系统有限公司]
- <CCBCertificate><C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe> []
- <avast><"C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui> [(Verified)AVAST Software]
- <Beike Antiarp><"C:\Program Files\Beike\Antiarp\beikearpmain.exe" -startup> [(Verified)Beike Internet Security Technology Co.,Ltd]
- <360Safetray><"C:\Program Files\360\360safe\safemon\360Tray.exe" /start> [(Verified)360.cn]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
- <shell><Explorer.exe> [(Verified)Microsoft Windows]
- <Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
- <AppInit_DLLs><> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
- <WebCheck><> [N/A]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
- <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
- <Internet Explorer><C:\Windows\System32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
- <Browser Customizations><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
- <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
- <Microsoft Windows><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
- <Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
- <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
- <Web Platform Customizations><C:\Windows\System32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
- <N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
- [HKEY_CURRENT_USER\Control Panel\Desktop]
- <SCRNSAVE.EXE><C:\Windows\system32\Bubbles.scr> [(Verified)Microsoft Windows]
- ==================================
- 启动文件夹
- N/A
- ==================================
- 服务
- [AMD External Events Utility / AMD External Events Utility][Running/Auto Start]
- <C:\Windows\system32\atiesrxx.exe><AMD>
- [Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start]
- <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
- [avast! Antivirus / avast! Antivirus][Running/Auto Start]
- <"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"><AVAST Software>
- ==================================
- 浏览器加载项
- [迅雷FLV视频嗅探及下载支持]
- {0EA37B17-6B8B-4085-8257-F3A4AA69C27A} <d:\Program Files\Thunder Network\Thunder\BHO\XlBrowserAddin1.0.1.29.dll, (Signed) 深圳市迅雷网络技术有限公司>
- [迅雷下载支持]
- {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\BHO\XunleiBHO7.1.8.2302.dll, (Signed) 深圳市迅雷网络技术有限公司>
- [avast! WebRep]
- {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} <C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll, (Signed) >
- ==================================
- 正在运行的进程
- [PID: 332 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
- [PID: 468 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
- [PID: 536 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
-
-
- ==================================
- 文件关联
- .TXT Error. [C:\Windows\notepad.exe %1]
- .EXE OK. ["%1" %*]
- .COM OK. ["%1" %*]
- .PIF OK. ["%1" %*]
- .REG OK. [regedit.exe "%1"]
- .BAT OK. ["%1" %*]
- .SCR OK. ["%1" /S]
- .CHM OK. ["%SystemRoot%\hh.exe" %1]
- .HLP Error. []
- .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
- .VBS Error. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
- .LNK OK. [{00021401-0000-0000-C000-000000000046}]
- ==================================
- Winsock 提供者
- N/A
- ==================================
- Autorun.inf
- [C:\]
- [AutoRun]
- ICON = c.ico
- [D:\]
- [AutoRun]
- ICON = d.ico
- [E:\]
- [AutoRun]
- ICON = e.ico
- [F:\]
- [AutoRun]
- ICON = f.ico
- ==================================
- HOSTS
- N/A
- ==================================
- 进程特权扫描
- 特殊特权被允许: SeDebugPrivilege [PID = 2892, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
- 特殊特权被允许: SeDebugPrivilege [PID = 3956, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]
- ==================================
- 计划任务
- N/A
- ==================================
- Windows 安全更新检查
- N/A
- ==================================
- API HOOK
- 入口点错误:SetWindowsHookExA (危险等级: 高, 被下面模块所HOOK: 0x001F00AD)
- 入口点错误:SetWindowsHookExW (危险等级: 高, 被下面模块所HOOK: 0x001F00E9)
- 入口点错误:UnhookWindowsHookEx (危险等级: 高, 被下面模块所HOOK: 0x001F0125)
- ==================================
- 隐藏进程
- N/A
- ==================================
复制代码
实际上是SREnglog.log中的文本处理:希望能够知输出autorun.inf 部分的内容,
谢谢
能不能截取中间一部分到2.txt- Autorun.inf
- [C:\]
- [AutoRun]
- ICON = c.ico
- [D:\]
- [AutoRun]
- ICON = d.ico
- [E:\]
- [AutoRun]
- ICON = e.ico
- [F:\]
- [AutoRun]
- ICON = f.ico
复制代码
作者: pdp320921 时间: 2011-6-15 16:27
1# batpro
用echo 内容>>2.txt
?
作者: liion631818 时间: 2011-6-15 16:59
- @echo off
- set output=false
- setlocal enabledelayedexpansion
- for /f "delims=" %%i in (file) do (
- set "line=%%i"
- if "!line:~0,5!"=="HOSTS" goto end
- if "!output!"=="true" echo !line!
- if "!line!"=="Autorun.inf" (
- set "output=true"
- )
- )
- :end
- pause
复制代码
作者: CrLf 时间: 2011-6-15 18:20
看得似懂非懂,能否请楼主给出2.txt的内容示例呢?
作者: batpro 时间: 2011-6-15 20:47
3# liion631818
能不能提供完整的代码
可能是我没有表达清楚意思
作者: batpro 时间: 2011-6-15 20:57
4# zm900612
版主来看一下 谢谢帮忙
作者: yangfengoo 时间: 2011-6-15 21:20
- @echo off&setlocal enabledelayedexpansion
- set n2===================================
- for /f "tokens=1 delims=:" %%a in ('findstr /b /n "Autorun.inf" 1.txt') do set/a n1=%%a-1
- >2.txt (for /f "tokens=*" %%a in ('more +!n1! 1.txt') do if not %%a==!n2! (echo.%%a) else (exit))
复制代码
作者: batpro 时间: 2011-6-15 21:29
7# yangfengoo
崇拜你 一定要好好学习
作者: Batcher 时间: 2011-6-15 21:37
- sed "/^Autorun.inf/,/==================================/!d;/==================================/d" a.txt | more >b.txt
复制代码
http://bbs.bathome.net/thread-1114-1-1.html
作者: CrLf 时间: 2011-6-15 21:59
本帖最后由 zm900612 于 2011-6-15 23:04 编辑
汗,刚才调试这段利用set /p特性实现判断内容是否为等号开头的的代码去了,出现一些问题,纳闷了半天- @echo off
- for /f "delims=" %%a in (a.txt) do (
- if not defined out (
- for /f %%b in ("@%%a") do if "%%b"=="@Autorun.inf" set out=1
- ) else (
- set<nul>nul /p=%%a
- )||set out=
- if defined out echo;%%a
- )
- pause
复制代码
原先百思不得其解为何此处的set /p的errorlevel始终为1,后来发现是set /p命令的共同特征,后来只好用老老实实的办法了:- @echo off
- (for /f "delims=" %%a in (a.txt) do (
- if not defined out (
- for /f %%b in ("@%%a") do if "%%b"=="@Autorun.inf" set out=1
- ) else (
- if "%%a"=="==================================" set out=
- )
- if defined out echo;%%a
- ))>b.txt
- pause
复制代码
作者: batpro 时间: 2011-6-15 22:49
- @echo off&setlocal enabledelayedexpansion
- set n2===================================
- for /f "tokens=1 delims=:" %%a in ('findstr /b /n "Autorun.inf" 1.txt') do set/a n1=%%a-1
- >2.txt (for /f "tokens=*" %%a in ('more +!n1! 1.txt') do if not %%a==!n2! (echo.%%a) else (exit))
复制代码
最后的括号里的exit能不能去掉,因为有exit,我的批处理不能继续执行其他命令了
作者: yangfengoo 时间: 2011-6-15 23:21
- @echo off&setlocal enabledelayedexpansion
- set n2===================================
- for /f "tokens=1 delims=:" %%a in ('findstr /b /n "Autorun.inf" 1.txt') do set/a n1=%%a-1
- >2.txt (for /f "tokens=*" %%a in ('more +!n1! 1.txt') do if not %%a==!n2! (echo.%%a) else (goto xx))
- :xx
- echo xxxx
- pause
复制代码
作者: batpro 时间: 2011-6-15 23:49
12# yangfengoo
哈哈,这个我也想出来了。还是要谢谢你啊。
有空来看下我的作品(也有你的功劳哦)
http://bbs.kafan.cn/forum.php?mo ... ;extra=#pid19392539
欢迎光临 批处理之家 (http://bbs.bathome.net/) |
Powered by Discuz! 7.2 |