Let's say I have big text file with results like this for each file I checked:
...
Results for: C:\test\test.dll
Dynamic Base : "Present"
ASLR : "Present"
High Entropy VA : "Present"
Force Integrity : "NotPresent"
Isolation : "Present"
NX : "Present"
SEH : "NotPresent"
CFG : "NotPresent"
RFG : "NotPresent"
SafeSEH : "NotPresent"
GS : "NotPresent"
Authenticode : "NotPresent"
.NET : "Present"
Results for: C:\test\test2.dll
Dynamic Base : "Present"
ASLR : "Present"
High Entropy VA : "Present"
Force Integrity : "NotPresent"
Isolation : "Present"
NX : "Present"
SEH : "NotPresent"
CFG : "NotPresent"
RFG : "NotPresent"
SafeSEH : "NotPresent"
GS : "NotPresent"
Authenticode : "NotPresent"
.NET : "Present"
...
My script checks each line and search a specific file name, in this case lets say test2.dll
Foreach($line in Get-Content results.txt) {
if($line -like '*test2.dll*') {
}
}
How to get results 6 rows below Results for: C:\test\test2.dll, for example from NX line
Thank you
CodePudding user response:
Use Array.IndexOf to get the element index for the specific line, then decrease the number by 6:
$results = Get-Content results.txt
Foreach($line in $results) {
if($line -like '*test2.dll*') {
## Get the data of 6 rows before
$results[$results.IndexOf($line)-6]
}
}
CodePudding user response:
Here is a (slightly convoluted) way to convert your file to some objects:
Select-String -Path <path-to-data-file> -Pattern 'Results for: (.*)' -Context 0,13 |
ForEach-Object {$files = @()}{
$file = [PsCustomObject]@{
Name = $_.Matches.Groups[1].Value
}
$_.Context.PostContext |
ForEach-Object {
$propertyParts = $_.Split(':').Trim() -replace '"', ''
$file | Add-Member -MemberType 'NoteProperty' -Name $propertyParts[0] -Value $propertyParts[1]
}
$files = $file
}
You can then manipulate the collection using standard PowerShell techniques. For example, you can get the 'NX' value for 'test2.dll' by doing this:
($files | Where-Object Name -like '*test2.dll').NX