From e3d7730162cec25fc4e787bf1109d765cbc04212 Mon Sep 17 00:00:00 2001
From: Nach <nachpj@gmail.com>
Date: Thu, 12 Dec 2019 15:51:13 +0100
Subject: [PATCH 1/2] Specific ActiveScriptEventConsumer parsing

---
 .gitignore | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2a12914
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+################################################################################
+# This .gitignore file was automatically created by Microsoft(R) Visual Studio.
+################################################################################
+
+/source/bin

From f30ef56afaf238cd95eae685881ef1b2f96d32d9 Mon Sep 17 00:00:00 2001
From: Nach <nachpj@gmail.com>
Date: Thu, 12 Dec 2019 15:52:46 +0100
Subject: [PATCH 2/2] Specific ActiveScriptEventConsumer parsing

---
 .gitignore        |  4 ++++
 source/Program.cs | 40 +++++++++++++++++++++++++++++++++-------
 2 files changed, 37 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 2a12914..3109cd3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,7 @@
 ################################################################################
 
 /source/bin
+/source/obj
+/source/.vs/wmi-parser/v16/Server/sqlite3
+/source/wmi-parser.csproj.user
+/source/.vs/wmi-parser/v16/.suo
diff --git a/source/Program.cs b/source/Program.cs
index de48492..5690427 100644
--- a/source/Program.cs
+++ b/source/Program.cs
@@ -55,7 +55,7 @@ static void Main(string[] args)
 
             foreach (var b in bindings)
             {
-                Regex regexEventConsumer = new Regex(@"\x00CommandLineEventConsumer\x00\x00(.*?)\x00.*?" + b.Name + "\x00\x00?([^\x00]*)?", RegexOptions.Multiline);
+                Regex regexEventConsumer = new Regex(@"\x00CommandLineEventConsumer\x00\x00([^\x00]*).*?" + b.Name + @"\x00", RegexOptions.Multiline | RegexOptions.Compiled);
 
                 var matches = regexEventConsumer.Matches(data);
                 foreach (Match m in matches)
@@ -64,15 +64,35 @@ static void Main(string[] args)
                     b.Arguments = m.Groups[1].Value;
                 }
 
-                regexEventConsumer = new Regex(@"(\w*EventConsumer)(.*?)(" + b.Name + @")(\x00\x00)([^\x00]*)(\x00\x00)([^\x00]*)", RegexOptions.Multiline);
+                regexEventConsumer = new Regex(@"(\w*EventConsumer)(.*?)(" + b.Name + @")(\x00\x00)([^\x00]*)(\x00\x00)([^\x00]*)", RegexOptions.Multiline | RegexOptions.Compiled);
                 matches = regexEventConsumer.Matches(data);
                 foreach (Match m in matches)
                 {
-                    b.Other = string.Format("{0} ~ {1} ~ {2} ~ {3}", m.Groups[1], m.Groups[3], m.Groups[5], m.Groups[7]);
+                    if (m.Groups[1].Value == "ActiveScriptEventConsumer")
+                    {
+                        b.Type = "ActiveScriptEventConsumer";
+                        b.Name = m.Groups[3].Value;
+                        if ((m.Groups[5].Value.ToLower() == "jscript") || (m.Groups[5].Value.ToLower() == "vbscript"))
+                        {
+                            b.Arguments = string.Format("ScriptLanguage= {0}" + Environment.NewLine + "                 Script= {1}", m.Groups[5], m.Groups[7]);
+                        }
+                        else b.Arguments = string.Format("ScriptLanguage= {0}" + Environment.NewLine + "                 ScriptFile= {1}", m.Groups[7], m.Groups[5]);
+                    }
+                    else
+                    {
+                        b.Other = string.Format("{0} ~ {1} ~ {2} ~ {3}", m.Groups[1], m.Groups[3], m.Groups[5], m.Groups[7]);
+                    }
                 }
 
-                regexEventConsumer = new Regex(@"(" + b.Filter + ")(\x00\x00)([^\x00]*)(\x00\x00)", RegexOptions.Multiline);
-                matches = regexEventConsumer.Matches(data);
+                //regexEventConsumer = new Regex(@"(\w*EventConsumer)(.*?)(" + b.Name + @")(\x00\x00)([^\x00]*)(\x00\x00)([^\x00]*)", RegexOptions.Multiline | RegexOptions.Compiled);
+                //matches = regexEventConsumer.Matches(data);
+                //foreach (Match m in matches)
+                //{
+                //    b.Other = string.Format("{0} ~ {1} ~ {2} ~ {3}", m.Groups[1], m.Groups[3], m.Groups[5], m.Groups[7]);
+                //}
+
+                Regex regexEventFilter = new Regex(@"(" + b.Filter + ")(\x00\x00)([^{\x00}2]*)(\x00\x00)", RegexOptions.Multiline | RegexOptions.Compiled);
+                matches = regexEventFilter.Matches(data);
                 foreach (Match m in matches)
                 {
                     b.Query = m.Groups[3].Value;
@@ -197,6 +217,12 @@ private static void OutputToConsole(List<Binding> bindings)
                     Console.WriteLine("    Type: {0}", "CommandLineEventConsumer");
                     Console.WriteLine("    Arguments: {0}", b.Arguments);
                 }
+                else if (b.Type == "ActiveScriptEventConsumer")
+                {
+                    Console.WriteLine("    Name: {0}", b.Name);
+                    Console.WriteLine("    Type: {0}", "ActiveScriptEventConsumer");
+                    Console.WriteLine("    Script data: {0}", b.Arguments);
+                }
                 else
                 {
                     Console.WriteLine("    Consumer: {0}", b.Other);
@@ -232,9 +258,9 @@ private static void OutputToFile(List<Binding> bindings)
                 {
                     cw.WriteField(b.Name);
                     cw.WriteField(b.Type);
-                    cw.WriteField(b.Arguments);
+                    cw.WriteField(String.IsNullOrEmpty(b.Arguments)? b.Arguments : Regex.Replace(b.Arguments, @"\p{C}+", "."));
                     cw.WriteField(b.Filter);
-                    cw.WriteField(b.Query);
+                    cw.WriteField(String.IsNullOrEmpty(b.Query)? b.Query : Regex.Replace(b.Query, @"\p{C}+", "."));
                     cw.NextRecord(); ;
                 }
             }