Reading a txt file created by big fix

system · January 6, 2012, 7:04pm

(imported topic written by NelsonEW)

Good morning everyone,

I’m using an action to run a command line that pipes to a txt file, when I use the relevance debugger to read the lines of the file I get the test, along with a %00 in between every character. How can I read the file without seeing the %00s. Here is the Code and the results:

Action

if {exists file “c:\tools\test.txt”}

delete “c:\tools\test.txt”

endif

run “c:\tools\runascurrentuser.exe” --w --q cmd.exe /c wmic logicaldisk get caption,providername,drivetype,volumename >> “c:\tools\test.txt”

What I put in the Relevance debugger:

q: lines of file “c:\tools\test.txt”

A: %ff%feC%00a%00p%00t%00i%00o%00n%00 %00 %00D%00r%00i%00v%00e%00T%00y%00p%00e%00 %00 %00P%00r%00o%00v%00i%00d%00e%00r%00N%00a%00m%00e%00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00V%00o%00l%00u%00m%00e%00N%00a%00m%00e%00 %00 %00

A: %00

A: %00C%00:%00 %00 %00 %00 %00 %00 %00 %003%00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00O%00S%00D%00i%00s%00k%00 %00 %00 %00 %00 %00 %00

A: %00

Any help would be greatly appreciated. Thank you

Noah · January 6, 2012, 7:45pm

(imported comment written by NoahSalzman)

concatenation “” of substrings separated by “%00” of lines of file “c:\tools\test.txt”

system · January 6, 2012, 10:07pm

(imported comment written by NelsonEW)

Thats great, anyway to seperate them, that moves them all on to one line in the relevance debugger where as they are on separate lines in the txt document

system · January 9, 2012, 7:40pm

(imported comment written by NelsonEW)

Or is there way to have the action that created the file, then delete the null characters from the file?

Noah · January 10, 2012, 8:42pm

(imported comment written by NoahSalzman)

You can do something like this…

concatenation "%0d%0a" of substrings separated by "#$#" of concatenation "" of substrings separated by "%00" of concatenation "#$#" of substrings separated by "%0d%0a" of lines of file "c:\text.txt"

The debugger shows the literal %0d%0a… not sure if that will get properly converted to CRLF in other contexts (such as an Analysis display in the Console).

system · January 10, 2012, 10:39pm

(imported comment written by NelsonEW)

Thanks, That seems to be working.

I had tried putting %0d%0a in the concatenation, but the debugger just put the text in, never thought to actually put it in an analysis to see what happens!

Appreciate your help!

system · October 17, 2013, 7:08pm

(imported comment written by jpeppers91)

I’m having the same the issue where the text is dispayed in the same format and I’m trying to remove the %00’s and
%ff%fe. Using the relevance above works in relevance debugger but but it doesn’t display in the console and get .

Why does the text file display in this manner using the TEM tools and console but works fine in notepad?
How do I fix it where it displayed correctly in the console?

%ff%feD%00e%00s%00c%00r%00i%00p%00t%00i%00o%00n%00 %00 %00 %00 %00 %00 %00H%00o%00t%00F%00i%00x%00I%00D%00 %00 %00 %00I%00n%00s%00t%00a%00l%00l%00e%00d%00O%00n%00 %00 %00

%00

%00U%00p%00d%00a%00t%00e%00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %009%008%002%008%006%001%00 %00 %00 %00 %00 %001%001%00/%003%000%00/%002%000%001%002%00 %00

%00

%00U%00p%00d%00a%00t%00e%00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %009%008%002%008%006%001%00 %00 %00 %00 %00 %001%001%00/%003%000%00/%002%000%001%002%00 %00 %00 %00

%00

%00U%00p%00d%00a%00t%00e%00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00K%00B%009%005%008%008%003%000%00 %00 %00 %001%000%00/%002%006%00/%002%000%001%001%00 %00 %00 %00

%00

%00U%00p%00d%00a%00t%00e%00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00 %00K%00B%009%007%001%000%003%003%00 %00 %00 %001%000%00/%002%006%00/%002%000%001%001%00 %00 %00 %00

%00

leewei · October 17, 2013, 8:57pm

(imported comment written by Lee Wei)

The cause of the issue is that the file is encoded as Unicode, rather than the usual ANSI.

If you use Notepad, you can do “Save As” and change the encoding.

So it would appear that the TEM tools/console do not handle Unicode.

system · October 17, 2013, 11:26pm

(imported comment written by jpeppers91)

Here is is my way around it.

The second to the last line list writes it in a ANSI format.

In case this helps anyone else.

if {not exists folder "c:\temp"}
dos mkdir "c:\temp"
endif 
waithidden cmd.exe /q /c wmic /output:c:\temp\hotfixes_temp.txt qfe get description,hotfixid, installedon
waithidden cmd.exe /a /C type c:\temp\hotfixes_temp.txt > c:\temp\hotfixes.txt  
waithidden cmd.exe /q /c del c:\temp\hotfixes_temp.txt

system · October 17, 2013, 11:38pm

(imported comment written by martinc)

Kind late on this, but just to ask why the /format option was not used. For example:

wmic logicaldisk get caption,providername,drivetype,volumename /format:csv

Node,Caption,DriveType,ProviderName,VolumeName

ZAAZEE-XPS15,C:,3,OS

ZAAZEE-XPS15,D:,5,

wmic qfe get description,hotfixid,installedon /format:csv

Node,Description,HotFixID,InstalledOn

ZAAZEE-XPS15,Update,KB2764913,6/18/2013

ZAAZEE-XPS15,Update,KB2764916,6/18/2013

ZAAZEE-XPS15,Update,KB2718695,6/18/2013

ZAAZEE-XPS15,Update,KB2670838,6/18/2013

ZAAZEE-XPS15,Update,KB2592687,6/18/2013

ZAAZEE-XPS15,Update,KB971033,6/19/2013

ZAAZEE-XPS15,Security Update,KB2393802,10/21/2012
…

This could then be read quite easily with an analysis.

Or maybe I am just missing something

Martin

system · October 17, 2013, 11:58pm

(imported comment written by jpeppers91)

During my testing regardles of the format, wmic always dumped the file in unicode format and TEM couldn’t translate that.

When you say could be easily read with an analysis, what do you mean?

dexdexdex · October 18, 2013, 11:01am

(imported comment written by liuhoting)

I think what martin means is if the wmic /format command works (and you can verify with the relevance debugger on that endpoint), you should be able to write up an analysis that has a property with something like "lines of file :\temp\hotfixes.txt and have that data be available in our console.

system · October 18, 2013, 5:24pm

(imported comment written by jpeppers91)

I gotcha.

system · October 18, 2013, 11:13pm

(imported comment written by martinc)

Ok so wmic is known to output to not to ASCII and there is no built in way to get around this. Even the MS docs state to use TYPE as jpeppers noted above.

So piecing together some queries from previous posts (
https://www.ibm.com/developerworks/community/forums/html/topic?id=77777777-0000-0000-0000-000014754582
), maybe try this:

q: if (exists wmi) then ((string value of property “Description” of it | “No Description”, string value of property “HotFixID” of it | “No HotFix ID”, string value of property “InstalledOn” of it | “No InstalledOn Date”) of select objects “description,hotfixid,installedon from Win32_QuickFixEngineering” of wmi) as string else “N/A”

A: Security Update, KB2832414, 7/18/2013

A: Security Update, KB2833946, 7/19/2013

A: Security Update, KB2834886, 7/19/2013

A: Security Update, KB2835361, 7/19/2013

…

This would avoid the need of using a fixlet action and you could just put it into an analysis.

Hope that helps.

system · October 21, 2013, 11:17pm

(imported comment written by SecurityMG)

From the previous post just read the WMIC output like so:

dos type whatever.txt > proper_text_whatever.txt

Should clean up the WMI /format issue.

QNA will give you an odd result, but the final output from BF should be right and readable by you in Notepad or Excel.

MG