A little background about what I am trying to do may be in order. I work on several forums specializing in malware removal. The malware we remove tends to be weeks ahead of commercial applications catching up, so we come up with our own tools for analysis, etc. In the process of coming up with new fixes, we frequently infect our own test systems, and analyze the changes.
What I am trying to do is compare registry files, which are basically just text files...that part is easy enough. A typical registry key looks something like this:
The registry keys vary in size, from one line, to hundreds. When I started this little venture, I decided that since there was an unknown amount of keys in the registry, that an ArrayList would be the way to go. I also decided that since the key lengths varied, that putting them in seperate ArrayLists would be the way to go. So essentially, I would end up with an ArrayList of ArrayLists. Here is my code:
That part seems to be working well. They are returned to the calling class like they are supposed to be. But this is where I get a little confused. In my test class, I have the following:
This seems to print out the keys just fine....but they are not printing exactly like I would expect them to be. To me, that could should only print out the first line of each "key". So if I happened to have read in three keys, I would only expect three lines of output.
If I alter the above code to:
Then it prints out the entire key on one line. I am trying to understand what is happening, or why it is happening. When one prints out an ArrayList containing ArrayLists, does it spit out the entire list? There is some weird twilight zone thing happening that is beyond my understanding....
Anybody still awake out there??
<a href="http://www.security-forums.com/forum/viewforum.php?f=48" target="_blank" rel="nofollow">Malware Removal</a> - Get your system running like new again.
System.out.println( ((MyClass)((ArrayList)someArrayList.get(0)).someOtherArrayList.get(0))) will print "myClass" because i've hit the 2nd dimention of arraylist elements and in this case the 2nd Dimention is an type and instance of "MyClass" (first dimention is still of type ArrayList). It's like multiDimentional arrays, but dynamic. I couldn't see your problem because some of your code is missing, but HTH.
Originally posted by C. Alan: In my test class, I have the following:
Since getOld() and getNew() return ArrayLists of ArrayLists, beforeInfection.get(i) is an ArrayList, and printing it prints all elements separated by commas. If you just want the first element (line) of each key, useHere are a few other suggestions from your code. My apologies if some of this seems pedantic. [ December 21, 2004: Message edited by: David Harkness ]
Joined: Dec 17, 2004
Thank you David and Jimmy. That is some of the best constructive criticism I have received in a long time, and it is much appreciated. Now that I understand retrieving ArrayLists of ArrayLists, it will be helpful in the future.
I am actually forced to rethink my strategy. My registry in particular is over 67000 keys long. My testing indicates that in order to scan through all of the keys, it would take over an hour and a half to compare the pre-infection keys with the post-infection keys. The problem is that I don't exactly understand the procedure for accessing the registry with ready-made java classes, so I think that will be next on my list.
Again, thank you for the constructive criticism..it was well worth the wait.
[ December 22, 2004: Message edited by: C. Alan ] [ December 23, 2004: Message edited by: C. Alan ]