使用Perl在注册表中解析Microsoft Office 2013 MRU列表

Question

I am currently trying to parse the keys in a Windows 7 registry containing the MRU lists for Microsoft Office 2013. However when I attempt to run the Perl script in RegRipper it says the plugin was not successfully run. Im not sure if there is a syntax error in my code or if it is unable to parse the registry as I have it written. The biggest problem is that one of the keys is named after the user's LiveId (it appear as LiveId_XXXXXXX) and this changes from user to user so i would like this plugin to work no matter what the user's LiveId is. Thanks!

my $reg = Parse::Win32Registry->new($ntuser);
    my $root_key = $reg->get_root_key;
    # ::rptMsg("officedocs2013_File_MRU v.".$VERSION); # 20110830 [fpi] - redundant
    my $tag = 0;
    my $key_path = "Software\\Microsoft\\Office\\15.0";
    if (defined($root_key->get_subkey($key_path))) {
        $tag = 1;
    }

    if ($tag) {
        ::rptMsg("MSOffice version 2013 located.");
        my $key_path = "Software\\Microsoft\\Office\\15.0";            
        my $of_key = $root_key->get_subkey($key_path);
        if ($of_key) {
# Attempt to retrieve Word docs
            my $word_mru_key_path = 'Software\\Microsoft\\Office\\15.0\\Word\\User MRU';
            my $word_mru_key = $of_key->get_subkey($word_mru_key_path);
            foreach ($word_mru_key->get_list_of_subkeys())
    {
        if ($key->as_string() =~ /LiveId_\w+/)
        {
            $word = join($key->as_string(),'\\File MRU');
            ::rptMsg($key_path."\\".$word);
            ::rptMsg("LastWrite Time ".gmtime($word_key->get_timestamp())." (UTC)");
            my @vals = $word_key->get_list_of_values();
                if (scalar(@vals) > 0) {
                    my %files

# Retrieve values and load into a hash for sorting          
                    foreach my $v (@vals) {
                        my $val = $v->get_name();
                        if ($val eq "Max Display") { next; }
                        my $data = getWinTS($v->get_data());
                        my $tag = (split(/Item/,$val))[1];
                        $files{$tag} = $val.":".$data;
                    }
# Print sorted content to report file           
                    foreach my $u (sort {$a <=> $b} keys %files) {
                        my ($val,$data) = split(/:/,$files{$u},2);
                        ::rptMsg("  ".$val." -> ".$data);
                    }
                }
                else {
                    ::rptMsg($key_path.$word." has no values.");
                }

            else {
                ::rptMsg($key_path.$word." not found.");
            }
            ::rptMsg("");                                                                        
        }
    }  

Answer 1

The regex

LiveId_(\w+)

will grab the string after LiveId_ and you can reference it with a \\1 like this