Process stdout capture for Autoruns

Question

Hey guys I am working on a project currently where I am trying to run Autorunsc64.exe from the sysinternals suite and, unlike other executables I have tried, I can't get it to give me the output in a form I want. Here is the current iteration of my code:

use std::process::{Command as process_command, Stdio};

fn autorun_programs() -> String {
    // Check where sysinternals is developer vs release
    let full_exe_path = current_exe().unwrap();

    let mut split_exe_path: Vec<&str> = Vec::new();
    
    if full_exe_path.to_str().unwrap().contains("target") {
        let temp: Vec<&str> = full_exe_path.to_str().unwrap().split("system_recon\\target\\debug\\system_recon.exe").collect();
        split_exe_path.push(temp[0]);
    } else {
        let temp: Vec<&str> = full_exe_path.to_str().unwrap().split("system_recon.exe").collect();
        split_exe_path.push(temp[0]);
    };

    let partial_exe_path = split_exe_path[0].to_string();
    
    

    let sysinternals_exe_string = partial_exe_path + &"SysinternalsSuite\\Autorunsc64.exe".to_string();

    //my_command.args(["-nobanner", "/accepteula", "-a *", "-c", "-h", "-s", "-v", "-vt", "*"]);

    let mut command = process_command::new(sysinternals_exe_string);
    command.arg("-nobanner");
    command.arg("-accepteula");
    //command.arg("-x");
    command.arg("-t");
    //command.arg("-a");
    //command.arg("*");
    //command.arg("-x");
    //command.arg("-h");
    //command.arg("-s");
    //command.arg("-v");
    //command.arg("-vt");
    //command.arg("*");

    command.stdout(Stdio::piped());
    command.stderr(Stdio::piped());

    let output = command.execute_output().unwrap();
    
    if let Some(exit_code) = output.status.code() {
        if exit_code == 0 {
            println!("Ok.");
        } else {
            eprintln!("Failed.");
        }
    } else {
        eprintln!("Interrupted!");
    }

    println!("{}", String::from_utf8(output.stdout).unwrap());

    return "Bruh".to_string()
}

The code outputs this:

thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: FromUtf8Error { bytes: [255, 254, 13, 0, 10, 0, 72, 0, 75, 0, 76, 0, 77, 0, 92, 0, 83, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 92, 0, 67, 0, 117, 0, 114, 0, 114, 0, 101, 0, 110, 0, 116, 0, 67, 0, 111, 0, 110, 0, 116, 0, 114, 0, 111, 0, 108, 0, 83, 0, 101, 0, 116, 0, 92, 0, 67, 0, 111, 0, 110, 0, 116, 0, 114, 0, 111, 0, 108, 0, 92, 0, 84, 0, 101, 0, 114, 0, 109, 0, 105, 0, 110, 0, 97, 0, 108, 0, 32, 0, 83, 0, 101, 0, 114, 0, 118, 0, 101, 0, 114, 0, 92, 0, 87, 0, 100, 0, 115, 0, 92, 0, 114, 0, 100, 0, 112, 0, 119, 0, 100, 0, 92, 0, 83, 0, 116, 0, 97, 0, 114, 0, 116, 0, 117, 0, 112, 0, 80, 0, 114, 0, 111, 0, 103, 0, 114, 0, 97, 0, 109, 0, 115, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 114, 0, 100, 0, 112, 0, 99, 0, 108, 0, 105, 0, 112, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 32, 0, 32, 0, 114, 0, 100, 0, 112, 0, 99, 0, 108, 0, 105, 0, 112, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 32, 0, 32, 0, 82, 0, 68, 0, 80, 0, 32, 0, 67, 0, 108, 0, 105, 0, 112, 0, 98, 0, 111, 0, 97, 0, 114, 0, 100, 0, 32, 0, 77, 0, 111, 0, 110, 0, 105, 0, 116, 0, 111, 0, 114, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 32, 0, 32, 0, 77, 0, 105, 0, 99, 0, 114, 0, 111, 0, 115, 0, 111, 0, 102, 0, 116, 0, 32, 0, 67, 0, 111, 0, 114, 0, 112, 0, 111, 0, 114, 0, 97, 0, 116, 0, 105, 0, 111, 0, 110, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 32, 0, 32, 0, 49, 0, 48, 0, 46, 0, 48, 0, 46, 0, 49, 0, 57, 0, 48, 0, 52, 0, 49, 0, 46, 0, 55, 0, 52, 0, 54, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 32, 0, 32, 0, 99, 0, 58, 0, 92, 0, 119, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 92, 0, 115, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 51, 0, 50, 0, 92, 0, 114, 0, 100, 0, 112, 0, 99, 0, 108, 0, 105, 0, 112, 0, 46, 0, 101, 0, 120, 0, 101, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 32, 0, 32, 0, 50, 0, 48, 0, 48, 0, 55, 0, 48, 0, 49, 0, 50, 0, 54, 0, 45, 0, 48, 0, 50, 0, 48, 0, 48, 0, 51, 0, 56, 0, 13, 0, 10, 0, 13, 0, 10, 0, 72, 0, 75, 0, 76, 0, 77, 0, 92, 0, 83, 0, 79, 0, 70, 0, 84, 0, 87, 0, 65, 0, 82, 0, 69, 0, 92, 0, 77, 0, 105, 0, 99, 0, 114, 0, 111, 0, 115, 0, 111, 0, 102, 0, 116, 0, 92, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 32, 0, 78, 0, 84, 0, 92, 0, 67, 0, 117, 0, 114, 0, 114, 0, 101, 0, 110, 0, 116, 0, 86, 0, 101, 0, 114, 0, 115, 0, 105, 0, 111, 0, 110, 0, 92, 0, 87, 0, 105, 0, 110, 0, 108, 0, 111, 0, 103, 0, 111, 0, 110, 0, 92, 0, 85, 0, 115, 0, 101, 0, 114, 0, 105, 0, 110, 0, 105, 0, 116, 0, 13, 0, 10, 0, 32, 0, 32, 0, 32, 0, 67, 0, 58, 0, 92, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 92, 0, 115, 0, 121, 0, 115, 0, 116, 0, 101, 0, 109, 0, 51, 0, 50, 0, 92, 0, 117, 0, 115, 0, 101, 0, 114, 0, 105, 0, 110, 0, 105, 0

That is just a sample from the output. Seems like it is not valid utf8 or something idk I am really stumped on this one. I also tried with create_process_w but that had its own problems. Any help is appreciated, thanks!

Answer 1

Turns out, this is UTF-16. So you must first convert it from bytes into u16s:

let u16s: Vec<u16> = output.stdout.chunks_exact(2).map(|chunk| u16::from_ne_bytes([chunk[0], chunk[1]])).collect();
let s = String::from_utf16(&u16s).unwrap(); // may want to use from_utf16_lossy?

Also note that the output starts with a byte order mark: "\u{feff}\r\nHKLM". You may want to strip it off if it's present.

Answer 2

Ok so this is my final solution for my problem:

fn parse_utf16_bytes(bytes: &[u8]) -> Option<String> {
    let mut chunks = bytes.chunks_exact(2);
    let is_big_endian = match chunks.next() {
        Some(&[254, 255]) => true,
        Some(&[255, 254]) => false,
        _ => return None,
    };
    let utf16: Vec<_> = chunks
        .map(|x| {
            let arr2 = x.try_into().expect("convert .chunks_exact() to [u8; 2]");
            if is_big_endian {
                u16::from_be_bytes(arr2)
            } else {
                u16::from_le_bytes(arr2)
            }
        })
        .collect();
    String::from_utf16(&utf16).ok()
}

Thanks for everybody that helped :)