Comments (2)
atcuno
commented on June 15, 2024
Had a similar error in unpack_word on a different file:
Traceback (most recent call last):
File "/usr/local/bin/evtx_dump.py", line 4, in <module>
__import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/python_evtx-0.6.1-py2.7.egg/EGG-INFO/scripts/evtx_dump.py", line 42, in <module>
File "/usr/local/lib/python2.7/dist-packages/python_evtx-0.6.1-py2.7.egg/EGG-INFO/scripts/evtx_dump.py", line 37, in main
File "build/bdist.linux-x86_64/egg/Evtx/Evtx.py", line 498, in xml
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 204, in evtx_record_xml_view
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 191, in render_root_node
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 176, in render_root_node_with_subs
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 126, in rec
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 166, in rec
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 191, in render_root_node
File "build/bdist.linux-x86_64/egg/Evtx/Views.py", line 175, in render_root_node_with_subs
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 168, in children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 159, in _children
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 177, in length
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 64, in __call__
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 334, in children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 153, in _children
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 528, in __init__
File "build/bdist.linux-x86_64/egg/Evtx/Evtx.py", line 382, in add_string
File "build/bdist.linux-x86_64/egg/Evtx/Nodes.py", line 198, in __init__
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 208, in no_length_handler
File "build/bdist.linux-x86_64/egg/Evtx/BinaryParser.py", line 307, in unpack_word
from python-evtx.
rareguy
commented on June 15, 2024
I had the same problem when trying to parse partially recovered EVTX. Turns out this behavior only occurs when you tried to parse a wrongly defined size of EVTX. For example the defined chunk count is 10 but when iterating, turns out that there are only 4 recovered chunks, that it tried to read 10 chunks.
AFAIK from the Evtx class, there is no method to ignore unrecovered chunks and just dump the available chunks. Perhaps this should be an enhancement or at least make the workaround in scripts folder.
Like for instance we can try to define chunk_count by iterating the chunks in the file rather than using the header metadata (word chunk_count), so that it won't try to iterate more than it needs to.
from python-evtx.
Related Issues (20)
- KeyError in entity_reference
- utf decode error in unpack_wstring HOT 1
- KeyError in processing_instruction_target
- Modify parsing exceptions (errors when parsing non-uniform substrings of null values)
- Log Size HOT 2
- Make the package working with pytest4 (and two cosmetic nit-fixes) HOT 1
- setup.py issues on Ubuntu 18.04.3, pip pinning needed HOT 1
- UnicodeDecodeError on BinaryParser
- OSError: [Errno 22] Invalid argument HOT 2
- AccessList values map HOT 1
- parse_filetime error HOT 6
- AttributeError: module 'evtx' has no attribute 'Evtx' HOT 3
- evtx_dump_chunk_slack: write argument must be str not bytes HOT 1
- Get the task to task category mapping
- format xml to binary xml HOT 2
- Update project url? HOT 4
- Dump in JSON format HOT 2
- parse data from dirty chunks HOT 2
- Loop through the records in reversed order HOT 1
- Slow performance compared to https://github.com/0xrawsec/golang-evtx HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from python-evtx.