michkoll / fakenevtx Goto Github PK
View Code? Open in Web Editor NEWManipulate evtx files as easy as creating fake news
License: Apache License 2.0
Manipulate evtx files as easy as creating fake news
License: Apache License 2.0
When using the ModifyEventdataStep
or ModifySystemdataStep
workflow step I'm getting the following error:
2021-01-26 16:19:40,353 [Workflow.Workflow (_validate )] [INFO ] Evtx file verified successfully.
2021-01-26 16:19:40,354 [Workflow.Workflow (run )] [INFO ] Starting step ModifyEventdataStep
2021-01-26 16:20:18,589 [Workflow.FilterUtils (find_records )] [INFO ] Found 38908 records
2021-01-26 16:20:18,598 [Workflow.Workflow (run )] [INFO ] Execute ModifyEventdataStep(new_value=CENCORED) for record 44901763
2021-01-26 16:20:18,700 [Workflow.ModifyStep (execute )] [INFO ] Changed value of element <Data Name=TargetUserName from Administrator to CENCORED
Traceback (most recent call last):
File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\BinaryParser.py", line 648, in unpack_binary
return bytes(struct.unpack_from("<{}s".format(length), self._buf, o)[0])
struct.error: bad char in struct format
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "test.py", line 26, in <module>
main(args.src, args.dest)
File "test.py", line 17, in main
workflow.run(src, dest)
File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Workflow\Workflow.py", line 68, in run
step.run(dest_evtx_path)
File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Workflow\Workflow.py", line 148, in run
self.repair_hash()
File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Workflow\Workflow.py", line 207, in repair_hash
chunk.repair_header()
File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\Evtx.py", line 389, in repair_header
hex(self.calculate_data_checksum()),
File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\Evtx.py", line 368, in calculate_data_checksum
data = self.unpack_binary(0x200, self.next_record_offset() - 0x200)
File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\BinaryParser.py", line 650, in unpack_binary
raise OverrunBufferException(o, len(self._buf))
Evtx.BinaryParser.OverrunBufferException: Tried to parse beyond the end of the file (read: 0x11200, buffer length: 0x1401000)
At the moment the checksums are recalculated after each single value modification.
Wouldn't it be more performant to first make all modifications and then recalculate all values at the end?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.