Coder Social home page Coder Social logo

fakenevtx's People

Contributors

michkoll avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

Forkers

cledge

fakenevtx's Issues

ModifyEventdataStep: struct.error: bad char in struct format

When using the ModifyEventdataStep or ModifySystemdataStep workflow step I'm getting the following error:

2021-01-26 16:19:40,353 [Workflow.Workflow    (_validate           )] [INFO ]  Evtx file verified successfully.
2021-01-26 16:19:40,354 [Workflow.Workflow    (run                 )] [INFO ]  Starting step ModifyEventdataStep
2021-01-26 16:20:18,589 [Workflow.FilterUtils (find_records        )] [INFO ]  Found 38908 records
2021-01-26 16:20:18,598 [Workflow.Workflow    (run                 )] [INFO ]  Execute ModifyEventdataStep(new_value=CENCORED) for record 44901763
2021-01-26 16:20:18,700 [Workflow.ModifyStep  (execute             )] [INFO ]  Changed value of element <Data Name=TargetUserName from Administrator to CENCORED
Traceback (most recent call last):
  File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\BinaryParser.py", line 648, in unpack_binary
    return bytes(struct.unpack_from("<{}s".format(length), self._buf, o)[0])
struct.error: bad char in struct format

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "test.py", line 26, in <module>
    main(args.src, args.dest)
  File "test.py", line 17, in main
    workflow.run(src, dest)
  File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Workflow\Workflow.py", line 68, in run
    step.run(dest_evtx_path)
  File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Workflow\Workflow.py", line 148, in run
    self.repair_hash()
  File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Workflow\Workflow.py", line 207, in repair_hash
    chunk.repair_header()
  File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\Evtx.py", line 389, in repair_header
    hex(self.calculate_data_checksum()),
  File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\Evtx.py", line 368, in calculate_data_checksum
    data = self.unpack_binary(0x200, self.next_record_offset() - 0x200)
  File "C:\Users\xxx\bin\Python\Python38\lib\site-packages\Evtx\BinaryParser.py", line 650, in unpack_binary
    raise OverrunBufferException(o, len(self._buf))
Evtx.BinaryParser.OverrunBufferException: Tried to parse beyond the end of the file (read: 0x11200, buffer length: 0x1401000)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.