evtx
evtx copied to clipboard
omerbenamram
error on evtx files for header and hexdump
seeing this error for evtx files? Not sure what is causing this though, is there any evtx logs that can't be handled by this rust binary?
Failed to dump the next record.
Caused by:
0: Failed to parse chunk number 0
1: Failed to parse chunk header
2: Failed to deserialize next_template_offset of type u32
3: Offset 0x08180000 (135790592) - An error has occurred while trying to deserialize binary stream
Original message:
`failed to fill whole buffer`
Hexdump:
---------------------------------------------------------------------------
Current Value 00
--
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060: 00 00 00 00 ....
----------------------------------------------------------------------------
4: failed to fill whole buffer
Failed to dump the next record.
Caused by:
0: Failed to parse chunk number 7
1: Failed to parse chunk header
2: Invalid EVTX chunk header magic, expected ElfChnk0, found [ 0, 0, 1B, 5, 0, 0, 2, E]
Failed to dump the next record.
Caused by:
0: Failed to parse chunk number 8
1: Failed to parse chunk header
2: Invalid EVTX chunk header magic, expected ElfChnk0, found [8A, 14, B3, D8, 1, F, 1, 1]
Failed to dump the next record.
