EVTX-Possible bug
bluDuckB3ar opened this issue · 3 comments
The bug appears to be related to duplicate keys within the map files used by EvtxECmd. Specifically, you are encountering errors when EvtxECmd tries to load the following map files:
Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_1.map
Microsoft-Windows-VHDMP-Operational_Microsoft-Windows-VHDMP_2.map
The error messages indicate that these map files contain entries with the same key, leading to a System.ArgumentException.
---------------------------------------------------------------- This is an easy resolve by just deleting the file attaching my terminal output
I was able to fix it by deleting those two map files but was able to replicate the issue on a vm with a fresh install of windows. this was tested through PS 5 - 7 and on .net 6
this would be great in helping someone else if they came across it later
I'll look into this later today! Thanks for reporting 👍