struct.error: unpack requires a string argument of length 8
Meow-ops opened this issue · 3 comments
Using the tool I got the following error:
$ python CCM_RUA_Finder.py -i OBJECTS.DATA "Format" "FolderPath" "ExplorerFileName" "FileSize" "LastUserName" "LastUsedTime" "TimeZoneOffset" "LaunchCount" "Timestamp1" "Timestamp2" "OriginalFileName" "FileDescription" "CompanyName" "ProductName" "ProductVersion" "FileVersion" "AdditionalProductCodes""msiVersion" "msiDisplayName" "SoftwarePropertiesHash" "ProductCode" "ProductLanguage" "msiPublisher" "FilePropertiesHash" Carved_NullDelim "C:\Windows\system32\" "DllHost.exe" " " "GROUPE\lol" "2017-01-23 12:48:05" ="+000" " " " " " " "dllhost.exe" "COM Surrogate" "Microsoft Corporation" "Microsoft� Windows� Operating System" "6.1.7600.16385" "6.1.7600.16385 (win7_rtm.090713-1255)" "" "" "" "" " " "" "" "" Traceback (most recent call last): File "CCM_RUA_Finder.py", line 506, in <module> main() File "CCM_RUA_Finder.py", line 290, in main parse_null_delimited_record(ccm_nulldel_full_match, True, output_file) File "CCM_RUA_Finder.py", line 359, in parse_null_delimited_record file_size = struct.unpack("L", header_data_match.groups()[4])[0] struct.error: unpack requires a string argument of length 8
If you need it I can provide a sample of the file I used it on.
Hi Sarcarx.
Thank you for reporting this! I haven't been able to reproduce this error. Can you please share the input file with me?
Thanks!
Actually, are you running on a Mac?
If so, I think the update in the mac_test branch may fix the issue. https://github.com/davidpany/WMI_Forensics/blob/mac_test/CCM_RUA_Finder.py
Please let me know if that works for you. Thanks!
Hi Sarcarx,
The latest release should have fixed this issue. I'm marking it as closed for now. Please let me know if you continue to have problems.
Thanks!