Missing get_value_data_as_multi_value in python module
Closed this issue · 6 comments
Hi,
I'm using the python module in order to browse a NTDS file. I noticed that the multi_value class is included in the module but I'm struggling to get an object of that type from a record. Is there a way that I can :
- Get the multi_value object from a record (when
is_multi_value()is true )
OR - interpret something form get_value_data in order to recover an array of my data and their type
OR - something else that I missed ..
Thank you in advance for the reply. Anyway I have to thank you too for the good work 👍
thx for the report having a look when time permits
Same. Also based on the types I assume the following:
Column Types: as per help(pyesedb)
BINARY_DATA = binary string, get_value_data(...)
BOOLEAN = Integer, get_value_data_flags(...)
CURRENCY = binary string, get_value_data(...)
DATE_TIME = binary string, get_value_data(...)
DOUBLE_64BIT = Float, get_value_data_as_floating_point(...)
FLOAT_32BIT = Float, get_value_data_as_floating_point(...)
GUID = binary string, get_value_data(...)
INTEGER_16BIT_SIGNED = Integer, get_value_data_as_integer(...)
OR get_value_data_flags(...)
INTEGER_16BIT_UNSIGNED = Integer, get_value_data_as_integer(...)
OR get_value_data_flags(...)
INTEGER_32BIT_SIGNED = Integer, get_value_data_as_integer(...)
OR get_value_data_flags(...)
INTEGER_32BIT_UNSIGNED = Integer, get_value_data_as_integer(...)
OR get_value_data_flags(...)
INTEGER_64BIT_SIGNED = Integer, get_value_data_as_integer(...)
OR get_value_data_flags(...)
INTEGER_8BIT_UNSIGNED = Integer, get_value_data_as_integer(...)
OR get_value_data_flags(...)
LARGE_BINARY_DATA = binary string, get_value_data(...)
LARGE_TEXT = Unicode string, get_value_data_as_string(...)
NULL = ???
SUPER_LARGE_VALUE = pyesedb.long_value, get_value_data_as_long_value(...)
TEXT = Unicode string, get_value_data_as_string(...)
Multi-value is not listed as a column type.
Why is get_value_data_flags(...) returning an Integer and not pyesedb.value_flags? The "esedbinfo" reports all "flag" columns as "Integer ...".
The "esedbinfo" reports all "date" columns as "Binary data". Why not an 8 byte (unsigned long long) integer?
I'm not sure about the BOOLEAN. Why not get_value_data_as_boolean(...)?
I'm certainly not sure about NULL.
I could be wrong about the above, so please correct if I've assumed something wrong.
Also, thanks for the lib. Great work!
Multi-value is not listed as a column type.
Correct it is not a column type https://github.com/libyal/libesedb/blob/master/documentation/Extensible%20Storage%20Engine%20(ESE)%20Database%20File%20(EDB)%20format.asciidoc#61-column-type but a column flag https://github.com/libyal/libesedb/blob/master/documentation/Extensible%20Storage%20Engine%20(ESE)%20Database%20File%20(EDB)%20format.asciidoc#62-column-flags-group-of-bits
Why is get_value_data_flags(...) returning an Integer and not pyesedb.value_flags? The "esedbinfo" reports all "flag" columns as "Integer ...".
because get_value_data_flags was implemented before pyesedb.value_flags and the additional value of doing so is marginal
The "esedbinfo" reports all "date" columns as "Binary data". Why not an 8 byte (unsigned long long) integer?
this behavior is application specific, your database catalog indicates that the value type is "binary data" not "integer"
Why not get_value_data_as_boolean(...)?
because there has not been a need for this yet, the JET_coltypBit seems to be rarely used.
I'm not sure about the BOOLEAN.
I'm certainly not sure about NULL.
what are you not sure about? can you be more specific
Thanks for the clarifications.
The "esedbinfo" reports all "date" columns as "Binary data". Why not an 8 byte (unsigned long long) integer?
this behavior is application specific, your database catalog indicates that the value type is "binary data" not "integer"
This just seems odd as all MS timestamp values are 8 byte. Even when the database catalog is indicating "binary data", it is still stored in the "binary data" as an 8 byte integer timestamp. So there is necessarily an additional conversion from a binary string to an integer to make the timestamp value useful in python data/time functions or even conversion from MS to Python date values.
I'm not sure about the BOOLEAN.
I'm certainly not sure about NULL.what are you not sure about? can you be more specific
The help(pyesedb) shows the Column Types for BOOLEAN and NULL.
BOOLEAN = Integer, get_value_data_flags(...)
...
NULL = ???
The help shows BOOLEAN as Integer and suggesting the get_value_data_flags(...) function, but you indicated otherwise in the response. I was unsure about the type as it could be boolean or integer and the get_value_data_flags(...) function is not the correct function to use as you clarified above.
The help shows NULL as an unknown (???) type with no suggested function, so I'm certainly unsure as to why it is listed in the help. Any particular get_value_... function will return None if no value exists for a column and I don't know any column that is specifically be designed to store NULL as the primary value (not just to indicate a missing value).
This just seems odd as all MS timestamp values are 8 byte.
Welcome to ESE application databases
The help shows BOOLEAN as Integer and suggesting the get_value_data_flags(...) function, but you indicated otherwise in the response.
I do not understand what you are trying to tell me here
No updates from original reporting, assuming question has been answered. Closing issue.