get_number_of_records fails on dirty database
Closed this issue · 5 comments
How to reproduce:
import pyesedb
db = pyesedb.open(...)
table0 = db.get_table_by_name("Container_21")
num = table0.get_number_of_records()
print table0.get_name(), " records: ", num
The result ( on table "Container_21") is:
libesedb_table_get_number_of_records: unable to retrieve number of leaf values from table values tree.values: unsupported page tags value size value out of bounds.
esedbinfo output - dont see any troubles with Container_21:
Table: 34 Container_21 (58)
Number of columns: 25
Column Identifier Name Type
1 1 EntryId Integer 64-bit signed
2 2 ContainerId Integer 64-bit signed
3 3 CacheId Integer 64-bit signed
4 4 UrlHash Integer 64-bit signed
5 5 SecureDirectory Integer 32-bit unsigned
6 6 FileSize Integer 64-bit signed
7 7 Type Integer 32-bit unsigned
8 8 Flags Integer 32-bit unsigned
9 9 AccessCount Integer 32-bit unsigned
10 10 SyncTime Integer 64-bit signed
11 11 CreationTime Integer 64-bit signed
12 12 ExpiryTime Integer 64-bit signed
13 13 ModifiedTime Integer 64-bit signed
14 14 AccessedTime Integer 64-bit signed
15 15 PostCheckTime Integer 64-bit signed
16 16 SyncCount Integer 32-bit unsigned
17 17 ExemptionDelta Integer 32-bit unsigned
18 256 Url Large text
19 257 Filename Large text
20 258 FileExtension Large text
21 259 RequestHeaders Large binary data
22 260 ResponseHeaders Large binary data
23 261 RedirectUrl Large text
24 262 Group Large binary data
25 263 ExtraData Large binary dataNumber of indexes: 1
Index: 1 HashEntryIdIndex (58)Index: 1 HashEntryIdIndex (58)
Thx for the report, having a look when time permits
esedbexport -v -T Container_21 8281.dat
libesedb_page_read_tags: invalid number of page tags value out of bounds.
libesedb_page_read: unable to read page tags.
libesedb_io_handle_read_page: unable to read page.
libfdata_vector_get_element_value_by_index: unable to read element data at offset: 0x015e8000.
libfdata_vector_get_element_value_at_offset: unable to retrieve element: 699 value.
libesedb_page_tree_read_page: unable to retrieve page: 700 at offset: 0x015d8000.
libesedb_page_tree_read_node: unable to read page: 700 at offset: 0x015d8000.
libfdata_btree_read_node: unable to read node at offset: 22904832.
libfdata_btree_read_sub_tree: unable to read node.
libfdata_btree_read_sub_tree: unable to read sub node: 11 sub tree.
libfdata_btree_get_number_of_leaf_values: unable to read root node sub tree.
libesedb_table_get_number_of_records: unable to retrieve number of leaf values from table values tree.
export_handle_export_table: unable to retrieve number of records.
export_handle_export_file: unable to export table: 33.
libesedb seems to read an extended page header that is not there:
libesedb_page_read: extended page header:
00000000: 53 6f 75 72 63 65 2d 4c 65 6e 67 74 68 3a 20 33 Source-L ength: 3
00000010: 33 33 36 34 30 0d 0a 58 2d 43 4d 53 2d 43 44 4e 33640..X -CMS-CDN
00000020: 49 6e 76 61 6c 4b 65 79 InvalKey
libesedb_page_read: checksum1 : 0x4c2d656372756f53
libesedb_page_read: checksum2 : 0x33203a6874676e65
libesedb_page_read: checksum3 : 0x580a0d3034363333
libesedb_page_read: page number : 5639706495324865325
libesedb_page_read: unknown1:
00000000: 49 6e 76 61 6c 4b 65 79 InvalKey
libesedb_file_header_read_data: format version : 0x00000620
libesedb_file_header_read_data: format revision : 0x00000014
libesedb_file_header_read_data: page size : 32768
Database is dirty:
libesedb_file_header_read_data: database state : 2 Dirty Shutdown (JET_dbstateDirtyShutdown)
Unclear if this is due to a dirty database or file format related.
Page is empty?
libesedb_page_read: page flags : 0x2d580a0d
Is root
Is parent
Is empty
0x0800 (primary?)
Thanks for update.. FYI just checked this db with external ESEDatabaseView - it crashes within Container_21..
Question appears to be answered, closing issue.