search

DFIR-ORC / dfir-orc

Forensics artefact collection tool for systems running Microsoft Windows
https://dfir-orc.github.io
GNU Lesser General Public License v2.1
388 stars 42 forks source link

Fixing config check in RegInfo tool #39

Closed 314erre closed 3 years ago

314erre commented 3 years ago

Hello,

Following the official documentation on the usage of RegInfo, we need to provide an XML configuration file which allows us to provide an output directory or file (csv, tsv). But we obtain the following message : No valid output specified (only directory or csv|tsv are allowed using the documentation configuration file and command line.

The function CheckConfiguration in RegInfo_Config.cpp checks if the output type is None. These output types are defined in OutputSpec::Kind, and the None output is equal to 0. However, the CheckConfiguration uses the HasFlag and when checking if the output is None (0), the return value will always be true because of the (value & flag) == flag computation.

On my side, I've changed the OutputSpecTypes by starting the None output value to 1, and incrementing the shift value of the other outputs which seams to solve this issue.

Pierre

fabienfl-orc commented 3 years ago

Thank you for all details, will be fixed with upcoming 10.1.0-rc5