Wrong parsing of new runcount format of 30 version

EricZimmerman / Prefetch

Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.

MIT License

105 stars 23 forks source link

Wrong parsing of new runcount format of 30 version #5

Closed 0xMuhannad closed 1 year ago

0xMuhannad commented 1 year ago

Hi eric,

In the mid of the development of my Rust parser for Prefetch I was using your code result as a baseline for my parser's result. When I was trying to parse a version 30 prefetch with the new run count format (OFFSET 116) I found the runcount result is not parsed correctly and sometimes I get runcount as 0 in your parser.

As shown below the run count is 3 and it should be 4.

Also below, the run count is 0 and its not correct.

EricZimmerman commented 1 year ago

You aren't even using the current version of the software. Update and try again