Error does not work, not sure if the script is incomplete, or if I used it wrong or both or neither.

[left1000]

python 3.10 command:

py main.py -s "C:\RecuperaBit-1.1.5\savefile1" -o "C:\RecuperaBit-1.1.5\recovered" K:\imagefileg1

output:

INFO:root:First scan completed
INFO:root:Saving results to C:\RecuperaBit-1.1.5\savefile1
INFO:root:Parsing MFT entries
then
error:

  File "C:\RecuperaBit-1.1.5\main.py", line 374, in <module>
    main()
  File "C:\RecuperaBit-1.1.5\main.py", line 357, in main
    parts.update(scanner.get_partitions())
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs.py", line 695, in get_partitions
    parsed = parse_file_record(dump)
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs.py", line 151, in parse_file_record
    attributes = _attributes_reader(entry, header['off_first'])
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs.py", line 110, in _attributes_reader
    attr, name = parse_mft_attr(entry[offset:])
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs.py", line 91, in parse_mft_attr
    data = unpack(content[:size], attr_types_fmt[name])
  File "C:\RecuperaBit-1.1.5\recuperabit\utils.py", line 89, in unpack
    result[label] = formatter(data[low:high+1])
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs_fmt.py", line 81, in index_root_parser
    entries = index_entries(dump[offset:])
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs_fmt.py", line 58, in index_entries
    parsed = unpack(dump[offset:], indx_dir_entry_fmt)
  File "C:\RecuperaBit-1.1.5\recuperabit\utils.py", line 89, in unpack
    result[label] = formatter(data[low:high+1])
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs_fmt.py", line 127, in try_filename
    unpack(dump, attr_types_fmt['$FILE_NAME'])
  File "C:\RecuperaBit-1.1.5\recuperabit\utils.py", line 89, in unpack
    result[label] = formatter(data[low:high+1])
  File "C:\RecuperaBit-1.1.5\recuperabit\fs\ntfs_fmt.py", line 47, in windows_time
    converted = datetime.utcfromtimestamp(value/10.**7 - 11644473600)
OSError: [Errno 22] Invalid argument

Of course this could be because this is meant for python 3.9 or it could be because I'm meant to edit the script if various locations that are indicated in comments that I only 50% comprehend. Felt like I should write this feedback though.

[Lazza]

This is super weird. It should be already handled:

https://github.com/Lazza/RecuperaBit/blob/728e978e459463e259bacca18d8a13a66241f309/recuperabit/fs/ntfs_fmt.py#L45-L50

Can you try to "destroy" the windows_time function and let it always return 0?

You will lose the timestamps, but at least we can see if the other parts are working.

[Lazza]

Actually, maybe the issue is due to the way I wrote line 49. Can you try with this one instead?

except (ValueError, OverflowError, OSError) as e:

[left1000]

Actually, maybe the issue is due to the way I wrote line 49. Can you try with this one instead?

except (ValueError, OverflowError, OSError) as e:

I will note though that your prior comment is a bit odd.

Line 49 in the release version of recuperabit from february is:

" except ValueError:"

I'm betting you're referring to a version other than the release version. (I'll go clone whatever git gives me currently instead.)

Then

" except (ValueError, OverflowError, OSError): "

may very well be correct, it was not my line 49.

That is what I am trying now.

Edit: The error is gone, I did NOT implement your fix.

You should consider putting out a new release I guess, since the release from February doesn't work but the current version of the code does work (without the fix mentioned in this issue.)

TL;DR Sorry, I was wasting your time, and actually this was all my fault.

[Lazza]

You should consider putting out a new release I guess

I was waiting to see if there were some other issues, but given that this problem seems to be impacting a few users I will now publish a new release on GitHub. Thank you for the suggestion and for testing the latest commits.