janstarke
commented
3 months ago Do you have some test data which can be incorporated as unit or integration test?
Closed Darkrael closed 3 months ago
janstarke
commented
3 months ago Do you have some test data which can be incorporated as unit or integration test?
Darkrael
commented
3 months ago Do you have some test data which can be incorporated as unit or integration test?
Unfortunately the NTDS.dit files for which i've experienced this are all from old Active Directories with production data. I've not seen this error in any test environments
Darkrael
commented
3 months ago That looks like a good option. When i find the time i'll investigate the issue in libesedb and create an issue there. Thank you
janstarke
commented
3 months ago I applied my suggestions to the PR and merged it into master. Can you please give it a try, before I publish a new version?
I noticed a bug in libesedb that fails counting values, rows or tables in some
NTDS.ditfiles. This was also present when using the newest libesedb version. Evenesedbexportfails here. A workaround for this is to just execute the count function again if it fails and for some reason it will work the second time.After changing this, the tool would crash when parsing an invalid SID. There might be a better way, but i've just changed the behavior to set the SID to
Nonewhen the parser fails instead of throwing an error.