search

jullrich / ISC-Bugs

Internet Storm Center / DShield Bug Tracker
5 stars 5 forks source link

srum-dump issues #40

Closed txcfce13 closed 6 years ago

txcfce13 commented 6 years ago

Successfully ran the csv exe last night without pointing to the Software hive. This morning ran it again but pointing to the SOFTWARE hive path. Received the following error message.

I:\srumdump>srum_dump_csv.exe What is the path to the SRUDB.DAT file? (Ex: \image-mount-point\Windows\system32\sru\srudb.dat) : I:\srumdump What XLS Template should I use? (Press enter for the default SRUM_TEMPLATE.XLSX) : What is the full path of the SOFTWARE registry hive? Usually \image-mount-point\Windows\System32\config\SOFTWARE (or press enter to skip Network resolution) : C:\Windows\System32\config Traceback (most recent call last): File "srum_dump_csv.py", line 299, in if not os.path.exists(options.reghive): File "genericpath.py", line 26, in exists TypeError: coercing to Unicode: need string or buffer, bool found [4592] Failed to execute script srum_dump_cs

Attempted another run without pointing to the SOFTWARE hive and receive this error message.

I:\srumdump>srum_dump_csv.exe What is the path to the SRUDB.DAT file? (Ex: \image-mount-point\Windows\system32\sru\srudb.dat) : I:\srumdump What XLS Template should I use? (Press enter for the default SRUM_TEMPLATE.XLSX) : What is the full path of the SOFTWARE registry hive? Usually \image-mount-point\Windows\System32\config\SOFTWARE (or press enter to skip Network resolution) : Unable to open the ID Lookup table. Error : pyesedb_file_get_table_by_name: unable to retrieve table. libesedbcatalog libesedb_file_get_table_by_utf8_name: unable to retrieve table definition. Press enter to exit

I would appreciate any insight.

txcfce13 commented 6 years ago

Please disregard. I found the problem.

txcfce13 commented 6 years ago

I have run into another issue with respect to srum_dump_csv.exe.

I:\srumdump>srum_dump_csv.exe What is the path to the SRUDB.DAT file? (Ex: \image-mount-point\Windows\system32\sru\srudb.dat) : I:\srumdump\srudb.dat What XLS Template should I use? (Press enter for the default SRUM_TEMPLATE.XLSX) : What is the full path of the SOFTWARE registry hive? Usually \image-mount-point\Windows\System32\config\SOFTWARE (or press enter to skip Network resolution) : D:\soft\SOFTWARE Traceback (most recent call last): File "srum_dump_csv.py", line 299, in if not os.path.exists(options.reghive): File "genericpath.py", line 26, in exists TypeError: coercing to Unicode: need string or buffer, bool found [3516] Failed to execute script srum_dump_csv

Would appreciate if someone could shed some light on this error. I have also entered the path from the default location of the Software hive. Same response.