search

libyal / libesedb

Library and tools to access the Extensible Storage Engine (ESE) Database File (EDB) format.
GNU Lesser General Public License v3.0
338 stars 91 forks source link

get_number_of_records fails on dirty database #37

Closed azerg closed 4 years ago

azerg commented 6 years ago

Sample db file

How to reproduce:

import pyesedb

db = pyesedb.open(...)
table0 = db.get_table_by_name("Container_21")

num = table0.get_number_of_records()
print table0.get_name(), " records: ", num

The result ( on table "Container_21") is:

libesedb_table_get_number_of_records: unable to retrieve number of leaf values from table values tree.values: unsupported page tags value size value out of bounds.

esedbinfo output - dont see any troubles with Container_21:

Table: 34 Container_21 (58) Number of columns: 25 Column Identifier Name Type 1 1 EntryId Integer 64-bit signed 2 2 ContainerId Integer 64-bit signed 3 3 CacheId Integer 64-bit signed 4 4 UrlHash Integer 64-bit signed 5 5 SecureDirectory Integer 32-bit unsigned 6 6 FileSize Integer 64-bit signed 7 7 Type Integer 32-bit unsigned 8 8 Flags Integer 32-bit unsigned 9 9 AccessCount Integer 32-bit unsigned 10 10 SyncTime Integer 64-bit signed 11 11 CreationTime Integer 64-bit signed 12 12 ExpiryTime Integer 64-bit signed 13 13 ModifiedTime Integer 64-bit signed 14 14 AccessedTime Integer 64-bit signed 15 15 PostCheckTime Integer 64-bit signed 16 16 SyncCount Integer 32-bit unsigned 17 17 ExemptionDelta Integer 32-bit unsigned 18 256 Url Large text 19 257 Filename Large text 20 258 FileExtension Large text 21 259 RequestHeaders Large binary data 22 260 ResponseHeaders Large binary data 23 261 RedirectUrl Large text 24 262 Group Large binary data 25 263 ExtraData Large binary data

Number of indexes: 1 Index: 1 HashEntryIdIndex (58)

Index: 1 HashEntryIdIndex (58)

joachimmetz commented 6 years ago

Thx for the report, having a look when time permits

joachimmetz commented 5 years ago

esedbexport -v -T Container_21 8281.dat

libesedb_page_read_tags: invalid number of page tags value out of bounds.
libesedb_page_read: unable to read page tags.
libesedb_io_handle_read_page: unable to read page.
libfdata_vector_get_element_value_by_index: unable to read element data at offset: 0x015e8000.
libfdata_vector_get_element_value_at_offset: unable to retrieve element: 699 value.
libesedb_page_tree_read_page: unable to retrieve page: 700 at offset: 0x015d8000.
libesedb_page_tree_read_node: unable to read page: 700 at offset: 0x015d8000.
libfdata_btree_read_node: unable to read node at offset: 22904832.
libfdata_btree_read_sub_tree: unable to read node.
libfdata_btree_read_sub_tree: unable to read sub node: 11 sub tree.
libfdata_btree_get_number_of_leaf_values: unable to read root node sub tree.
libesedb_table_get_number_of_records: unable to retrieve number of leaf values from table values tree.
export_handle_export_table: unable to retrieve number of records.
export_handle_export_file: unable to export table: 33.

libesedb seems to read an extended page header that is not there:

libesedb_page_read: extended page header:
00000000: 53 6f 75 72 63 65 2d 4c  65 6e 67 74 68 3a 20 33   Source-L ength: 3
00000010: 33 33 36 34 30 0d 0a 58  2d 43 4d 53 2d 43 44 4e   33640..X -CMS-CDN
00000020: 49 6e 76 61 6c 4b 65 79                            InvalKey

libesedb_page_read: checksum1                                           : 0x4c2d656372756f53
libesedb_page_read: checksum2                                           : 0x33203a6874676e65
libesedb_page_read: checksum3                                           : 0x580a0d3034363333
libesedb_page_read: page number                                         : 5639706495324865325
libesedb_page_read: unknown1:
00000000: 49 6e 76 61 6c 4b 65 79                            InvalKey
libesedb_file_header_read_data: format version                          : 0x00000620
libesedb_file_header_read_data: format revision                         : 0x00000014
libesedb_file_header_read_data: page size                               : 32768

Database is dirty:

libesedb_file_header_read_data: database state                          : 2 Dirty Shutdown (JET_dbstateDirtyShutdown)

Unclear if this is due to a dirty database or file format related.

joachimmetz commented 5 years ago

Page is empty?

libesedb_page_read: page flags                                          : 0x2d580a0d
        Is root
        Is parent
        Is empty
        0x0800 (primary?)
azerg commented 5 years ago

Thanks for update.. FYI just checked this db with external ESEDatabaseView - it crashes within Container_21..

joachimmetz commented 4 years ago

Question appears to be answered, closing issue.