BackEndError: Unable to open file entry on some Windows 11 configurations

[naringleb]

SourceScanner.Scan() is always raising a backend error on some windows systems.

The error:

File “dfvfs\helpers\source_scanner.py”, line 600,
in Scan File “dfvfs\helpers\source_scanner.py”, line 450,
in _ScanNode dfvfs.lib.errors.BackEndError: Unable to open file entry

My setup dfvfs Version 20240505 from pypi python 3.10.11

I'm using the dfvfs library to open E01-Images in my python app. Based on the code of dfvfs/helpers/volume_scanner.py and the usage of the SourceScanner in the plaso code, I wrote some code to get the partition identifiers.

def get_partitions_in_ewf_image(image_path):
    source_scanner = source_scanner_module.SourceScanner()
    source_scanner_context = source_scanner_module.SourceScannerContext()
    source_scanner_context.OpenSourcePath(image_path)
    try:
        source_scanner.Scan(source_scanner_context)   # <-------- HERE THE ERROR IS BEING RAISED
        raise Exception(f'Unable to scan source with error: {ex}')

    # Get the first node where we need to decide what to process.
    scan_node = source_scanner_context.GetRootScanNode()
    while len(scan_node.sub_nodes) == 1:
        scan_node = scan_node.sub_nodes[0]

    partition_identifiers = []
    # The source scanner found a partition table, and we need to determine which partition needs to be processed.
    if scan_node.type_indicator in [TYPE_INDICATOR_TSK_PARTITION]:
        volume_system = tsk_volume_system.TSKVolumeSystem()
        volume_system.Open(scan_node.path_spec)
        partition_identifiers = source_scanner.GetVolumeIdentifiers(volume_system)

    return partition_identifiers

The error is being raised for all images I try to get the partitions from. But only on some windows 11 systems and the exact same images are not causing any problems on other windows 11 system.

It worked pretty fine for different Windows 11 Pro (23H2 and 22H2) systems. The systems, where the error occurs:

• Windows 11 Pro, 23H2, 22631.2861
• Windows 11 Pro, 22H2, 22621.3880
• Windows 11 Pro, 22H2, 22621.2861

Since I can exclude the images being broken, I am reporting the issue. I have absolutely no idea what is causing the error and am hoping to at least find the error source and maybe implement a solution or work around.

[joachimmetz]

what if you step into the source scanner code with a debugger any indication what condition is triggering the back end error exception?

[naringleb]

Unfortunately, the systems are not mine and thus there is no software developement setup installed plus the owners of the systems have no access to the python project.

[joachimmetz]

Then the issue cannot be addressed, for all I know this could be an issue specific to the configuration of those systems. Closing unless more information becomes available.

[joachimmetz]

did one of the comments change? I got a mail about

When I go to the line in the dfvfs code where the error is being raised, then I see that it is because system_level_file_entry is None. Does that help anything?

system_level_file_entry = resolver.Resolver.OpenFileEntry(
          scan_node.path_spec, resolver_context=self._resolver_context)

if system_level_file_entry is None:
     raise errors.BackEndError('Unable to open file entry.')

You would need to determine why OpenFileEntry returns None on the corresponding Windows 11 configurations.

[naringleb]

I'm sorry. I deleted it because I was able to exclude the library being the error source since my python backend app ran perfectly fine when NOT running it from my frontend app. I apologize for blaming dfvfs!