search

microsoft / etl2pcapng

Utility that converts an .etl file containing a Windows network packet capture into .pcapng format.
MIT License
607 stars 114 forks source link

Crash on windows 7 #21

Closed FaffeF closed 3 years ago

FaffeF commented 4 years ago

The tool crashes on Windows 7 and Server 2008 R2, no matter if the input file exists or not.

Vanilla Win 7 SP1, vc_redist.x64 installed.

Log Name:      Application
Source:        Application Error
Date:          2020-02-26 08:44:38
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:     [redacted]
Description:
Faulting application name: etl2pcapng.exe, version: 0.0.0.0, time stamp: 0x5e123992
Faulting module name: KERNELBASE.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c78c
Exception code: 0xc0000005
Fault offset: 0x0000000000001ba4
Faulting process id: 0x694
Faulting application start time: 0x01d5ec7899325f47
Faulting application path: C:\temp\etl2pcapng.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: d6dee9fe-586b-11ea-85c8-0050568ea07c
cwegener commented 4 years ago

Same error here. Access denied in KERNELBASE.dll on Windows 7 x64

maolson-msft commented 3 years ago

There's a similar report for Server 2008 R2. These old OS versions are out of support so this doesn't meet my priority bar, but if somebody wants to make these old versions support, please send a PR. For the time being, you guys can work around this issue by running the tool on a newer OS. It doesn't need to be run on the same system that the packet capture was collected on.

mkurkute commented 5 months ago

Hi @maolson-msft I really want this to work for Win Server 2008 R2, can you please provide the fix for this Issue?