search

miketeo / pysmb

pysmb is an experimental SMB/CIFS library written in Python. It implements the client-side SMB/CIFS protocol (SMB1 and SMB2) which allows your Python application to access and transfer files to/from SMB/CIFS shared folders like your Windows file sharing and Samba folders.
Other
340 stars 94 forks source link

Read file .evtx #56

Open ivanooov opened 8 years ago

ivanooov commented 8 years ago

Hi,

When i would like to get a file as Security.evtx (windows logs events .evtx) with the following code: file = open('Security.evtx', 'wb') conn.retrieveFileFromOffset('Logs', 'Security.evtx', file)

i obtain the following issue via wireshark (STATUS_SHARING_VIOLATION): smbviolation

When i modify the Oplock flag, i obtain the same result.

The share access attribute is the following: share_access

When a file is not use by a system process, it's work fine...

If i access to this file with a samba share (smbmount) on linux, it's work fine and i obtain the following smbheader with the following share access attribut:
smbmount_access

Idea ?

Thx for your help,

sm0k commented 8 years ago

Hello,

Same issue here, did you found a workaround?

Thanks