search

williballenthin / EVTXtract

EVTXtract recovers and reconstructs fragments of EVTX log files from raw binary data, including unallocated space and memory images.
Apache License 2.0
189 stars 22 forks source link

bug in ` evtxtract.utils.Mmap.__enter__` #17

Closed crb912 closed 6 years ago

crb912 commented 6 years ago

Exception reporting:

File "utils.py", line 63, in evtxtract.utils.Mmap.__enter__
FileNotFoundError: [Errno 2] No such file or directory: 'C:\\some_directory\some_file' (example)

During handling of the above exception, another exception occurred:
File "utils.py", line 66, in evtxtract.utils.Mmap.__enter__
AttributeError: 'NoneType' object has no attribute 'close'

I think there is a bug in your evtxtract.utils.Mmap.__enter__ source code.

 def __enter__(self):
        try:
            self._f = open(self._filename, "rb")
        except Exception as e:
            logging.error('open error!')
            self._mmap.close()

When self._f = open(self._filename, "rb") run failed, self._mmap.close() should not be execute? 

 def __enter__(self):
        try:
            self._f = open(self._filename, "rb")
        except Exception as e:
            logging.error('open error!')
            if  self._f :
                self._mmap.close()
williballenthin commented 6 years ago

great catch! fixing now

williballenthin commented 6 years ago

addressed in f2d8c83c7c9cd76bfb9e218c67b6f197c2bad93c

though, based on your comment above, you may be working with an earlier version of the utility. feel free to try the latest source in the master branch, too.