unexpected keyword argument 'include_inactive'

[rlwmmw]

I was receiving an error running evtx_info.py on every evtx file I tested.

Traceback (most recent call last): File "python-evtx/scripts/evtx_info.py", line 114, in <module> main() File "python-evtx/scripts/evtx_info.py", line 75, in main for (i, chunk) in enumerate(fh.chunks(include_inactive=True), 1): TypeError: chunks() got an unexpected keyword argument 'include_inactive' Upon further investigation and testing I updated line 75 from this: for (i, chunk) in enumerate(fh.chunks(include_inactive=True), 1): to this: for (i, chunk) in enumerate(fh.chunks(), 1):

That seems to have resolved the issue, and it matches evtx_info.py from the fix/issue-37 branch. I'm not sure if this change has been inadvertently excluded from the Master branch, or if some other problem exists.

It is also possible, I am misunderstanding the error entirely. Either way, removing 'include_inactive=True' from line 75 seems to to have fixed the problem for me anyway.

[williballenthin]

hey @rlwmmw

thanks for reporting this issue. would you mind double checking that you have the latest source from github installed? it seems that FileHeader.chunks() does indeed accept a include_inactive flag, as shown here: https://github.com/williballenthin/python-evtx/blob/master/Evtx/Evtx.py#L222

happy to continue to help debugging this, just want to double check any assumptions before diving in.