search

williballenthin / python-evtx

Pure Python parser for Windows Event Log files (.evtx)
Apache License 2.0
719 stars 165 forks source link

evtx_dump_chunk_slack: write argument must be str not bytes #74

Closed forensenellanebbia closed 2 years ago

forensenellanebbia commented 3 years ago

If I use Python 3 (x64) to run the script evtx_dump_chunk_slack.py against an EVTX file, I get this error:

Traceback (most recent call last): File "./bin/evtx_dump_chunk_slack.py", line 47, in main() File "./bin/evtx_dump_chunk_slack.py", line 43, in main sys.stdout.write(buf[last_allocated_offset:chunk_start + 0x10000]) TypeError: write() argument must be str, not bytes

I tried with Python 3.8.5 and 3.9.7.

To bypass the error, and to make the script work with both Python 2 and 3, I replaced line 43:

sys.stdout.write(buf[last_allocated_offset:chunk_start + 0x10000])

with:

try:
    sys.stdout.buffer.write(buf[last_allocated_offset:chunk_start + 0x10000])
except:
    sys.stdout.write(buf[last_allocated_offset:chunk_start + 0x10000])
williballenthin commented 3 years ago

this is a good fix. would you consider opening a PR (even via the github web interface) with these changes?