Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OverflowError: Python int too large to convert to C long #26

Open
MrChris001 opened this issue Oct 9, 2016 · 3 comments
Open

OverflowError: Python int too large to convert to C long #26

MrChris001 opened this issue Oct 9, 2016 · 3 comments
Labels
bug

Comments

@MrChris001
Copy link

MrChris001 commented Oct 9, 2016
edited by williballenthin
Loading

Thanks for the hard work in this project. It's really helpful.

I just have one problem to report, when I try and parse the Windows EVTX file 'CAPI2' I get the error below. Is there a workaround please? I am actually using the library to parse every EVTX file in a certain directory and this EVTX is the only one that throws up a problem!

  File "g:\Python Code\Events\Evtx2Time.py", line 121, in <module>
    main()
  File "g:\Python Code\Events\Evtx2Time.py", line 71, in main
    for xml, record in evtx_file_xml_view(fh):
  File "C:\Python27\lib\Evtx\Views.py", line 221, in evtx_file_xml_view
    record_str = _build_record_xml(record, cache=cache)
  File "C:\Python27\lib\Evtx\Views.py", line 172, in _build_record_xml
    xml = rec(record.root())
  File "C:\Python27\lib\Evtx\Views.py", line 163, in rec
    subs_strs.append(rec(sub))
  File "C:\Python27\lib\Evtx\Views.py", line 154, in rec
    f = _make_template_xml_view(root_node, cache=cache)
  File "C:\Python27\lib\Evtx\Views.py", line 120, in _make_template_xml_view
    template_instance = root_node.fast_template_instance()
  File "C:\Python27\lib\Evtx\Nodes.py", line 909, in fast_template_instance
    return TemplateInstanceNode(self._buf, ofs, self._chunk, self)
  File "C:\Python27\lib\Evtx\Nodes.py", line 716, in __init__
    self._data_length += new_template.length()
  File "C:\Python27\lib\Evtx\Nodes.py", line 211, in length
    return self.tag_length() + self.data_length()
  File "C:\Python27\lib\Evtx\BinaryParser.py", line 205, in no_length_handler
    return f(offset)
  File "C:\Python27\lib\Evtx\BinaryParser.py", line 356, in unpack_dword
    return struct.unpack_from("<I", self._buf, o)[0]
OverflowError: Python int too large to convert to C long
@williballenthin
Copy link
Owner

huh, i'm not sure whats happening here. the stack trace is useful, but i can't see why the overflow error would be thrown on struct.unpack_from.

is there any chance you can share the evtx file? i dont think i have a similar one on my system, and haven't been able to reproduce this error.

@williballenthin
Copy link
Owner

a workaround might be to use 64-bit python, if that's feasible.

the reported issue is still a bug, however.

@williballenthin
Copy link
Owner

would you email this to me directly at [email protected]? when you respond to a github notification email, github doesn't know what to do with attachments, so i didn't get it.

thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@williballenthin @MrChris001