Trying to parse a Windows.edb file from Windows 10 1803 file results in the following errors:
$ ./esedbexport -t EXPORTS Windows.edb
esedbexport 20200102
Opening file.
Database type: Windows Search.
Exporting table 1 (MSysObjects) out of 29.
Exporting table 2 (MSysObjectsShadow) out of 29.
Exporting table 3 (MSysObjids) out of 29.
Exporting table 4 (MSysLocales) out of 29.
Exporting table 5 (CatalogManager_Properties) out of 29.
Exporting table 6 (CatalogStorageManager) out of 29.
Exporting table 7 (SystemIndex_Gthr) out of 29.
Exporting table 8 (SystemIndex_GthrPth) out of 29.
Exporting table 9 (SystemIndex_GthrAppOwner) out of 29.
Exporting table 10 (SystemIndex_1_Properties) out of 29.
Exporting table 11 (SystemIndex_1) out of 29.
Exporting table 12 (SystemIndex_PropertyStore) out of 29.
Unable to export file.
export_handle_export_basic_record_value: missing value string.
export_handle_export_record_value: unable to export basic record value: 305.
export_handle_export_record: unable to export record value: 305.
export_handle_export_table: unable to export record.
export_handle_export_file: unable to export table: 11.
The errors are the same when running the last two experimental releases (libesedb-20181229 and libesedb-20191220).
I've recompiled 20200102 with --enable-verbose-output --enable-debug-output and re-ran just exporting the problematic table (SystemIndex_PropertyStore) and used the -v switch for debug output.
./esedbexport -T SystemIndex_PropertyStore -t EXPORTS -v Windows.edb > SystemIndex_PropertyStore.debug 2>&1
It's been running 20+ minutes and the file where I'm capturing the debug output is approaching 1GB which doesn't seem right, but maybe it is? The Windows.edb file is 224MB.
The tools are being run on macOS 10.14.6.
Is there something else I should be trying? Or something I'm missing?
Thanks!
Trying to parse a Windows.edb file from Windows 10 1803 file results in the following errors:
$ ./esedbexport -t EXPORTS Windows.edb
esedbexport 20200102
Opening file.
Database type: Windows Search.
Exporting table 1 (MSysObjects) out of 29.
Exporting table 2 (MSysObjectsShadow) out of 29.
Exporting table 3 (MSysObjids) out of 29.
Exporting table 4 (MSysLocales) out of 29.
Exporting table 5 (CatalogManager_Properties) out of 29.
Exporting table 6 (CatalogStorageManager) out of 29.
Exporting table 7 (SystemIndex_Gthr) out of 29.
Exporting table 8 (SystemIndex_GthrPth) out of 29.
Exporting table 9 (SystemIndex_GthrAppOwner) out of 29.
Exporting table 10 (SystemIndex_1_Properties) out of 29.
Exporting table 11 (SystemIndex_1) out of 29.
Exporting table 12 (SystemIndex_PropertyStore) out of 29.
Unable to export file.
export_handle_export_basic_record_value: missing value string.
export_handle_export_record_value: unable to export basic record value: 305.
export_handle_export_record: unable to export record value: 305.
export_handle_export_table: unable to export record.
export_handle_export_file: unable to export table: 11.
The errors are the same when running the last two experimental releases (libesedb-20181229 and libesedb-20191220).
I've recompiled 20200102 with --enable-verbose-output --enable-debug-output and re-ran just exporting the problematic table (SystemIndex_PropertyStore) and used the -v switch for debug output.
./esedbexport -T SystemIndex_PropertyStore -t EXPORTS -v Windows.edb > SystemIndex_PropertyStore.debug 2>&1
It's been running 20+ minutes and the file where I'm capturing the debug output is approaching 1GB which doesn't seem right, but maybe it is? The Windows.edb file is 224MB.
The tools are being run on macOS 10.14.6.
Is there something else I should be trying? Or something I'm missing?
Thanks!