Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pf2bodyfile does not support Windows 11 prefetch files #66

Closed
Bitbee0 opened this issue Feb 12, 2025 · 3 comments
Closed

pf2bodyfile does not support Windows 11 prefetch files #66

Bitbee0 opened this issue Feb 12, 2025 · 3 comments
Assignees
@Bitbee0
Labels
bug Something isn't working enhancement New feature or request

Comments

@Bitbee0
Copy link
Contributor

Bitbee0 commented Feb 12, 2025

The pf2bodyfile tool does not support the prefetch file format on Windows 11 systems.
The following error message occured:

$ RUST_BACKTRACE=full pf2bodyfile Windows/Prefetch/*.pf

thread 'main' panicked at /home/user/.cargo/registry/src/index.crates.io-6f17d22bba15001f/dfir-toolkit-0.11.2/src/bin/pf2bodyfile/main.rs:45:85:
called `Result::unwrap()` on an `Err` value: BadFormat(BadFormatError("The prefetch version is unknown: 31"))
stack backtrace:
   0:     0x5d3d7e7ab82a - <std::sys::backtrace::BacktraceLock::print::DisplayBacktrace as core::fmt::Display>::fmt::h304520fd6a30aa07
   1:     0x5d3d7e7c8ceb - core::fmt::write::hf5713710ce10ff22
   2:     0x5d3d7e7a8aa3 - std::io::Write::write_fmt::hda708db57927dacf
   3:     0x5d3d7e7acb12 - std::panicking::default_hook::{{closure}}::he1ad87607d0c11c5
   4:     0x5d3d7e7ac77e - std::panicking::default_hook::h81c8cd2e7c59ee33
   5:     0x5d3d7e7ad30f - std::panicking::rust_panic_with_hook::had2118629c312a4a
   6:     0x5d3d7e7ad087 - std::panicking::begin_panic_handler::{{closure}}::h7fa5985d111bafa2
   7:     0x5d3d7e7abd09 - std::sys::backtrace::__rust_end_short_backtrace::h704d151dbefa09c5
   8:     0x5d3d7e7acd14 - rust_begin_unwind
   9:     0x5d3d7e6b7de3 - core::panicking::panic_fmt::h3eea515d05f7a35e
  10:     0x5d3d7e6b81d6 - core::result::unwrap_failed::h7c8d8bbbcf45dc13
  11:     0x5d3d7e6c6bf4 - pf2bodyfile::main::h7b149c169c333d3d
  12:     0x5d3d7e6cb9b3 - std::sys::backtrace::__rust_begin_short_backtrace::hd5722963b1e6f373
  13:     0x5d3d7e6ca2ed - std::rt::lang_start::{{closure}}::h0c21166296999131
  14:     0x5d3d7e7a2440 - std::rt::lang_start_internal::h4d90db0530245041
  15:     0x5d3d7e6c6d75 - main
  16:     0x7e2692a2a1ca - __libc_start_call_main
                               at ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
  17:     0x7e2692a2a28b - __libc_start_main_impl
                               at ./csu/../csu/libc-start.c:360:3
  18:     0x5d3d7e6b8515 - _start
  19:                0x0 - <unknown>

I can also provide you an prefetch example file in the Win11 format
@Bitbee0 Bitbee0 added bug Something isn't working enhancement New feature or request labels Feb 12, 2025
@Bitbee0
Copy link
Contributor Author

Bitbee0 commented Feb 17, 2025

refers to: ForensicRS/frnsc-prefetch#8

@Bitbee0
Copy link
Contributor Author

Bitbee0 commented Feb 18, 2025

will be solved in frnsc-prefetch lib version 0.13.3

@Bitbee0
Copy link
Contributor Author

Bitbee0 commented Feb 20, 2025

frnsc-prefetch lib version 0.13.3 released -> issue solved
just install the toolkit again

@Bitbee0 Bitbee0 closed this as completed Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bitbee0 Bitbee0

Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@janstarke @Bitbee0