Skip to content

Commit

Permalink
improved error handling
Browse files Browse the repository at this point in the history
  • Loading branch information
@janstarke
janstarke committed Jul 29, 2024
1 parent 33f0b6b commit ef12f43
Showing 1 changed file with 16 additions and 3 deletions.
19 changes: 16 additions & 3 deletions src/bin/evtxanalyze/pstree/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,17 @@ pub(crate) fn display_pstree(cli: &Cli) -> anyhow::Result<()> {
let mut parser = EvtxParser::from_path(evtx_file)?;
let mut unique_pids = HashMap::new();
let mut events = HashMap::new();
let mut handled_records = 0;
let mut expected_records: usize = 0;
for record in parser.records_json_value() {
expected_records += 1;
match record {
Err(why) => log::warn!("{why}"),
Err(why) => {
log::error!("error while parsing a record; read {handled_records} until now. I'll try to continue with the next record");
log::warn!("{why}")
}
Ok(record) => match Process::try_from(record) {
Err(why) => log::warn!("{why}"),
Err(why) => log::error!("{why}"),
Ok(Some(process)) => {
if has_username(&process) {
let pid = UniquePid::from(&process);
Expand All @@ -57,12 +63,19 @@ pub(crate) fn display_pstree(cli: &Cli) -> anyhow::Result<()> {
.insert(pid.clone());
events.insert(pid, Rc::new(RefCell::new(process)));
}
handled_records += 1;
}
Ok(None) => (),
Ok(None) => handled_records += 1,
},
}
}

log::info!("finished reading all records");

if handled_records < expected_records {
log::warn!("I expected {expected_records}, but only {handled_records} could be handled.")
}

log::warn!("found {} process creations", events.len());

for new_process in events.values() {
Expand Down

0 comments on commit ef12f43

Please sign in to comment.