Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

-J doesn't put sbuf debug information into report.xml #411

Open
2 tasks
simsong opened this issue Apr 17, 2023 · 0 comments
Open
2 tasks

-J doesn't put sbuf debug information into report.xml #411

simsong opened this issue Apr 17, 2023 · 0 comments
Assignees
@simsong

Comments

@simsong
Copy link
Owner

simsong commented Apr 17, 2023

  • report.xml below should indicate when each sbuf is started and stopped.
  • There should be a debug option for logging all sbufs processed.

command line:

src/bulk_extractor --notify_main_thread -Z -J -o out1 tests/Images/nps-2010-emails.E01

report.xml:

<?xml version='1.0' encoding='UTF-8'?>
<dfxml xmloutputversion='1.0' xmlns:debug='http://afflib.org/bulk_extractor/debug'>
  <metadata
  xmlns='http://afflib.org/bulk_extractor/'
  xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
  xmlns:dc='http://purl.org/dc/elements/1.1/'>
    <dc:type>Feature Extraction</dc:type>
  </metadata>
  <creator version='1.0'>
    <program>BULK_EXTRACTOR</program>
    <version>2.0.3</version>
    <build_environment>
      <compiler>4.2.1 (Apple LLVM 14.0.3 (clang-1403.0.22.14.1))</compiler>
      <CPPFLAGS>-I/opt/homebrew/include/  -DUTC_OFFSET=+0000</CPPFLAGS>
      <CFLAGS>-g -g -O2 -fPIC -O3</CFLAGS>
      <CXXFLAGS>-g  -pthread -Wall -MD -Wpointer-arith -Wshadow -Wwrite-strings -Wcast-align -Wredundant-decls -Wdisabled-optimization -Wfloat-equal -Wmultichar -Wmissing-noreturn -Woverloaded-virtual -Wsign-promo -Weffc++ -fPIC -O3</CXXFLAGS>
      <LDFLAGS>-L/opt/homebrew/lib/ </LDFLAGS>
      <LIBS>-lewf -lstdc++ -lexpat -lz -ldl -ltermcap -lexpat -lsqlite3 </LIBS>
      <compilation_date>2023-04-16T22:13:44</compilation_date>
      <library name="libewf" version="20140813"/>
      <library name="sqlite" version="3.39.5" source_id="2022-10-14 20:58:05 554764a6e721fab307c63a4f98cd958c8428a5d9d8edfde951858d6fd02daapl"/>
      <git commit="85471cf-508-g6a18edd-dirty"/>
    </build_environment>
    <execution_environment>
      <os_sysname>Darwin</os_sysname>
      <os_release>22.4.0</os_release>
      <os_version>Darwin Kernel Version 22.4.0: Mon Mar  6 20:59:28 PST 2023; root:xnu-8796.101.5~3/RELEASE_ARM64_T6000</os_version>
      <host>Seasons.lan</host>
      <arch>arm64</arch>
      <command_line>src/bulk_extractor --notify_main_thread -Z -J -o out1 tests/Images/nps-2010-emails.E01</command_line>
      <uid>501</uid>
      <username>simsong</username>
      <start_time>2023-04-17T02:21:06Z</start_time>
    </execution_environment>
  </creator>
  <configuration>
    <threads>0</threads>
    <pagesize>16777216</pagesize>
    <marginsize>4194304</marginsize>
    <scanners>
      <scanner>aes</scanner>
      <scanner>base64</scanner>
      <scanner>elf</scanner>
      <scanner>evtx</scanner>
      <scanner>exif</scanner>
      <scanner>facebook</scanner>
      <scanner>find</scanner>
      <scanner>gzip</scanner>
      <scanner>httplogs</scanner>
      <scanner>json</scanner>
      <scanner>kml_carved</scanner>
      <scanner>msxml</scanner>
      <scanner>net</scanner>
      <scanner>ntfsindx</scanner>
      <scanner>ntfslogfile</scanner>
      <scanner>ntfsmft</scanner>
      <scanner>ntfsusn</scanner>
      <scanner>pdf</scanner>
      <scanner>rar</scanner>
      <scanner>sqlite</scanner>
      <scanner>utmp</scanner>
      <scanner>vcard_carved</scanner>
      <scanner>windirs</scanner>
      <scanner>winlnk</scanner>
      <scanner>winpe</scanner>
      <scanner>winprefetch</scanner>
      <scanner>zip</scanner>
      <scanner>accts</scanner>
      <scanner>email</scanner>
      <scanner>gps</scanner>
    </scanners>
  </configuration>
  <provided_filename>tests/Images/nps-2010-emails.E01</provided_filename>
  <timestamp name='phase1 start' delta='0.002236' total='0.002236'/>
  <runtime xmlns:debug="http://www.github.com/simsong/bulk_extractor/issues">
    <debug:work_start threadid='0x1e42f1b40' pos0='0' pagesize='10485760' bufsize='10485760' t='1681698066740'/>
  </runtime>
  <source>
    <image_filename>tests/Images/nps-2010-emails.E01</image_filename>
    <image_size>10485760</image_size>
    <hashdigest type='SHA1'>4a38af31aae308acbd3f71940daf794848de1282</hashdigest>
  </source>
  <timestamp name='phase1 end' delta='1.230265' total='1.232501'/>
  <timestamp name='phase2 start' delta='0.780343' total='2.012845'/>
  <timestamp name='phase2 end' delta='0.022910' total='2.035758'/>
  <report>
    <total_bytes>10485760</total_bytes>
    <elapsed_seconds>2.035763</elapsed_seconds>
    <max_depth_seen>2</max_depth_seen>
    <dup_bytes_encountered>100244</dup_bytes_encountered>
    <sbufs_created>62785</sbufs_created>
    <sbufs_unaccounted>0</sbufs_unaccounted>
    <producer_timer_ns>0</producer_timer_ns>
    <consumer_wait_ns>0</consumer_wait_ns>
    <consumer_wait_ns_per_worker>0</consumer_wait_ns_per_worker>
    <scanner_stats>
      <scanner><name>aes</name><seconds>0.063695</seconds><calls>1</calls></scanner>
      <scanner><name>base64</name><seconds>0.005556</seconds><calls>131</calls></scanner>
      <scanner><name>elf</name><seconds>0.006024</seconds><calls>131</calls></scanner>
      <scanner><name>evtx</name><seconds>0.001206</seconds><calls>131</calls></scanner>
      <scanner><name>exif</name><seconds>0.015783</seconds><calls>97</calls></scanner>
      <scanner><name>facebook</name><seconds>0.020964</seconds><calls>131</calls></scanner>
      <scanner><name>find</name><seconds>0.000007</seconds><calls>131</calls></scanner>
      <scanner><name>gzip</name><seconds>0.018092</seconds><calls>131</calls></scanner>
      <scanner><name>httplogs</name><seconds>0.041017</seconds><calls>131</calls></scanner>
      <scanner><name>json</name><seconds>0.006715</seconds><calls>131</calls></scanner>
      <scanner><name>kml_carved</name><seconds>0.001412</seconds><calls>131</calls></scanner>
      <scanner><name>msxml</name><seconds>0.004985</seconds><calls>131</calls></scanner>
      <scanner><name>net</name><seconds>0.158111</seconds><calls>131</calls></scanner>
      <scanner><name>ntfsindx</name><seconds>0.000022</seconds><calls>1</calls></scanner>
      <scanner><name>ntfslogfile</name><seconds>0.000009</seconds><calls>1</calls></scanner>
      <scanner><name>ntfsmft</name><seconds>0.000046</seconds><calls>1</calls></scanner>
      <scanner><name>ntfsusn</name><seconds>0.002482</seconds><calls>1</calls></scanner>
      <scanner><name>pdf</name><seconds>0.005675</seconds><calls>131</calls></scanner>
      <scanner><name>rar</name><seconds>0.017976</seconds><calls>131</calls></scanner>
      <scanner><name>sqlite</name><seconds>0.001068</seconds><calls>131</calls></scanner>
      <scanner><name>utmp</name><seconds>0.002470</seconds><calls>131</calls></scanner>
      <scanner><name>vcard_carved</name><seconds>0.000451</seconds><calls>131</calls></scanner>
      <scanner><name>windirs</name><seconds>0.004329</seconds><calls>1</calls></scanner>
      <scanner><name>winlnk</name><seconds>0.005246</seconds><calls>1</calls></scanner>
      <scanner><name>winpe</name><seconds>0.013946</seconds><calls>131</calls></scanner>
      <scanner><name>winprefetch</name><seconds>0.008521</seconds><calls>115</calls></scanner>
      <scanner><name>zip</name><seconds>0.389734</seconds><calls>131</calls></scanner>
      <scanner><name>accts</name><seconds>0.272069</seconds><calls>131</calls></scanner>
      <scanner><name>email</name><seconds>0.396979</seconds><calls>131</calls></scanner>
      <scanner><name>gps</name><seconds>0.002344</seconds><calls>131</calls></scanner>
    </scanner_stats>
    <feature_files>
      <feature_file><name>aes_keys</name><count>0</count></feature_file>
      <feature_file><name>alerts</name><count>0</count></feature_file>
      <feature_file><name>ccn</name><count>0</count></feature_file>
      <feature_file><name>ccn_track2</name><count>0</count></feature_file>
      <feature_file><name>domain</name><count>346</count></feature_file>
      <feature_file><name>elf</name><count>0</count></feature_file>
      <feature_file><name>email</name><count>67</count></feature_file>
      <feature_file><name>ether</name><count>0</count></feature_file>
      <feature_file><name>evtx_carved</name><count>0</count></feature_file>
      <feature_file><name>exif</name><count>20</count></feature_file>
      <feature_file><name>facebook</name><count>0</count></feature_file>
      <feature_file><name>find</name><count>0</count></feature_file>
      <feature_file><name>gps</name><count>0</count></feature_file>
      <feature_file><name>httplogs</name><count>0</count></feature_file>
      <feature_file><name>ip</name><count>0</count></feature_file>
      <feature_file><name>jpeg_carved</name><count>1</count></feature_file>
      <feature_file><name>json</name><count>0</count></feature_file>
      <feature_file><name>kml_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfsindx_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfslogfile_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfsmft_carved</name><count>0</count></feature_file>
      <feature_file><name>ntfsusn_carved</name><count>0</count></feature_file>
      <feature_file><name>pii</name><count>0</count></feature_file>
      <feature_file><name>rar</name><count>0</count></feature_file>
      <feature_file><name>rfc822</name><count>0</count></feature_file>
      <feature_file><name>sin</name><count>0</count></feature_file>
      <feature_file><name>sqlite_carved</name><count>0</count></feature_file>
      <feature_file><name>tcp</name><count>0</count></feature_file>
      <feature_file><name>telephone</name><count>0</count></feature_file>
      <feature_file><name>unrar_carved</name><count>0</count></feature_file>
      <feature_file><name>url</name><count>279</count></feature_file>
      <feature_file><name>utmp_carved</name><count>0</count></feature_file>
      <feature_file><name>vcard</name><count>0</count></feature_file>
      <feature_file><name>windirs</name><count>30</count></feature_file>
      <feature_file><name>winlnk</name><count>0</count></feature_file>
      <feature_file><name>winpe</name><count>0</count></feature_file>
      <feature_file><name>winpe_carved</name><count>0</count></feature_file>
      <feature_file><name>winprefetch</name><count>0</count></feature_file>
      <feature_file><name>zip</name><count>398</count></feature_file>
    </feature_files>
  </report>
  <rusage>
    <utime>1.144184</utime>
    <stime>0.042186</stime>
    <maxrss>21348352</maxrss>
    <minflt>1299</minflt>
    <majflt>184</majflt>
    <nswap>0</nswap>
    <inblock>0</inblock>
    <oublock>0</oublock>
    <clocktime>2.037118</clocktime>
  </rusage>
</dfxml>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simsong simsong

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@simsong