I have to examine a file ".ad1" .
Usually I use autopsy [I’m on windows] for memory analysis but with files ".ad1" I can't do it, can you help me to use it on autopsy or do I have to use another tool?
Every time I upload the file to the software it shows me that it is completely empty and autopsy finds nothing.
Every time I upload the file to the software it shows me that it is completely empty and autopsy finds nothing.
The tool shows me only the hex dump
Related
I was just finishing my work. Had been working on this for 1 month, more than 100 questionnaires' data to enter on the database, there were only 3 left. My computer crashed, I turned it off and after I turned it on again, I opened SPSS and coudln't open the .sav file because of an error saying the file is empty (although its size is 68kb) and to try to open another file. I tried to recover the data through the journal file, through syntaxe, but I can't. Is there any way to recover the file from the Temp folder? I noticed that in the Temp folder there are some folders named like this: "pasw-cfe-1324076806484081348-tmp" which contain executable jar files inside. There are also some LCK files with the same names as those folders. After searching about PASW, I got the idea that it may be related to SPSS. Is there any way to open these folders/files? Also, I can send the file to anyone, in case this is needed.
Any help you can offer me will be truly appreciated. Thanks
Unfortunately, no there is no way to convert those temporary scratch file back into an SPSS Statistics system file (.sav). If you do not have backups of the file, perhaps in another format (.sav, *.xlsx, *.csv, etc.) or stored as a table in a database, your only recourse will be to start over.
I have an idea, you can do "system Restore"
I have a batch file which launches other .bas files with the help of gwbasic.
Here is the code of the batch file:
graphics
cd basic
gwbasic menut-hp/d
cd \
Then I have the possibility by typing 1 or 2 etc + ENTER to choose which program i want to run. The programs are located in the same directory as my batch file. The programs are xxx.BAS files.
The problem is:
I have a piece of software written in GWBASIC that currently is set up to just print locally to LPT1.
When I disconnect the local printer, the software (gwbasic i guess) sends automatically the things to print to the network printer.
The result is that a lot of A4 papers come out with only a few lines written.
On the local printer, the printer only printed when i exited the batch program.
On the network printer, it's like its non stop synchronizing, and not only when i exit the batch program.
I see 2 solutions:
manage to put a tempo for the printing on the network printer (to refresh every 2 minutes for example)
or try to add a line in the .BAS files, to save the text in a .txt of .pdf file, instead of printing it.. or print it in a pdf file.
I have almost no idea how gwbasic works, even after some researches.
Moreover, i haven't managed to view (and modify) the code of the .BAS files
Sorry for my bad english,
If anyone has any idea, it would help me a lot!
Thank you very much :)
Maybe later, but I enjoy scripting with BASIC and CONSOLE APP.
I recommend you run a command BAT before you BAS code to get default printer
wmic printer get name,default | find "TRUE" > Printer.txt
With this linen you get the similar response into Printer.txt
TRUE Microsoft Print to PDF
After that, in your BAS code, read them and validate printer name or discard network printer before print.
Happy coding!
I have a few large txt files I'm trying to load into a data warehouse, I do get an error message with the offending row/line number but cannot open the txt file to review it as says it's 2 large 2,413,060KB. Someone suggested using the cmd option to do this but unsure how.
You can either use HJSplit in order to split the data or using another vim-based program such as gVim. Also it may be good to free up your PC's RAM as much as possible.
I hava an application that reads a file from a ZIP archive and saves it to file on file system. After writing it to file system I start start immediately to read this file with a SAX2 reader. On bigger files (300+ MB) it sometimes occures, that SAX2 stops parsing because of an unclosed tag. But when I check the file (or even try to read it again later) it works, so the file it self it OK.
FZipKit.ExtractToStream(LFileName, LStream);
LStream.SaveToFile(OutputFilename);
SAX2.processUrl(OutputFilename);
My assumption is, that the file was not yet fully written to file system when I started the parsing process.
Is there a way to ensure, that the file was written or the steam has been flushed to file system?
thx
I'm going to first of all assume that the XML parser operates correctly. If it is incapable of reading files, well the solution is obvious.
Which leads us to look at how the file is created. When you call SaveToFile, the file is opened, written, closed and buffers are flushed. In a plain vanilla system, your XML parser will see the entire content of the file. The only conclusion is that something is interfering. The most like suspect is your virus scanner. Many scanners, even the most respected ones, cannot properly handle a file being closed and then immediately re-opened.
The bottom line is that your code is fine and the problem almost certainly lies with your local environment.
I'm interested in some information inside a shadow file (.shd) located inside the windows print spooling directory "C:\Windows\System32\spool\PRINTERS". Every time a print job is started, a spool file (.spl) and a shadow file (.shd) are created in that directory. So far I have been successful in detecting when a print job has started, and have been able to pause that print job. If you don't pause the job, the files eventually make their way to the printer and then are deleted by windows.
My problem is. I cannot open the .SHD files because they are locked in such a way that you can not read them while they are open by the sprint spooler. I've even tried going to the file in windows explorer and simply copying the file to another file, and that didn't work either. The .SPL spool files I can open though. I simply wait, and fairly quickly the spooler release that file. For the shadow file though, it permanently holds on to this file. Unfortunately, its the one I need.
The line of code I'm using specifically to open the file is as follows:
m_spoolJobStream = new FileStream(spoolFilePath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite);
The IOException I get is:
The process cannot access the file 'C:\Windows\system32\spool\PRINTERS\FP00083.SHD' because it is being used by another process.
So yes, it is being used by another process. Its being used by the window's print spooler service. But I don't think there is anything I can do about that. All I want to do is read the file. I don't want to make any changes to it. Is there anything I can do here or am I just screwed?
Check the option: "Keep printed documents" (if you have HP printer) and then see your spool file folder, both shadow and spool files would be there.
Well, I did not find a way around this problem. I suspect there is no solution for this and it is by design. However I did find another way to get the information I wanted (at least it seems so thus far).
I'm using the FindNextPrinterChangeNotification() routine out of the winspool.drv library. This guy returns a pointer to a PRINTER_NOTIFY_INFO structure, which in turn contains an array of PRINTER_NOTIFY_INFO_DATA structures. Within that array, there is an element with its "Field" member marked as "JOB_NOTIFY_FIELD_DEVMODE". This element contains a fairly large structure of type DEVMODE. The structure is explained by M$ here http://msdn.microsoft.com/en-us/library/dd183565%28v=vs.85%29.aspx . This structure looks like it contains what I'm looking for and apparently is wrapped up in the .SHD file anyways according to this page http://www.undocprint.org/formats/winspool/shd. I'd like to know what else is in that .SHD file, but I still can't open it because its locked while the job is paused, and I suspect that it stays locked until the job is complete. Oh well, I think my new solution is more elegant anyways.
Just make sure you pause the job in the spool on BOTH your box and the server, then you should be able to copy/open/move the shd file just like you can the spl file. Worked for me, anyway...
This works for me:
- Hang your printer (e.g. jam the paper)
- Print and observe .SHD and .SPL being created
- Stop Print Spooler
- Open the file
The problem might be the FileShare.ReadWrite parameter. You're asking to read and write on the file and maybe that's why you get an error. You should try asking for read-only permission.