views: better handle unicode

Willi Ballenthin · Willi Ballenthin · commit c975c6c652b6 · 2016-09-06T13:16:11.000-04:00
diff --git a/Evtx/Views.py b/Evtx/Views.py
@@ -15,6 +15,7 @@
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
+import sys
 import string
 
 from .Nodes import RootNode
@@ -153,7 +154,10 @@ def rec(root_node):
         f = _make_template_xml_view(root_node, cache=cache)
         subs_strs = []
         for sub in root_node.fast_substitutions():
-            if isinstance(sub, str):
+            # ugly hack for supporting is-string on py2 and py3
+            if sys.version_info < (3, ) and isinstance(sub, basestring):
+                subs_strs.append(sub)
+            elif sys.version_info >= (3, ) and isinstance(sub, str):
                 subs_strs.append(sub)
             elif isinstance(sub, RootNode):
                 subs_strs.append(rec(sub))
diff --git a/scripts/evtxdump.py b/scripts/evtxdump.py
@@ -26,6 +26,10 @@
 from Evtx.Views import evtx_file_xml_view
 
 
+def ascii(s):
+    return s.encode('ascii', 'replace').decode('ascii')
+
+
 def main():
     parser = argparse.ArgumentParser(
         description="Dump a binary EVTX file into XML.")
@@ -42,7 +46,7 @@ def main():
             print("<?xml version=\"1.0\" encoding=\"utf-8\" standalone=\"yes\" ?>")
             print("<Events>")
             for xml, record in evtx_file_xml_view(fh):
-                print(xml)
+                print(ascii(xml))
             print("</Events>")
 
 if __name__ == "__main__":
