├── .codecov.yml ├── .github └── workflows │ ├── build.yml │ ├── build_freebsd.yml │ ├── build_ossfuzz.yml │ ├── build_shared.yml │ └── build_wheel.yml ├── .gitignore ├── AUTHORS ├── COPYING ├── COPYING.LESSER ├── ChangeLog ├── Makefile.am ├── NEWS ├── README ├── acinclude.m4 ├── appveyor.yml ├── autogen.ps1 ├── autogen.sh ├── build.ps1 ├── common ├── Makefile.am ├── byte_stream.h ├── common.h ├── config_borlandc.h ├── config_msc.h ├── config_winapi.h ├── file_stream.h ├── memory.h ├── narrow_string.h ├── system_string.h ├── types.h.in └── wide_string.h ├── configure.ac ├── documentation └── Windows Event Log (EVT) format.asciidoc ├── dpkg ├── changelog.in ├── compat ├── control ├── copyright ├── libevt-dev.install ├── libevt-python3.install ├── libevt-tools.install ├── libevt.install ├── rules └── source │ └── format ├── dtfabric.yaml ├── evttools ├── Makefile.am ├── evtexport.c ├── evtinfo.c ├── evtinput.c ├── evtinput.h ├── evttools_getopt.c ├── evttools_getopt.h ├── evttools_i18n.h ├── evttools_libbfio.h ├── evttools_libcdirectory.h ├── evttools_libcerror.h ├── evttools_libclocale.h ├── evttools_libcnotify.h ├── evttools_libcpath.h ├── evttools_libcsplit.h ├── evttools_libevt.h ├── evttools_libexe.h ├── evttools_libfcache.h ├── evttools_libfdatetime.h ├── evttools_libfwevt.h ├── evttools_libfwnt.h ├── evttools_libregf.h ├── evttools_libuna.h ├── evttools_libwrc.h ├── evttools_output.c ├── evttools_output.h ├── evttools_signal.c ├── evttools_signal.h ├── evttools_system_split_string.h ├── evttools_unused.h ├── evttools_wide_string.c ├── evttools_wide_string.h ├── export_handle.c ├── export_handle.h ├── info_handle.c ├── info_handle.h ├── log_handle.c ├── log_handle.h ├── message_handle.c ├── message_handle.h ├── message_string.c ├── message_string.h ├── path_handle.c ├── path_handle.h ├── registry_file.c ├── registry_file.h ├── resource_file.c └── resource_file.h ├── include ├── Makefile.am ├── libevt.h.in └── libevt │ ├── codepage.h │ ├── definitions.h.in │ ├── error.h │ ├── extern.h │ ├── features.h.in │ └── types.h.in ├── libevt.ini ├── libevt.nuspec ├── libevt.pc.in ├── libevt.spec.in ├── libevt ├── Makefile.am ├── evt_end_of_file_record.h ├── evt_event_record.h ├── evt_file_header.h ├── evt_record.h ├── libevt.c ├── libevt.rc.in ├── libevt_codepage.h ├── libevt_debug.c ├── libevt_debug.h ├── libevt_definitions.h.in ├── libevt_end_of_file_record.c ├── libevt_end_of_file_record.h ├── libevt_error.c ├── libevt_error.h ├── libevt_event_record.c ├── libevt_event_record.h ├── libevt_extern.h ├── libevt_file.c ├── libevt_file.h ├── libevt_file_header.c ├── libevt_file_header.h ├── libevt_io_handle.c ├── libevt_io_handle.h ├── libevt_libbfio.h ├── libevt_libcdata.h ├── libevt_libcerror.h ├── libevt_libclocale.h ├── libevt_libcnotify.h ├── libevt_libcthreads.h ├── libevt_libfcache.h ├── libevt_libfdata.h ├── libevt_libfdatetime.h ├── libevt_libfwnt.h ├── libevt_libuna.h ├── libevt_notify.c ├── libevt_notify.h ├── libevt_record.c ├── libevt_record.h ├── libevt_record_values.c ├── libevt_record_values.h ├── libevt_strings_array.c ├── libevt_strings_array.h ├── libevt_support.c ├── libevt_support.h ├── libevt_types.h └── libevt_unused.h ├── m4 ├── common.m4 ├── libbfio.m4 ├── libcdata.m4 ├── libcdirectory.m4 ├── libcerror.m4 ├── libcfile.m4 ├── libclocale.m4 ├── libcnotify.m4 ├── libcpath.m4 ├── libcsplit.m4 ├── libcthreads.m4 ├── libexe.m4 ├── libfcache.m4 ├── libfdata.m4 ├── libfdatetime.m4 ├── libfguid.m4 ├── libfvalue.m4 ├── libfwevt.m4 ├── libfwnt.m4 ├── libregf.m4 ├── libuna.m4 ├── libwrc.m4 ├── pthread.m4 ├── python.m4 ├── tests.m4 └── types.m4 ├── manuals ├── Makefile.am ├── evtexport.1 ├── evtinfo.1 └── libevt.3 ├── msvscpp ├── Makefile.am ├── evt_test_end_of_file_record │ └── evt_test_end_of_file_record.vcproj ├── evt_test_error │ └── evt_test_error.vcproj ├── evt_test_event_record │ └── evt_test_event_record.vcproj ├── evt_test_file │ └── evt_test_file.vcproj ├── evt_test_file_header │ └── evt_test_file_header.vcproj ├── evt_test_io_handle │ └── evt_test_io_handle.vcproj ├── evt_test_notify │ └── evt_test_notify.vcproj ├── evt_test_record │ └── evt_test_record.vcproj ├── evt_test_record_values │ └── evt_test_record_values.vcproj ├── evt_test_strings_array │ └── evt_test_strings_array.vcproj ├── evt_test_support │ └── evt_test_support.vcproj ├── evt_test_tools_info_handle │ └── evt_test_tools_info_handle.vcproj ├── evt_test_tools_message_handle │ └── evt_test_tools_message_handle.vcproj ├── evt_test_tools_message_string │ └── evt_test_tools_message_string.vcproj ├── evt_test_tools_output │ └── evt_test_tools_output.vcproj ├── evt_test_tools_path_handle │ └── evt_test_tools_path_handle.vcproj ├── evt_test_tools_registry_file │ └── evt_test_tools_registry_file.vcproj ├── evt_test_tools_resource_file │ └── evt_test_tools_resource_file.vcproj ├── evt_test_tools_signal │ └── evt_test_tools_signal.vcproj ├── evtexport │ └── evtexport.vcproj ├── evtinfo │ └── evtinfo.vcproj ├── libbfio │ └── libbfio.vcproj ├── libcdata │ └── libcdata.vcproj ├── libcdirectory │ └── libcdirectory.vcproj ├── libcerror │ └── libcerror.vcproj ├── libcfile │ └── libcfile.vcproj ├── libclocale │ └── libclocale.vcproj ├── libcnotify │ └── libcnotify.vcproj ├── libcpath │ └── libcpath.vcproj ├── libcsplit │ └── libcsplit.vcproj ├── libcthreads │ └── libcthreads.vcproj ├── libevt.sln ├── libevt │ └── libevt.vcproj ├── libexe │ └── libexe.vcproj ├── libfcache │ └── libfcache.vcproj ├── libfdata │ └── libfdata.vcproj ├── libfdatetime │ └── libfdatetime.vcproj ├── libfguid │ └── libfguid.vcproj ├── libfvalue │ └── libfvalue.vcproj ├── libfwevt │ └── libfwevt.vcproj ├── libfwnt │ └── libfwnt.vcproj ├── libregf │ └── libregf.vcproj ├── libuna │ └── libuna.vcproj ├── libwrc │ └── libwrc.vcproj └── pyevt │ └── pyevt.vcproj ├── ossfuzz ├── Makefile.am ├── file_fuzzer.cc ├── ossfuzz_libbfio.h ├── ossfuzz_libevt.h └── record_fuzzer.cc ├── po ├── ChangeLog ├── Makevars.in └── POTFILES.in ├── pyevt ├── Makefile.am ├── pyevt.c ├── pyevt.h ├── pyevt_codepage.c ├── pyevt_codepage.h ├── pyevt_datetime.c ├── pyevt_datetime.h ├── pyevt_error.c ├── pyevt_error.h ├── pyevt_event_types.c ├── pyevt_event_types.h ├── pyevt_file.c ├── pyevt_file.h ├── pyevt_file_flags.c ├── pyevt_file_flags.h ├── pyevt_file_object_io_handle.c ├── pyevt_file_object_io_handle.h ├── pyevt_integer.c ├── pyevt_integer.h ├── pyevt_libbfio.h ├── pyevt_libcerror.h ├── pyevt_libclocale.h ├── pyevt_libevt.h ├── pyevt_libfwnt.h ├── pyevt_python.h ├── pyevt_record.c ├── pyevt_record.h ├── pyevt_records.c ├── pyevt_records.h ├── pyevt_strings.c ├── pyevt_strings.h └── pyevt_unused.h ├── pyproject.toml ├── runtests.ps1 ├── runtests.sh ├── setup.cfg.in ├── setup.py ├── synclibs.ps1 ├── synclibs.sh ├── synctestdata.ps1 ├── synctestdata.sh ├── tests ├── Makefile.am ├── build.sh ├── data │ ├── end_of_file_record.1 │ ├── event_record.1 │ └── file_header.1 ├── evt_test_end_of_file_record.c ├── evt_test_error.c ├── evt_test_event_record.c ├── evt_test_file.c ├── evt_test_file_header.c ├── evt_test_functions.c ├── evt_test_functions.h ├── evt_test_getopt.c ├── evt_test_getopt.h ├── evt_test_io_handle.c ├── evt_test_libbfio.h ├── evt_test_libcerror.h ├── evt_test_libclocale.h ├── evt_test_libcnotify.h ├── evt_test_libevt.h ├── evt_test_libuna.h ├── evt_test_macros.h ├── evt_test_memory.c ├── evt_test_memory.h ├── evt_test_notify.c ├── evt_test_record.c ├── evt_test_record_values.c ├── evt_test_strings_array.c ├── evt_test_support.c ├── evt_test_tools_info_handle.c ├── evt_test_tools_message_handle.c ├── evt_test_tools_message_string.c ├── evt_test_tools_output.c ├── evt_test_tools_path_handle.c ├── evt_test_tools_registry_file.c ├── evt_test_tools_resource_file.c ├── evt_test_tools_signal.c ├── evt_test_unused.h ├── lsan.suppressions ├── pkgbuild.sh ├── pyevt_test_file.py ├── pyevt_test_support.py ├── runtests.py ├── runtests.sh ├── syncsharedlibs.sh ├── test_evtexport.sh ├── test_evtinfo.ps1 ├── test_evtinfo.sh ├── test_library.ps1 ├── test_library.sh ├── test_manpage.sh ├── test_python_module.sh ├── test_runner.sh ├── test_tools.ps1 └── test_tools.sh └── tox.ini /.codecov.yml: -------------------------------------------------------------------------------- 1 | coverage: 2 | precision: 2 3 | round: down 4 | range: 70...100 5 | status: 6 | project: true 7 | patch: true 8 | changes: false 9 | ignore: 10 | - "libbfio/*" 11 | - "libcdata/*" 12 | - "libcdirectory/*" 13 | - "libcerror/*" 14 | - "libcfile/*" 15 | - "libclocale/*" 16 | - "libcnotify/*" 17 | - "libcpath/*" 18 | - "libcsplit/*" 19 | - "libcthreads/*" 20 | - "libexe/*" 21 | - "libfcache/*" 22 | - "libfdata/*" 23 | - "libfdatetime/*" 24 | - "libfguid/*" 25 | - "libfvalue/*" 26 | - "libfwevt/*" 27 | - "libfwnt/*" 28 | - "libregf/*" 29 | - "libuna/*" 30 | - "libwrc/*" 31 | - "tests/*" 32 | -------------------------------------------------------------------------------- /.github/workflows/build_freebsd.yml: -------------------------------------------------------------------------------- 1 | # Build from source on FreeBSD. 2 | name: build_freebsd 3 | on: [push] 4 | permissions: read-all 5 | jobs: 6 | build_freebsd: 7 | runs-on: ubuntu-22.04 8 | steps: 9 | - uses: actions/checkout@v4 10 | - name: Building from source 11 | id: build_freebsd 12 | uses: vmactions/freebsd-vm@v1 13 | with: 14 | usesh: true 15 | mem: 4096 16 | # Note that the test scripts require bash 17 | prepare: | 18 | pkg install -y autoconf automake bash gettext git libtool pkgconf 19 | run: | 20 | tests/build.sh 21 | tests/runtests.sh 22 | -------------------------------------------------------------------------------- /.github/workflows/build_ossfuzz.yml: -------------------------------------------------------------------------------- 1 | # Build OSSFuzz fuzz targets from source. 2 | name: build_ossfuzz 3 | on: 4 | push: 5 | branches: [main] 6 | permissions: read-all 7 | jobs: 8 | build_ossfuzz: 9 | runs-on: ubuntu-22.04 10 | strategy: 11 | matrix: 12 | include: 13 | - architecture: 'x64' 14 | compiler: 'gcc' 15 | configure_options: '' 16 | steps: 17 | - name: Install build dependencies 18 | run: | 19 | sudo apt-get -y install git 20 | - uses: actions/checkout@v4 21 | with: 22 | repository: google/oss-fuzz 23 | path: oss-fuzz 24 | - name: Build OSSFuzz fuzz targets 25 | working-directory: oss-fuzz 26 | run: | 27 | mkdir -p projects/libevt 28 | cp projects/libyal/build.sh projects/libevt/ 29 | cp projects/libyal/project.yaml projects/libevt/ 30 | head -n 20 projects/libyal/Dockerfile > projects/libevt/Dockerfile 31 | echo "RUN git clone --depth 1 https://github.com/libyal/libevt.git libevt" >> projects/libevt/Dockerfile 32 | tail -n 3 projects/libyal/Dockerfile >> projects/libevt/Dockerfile 33 | python3 infra/helper.py build_image --pull libevt 34 | python3 infra/helper.py build_fuzzers --sanitizer address libevt 35 | python3 infra/helper.py check_build libevt 36 | -------------------------------------------------------------------------------- /.github/workflows/build_shared.yml: -------------------------------------------------------------------------------- 1 | # Build from source with libyal dependencies as shared libraries. 2 | name: build_shared 3 | on: 4 | push: 5 | branches: [main] 6 | permissions: read-all 7 | jobs: 8 | build_shared_ubuntu: 9 | runs-on: ubuntu-22.04 10 | strategy: 11 | matrix: 12 | include: 13 | - architecture: 'x64' 14 | compiler: 'gcc' 15 | configure_options: '--enable-wide-character-type' 16 | steps: 17 | - uses: actions/checkout@v4 18 | - name: Install build dependencies 19 | run: | 20 | sudo apt-get -y install autoconf automake autopoint build-essential git libtool pkg-config 21 | - name: Download test data 22 | run: | 23 | if test -x "synctestdata.sh"; then ./synctestdata.sh; fi 24 | - name: Prepare shared libraries 25 | run: | 26 | tests/syncsharedlibs.sh --use-head 27 | - name: Building from source 28 | env: 29 | CC: ${{ matrix.compiler }} 30 | run: | 31 | tests/build.sh ${{ matrix.configure_options }} 32 | - name: Run tests 33 | run: | 34 | tests/runtests.sh 35 | -------------------------------------------------------------------------------- /.github/workflows/build_wheel.yml: -------------------------------------------------------------------------------- 1 | # Build wheel from source using tox. 2 | name: build_wheel 3 | on: [push, pull_request] 4 | permissions: read-all 5 | jobs: 6 | build_wheel: 7 | runs-on: ubuntu-22.04 8 | strategy: 9 | matrix: 10 | include: 11 | - python-version: '3.7' 12 | toxenv: 'py37' 13 | - python-version: '3.8' 14 | toxenv: 'py38' 15 | - python-version: '3.9' 16 | toxenv: 'py39' 17 | - python-version: '3.10' 18 | toxenv: 'py310' 19 | - python-version: '3.11' 20 | toxenv: 'py311' 21 | - python-version: '3.12' 22 | toxenv: 'py312' 23 | steps: 24 | - uses: actions/checkout@v4 25 | - name: Install build dependencies 26 | run: | 27 | sudo add-apt-repository universe && 28 | sudo add-apt-repository -y ppa:deadsnakes/ppa && 29 | sudo apt-get update && 30 | sudo apt-get install -y autoconf automake autopoint build-essential git libtool pkg-config python${{ matrix.python-version }} python${{ matrix.python-version }}-dev python${{ matrix.python-version }}-venv python3-distutils python3-pip python3-setuptools 31 | - name: Install tox 32 | run: | 33 | python3 -m pip install tox 34 | - name: Download test data 35 | run: | 36 | if test -x "synctestdata.sh"; then ./synctestdata.sh; fi 37 | - name: Prepare build 38 | run: | 39 | ./synclibs.sh --use-head && ./autogen.sh && ./configure && make sources >/dev/null 40 | - name: Build Python wheel 41 | run: | 42 | tox -e${{ matrix.toxenv }} 43 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Acknowledgements: libevt 2 | 3 | Copyright (C) 2011-2024, Joachim Metz 4 | 5 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | TODO: 2 | * move direct access to event record struct members in record values to functions 3 | - replace calls to libfvalue by libuna and libfwnt 4 | - handle strings, use split string? 5 | * API have source and computer name functions return 0 6 | 7 | * libevt 8 | - remove file_get_version 9 | * evtexport, add date time format selection 10 | * evtexport, add flags to strip strings and messages string of CR-LFs 11 | * evtexport, add support for CVS and/or TSV format with surrounding quotes 12 | 13 | * add parameter expansion support 14 | * recovery: what about record that is recoverable but has a size mismatch 15 | * msvscpp: 16 | - check and fix debug output generation 17 | - check 64-bit compilation output (warnings) 18 | * check signal abort 19 | * test find paths on windows 20 | * get %WinDir% 21 | SYSTEM\CurrentControlSet\Control\Session Manager\Environment\windir 22 | - add callback for dealing with path expansion ? 23 | * registry file: 24 | - detect the file type + version based on the base sub keys? 25 | - add file type specific support e.g. CurrentControlSet in key names ? 26 | or be more generic and allow HKEY_ ... type of keys and detect 27 | registry file type 28 | 29 | * libcdirectory: 30 | - move WINAPI * path expansion from export handle to libcdirectory 31 | * update manuals 32 | - evtexport add example output 33 | * add error tollerability (+/-) 34 | - sizes and copy 35 | 36 | Tools: 37 | * API 38 | - functionality to parse event identifier ? 39 | * registy file 40 | - what about NT4 root/base key support ? 41 | * evtexport/export handle 42 | - validate eventlog/computername in system registry ? 43 | - use current control set nr ? 44 | - print if message file key not found 45 | - print if message file not found 46 | - print if message file has no resources 47 | - user sid - find corresponding user name ? 48 | - output data as CSV/TSV, DFXML ? (different output formatting modules) 49 | - print data 50 | - move output to separate code, e.g. libpff 51 | * evtinfo 52 | * pyevt 53 | - functionality to parse event identifier ? 54 | - string representations of event type ? 55 | - access to data 56 | * tests 57 | - file wrap 58 | 59 | Format: 60 | * event flags ? (debug function) 61 | * closing record number ? 62 | 63 | Notes 64 | * %SystemRoot% expansion support for WINNT and WINNT35 65 | check if this is set in SOFTWARE\Microsoft\Windows NT\CurrentVersion\ ? 66 | 67 | 20111003 68 | * see `git log' for more recent change log 69 | * Created initial version based on libnk2 70 | 71 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | ACLOCAL_AMFLAGS = -I m4 2 | 3 | SUBDIRS = \ 4 | include \ 5 | common \ 6 | libcerror \ 7 | libcthreads \ 8 | libcdata \ 9 | libclocale \ 10 | libcnotify \ 11 | libcsplit \ 12 | libuna \ 13 | libcfile \ 14 | libcpath \ 15 | libbfio \ 16 | libfcache \ 17 | libfdata \ 18 | libfdatetime \ 19 | libfguid \ 20 | libfvalue \ 21 | libfwnt \ 22 | libevt \ 23 | libfwevt \ 24 | libexe \ 25 | libregf \ 26 | libwrc \ 27 | libcdirectory \ 28 | evttools \ 29 | pyevt \ 30 | po \ 31 | manuals \ 32 | tests \ 33 | ossfuzz \ 34 | msvscpp 35 | 36 | DPKG_FILES = \ 37 | dpkg/changelog \ 38 | dpkg/changelog.in \ 39 | dpkg/compat \ 40 | dpkg/control \ 41 | dpkg/copyright \ 42 | dpkg/rules \ 43 | dpkg/libevt.install \ 44 | dpkg/libevt-dev.install \ 45 | dpkg/libevt-python3.install \ 46 | dpkg/libevt-tools.install \ 47 | dpkg/source/format 48 | 49 | GETTEXT_FILES = \ 50 | config.rpath \ 51 | po/Makevars.in 52 | 53 | PKGCONFIG_FILES = \ 54 | libevt.pc.in 55 | 56 | SETUP_PY_FILES = \ 57 | pyproject.toml \ 58 | setup.cfg \ 59 | setup.cfg.in \ 60 | setup.py 61 | 62 | SPEC_FILES = \ 63 | libevt.spec \ 64 | libevt.spec.in 65 | 66 | EXTRA_DIST = \ 67 | $(DPKG_FILES) \ 68 | $(GETTEXT_FILES) \ 69 | $(PKGCONFIG_FILES) \ 70 | $(SETUP_PY_FILES) \ 71 | $(SPEC_FILES) 72 | 73 | DISTCLEANFILES = \ 74 | config.status \ 75 | config.cache \ 76 | config.log \ 77 | libevt.pc \ 78 | libevt.spec \ 79 | Makefile \ 80 | Makefile.in \ 81 | po/Makevars 82 | 83 | pkgconfigdir = $(libdir)/pkgconfig 84 | 85 | pkgconfig_DATA = \ 86 | libevt.pc 87 | 88 | libtool: @LIBTOOL_DEPS@ 89 | cd $(srcdir) && $(SHELL) ./config.status --recheck 90 | 91 | lib: library 92 | 93 | library: 94 | (cd $(srcdir)/common && $(MAKE) $(AM_MAKEFLAGS)) 95 | (cd $(srcdir)/libcerror && $(MAKE) $(AM_MAKEFLAGS)) 96 | (cd $(srcdir)/libcthreads && $(MAKE) $(AM_MAKEFLAGS)) 97 | (cd $(srcdir)/libcdata && $(MAKE) $(AM_MAKEFLAGS)) 98 | (cd $(srcdir)/libclocale && $(MAKE) $(AM_MAKEFLAGS)) 99 | (cd $(srcdir)/libcnotify && $(MAKE) $(AM_MAKEFLAGS)) 100 | (cd $(srcdir)/libcsplit && $(MAKE) $(AM_MAKEFLAGS)) 101 | (cd $(srcdir)/libuna && $(MAKE) $(AM_MAKEFLAGS)) 102 | (cd $(srcdir)/libcfile && $(MAKE) $(AM_MAKEFLAGS)) 103 | (cd $(srcdir)/libcpath && $(MAKE) $(AM_MAKEFLAGS)) 104 | (cd $(srcdir)/libbfio && $(MAKE) $(AM_MAKEFLAGS)) 105 | (cd $(srcdir)/libfcache && $(MAKE) $(AM_MAKEFLAGS)) 106 | (cd $(srcdir)/libfdata && $(MAKE) $(AM_MAKEFLAGS)) 107 | (cd $(srcdir)/libfdatetime && $(MAKE) $(AM_MAKEFLAGS)) 108 | (cd $(srcdir)/libfguid && $(MAKE) $(AM_MAKEFLAGS)) 109 | (cd $(srcdir)/libfvalue && $(MAKE) $(AM_MAKEFLAGS)) 110 | (cd $(srcdir)/libfwnt && $(MAKE) $(AM_MAKEFLAGS)) 111 | (cd $(srcdir)/libevt && $(MAKE) $(AM_MAKEFLAGS)) 112 | (cd $(srcdir)/po && $(MAKE) $(AM_MAKEFLAGS)) 113 | 114 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libyal/libevt/0e79e00fa14af08a1ec39a6d98ea6a9490b1cb63/NEWS -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | libevt is a library to access the Windows Event Log (EVT) format. 2 | 3 | Project information: 4 | 5 | * Status: alpha 6 | * Licence: LGPLv3+ 7 | 8 | For more information see: 9 | 10 | * Project documentation: https://github.com/libyal/libevt/wiki/Home 11 | * How to build from source: https://github.com/libyal/libevt/wiki/Building 12 | 13 | -------------------------------------------------------------------------------- /acinclude.m4: -------------------------------------------------------------------------------- 1 | dnl Checks for required headers and functions 2 | dnl 3 | dnl Version: 20200713 4 | 5 | dnl Function to detect if libevt dependencies are available 6 | AC_DEFUN([AX_LIBEVT_CHECK_LOCAL], 7 | [dnl Check for internationalization functions in libevt/libevt_i18n.c 8 | AC_CHECK_FUNCS([bindtextdomain]) 9 | ]) 10 | 11 | dnl Function to detect if evttools dependencies are available 12 | AC_DEFUN([AX_EVTTOOLS_CHECK_LOCAL], 13 | [AC_CHECK_HEADERS([signal.h sys/signal.h unistd.h]) 14 | 15 | AC_CHECK_FUNCS([close getopt setvbuf]) 16 | 17 | AS_IF( 18 | [test "x$ac_cv_func_close" != xyes], 19 | [AC_MSG_FAILURE( 20 | [Missing function: close], 21 | [1]) 22 | ]) 23 | 24 | dnl Headers included in evttools/log_handle.c 25 | AC_CHECK_HEADERS([stdarg.h varargs.h]) 26 | 27 | AS_IF( 28 | [test "x$ac_cv_header_stdarg_h" != xyes && test "x$ac_cv_header_varargs_h" != xyes], 29 | [AC_MSG_FAILURE( 30 | [Missing headers: stdarg.h and varargs.h], 31 | [1]) 32 | ]) 33 | ]) 34 | 35 | dnl Function to check if DLL support is needed 36 | AC_DEFUN([AX_LIBEVT_CHECK_DLL_SUPPORT], 37 | [AS_IF( 38 | [test "x$enable_shared" = xyes && test "x$ac_cv_enable_static_executables" = xno], 39 | [AS_CASE( 40 | [$host], 41 | [*cygwin* | *mingw* | *msys*], 42 | [AC_DEFINE( 43 | [HAVE_DLLMAIN], 44 | [1], 45 | [Define to 1 to enable the DllMain function.]) 46 | AC_SUBST( 47 | [HAVE_DLLMAIN], 48 | [1]) 49 | 50 | AC_SUBST( 51 | [LIBEVT_DLL_EXPORT], 52 | ["-DLIBEVT_DLL_EXPORT"]) 53 | 54 | AC_SUBST( 55 | [LIBEVT_DLL_IMPORT], 56 | ["-DLIBEVT_DLL_IMPORT"]) 57 | ]) 58 | ]) 59 | ]) 60 | 61 | -------------------------------------------------------------------------------- /common/Makefile.am: -------------------------------------------------------------------------------- 1 | AM_CPPFLAGS = \ 2 | -I../include -I$(top_srcdir)/include 3 | 4 | EXTRA_DIST = \ 5 | byte_stream.h \ 6 | common.h \ 7 | config.h \ 8 | config_borlandc.h \ 9 | config_msc.h \ 10 | config_winapi.h \ 11 | file_stream.h \ 12 | memory.h \ 13 | narrow_string.h \ 14 | system_string.h \ 15 | types.h \ 16 | types.h.in \ 17 | wide_string.h 18 | 19 | DISTCLEANFILES = \ 20 | config.h \ 21 | types.h \ 22 | Makefile \ 23 | Makefile.in 24 | 25 | -------------------------------------------------------------------------------- /common/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Common include file 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _COMMON_H ) 23 | #define _COMMON_H 24 | 25 | #if defined( HAVE_CONFIG_H ) 26 | #include "config.h" 27 | #endif 28 | 29 | /* Include the Borland/CodeGear C++ Builder compiler specific configuration 30 | */ 31 | #if defined( __BORLANDC__ ) 32 | #include "config_borlandc.h" 33 | 34 | /* Include the Microsoft Visual Studio C++ compiler specific configuration 35 | */ 36 | #elif defined( _MSC_VER ) 37 | #include "config_msc.h" 38 | #endif 39 | 40 | #include "config_winapi.h" 41 | 42 | #endif /* !defined( _COMMON_H ) */ 43 | 44 | -------------------------------------------------------------------------------- /common/config_borlandc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Configuration for the Borland/CodeGear C++ Builder compiler 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _CONFIG_BORLANDC_H ) 23 | #define _CONFIG_BORLANDC_H 24 | 25 | #endif /* !defined( _CONFIG_BORLANDC_H ) */ 26 | 27 | -------------------------------------------------------------------------------- /common/config_msc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Configuration for the Microsoft Visual Studio C++ compiler 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _CONFIG_MSC_H ) 23 | #define _CONFIG_MSC_H 24 | 25 | /* Disable warning C4127: conditional expression is constant 26 | */ 27 | #pragma warning( disable : 4127 ) 28 | 29 | /* Disable warning C4201: nonstandard extension used : nameless struct/union 30 | */ 31 | #pragma warning( disable : 4201 ) 32 | 33 | #endif /* !defined( _CONFIG_MSC_H ) */ 34 | 35 | -------------------------------------------------------------------------------- /common/config_winapi.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Configuration file for WINAPI 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _CONFIG_WINAPI_H ) 23 | #define _CONFIG_WINAPI_H 24 | 25 | /* Define the earliest supported WINAPI version 26 | #define WINVER 0x0501 27 | */ 28 | 29 | /* If necessary make sure WINAPI is defined 30 | */ 31 | #if defined( HAVE_WINDOWS_H ) || defined( __BORLANDC__ ) || defined( _MSC_VER ) 32 | #include 33 | #endif 34 | 35 | #if defined( WINAPI ) 36 | 37 | /* Define to the address where bug reports for this package should be sent. 38 | */ 39 | #define PACKAGE_BUGREPORT "joachim.metz@gmail.com" 40 | 41 | /* Define the size of the integer for WINAPI 42 | */ 43 | #if !defined( SIZEOF_INT ) 44 | #define SIZEOF_INT 4 45 | #endif 46 | 47 | /* Define the size of size_t for WINAPI 48 | * Do not define when pyconfig.h has been included via python.h 49 | */ 50 | #if !defined( HAVE_PYCONFIG_H ) 51 | 52 | #if !defined( SIZEOF_SIZE_T ) 53 | #if __WORDSIZE == 64 54 | #define SIZEOF_SIZE_T 8 55 | #else 56 | #define SIZEOF_SIZE_T 4 57 | #endif 58 | #endif 59 | 60 | #endif /* !defined( HAVE_PYCONFIG_H ) */ 61 | 62 | /* Define the size of the wide character for WINAPI 63 | */ 64 | #if !defined( SIZEOF_WCHAR_T ) 65 | #define SIZEOF_WCHAR_T 2 66 | #endif 67 | 68 | /* Enable the DllMain function 69 | */ 70 | #define HAVE_DLLMAIN 1 71 | 72 | /* Enable verbose output 73 | #define HAVE_VERBOSE_OUTPUT 1 74 | */ 75 | 76 | /* Enable debug output 77 | #define HAVE_DEBUG_OUTPUT 1 78 | */ 79 | 80 | /* Enable both the narrow and wide character functions 81 | */ 82 | #if !defined( HAVE_WIDE_CHARACTER_TYPE ) 83 | #define HAVE_WIDE_CHARACTER_TYPE 1 84 | #endif 85 | 86 | /* If not controlled by config.h enable multi-thread support 87 | */ 88 | #if !defined( HAVE_CONFIG_H ) && !defined( HAVE_MULTI_THREAD_SUPPORT ) 89 | #define HAVE_MULTI_THREAD_SUPPORT 1 90 | #endif 91 | 92 | #endif /* defined( WINAPI ) */ 93 | 94 | #endif /* !defined( _CONFIG_WINAPI_H ) */ 95 | 96 | -------------------------------------------------------------------------------- /dpkg/changelog.in: -------------------------------------------------------------------------------- 1 | libevt (@VERSION@-1) unstable; urgency=low 2 | 3 | * Auto-generated 4 | 5 | -- Joachim Metz @DPKG_DATE@ 6 | -------------------------------------------------------------------------------- /dpkg/compat: -------------------------------------------------------------------------------- 1 | 10 2 | -------------------------------------------------------------------------------- /dpkg/control: -------------------------------------------------------------------------------- 1 | Source: libevt 2 | Priority: extra 3 | Maintainer: Joachim Metz 4 | Build-Depends: debhelper (>= 9), dh-autoreconf, dh-python, pkg-config, python3-dev, python3-setuptools 5 | Standards-Version: 4.1.4 6 | Section: libs 7 | Homepage: https://github.com/libyal/libevt 8 | Vcs-Git: https://github.com/libyal/libevt.git 9 | 10 | Package: libevt 11 | Architecture: any 12 | Depends: ${shlibs:Depends}, ${misc:Depends} 13 | Conflicts: libevt1 14 | Replaces: libevt1 15 | Suggests: libevt-dbg 16 | Description: Library to access the Windows Event Log (EVT) format 17 | libevt is a library to access the Windows Event Log (EVT) format. 18 | 19 | Package: libevt-dbg 20 | Architecture: any 21 | Section: debug 22 | Depends: libevt (= ${binary:Version}), ${misc:Depends} 23 | Description: Debugging symbols for libevt 24 | Debugging symbols for libevt. 25 | 26 | Package: libevt-dev 27 | Section: libdevel 28 | Architecture: any 29 | Depends: libevt (= ${binary:Version}), ${misc:Depends} 30 | Description: Header files and libraries for developing applications for libevt 31 | Header files and libraries for developing applications for libevt. 32 | 33 | Package: libevt-tools 34 | Section: utils 35 | Architecture: any 36 | Depends: libevt (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} 37 | Conflicts: libevt-utils 38 | Replaces: libevt-utils 39 | Description: Several tools for reading Windows Event Log (EVT) files 40 | Several tools for reading Windows Event Log (EVT) files. 41 | 42 | Package: libevt-tools-dbg 43 | Section: debug 44 | Architecture: any 45 | Depends: libevt-tools (= ${binary:Version}), ${misc:Depends} 46 | Description: Debugging symbols for libevt-tools 47 | Debugging symbols for libevt-tools. 48 | 49 | Package: libevt-python3 50 | Section: python 51 | Architecture: any 52 | Depends: libevt (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} 53 | Conflicts: python3-libevt 54 | Replaces: python3-libevt 55 | Suggests: libevt-python3-dbg 56 | Description: Python 3 bindings for libevt 57 | Python 3 bindings for libevt. 58 | 59 | Package: libevt-python3-dbg 60 | Section: debug 61 | Architecture: any 62 | Depends: libevt-python3 (= ${binary:Version}), ${misc:Depends} 63 | Description: Debugging symbols for libevt-python3 64 | Debugging symbols for libevt-python3. 65 | 66 | -------------------------------------------------------------------------------- /dpkg/copyright: -------------------------------------------------------------------------------- 1 | Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: libevt 3 | Source: https://github.com/libyal/libevt 4 | 5 | Files: * 6 | Copyright: 2011-2024, Joachim Metz 7 | License: LGPL-3.0+ 8 | 9 | License: LGPL-3.0+ 10 | This package is free software; you can redistribute it and/or 11 | modify it under the terms of the GNU Lesser General Public 12 | License as published by the Free Software Foundation; either 13 | version 3 of the License, or (at your option) any later version. 14 | . 15 | This package is distributed in the hope that it will be useful, 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | Lesser General Public License for more details. 19 | . 20 | You should have received a copy of the GNU General Public License 21 | along with this program. If not, see . 22 | . 23 | On Debian systems, the complete text of the GNU Lesser General 24 | Public License can be found in "/usr/share/common-licenses/LGPL-3". 25 | 26 | -------------------------------------------------------------------------------- /dpkg/libevt-dev.install: -------------------------------------------------------------------------------- 1 | usr/include/* 2 | usr/lib/*-*/lib*.a 3 | usr/lib/*-*/lib*.so 4 | usr/lib/*-*/pkgconfig/* 5 | usr/share/man/man3 6 | -------------------------------------------------------------------------------- /dpkg/libevt-python3.install: -------------------------------------------------------------------------------- 1 | /usr/lib/python3* 2 | -------------------------------------------------------------------------------- /dpkg/libevt-tools.install: -------------------------------------------------------------------------------- 1 | usr/bin 2 | usr/share/man/man1 3 | -------------------------------------------------------------------------------- /dpkg/libevt.install: -------------------------------------------------------------------------------- 1 | usr/lib/*-*/lib*.so.* 2 | -------------------------------------------------------------------------------- /dpkg/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # -*- makefile -*- 3 | 4 | # Uncomment for debhelper verbose output. 5 | # export DH_VERBOSE=1 6 | 7 | export SKIP_PYTHON_TESTS=1 8 | 9 | %: 10 | dh $@ --buildsystem=autoconf --with=autoreconf,python3 11 | 12 | .PHONY: override_dh_auto_configure 13 | override_dh_auto_configure: 14 | dh_auto_configure -- --enable-python CFLAGS="-g" 15 | 16 | .PHONY: override_dh_install 17 | override_dh_install: 18 | dh_install --fail-missing -X.la -X/pyevt.a 19 | 20 | .PHONY: override_dh_missing 21 | override_dh_missing: 22 | dh_missing -X.la -X/pyevt.a --fail-missing 23 | 24 | .PHONY: override_dh_strip 25 | override_dh_strip: 26 | ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS))) 27 | dh_strip -plibevt --dbg-package=libevt-dbg 28 | dh_strip -plibevt-tools --dbg-package=libevt-tools-dbg 29 | dh_strip -plibevt-python3 --dbg-package=libevt-python3-dbg 30 | endif 31 | 32 | -------------------------------------------------------------------------------- /dpkg/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /evttools/evtinput.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Common input functions for the evttools 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTINPUT_H ) 23 | #define _EVTINPUT_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evttools_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | enum EVTTOOLS_EVENT_LOG_TYPES 35 | { 36 | EVTTOOLS_EVENT_LOG_TYPE_UNKNOWN, 37 | EVTTOOLS_EVENT_LOG_TYPE_APPLICATION, 38 | EVTTOOLS_EVENT_LOG_TYPE_INTERNET_EXPLORER, 39 | EVTTOOLS_EVENT_LOG_TYPE_SECURITY, 40 | EVTTOOLS_EVENT_LOG_TYPE_SYSTEM, 41 | EVTTOOLS_EVENT_LOG_TYPE_WINDOWS_POWERSHELL, 42 | }; 43 | 44 | int evtinput_determine_event_log_type( 45 | const system_character_t *string, 46 | int *event_log_type, 47 | libcerror_error_t **error ); 48 | 49 | int evtinput_determine_event_log_type_from_filename( 50 | const system_character_t *filename, 51 | int *event_log_type, 52 | libcerror_error_t **error ); 53 | 54 | #if defined( __cplusplus ) 55 | } 56 | #endif 57 | 58 | #endif /* !defined( _EVTINPUT_H ) */ 59 | 60 | -------------------------------------------------------------------------------- /evttools/evttools_getopt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * GetOpt functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_GETOPT_H ) 23 | #define _EVTTOOLS_GETOPT_H 24 | 25 | #include 26 | #include 27 | 28 | /* unistd.h is included here to export getopt, optarg, optind and optopt 29 | */ 30 | #if defined( HAVE_UNISTD_H ) 31 | #include 32 | #endif 33 | 34 | #if defined( __cplusplus ) 35 | extern "C" { 36 | #endif 37 | 38 | #if defined( HAVE_GETOPT ) 39 | #define evttools_getopt( argument_count, argument_values, options_string ) \ 40 | getopt( argument_count, argument_values, options_string ) 41 | 42 | #else 43 | 44 | #if !defined( __CYGWIN__ ) 45 | extern int optind; 46 | extern system_character_t *optarg; 47 | extern system_integer_t optopt; 48 | 49 | #else 50 | int optind; 51 | system_character_t *optarg; 52 | system_integer_t optopt; 53 | 54 | #endif /* !defined( __CYGWIN__ ) */ 55 | 56 | system_integer_t evttools_getopt( 57 | int argument_count, 58 | system_character_t * const argument_values[], 59 | const system_character_t *options_string ); 60 | 61 | #endif /* defined( HAVE_GETOPT ) */ 62 | 63 | #if defined( __cplusplus ) 64 | } 65 | #endif 66 | 67 | #endif /* !defined( _EVTTOOLS_GETOPT_H ) */ 68 | 69 | -------------------------------------------------------------------------------- /evttools/evttools_i18n.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Internationalization (i18n) functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_I18N_H ) 23 | #define _EVTTOOLS_I18N_H 24 | 25 | #include 26 | 27 | #if defined( HAVE_LIBINTL_H ) 28 | #include 29 | #endif 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | /* TODO for now do nothing i18n-like 36 | #define _( string ) \ 37 | gettext( string ) 38 | */ 39 | 40 | #define _( string ) \ 41 | string 42 | 43 | #if defined( __cplusplus ) 44 | } 45 | #endif 46 | 47 | #endif /* !defined( _EVTTOOLS_I18N_H ) */ 48 | 49 | -------------------------------------------------------------------------------- /evttools/evttools_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBBFIO_H ) 23 | #define _EVTTOOLS_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _EVTTOOLS_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /evttools/evttools_libcdirectory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal libcdirectory header 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBCDIRECTORY_H ) 23 | #define _EVTTOOLS_LIBCDIRECTORY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCDIRECTORY for local use of libcdirectory 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCDIRECTORY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCDIRECTORY_DLL_IMPORT 39 | * before including libcdirectory.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCDIRECTORY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif 48 | 49 | #endif 50 | 51 | -------------------------------------------------------------------------------- /evttools/evttools_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBCERROR_H ) 23 | #define _EVTTOOLS_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _EVTTOOLS_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evttools/evttools_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBCLOCALE_H ) 23 | #define _EVTTOOLS_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _EVTTOOLS_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evttools/evttools_libcnotify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcnotify header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBCNOTIFY_H ) 23 | #define _EVTTOOLS_LIBCNOTIFY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCNOTIFY for local use of libcnotify 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCNOTIFY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCNOTIFY_DLL_IMPORT 39 | * before including libcnotify.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBCNOTIFY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCNOTIFY ) */ 48 | 49 | #endif /* !defined( _EVTTOOLS_LIBCNOTIFY_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evttools/evttools_libcpath.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcpath header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBCPATH_H ) 23 | #define _EVTTOOLS_LIBCPATH_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCPATH for local use of libcpath 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCPATH ) 30 | 31 | #include 32 | #include 33 | 34 | #else 35 | 36 | /* If libtool DLL support is enabled set LIBCPATH_DLL_IMPORT 37 | * before including libcpath.h 38 | */ 39 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 40 | #define LIBCPATH_DLL_IMPORT 41 | #endif 42 | 43 | #include 44 | 45 | #endif /* defined( HAVE_LOCAL_LIBCPATH ) */ 46 | 47 | #endif /* !defined( _EVTTOOLS_LIBCPATH_H ) */ 48 | 49 | -------------------------------------------------------------------------------- /evttools/evttools_libcsplit.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal libcsplit header 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBCSPLIT_H ) 23 | #define _EVTTOOLS_LIBCSPLIT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCSPLIT for local use of libcsplit 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCSPLIT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #else 39 | 40 | /* If libtool DLL support is enabled set LIBCSPLIT_DLL_IMPORT 41 | * before including libcsplit.h 42 | */ 43 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 44 | #define LIBCSPLIT_DLL_IMPORT 45 | #endif 46 | 47 | #include 48 | 49 | #endif 50 | 51 | #endif 52 | 53 | -------------------------------------------------------------------------------- /evttools/evttools_libevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libevt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBEVT_H ) 23 | #define _EVTTOOLS_LIBEVT_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _EVTTOOLS_LIBEVT_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /evttools/evttools_libexe.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libexe header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBEXE_H ) 23 | #define _EVTTOOLS_LIBEXE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBEXE for local use of libexe 28 | */ 29 | #if defined( HAVE_LOCAL_LIBEXE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBEXE_DLL_IMPORT 39 | * before including libexe.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBEXE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif 48 | 49 | #endif 50 | 51 | -------------------------------------------------------------------------------- /evttools/evttools_libfcache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfcache header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBFCACHE_H ) 23 | #define _EVTTOOLS_LIBFCACHE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFCACHE for local use of libfcache 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFCACHE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBFCACHE_DLL_IMPORT 39 | * before including libfcache.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBFCACHE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBFCACHE ) */ 48 | 49 | #endif /* !defined( _EVTTOOLS_LIBFCACHE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evttools/evttools_libfdatetime.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfdatetime header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBFDATETIME_H ) 23 | #define _EVTTOOLS_LIBFDATETIME_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFDATETIME for local use of libfdatetime 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFDATETIME ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #else 43 | 44 | /* If libtool DLL support is enabled set LIBFDATETIME_DLL_IMPORT 45 | * before including libfdatetime.h 46 | */ 47 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 48 | #define LIBFDATETIME_DLL_IMPORT 49 | #endif 50 | 51 | #include 52 | 53 | #endif /* defined( HAVE_LOCAL_LIBFDATETIME ) */ 54 | 55 | #endif /* !defined( _EVTTOOLS_LIBFDATETIME_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /evttools/evttools_libfwevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwevt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBFWEVT_H ) 23 | #define _EVTTOOLS_LIBFWEVT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWEVT for local use of libfwevt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWEVT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | 47 | #else 48 | 49 | /* If libtool DLL support is enabled set LIBFWEVT_DLL_IMPORT 50 | * before including libfwevt.h 51 | */ 52 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 53 | #define LIBFWEVT_DLL_IMPORT 54 | #endif 55 | 56 | #include 57 | 58 | #endif /* defined( HAVE_LOCAL_LIBFWEVT ) */ 59 | 60 | #endif /* !defined( _EVTTOOLS_LIBFWEVT_H ) */ 61 | 62 | -------------------------------------------------------------------------------- /evttools/evttools_libfwnt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwnt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBFWNT_H ) 23 | #define _EVTTOOLS_LIBFWNT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWNT for local use of libfwnt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWNT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | 44 | #else 45 | 46 | /* If libtool DLL support is enabled set LIBFWNT_DLL_IMPORT 47 | * before including libfwnt.h 48 | */ 49 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 50 | #define LIBFWNT_DLL_IMPORT 51 | #endif 52 | 53 | #include 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBFWNT ) */ 56 | 57 | #endif /* !defined( _EVTTOOLS_LIBFWNT_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /evttools/evttools_libregf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libregf header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBREGF_H ) 23 | #define _EVTTOOLS_LIBREGF_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBREGF for local use of libregf 28 | */ 29 | #if defined( HAVE_LOCAL_LIBREGF ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #else 39 | 40 | /* If libtool DLL support is enabled set LIBREGF_DLL_IMPORT 41 | * before including libregf.h 42 | */ 43 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 44 | #define LIBREGF_DLL_IMPORT 45 | #endif 46 | 47 | #include 48 | 49 | #endif 50 | 51 | #endif 52 | 53 | -------------------------------------------------------------------------------- /evttools/evttools_libuna.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libuna header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBUNA_H ) 23 | #define _EVTTOOLS_LIBUNA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBUNA for local use of libuna 28 | */ 29 | #if defined( HAVE_LOCAL_LIBUNA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | #else 47 | 48 | /* If libtool DLL support is enabled set LIBUNA_DLL_IMPORT 49 | * before including libuna.h 50 | */ 51 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 52 | #define LIBUNA_DLL_IMPORT 53 | #endif 54 | 55 | #include 56 | 57 | #endif /* defined( HAVE_LOCAL_LIBUNA ) */ 58 | 59 | #endif /* !defined( _EVTTOOLS_LIBUNA_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /evttools/evttools_libwrc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libwrc header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_LIBWRC_H ) 23 | #define _EVTTOOLS_LIBWRC_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBWRC for local use of libwrc 28 | */ 29 | #if defined( HAVE_LOCAL_LIBWRC ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #else 43 | 44 | /* If libtool DLL support is enabled set LIBWRC_DLL_IMPORT 45 | * before including libwrc.h 46 | */ 47 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 48 | #define LIBWRC_DLL_IMPORT 49 | #endif 50 | 51 | #include 52 | 53 | #endif /* defined( HAVE_LOCAL_LIBWRC ) */ 54 | 55 | #endif /* !defined( _EVTTOOLS_LIBWRC_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /evttools/evttools_output.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Common output functions for the evttools 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_OUTPUT_H ) 23 | #define _EVTTOOLS_OUTPUT_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "evttools_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | int evttools_output_initialize( 36 | int stdio_mode, 37 | libcerror_error_t **error ); 38 | 39 | void evtoutput_copyright_fprint( 40 | FILE *stream ); 41 | 42 | void evtoutput_version_fprint( 43 | FILE *stream, 44 | const char *program ); 45 | 46 | void evtoutput_version_detailed_fprint( 47 | FILE *stream, 48 | const char *program ); 49 | 50 | #if defined( __cplusplus ) 51 | } 52 | #endif 53 | 54 | #endif /* !defined( _EVTTOOLS_OUTPUT_H ) */ 55 | 56 | -------------------------------------------------------------------------------- /evttools/evttools_signal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Signal handling functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_SIGNAL_H ) 23 | #define _EVTTOOLS_SIGNAL_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evttools_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | #if !defined( HAVE_SIGNAL_H ) && !defined( WINAPI ) 35 | #error missing signal functions 36 | #endif 37 | 38 | #if defined( WINAPI ) 39 | typedef unsigned long evttools_signal_t; 40 | 41 | #else 42 | typedef int evttools_signal_t; 43 | 44 | #endif /* defined( WINAPI ) */ 45 | 46 | #if defined( WINAPI ) 47 | 48 | BOOL WINAPI evttools_signal_handler( 49 | evttools_signal_t signal ); 50 | 51 | #if defined( _MSC_VER ) 52 | 53 | void evttools_signal_initialize_memory_debug( 54 | void ); 55 | 56 | #endif /* defined( _MSC_VER ) */ 57 | 58 | #endif /* defined( WINAPI ) */ 59 | 60 | int evttools_signal_attach( 61 | void (*signal_handler)( evttools_signal_t ), 62 | libcerror_error_t **error ); 63 | 64 | int evttools_signal_detach( 65 | libcerror_error_t **error ); 66 | 67 | #if defined( __cplusplus ) 68 | } 69 | #endif 70 | 71 | #endif /* !defined( _EVTTOOLS_SIGNAL_H ) */ 72 | 73 | -------------------------------------------------------------------------------- /evttools/evttools_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_UNUSED_H ) 23 | #define _EVTTOOLS_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( EVTTOOLS_ATTRIBUTE_UNUSED ) 28 | 29 | #if defined( __GNUC__ ) && __GNUC__ >= 3 30 | #define EVTTOOLS_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 31 | 32 | #else 33 | #define EVTTOOLS_ATTRIBUTE_UNUSED 34 | 35 | #endif /* defined( __GNUC__ ) && __GNUC__ >= 3 */ 36 | 37 | #endif /* !defined( EVTTOOLS_ATTRIBUTE_UNUSED ) */ 38 | 39 | #if defined( _MSC_VER ) 40 | #define EVTTOOLS_UNREFERENCED_PARAMETER( parameter ) \ 41 | UNREFERENCED_PARAMETER( parameter ); 42 | 43 | #else 44 | #define EVTTOOLS_UNREFERENCED_PARAMETER( parameter ) \ 45 | /* parameter */ 46 | 47 | #endif /* defined( _MSC_VER ) */ 48 | 49 | #endif /* !defined( _EVTTOOLS_UNUSED_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evttools/evttools_wide_string.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Wide character string functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | #if defined( HAVE_WCTYPE_H ) 26 | #include 27 | #endif 28 | 29 | #include "evttools_wide_string.h" 30 | 31 | #if defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) 32 | 33 | /* Replacement for missing: wcsncasecmp 34 | * Compares no more than a specified number of wide characters of string1 and string2, 35 | * ignoring case, returning less than, equal to or greater than zero if string1 is 36 | * less than, equal to or greater than string. 37 | */ 38 | int evttools_wide_string_compare_no_case( 39 | const wchar_t *string1, 40 | const wchar_t *string2, 41 | size_t comparision_length ) 42 | { 43 | wint_t character1 = 0; 44 | wint_t character2 = 0; 45 | 46 | if( string1 == string2 ) 47 | { 48 | return( 0 ); 49 | } 50 | while( comparision_length > 0 ) 51 | { 52 | character1 = towlower( *string1 ); 53 | character2 = towlower( *string2 ); 54 | 55 | if( ( character1 == 0 ) 56 | || ( character1 != character2 ) ) 57 | { 58 | return( character1 - character2 ); 59 | } 60 | string1++; 61 | string2++; 62 | 63 | comparision_length--; 64 | } 65 | return( 0 ); 66 | } 67 | 68 | #endif /* defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) */ 69 | 70 | -------------------------------------------------------------------------------- /evttools/evttools_wide_string.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Wide character string functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTTOOLS_WIDE_STRING_H ) 23 | #define _EVTTOOLS_WIDE_STRING_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #if defined( __cplusplus ) 30 | extern "C" { 31 | #endif 32 | 33 | #if !defined( wide_string_compare_no_case ) 34 | 35 | #define wide_string_compare_no_case( string1, string2, size ) \ 36 | evttools_wide_string_compare_no_case( string1, string2, size ) 37 | 38 | #endif /* !defined( wide_string_compare_no_case ) */ 39 | 40 | #if defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) 41 | 42 | int evttools_wide_string_compare_no_case( 43 | const wchar_t *string1, 44 | const wchar_t *string2, 45 | size_t comparision_length ); 46 | 47 | #endif /* defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) */ 48 | 49 | #if defined( __cplusplus ) 50 | } 51 | #endif 52 | 53 | #endif /* !defined( _EVTTOOLS_WIDE_STRING_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /evttools/info_handle.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Info handle 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _INFO_HANDLE_H ) 23 | #define _INFO_HANDLE_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "evttools_libcerror.h" 30 | #include "evttools_libevt.h" 31 | 32 | #if defined( __cplusplus ) 33 | extern "C" { 34 | #endif 35 | 36 | typedef struct info_handle info_handle_t; 37 | 38 | struct info_handle 39 | { 40 | /* The libevt input file 41 | */ 42 | libevt_file_t *input_file; 43 | 44 | /* The event log type 45 | */ 46 | int event_log_type; 47 | 48 | /* The ascii codepage 49 | */ 50 | int ascii_codepage; 51 | 52 | /* The notification output stream 53 | */ 54 | FILE *notify_stream; 55 | 56 | /* Value to indicate if abort was signalled 57 | */ 58 | int abort; 59 | }; 60 | 61 | int info_handle_initialize( 62 | info_handle_t **info_handle, 63 | libcerror_error_t **error ); 64 | 65 | int info_handle_free( 66 | info_handle_t **info_handle, 67 | libcerror_error_t **error ); 68 | 69 | int info_handle_signal_abort( 70 | info_handle_t *info_handle, 71 | libcerror_error_t **error ); 72 | 73 | int info_handle_set_ascii_codepage( 74 | info_handle_t *info_handle, 75 | const system_character_t *string, 76 | libcerror_error_t **error ); 77 | 78 | int info_handle_set_event_log_type_from_filename( 79 | info_handle_t *info_handle, 80 | const system_character_t *filename, 81 | libcerror_error_t **error ); 82 | 83 | int info_handle_open_input( 84 | info_handle_t *info_handle, 85 | const system_character_t *filename, 86 | libcerror_error_t **error ); 87 | 88 | int info_handle_close_input( 89 | info_handle_t *info_handle, 90 | libcerror_error_t **error ); 91 | 92 | int info_handle_file_fprint( 93 | info_handle_t *info_handle, 94 | libcerror_error_t **error ); 95 | 96 | #if defined( __cplusplus ) 97 | } 98 | #endif 99 | 100 | #endif /* !defined( _INFO_HANDLE_H ) */ 101 | 102 | -------------------------------------------------------------------------------- /evttools/log_handle.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Log handle 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LOG_HANDLE_H ) 23 | #define _LOG_HANDLE_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "evttools_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct log_handle log_handle_t; 36 | 37 | struct log_handle 38 | { 39 | /* The log stream 40 | */ 41 | FILE *log_stream; 42 | }; 43 | 44 | int log_handle_initialize( 45 | log_handle_t **log_handle, 46 | libcerror_error_t **error ); 47 | 48 | int log_handle_free( 49 | log_handle_t **log_handle, 50 | libcerror_error_t **error ); 51 | 52 | int log_handle_open( 53 | log_handle_t *log_handle, 54 | const system_character_t *filename, 55 | libcerror_error_t **error ); 56 | 57 | int log_handle_close( 58 | log_handle_t *log_handle, 59 | libcerror_error_t **error ); 60 | 61 | void log_handle_printf( 62 | log_handle_t *log_handle, 63 | char *format, 64 | ... ); 65 | 66 | #if defined( __cplusplus ) 67 | } 68 | #endif 69 | 70 | #endif /* !defined( _LOG_HANDLE_H ) */ 71 | 72 | -------------------------------------------------------------------------------- /evttools/message_string.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Message string 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _MESSAGE_STRING_H ) 23 | #define _MESSAGE_STRING_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "evttools_libcerror.h" 30 | #include "evttools_libevt.h" 31 | #include "evttools_libwrc.h" 32 | 33 | #if defined( __cplusplus ) 34 | extern "C" { 35 | #endif 36 | 37 | typedef struct message_string message_string_t; 38 | 39 | struct message_string 40 | { 41 | /* The identifier 42 | */ 43 | uint32_t identifier; 44 | 45 | /* The string 46 | */ 47 | system_character_t *string; 48 | 49 | /* The string size 50 | */ 51 | size_t string_size; 52 | }; 53 | 54 | int message_string_initialize( 55 | message_string_t **message_string, 56 | uint32_t message_string_identifier, 57 | libcerror_error_t **error ); 58 | 59 | int message_string_free( 60 | message_string_t **message_string, 61 | libcerror_error_t **error ); 62 | 63 | int message_string_get_from_message_table_resource( 64 | message_string_t *message_string, 65 | libwrc_message_table_resource_t *message_table_resource, 66 | libcerror_error_t **error ); 67 | 68 | int message_string_fprint( 69 | message_string_t *message_string, 70 | libevt_record_t *record, 71 | FILE *stream, 72 | libcerror_error_t **error ); 73 | 74 | #if defined( __cplusplus ) 75 | } 76 | #endif 77 | 78 | #endif /* !defined( _MESSAGE_STRING_H ) */ 79 | 80 | -------------------------------------------------------------------------------- /evttools/path_handle.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Path handle 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PATH_HANDLE_H ) 23 | #define _PATH_HANDLE_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evttools_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | typedef struct path_handle path_handle_t; 35 | 36 | struct path_handle 37 | { 38 | /* The %SystemRoot% path 39 | */ 40 | system_character_t *system_root_path; 41 | 42 | /* The %SystemRoot% path size 43 | */ 44 | size_t system_root_path_size; 45 | }; 46 | 47 | int path_handle_initialize( 48 | path_handle_t **path_handle, 49 | libcerror_error_t **error ); 50 | 51 | int path_handle_free( 52 | path_handle_t **path_handle, 53 | libcerror_error_t **error ); 54 | 55 | int path_handle_get_directory_entry_name_by_name_no_case( 56 | path_handle_t *path_handle, 57 | const system_character_t *path, 58 | size_t path_length, 59 | system_character_t *entry_name, 60 | size_t entry_name_size, 61 | uint8_t entry_type, 62 | libcerror_error_t **error ); 63 | 64 | #if defined( __cplusplus ) 65 | } 66 | #endif 67 | 68 | #endif /* !defined( _PATH_HANDLE_H ) */ 69 | 70 | -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | include_HEADERS = \ 2 | libevt.h 3 | 4 | pkginclude_HEADERS = \ 5 | libevt/codepage.h \ 6 | libevt/definitions.h \ 7 | libevt/error.h \ 8 | libevt/extern.h \ 9 | libevt/features.h \ 10 | libevt/types.h 11 | 12 | EXTRA_DIST = \ 13 | libevt.h.in \ 14 | libevt/definitions.h.in \ 15 | libevt/features.h.in \ 16 | libevt/types.h.in 17 | 18 | DISTCLEANFILES = \ 19 | libevt.h \ 20 | libevt/definitions.h \ 21 | libevt/features.h \ 22 | libevt/types.h \ 23 | Makefile \ 24 | Makefile.in 25 | 26 | -------------------------------------------------------------------------------- /include/libevt/definitions.h.in: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions for libevt 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_DEFINITIONS_H ) 23 | #define _LIBEVT_DEFINITIONS_H 24 | 25 | #include 26 | 27 | #define LIBEVT_VERSION @VERSION@ 28 | 29 | /* The version string 30 | */ 31 | #define LIBEVT_VERSION_STRING "@VERSION@" 32 | 33 | /* The access flags definitions 34 | * bit 1 set to 1 for read access 35 | * bit 2 set to 1 for write access 36 | * bit 3-8 not used 37 | */ 38 | enum LIBEVT_ACCESS_FLAGS 39 | { 40 | LIBEVT_ACCESS_FLAG_READ = 0x01, 41 | /* Reserved: not supported yet */ 42 | LIBEVT_ACCESS_FLAG_WRITE = 0x02 43 | }; 44 | 45 | /* The file access macros 46 | */ 47 | #define LIBEVT_OPEN_READ ( LIBEVT_ACCESS_FLAG_READ ) 48 | /* Reserved: not supported yet */ 49 | #define LIBEVT_OPEN_WRITE ( LIBEVT_ACCESS_FLAG_WRITE ) 50 | /* Reserved: not supported yet */ 51 | #define LIBEVT_OPEN_READ_WRITE ( LIBEVT_ACCESS_FLAG_READ | LIBEVT_ACCESS_FLAG_WRITE ) 52 | 53 | /* The event type definitions 54 | */ 55 | enum LIBEVT_EVENT_TYPES 56 | { 57 | LIBEVT_EVENT_TYPE_ERROR = 0x0001, 58 | LIBEVT_EVENT_TYPE_WARNING = 0x0002, 59 | LIBEVT_EVENT_TYPE_INFORMATION = 0x0004, 60 | LIBEVT_EVENT_TYPE_AUDIT_SUCCESS = 0x0008, 61 | LIBEVT_EVENT_TYPE_AUDIT_FAILURE = 0x0010, 62 | }; 63 | 64 | /* The event file flags 65 | */ 66 | enum LIBEVT_FILE_FLAGS 67 | { 68 | LIBEVT_FILE_FLAG_IS_DIRTY = 0x00000001UL, 69 | LIBEVT_FILE_FLAG_HAS_WRAPPED = 0x00000002UL, 70 | LIBEVT_FILE_FLAG_IS_FULL = 0x00000004UL, 71 | LIBEVT_FILE_FLAG_ARCHIVE = 0x00000008UL 72 | }; 73 | 74 | #endif /* !defined( _LIBEVT_DEFINITIONS_H ) */ 75 | 76 | -------------------------------------------------------------------------------- /include/libevt/extern.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The extern definition 3 | * 4 | * This header should be included in header files that export or import 5 | * library functions 6 | * 7 | * Copyright (C) 2011-2024, Joachim Metz 8 | * 9 | * Refer to AUTHORS for acknowledgements. 10 | * 11 | * This program is free software: you can redistribute it and/or modify 12 | * it under the terms of the GNU Lesser General Public License as published by 13 | * the Free Software Foundation, either version 3 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public License 22 | * along with this program. If not, see . 23 | */ 24 | 25 | #if !defined( _LIBEVT_EXTERN_H ) 26 | #define _LIBEVT_EXTERN_H 27 | 28 | /* To export functions from the libevt DLL define LIBEVT_DLL_EXPORT 29 | * To import functions from the libevt DLL define LIBEVT_DLL_IMPORT 30 | * Otherwise use default extern statement 31 | */ 32 | #if defined( LIBEVT_DLL_EXPORT ) 33 | #define LIBEVT_EXTERN __declspec(dllexport) 34 | 35 | #elif defined( LIBEVT_DLL_IMPORT ) 36 | #define LIBEVT_EXTERN extern __declspec(dllimport) 37 | 38 | #else 39 | #define LIBEVT_EXTERN extern 40 | 41 | #endif 42 | 43 | #endif /* !defined( _LIBEVT_EXTERN_H ) */ 44 | 45 | -------------------------------------------------------------------------------- /include/libevt/features.h.in: -------------------------------------------------------------------------------- 1 | /* 2 | * Features of libevt 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_FEATURES_H ) 23 | #define _LIBEVT_FEATURES_H 24 | 25 | /* The libevt type support features 26 | */ 27 | #if defined( WINAPI ) || @HAVE_WIDE_CHARACTER_TYPE@ 28 | #define LIBEVT_HAVE_WIDE_CHARACTER_TYPE 1 29 | #endif 30 | 31 | #if defined( WINAPI ) || @HAVE_MULTI_THREAD_SUPPORT@ 32 | #define LIBEVT_HAVE_MULTI_THREAD_SUPPORT 1 33 | #endif 34 | 35 | #if defined( HAVE_LIBBFIO ) || ( !defined( WINAPI ) && @HAVE_LIBBFIO@ ) 36 | #define LIBEVT_HAVE_BFIO 1 37 | #endif 38 | 39 | #if !defined( LIBEVT_DEPRECATED ) 40 | #if defined( __GNUC__ ) && __GNUC__ >= 3 41 | #define LIBEVT_DEPRECATED __attribute__ ((__deprecated__)) 42 | #elif defined( _MSC_VER ) 43 | #define LIBEVT_DEPRECATED __declspec(deprecated) 44 | #else 45 | #define LIBEVT_DEPRECATED 46 | #endif 47 | #endif 48 | 49 | #endif /* !defined( _LIBEVT_FEATURES_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevt.nuspec: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | libevt 5 | 20240628 6 | Joachim Metz 7 | joachimmetz 8 | LGPL-3.0-or-later 9 | https://github.com/libyal/libevt 10 | false 11 | libevt 12 | Library to access the Windows Event Log (EVT) format 13 | Release of libevt 20240628 14 | Copyright (C) 2011-2024 15 | native 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /libevt.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libevt 7 | Description: Library to access the Windows Event Log (EVT) format 8 | Version: @VERSION@ 9 | Libs: -L${libdir} -levt 10 | Libs.private: @ax_libbfio_pc_libs_private@ @ax_libcdata_pc_libs_private@ @ax_libcerror_pc_libs_private@ @ax_libcfile_pc_libs_private@ @ax_libclocale_pc_libs_private@ @ax_libcnotify_pc_libs_private@ @ax_libcpath_pc_libs_private@ @ax_libcsplit_pc_libs_private@ @ax_libcthreads_pc_libs_private@ @ax_libfcache_pc_libs_private@ @ax_libfdata_pc_libs_private@ @ax_libfdatetime_pc_libs_private@ @ax_libfguid_pc_libs_private@ @ax_libfwnt_pc_libs_private@ @ax_libuna_pc_libs_private@ @ax_pthread_pc_libs_private@ 11 | Cflags: -I${includedir} 12 | 13 | -------------------------------------------------------------------------------- /libevt/Makefile.am: -------------------------------------------------------------------------------- 1 | AM_CPPFLAGS = \ 2 | -DLOCALEDIR=\"$(datadir)/locale\" \ 3 | -I../include -I$(top_srcdir)/include \ 4 | -I../common -I$(top_srcdir)/common \ 5 | @LIBCERROR_CPPFLAGS@ \ 6 | @LIBCTHREADS_CPPFLAGS@ \ 7 | @LIBCDATA_CPPFLAGS@ \ 8 | @LIBCLOCALE_CPPFLAGS@ \ 9 | @LIBCNOTIFY_CPPFLAGS@ \ 10 | @LIBCSPLIT_CPPFLAGS@ \ 11 | @LIBUNA_CPPFLAGS@ \ 12 | @LIBCFILE_CPPFLAGS@ \ 13 | @LIBCPATH_CPPFLAGS@ \ 14 | @LIBBFIO_CPPFLAGS@ \ 15 | @LIBFCACHE_CPPFLAGS@ \ 16 | @LIBFDATA_CPPFLAGS@ \ 17 | @LIBFDATETIME_CPPFLAGS@ \ 18 | @LIBFGUID_CPPFLAGS@ \ 19 | @LIBFWNT_CPPFLAGS@ \ 20 | @PTHREAD_CPPFLAGS@ \ 21 | @LIBEVT_DLL_EXPORT@ 22 | 23 | lib_LTLIBRARIES = libevt.la 24 | 25 | libevt_la_SOURCES = \ 26 | evt_end_of_file_record.h \ 27 | evt_event_record.h \ 28 | evt_file_header.h \ 29 | evt_record.h \ 30 | libevt.c \ 31 | libevt_codepage.h \ 32 | libevt_debug.c libevt_debug.h \ 33 | libevt_definitions.h \ 34 | libevt_end_of_file_record.c libevt_end_of_file_record.h \ 35 | libevt_event_record.c libevt_event_record.h \ 36 | libevt_error.c libevt_error.h \ 37 | libevt_extern.h \ 38 | libevt_file.c libevt_file.h \ 39 | libevt_file_header.c libevt_file_header.h \ 40 | libevt_io_handle.c libevt_io_handle.h \ 41 | libevt_libbfio.h \ 42 | libevt_libcdata.h \ 43 | libevt_libcerror.h \ 44 | libevt_libclocale.h \ 45 | libevt_libcnotify.h \ 46 | libevt_libcthreads.h \ 47 | libevt_libfcache.h \ 48 | libevt_libfdata.h \ 49 | libevt_libfdatetime.h \ 50 | libevt_libfwnt.h \ 51 | libevt_libuna.h \ 52 | libevt_notify.c libevt_notify.h \ 53 | libevt_record.c libevt_record.h \ 54 | libevt_record_values.c libevt_record_values.h \ 55 | libevt_strings_array.c libevt_strings_array.h \ 56 | libevt_support.c libevt_support.h \ 57 | libevt_types.h \ 58 | libevt_unused.h 59 | 60 | libevt_la_LIBADD = \ 61 | @LIBCERROR_LIBADD@ \ 62 | @LIBCTHREADS_LIBADD@ \ 63 | @LIBCDATA_LIBADD@ \ 64 | @LIBCLOCALE_LIBADD@ \ 65 | @LIBCNOTIFY_LIBADD@ \ 66 | @LIBCSPLIT_LIBADD@ \ 67 | @LIBUNA_LIBADD@ \ 68 | @LIBCFILE_LIBADD@ \ 69 | @LIBCPATH_LIBADD@ \ 70 | @LIBBFIO_LIBADD@ \ 71 | @LIBFCACHE_LIBADD@ \ 72 | @LIBFDATA_LIBADD@ \ 73 | @LIBFDATETIME_LIBADD@ \ 74 | @LIBFGUID_LIBADD@ \ 75 | @LIBFWNT_LIBADD@ \ 76 | @PTHREAD_LIBADD@ 77 | 78 | libevt_la_LDFLAGS = -no-undefined -version-info 1:0:0 79 | 80 | EXTRA_DIST = \ 81 | libevt_definitions.h.in \ 82 | libevt.rc \ 83 | libevt.rc.in 84 | 85 | DISTCLEANFILES = \ 86 | libevt_definitions.h \ 87 | libevt.rc \ 88 | Makefile \ 89 | Makefile.in 90 | 91 | sources-local: $(BUILT_SOURCES) 92 | 93 | splint-local: 94 | @echo "Running splint on libevt ..." 95 | -splint -preproc -redef $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(libevt_la_SOURCES) 96 | 97 | -------------------------------------------------------------------------------- /libevt/evt_end_of_file_record.h: -------------------------------------------------------------------------------- 1 | /* 2 | * End-of-file record of the Windows Event Log (EVT) format 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_END_OF_FILE_RECORD_H ) 23 | #define _EVT_END_OF_FILE_RECORD_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( __cplusplus ) 29 | extern "C" { 30 | #endif 31 | 32 | typedef struct evt_end_of_file_record evt_end_of_file_record_t; 33 | 34 | struct evt_end_of_file_record 35 | { 36 | /* (Record) size 37 | */ 38 | uint8_t size[ 4 ]; 39 | 40 | /* Signature1 41 | */ 42 | uint8_t signature1[ 4 ]; 43 | 44 | /* Signature2 45 | */ 46 | uint8_t signature2[ 4 ]; 47 | 48 | /* Signature3 49 | */ 50 | uint8_t signature3[ 4 ]; 51 | 52 | /* Signature4 53 | */ 54 | uint8_t signature4[ 4 ]; 55 | 56 | /* First (oldest) record offset 57 | */ 58 | uint8_t first_record_offset[ 4 ]; 59 | 60 | /* End of file record offset 61 | */ 62 | uint8_t end_of_file_record_offset[ 4 ]; 63 | 64 | /* Last (newest) record number 65 | */ 66 | uint8_t last_record_number[ 4 ]; 67 | 68 | /* First (oldest) record number 69 | */ 70 | uint8_t first_record_number[ 4 ]; 71 | 72 | /* Copy of (record) size 73 | */ 74 | uint8_t copy_of_size[ 4 ]; 75 | }; 76 | 77 | #if defined( __cplusplus ) 78 | } 79 | #endif 80 | 81 | #endif /* !defined( _EVT_END_OF_FILE_RECORD_H ) */ 82 | 83 | -------------------------------------------------------------------------------- /libevt/evt_event_record.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Event record of the Windows Event Log (EVT) format 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_EVENT_RECORD_H ) 23 | #define _EVT_EVENT_RECORD_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( __cplusplus ) 29 | extern "C" { 30 | #endif 31 | 32 | typedef struct evt_event_record evt_event_record_t; 33 | 34 | struct evt_event_record 35 | { 36 | /* Size 37 | */ 38 | uint8_t size[ 4 ]; 39 | 40 | /* Signature 41 | */ 42 | uint8_t signature[ 4 ]; 43 | 44 | /* Record number 45 | */ 46 | uint8_t record_number[ 4 ]; 47 | 48 | /* Creation time 49 | */ 50 | uint8_t creation_time[ 4 ]; 51 | 52 | /* Last written time 53 | */ 54 | uint8_t last_written_time[ 4 ]; 55 | 56 | /* Event identifier 57 | */ 58 | uint8_t event_identifier[ 4 ]; 59 | 60 | /* Event type 61 | */ 62 | uint8_t event_type[ 2 ]; 63 | 64 | /* Number of strings 65 | */ 66 | uint8_t number_of_strings[ 2 ]; 67 | 68 | /* Event category 69 | */ 70 | uint8_t event_category[ 2 ]; 71 | 72 | /* Unknown1 73 | */ 74 | uint8_t unknown1[ 2 ]; 75 | 76 | /* Unknown2 77 | */ 78 | uint8_t unknown2[ 4 ]; 79 | 80 | /* Event strings offset 81 | */ 82 | uint8_t event_strings_offset[ 4 ]; 83 | 84 | /* User security identifier size 85 | */ 86 | uint8_t user_security_identifier_size[ 4 ]; 87 | 88 | /* User security identifier offset 89 | */ 90 | uint8_t user_security_identifier_offset[ 4 ]; 91 | 92 | /* Event data size 93 | */ 94 | uint8_t event_data_size[ 4 ]; 95 | 96 | /* Event data offset 97 | */ 98 | uint8_t event_data_offset[ 4 ]; 99 | }; 100 | 101 | #if defined( __cplusplus ) 102 | } 103 | #endif 104 | 105 | #endif /* !defined( _EVT_EVENT_RECORD_H ) */ 106 | 107 | -------------------------------------------------------------------------------- /libevt/evt_file_header.h: -------------------------------------------------------------------------------- 1 | /* 2 | * File header of the Windows Event Log (EVT) format 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_FILE_HEADER_H ) 23 | #define _EVT_FILE_HEADER_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( __cplusplus ) 29 | extern "C" { 30 | #endif 31 | 32 | typedef struct evt_file_header evt_file_header_t; 33 | 34 | struct evt_file_header 35 | { 36 | /* (Header) size 37 | */ 38 | uint8_t size[ 4 ]; 39 | 40 | /* Signature 41 | */ 42 | uint8_t signature[ 4 ]; 43 | 44 | /* Major format version 45 | */ 46 | uint8_t major_format_version[ 4 ]; 47 | 48 | /* Minor format version 49 | */ 50 | uint8_t minor_format_version[ 4 ]; 51 | 52 | /* First (oldest) record offset 53 | */ 54 | uint8_t first_record_offset[ 4 ]; 55 | 56 | /* End of file record offset 57 | */ 58 | uint8_t end_of_file_record_offset[ 4 ]; 59 | 60 | /* Last (newest) record number 61 | */ 62 | uint8_t last_record_number[ 4 ]; 63 | 64 | /* First (oldest) record number 65 | */ 66 | uint8_t first_record_number[ 4 ]; 67 | 68 | /* Maximum file size 69 | */ 70 | uint8_t maximum_file_size[ 4 ]; 71 | 72 | /* File flags 73 | */ 74 | uint8_t file_flags[ 4 ]; 75 | 76 | /* Retention 77 | */ 78 | uint8_t retention[ 4 ]; 79 | 80 | /* Copy of (header) size 81 | */ 82 | uint8_t copy_of_size[ 4 ]; 83 | }; 84 | 85 | #if defined( __cplusplus ) 86 | } 87 | #endif 88 | 89 | #endif /* !defined( _EVT_FILE_HEADER_H ) */ 90 | 91 | -------------------------------------------------------------------------------- /libevt/libevt.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Library to access the Windows Event Log (EVT) format 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #include 23 | 24 | #if defined( WINAPI ) 25 | #include 26 | #endif 27 | 28 | #include "libevt_unused.h" 29 | 30 | /* Define HAVE_LOCAL_LIBEVT for local use of libevt 31 | */ 32 | #if !defined( HAVE_LOCAL_LIBEVT ) 33 | 34 | #if defined( WINAPI ) && defined( HAVE_DLLMAIN ) 35 | 36 | #if defined( _MANAGED ) 37 | #pragma managed( push, off ) 38 | #endif 39 | 40 | /* Defines the entry point for the DLL 41 | */ 42 | BOOL WINAPI DllMain( 43 | HINSTANCE hinstDLL, 44 | DWORD fdwReason, 45 | LPVOID lpvReserved ) 46 | { 47 | LIBEVT_UNREFERENCED_PARAMETER( lpvReserved ) 48 | 49 | switch( fdwReason ) 50 | { 51 | case DLL_PROCESS_ATTACH: 52 | DisableThreadLibraryCalls( 53 | hinstDLL ); 54 | break; 55 | 56 | case DLL_THREAD_ATTACH: 57 | break; 58 | 59 | case DLL_THREAD_DETACH: 60 | break; 61 | 62 | case DLL_PROCESS_DETACH: 63 | break; 64 | } 65 | return( TRUE ); 66 | } 67 | 68 | /* Function that indicates the library is a DLL 69 | * Returns 1 70 | */ 71 | int libevt_is_dll( 72 | void ) 73 | { 74 | return( 1 ); 75 | } 76 | 77 | #endif /* defined( WINAPI ) && defined( HAVE_DLLMAIN ) */ 78 | 79 | #endif /* !defined( HAVE_LOCAL_LIBEVT ) */ 80 | 81 | -------------------------------------------------------------------------------- /libevt/libevt.rc.in: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #ifdef GCC_WINDRES 4 | VS_VERSION_INFO VERSIONINFO 5 | #else 6 | VS_VERSION_INFO VERSIONINFO MOVEABLE IMPURE LOADONCALL DISCARDABLE 7 | #endif 8 | FILEVERSION 1,0,0,0 9 | PRODUCTVERSION 1,0,0,0 10 | FILEFLAGSMASK VS_FFI_FILEFLAGSMASK 11 | #ifdef _DEBUG 12 | FILEFLAGS 0x1L 13 | #else 14 | FILEFLAGS 0x0L 15 | #endif 16 | FILEOS VOS__WINDOWS32 17 | FILETYPE VFT_DLL 18 | FILESUBTYPE 0x0L 19 | BEGIN 20 | BLOCK "StringFileInfo" 21 | BEGIN 22 | BLOCK "040904E4" 23 | BEGIN 24 | VALUE "FileDescription", "Library to access the Windows Event Log (EVT) format\0" 25 | VALUE "FileVersion", "@VERSION@" "\0" 26 | VALUE "InternalName", "libevt.dll\0" 27 | VALUE "LegalCopyright", "(C) 2011-2024, Joachim Metz \0" 28 | VALUE "OriginalFilename", "libevt.dll\0" 29 | VALUE "ProductName", "libevt\0" 30 | VALUE "ProductVersion", "@VERSION@" "\0" 31 | VALUE "Comments", "For more information visit https://github.com/libyal/libevt/\0" 32 | END 33 | END 34 | BLOCK "VarFileInfo" 35 | BEGIN 36 | VALUE "Translation", 0x0409, 1200 37 | END 38 | END 39 | -------------------------------------------------------------------------------- /libevt/libevt_debug.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Debug functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_DEBUG_H ) 23 | #define _LIBEVT_DEBUG_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevt_libbfio.h" 29 | #include "libevt_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | #if defined( HAVE_DEBUG_OUTPUT ) 36 | 37 | void libevt_debug_print_file_flags( 38 | uint32_t file_flags ); 39 | 40 | void libevt_debug_print_event_identifier_severity( 41 | uint32_t event_identifier_severity ); 42 | 43 | void libevt_debug_print_event_type( 44 | uint16_t event_type ); 45 | 46 | int libevt_debug_print_posix_time_value( 47 | const char *function_name, 48 | const char *value_name, 49 | const uint8_t *byte_stream, 50 | size_t byte_stream_size, 51 | int byte_order, 52 | uint8_t value_type, 53 | uint32_t string_format_flags, 54 | libcerror_error_t **error ); 55 | 56 | int libevt_debug_print_security_identifier_value( 57 | const char *function_name, 58 | const char *value_name, 59 | const uint8_t *byte_stream, 60 | size_t byte_stream_size, 61 | libcerror_error_t **error ); 62 | 63 | int libevt_debug_print_utf16_string_value( 64 | const char *function_name, 65 | const char *value_name, 66 | const uint8_t *byte_stream, 67 | size_t byte_stream_size, 68 | int byte_order, 69 | libcerror_error_t **error ); 70 | 71 | int libevt_debug_print_read_offsets( 72 | libbfio_handle_t *file_io_handle, 73 | libcerror_error_t **error ); 74 | 75 | #endif /* defined( HAVE_DEBUG_OUTPUT ) */ 76 | 77 | #if defined( __cplusplus ) 78 | } 79 | #endif 80 | 81 | #endif /* !defined( _LIBEVT_DEBUG_H ) */ 82 | 83 | -------------------------------------------------------------------------------- /libevt/libevt_end_of_file_record.h: -------------------------------------------------------------------------------- 1 | /* 2 | * End-of-file record functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_END_OF_FILE_RECORD_H ) 23 | #define _LIBEVT_END_OF_FILE_RECORD_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevt_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | typedef struct libevt_end_of_file_record libevt_end_of_file_record_t; 35 | 36 | struct libevt_end_of_file_record 37 | { 38 | /* Dummy 39 | */ 40 | int dummy; 41 | }; 42 | 43 | int libevt_end_of_file_record_initialize( 44 | libevt_end_of_file_record_t **end_of_file_record, 45 | libcerror_error_t **error ); 46 | 47 | int libevt_end_of_file_record_free( 48 | libevt_end_of_file_record_t **end_of_file_record, 49 | libcerror_error_t **error ); 50 | 51 | int libevt_end_of_file_record_read_data( 52 | libevt_end_of_file_record_t *end_of_file_record, 53 | const uint8_t *data, 54 | size_t data_size, 55 | libcerror_error_t **error ); 56 | 57 | #if defined( __cplusplus ) 58 | } 59 | #endif 60 | 61 | #endif /* !defined( _LIBEVT_END_OF_FILE_RECORD_H ) */ 62 | 63 | -------------------------------------------------------------------------------- /libevt/libevt_error.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Error functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_INTERNAL_ERROR_H ) 23 | #define _LIBEVT_INTERNAL_ERROR_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #if !defined( HAVE_LOCAL_LIBEVT ) 30 | #include 31 | #endif 32 | 33 | #include "libevt_extern.h" 34 | 35 | #if defined( __cplusplus ) 36 | extern "C" { 37 | #endif 38 | 39 | #if !defined( HAVE_LOCAL_LIBEVT ) 40 | 41 | LIBEVT_EXTERN \ 42 | void libevt_error_free( 43 | libevt_error_t **error ); 44 | 45 | LIBEVT_EXTERN \ 46 | int libevt_error_fprint( 47 | libevt_error_t *error, 48 | FILE *stream ); 49 | 50 | LIBEVT_EXTERN \ 51 | int libevt_error_sprint( 52 | libevt_error_t *error, 53 | char *string, 54 | size_t size ); 55 | 56 | LIBEVT_EXTERN \ 57 | int libevt_error_backtrace_fprint( 58 | libevt_error_t *error, 59 | FILE *stream ); 60 | 61 | LIBEVT_EXTERN \ 62 | int libevt_error_backtrace_sprint( 63 | libevt_error_t *error, 64 | char *string, 65 | size_t size ); 66 | 67 | #endif /* !defined( HAVE_LOCAL_LIBEVT ) */ 68 | 69 | #if defined( __cplusplus ) 70 | } 71 | #endif 72 | 73 | #endif /* !defined( _LIBEVT_INTERNAL_ERROR_H ) */ 74 | 75 | -------------------------------------------------------------------------------- /libevt/libevt_extern.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal extern definition 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_INTERNAL_EXTERN_H ) 23 | #define _LIBEVT_INTERNAL_EXTERN_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBEVT for local use of libevt 28 | */ 29 | #if !defined( HAVE_LOCAL_LIBEVT ) 30 | 31 | #include 32 | 33 | #if defined( __CYGWIN__ ) || defined( __MINGW32__ ) 34 | #define LIBEVT_EXTERN_VARIABLE extern 35 | #else 36 | #define LIBEVT_EXTERN_VARIABLE LIBEVT_EXTERN 37 | #endif 38 | 39 | #else 40 | #define LIBEVT_EXTERN /* extern */ 41 | #define LIBEVT_EXTERN_VARIABLE extern 42 | 43 | #endif /* !defined( HAVE_LOCAL_LIBEVT ) */ 44 | 45 | #endif /* !defined( _LIBEVT_INTERNAL_EXTERN_H ) */ 46 | 47 | -------------------------------------------------------------------------------- /libevt/libevt_file_header.h: -------------------------------------------------------------------------------- 1 | /* 2 | * File header functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_FILE_HEADER_H ) 23 | #define _LIBEVT_FILE_HEADER_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevt_libbfio.h" 29 | #include "libevt_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct libevt_file_header libevt_file_header_t; 36 | 37 | struct libevt_file_header 38 | { 39 | /* (header) size 40 | */ 41 | uint32_t size; 42 | 43 | /* Major format version 44 | */ 45 | uint32_t major_format_version; 46 | 47 | /* Minor format version 48 | */ 49 | uint32_t minor_format_version; 50 | 51 | /* First (oldest) record offset 52 | */ 53 | uint32_t first_record_offset; 54 | 55 | /* End of file record offset 56 | */ 57 | uint32_t end_of_file_record_offset; 58 | 59 | /* File flags 60 | */ 61 | uint32_t file_flags; 62 | 63 | /* Copy of (header) size 64 | */ 65 | uint32_t copy_of_size; 66 | }; 67 | 68 | int libevt_file_header_initialize( 69 | libevt_file_header_t **file_header, 70 | libcerror_error_t **error ); 71 | 72 | int libevt_file_header_free( 73 | libevt_file_header_t **file_header, 74 | libcerror_error_t **error ); 75 | 76 | int libevt_file_header_read_data( 77 | libevt_file_header_t *file_header, 78 | const uint8_t *data, 79 | size_t data_size, 80 | libcerror_error_t **error ); 81 | 82 | int libevt_file_header_read_file_io_handle( 83 | libevt_file_header_t *file_header, 84 | libbfio_handle_t *file_io_handle, 85 | off64_t file_offset, 86 | libcerror_error_t **error ); 87 | 88 | #if defined( __cplusplus ) 89 | } 90 | #endif 91 | 92 | #endif /* !defined( _LIBEVT_FILE_HEADER_H ) */ 93 | 94 | -------------------------------------------------------------------------------- /libevt/libevt_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBBFIO_H ) 23 | #define _LIBEVT_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _LIBEVT_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /libevt/libevt_libcdata.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcdata header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBCDATA_H ) 23 | #define _LIBEVT_LIBCDATA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCDATA for local use of libcdata 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCDATA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBCDATA_DLL_IMPORT 43 | * before including libcdata.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBCDATA_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #endif /* defined( HAVE_LOCAL_LIBCDATA ) */ 52 | 53 | #endif /* !defined( _LIBEVT_LIBCDATA_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /libevt/libevt_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBCERROR_H ) 23 | #define _LIBEVT_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _LIBEVT_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevt/libevt_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBCLOCALE_H ) 23 | #define _LIBEVT_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _LIBEVT_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevt/libevt_libcnotify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcnotify header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBCNOTIFY_H ) 23 | #define _LIBEVT_LIBCNOTIFY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCNOTIFY for local use of libcnotify 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCNOTIFY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCNOTIFY_DLL_IMPORT 39 | * before including libcnotify.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCNOTIFY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCNOTIFY ) */ 48 | 49 | #endif /* !defined( _LIBEVT_LIBCNOTIFY_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevt/libevt_libcthreads.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcthreads header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBCTHREADS_H ) 23 | #define _LIBEVT_LIBCTHREADS_H 24 | 25 | #include 26 | 27 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( HAVE_LOCAL_LIBEVT ) 28 | #define HAVE_LIBEVT_MULTI_THREAD_SUPPORT 29 | #endif 30 | 31 | #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT ) 32 | 33 | /* Define HAVE_LOCAL_LIBCTHREADS for local use of libcthreads 34 | */ 35 | #if defined( HAVE_LOCAL_LIBCTHREADS ) 36 | 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | #include 47 | 48 | #else 49 | 50 | /* If libtool DLL support is enabled set LIBCTHREADS_DLL_IMPORT 51 | * before including libcthreads.h 52 | */ 53 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 54 | #define LIBCTHREADS_DLL_IMPORT 55 | #endif 56 | 57 | #include 58 | 59 | #endif /* defined( HAVE_LOCAL_LIBCTHREADS ) */ 60 | 61 | #endif /* defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT ) */ 62 | 63 | #endif /* !defined( _LIBEVT_LIBCTHREADS_H ) */ 64 | 65 | -------------------------------------------------------------------------------- /libevt/libevt_libfcache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfcache header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBFCACHE_H ) 23 | #define _LIBEVT_LIBFCACHE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFCACHE for local use of libfcache 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFCACHE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBFCACHE_DLL_IMPORT 39 | * before including libfcache.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBFCACHE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBFCACHE ) */ 48 | 49 | #endif /* !defined( _LIBEVT_LIBFCACHE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevt/libevt_libfdata.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfdata header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBFDATA_H ) 23 | #define _LIBEVT_LIBFDATA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFDATA for local use of libfdata 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFDATA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBFDATA_DLL_IMPORT 43 | * before including libfdata.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBFDATA_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #endif /* defined( HAVE_LOCAL_LIBFDATA ) */ 52 | 53 | #endif /* !defined( _LIBEVT_LIBFDATA_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /libevt/libevt_libfdatetime.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfdatetime header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBFDATETIME_H ) 23 | #define _LIBEVT_LIBFDATETIME_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFDATETIME for local use of libfdatetime 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFDATETIME ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #else 43 | 44 | /* If libtool DLL support is enabled set LIBFDATETIME_DLL_IMPORT 45 | * before including libfdatetime.h 46 | */ 47 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 48 | #define LIBFDATETIME_DLL_IMPORT 49 | #endif 50 | 51 | #include 52 | 53 | #endif /* defined( HAVE_LOCAL_LIBFDATETIME ) */ 54 | 55 | #endif /* !defined( _LIBEVT_LIBFDATETIME_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /libevt/libevt_libfwnt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwnt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBFWNT_H ) 23 | #define _LIBEVT_LIBFWNT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWNT for local use of libfwnt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWNT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | 44 | #else 45 | 46 | /* If libtool DLL support is enabled set LIBFWNT_DLL_IMPORT 47 | * before including libfwnt.h 48 | */ 49 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 50 | #define LIBFWNT_DLL_IMPORT 51 | #endif 52 | 53 | #include 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBFWNT ) */ 56 | 57 | #endif /* !defined( _LIBEVT_LIBFWNT_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /libevt/libevt_libuna.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libuna header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_LIBUNA_H ) 23 | #define _LIBEVT_LIBUNA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBUNA for local use of libuna 28 | */ 29 | #if defined( HAVE_LOCAL_LIBUNA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | #else 47 | 48 | /* If libtool DLL support is enabled set LIBUNA_DLL_IMPORT 49 | * before including libuna.h 50 | */ 51 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 52 | #define LIBUNA_DLL_IMPORT 53 | #endif 54 | 55 | #include 56 | 57 | #endif /* defined( HAVE_LOCAL_LIBUNA ) */ 58 | 59 | #endif /* !defined( _LIBEVT_LIBUNA_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /libevt/libevt_notify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Notification functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_NOTIFY_H ) 23 | #define _LIBEVT_NOTIFY_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "libevt_extern.h" 30 | #include "libevt_libcerror.h" 31 | 32 | #if defined( __cplusplus ) 33 | extern "C" { 34 | #endif 35 | 36 | #if !defined( HAVE_LOCAL_LIBEVT ) 37 | 38 | LIBEVT_EXTERN \ 39 | void libevt_notify_set_verbose( 40 | int verbose ); 41 | 42 | LIBEVT_EXTERN \ 43 | int libevt_notify_set_stream( 44 | FILE *stream, 45 | libcerror_error_t **error ); 46 | 47 | LIBEVT_EXTERN \ 48 | int libevt_notify_stream_open( 49 | const char *filename, 50 | libcerror_error_t **error ); 51 | 52 | LIBEVT_EXTERN \ 53 | int libevt_notify_stream_close( 54 | libcerror_error_t **error ); 55 | 56 | #endif /* !defined( HAVE_LOCAL_LIBEVT ) */ 57 | 58 | #if defined( __cplusplus ) 59 | } 60 | #endif 61 | 62 | #endif /* !defined( _LIBEVT_NOTIFY_H ) */ 63 | 64 | -------------------------------------------------------------------------------- /libevt/libevt_support.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Support functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_SUPPORT_H ) 23 | #define _LIBEVT_SUPPORT_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevt_extern.h" 29 | #include "libevt_libbfio.h" 30 | #include "libevt_libcerror.h" 31 | 32 | #if defined( __cplusplus ) 33 | extern "C" { 34 | #endif 35 | 36 | #if !defined( HAVE_LOCAL_LIBEVT ) 37 | 38 | LIBEVT_EXTERN \ 39 | const char *libevt_get_version( 40 | void ); 41 | 42 | LIBEVT_EXTERN \ 43 | int libevt_get_access_flags_read( 44 | void ); 45 | 46 | LIBEVT_EXTERN \ 47 | int libevt_get_codepage( 48 | int *codepage, 49 | libcerror_error_t **error ); 50 | 51 | LIBEVT_EXTERN \ 52 | int libevt_set_codepage( 53 | int codepage, 54 | libcerror_error_t **error ); 55 | 56 | #endif /* !defined( HAVE_LOCAL_LIBEVT ) */ 57 | 58 | LIBEVT_EXTERN \ 59 | int libevt_check_file_signature( 60 | const char *filename, 61 | libcerror_error_t **error ); 62 | 63 | #if defined( HAVE_WIDE_CHARACTER_TYPE ) 64 | 65 | LIBEVT_EXTERN \ 66 | int libevt_check_file_signature_wide( 67 | const wchar_t *filename, 68 | libcerror_error_t **error ); 69 | 70 | #endif /* defined( HAVE_WIDE_CHARACTER_TYPE ) */ 71 | 72 | LIBEVT_EXTERN \ 73 | int libevt_check_file_signature_file_io_handle( 74 | libbfio_handle_t *file_io_handle, 75 | libcerror_error_t **error ); 76 | 77 | #if defined( __cplusplus ) 78 | } 79 | #endif 80 | 81 | #endif /* !defined( _LIBEVT_SUPPORT_H ) */ 82 | 83 | -------------------------------------------------------------------------------- /libevt/libevt_types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal type definitions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_INTERNAL_TYPES_H ) 23 | #define _LIBEVT_INTERNAL_TYPES_H 24 | 25 | #include 26 | #include 27 | 28 | /* Define HAVE_LOCAL_LIBEVT for local use of libevt 29 | * The definitions in are copied here 30 | * for local use of libevt 31 | */ 32 | #if defined( HAVE_LOCAL_LIBEVT ) 33 | 34 | /* The following type definitions hide internal data structures 35 | */ 36 | #if defined( HAVE_DEBUG_OUTPUT ) && !defined( WINAPI ) 37 | typedef struct libevt_file {} libevt_file_t; 38 | typedef struct libevt_record {} libevt_record_t; 39 | 40 | #else 41 | typedef intptr_t libevt_file_t; 42 | typedef intptr_t libevt_record_t; 43 | 44 | #endif /* defined( HAVE_DEBUG_OUTPUT ) && !defined( WINAPI ) */ 45 | 46 | #endif /* defined( HAVE_LOCAL_LIBEVT ) */ 47 | 48 | #endif /* !defined( _LIBEVT_INTERNAL_TYPES_H ) */ 49 | 50 | -------------------------------------------------------------------------------- /libevt/libevt_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVT_UNUSED_H ) 23 | #define _LIBEVT_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( LIBEVT_ATTRIBUTE_UNUSED ) 28 | #if defined( __GNUC__ ) && __GNUC__ >= 3 29 | #define LIBEVT_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 30 | #else 31 | #define LIBEVT_ATTRIBUTE_UNUSED 32 | #endif 33 | #endif 34 | 35 | #if defined( _MSC_VER ) 36 | #define LIBEVT_UNREFERENCED_PARAMETER( parameter ) \ 37 | UNREFERENCED_PARAMETER( parameter ); 38 | #else 39 | #define LIBEVT_UNREFERENCED_PARAMETER( parameter ) \ 40 | /* parameter */ 41 | #endif 42 | 43 | #endif /* !defined( _LIBEVT_UNUSED_H ) */ 44 | 45 | -------------------------------------------------------------------------------- /m4/tests.m4: -------------------------------------------------------------------------------- 1 | dnl Functions for testing 2 | dnl 3 | dnl Version: 20200712 4 | 5 | dnl Function to detect if tests dependencies are available 6 | AC_DEFUN([AX_TESTS_CHECK_LOCAL], 7 | [AC_CHECK_HEADERS([dlfcn.h]) 8 | 9 | AC_CHECK_FUNCS([fmemopen getopt mkstemp setenv tzset unlink]) 10 | 11 | AC_CHECK_LIB( 12 | dl, 13 | dlsym) 14 | 15 | AS_IF( 16 | [test "x$lt_cv_prog_gnu_ld" = xyes && test "x$ac_cv_lib_dl_dlsym" = xyes], 17 | [AC_DEFINE( 18 | [HAVE_GNU_DL_DLSYM], 19 | [1], 20 | [Define to 1 if dlsym function is available in GNU dl.]) 21 | ]) 22 | ]) 23 | 24 | dnl Function to detect if OSS-Fuzz build environment is available 25 | AC_DEFUN([AX_TESTS_CHECK_OSSFUZZ], 26 | [AM_CONDITIONAL( 27 | HAVE_LIB_FUZZING_ENGINE, 28 | [test "x${LIB_FUZZING_ENGINE}" != x]) 29 | AC_SUBST( 30 | [LIB_FUZZING_ENGINE], 31 | ["${LIB_FUZZING_ENGINE}"]) 32 | ]) 33 | 34 | -------------------------------------------------------------------------------- /m4/types.m4: -------------------------------------------------------------------------------- 1 | dnl Functions for type definitions 2 | dnl 3 | dnl Version: 20180727 4 | 5 | dnl Function to detect if type definitions are available 6 | AC_DEFUN([AX_TYPES_CHECK_LOCAL], 7 | [AS_IF( 8 | [test "x$ac_cv_enable_winapi" = xyes], 9 | [ac_cv_enable_wide_character_type=yes]) 10 | 11 | AS_IF( 12 | [test "x$ac_cv_enable_wide_character_type" = xyes], 13 | [AC_DEFINE( 14 | [HAVE_WIDE_CHARACTER_TYPE], 15 | [1], 16 | [Define to 1 if wide character type should be used.]) 17 | AC_SUBST( 18 | [HAVE_WIDE_CHARACTER_TYPE], 19 | [1]) ], 20 | [AC_SUBST( 21 | [HAVE_WIDE_CHARACTER_TYPE], 22 | [0]) 23 | ]) 24 | 25 | AC_CHECK_HEADERS([sys/types.h inttypes.h stdint.h wchar.h]) 26 | 27 | AS_IF( 28 | [test "x$ac_cv_header_sys_types_h" = xyes], 29 | [AC_SUBST( 30 | [HAVE_SYS_TYPES_H], 31 | [1])], 32 | [AC_SUBST( 33 | [HAVE_SYS_TYPES_H], 34 | [0]) 35 | ]) 36 | 37 | AS_IF( 38 | [test "x$ac_cv_header_inttypes_h" = xyes], 39 | [AC_SUBST( 40 | [HAVE_INTTYPES_H], 41 | [1])], 42 | [AC_SUBST( 43 | [HAVE_INTTYPES_H], 44 | [0]) 45 | ]) 46 | 47 | AS_IF( 48 | [test "x$ac_cv_header_stdint_h" = xyes], 49 | [AC_SUBST( 50 | [HAVE_STDINT_H], 51 | [1])], 52 | [AC_SUBST( 53 | [HAVE_STDINT_H], 54 | [0]) 55 | ]) 56 | 57 | AS_IF( 58 | [test "x$ac_cv_header_wchar_h" = xyes], 59 | [AC_SUBST( 60 | [HAVE_WCHAR_H], 61 | [1]) ], 62 | [AC_SUBST( 63 | [HAVE_WCHAR_H], 64 | [0]) 65 | ]) 66 | 67 | AC_TYPE_MODE_T 68 | AC_TYPE_OFF_T 69 | AC_TYPE_SIZE_T 70 | 71 | AC_CHECK_TYPE( 72 | [size32_t], 73 | [AC_SUBST( 74 | [HAVE_SIZE32_T], 75 | [1])], 76 | [AC_SUBST( 77 | [HAVE_SIZE32_T], 78 | [0]) 79 | ]) 80 | 81 | AC_CHECK_TYPE( 82 | [ssize32_t], 83 | [AC_SUBST( 84 | [HAVE_SSIZE32_T], 85 | [1])], 86 | [AC_SUBST( 87 | [HAVE_SSIZE32_T], 88 | [0]) 89 | ]) 90 | 91 | AC_CHECK_TYPE( 92 | [size64_t], 93 | [AC_SUBST( 94 | [HAVE_SIZE64_T], 95 | [1])], 96 | [AC_SUBST( 97 | [HAVE_SIZE64_T], 98 | [0]) 99 | ]) 100 | 101 | AC_CHECK_TYPE( 102 | [ssize64_t], 103 | [AC_SUBST( 104 | [HAVE_SSIZE64_T], 105 | [1])], 106 | [AC_SUBST( 107 | [HAVE_SSIZE64_T], 108 | [0]) 109 | ]) 110 | 111 | AC_CHECK_TYPE( 112 | [off64_t], 113 | [AC_SUBST( 114 | [HAVE_OFF64_T], 115 | [1])], 116 | [AC_SUBST( 117 | [HAVE_OFF64_T], 118 | [0]) 119 | ]) 120 | 121 | AC_CHECK_TYPE([ssize_t]) 122 | AC_CHECK_TYPE([u64]) 123 | 124 | AC_CHECK_SIZEOF([int]) 125 | AC_CHECK_SIZEOF([long]) 126 | AC_CHECK_SIZEOF([off_t]) 127 | AC_CHECK_SIZEOF([size_t]) 128 | 129 | AS_IF( 130 | [test "x$ac_cv_header_wchar_h" = xyes], 131 | [AC_CHECK_SIZEOF([wchar_t])]) 132 | ]) 133 | 134 | -------------------------------------------------------------------------------- /manuals/Makefile.am: -------------------------------------------------------------------------------- 1 | man_MANS = \ 2 | evtexport.1 \ 3 | evtinfo.1 \ 4 | libevt.3 5 | 6 | EXTRA_DIST = \ 7 | evtexport.1 \ 8 | evtinfo.1 \ 9 | libevt.3 10 | 11 | DISTCLEANFILES = \ 12 | Makefile \ 13 | Makefile.in 14 | 15 | -------------------------------------------------------------------------------- /manuals/evtinfo.1: -------------------------------------------------------------------------------- 1 | .Dd April 13, 2019 2 | .Dt evtinfo 3 | .Os libevt 4 | .Sh NAME 5 | .Nm evtinfo 6 | .Nd determines information about a Windows Event Log (EVT) 7 | .Sh SYNOPSIS 8 | .Nm evtinfo 9 | .Op Fl c Ar codepage 10 | .Op Fl hvV 11 | .Ar source 12 | .Sh DESCRIPTION 13 | .Nm evtinfo 14 | is a utility to determine information about a Windows Event Log (EVT) 15 | .Pp 16 | .Nm evtinfo 17 | is part of the 18 | .Nm libevt 19 | package. 20 | .Nm libevt 21 | is a library to access the Windows Event Log (EVT) format 22 | .Pp 23 | .Ar source 24 | is the source file. 25 | .Pp 26 | The options are as follows: 27 | .Bl -tag -width Ds 28 | .It Fl c Ar codepage 29 | specify the codepage of ASCII strings, options: ascii, windows-874, windows-932, windows-936, windows-949, windows-950, windows-1250, windows-1251, windows-1252 (default), windows-1253, windows-1254, windows-1255, windows-1256, windows-1257 or windows-1258 30 | .It Fl h 31 | shows this help 32 | .It Fl v 33 | verbose output to stderr 34 | .It Fl V 35 | print version 36 | .El 37 | .Sh ENVIRONMENT 38 | None 39 | .Sh FILES 40 | None 41 | .Sh EXAMPLES 42 | .Bd -literal 43 | # evtinfo AppEvent.Evt 44 | evtinfo 20120624 45 | 46 | Windows Event Log (EVT) information: 47 | Version : 1.1 48 | Number of records : 19 49 | Number of recovered records : 0 50 | Log type : Application 51 | Flags: 52 | Should be archived 53 | 54 | .Ed 55 | .Sh DIAGNOSTICS 56 | Errors, verbose and debug output are printed to stderr when verbose output \-v is enabled. 57 | Verbose and debug output are only printed when enabled at compilation. 58 | .Sh BUGS 59 | Please report bugs of any kind to or on the project website: 60 | https://github.com/libyal/libevt/ 61 | .Sh AUTHOR 62 | These man pages were written by Joachim Metz. 63 | .Sh COPYRIGHT 64 | Copyright (C) 2011-2024, Joachim Metz . 65 | This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 66 | .Sh SEE ALSO 67 | .Xr evtexport 1 68 | -------------------------------------------------------------------------------- /msvscpp/Makefile.am: -------------------------------------------------------------------------------- 1 | MSVSCPP_FILES = \ 2 | evt_test_end_of_file_record/evt_test_end_of_file_record.vcproj \ 3 | evt_test_error/evt_test_error.vcproj \ 4 | evt_test_event_record/evt_test_event_record.vcproj \ 5 | evt_test_file/evt_test_file.vcproj \ 6 | evt_test_file_header/evt_test_file_header.vcproj \ 7 | evt_test_io_handle/evt_test_io_handle.vcproj \ 8 | evt_test_notify/evt_test_notify.vcproj \ 9 | evt_test_record/evt_test_record.vcproj \ 10 | evt_test_record_values/evt_test_record_values.vcproj \ 11 | evt_test_strings_array/evt_test_strings_array.vcproj \ 12 | evt_test_support/evt_test_support.vcproj \ 13 | evt_test_tools_info_handle/evt_test_tools_info_handle.vcproj \ 14 | evt_test_tools_message_handle/evt_test_tools_message_handle.vcproj \ 15 | evt_test_tools_message_string/evt_test_tools_message_string.vcproj \ 16 | evt_test_tools_output/evt_test_tools_output.vcproj \ 17 | evt_test_tools_path_handle/evt_test_tools_path_handle.vcproj \ 18 | evt_test_tools_registry_file/evt_test_tools_registry_file.vcproj \ 19 | evt_test_tools_resource_file/evt_test_tools_resource_file.vcproj \ 20 | evt_test_tools_signal/evt_test_tools_signal.vcproj \ 21 | evtexport/evtexport.vcproj \ 22 | evtinfo/evtinfo.vcproj \ 23 | libbfio/libbfio.vcproj \ 24 | libcdata/libcdata.vcproj \ 25 | libcdirectory/libcdirectory.vcproj \ 26 | libcerror/libcerror.vcproj \ 27 | libcfile/libcfile.vcproj \ 28 | libclocale/libclocale.vcproj \ 29 | libcnotify/libcnotify.vcproj \ 30 | libcpath/libcpath.vcproj \ 31 | libcsplit/libcsplit.vcproj \ 32 | libcthreads/libcthreads.vcproj \ 33 | libevt/libevt.vcproj \ 34 | libexe/libexe.vcproj \ 35 | libfcache/libfcache.vcproj \ 36 | libfdata/libfdata.vcproj \ 37 | libfdatetime/libfdatetime.vcproj \ 38 | libfguid/libfguid.vcproj \ 39 | libfvalue/libfvalue.vcproj \ 40 | libfwevt/libfwevt.vcproj \ 41 | libfwnt/libfwnt.vcproj \ 42 | libregf/libregf.vcproj \ 43 | libuna/libuna.vcproj \ 44 | libwrc/libwrc.vcproj \ 45 | pyevt/pyevt.vcproj \ 46 | libevt.sln 47 | 48 | EXTRA_DIST = \ 49 | $(MSVSCPP_FILES) 50 | 51 | DISTCLEANFILES = \ 52 | Makefile \ 53 | Makefile.in 54 | 55 | -------------------------------------------------------------------------------- /ossfuzz/Makefile.am: -------------------------------------------------------------------------------- 1 | if HAVE_LIB_FUZZING_ENGINE 2 | AM_CPPFLAGS = \ 3 | -I../include -I$(top_srcdir)/include \ 4 | -I../common -I$(top_srcdir)/common \ 5 | @LIBCERROR_CPPFLAGS@ \ 6 | @LIBCDATA_CPPFLAGS@ \ 7 | @LIBCLOCALE_CPPFLAGS@ \ 8 | @LIBCNOTIFY_CPPFLAGS@ \ 9 | @LIBUNA_CPPFLAGS@ \ 10 | @LIBCFILE_CPPFLAGS@ \ 11 | @LIBCPATH_CPPFLAGS@ \ 12 | @LIBBFIO_CPPFLAGS@ 13 | 14 | bin_PROGRAMS = \ 15 | file_fuzzer \ 16 | record_fuzzer 17 | 18 | file_fuzzer_SOURCES = \ 19 | file_fuzzer.cc \ 20 | ossfuzz_libbfio.h \ 21 | ossfuzz_libevt.h 22 | 23 | file_fuzzer_LDADD = \ 24 | @LIB_FUZZING_ENGINE@ \ 25 | @LIBBFIO_LIBADD@ \ 26 | @LIBCPATH_LIBADD@ \ 27 | @LIBCFILE_LIBADD@ \ 28 | @LIBUNA_LIBADD@ \ 29 | @LIBCDATA_LIBADD@ \ 30 | ../libevt/libevt.la \ 31 | @LIBCNOTIFY_LIBADD@ \ 32 | @LIBCLOCALE_LIBADD@ \ 33 | @LIBCERROR_LIBADD@ \ 34 | @LIBINTL@ 35 | 36 | record_fuzzer_SOURCES = \ 37 | ossfuzz_libbfio.h \ 38 | ossfuzz_libevt.h \ 39 | record_fuzzer.cc 40 | 41 | record_fuzzer_LDADD = \ 42 | @LIB_FUZZING_ENGINE@ \ 43 | @LIBBFIO_LIBADD@ \ 44 | @LIBCPATH_LIBADD@ \ 45 | @LIBCFILE_LIBADD@ \ 46 | @LIBUNA_LIBADD@ \ 47 | @LIBCDATA_LIBADD@ \ 48 | ../libevt/libevt.la \ 49 | @LIBCNOTIFY_LIBADD@ \ 50 | @LIBCLOCALE_LIBADD@ \ 51 | @LIBCERROR_LIBADD@ \ 52 | @LIBINTL@ 53 | endif 54 | 55 | DISTCLEANFILES = \ 56 | Makefile \ 57 | Makefile.in 58 | 59 | splint-local: 60 | @echo "Running splint on file_fuzzer ..." 61 | -splint -preproc -redef $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(file_fuzzer_SOURCES) 62 | @echo "Running splint on record_fuzzer ..." 63 | -splint -preproc -redef $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(record_fuzzer_SOURCES) 64 | 65 | -------------------------------------------------------------------------------- /ossfuzz/file_fuzzer.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * OSS-Fuzz target for libevt file type 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | /* Note that some of the OSS-Fuzz engines use C++ 26 | */ 27 | extern "C" { 28 | 29 | #include "ossfuzz_libbfio.h" 30 | #include "ossfuzz_libevt.h" 31 | 32 | #if !defined( LIBEVT_HAVE_BFIO ) 33 | 34 | /* Opens a file using a Basic File IO (bfio) handle 35 | * Returns 1 if successful or -1 on error 36 | */ 37 | LIBEVT_EXTERN \ 38 | int libevt_file_open_file_io_handle( 39 | libevt_file_t *file, 40 | libbfio_handle_t *file_io_handle, 41 | int access_flags, 42 | libevt_error_t **error ); 43 | 44 | #endif /* !defined( LIBEVT_HAVE_BFIO ) */ 45 | 46 | int LLVMFuzzerTestOneInput( 47 | const uint8_t *data, 48 | size_t size ) 49 | { 50 | libbfio_handle_t *file_io_handle = NULL; 51 | libevt_file_t *file = NULL; 52 | 53 | if( libbfio_memory_range_initialize( 54 | &file_io_handle, 55 | NULL ) != 1 ) 56 | { 57 | return( 0 ); 58 | } 59 | if( libbfio_memory_range_set( 60 | file_io_handle, 61 | (uint8_t *) data, 62 | size, 63 | NULL ) != 1 ) 64 | { 65 | goto on_error_libbfio; 66 | } 67 | if( libevt_file_initialize( 68 | &file, 69 | NULL ) != 1 ) 70 | { 71 | goto on_error_libbfio; 72 | } 73 | if( libevt_file_open_file_io_handle( 74 | file, 75 | file_io_handle, 76 | LIBEVT_OPEN_READ, 77 | NULL ) != 1 ) 78 | { 79 | goto on_error_libevt; 80 | } 81 | libevt_file_close( 82 | file, 83 | NULL ); 84 | 85 | on_error_libevt: 86 | libevt_file_free( 87 | &file, 88 | NULL ); 89 | 90 | on_error_libbfio: 91 | libbfio_handle_free( 92 | &file_io_handle, 93 | NULL ); 94 | 95 | return( 0 ); 96 | } 97 | 98 | } /* extern "C" */ 99 | 100 | -------------------------------------------------------------------------------- /ossfuzz/ossfuzz_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _OSSFUZZ_LIBBFIO_H ) 23 | #define _OSSFUZZ_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _OSSFUZZ_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /ossfuzz/ossfuzz_libevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libevt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _OSSFUZZ_LIBEVT_H ) 23 | #define _OSSFUZZ_LIBEVT_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _OSSFUZZ_LIBEVT_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /po/ChangeLog: -------------------------------------------------------------------------------- 1 | 2016-11-01 gettextize 2 | -------------------------------------------------------------------------------- /po/Makevars.in: -------------------------------------------------------------------------------- 1 | # Makefile variables for PO directory in any package using GNU gettext. 2 | 3 | # Usually the message domain is the same as the package name. 4 | DOMAIN = @PACKAGE@ 5 | 6 | # These two variables depend on the location of this directory. 7 | subdir = po 8 | top_builddir = .. 9 | 10 | # These options get passed to xgettext. 11 | XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ 12 | 13 | # This is the copyright holder that gets inserted into the header of the 14 | # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding 15 | # package. (Note that the msgstr strings, extracted from the package's 16 | # sources, belong to the copyright holder of the package.) Translators are 17 | # expected to transfer the copyright for their translations to this person 18 | # or entity, or to disclaim their copyright. The empty string stands for 19 | # the public domain; in this case the translators are expected to disclaim 20 | # their copyright. 21 | COPYRIGHT_HOLDER = Joachim Metz 22 | 23 | # This is the email address or URL to which the translators shall report 24 | # bugs in the untranslated strings: 25 | # - Strings which are not entire sentences, see the maintainer guidelines 26 | # in the GNU gettext documentation, section 'Preparing Strings'. 27 | # - Strings which use unclear terms or require additional context to be 28 | # understood. 29 | # - Strings which make invalid assumptions about notation of date, time or 30 | # money. 31 | # - Pluralisation problems. 32 | # - Incorrect English spelling. 33 | # - Incorrect formatting. 34 | # It can be your email address, or a mailing list address where translators 35 | # can write to without being subscribed, or the URL of a web page through 36 | # which the translators can contact you. 37 | MSGID_BUGS_ADDRESS = @PACKAGE_BUGREPORT@ 38 | 39 | # This is the list of locale categories, beyond LC_MESSAGES, for which the 40 | # message catalogs shall be used. It is usually empty. 41 | EXTRA_LOCALE_CATEGORIES = 42 | 43 | # Additional make targets. 44 | sources splint: 45 | 46 | -------------------------------------------------------------------------------- /po/POTFILES.in: -------------------------------------------------------------------------------- 1 | # List of source files which contain translatable strings. 2 | -------------------------------------------------------------------------------- /pyevt/Makefile.am: -------------------------------------------------------------------------------- 1 | if HAVE_PYTHON 2 | AM_CFLAGS = \ 3 | -I../include -I$(top_srcdir)/include \ 4 | -I../common -I$(top_srcdir)/common \ 5 | @LIBCERROR_CPPFLAGS@ \ 6 | @LIBCDATA_CPPFLAGS@ \ 7 | @LIBCLOCALE_CPPFLAGS@ \ 8 | @LIBCSPLIT_CPPFLAGS@ \ 9 | @LIBUNA_CPPFLAGS@ \ 10 | @LIBCFILE_CPPFLAGS@ \ 11 | @LIBCPATH_CPPFLAGS@ \ 12 | @LIBBFIO_CPPFLAGS@ \ 13 | @LIBEVT_DLL_IMPORT@ 14 | 15 | pyexec_LTLIBRARIES = pyevt.la 16 | 17 | pyevt_la_SOURCES = \ 18 | pyevt.c pyevt.h \ 19 | pyevt_codepage.c pyevt_codepage.h \ 20 | pyevt_datetime.c pyevt_datetime.h \ 21 | pyevt_error.c pyevt_error.h \ 22 | pyevt_event_types.c pyevt_event_types.h \ 23 | pyevt_file.c pyevt_file.h \ 24 | pyevt_file_flags.c pyevt_file_flags.h \ 25 | pyevt_file_object_io_handle.c pyevt_file_object_io_handle.h \ 26 | pyevt_integer.c pyevt_integer.h \ 27 | pyevt_libbfio.h \ 28 | pyevt_libcerror.h \ 29 | pyevt_libclocale.h \ 30 | pyevt_libevt.h \ 31 | pyevt_python.h \ 32 | pyevt_record.c pyevt_record.h \ 33 | pyevt_records.c pyevt_records.h \ 34 | pyevt_strings.c pyevt_strings.h \ 35 | pyevt_unused.h 36 | 37 | pyevt_la_LIBADD = \ 38 | @LIBCERROR_LIBADD@ \ 39 | ../libevt/libevt.la \ 40 | @LIBCDATA_LIBADD@ \ 41 | @LIBCLOCALE_LIBADD@ \ 42 | @LIBCSPLIT_LIBADD@ \ 43 | @LIBUNA_LIBADD@ \ 44 | @LIBCFILE_LIBADD@ \ 45 | @LIBCPATH_LIBADD@ \ 46 | @LIBBFIO_LIBADD@ 47 | 48 | pyevt_la_CPPFLAGS = $(PYTHON_CPPFLAGS) 49 | pyevt_la_LDFLAGS = -module -avoid-version $(PYTHON_LDFLAGS) 50 | 51 | endif 52 | 53 | DISTCLEANFILES = \ 54 | Makefile \ 55 | Makefile.in 56 | 57 | -------------------------------------------------------------------------------- /pyevt/pyevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python bindings module for libevt (pyevt) 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_H ) 23 | #define _PYEVT_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_python.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | PyObject *pyevt_get_version( 35 | PyObject *self, 36 | PyObject *arguments ); 37 | 38 | PyObject *pyevt_check_file_signature( 39 | PyObject *self, 40 | PyObject *arguments, 41 | PyObject *keywords ); 42 | 43 | PyObject *pyevt_check_file_signature_file_object( 44 | PyObject *self, 45 | PyObject *arguments, 46 | PyObject *keywords ); 47 | 48 | PyObject *pyevt_open_new_file( 49 | PyObject *self, 50 | PyObject *arguments, 51 | PyObject *keywords ); 52 | 53 | PyObject *pyevt_open_new_file_with_file_object( 54 | PyObject *self, 55 | PyObject *arguments, 56 | PyObject *keywords ); 57 | 58 | #if PY_MAJOR_VERSION >= 3 59 | PyMODINIT_FUNC PyInit_pyevt( 60 | void ); 61 | #else 62 | PyMODINIT_FUNC initpyevt( 63 | void ); 64 | #endif 65 | 66 | #if defined( __cplusplus ) 67 | } 68 | #endif 69 | 70 | #endif /* !defined( _PYEVT_H ) */ 71 | 72 | -------------------------------------------------------------------------------- /pyevt/pyevt_codepage.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Codepage functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_CODEPAGE_H ) 23 | #define _PYEVT_CODEPAGE_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( __cplusplus ) 29 | extern "C" { 30 | #endif 31 | 32 | const char *pyevt_codepage_to_string( 33 | int codepage ); 34 | 35 | /* TODO add list function */ 36 | 37 | #if defined( __cplusplus ) 38 | } 39 | #endif 40 | 41 | #endif /* !defined( _PYEVT_CODEPAGE_H ) */ 42 | 43 | -------------------------------------------------------------------------------- /pyevt/pyevt_datetime.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Date and time functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_DATETIME_H ) 23 | #define _PYEVT_DATETIME_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_python.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | PyObject *pyevt_datetime_new_from_time_elements( 35 | uint16_t year, 36 | uint64_t number_of_days, 37 | uint8_t hours, 38 | uint8_t minutes, 39 | uint8_t seconds, 40 | uint32_t micro_seconds ); 41 | 42 | PyObject *pyevt_datetime_new_from_fat_date_time( 43 | uint32_t fat_date_time ); 44 | 45 | PyObject *pyevt_datetime_new_from_filetime( 46 | uint64_t filetime ); 47 | 48 | PyObject *pyevt_datetime_new_from_floatingtime( 49 | uint64_t floatingtime ); 50 | 51 | PyObject *pyevt_datetime_new_from_hfs_time( 52 | uint32_t hfs_time ); 53 | 54 | PyObject *pyevt_datetime_new_from_posix_time( 55 | int64_t posix_time ); 56 | 57 | PyObject *pyevt_datetime_new_from_posix_time_in_micro_seconds( 58 | int64_t posix_time ); 59 | 60 | #if defined( __cplusplus ) 61 | } 62 | #endif 63 | 64 | #endif /* !defined( _PYEVT_DATETIME_H ) */ 65 | 66 | -------------------------------------------------------------------------------- /pyevt/pyevt_error.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Error functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_ERROR_H ) 23 | #define _PYEVT_ERROR_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_libcerror.h" 29 | #include "pyevt_python.h" 30 | 31 | #define PYEVT_ERROR_STRING_SIZE 2048 32 | 33 | #if defined( __cplusplus ) 34 | extern "C" { 35 | #endif 36 | 37 | void pyevt_error_fetch( 38 | libcerror_error_t **error, 39 | int error_domain, 40 | int error_code, 41 | const char *format_string, 42 | ... ); 43 | 44 | void pyevt_error_fetch_and_raise( 45 | PyObject *exception_object, 46 | const char *format_string, 47 | ... ); 48 | 49 | void pyevt_error_raise( 50 | libcerror_error_t *error, 51 | PyObject *exception_object, 52 | const char *format_string, 53 | ... ); 54 | 55 | #if defined( __cplusplus ) 56 | } 57 | #endif 58 | 59 | #endif /* !defined( _PYEVT_ERROR_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /pyevt/pyevt_event_types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the libevt event types 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_EVENT_TYPES_H ) 23 | #define _PYEVT_EVENT_TYPES_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_libevt.h" 29 | #include "pyevt_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevt_event_types pyevt_event_types_t; 36 | 37 | struct pyevt_event_types 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | }; 43 | 44 | extern PyTypeObject pyevt_event_types_type_object; 45 | 46 | int pyevt_event_types_init_type( 47 | PyTypeObject *type_object ); 48 | 49 | PyObject *pyevt_event_types_new( 50 | void ); 51 | 52 | int pyevt_event_types_init( 53 | pyevt_event_types_t *definitions_object ); 54 | 55 | void pyevt_event_types_free( 56 | pyevt_event_types_t *definitions_object ); 57 | 58 | #if defined( __cplusplus ) 59 | } 60 | #endif 61 | 62 | #endif /* !defined( _PYEVT_EVENT_TYPES_H ) */ 63 | 64 | -------------------------------------------------------------------------------- /pyevt/pyevt_file_flags.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the libevt file flags 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_FILE_FLAGS_H ) 23 | #define _PYEVT_FILE_FLAGS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_libevt.h" 29 | #include "pyevt_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevt_file_flags pyevt_file_flags_t; 36 | 37 | struct pyevt_file_flags 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | }; 43 | 44 | extern PyTypeObject pyevt_file_flags_type_object; 45 | 46 | int pyevt_file_flags_init_type( 47 | PyTypeObject *type_object ); 48 | 49 | PyObject *pyevt_file_flags_new( 50 | void ); 51 | 52 | int pyevt_file_flags_init( 53 | pyevt_file_flags_t *definitions_object ); 54 | 55 | void pyevt_file_flags_free( 56 | pyevt_file_flags_t *definitions_object ); 57 | 58 | #if defined( __cplusplus ) 59 | } 60 | #endif 61 | 62 | #endif /* !defined( _PYEVT_FILE_FLAGS_H ) */ 63 | 64 | -------------------------------------------------------------------------------- /pyevt/pyevt_integer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Integer functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_INTEGER_H ) 23 | #define _PYEVT_INTEGER_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_libcerror.h" 29 | #include "pyevt_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | PyObject *pyevt_integer_signed_new_from_64bit( 36 | int64_t value_64bit ); 37 | 38 | PyObject *pyevt_integer_unsigned_new_from_64bit( 39 | uint64_t value_64bit ); 40 | 41 | int pyevt_integer_signed_copy_to_64bit( 42 | PyObject *integer_object, 43 | int64_t *value_64bit, 44 | libcerror_error_t **error ); 45 | 46 | int pyevt_integer_unsigned_copy_to_64bit( 47 | PyObject *integer_object, 48 | uint64_t *value_64bit, 49 | libcerror_error_t **error ); 50 | 51 | #if defined( __cplusplus ) 52 | } 53 | #endif 54 | 55 | #endif /* !defined( _PYEVT_INTEGER_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /pyevt/pyevt_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_LIBBFIO_H ) 23 | #define _PYEVT_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 52 | 53 | #endif /* !defined( _PYEVT_LIBBFIO_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /pyevt/pyevt_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_LIBCERROR_H ) 23 | #define _PYEVT_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _PYEVT_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /pyevt/pyevt_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_LIBCLOCALE_H ) 23 | #define _PYEVT_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _PYEVT_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /pyevt/pyevt_libevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal libevt header 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_LIBEVT_H ) 23 | #define _PYEVT_LIBEVT_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _PYEVT_LIBEVT_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /pyevt/pyevt_libfwnt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwnt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_LIBFWNT_H ) 23 | #define _PYEVT_LIBFWNT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWNT for local use of libfwnt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWNT ) 30 | 31 | #include 32 | #include 33 | #include 34 | 35 | #else 36 | 37 | /* If libtool DLL support is enabled set LIBFWNT_DLL_IMPORT 38 | * before including libfwnt.h 39 | */ 40 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 41 | #define LIBFWNT_DLL_IMPORT 42 | #endif 43 | 44 | #include 45 | 46 | #endif 47 | 48 | #endif 49 | 50 | -------------------------------------------------------------------------------- /pyevt/pyevt_python.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The python header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_PYTHON_H ) 23 | #define _PYEVT_PYTHON_H 24 | 25 | #include 26 | 27 | #if PY_MAJOR_VERSION < 3 28 | 29 | /* Fix defines in pyconfig.h 30 | */ 31 | #undef _POSIX_C_SOURCE 32 | #undef _XOPEN_SOURCE 33 | 34 | /* Fix defines in pyport.h 35 | */ 36 | #undef HAVE_FSTAT 37 | #undef HAVE_STAT 38 | #undef HAVE_SSIZE_T 39 | #undef HAVE_INT32_T 40 | #undef HAVE_UINT32_T 41 | #undef HAVE_INT64_T 42 | #undef HAVE_UINT64_T 43 | 44 | #endif /* PY_MAJOR_VERSION < 3 */ 45 | 46 | /* Define PY_SSIZE_T_CLEAN to silence: 47 | * DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats 48 | * 49 | * PY_SSIZE_T_CLEAN was introduced in Python 2.5 50 | */ 51 | #define PY_SSIZE_T_CLEAN 52 | 53 | #include 54 | 55 | /* Python compatibility macros 56 | */ 57 | #if !defined( PyMODINIT_FUNC ) 58 | #if PY_MAJOR_VERSION >= 3 59 | #define PyMODINIT_FUNC PyObject * 60 | #else 61 | #define PyMODINIT_FUNC void 62 | #endif 63 | #endif /* !defined( PyMODINIT_FUNC ) */ 64 | 65 | #if !defined( PyVarObject_HEAD_INIT ) 66 | #define PyVarObject_HEAD_INIT( type, size ) \ 67 | PyObject_HEAD_INIT( type ) \ 68 | size, 69 | 70 | #endif /* !defined( PyVarObject_HEAD_INIT ) */ 71 | 72 | #if PY_MAJOR_VERSION >= 3 73 | #define Py_TPFLAGS_HAVE_ITER 0 74 | #endif 75 | 76 | #if !defined( Py_TYPE ) 77 | #define Py_TYPE( object ) \ 78 | ( ( (PyObject *) object )->ob_type ) 79 | 80 | #endif /* !defined( Py_TYPE ) */ 81 | 82 | #endif /* !defined( _PYEVT_PYTHON_H ) */ 83 | 84 | -------------------------------------------------------------------------------- /pyevt/pyevt_records.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the sequence and iterator object of records 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_RECORDS_H ) 23 | #define _PYEVT_RECORDS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_libevt.h" 29 | #include "pyevt_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevt_records pyevt_records_t; 36 | 37 | struct pyevt_records 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | 43 | /* The parent object 44 | */ 45 | PyObject *parent_object; 46 | 47 | /* The get item by index callback function 48 | */ 49 | PyObject* (*get_item_by_index)( 50 | PyObject *parent_object, 51 | int index ); 52 | 53 | /* The current index 54 | */ 55 | int current_index; 56 | 57 | /* The number of items 58 | */ 59 | int number_of_items; 60 | }; 61 | 62 | extern PyTypeObject pyevt_records_type_object; 63 | 64 | PyObject *pyevt_records_new( 65 | PyObject *parent_object, 66 | PyObject* (*get_item_by_index)( 67 | PyObject *parent_object, 68 | int index ), 69 | int number_of_items ); 70 | 71 | int pyevt_records_init( 72 | pyevt_records_t *sequence_object ); 73 | 74 | void pyevt_records_free( 75 | pyevt_records_t *sequence_object ); 76 | 77 | Py_ssize_t pyevt_records_len( 78 | pyevt_records_t *sequence_object ); 79 | 80 | PyObject *pyevt_records_getitem( 81 | pyevt_records_t *sequence_object, 82 | Py_ssize_t item_index ); 83 | 84 | PyObject *pyevt_records_iter( 85 | pyevt_records_t *sequence_object ); 86 | 87 | PyObject *pyevt_records_iternext( 88 | pyevt_records_t *sequence_object ); 89 | 90 | #if defined( __cplusplus ) 91 | } 92 | #endif 93 | 94 | #endif /* !defined( _PYEVT_RECORDS_H ) */ 95 | 96 | -------------------------------------------------------------------------------- /pyevt/pyevt_strings.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the sequence and iterator object of strings 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_STRINGS_H ) 23 | #define _PYEVT_STRINGS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevt_libevt.h" 29 | #include "pyevt_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevt_strings pyevt_strings_t; 36 | 37 | struct pyevt_strings 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | 43 | /* The parent object 44 | */ 45 | PyObject *parent_object; 46 | 47 | /* The get item by index callback function 48 | */ 49 | PyObject* (*get_item_by_index)( 50 | PyObject *parent_object, 51 | int index ); 52 | 53 | /* The current index 54 | */ 55 | int current_index; 56 | 57 | /* The number of items 58 | */ 59 | int number_of_items; 60 | }; 61 | 62 | extern PyTypeObject pyevt_strings_type_object; 63 | 64 | PyObject *pyevt_strings_new( 65 | PyObject *parent_object, 66 | PyObject* (*get_item_by_index)( 67 | PyObject *parent_object, 68 | int index ), 69 | int number_of_items ); 70 | 71 | int pyevt_strings_init( 72 | pyevt_strings_t *sequence_object ); 73 | 74 | void pyevt_strings_free( 75 | pyevt_strings_t *sequence_object ); 76 | 77 | Py_ssize_t pyevt_strings_len( 78 | pyevt_strings_t *sequence_object ); 79 | 80 | PyObject *pyevt_strings_getitem( 81 | pyevt_strings_t *sequence_object, 82 | Py_ssize_t item_index ); 83 | 84 | PyObject *pyevt_strings_iter( 85 | pyevt_strings_t *sequence_object ); 86 | 87 | PyObject *pyevt_strings_iternext( 88 | pyevt_strings_t *sequence_object ); 89 | 90 | #if defined( __cplusplus ) 91 | } 92 | #endif 93 | 94 | #endif /* !defined( _PYEVT_STRINGS_H ) */ 95 | 96 | -------------------------------------------------------------------------------- /pyevt/pyevt_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVT_UNUSED_H ) 23 | #define _PYEVT_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( PYEVT_ATTRIBUTE_UNUSED ) 28 | #if defined( __GNUC__ ) && __GNUC__ >= 3 29 | #define PYEVT_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 30 | #else 31 | #define PYEVT_ATTRIBUTE_UNUSED 32 | #endif 33 | #endif 34 | 35 | #if defined( _MSC_VER ) 36 | #define PYEVT_UNREFERENCED_PARAMETER( parameter ) \ 37 | UNREFERENCED_PARAMETER( parameter ); 38 | #else 39 | #define PYEVT_UNREFERENCED_PARAMETER( parameter ) \ 40 | /* parameter */ 41 | #endif 42 | 43 | #endif /* !defined( _PYEVT_UNUSED_H ) */ 44 | 45 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [build-system] 2 | requires = ["setuptools", "wheel"] 3 | build-backend = "setuptools.build_meta" 4 | 5 | -------------------------------------------------------------------------------- /runtests.ps1: -------------------------------------------------------------------------------- 1 | # Script that runs the tests 2 | # 3 | # Version: 20220103 4 | 5 | $ExitSuccess = 0 6 | $ExitFailure = 1 7 | $ExitIgnore = 77 8 | 9 | Set-Location -Path "tests" 10 | 11 | $Result = ${ExitSuccess} 12 | 13 | $Lines = Get-Content "Makefile.am" 14 | $InTests = $FALSE 15 | 16 | Foreach (${Line} in ${Lines}) 17 | { 18 | If (${InTests}) 19 | { 20 | If (-Not ${Line}) 21 | { 22 | ${InTests} = $FALSE 23 | 24 | Continue 25 | } 26 | ${Line} = ${Line}.TrimStart() 27 | 28 | If (${Line}.EndsWith(" \")) 29 | { 30 | ${Line} = ${Line}.Substring(0, ${Line}.Length - 2) 31 | } 32 | If (-Not (${Line}.EndsWith(".sh"))) 33 | { 34 | Continue 35 | } 36 | ${Line} = ${Line}.Substring(0, ${Line}.Length - 3) 37 | ${Line} = ".\${Line}.ps1" 38 | 39 | Try 40 | { 41 | Invoke-Expression ${Line} 42 | } 43 | Catch 44 | { 45 | $LastExitCode = ${ExitIgnore} 46 | } 47 | If (${LastExitCode} -eq ${ExitFailure}) 48 | { 49 | $Result = ${ExitFailure} 50 | Write-Host "FAIL" -foreground Red -nonewline 51 | } 52 | ElseIf (${LastExitCode} -eq ${ExitIgnore}) 53 | { 54 | Write-Host "SKIP" -foreground Cyan -nonewline 55 | } 56 | Else 57 | { 58 | Write-Host "PASS" -foreground Green -nonewline 59 | } 60 | Write-Host ": ${Line}" 61 | } 62 | ElseIf (${Line}.StartsWith("TESTS = ")) 63 | { 64 | ${InTests} = $TRUE 65 | } 66 | } 67 | 68 | Set-Location -Path ".." 69 | 70 | Exit ${Result} 71 | -------------------------------------------------------------------------------- /setup.cfg.in: -------------------------------------------------------------------------------- 1 | [metadata] 2 | name = libevt-python 3 | version = @VERSION@ 4 | description = Python bindings module for libevt 5 | long_description = Python bindings module for libevt 6 | long_description_content_type = text/plain 7 | author = Joachim Metz 8 | author_email = joachim.metz@gmail.com 9 | license = GNU Lesser General Public License v3 or later (LGPLv3+) 10 | license_files = COPYING COPYING.LESSER 11 | classifiers = 12 | Development Status :: 3 - Alpha 13 | Programming Language :: Python 14 | 15 | [options] 16 | python_requires = >=3.7 17 | -------------------------------------------------------------------------------- /synctestdata.ps1: -------------------------------------------------------------------------------- 1 | # Script that synchronizes the local test data 2 | # 3 | # Version: 20230709 4 | 5 | $TestSet = "public" 6 | $TestInputDirectory = "tests/input" 7 | $TestFiles = "SysEvent.Evt" 8 | 9 | If (-Not (Test-Path ${TestInputDirectory})) 10 | { 11 | New-Item -Name ${TestInputDirectory} -ItemType "directory" | Out-Null 12 | } 13 | If (-Not (Test-Path "${TestInputDirectory}\${TestSet}")) 14 | { 15 | New-Item -Name "${TestInputDirectory}\${TestSet}" -ItemType "directory" | Out-Null 16 | } 17 | ForEach ($TestFile in ${TestFiles} -split " ") 18 | { 19 | $Url = "https://github.com/log2timeline/plaso/blob/main/test_data/${TestFile}?raw=true" 20 | 21 | Invoke-WebRequest -Uri ${Url} -OutFile "${TestInputDirectory}\${TestSet}\${TestFile}" 22 | } 23 | 24 | -------------------------------------------------------------------------------- /synctestdata.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script that synchronizes the local test data 3 | # 4 | # Version: 20161009 5 | 6 | TEST_SET="public"; 7 | TEST_INPUT_DIRECTORY="tests/input"; 8 | TEST_FILES="SysEvent.Evt"; 9 | 10 | mkdir -p "${TEST_INPUT_DIRECTORY}/${TEST_SET}"; 11 | 12 | for TEST_FILE in ${TEST_FILES}; 13 | do 14 | URL="https://github.com/log2timeline/plaso/blob/main/test_data/${TEST_FILE}?raw=true"; 15 | 16 | curl -L -o "${TEST_INPUT_DIRECTORY}/${TEST_SET}/${TEST_FILE}" ${URL}; 17 | done 18 | 19 | -------------------------------------------------------------------------------- /tests/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script to build from source 3 | # 4 | # Version: 20201121 5 | 6 | set -e 7 | 8 | ./synclibs.sh --use-head 9 | ./autogen.sh 10 | ./configure "$@" 11 | make > /dev/null 12 | 13 | -------------------------------------------------------------------------------- /tests/data/end_of_file_record.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libyal/libevt/0e79e00fa14af08a1ec39a6d98ea6a9490b1cb63/tests/data/end_of_file_record.1 -------------------------------------------------------------------------------- /tests/data/event_record.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libyal/libevt/0e79e00fa14af08a1ec39a6d98ea6a9490b1cb63/tests/data/event_record.1 -------------------------------------------------------------------------------- /tests/data/file_header.1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libyal/libevt/0e79e00fa14af08a1ec39a6d98ea6a9490b1cb63/tests/data/file_header.1 -------------------------------------------------------------------------------- /tests/evt_test_functions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Functions for testing 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_FUNCTIONS_H ) 23 | #define _EVT_TEST_FUNCTIONS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evt_test_libbfio.h" 29 | #include "evt_test_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | int evt_test_get_narrow_source( 36 | const system_character_t *source, 37 | char *narrow_string, 38 | size_t narrow_string_size, 39 | libcerror_error_t **error ); 40 | 41 | #if defined( HAVE_WIDE_CHARACTER_TYPE ) 42 | 43 | int evt_test_get_wide_source( 44 | const system_character_t *source, 45 | wchar_t *wide_string, 46 | size_t wide_string_size, 47 | libcerror_error_t **error ); 48 | 49 | #endif /* defined( HAVE_WIDE_CHARACTER_TYPE ) */ 50 | 51 | int evt_test_open_file_io_handle( 52 | libbfio_handle_t **file_io_handle, 53 | uint8_t *data, 54 | size_t data_size, 55 | libcerror_error_t **error ); 56 | 57 | int evt_test_close_file_io_handle( 58 | libbfio_handle_t **file_io_handle, 59 | libcerror_error_t **error ); 60 | 61 | #if defined( __cplusplus ) 62 | } 63 | #endif 64 | 65 | #endif /* !defined( _EVT_TEST_FUNCTIONS_H ) */ 66 | 67 | -------------------------------------------------------------------------------- /tests/evt_test_getopt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * GetOpt functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_GETOPT_H ) 23 | #define _EVT_TEST_GETOPT_H 24 | 25 | #include 26 | #include 27 | 28 | /* unistd.h is included here to export getopt, optarg, optind and optopt 29 | */ 30 | #if defined( HAVE_UNISTD_H ) 31 | #include 32 | #endif 33 | 34 | #if defined( __cplusplus ) 35 | extern "C" { 36 | #endif 37 | 38 | #if defined( HAVE_GETOPT ) 39 | #define evt_test_getopt( argument_count, argument_values, options_string ) \ 40 | getopt( argument_count, argument_values, options_string ) 41 | 42 | #else 43 | 44 | #if !defined( __CYGWIN__ ) 45 | extern int optind; 46 | extern system_character_t *optarg; 47 | extern system_integer_t optopt; 48 | 49 | #else 50 | int optind; 51 | system_character_t *optarg; 52 | system_integer_t optopt; 53 | 54 | #endif /* !defined( __CYGWIN__ ) */ 55 | 56 | system_integer_t evt_test_getopt( 57 | int argument_count, 58 | system_character_t * const argument_values[], 59 | const system_character_t *options_string ); 60 | 61 | #endif /* defined( HAVE_GETOPT ) */ 62 | 63 | #if defined( __cplusplus ) 64 | } 65 | #endif 66 | 67 | #endif /* !defined( _EVT_TEST_GETOPT_H ) */ 68 | 69 | -------------------------------------------------------------------------------- /tests/evt_test_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_LIBBFIO_H ) 23 | #define _EVT_TEST_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _EVT_TEST_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /tests/evt_test_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_LIBCERROR_H ) 23 | #define _EVT_TEST_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _EVT_TEST_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/evt_test_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_LIBCLOCALE_H ) 23 | #define _EVT_TEST_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _EVT_TEST_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/evt_test_libcnotify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcnotify header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_LIBCNOTIFY_H ) 23 | #define _EVT_TEST_LIBCNOTIFY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCNOTIFY for local use of libcnotify 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCNOTIFY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCNOTIFY_DLL_IMPORT 39 | * before including libcnotify.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCNOTIFY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCNOTIFY ) */ 48 | 49 | #endif /* !defined( _EVT_TEST_LIBCNOTIFY_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/evt_test_libevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libevt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_LIBEVT_H ) 23 | #define _EVT_TEST_LIBEVT_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _EVT_TEST_LIBEVT_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /tests/evt_test_libuna.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libuna header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_LIBUNA_H ) 23 | #define _EVT_TEST_LIBUNA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBUNA for local use of libuna 28 | */ 29 | #if defined( HAVE_LOCAL_LIBUNA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | #else 47 | 48 | /* If libtool DLL support is enabled set LIBUNA_DLL_IMPORT 49 | * before including libuna.h 50 | */ 51 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 52 | #define LIBUNA_DLL_IMPORT 53 | #endif 54 | 55 | #include 56 | 57 | #endif /* defined( HAVE_LOCAL_LIBUNA ) */ 58 | 59 | #endif /* !defined( _EVT_TEST_LIBUNA_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /tests/evt_test_memory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Memory allocation functions for testing 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_MEMORY_H ) 23 | #define _EVT_TEST_MEMORY_H 24 | 25 | #include 26 | 27 | #if defined( __cplusplus ) 28 | extern "C" { 29 | #endif 30 | 31 | #if defined( HAVE_GNU_DL_DLSYM ) && defined( __GNUC__ ) && !defined( LIBEVT_DLL_IMPORT ) && !defined( __arm__ ) && !defined( __clang__ ) && !defined( __CYGWIN__ ) && !defined( __hppa__ ) && !defined( __loongarch__ ) && !defined( __mips__ ) && !defined( __riscv ) && !defined( __sparc__ ) && !defined( HAVE_ASAN ) 32 | #define HAVE_EVT_TEST_MEMORY 1 33 | #endif 34 | 35 | #if defined( HAVE_EVT_TEST_MEMORY ) 36 | 37 | extern int evt_test_malloc_attempts_before_fail; 38 | 39 | extern int evt_test_memcpy_attempts_before_fail; 40 | 41 | extern int evt_test_memset_attempts_before_fail; 42 | 43 | extern int evt_test_realloc_attempts_before_fail; 44 | 45 | #endif /* defined( HAVE_EVT_TEST_MEMORY ) */ 46 | 47 | #if defined( __cplusplus ) 48 | } 49 | #endif 50 | 51 | #endif /* !defined( _EVT_TEST_MEMORY_H ) */ 52 | 53 | -------------------------------------------------------------------------------- /tests/evt_test_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVT_TEST_UNUSED_H ) 23 | #define _EVT_TEST_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( EVT_TEST_ATTRIBUTE_UNUSED ) 28 | 29 | #if defined( __GNUC__ ) && __GNUC__ >= 3 30 | #define EVT_TEST_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 31 | 32 | #else 33 | #define EVT_TEST_ATTRIBUTE_UNUSED 34 | 35 | #endif /* defined( __GNUC__ ) && __GNUC__ >= 3 */ 36 | 37 | #endif /* !defined( EVT_TEST_ATTRIBUTE_UNUSED ) */ 38 | 39 | #if defined( _MSC_VER ) 40 | #define EVT_TEST_UNREFERENCED_PARAMETER( parameter ) \ 41 | UNREFERENCED_PARAMETER( parameter ); 42 | 43 | #else 44 | #define EVT_TEST_UNREFERENCED_PARAMETER( parameter ) \ 45 | /* parameter */ 46 | 47 | #endif /* defined( _MSC_VER ) */ 48 | 49 | #endif /* !defined( _EVT_TEST_UNUSED_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/lsan.suppressions: -------------------------------------------------------------------------------- 1 | leak:/lib*/libpython* 2 | -------------------------------------------------------------------------------- /tests/pkgbuild.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script to build a MacOS pkg 3 | # 4 | # Version: 20201121 5 | 6 | set -e 7 | 8 | make install DESTDIR=${PWD}/osx-pkg 9 | mkdir -p ${PWD}/osx-pkg/usr/share/doc/libevt 10 | cp AUTHORS COPYING COPYING.LESSER NEWS README ${PWD}/osx-pkg/usr/share/doc/libevt 11 | 12 | VERSION=`sed '5!d; s/^ \[//;s/\],$//' configure.ac` 13 | pkgbuild --root osx-pkg --identifier com.github.libyal.libevt --version ${VERSION} --ownership recommended ../libevt-${VERSION}.pkg 14 | 15 | -------------------------------------------------------------------------------- /tests/runtests.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Script to run Python test scripts. 4 | # 5 | # Version: 20231024 6 | 7 | import glob 8 | import os 9 | import sys 10 | import unittest 11 | 12 | 13 | test_profile = ".pyevt" 14 | input_glob = "*" 15 | option_sets = [] 16 | 17 | 18 | def ReadIgnoreList(test_profile): 19 | """Reads the test profile ignore file if it exists. 20 | 21 | Args: 22 | test_profile (str): test profile. 23 | 24 | Returns: 25 | set[str]: ignore list. 26 | """ 27 | ignore_file_path = os.path.join("tests", "input", test_profile, "ignore") 28 | if os.path.isfile(ignore_file_path): 29 | with open(ignore_file_path, "r", encoding="utf-8") as file_object: 30 | return set([line.strip() for line in file_object.readlines()]) 31 | 32 | return set() 33 | 34 | 35 | if __name__ == "__main__": 36 | print(f"Using Python version {sys.version!s}") 37 | 38 | test_loader = unittest.TestLoader() 39 | test_runner = unittest.TextTestRunner(verbosity=2) 40 | 41 | test_scripts = test_loader.discover("tests", pattern="*.py") 42 | 43 | ignore_list = ReadIgnoreList(test_profile) 44 | 45 | test_set = None 46 | source_file = None 47 | 48 | for test_set in glob.glob(os.path.join("tests", "input", "*")): 49 | test_set = test_set.rsplit(os.path.sep, maxsplit=1)[-1] 50 | if not test_set or test_set[0] == '.' or test_set in ignore_list: 51 | continue 52 | 53 | source_files = glob.glob(os.path.join( 54 | "tests", "input", test_set, input_glob)) 55 | if source_files: 56 | source_file = source_files[0] 57 | break 58 | 59 | setattr(unittest, "source", source_file) 60 | 61 | if source_file: 62 | for option_set in option_sets: 63 | test_file = os.path.basename(source_file) 64 | test_options_file_path = os.path.join( 65 | "tests", "input", test_profile, test_set, 66 | f"{test_file:s}.{option_set:s}") 67 | if os.path.isfile(test_options_file_path): 68 | with open(test_options_file_path, "r", encoding="utf-8") as file_object: 69 | lines = [line.strip() for line in file_object.readlines()] 70 | if lines[0] == "# libyal test data options": 71 | for line in lines[1:]: 72 | key, value = line.split("=", maxsplit=1) 73 | if key == 'offset': 74 | value = int(value) 75 | 76 | setattr(unittest, key, value) 77 | 78 | test_results = test_runner.run(test_scripts) 79 | if not test_results.wasSuccessful(): 80 | sys.exit(1) 81 | -------------------------------------------------------------------------------- /tests/runtests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script to run tests 3 | # 4 | # Version: 20201121 5 | 6 | if test -f ${PWD}/libevt/.libs/libevt.1.dylib && test -f ./pyevt/.libs/pyevt.so; 7 | then 8 | install_name_tool -change /usr/local/lib/libevt.1.dylib ${PWD}/libevt/.libs/libevt.1.dylib ./pyevt/.libs/pyevt.so; 9 | fi 10 | 11 | make check CHECK_WITH_STDERR=1; 12 | RESULT=$?; 13 | 14 | if test ${RESULT} -ne 0 && test -f tests/test-suite.log; 15 | then 16 | cat tests/test-suite.log; 17 | fi 18 | exit ${RESULT}; 19 | 20 | -------------------------------------------------------------------------------- /tests/syncsharedlibs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script that synchronizes the shared library dependencies 3 | # 4 | # Version: 20201121 5 | 6 | EXIT_SUCCESS=0; 7 | EXIT_FAILURE=1; 8 | 9 | GIT_URL_PREFIX="https://github.com/libyal"; 10 | SHARED_LIBS="libcerror libcthreads libcdata libclocale libcnotify libcsplit libuna libcfile libcpath libbfio libfcache libfdata libfdatetime libfguid libfwnt"; 11 | 12 | USE_HEAD=""; 13 | 14 | if test "$1" = "--use-head"; 15 | then 16 | USE_HEAD="--use-head"; 17 | fi 18 | 19 | OLDIFS=$IFS; 20 | IFS=" "; 21 | 22 | for SHARED_LIB in ${SHARED_LIBS}; 23 | do 24 | GIT_URL="${GIT_URL_PREFIX}/${SHARED_LIB}.git"; 25 | 26 | git clone --quiet ${GIT_URL} ${SHARED_LIB}-$$; 27 | 28 | if ! test -d ${SHARED_LIB}-$$; 29 | then 30 | echo "Unable to git clone: ${GIT_URL}"; 31 | 32 | IFS=$OLDIFS; 33 | 34 | exit ${EXIT_FAILURE}; 35 | fi 36 | (cd ${SHARED_LIB}-$$ && git fetch --quiet --all --tags --prune) 37 | 38 | LATEST_TAG=`cd ${SHARED_LIB}-$$ && git describe --tags --abbrev=0`; 39 | 40 | if test -n ${LATEST_TAG} && test -z ${USE_HEAD}; 41 | then 42 | echo "Synchronizing: ${SHARED_LIB} from ${GIT_URL} tag ${LATEST_TAG}"; 43 | 44 | (cd ${SHARED_LIB}-$$ && git checkout --quiet tags/${LATEST_TAG}); 45 | else 46 | echo "Synchronizing: ${SHARED_LIB} from ${GIT_URL} HEAD"; 47 | fi 48 | 49 | (cd ${SHARED_LIB}-$$ && ./synclibs.sh ${USE_HEAD} && ./autogen.sh); 50 | 51 | CONFIGURE_OPTIONS=""; 52 | 53 | (cd ${SHARED_LIB}-$$ && ./configure --help | grep -- '--enable-wide-character-type' > /dev/null); 54 | 55 | if test $? -eq 0; 56 | then 57 | CONFIGURE_OPTIONS="${CONFIGURE_OPTIONS} --enable-wide-character-type"; 58 | fi 59 | 60 | (cd ${SHARED_LIB}-$$ && ./configure --prefix=/usr ${CONFIGURE_OPTIONS} && make && sudo make install); 61 | 62 | rm -rf ${SHARED_LIB}-$$; 63 | done 64 | 65 | IFS=$OLDIFS; 66 | 67 | exit ${EXIT_SUCCESS}; 68 | 69 | -------------------------------------------------------------------------------- /tests/test_manpage.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Tests man pages. 3 | # 4 | # Version: 20240413 5 | 6 | EXIT_SUCCESS=0; 7 | EXIT_FAILURE=1; 8 | EXIT_IGNORE=77; 9 | 10 | run_test() 11 | { 12 | local INPUT_FILE=$1; 13 | local RESULT=0 14 | 15 | TEST_NAME=`basename ${INPUT_FILE}`; 16 | echo -n "Testing man with input: ${TEST_NAME}"; 17 | 18 | LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 man --warnings -E UTF-8 -l -Tutf8 -Z ${INPUT_FILE} > /dev/null 2> ${TMPDIR}/${TEST_NAME}.warnings; 19 | RESULT=$?; 20 | 21 | # For now line break warnings are ignored. 22 | if test -f ${TMPDIR}/${TEST_NAME}.warnings; 23 | then 24 | sed "/can't break line/ d" -i ${TMPDIR}/${TEST_NAME}.warnings; 25 | fi 26 | if test -s ${TMPDIR}/${TEST_NAME}.warnings; 27 | then 28 | RESULT=${EXIT_FAILURE}; 29 | fi 30 | if test ${RESULT} -ne ${EXIT_SUCCESS}; 31 | then 32 | echo " (FAIL)"; 33 | else 34 | echo " (PASS)"; 35 | fi 36 | if test -s ${TMPDIR}/${TEST_NAME}.warnings; 37 | then 38 | cat ${TMPDIR}/${TEST_NAME}.warnings; 39 | fi 40 | return ${RESULT}; 41 | } 42 | 43 | if test "${OSTYPE}" = "msys"; 44 | then 45 | exit ${EXIT_IGNORE}; 46 | fi 47 | 48 | TEST_DIRECTORY=`dirname $0`; 49 | 50 | TEST_RUNNER="${TEST_DIRECTORY}/test_runner.sh"; 51 | 52 | if ! test -f "${TEST_RUNNER}"; 53 | then 54 | echo "Missing test runner: ${TEST_RUNNER}"; 55 | 56 | exit ${EXIT_FAILURE}; 57 | fi 58 | 59 | source ${TEST_RUNNER}; 60 | 61 | assert_availability_binary man; 62 | 63 | RESULT=${EXIT_IGNORE}; 64 | 65 | TMPDIR="tmp$$"; 66 | 67 | rm -rf ${TMPDIR}; 68 | mkdir ${TMPDIR}; 69 | 70 | MANUALS_PATH="../manuals"; 71 | 72 | if ! test -d ${MANUALS_PATH}; 73 | then 74 | MANUALS_PATH="manuals"; 75 | fi 76 | 77 | if ! test -d ${MANUALS_PATH}; 78 | then 79 | echo "Manuals directory not found."; 80 | 81 | exit ${EXIT_IGNORE}; 82 | fi 83 | 84 | for INPUT_FILE in ${MANUALS_PATH}/*.[13]; 85 | do 86 | run_test "${INPUT_FILE}"; 87 | RESULT=$?; 88 | 89 | if test ${RESULT} -ne ${EXIT_SUCCESS}; 90 | then 91 | break; 92 | fi 93 | done 94 | 95 | rm -rf ${TMPDIR}; 96 | 97 | exit ${RESULT}; 98 | 99 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | envlist = auditwheel,py3{7,8,9,10,11,12} 3 | 4 | [testenv] 5 | usedevelop = True 6 | pip_pre = True 7 | passenv = 8 | CFLAGS 9 | CPPFLAGS 10 | INCLUDE 11 | LDFLAGS 12 | LIB 13 | deps = 14 | build 15 | setuptools >= 65 16 | wheel 17 | commands = 18 | python -m build --no-isolation --outdir=dist --wheel 19 | python -m pip install --no-index --find-links=dist libevt-python 20 | python tests/runtests.py 21 | 22 | [testenv:auditwheel] 23 | usedevelop = True 24 | pip_pre = True 25 | deps = 26 | auditwheel 27 | setuptools >= 65 28 | commands = 29 | python -m auditwheel repair {posargs} 30 | --------------------------------------------------------------------------------