├── .codecov.yml ├── .github └── workflows │ ├── build.yml │ ├── build_freebsd.yml │ ├── build_ossfuzz.yml │ ├── build_shared.yml │ └── build_wheel.yml ├── .gitignore ├── AUTHORS ├── COPYING ├── COPYING.LESSER ├── ChangeLog ├── Makefile.am ├── NEWS ├── README ├── acinclude.m4 ├── appveyor.yml ├── autogen.ps1 ├── autogen.sh ├── build.ps1 ├── common ├── Makefile.am ├── byte_stream.h ├── common.h ├── config_borlandc.h ├── config_msc.h ├── config_winapi.h ├── file_stream.h ├── memory.h ├── narrow_string.h ├── system_string.h ├── types.h.in └── wide_string.h ├── configure.ac ├── documentation └── Windows XML Event Log (EVTX).asciidoc ├── dpkg ├── changelog.in ├── compat ├── control ├── copyright ├── libevtx-dev.install ├── libevtx-python3.install ├── libevtx-tools.install ├── libevtx.install ├── rules └── source │ └── format ├── dtfabric.yaml ├── evtxtools ├── Makefile.am ├── evtxexport.c ├── evtxinfo.c ├── evtxinput.c ├── evtxinput.h ├── evtxtools_getopt.c ├── evtxtools_getopt.h ├── evtxtools_i18n.h ├── evtxtools_libbfio.h ├── evtxtools_libcdirectory.h ├── evtxtools_libcerror.h ├── evtxtools_libclocale.h ├── evtxtools_libcnotify.h ├── evtxtools_libcpath.h ├── evtxtools_libcsplit.h ├── evtxtools_libevtx.h ├── evtxtools_libexe.h ├── evtxtools_libfcache.h ├── evtxtools_libfdatetime.h ├── evtxtools_libfguid.h ├── evtxtools_libfvalue.h ├── evtxtools_libfwevt.h ├── evtxtools_libfwnt.h ├── evtxtools_libregf.h ├── evtxtools_libuna.h ├── evtxtools_libwrc.h ├── evtxtools_output.c ├── evtxtools_output.h ├── evtxtools_signal.c ├── evtxtools_signal.h ├── evtxtools_system_split_string.h ├── evtxtools_unused.h ├── evtxtools_wide_string.c ├── evtxtools_wide_string.h ├── export_handle.c ├── export_handle.h ├── info_handle.c ├── info_handle.h ├── log_handle.c ├── log_handle.h ├── message_handle.c ├── message_handle.h ├── message_string.c ├── message_string.h ├── path_handle.c ├── path_handle.h ├── registry_file.c ├── registry_file.h ├── resource_file.c └── resource_file.h ├── include ├── Makefile.am ├── libevtx.h.in └── libevtx │ ├── codepage.h │ ├── definitions.h.in │ ├── error.h │ ├── extern.h │ ├── features.h.in │ └── types.h.in ├── libevtx.ini ├── libevtx.pc.in ├── libevtx.spec.in ├── libevtx ├── Makefile.am ├── evtx_chunk.h ├── evtx_event_record.h ├── evtx_file_header.h ├── libevtx.c ├── libevtx.rc.in ├── libevtx_byte_stream.c ├── libevtx_byte_stream.h ├── libevtx_checksum.c ├── libevtx_checksum.h ├── libevtx_chunk.c ├── libevtx_chunk.h ├── libevtx_chunks_table.c ├── libevtx_chunks_table.h ├── libevtx_codepage.c ├── libevtx_codepage.h ├── libevtx_debug.c ├── libevtx_debug.h ├── libevtx_definitions.h.in ├── libevtx_error.c ├── libevtx_error.h ├── libevtx_extern.h ├── libevtx_file.c ├── libevtx_file.h ├── libevtx_i18n.c ├── libevtx_i18n.h ├── libevtx_io_handle.c ├── libevtx_io_handle.h ├── libevtx_libbfio.h ├── libevtx_libcdata.h ├── libevtx_libcerror.h ├── libevtx_libclocale.h ├── libevtx_libcnotify.h ├── libevtx_libfcache.h ├── libevtx_libfdata.h ├── libevtx_libfdatetime.h ├── libevtx_libfguid.h ├── libevtx_libfwevt.h ├── libevtx_libuna.h ├── libevtx_notify.c ├── libevtx_notify.h ├── libevtx_record.c ├── libevtx_record.h ├── libevtx_record_values.c ├── libevtx_record_values.h ├── libevtx_support.c ├── libevtx_support.h ├── libevtx_template_definition.c ├── libevtx_template_definition.h ├── libevtx_types.h └── libevtx_unused.h ├── m4 ├── common.m4 ├── libbfio.m4 ├── libcdata.m4 ├── libcdirectory.m4 ├── libcerror.m4 ├── libcfile.m4 ├── libclocale.m4 ├── libcnotify.m4 ├── libcpath.m4 ├── libcsplit.m4 ├── libcthreads.m4 ├── libexe.m4 ├── libfcache.m4 ├── libfdata.m4 ├── libfdatetime.m4 ├── libfguid.m4 ├── libfvalue.m4 ├── libfwevt.m4 ├── libfwnt.m4 ├── libregf.m4 ├── libuna.m4 ├── libwrc.m4 ├── pthread.m4 ├── python.m4 ├── tests.m4 └── types.m4 ├── manuals ├── Makefile.am ├── evtxexport.1 ├── evtxinfo.1 └── libevtx.3 ├── msvscpp ├── Makefile.am ├── evtx_test_chunk │ └── evtx_test_chunk.vcproj ├── evtx_test_chunks_table │ └── evtx_test_chunks_table.vcproj ├── evtx_test_error │ └── evtx_test_error.vcproj ├── evtx_test_file │ └── evtx_test_file.vcproj ├── evtx_test_io_handle │ └── evtx_test_io_handle.vcproj ├── evtx_test_notify │ └── evtx_test_notify.vcproj ├── evtx_test_record │ └── evtx_test_record.vcproj ├── evtx_test_record_values │ └── evtx_test_record_values.vcproj ├── evtx_test_support │ └── evtx_test_support.vcproj ├── evtx_test_template_definition │ └── evtx_test_template_definition.vcproj ├── evtx_test_tools_info_handle │ └── evtx_test_tools_info_handle.vcproj ├── evtx_test_tools_message_handle │ └── evtx_test_tools_message_handle.vcproj ├── evtx_test_tools_message_string │ └── evtx_test_tools_message_string.vcproj ├── evtx_test_tools_output │ └── evtx_test_tools_output.vcproj ├── evtx_test_tools_path_handle │ └── evtx_test_tools_path_handle.vcproj ├── evtx_test_tools_registry_file │ └── evtx_test_tools_registry_file.vcproj ├── evtx_test_tools_resource_file │ └── evtx_test_tools_resource_file.vcproj ├── evtx_test_tools_signal │ └── evtx_test_tools_signal.vcproj ├── evtxexport │ └── evtxexport.vcproj ├── evtxinfo │ └── evtxinfo.vcproj ├── libbfio │ └── libbfio.vcproj ├── libcdata │ └── libcdata.vcproj ├── libcdirectory │ └── libcdirectory.vcproj ├── libcerror │ └── libcerror.vcproj ├── libcfile │ └── libcfile.vcproj ├── libclocale │ └── libclocale.vcproj ├── libcnotify │ └── libcnotify.vcproj ├── libcpath │ └── libcpath.vcproj ├── libcsplit │ └── libcsplit.vcproj ├── libcthreads │ └── libcthreads.vcproj ├── libevtx.sln ├── libevtx │ └── libevtx.vcproj ├── libexe │ └── libexe.vcproj ├── libfcache │ └── libfcache.vcproj ├── libfdata │ └── libfdata.vcproj ├── libfdatetime │ └── libfdatetime.vcproj ├── libfguid │ └── libfguid.vcproj ├── libfvalue │ └── libfvalue.vcproj ├── libfwevt │ └── libfwevt.vcproj ├── libfwnt │ └── libfwnt.vcproj ├── libregf │ └── libregf.vcproj ├── libuna │ └── libuna.vcproj ├── libwrc │ └── libwrc.vcproj └── pyevtx │ └── pyevtx.vcproj ├── ossfuzz ├── Makefile.am ├── file_fuzzer.cc ├── ossfuzz_libbfio.h ├── ossfuzz_libevtx.h └── record_fuzzer.cc ├── po ├── ChangeLog ├── Makevars.in └── POTFILES.in ├── pyevtx ├── Makefile.am ├── pyevtx.c ├── pyevtx.h ├── pyevtx_codepage.c ├── pyevtx_codepage.h ├── pyevtx_datetime.c ├── pyevtx_datetime.h ├── pyevtx_error.c ├── pyevtx_error.h ├── pyevtx_event_levels.c ├── pyevtx_event_levels.h ├── pyevtx_file.c ├── pyevtx_file.h ├── pyevtx_file_flags.c ├── pyevtx_file_flags.h ├── pyevtx_file_object_io_handle.c ├── pyevtx_file_object_io_handle.h ├── pyevtx_integer.c ├── pyevtx_integer.h ├── pyevtx_libbfio.h ├── pyevtx_libcerror.h ├── pyevtx_libclocale.h ├── pyevtx_libevtx.h ├── pyevtx_libfwnt.h ├── pyevtx_python.h ├── pyevtx_record.c ├── pyevtx_record.h ├── pyevtx_records.c ├── pyevtx_records.h ├── pyevtx_strings.c ├── pyevtx_strings.h └── pyevtx_unused.h ├── pyproject.toml ├── runtests.ps1 ├── runtests.sh ├── setup.cfg.in ├── setup.py ├── synclibs.ps1 ├── synclibs.sh ├── synctestdata.ps1 ├── synctestdata.sh ├── tests ├── Makefile.am ├── build.sh ├── evtx_test_chunk.c ├── evtx_test_chunks_table.c ├── evtx_test_error.c ├── evtx_test_file.c ├── evtx_test_functions.c ├── evtx_test_functions.h ├── evtx_test_getopt.c ├── evtx_test_getopt.h ├── evtx_test_io_handle.c ├── evtx_test_libbfio.h ├── evtx_test_libcerror.h ├── evtx_test_libclocale.h ├── evtx_test_libcnotify.h ├── evtx_test_libevtx.h ├── evtx_test_libuna.h ├── evtx_test_macros.h ├── evtx_test_memory.c ├── evtx_test_memory.h ├── evtx_test_notify.c ├── evtx_test_record.c ├── evtx_test_record_values.c ├── evtx_test_support.c ├── evtx_test_template_definition.c ├── evtx_test_tools_info_handle.c ├── evtx_test_tools_message_handle.c ├── evtx_test_tools_message_string.c ├── evtx_test_tools_output.c ├── evtx_test_tools_path_handle.c ├── evtx_test_tools_registry_file.c ├── evtx_test_tools_resource_file.c ├── evtx_test_tools_signal.c ├── evtx_test_unused.h ├── lsan.suppressions ├── pkgbuild.sh ├── pyevtx_test_file.py ├── pyevtx_test_support.py ├── runtests.py ├── runtests.sh ├── syncsharedlibs.sh ├── test_evtxexport.sh ├── test_evtxinfo.ps1 ├── test_evtxinfo.sh ├── test_library.ps1 ├── test_library.sh ├── test_manpage.sh ├── test_python_module.sh ├── test_runner.sh ├── test_tools.ps1 └── test_tools.sh └── tox.ini /.codecov.yml: -------------------------------------------------------------------------------- 1 | coverage: 2 | precision: 2 3 | round: down 4 | range: 70...100 5 | status: 6 | project: true 7 | patch: true 8 | changes: false 9 | ignore: 10 | - "libbfio/*" 11 | - "libcdata/*" 12 | - "libcdirectory/*" 13 | - "libcerror/*" 14 | - "libcfile/*" 15 | - "libclocale/*" 16 | - "libcnotify/*" 17 | - "libcpath/*" 18 | - "libcsplit/*" 19 | - "libcthreads/*" 20 | - "libexe/*" 21 | - "libfcache/*" 22 | - "libfdata/*" 23 | - "libfdatetime/*" 24 | - "libfguid/*" 25 | - "libfvalue/*" 26 | - "libfwevt/*" 27 | - "libfwnt/*" 28 | - "libregf/*" 29 | - "libuna/*" 30 | - "libwrc/*" 31 | - "tests/*" 32 | -------------------------------------------------------------------------------- /.github/workflows/build_freebsd.yml: -------------------------------------------------------------------------------- 1 | # Build from source on FreeBSD. 2 | name: build_freebsd 3 | on: [push] 4 | permissions: read-all 5 | jobs: 6 | build_freebsd: 7 | runs-on: ubuntu-22.04 8 | steps: 9 | - uses: actions/checkout@v4 10 | - name: Building from source 11 | id: build_freebsd 12 | uses: vmactions/freebsd-vm@v1 13 | with: 14 | usesh: true 15 | mem: 4096 16 | # Note that the test scripts require bash 17 | prepare: | 18 | pkg install -y autoconf automake bash gettext git libtool pkgconf 19 | run: | 20 | tests/build.sh 21 | tests/runtests.sh 22 | -------------------------------------------------------------------------------- /.github/workflows/build_ossfuzz.yml: -------------------------------------------------------------------------------- 1 | # Build OSSFuzz fuzz targets from source. 2 | name: build_ossfuzz 3 | on: 4 | push: 5 | branches: [main] 6 | permissions: read-all 7 | jobs: 8 | build_ossfuzz: 9 | runs-on: ubuntu-22.04 10 | strategy: 11 | matrix: 12 | include: 13 | - architecture: 'x64' 14 | compiler: 'gcc' 15 | configure_options: '' 16 | steps: 17 | - name: Install build dependencies 18 | run: | 19 | sudo apt-get -y install git 20 | - uses: actions/checkout@v4 21 | with: 22 | repository: google/oss-fuzz 23 | path: oss-fuzz 24 | - name: Build OSSFuzz fuzz targets 25 | working-directory: oss-fuzz 26 | run: | 27 | mkdir -p projects/libevtx 28 | cp projects/libyal/build.sh projects/libevtx/ 29 | cp projects/libyal/project.yaml projects/libevtx/ 30 | head -n 20 projects/libyal/Dockerfile > projects/libevtx/Dockerfile 31 | echo "RUN git clone --depth 1 https://github.com/libyal/libevtx.git libevtx" >> projects/libevtx/Dockerfile 32 | tail -n 3 projects/libyal/Dockerfile >> projects/libevtx/Dockerfile 33 | python3 infra/helper.py build_image --pull libevtx 34 | python3 infra/helper.py build_fuzzers --sanitizer address libevtx 35 | python3 infra/helper.py check_build libevtx 36 | -------------------------------------------------------------------------------- /.github/workflows/build_shared.yml: -------------------------------------------------------------------------------- 1 | # Build from source with libyal dependencies as shared libraries. 2 | name: build_shared 3 | on: 4 | push: 5 | branches: [main] 6 | permissions: read-all 7 | jobs: 8 | build_shared_ubuntu: 9 | runs-on: ubuntu-22.04 10 | strategy: 11 | matrix: 12 | include: 13 | - architecture: 'x64' 14 | compiler: 'gcc' 15 | configure_options: '--enable-wide-character-type' 16 | steps: 17 | - uses: actions/checkout@v4 18 | - name: Install build dependencies 19 | run: | 20 | sudo apt-get -y install autoconf automake autopoint build-essential git libtool pkg-config 21 | - name: Download test data 22 | run: | 23 | if test -x "synctestdata.sh"; then ./synctestdata.sh; fi 24 | - name: Prepare shared libraries 25 | run: | 26 | tests/syncsharedlibs.sh --use-head 27 | - name: Building from source 28 | env: 29 | CC: ${{ matrix.compiler }} 30 | run: | 31 | tests/build.sh ${{ matrix.configure_options }} 32 | - name: Run tests 33 | run: | 34 | tests/runtests.sh 35 | -------------------------------------------------------------------------------- /.github/workflows/build_wheel.yml: -------------------------------------------------------------------------------- 1 | # Build wheel from source using tox. 2 | name: build_wheel 3 | on: [push, pull_request] 4 | permissions: read-all 5 | jobs: 6 | build_wheel: 7 | runs-on: ubuntu-22.04 8 | strategy: 9 | matrix: 10 | include: 11 | - python-version: '3.7' 12 | toxenv: 'py37' 13 | - python-version: '3.8' 14 | toxenv: 'py38' 15 | - python-version: '3.9' 16 | toxenv: 'py39' 17 | - python-version: '3.10' 18 | toxenv: 'py310' 19 | - python-version: '3.11' 20 | toxenv: 'py311' 21 | - python-version: '3.12' 22 | toxenv: 'py312' 23 | steps: 24 | - uses: actions/checkout@v4 25 | - name: Install build dependencies 26 | run: | 27 | sudo add-apt-repository universe && 28 | sudo add-apt-repository -y ppa:deadsnakes/ppa && 29 | sudo apt-get update && 30 | sudo apt-get install -y autoconf automake autopoint build-essential git libtool pkg-config python${{ matrix.python-version }} python${{ matrix.python-version }}-dev python${{ matrix.python-version }}-venv python3-distutils python3-pip python3-setuptools 31 | - name: Install tox 32 | run: | 33 | python3 -m pip install tox 34 | - name: Download test data 35 | run: | 36 | if test -x "synctestdata.sh"; then ./synctestdata.sh; fi 37 | - name: Prepare build 38 | run: | 39 | ./synclibs.sh --use-head && ./autogen.sh && ./configure && make sources >/dev/null 40 | - name: Build Python wheel 41 | run: | 42 | tox -e${{ matrix.toxenv }} 43 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Acknowledgements: libevtx 2 | 3 | Copyright (C) 2011-2024, Joachim Metz 4 | 5 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libyal/libevtx/22e208e4837786c4c88e1c7679357d66bb4c6c90/NEWS -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | libevtx is a library to access the Windows XML Event Log (EVTX) format. 2 | 3 | Project information: 4 | 5 | * Status: alpha 6 | * Licence: LGPLv3+ 7 | 8 | Planned: 9 | 10 | * Multi-threading support 11 | 12 | For more information see: 13 | 14 | * Project documentation: https://github.com/libyal/libevtx/wiki/Home 15 | * How to build from source: https://github.com/libyal/libevtx/wiki/Building 16 | 17 | -------------------------------------------------------------------------------- /acinclude.m4: -------------------------------------------------------------------------------- 1 | dnl Checks for required headers and functions 2 | dnl 3 | dnl Version: 20200713 4 | 5 | dnl Function to detect if libevtx dependencies are available 6 | AC_DEFUN([AX_LIBEVTX_CHECK_LOCAL], 7 | [dnl Check for internationalization functions in libevtx/libevtx_i18n.c 8 | AC_CHECK_FUNCS([bindtextdomain]) 9 | 10 | dnl Headers included in libevtx/libevtx_xml_tag.h 11 | AC_CHECK_HEADERS([wctype.h]) 12 | 13 | dnl Functions used in libevtx/libevtx_xml_tag.h 14 | AC_CHECK_FUNCS([towupper]) 15 | 16 | AS_IF( 17 | [test "x$ac_cv_func_towupper" != xyes], 18 | [AC_MSG_FAILURE( 19 | [Missing function: towupper], 20 | [1]) 21 | ]) 22 | ]) 23 | 24 | dnl Function to detect if evtxtools dependencies are available 25 | AC_DEFUN([AX_EVTXTOOLS_CHECK_LOCAL], 26 | [AC_CHECK_HEADERS([signal.h sys/signal.h unistd.h]) 27 | 28 | AC_CHECK_FUNCS([close getopt setvbuf]) 29 | 30 | AS_IF( 31 | [test "x$ac_cv_func_close" != xyes], 32 | [AC_MSG_FAILURE( 33 | [Missing function: close], 34 | [1]) 35 | ]) 36 | 37 | dnl Headers included in evtxtools/log_handle.c 38 | AC_CHECK_HEADERS([stdarg.h varargs.h]) 39 | 40 | AS_IF( 41 | [test "x$ac_cv_header_stdarg_h" != xyes && test "x$ac_cv_header_varargs_h" != xyes], 42 | [AC_MSG_FAILURE( 43 | [Missing headers: stdarg.h and varargs.h], 44 | [1]) 45 | ]) 46 | ]) 47 | 48 | dnl Function to check if DLL support is needed 49 | AC_DEFUN([AX_LIBEVTX_CHECK_DLL_SUPPORT], 50 | [AS_IF( 51 | [test "x$enable_shared" = xyes && test "x$ac_cv_enable_static_executables" = xno], 52 | [AS_CASE( 53 | [$host], 54 | [*cygwin* | *mingw* | *msys*], 55 | [AC_DEFINE( 56 | [HAVE_DLLMAIN], 57 | [1], 58 | [Define to 1 to enable the DllMain function.]) 59 | AC_SUBST( 60 | [HAVE_DLLMAIN], 61 | [1]) 62 | 63 | AC_SUBST( 64 | [LIBEVTX_DLL_EXPORT], 65 | ["-DLIBEVTX_DLL_EXPORT"]) 66 | 67 | AC_SUBST( 68 | [LIBEVTX_DLL_IMPORT], 69 | ["-DLIBEVTX_DLL_IMPORT"]) 70 | ]) 71 | ]) 72 | ]) 73 | 74 | -------------------------------------------------------------------------------- /common/Makefile.am: -------------------------------------------------------------------------------- 1 | AM_CPPFLAGS = \ 2 | -I../include -I$(top_srcdir)/include 3 | 4 | EXTRA_DIST = \ 5 | byte_stream.h \ 6 | common.h \ 7 | config.h \ 8 | config_borlandc.h \ 9 | config_msc.h \ 10 | config_winapi.h \ 11 | file_stream.h \ 12 | memory.h \ 13 | narrow_string.h \ 14 | system_string.h \ 15 | types.h \ 16 | types.h.in \ 17 | wide_string.h 18 | 19 | DISTCLEANFILES = \ 20 | config.h \ 21 | types.h \ 22 | Makefile \ 23 | Makefile.in 24 | 25 | -------------------------------------------------------------------------------- /common/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Common include file 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _COMMON_H ) 23 | #define _COMMON_H 24 | 25 | #if defined( HAVE_CONFIG_H ) 26 | #include "config.h" 27 | #endif 28 | 29 | /* Include the Borland/CodeGear C++ Builder compiler specific configuration 30 | */ 31 | #if defined( __BORLANDC__ ) 32 | #include "config_borlandc.h" 33 | 34 | /* Include the Microsoft Visual Studio C++ compiler specific configuration 35 | */ 36 | #elif defined( _MSC_VER ) 37 | #include "config_msc.h" 38 | #endif 39 | 40 | #include "config_winapi.h" 41 | 42 | #endif /* !defined( _COMMON_H ) */ 43 | 44 | -------------------------------------------------------------------------------- /common/config_borlandc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Configuration for the Borland/CodeGear C++ Builder compiler 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _CONFIG_BORLANDC_H ) 23 | #define _CONFIG_BORLANDC_H 24 | 25 | #endif /* !defined( _CONFIG_BORLANDC_H ) */ 26 | 27 | -------------------------------------------------------------------------------- /common/config_msc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Configuration for the Microsoft Visual Studio C++ compiler 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _CONFIG_MSC_H ) 23 | #define _CONFIG_MSC_H 24 | 25 | /* Disable warning C4127: conditional expression is constant 26 | */ 27 | #pragma warning( disable : 4127 ) 28 | 29 | /* Disable warning C4201: nonstandard extension used : nameless struct/union 30 | */ 31 | #pragma warning( disable : 4201 ) 32 | 33 | #endif /* !defined( _CONFIG_MSC_H ) */ 34 | 35 | -------------------------------------------------------------------------------- /common/config_winapi.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Configuration file for WINAPI 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _CONFIG_WINAPI_H ) 23 | #define _CONFIG_WINAPI_H 24 | 25 | /* Define the earliest supported WINAPI version 26 | #define WINVER 0x0501 27 | */ 28 | 29 | /* If necessary make sure WINAPI is defined 30 | */ 31 | #if defined( HAVE_WINDOWS_H ) || defined( __BORLANDC__ ) || defined( _MSC_VER ) 32 | #include 33 | #endif 34 | 35 | #if defined( WINAPI ) 36 | 37 | /* Define to the address where bug reports for this package should be sent. 38 | */ 39 | #define PACKAGE_BUGREPORT "joachim.metz@gmail.com" 40 | 41 | /* Define the size of the integer for WINAPI 42 | */ 43 | #if !defined( SIZEOF_INT ) 44 | #define SIZEOF_INT 4 45 | #endif 46 | 47 | /* Define the size of size_t for WINAPI 48 | * Do not define when pyconfig.h has been included via python.h 49 | */ 50 | #if !defined( HAVE_PYCONFIG_H ) 51 | 52 | #if !defined( SIZEOF_SIZE_T ) 53 | #if __WORDSIZE == 64 54 | #define SIZEOF_SIZE_T 8 55 | #else 56 | #define SIZEOF_SIZE_T 4 57 | #endif 58 | #endif 59 | 60 | #endif /* !defined( HAVE_PYCONFIG_H ) */ 61 | 62 | /* Define the size of the wide character for WINAPI 63 | */ 64 | #if !defined( SIZEOF_WCHAR_T ) 65 | #define SIZEOF_WCHAR_T 2 66 | #endif 67 | 68 | /* Enable the DllMain function 69 | */ 70 | #define HAVE_DLLMAIN 1 71 | 72 | /* Enable verbose output 73 | #define HAVE_VERBOSE_OUTPUT 1 74 | */ 75 | 76 | /* Enable debug output 77 | #define HAVE_DEBUG_OUTPUT 1 78 | */ 79 | 80 | /* Enable both the narrow and wide character functions 81 | */ 82 | #if !defined( HAVE_WIDE_CHARACTER_TYPE ) 83 | #define HAVE_WIDE_CHARACTER_TYPE 1 84 | #endif 85 | 86 | /* If not controlled by config.h enable multi-thread support 87 | */ 88 | #if !defined( HAVE_CONFIG_H ) && !defined( HAVE_MULTI_THREAD_SUPPORT ) 89 | #define HAVE_MULTI_THREAD_SUPPORT 1 90 | #endif 91 | 92 | #endif /* defined( WINAPI ) */ 93 | 94 | #endif /* !defined( _CONFIG_WINAPI_H ) */ 95 | 96 | -------------------------------------------------------------------------------- /dpkg/changelog.in: -------------------------------------------------------------------------------- 1 | libevtx (@VERSION@-1) unstable; urgency=low 2 | 3 | * Auto-generated 4 | 5 | -- Joachim Metz @DPKG_DATE@ 6 | -------------------------------------------------------------------------------- /dpkg/compat: -------------------------------------------------------------------------------- 1 | 10 2 | -------------------------------------------------------------------------------- /dpkg/control: -------------------------------------------------------------------------------- 1 | Source: libevtx 2 | Priority: extra 3 | Maintainer: Joachim Metz 4 | Build-Depends: debhelper (>= 9), dh-autoreconf, dh-python, pkg-config, python3-dev, python3-setuptools 5 | Standards-Version: 4.1.4 6 | Section: libs 7 | Homepage: https://github.com/libyal/libevtx 8 | Vcs-Git: https://github.com/libyal/libevtx.git 9 | 10 | Package: libevtx 11 | Architecture: any 12 | Depends: ${shlibs:Depends}, ${misc:Depends} 13 | Conflicts: libevtx1 14 | Replaces: libevtx1 15 | Suggests: libevtx-dbg 16 | Description: Library to access the Windows XML Event Log (EVTX) format 17 | libevtx is a library to access the Windows XML Event Log (EVTX) format. 18 | 19 | Package: libevtx-dbg 20 | Architecture: any 21 | Section: debug 22 | Depends: libevtx (= ${binary:Version}), ${misc:Depends} 23 | Description: Debugging symbols for libevtx 24 | Debugging symbols for libevtx. 25 | 26 | Package: libevtx-dev 27 | Section: libdevel 28 | Architecture: any 29 | Depends: libevtx (= ${binary:Version}), ${misc:Depends} 30 | Description: Header files and libraries for developing applications for libevtx 31 | Header files and libraries for developing applications for libevtx. 32 | 33 | Package: libevtx-tools 34 | Section: utils 35 | Architecture: any 36 | Depends: libevtx (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} 37 | Conflicts: libevtx-utils 38 | Replaces: libevtx-utils 39 | Description: Several tools for reading Windows XML Event Log (EVTX) files 40 | Several tools for reading Windows XML Event Log (EVTX) files. 41 | 42 | Package: libevtx-tools-dbg 43 | Section: debug 44 | Architecture: any 45 | Depends: libevtx-tools (= ${binary:Version}), ${misc:Depends} 46 | Description: Debugging symbols for libevtx-tools 47 | Debugging symbols for libevtx-tools. 48 | 49 | Package: libevtx-python3 50 | Section: python 51 | Architecture: any 52 | Depends: libevtx (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} 53 | Conflicts: python3-libevtx 54 | Replaces: python3-libevtx 55 | Suggests: libevtx-python3-dbg 56 | Description: Python 3 bindings for libevtx 57 | Python 3 bindings for libevtx. 58 | 59 | Package: libevtx-python3-dbg 60 | Section: debug 61 | Architecture: any 62 | Depends: libevtx-python3 (= ${binary:Version}), ${misc:Depends} 63 | Description: Debugging symbols for libevtx-python3 64 | Debugging symbols for libevtx-python3. 65 | 66 | -------------------------------------------------------------------------------- /dpkg/copyright: -------------------------------------------------------------------------------- 1 | Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ 2 | Upstream-Name: libevtx 3 | Source: https://github.com/libyal/libevtx 4 | 5 | Files: * 6 | Copyright: 2011-2024, Joachim Metz 7 | License: LGPL-3.0+ 8 | 9 | License: LGPL-3.0+ 10 | This package is free software; you can redistribute it and/or 11 | modify it under the terms of the GNU Lesser General Public 12 | License as published by the Free Software Foundation; either 13 | version 3 of the License, or (at your option) any later version. 14 | . 15 | This package is distributed in the hope that it will be useful, 16 | but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 | Lesser General Public License for more details. 19 | . 20 | You should have received a copy of the GNU General Public License 21 | along with this program. If not, see . 22 | . 23 | On Debian systems, the complete text of the GNU Lesser General 24 | Public License can be found in "/usr/share/common-licenses/LGPL-3". 25 | 26 | -------------------------------------------------------------------------------- /dpkg/libevtx-dev.install: -------------------------------------------------------------------------------- 1 | usr/include/* 2 | usr/lib/*-*/lib*.a 3 | usr/lib/*-*/lib*.so 4 | usr/lib/*-*/pkgconfig/* 5 | usr/share/man/man3 6 | -------------------------------------------------------------------------------- /dpkg/libevtx-python3.install: -------------------------------------------------------------------------------- 1 | /usr/lib/python3* 2 | -------------------------------------------------------------------------------- /dpkg/libevtx-tools.install: -------------------------------------------------------------------------------- 1 | usr/bin 2 | usr/share/man/man1 3 | -------------------------------------------------------------------------------- /dpkg/libevtx.install: -------------------------------------------------------------------------------- 1 | usr/lib/*-*/lib*.so.* 2 | -------------------------------------------------------------------------------- /dpkg/rules: -------------------------------------------------------------------------------- 1 | #!/usr/bin/make -f 2 | # -*- makefile -*- 3 | 4 | # Uncomment for debhelper verbose output. 5 | # export DH_VERBOSE=1 6 | 7 | export SKIP_PYTHON_TESTS=1 8 | 9 | %: 10 | dh $@ --buildsystem=autoconf --with=autoreconf,python3 11 | 12 | .PHONY: override_dh_auto_configure 13 | override_dh_auto_configure: 14 | dh_auto_configure -- --enable-python CFLAGS="-g" 15 | 16 | .PHONY: override_dh_install 17 | override_dh_install: 18 | dh_install --fail-missing -X.la -X/pyevtx.a 19 | 20 | .PHONY: override_dh_missing 21 | override_dh_missing: 22 | dh_missing -X.la -X/pyevtx.a --fail-missing 23 | 24 | .PHONY: override_dh_strip 25 | override_dh_strip: 26 | ifeq (,$(filter nostrip,$(DEB_BUILD_OPTIONS))) 27 | dh_strip -plibevtx --dbg-package=libevtx-dbg 28 | dh_strip -plibevtx-tools --dbg-package=libevtx-tools-dbg 29 | dh_strip -plibevtx-python3 --dbg-package=libevtx-python3-dbg 30 | endif 31 | 32 | -------------------------------------------------------------------------------- /dpkg/source/format: -------------------------------------------------------------------------------- 1 | 3.0 (quilt) 2 | -------------------------------------------------------------------------------- /dtfabric.yaml: -------------------------------------------------------------------------------- 1 | name: evtx 2 | type: format 3 | description: Windows XML Event Log (EVTX) format 4 | urls: ["https://github.com/libyal/libevtx/blob/main/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc" 5 | metadata: 6 | authors: ['Joachim Metz '] 7 | year: 2011 8 | attributes: 9 | byte_order: little-endian 10 | layout: 11 | - data_type: file_header 12 | offset: 0 13 | --- 14 | name: byte 15 | type: integer 16 | attributes: 17 | format: unsigned 18 | size: 1 19 | units: bytes 20 | --- 21 | name: uint32 22 | type: integer 23 | attributes: 24 | format: unsigned 25 | size: 4 26 | units: bytes 27 | --- 28 | name: uint64 29 | type: integer 30 | attributes: 31 | format: unsigned 32 | size: 8 33 | units: bytes 34 | --- 35 | name: file_header 36 | type: structure 37 | description: File header 38 | members: 39 | - name: signature 40 | type: stream 41 | element_data_type: byte 42 | elements_data_size: 8 43 | value: "ElfFile\x00" 44 | - name: first_chunk_number 45 | data_type: uint64 46 | - name: last_chunk_number 47 | data_type: uint64 48 | - name: next_record_identifier 49 | data_type: uint64 50 | - name: header_size 51 | data_type: uint32 52 | - name: minor_format_version 53 | data_type: uint16 54 | - name: major_format_version 55 | data_type: uint16 56 | - name: header_block_size 57 | data_type: uint16 58 | - name: number_of_chunks 59 | data_type: uint16 60 | - name: unknown1 61 | type: stream 62 | element_data_type: byte 63 | elements_data_size: 76 64 | - name: file_flags 65 | data_type: uint32 66 | - name: checksum 67 | data_type: uint32 68 | -------------------------------------------------------------------------------- /evtxtools/evtxinput.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Common input functions for the evtxtools 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXINPUT_H ) 23 | #define _EVTXINPUT_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evtxtools_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | enum EVTXTOOLS_EVENT_LOG_TYPES 35 | { 36 | EVTXTOOLS_EVENT_LOG_TYPE_UNKNOWN, 37 | EVTXTOOLS_EVENT_LOG_TYPE_APPLICATION, 38 | EVTXTOOLS_EVENT_LOG_TYPE_DFS_REPLICATION, 39 | EVTXTOOLS_EVENT_LOG_TYPE_HARDWARE_EVENTS, 40 | EVTXTOOLS_EVENT_LOG_TYPE_INTERNET_EXPLORER, 41 | EVTXTOOLS_EVENT_LOG_TYPE_KEY_MANAGEMENT_SERVICE, 42 | EVTXTOOLS_EVENT_LOG_TYPE_MEDIA_CENTER, 43 | EVTXTOOLS_EVENT_LOG_TYPE_SECURITY, 44 | EVTXTOOLS_EVENT_LOG_TYPE_SYSTEM 45 | }; 46 | 47 | int evtxinput_determine_event_log_type( 48 | const system_character_t *string, 49 | int *event_log_type, 50 | libcerror_error_t **error ); 51 | 52 | int evtxinput_determine_event_log_type_from_filename( 53 | const system_character_t *filename, 54 | int *event_log_type, 55 | libcerror_error_t **error ); 56 | 57 | #if defined( __cplusplus ) 58 | } 59 | #endif 60 | 61 | #endif /* !defined( _EVTXINPUT_H ) */ 62 | 63 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_getopt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * GetOpt functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_GETOPT_H ) 23 | #define _EVTXTOOLS_GETOPT_H 24 | 25 | #include 26 | #include 27 | 28 | /* unistd.h is included here to export getopt, optarg, optind and optopt 29 | */ 30 | #if defined( HAVE_UNISTD_H ) 31 | #include 32 | #endif 33 | 34 | #if defined( __cplusplus ) 35 | extern "C" { 36 | #endif 37 | 38 | #if defined( HAVE_GETOPT ) 39 | #define evtxtools_getopt( argument_count, argument_values, options_string ) \ 40 | getopt( argument_count, argument_values, options_string ) 41 | 42 | #else 43 | 44 | #if !defined( __CYGWIN__ ) 45 | extern int optind; 46 | extern system_character_t *optarg; 47 | extern system_integer_t optopt; 48 | 49 | #else 50 | int optind; 51 | system_character_t *optarg; 52 | system_integer_t optopt; 53 | 54 | #endif /* !defined( __CYGWIN__ ) */ 55 | 56 | system_integer_t evtxtools_getopt( 57 | int argument_count, 58 | system_character_t * const argument_values[], 59 | const system_character_t *options_string ); 60 | 61 | #endif /* defined( HAVE_GETOPT ) */ 62 | 63 | #if defined( __cplusplus ) 64 | } 65 | #endif 66 | 67 | #endif /* !defined( _EVTXTOOLS_GETOPT_H ) */ 68 | 69 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_i18n.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Internationalization (i18n) functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_I18N_H ) 23 | #define _EVTXTOOLS_I18N_H 24 | 25 | #include 26 | 27 | #if defined( HAVE_LIBINTL_H ) 28 | #include 29 | #endif 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | /* TODO for now do nothing i18n-like 36 | #define _( string ) \ 37 | gettext( string ) 38 | */ 39 | 40 | #define _( string ) \ 41 | string 42 | 43 | #if defined( __cplusplus ) 44 | } 45 | #endif 46 | 47 | #endif /* !defined( _EVTXTOOLS_I18N_H ) */ 48 | 49 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBBFIO_H ) 23 | #define _EVTXTOOLS_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _EVTXTOOLS_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libcdirectory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal libcdirectory header 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBCDIRECTORY_H ) 23 | #define _EVTXTOOLS_LIBCDIRECTORY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCDIRECTORY for local use of libcdirectory 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCDIRECTORY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCDIRECTORY_DLL_IMPORT 39 | * before including libcdirectory.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCDIRECTORY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif 48 | 49 | #endif 50 | 51 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBCERROR_H ) 23 | #define _EVTXTOOLS_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _EVTXTOOLS_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBCLOCALE_H ) 23 | #define _EVTXTOOLS_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _EVTXTOOLS_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libcnotify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcnotify header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBCNOTIFY_H ) 23 | #define _EVTXTOOLS_LIBCNOTIFY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCNOTIFY for local use of libcnotify 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCNOTIFY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCNOTIFY_DLL_IMPORT 39 | * before including libcnotify.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBCNOTIFY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCNOTIFY ) */ 48 | 49 | #endif /* !defined( _EVTXTOOLS_LIBCNOTIFY_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libcpath.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcpath header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBCPATH_H ) 23 | #define _EVTXTOOLS_LIBCPATH_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCPATH for local use of libcpath 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCPATH ) 30 | 31 | #include 32 | #include 33 | 34 | #else 35 | 36 | /* If libtool DLL support is enabled set LIBCPATH_DLL_IMPORT 37 | * before including libcpath.h 38 | */ 39 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 40 | #define LIBCPATH_DLL_IMPORT 41 | #endif 42 | 43 | #include 44 | 45 | #endif /* defined( HAVE_LOCAL_LIBCPATH ) */ 46 | 47 | #endif /* !defined( _EVTXTOOLS_LIBCPATH_H ) */ 48 | 49 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libcsplit.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal libcsplit header 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBCSPLIT_H ) 23 | #define _EVTXTOOLS_LIBCSPLIT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCSPLIT for local use of libcsplit 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCSPLIT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #else 39 | 40 | /* If libtool DLL support is enabled set LIBCSPLIT_DLL_IMPORT 41 | * before including libcsplit.h 42 | */ 43 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 44 | #define LIBCSPLIT_DLL_IMPORT 45 | #endif 46 | 47 | #include 48 | 49 | #endif 50 | 51 | #endif 52 | 53 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libevtx.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libevtx header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBEVTX_H ) 23 | #define _EVTXTOOLS_LIBEVTX_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _EVTXTOOLS_LIBEVTX_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libexe.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libexe header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBEXE_H ) 23 | #define _EVTXTOOLS_LIBEXE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBEXE for local use of libexe 28 | */ 29 | #if defined( HAVE_LOCAL_LIBEXE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBEXE_DLL_IMPORT 39 | * before including libexe.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBEXE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif 48 | 49 | #endif 50 | 51 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libfcache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfcache header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBFCACHE_H ) 23 | #define _EVTXTOOLS_LIBFCACHE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFCACHE for local use of libfcache 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFCACHE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBFCACHE_DLL_IMPORT 39 | * before including libfcache.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 42 | #define LIBFCACHE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBFCACHE ) */ 48 | 49 | #endif /* !defined( _EVTXTOOLS_LIBFCACHE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libfdatetime.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfdatetime header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBFDATETIME_H ) 23 | #define _EVTXTOOLS_LIBFDATETIME_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFDATETIME for local use of libfdatetime 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFDATETIME ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #else 43 | 44 | /* If libtool DLL support is enabled set LIBFDATETIME_DLL_IMPORT 45 | * before including libfdatetime.h 46 | */ 47 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 48 | #define LIBFDATETIME_DLL_IMPORT 49 | #endif 50 | 51 | #include 52 | 53 | #endif /* defined( HAVE_LOCAL_LIBFDATETIME ) */ 54 | 55 | #endif /* !defined( _EVTXTOOLS_LIBFDATETIME_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libfguid.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfguid header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBFGUID_H ) 23 | #define _EVTXTOOLS_LIBFGUID_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFGUID for local use of libfguid 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFGUID ) 30 | 31 | #include 32 | #include 33 | #include 34 | 35 | #else 36 | 37 | /* If libtool DLL support is enabled set LIBFGUID_DLL_IMPORT 38 | * before including libfguid.h 39 | */ 40 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 41 | #define LIBFGUID_DLL_IMPORT 42 | #endif 43 | 44 | #include 45 | 46 | #endif /* defined( HAVE_LOCAL_LIBFGUID ) */ 47 | 48 | #endif /* !defined( _EVTXTOOLS_LIBFGUID_H ) */ 49 | 50 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libfvalue.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfvalue header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBFVALUE_H ) 23 | #define _EVTXTOOLS_LIBFVALUE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFVALUE for local use of libfvalue 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFVALUE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | 45 | #else 46 | 47 | /* If libtool DLL support is enabled set LIBFVALUE_DLL_IMPORT 48 | * before including libfvalue.h 49 | */ 50 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 51 | #define LIBFVALUE_DLL_IMPORT 52 | #endif 53 | 54 | #include 55 | 56 | #endif /* defined( HAVE_LOCAL_LIBFVALUE ) */ 57 | 58 | #endif /* !defined( _EVTXTOOLS_LIBFVALUE_H ) */ 59 | 60 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libfwevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwevt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBFWEVT_H ) 23 | #define _EVTXTOOLS_LIBFWEVT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWEVT for local use of libfwevt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWEVT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | #include 47 | 48 | #else 49 | 50 | /* If libtool DLL support is enabled set LIBFWEVT_DLL_IMPORT 51 | * before including libfwevt.h 52 | */ 53 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 54 | #define LIBFWEVT_DLL_IMPORT 55 | #endif 56 | 57 | #include 58 | 59 | #endif /* defined( HAVE_LOCAL_LIBFWEVT ) */ 60 | 61 | #endif /* !defined( _EVTXTOOLS_LIBFWEVT_H ) */ 62 | 63 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libfwnt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwnt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBFWNT_H ) 23 | #define _EVTXTOOLS_LIBFWNT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWNT for local use of libfwnt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWNT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | 44 | #else 45 | 46 | /* If libtool DLL support is enabled set LIBFWNT_DLL_IMPORT 47 | * before including libfwnt.h 48 | */ 49 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 50 | #define LIBFWNT_DLL_IMPORT 51 | #endif 52 | 53 | #include 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBFWNT ) */ 56 | 57 | #endif /* !defined( _EVTXTOOLS_LIBFWNT_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libregf.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libregf header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBREGF_H ) 23 | #define _EVTXTOOLS_LIBREGF_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBREGF for local use of libregf 28 | */ 29 | #if defined( HAVE_LOCAL_LIBREGF ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | 38 | #else 39 | 40 | /* If libtool DLL support is enabled set LIBREGF_DLL_IMPORT 41 | * before including libregf.h 42 | */ 43 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 44 | #define LIBREGF_DLL_IMPORT 45 | #endif 46 | 47 | #include 48 | 49 | #endif 50 | 51 | #endif 52 | 53 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libuna.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libuna header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBUNA_H ) 23 | #define _EVTXTOOLS_LIBUNA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBUNA for local use of libuna 28 | */ 29 | #if defined( HAVE_LOCAL_LIBUNA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | #else 47 | 48 | /* If libtool DLL support is enabled set LIBUNA_DLL_IMPORT 49 | * before including libuna.h 50 | */ 51 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 52 | #define LIBUNA_DLL_IMPORT 53 | #endif 54 | 55 | #include 56 | 57 | #endif /* defined( HAVE_LOCAL_LIBUNA ) */ 58 | 59 | #endif /* !defined( _EVTXTOOLS_LIBUNA_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_libwrc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libwrc header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_LIBWRC_H ) 23 | #define _EVTXTOOLS_LIBWRC_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBWRC for local use of libwrc 28 | */ 29 | #if defined( HAVE_LOCAL_LIBWRC ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #else 43 | 44 | /* If libtool DLL support is enabled set LIBWRC_DLL_IMPORT 45 | * before including libwrc.h 46 | */ 47 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 48 | #define LIBWRC_DLL_IMPORT 49 | #endif 50 | 51 | #include 52 | 53 | #endif /* defined( HAVE_LOCAL_LIBWRC ) */ 54 | 55 | #endif /* !defined( _EVTXTOOLS_LIBWRC_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_output.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Common output functions for the evtxtools 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_OUTPUT_H ) 23 | #define _EVTXTOOLS_OUTPUT_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "evtxtools_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | int evtxtools_output_initialize( 36 | int stdio_mode, 37 | libcerror_error_t **error ); 38 | 39 | void evtxoutput_copyright_fprint( 40 | FILE *stream ); 41 | 42 | void evtxoutput_version_fprint( 43 | FILE *stream, 44 | const char *program ); 45 | 46 | void evtxoutput_version_detailed_fprint( 47 | FILE *stream, 48 | const char *program ); 49 | 50 | #if defined( __cplusplus ) 51 | } 52 | #endif 53 | 54 | #endif /* !defined( _EVTXTOOLS_OUTPUT_H ) */ 55 | 56 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_signal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Signal handling functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_SIGNAL_H ) 23 | #define _EVTXTOOLS_SIGNAL_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evtxtools_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | #if !defined( HAVE_SIGNAL_H ) && !defined( WINAPI ) 35 | #error missing signal functions 36 | #endif 37 | 38 | #if defined( WINAPI ) 39 | typedef unsigned long evtxtools_signal_t; 40 | 41 | #else 42 | typedef int evtxtools_signal_t; 43 | 44 | #endif /* defined( WINAPI ) */ 45 | 46 | #if defined( WINAPI ) 47 | 48 | BOOL WINAPI evtxtools_signal_handler( 49 | evtxtools_signal_t signal ); 50 | 51 | #if defined( _MSC_VER ) 52 | 53 | void evtxtools_signal_initialize_memory_debug( 54 | void ); 55 | 56 | #endif /* defined( _MSC_VER ) */ 57 | 58 | #endif /* defined( WINAPI ) */ 59 | 60 | int evtxtools_signal_attach( 61 | void (*signal_handler)( evtxtools_signal_t ), 62 | libcerror_error_t **error ); 63 | 64 | int evtxtools_signal_detach( 65 | libcerror_error_t **error ); 66 | 67 | #if defined( __cplusplus ) 68 | } 69 | #endif 70 | 71 | #endif /* !defined( _EVTXTOOLS_SIGNAL_H ) */ 72 | 73 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_UNUSED_H ) 23 | #define _EVTXTOOLS_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( EVTXTOOLS_ATTRIBUTE_UNUSED ) 28 | 29 | #if defined( __GNUC__ ) && __GNUC__ >= 3 30 | #define EVTXTOOLS_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 31 | 32 | #else 33 | #define EVTXTOOLS_ATTRIBUTE_UNUSED 34 | 35 | #endif /* defined( __GNUC__ ) && __GNUC__ >= 3 */ 36 | 37 | #endif /* !defined( EVTXTOOLS_ATTRIBUTE_UNUSED ) */ 38 | 39 | #if defined( _MSC_VER ) 40 | #define EVTXTOOLS_UNREFERENCED_PARAMETER( parameter ) \ 41 | UNREFERENCED_PARAMETER( parameter ); 42 | 43 | #else 44 | #define EVTXTOOLS_UNREFERENCED_PARAMETER( parameter ) \ 45 | /* parameter */ 46 | 47 | #endif /* defined( _MSC_VER ) */ 48 | 49 | #endif /* !defined( _EVTXTOOLS_UNUSED_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_wide_string.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Wide character string functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | #if defined( HAVE_WCTYPE_H ) 26 | #include 27 | #endif 28 | 29 | #include "evtxtools_wide_string.h" 30 | 31 | #if defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) 32 | 33 | /* Replacement for missing: wcsncasecmp 34 | * Compares no more than a specified number of wide characters of string1 and string2, 35 | * ignoring case, returning less than, equal to or greater than zero if string1 is 36 | * less than, equal to or greater than string. 37 | */ 38 | int evtxtools_wide_string_compare_no_case( 39 | const wchar_t *string1, 40 | const wchar_t *string2, 41 | size_t comparision_length ) 42 | { 43 | wint_t character1 = 0; 44 | wint_t character2 = 0; 45 | 46 | if( string1 == string2 ) 47 | { 48 | return( 0 ); 49 | } 50 | while( comparision_length > 0 ) 51 | { 52 | character1 = towlower( *string1 ); 53 | character2 = towlower( *string2 ); 54 | 55 | if( ( character1 == 0 ) 56 | || ( character1 != character2 ) ) 57 | { 58 | return( character1 - character2 ); 59 | } 60 | string1++; 61 | string2++; 62 | 63 | comparision_length--; 64 | } 65 | return( 0 ); 66 | } 67 | 68 | #endif /* defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) */ 69 | 70 | -------------------------------------------------------------------------------- /evtxtools/evtxtools_wide_string.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Wide character string functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTXTOOLS_WIDE_STRING_H ) 23 | #define _EVTXTOOLS_WIDE_STRING_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #if defined( __cplusplus ) 30 | extern "C" { 31 | #endif 32 | 33 | #if !defined( wide_string_compare_no_case ) 34 | 35 | #define wide_string_compare_no_case( string1, string2, size ) \ 36 | evtxtools_wide_string_compare_no_case( string1, string2, size ) 37 | 38 | #endif /* !defined( wide_string_compare_no_case ) */ 39 | 40 | #if defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) 41 | 42 | int evtxtools_wide_string_compare_no_case( 43 | const wchar_t *string1, 44 | const wchar_t *string2, 45 | size_t comparision_length ); 46 | 47 | #endif /* defined( TOWLOWER ) && !defined( HAVE_WCSNCASECMP ) && !defined( HAVE_WCSCASECMP ) && !defined( WINAPI ) */ 48 | 49 | #if defined( __cplusplus ) 50 | } 51 | #endif 52 | 53 | #endif /* !defined( _EVTXTOOLS_WIDE_STRING_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /evtxtools/log_handle.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Log handle 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LOG_HANDLE_H ) 23 | #define _LOG_HANDLE_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "evtxtools_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct log_handle log_handle_t; 36 | 37 | struct log_handle 38 | { 39 | /* The log stream 40 | */ 41 | FILE *log_stream; 42 | }; 43 | 44 | int log_handle_initialize( 45 | log_handle_t **log_handle, 46 | libcerror_error_t **error ); 47 | 48 | int log_handle_free( 49 | log_handle_t **log_handle, 50 | libcerror_error_t **error ); 51 | 52 | int log_handle_open( 53 | log_handle_t *log_handle, 54 | const system_character_t *filename, 55 | libcerror_error_t **error ); 56 | 57 | int log_handle_close( 58 | log_handle_t *log_handle, 59 | libcerror_error_t **error ); 60 | 61 | void log_handle_printf( 62 | log_handle_t *log_handle, 63 | char *format, 64 | ... ); 65 | 66 | #if defined( __cplusplus ) 67 | } 68 | #endif 69 | 70 | #endif /* !defined( _LOG_HANDLE_H ) */ 71 | 72 | -------------------------------------------------------------------------------- /evtxtools/message_string.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Message string 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _MESSAGE_STRING_H ) 23 | #define _MESSAGE_STRING_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "evtxtools_libcerror.h" 30 | #include "evtxtools_libevtx.h" 31 | #include "evtxtools_libwrc.h" 32 | 33 | #if defined( __cplusplus ) 34 | extern "C" { 35 | #endif 36 | 37 | typedef struct message_string message_string_t; 38 | 39 | struct message_string 40 | { 41 | /* The identifier 42 | */ 43 | uint32_t identifier; 44 | 45 | /* The string 46 | */ 47 | system_character_t *string; 48 | 49 | /* The string size 50 | */ 51 | size_t string_size; 52 | }; 53 | 54 | int message_string_initialize( 55 | message_string_t **message_string, 56 | uint32_t message_string_identifier, 57 | libcerror_error_t **error ); 58 | 59 | int message_string_free( 60 | message_string_t **message_string, 61 | libcerror_error_t **error ); 62 | 63 | int message_string_get_from_message_table_resource( 64 | message_string_t *message_string, 65 | libwrc_message_table_resource_t *message_table_resource, 66 | libcerror_error_t **error ); 67 | 68 | int message_string_fprint( 69 | message_string_t *message_string, 70 | libevtx_record_t *record, 71 | FILE *stream, 72 | libcerror_error_t **error ); 73 | 74 | #if defined( __cplusplus ) 75 | } 76 | #endif 77 | 78 | #endif /* !defined( _MESSAGE_STRING_H ) */ 79 | 80 | -------------------------------------------------------------------------------- /evtxtools/path_handle.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Path handle 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PATH_HANDLE_H ) 23 | #define _PATH_HANDLE_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evtxtools_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | typedef struct path_handle path_handle_t; 35 | 36 | struct path_handle 37 | { 38 | /* The %SystemRoot% path 39 | */ 40 | system_character_t *system_root_path; 41 | 42 | /* The %SystemRoot% path size 43 | */ 44 | size_t system_root_path_size; 45 | }; 46 | 47 | int path_handle_initialize( 48 | path_handle_t **path_handle, 49 | libcerror_error_t **error ); 50 | 51 | int path_handle_free( 52 | path_handle_t **path_handle, 53 | libcerror_error_t **error ); 54 | 55 | int path_handle_get_directory_entry_name_by_name_no_case( 56 | path_handle_t *path_handle, 57 | const system_character_t *path, 58 | size_t path_length, 59 | system_character_t *entry_name, 60 | size_t entry_name_size, 61 | uint8_t entry_type, 62 | libcerror_error_t **error ); 63 | 64 | #if defined( __cplusplus ) 65 | } 66 | #endif 67 | 68 | #endif /* !defined( _PATH_HANDLE_H ) */ 69 | 70 | -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | include_HEADERS = \ 2 | libevtx.h 3 | 4 | pkginclude_HEADERS = \ 5 | libevtx/codepage.h \ 6 | libevtx/definitions.h \ 7 | libevtx/error.h \ 8 | libevtx/extern.h \ 9 | libevtx/features.h \ 10 | libevtx/types.h 11 | 12 | EXTRA_DIST = \ 13 | libevtx.h.in \ 14 | libevtx/definitions.h.in \ 15 | libevtx/features.h.in \ 16 | libevtx/types.h.in 17 | 18 | DISTCLEANFILES = \ 19 | libevtx.h \ 20 | libevtx/definitions.h \ 21 | libevtx/features.h \ 22 | libevtx/types.h \ 23 | Makefile \ 24 | Makefile.in 25 | 26 | -------------------------------------------------------------------------------- /include/libevtx/definitions.h.in: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions for libevtx 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_DEFINITIONS_H ) 23 | #define _LIBEVTX_DEFINITIONS_H 24 | 25 | #include 26 | 27 | #define LIBEVTX_VERSION @VERSION@ 28 | 29 | /* The version string 30 | */ 31 | #define LIBEVTX_VERSION_STRING "@VERSION@" 32 | 33 | /* The access flags definitions 34 | * bit 1 set to 1 for read access 35 | * bit 2 set to 1 for write access 36 | * bit 3-8 not used 37 | */ 38 | enum LIBEVTX_ACCESS_FLAGS 39 | { 40 | LIBEVTX_ACCESS_FLAG_READ = 0x01, 41 | /* Reserved: not supported yet */ 42 | LIBEVTX_ACCESS_FLAG_WRITE = 0x02 43 | }; 44 | 45 | /* The file access macros 46 | */ 47 | #define LIBEVTX_OPEN_READ ( LIBEVTX_ACCESS_FLAG_READ ) 48 | /* Reserved: not supported yet */ 49 | #define LIBEVTX_OPEN_WRITE ( LIBEVTX_ACCESS_FLAG_WRITE ) 50 | /* Reserved: not supported yet */ 51 | #define LIBEVTX_OPEN_READ_WRITE ( LIBEVTX_ACCESS_FLAG_READ | LIBEVTX_ACCESS_FLAG_WRITE ) 52 | 53 | /* The event level definitions 54 | */ 55 | enum LIBEVTX_EVENT_LEVELS 56 | { 57 | LIBEVTX_EVENT_LEVEL_CRITICAL = 1, 58 | LIBEVTX_EVENT_LEVEL_ERROR = 2, 59 | LIBEVTX_EVENT_LEVEL_WARNING = 3, 60 | LIBEVTX_EVENT_LEVEL_INFORMATION = 4, 61 | LIBEVTX_EVENT_LEVEL_VERBOSE = 5, 62 | }; 63 | 64 | /* The event file flags 65 | */ 66 | enum LIBEVTX_FILE_FLAGS 67 | { 68 | LIBEVTX_FILE_FLAG_IS_DIRTY = 0x00000001UL, 69 | LIBEVTX_FILE_FLAG_IS_FULL = 0x00000002UL, 70 | }; 71 | 72 | #endif /* !defined( _LIBEVTX_DEFINITIONS_H ) */ 73 | 74 | -------------------------------------------------------------------------------- /include/libevtx/extern.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The extern definition 3 | * 4 | * This header should be included in header files that export or import 5 | * library functions 6 | * 7 | * Copyright (C) 2011-2024, Joachim Metz 8 | * 9 | * Refer to AUTHORS for acknowledgements. 10 | * 11 | * This program is free software: you can redistribute it and/or modify 12 | * it under the terms of the GNU Lesser General Public License as published by 13 | * the Free Software Foundation, either version 3 of the License, or 14 | * (at your option) any later version. 15 | * 16 | * This program is distributed in the hope that it will be useful, 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 | * GNU General Public License for more details. 20 | * 21 | * You should have received a copy of the GNU Lesser General Public License 22 | * along with this program. If not, see . 23 | */ 24 | 25 | #if !defined( _LIBEVTX_EXTERN_H ) 26 | #define _LIBEVTX_EXTERN_H 27 | 28 | /* To export functions from the libevtx DLL define LIBEVTX_DLL_EXPORT 29 | * To import functions from the libevtx DLL define LIBEVTX_DLL_IMPORT 30 | * Otherwise use default extern statement 31 | */ 32 | #if defined( LIBEVTX_DLL_EXPORT ) 33 | #define LIBEVTX_EXTERN __declspec(dllexport) 34 | 35 | #elif defined( LIBEVTX_DLL_IMPORT ) 36 | #define LIBEVTX_EXTERN extern __declspec(dllimport) 37 | 38 | #else 39 | #define LIBEVTX_EXTERN extern 40 | 41 | #endif 42 | 43 | #endif /* !defined( _LIBEVTX_EXTERN_H ) */ 44 | 45 | -------------------------------------------------------------------------------- /include/libevtx/features.h.in: -------------------------------------------------------------------------------- 1 | /* 2 | * Features of libevtx 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_FEATURES_H ) 23 | #define _LIBEVTX_FEATURES_H 24 | 25 | /* The libevtx type support features 26 | */ 27 | #if defined( WINAPI ) || @HAVE_WIDE_CHARACTER_TYPE@ 28 | #define LIBEVTX_HAVE_WIDE_CHARACTER_TYPE 1 29 | #endif 30 | 31 | #if defined( WINAPI ) || @HAVE_MULTI_THREAD_SUPPORT@ 32 | #define LIBEVTX_HAVE_MULTI_THREAD_SUPPORT 1 33 | #endif 34 | 35 | #if defined( HAVE_LIBBFIO ) || ( !defined( WINAPI ) && @HAVE_LIBBFIO@ ) 36 | #define LIBEVTX_HAVE_BFIO 1 37 | #endif 38 | 39 | #if !defined( LIBEVTX_DEPRECATED ) 40 | #if defined( __GNUC__ ) && __GNUC__ >= 3 41 | #define LIBEVTX_DEPRECATED __attribute__ ((__deprecated__)) 42 | #elif defined( _MSC_VER ) 43 | #define LIBEVTX_DEPRECATED __declspec(deprecated) 44 | #else 45 | #define LIBEVTX_DEPRECATED 46 | #endif 47 | #endif 48 | 49 | #endif /* !defined( _LIBEVTX_FEATURES_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevtx.ini: -------------------------------------------------------------------------------- 1 | [project] 2 | name: "libevtx" 3 | status: "alpha" 4 | year_of_creation: "2011" 5 | data_format: "Windows XML Event Log (EVTX)" 6 | documentation_url: "https://github.com/libyal/libevtx/tree/main/documentation" 7 | features: ["debug_output", "ossfuzz", "python_bindings", "tools"] 8 | 9 | [dtFabric] 10 | data_types: { 11 | "file_header": { 12 | "__options__": ["file_io_handle"], 13 | "signature": {}, 14 | "first_chunk_number": {"usage": "in_function"}, 15 | "last_chunk_number": {"usage": "in_function"}, 16 | "next_record_identifier": {}, 17 | "header_size": {}, 18 | "minor_version": {"usage": "in_struct"}, 19 | "major_version": {"usage": "in_struct"}, 20 | "header_block_size": {"usage": "in_struct"}, 21 | "number_of_chunks": {"usage": "in_struct"}, 22 | "unknown1": {}, 23 | "file_flags": {"usage": "in_struct"}, 24 | "checksum": {"usage": "in_function"} 25 | }} 26 | 27 | [library] 28 | features: ["pthread", "wide_character_type"] 29 | public_types: ["file", "record", "template_definition"] 30 | 31 | [tools] 32 | description: "Several tools for reading Windows XML Event Log (EVTX) files" 33 | names: ["evtxexport", "evtxinfo"] 34 | 35 | [troubleshooting] 36 | example: "evtxinfo Application.Evtx" 37 | 38 | [development] 39 | main_object: "file" 40 | main_object_filename: "Application.Evtx" 41 | 42 | [tests] 43 | profiles: ["libevtx", "pyevtx", "evtxinfo", "evtxexport", "evtxexport_xml"] 44 | info_tool_options_per_profile: [""] 45 | info_tool_profiles: ["evtxinfo"] 46 | example_filename1: "System.Evtx" 47 | example_filename2: "Application.Evtx" 48 | 49 | [pypi] 50 | appveyor_token: "VHuZiUWgTqTciKE2nsv/LvlEBWVnKgwj7EHCpe+4XUJb2mpdw/vHA4kz6yNKlBDoOkn1nUYh+oxR7cQ9Juj+U5JI0twJhDgtVp/KUh+qx5CYg4ik/hs4lojvHnFHl0mKNJY2RrEr0DtZY7sVNCGK59bxGQ2MrtGuBy3L8Ug/Y9JrbtpAQNFiOKfuAQK8uNFPCK81HniOwhxmtEh+5RQTIeGXSYRH/t7ALon1aZR/hIDDZ9+r8ff1t2o+xAnP6EQJwyWuisz3T0HjPIycKZ/elQ==" 51 | 52 | -------------------------------------------------------------------------------- /libevtx.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: libevtx 7 | Description: Library to access the Windows XML Event Log (EVTX) format 8 | Version: @VERSION@ 9 | Libs: -L${libdir} -levtx 10 | Libs.private: @ax_libbfio_pc_libs_private@ @ax_libcdata_pc_libs_private@ @ax_libcerror_pc_libs_private@ @ax_libcfile_pc_libs_private@ @ax_libclocale_pc_libs_private@ @ax_libcnotify_pc_libs_private@ @ax_libcpath_pc_libs_private@ @ax_libcsplit_pc_libs_private@ @ax_libcthreads_pc_libs_private@ @ax_libfcache_pc_libs_private@ @ax_libfdata_pc_libs_private@ @ax_libfdatetime_pc_libs_private@ @ax_libfguid_pc_libs_private@ @ax_libfvalue_pc_libs_private@ @ax_libfwevt_pc_libs_private@ @ax_libfwnt_pc_libs_private@ @ax_libuna_pc_libs_private@ @ax_pthread_pc_libs_private@ 11 | Cflags: -I${includedir} 12 | 13 | -------------------------------------------------------------------------------- /libevtx/evtx_event_record.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The event record definition of a Windows XML Event Log (EVTX) file 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_EVENT_RECORD_H ) 23 | #define _EVTX_EVENT_RECORD_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( __cplusplus ) 29 | extern "C" { 30 | #endif 31 | 32 | typedef struct evtx_event_record_header evtx_event_record_header_t; 33 | 34 | struct evtx_event_record_header 35 | { 36 | /* The file signature 37 | * Consists of 4 bytes 38 | * Consists of: "\x2a\x2a\x00\x00" 39 | */ 40 | uint8_t signature[ 4 ]; 41 | 42 | /* The size 43 | * Consists 4 bytes 44 | */ 45 | uint8_t size[ 4 ]; 46 | 47 | /* The identifier 48 | * Consists 8 bytes 49 | */ 50 | uint8_t identifier[ 8 ]; 51 | 52 | /* The written time 53 | * Consists 8 bytes 54 | * Contains a filetime 55 | */ 56 | uint8_t written_time[ 8 ]; 57 | }; 58 | 59 | #if defined( __cplusplus ) 60 | } 61 | #endif 62 | 63 | #endif /* !defined( _EVTX_EVENT_RECORD_H ) */ 64 | 65 | -------------------------------------------------------------------------------- /libevtx/evtx_file_header.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The file header definition of a Windows XML Event Log (EVTX) file 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_FILE_HEADER_H ) 23 | #define _EVTX_FILE_HEADER_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( __cplusplus ) 29 | extern "C" { 30 | #endif 31 | 32 | typedef struct evtx_file_header evtx_file_header_t; 33 | 34 | struct evtx_file_header 35 | { 36 | /* The file signature 37 | * Consists of 8 bytes 38 | * Consists of: "ElfFile\x00" 39 | */ 40 | uint8_t signature[ 8 ]; 41 | 42 | /* The first chunk number 43 | * Consists of 8 bytes 44 | */ 45 | uint8_t first_chunk_number[ 8 ]; 46 | 47 | /* The last chunk number 48 | * Consists of 8 bytes 49 | */ 50 | uint8_t last_chunk_number[ 8 ]; 51 | 52 | /* The next record identifier 53 | * Consists of 8 bytes 54 | */ 55 | uint8_t next_record_identifier[ 8 ]; 56 | 57 | /* The header size 58 | * Consists of 4 bytes 59 | */ 60 | uint8_t header_size[ 4 ]; 61 | 62 | /* The minor version 63 | * Consists of 2 bytes 64 | */ 65 | uint8_t minor_version[ 2 ]; 66 | 67 | /* The major version 68 | * Consists of 2 bytes 69 | */ 70 | uint8_t major_version[ 2 ]; 71 | 72 | /* The header block size 73 | * Consists of 2 bytes 74 | */ 75 | uint8_t header_block_size[ 2 ]; 76 | 77 | /* The number of chunks 78 | * Consists of 2 bytes 79 | */ 80 | uint8_t number_of_chunks[ 2 ]; 81 | 82 | /* Unknown 83 | * Consists 76 bytes 84 | */ 85 | uint8_t unknown1[ 76 ]; 86 | 87 | /* The file flags 88 | * Consists of 4 bytes 89 | */ 90 | uint8_t file_flags[ 4 ]; 91 | 92 | /* Checksum 93 | * Consists of 4 bytes 94 | * Contains a CRC32 of bytes 0 to 120 95 | */ 96 | uint8_t checksum[ 4 ]; 97 | }; 98 | 99 | #if defined( __cplusplus ) 100 | } 101 | #endif 102 | 103 | #endif /* !defined( _EVTX_FILE_HEADER_H ) */ 104 | 105 | -------------------------------------------------------------------------------- /libevtx/libevtx.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Library to access the Windows XML Event Log (EVTX) format 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #include 23 | 24 | #if defined( WINAPI ) 25 | #include 26 | #endif 27 | 28 | #include "libevtx_unused.h" 29 | 30 | /* Define HAVE_LOCAL_LIBEVTX for local use of libevtx 31 | */ 32 | #if !defined( HAVE_LOCAL_LIBEVTX ) 33 | 34 | #if defined( WINAPI ) && defined( HAVE_DLLMAIN ) 35 | 36 | #if defined( _MANAGED ) 37 | #pragma managed( push, off ) 38 | #endif 39 | 40 | /* Defines the entry point for the DLL 41 | */ 42 | BOOL WINAPI DllMain( 43 | HINSTANCE hinstDLL, 44 | DWORD fdwReason, 45 | LPVOID lpvReserved ) 46 | { 47 | LIBEVTX_UNREFERENCED_PARAMETER( lpvReserved ) 48 | 49 | switch( fdwReason ) 50 | { 51 | case DLL_PROCESS_ATTACH: 52 | DisableThreadLibraryCalls( 53 | hinstDLL ); 54 | break; 55 | 56 | case DLL_THREAD_ATTACH: 57 | break; 58 | 59 | case DLL_THREAD_DETACH: 60 | break; 61 | 62 | case DLL_PROCESS_DETACH: 63 | break; 64 | } 65 | return( TRUE ); 66 | } 67 | 68 | /* Function that indicates the library is a DLL 69 | * Returns 1 70 | */ 71 | int libevtx_is_dll( 72 | void ) 73 | { 74 | return( 1 ); 75 | } 76 | 77 | #endif /* defined( WINAPI ) && defined( HAVE_DLLMAIN ) */ 78 | 79 | #endif /* !defined( HAVE_LOCAL_LIBEVTX ) */ 80 | 81 | -------------------------------------------------------------------------------- /libevtx/libevtx.rc.in: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #ifdef GCC_WINDRES 4 | VS_VERSION_INFO VERSIONINFO 5 | #else 6 | VS_VERSION_INFO VERSIONINFO MOVEABLE IMPURE LOADONCALL DISCARDABLE 7 | #endif 8 | FILEVERSION 1,0,0,0 9 | PRODUCTVERSION 1,0,0,0 10 | FILEFLAGSMASK VS_FFI_FILEFLAGSMASK 11 | #ifdef _DEBUG 12 | FILEFLAGS 0x1L 13 | #else 14 | FILEFLAGS 0x0L 15 | #endif 16 | FILEOS VOS__WINDOWS32 17 | FILETYPE VFT_DLL 18 | FILESUBTYPE 0x0L 19 | BEGIN 20 | BLOCK "StringFileInfo" 21 | BEGIN 22 | BLOCK "040904E4" 23 | BEGIN 24 | VALUE "FileDescription", "Library to access the Windows XML Event Log (EVTX) format\0" 25 | VALUE "FileVersion", "@VERSION@" "\0" 26 | VALUE "InternalName", "libevtx.dll\0" 27 | VALUE "LegalCopyright", "(C) 2011-2024, Joachim Metz \0" 28 | VALUE "OriginalFilename", "libevtx.dll\0" 29 | VALUE "ProductName", "libevtx\0" 30 | VALUE "ProductVersion", "@VERSION@" "\0" 31 | VALUE "Comments", "For more information visit https://github.com/libyal/libevtx/\0" 32 | END 33 | END 34 | BLOCK "VarFileInfo" 35 | BEGIN 36 | VALUE "Translation", 0x0409, 1200 37 | END 38 | END 39 | -------------------------------------------------------------------------------- /libevtx/libevtx_byte_stream.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Byte stream functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_BYTE_STREAM_H ) 23 | #define _LIBEVTX_BYTE_STREAM_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevtx_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | int libevtx_byte_stream_check_for_zero_byte_fill( 35 | const uint8_t *data, 36 | size_t data_size, 37 | libcerror_error_t **error ); 38 | 39 | #if defined( __cplusplus ) 40 | } 41 | #endif 42 | 43 | #endif /* !defined( _LIBEVTX_BYTE_STREAM_H ) */ 44 | 45 | -------------------------------------------------------------------------------- /libevtx/libevtx_checksum.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Checksum functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_CHECKSUM_H ) 23 | #define _LIBEVTX_CHECKSUM_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevtx_libcerror.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | void libevtx_checksum_initialize_crc32_table( 35 | void ); 36 | 37 | int libevtx_checksum_calculate_little_endian_crc32( 38 | uint32_t *crc32, 39 | uint8_t *buffer, 40 | size_t size, 41 | uint32_t initial_value, 42 | libcerror_error_t **error ); 43 | 44 | int libevtx_checksum_calculate_little_endian_weak_crc32( 45 | uint32_t *crc32, 46 | uint8_t *buffer, 47 | size_t size, 48 | uint32_t initial_value, 49 | libcerror_error_t **error ); 50 | 51 | #if defined( __cplusplus ) 52 | } 53 | #endif 54 | 55 | #endif /* !defined( _LIBEVTX_CHECKSUM_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /libevtx/libevtx_chunks_table.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Chunks table functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_CHUNKS_TABLE_H ) 23 | #define _LIBEVTX_CHUNKS_TABLE_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevtx_io_handle.h" 29 | #include "libevtx_libbfio.h" 30 | #include "libevtx_libcerror.h" 31 | #include "libevtx_libfcache.h" 32 | #include "libevtx_libfdata.h" 33 | 34 | #if defined( __cplusplus ) 35 | extern "C" { 36 | #endif 37 | 38 | typedef struct libevtx_chunks_table libevtx_chunks_table_t; 39 | 40 | struct libevtx_chunks_table 41 | { 42 | /* The IO handle 43 | */ 44 | libevtx_io_handle_t *io_handle; 45 | 46 | /* The chunks vector 47 | */ 48 | libfdata_vector_t *chunks_vector; 49 | 50 | /* The chunks cache 51 | */ 52 | libfcache_cache_t *chunks_cache; 53 | }; 54 | 55 | int libevtx_chunks_table_initialize( 56 | libevtx_chunks_table_t **chunks_table, 57 | libevtx_io_handle_t *io_handle, 58 | libfdata_vector_t *chunks_vector, 59 | libfcache_cache_t *chunks_cache, 60 | libcerror_error_t **error ); 61 | 62 | int libevtx_chunks_table_free( 63 | libevtx_chunks_table_t **chunks_table, 64 | libcerror_error_t **error ); 65 | 66 | int libevtx_chunks_table_read_record( 67 | intptr_t *io_handle, 68 | libbfio_handle_t *file_io_handle, 69 | libfdata_list_element_t *list_element, 70 | libfdata_cache_t *cache, 71 | int data_range_file_index, 72 | off64_t data_range_offset, 73 | size64_t data_range_size, 74 | uint32_t data_range_flags, 75 | uint8_t read_flags, 76 | libcerror_error_t **error ); 77 | 78 | #if defined( __cplusplus ) 79 | } 80 | #endif 81 | 82 | #endif /* !defined( _LIBEVTX_CHUNKS_TABLE_H ) */ 83 | 84 | -------------------------------------------------------------------------------- /libevtx/libevtx_debug.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Debug functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_DEBUG_H ) 23 | #define _LIBEVTX_DEBUG_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevtx_libcerror.h" 29 | 30 | #include "libevtx_libbfio.h" 31 | 32 | #if defined( __cplusplus ) 33 | extern "C" { 34 | #endif 35 | 36 | #if defined( HAVE_DEBUG_OUTPUT ) 37 | 38 | void libevtx_debug_print_file_flags( 39 | uint32_t file_flags ); 40 | 41 | void libevtx_debug_print_value_type( 42 | uint8_t value_type ); 43 | 44 | int libevtx_debug_print_read_offsets( 45 | libbfio_handle_t *file_io_handle, 46 | libcerror_error_t **error ); 47 | 48 | #endif /* defined( HAVE_DEBUG_OUTPUT ) */ 49 | 50 | #if defined( __cplusplus ) 51 | } 52 | #endif 53 | 54 | #endif /* !defined( _LIBEVTX_DEBUG_H ) */ 55 | 56 | -------------------------------------------------------------------------------- /libevtx/libevtx_error.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Error functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_INTERNAL_ERROR_H ) 23 | #define _LIBEVTX_INTERNAL_ERROR_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #if !defined( HAVE_LOCAL_LIBEVTX ) 30 | #include 31 | #endif 32 | 33 | #include "libevtx_extern.h" 34 | 35 | #if defined( __cplusplus ) 36 | extern "C" { 37 | #endif 38 | 39 | #if !defined( HAVE_LOCAL_LIBEVTX ) 40 | 41 | LIBEVTX_EXTERN \ 42 | void libevtx_error_free( 43 | libevtx_error_t **error ); 44 | 45 | LIBEVTX_EXTERN \ 46 | int libevtx_error_fprint( 47 | libevtx_error_t *error, 48 | FILE *stream ); 49 | 50 | LIBEVTX_EXTERN \ 51 | int libevtx_error_sprint( 52 | libevtx_error_t *error, 53 | char *string, 54 | size_t size ); 55 | 56 | LIBEVTX_EXTERN \ 57 | int libevtx_error_backtrace_fprint( 58 | libevtx_error_t *error, 59 | FILE *stream ); 60 | 61 | LIBEVTX_EXTERN \ 62 | int libevtx_error_backtrace_sprint( 63 | libevtx_error_t *error, 64 | char *string, 65 | size_t size ); 66 | 67 | #endif /* !defined( HAVE_LOCAL_LIBEVTX ) */ 68 | 69 | #if defined( __cplusplus ) 70 | } 71 | #endif 72 | 73 | #endif /* !defined( _LIBEVTX_INTERNAL_ERROR_H ) */ 74 | 75 | -------------------------------------------------------------------------------- /libevtx/libevtx_extern.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal extern definition 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_INTERNAL_EXTERN_H ) 23 | #define _LIBEVTX_INTERNAL_EXTERN_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBEVTX for local use of libevtx 28 | */ 29 | #if !defined( HAVE_LOCAL_LIBEVTX ) 30 | 31 | #include 32 | 33 | #if defined( __CYGWIN__ ) || defined( __MINGW32__ ) 34 | #define LIBEVTX_EXTERN_VARIABLE extern 35 | #else 36 | #define LIBEVTX_EXTERN_VARIABLE LIBEVTX_EXTERN 37 | #endif 38 | 39 | #else 40 | #define LIBEVTX_EXTERN /* extern */ 41 | #define LIBEVTX_EXTERN_VARIABLE extern 42 | 43 | #endif /* !defined( HAVE_LOCAL_LIBEVTX ) */ 44 | 45 | #endif /* !defined( _LIBEVTX_INTERNAL_EXTERN_H ) */ 46 | 47 | -------------------------------------------------------------------------------- /libevtx/libevtx_i18n.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Internationalization (i18n) functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | #if defined( HAVE_LIBINTL_H ) && defined( ENABLE_NLS ) 26 | #include 27 | #endif 28 | 29 | #include "libevtx_i18n.h" 30 | #include "libevtx_libcerror.h" 31 | 32 | static int libevtx_i18n_initialized = 0; 33 | 34 | /* Initializes library internationalization functions 35 | */ 36 | int libevtx_i18n_initialize( 37 | libcerror_error_t **error ) 38 | { 39 | static char *function = "libevtx_i18n_initialize"; 40 | 41 | if( libevtx_i18n_initialized == 0 ) 42 | { 43 | #if defined( HAVE_BINDTEXTDOMAIN ) && defined( LOCALEDIR ) 44 | if( bindtextdomain( 45 | "libevtx", 46 | LOCALEDIR ) == NULL ) 47 | { 48 | libcerror_error_set( 49 | error, 50 | LIBCERROR_ERROR_DOMAIN_RUNTIME, 51 | LIBCERROR_RUNTIME_ERROR_SET_FAILED, 52 | "%s: unable to bind text domain.", 53 | function ); 54 | 55 | return( -1 ); 56 | } 57 | #endif /* defined( HAVE_BINDTEXTDOMAIN ) && defined( LOCALEDIR ) */ 58 | 59 | libevtx_i18n_initialized = 1; 60 | } 61 | return( 1 ); 62 | } 63 | 64 | -------------------------------------------------------------------------------- /libevtx/libevtx_i18n.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Internationalization (i18n) functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_I18N_H ) 23 | #define _LIBEVTX_I18N_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( HAVE_LIBINTL_H ) && defined( ENABLE_NLS ) 29 | #include 30 | #endif 31 | 32 | #include "libevtx_libcerror.h" 33 | 34 | /* TODO 35 | #include 36 | 37 | #define _( string ) \ 38 | dgettext( "libevtx", string ) 39 | */ 40 | #define _( string ) \ 41 | string 42 | 43 | #if defined( __cplusplus ) 44 | extern "C" { 45 | #endif 46 | 47 | int libevtx_i18n_initialize( 48 | libcerror_error_t **error ); 49 | 50 | #if defined( __cplusplus ) 51 | } 52 | #endif 53 | 54 | #endif /* !defined( _LIBEVTX_I18N_H ) */ 55 | 56 | -------------------------------------------------------------------------------- /libevtx/libevtx_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBBFIO_H ) 23 | #define _LIBEVTX_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _LIBEVTX_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /libevtx/libevtx_libcdata.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcdata header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBCDATA_H ) 23 | #define _LIBEVTX_LIBCDATA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCDATA for local use of libcdata 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCDATA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBCDATA_DLL_IMPORT 43 | * before including libcdata.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBCDATA_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #endif /* defined( HAVE_LOCAL_LIBCDATA ) */ 52 | 53 | #endif /* !defined( _LIBEVTX_LIBCDATA_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /libevtx/libevtx_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBCERROR_H ) 23 | #define _LIBEVTX_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _LIBEVTX_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevtx/libevtx_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBCLOCALE_H ) 23 | #define _LIBEVTX_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _LIBEVTX_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevtx/libevtx_libcnotify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcnotify header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBCNOTIFY_H ) 23 | #define _LIBEVTX_LIBCNOTIFY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCNOTIFY for local use of libcnotify 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCNOTIFY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCNOTIFY_DLL_IMPORT 39 | * before including libcnotify.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCNOTIFY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCNOTIFY ) */ 48 | 49 | #endif /* !defined( _LIBEVTX_LIBCNOTIFY_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevtx/libevtx_libfcache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfcache header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBFCACHE_H ) 23 | #define _LIBEVTX_LIBFCACHE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFCACHE for local use of libfcache 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFCACHE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBFCACHE_DLL_IMPORT 39 | * before including libfcache.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBFCACHE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBFCACHE ) */ 48 | 49 | #endif /* !defined( _LIBEVTX_LIBFCACHE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /libevtx/libevtx_libfdata.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfdata header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBFDATA_H ) 23 | #define _LIBEVTX_LIBFDATA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFDATA for local use of libfdata 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFDATA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBFDATA_DLL_IMPORT 43 | * before including libfdata.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBFDATA_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #endif /* defined( HAVE_LOCAL_LIBFDATA ) */ 52 | 53 | #endif /* !defined( _LIBEVTX_LIBFDATA_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /libevtx/libevtx_libfdatetime.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfdatetime header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBFDATETIME_H ) 23 | #define _LIBEVTX_LIBFDATETIME_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFDATETIME for local use of libfdatetime 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFDATETIME ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | 42 | #else 43 | 44 | /* If libtool DLL support is enabled set LIBFDATETIME_DLL_IMPORT 45 | * before including libfdatetime.h 46 | */ 47 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 48 | #define LIBFDATETIME_DLL_IMPORT 49 | #endif 50 | 51 | #include 52 | 53 | #endif /* defined( HAVE_LOCAL_LIBFDATETIME ) */ 54 | 55 | #endif /* !defined( _LIBEVTX_LIBFDATETIME_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /libevtx/libevtx_libfguid.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfguid header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBFGUID_H ) 23 | #define _LIBEVTX_LIBFGUID_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFGUID for local use of libfguid 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFGUID ) 30 | 31 | #include 32 | #include 33 | #include 34 | 35 | #else 36 | 37 | /* If libtool DLL support is enabled set LIBFGUID_DLL_IMPORT 38 | * before including libfguid.h 39 | */ 40 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 41 | #define LIBFGUID_DLL_IMPORT 42 | #endif 43 | 44 | #include 45 | 46 | #endif /* defined( HAVE_LOCAL_LIBFGUID ) */ 47 | 48 | #endif /* !defined( _LIBEVTX_LIBFGUID_H ) */ 49 | 50 | -------------------------------------------------------------------------------- /libevtx/libevtx_libfwevt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwevt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBFWEVT_H ) 23 | #define _LIBEVTX_LIBFWEVT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWEVT for local use of libfwevt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWEVT ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | #include 47 | 48 | #else 49 | 50 | /* If libtool DLL support is enabled set LIBFWEVT_DLL_IMPORT 51 | * before including libfwevt.h 52 | */ 53 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 54 | #define LIBFWEVT_DLL_IMPORT 55 | #endif 56 | 57 | #include 58 | 59 | #endif /* defined( HAVE_LOCAL_LIBFWEVT ) */ 60 | 61 | #endif /* !defined( _LIBEVTX_LIBFWEVT_H ) */ 62 | 63 | -------------------------------------------------------------------------------- /libevtx/libevtx_libuna.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libuna header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_LIBUNA_H ) 23 | #define _LIBEVTX_LIBUNA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBUNA for local use of libuna 28 | */ 29 | #if defined( HAVE_LOCAL_LIBUNA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | #else 47 | 48 | /* If libtool DLL support is enabled set LIBUNA_DLL_IMPORT 49 | * before including libuna.h 50 | */ 51 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 52 | #define LIBUNA_DLL_IMPORT 53 | #endif 54 | 55 | #include 56 | 57 | #endif /* defined( HAVE_LOCAL_LIBUNA ) */ 58 | 59 | #endif /* !defined( _LIBEVTX_LIBUNA_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /libevtx/libevtx_notify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Notification functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_NOTIFY_H ) 23 | #define _LIBEVTX_NOTIFY_H 24 | 25 | #include 26 | #include 27 | #include 28 | 29 | #include "libevtx_extern.h" 30 | #include "libevtx_libcerror.h" 31 | 32 | #if defined( __cplusplus ) 33 | extern "C" { 34 | #endif 35 | 36 | #if !defined( HAVE_LOCAL_LIBEVTX ) 37 | 38 | LIBEVTX_EXTERN \ 39 | void libevtx_notify_set_verbose( 40 | int verbose ); 41 | 42 | LIBEVTX_EXTERN \ 43 | int libevtx_notify_set_stream( 44 | FILE *stream, 45 | libcerror_error_t **error ); 46 | 47 | LIBEVTX_EXTERN \ 48 | int libevtx_notify_stream_open( 49 | const char *filename, 50 | libcerror_error_t **error ); 51 | 52 | LIBEVTX_EXTERN \ 53 | int libevtx_notify_stream_close( 54 | libcerror_error_t **error ); 55 | 56 | #endif /* !defined( HAVE_LOCAL_LIBEVTX ) */ 57 | 58 | #if defined( __cplusplus ) 59 | } 60 | #endif 61 | 62 | #endif /* !defined( _LIBEVTX_NOTIFY_H ) */ 63 | 64 | -------------------------------------------------------------------------------- /libevtx/libevtx_support.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Support functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_SUPPORT_H ) 23 | #define _LIBEVTX_SUPPORT_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevtx_extern.h" 29 | #include "libevtx_libbfio.h" 30 | #include "libevtx_libcerror.h" 31 | 32 | #if defined( __cplusplus ) 33 | extern "C" { 34 | #endif 35 | 36 | #if !defined( HAVE_LOCAL_LIBEVTX ) 37 | 38 | LIBEVTX_EXTERN \ 39 | const char *libevtx_get_version( 40 | void ); 41 | 42 | LIBEVTX_EXTERN \ 43 | int libevtx_get_access_flags_read( 44 | void ); 45 | 46 | LIBEVTX_EXTERN \ 47 | int libevtx_get_codepage( 48 | int *codepage, 49 | libcerror_error_t **error ); 50 | 51 | LIBEVTX_EXTERN \ 52 | int libevtx_set_codepage( 53 | int codepage, 54 | libcerror_error_t **error ); 55 | 56 | #endif /* !defined( HAVE_LOCAL_LIBEVTX ) */ 57 | 58 | LIBEVTX_EXTERN \ 59 | int libevtx_check_file_signature( 60 | const char *filename, 61 | libcerror_error_t **error ); 62 | 63 | #if defined( HAVE_WIDE_CHARACTER_TYPE ) 64 | 65 | LIBEVTX_EXTERN \ 66 | int libevtx_check_file_signature_wide( 67 | const wchar_t *filename, 68 | libcerror_error_t **error ); 69 | 70 | #endif /* defined( HAVE_WIDE_CHARACTER_TYPE ) */ 71 | 72 | LIBEVTX_EXTERN \ 73 | int libevtx_check_file_signature_file_io_handle( 74 | libbfio_handle_t *bfio_handle, 75 | libcerror_error_t **error ); 76 | 77 | #if defined( __cplusplus ) 78 | } 79 | #endif 80 | 81 | #endif /* !defined( _LIBEVTX_SUPPORT_H ) */ 82 | 83 | -------------------------------------------------------------------------------- /libevtx/libevtx_template_definition.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Template definition functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_INTERNAL_TEMPLATE_DEFINITION_H ) 23 | #define _LIBEVTX_INTERNAL_TEMPLATE_DEFINITION_H 24 | 25 | #include 26 | #include 27 | 28 | #include "libevtx_extern.h" 29 | #include "libevtx_io_handle.h" 30 | #include "libevtx_libcdata.h" 31 | #include "libevtx_libcerror.h" 32 | #include "libevtx_libfwevt.h" 33 | #include "libevtx_types.h" 34 | 35 | #if defined( __cplusplus ) 36 | extern "C" { 37 | #endif 38 | 39 | typedef struct libevtx_internal_template_definition libevtx_internal_template_definition_t; 40 | 41 | struct libevtx_internal_template_definition 42 | { 43 | /* The WEVT template 44 | */ 45 | libfwevt_template_t *wevt_template; 46 | 47 | /* The XML document 48 | */ 49 | libfwevt_xml_document_t *xml_document; 50 | }; 51 | 52 | LIBEVTX_EXTERN \ 53 | int libevtx_template_definition_initialize( 54 | libevtx_template_definition_t **template_definition, 55 | libcerror_error_t **error ); 56 | 57 | LIBEVTX_EXTERN \ 58 | int libevtx_template_definition_free( 59 | libevtx_template_definition_t **template_definition, 60 | libcerror_error_t **error ); 61 | 62 | LIBEVTX_EXTERN \ 63 | int libevtx_template_definition_set_data( 64 | libevtx_template_definition_t *template_definition, 65 | const uint8_t *data, 66 | size_t data_size, 67 | uint32_t data_offset, 68 | libcerror_error_t **error ); 69 | 70 | int libevtx_template_definition_read( 71 | libevtx_internal_template_definition_t *internal_template_definition, 72 | libevtx_io_handle_t *io_handle, 73 | libcerror_error_t **error ); 74 | 75 | #if defined( __cplusplus ) 76 | } 77 | #endif 78 | 79 | #endif /* !defined( _LIBEVTX_INTERNAL_TEMPLATE_DEFINITION_H ) */ 80 | 81 | -------------------------------------------------------------------------------- /libevtx/libevtx_types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal type definitions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_INTERNAL_TYPES_H ) 23 | #define _LIBEVTX_INTERNAL_TYPES_H 24 | 25 | #include 26 | #include 27 | 28 | /* Define HAVE_LOCAL_LIBEVTX for local use of libevtx 29 | * The definitions in are copied here 30 | * for local use of libevtx 31 | */ 32 | #if defined( HAVE_LOCAL_LIBEVTX ) 33 | 34 | /* The following type definitions hide internal data structures 35 | */ 36 | #if defined( HAVE_DEBUG_OUTPUT ) && !defined( WINAPI ) 37 | typedef struct libevtx_file {} libevtx_file_t; 38 | typedef struct libevtx_record {} libevtx_record_t; 39 | typedef struct libevtx_template_definition {} libevtx_template_definition_t; 40 | 41 | #else 42 | typedef intptr_t libevtx_file_t; 43 | typedef intptr_t libevtx_record_t; 44 | typedef intptr_t libevtx_template_definition_t; 45 | 46 | #endif /* defined( HAVE_DEBUG_OUTPUT ) && !defined( WINAPI ) */ 47 | 48 | #endif /* defined( HAVE_LOCAL_LIBEVTX ) */ 49 | 50 | /* The largest primary (or scalar) available 51 | * supported by a single load and store instruction 52 | */ 53 | typedef unsigned long int libevtx_aligned_t; 54 | 55 | #endif /* !defined( _LIBEVTX_INTERNAL_TYPES_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /libevtx/libevtx_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _LIBEVTX_UNUSED_H ) 23 | #define _LIBEVTX_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( LIBEVTX_ATTRIBUTE_UNUSED ) 28 | #if defined( __GNUC__ ) && __GNUC__ >= 3 29 | #define LIBEVTX_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 30 | #else 31 | #define LIBEVTX_ATTRIBUTE_UNUSED 32 | #endif 33 | #endif 34 | 35 | #if defined( _MSC_VER ) 36 | #define LIBEVTX_UNREFERENCED_PARAMETER( parameter ) \ 37 | UNREFERENCED_PARAMETER( parameter ); 38 | #else 39 | #define LIBEVTX_UNREFERENCED_PARAMETER( parameter ) \ 40 | /* parameter */ 41 | #endif 42 | 43 | #endif /* !defined( _LIBEVTX_UNUSED_H ) */ 44 | 45 | -------------------------------------------------------------------------------- /m4/tests.m4: -------------------------------------------------------------------------------- 1 | dnl Functions for testing 2 | dnl 3 | dnl Version: 20200712 4 | 5 | dnl Function to detect if tests dependencies are available 6 | AC_DEFUN([AX_TESTS_CHECK_LOCAL], 7 | [AC_CHECK_HEADERS([dlfcn.h]) 8 | 9 | AC_CHECK_FUNCS([fmemopen getopt mkstemp setenv tzset unlink]) 10 | 11 | AC_CHECK_LIB( 12 | dl, 13 | dlsym) 14 | 15 | AS_IF( 16 | [test "x$lt_cv_prog_gnu_ld" = xyes && test "x$ac_cv_lib_dl_dlsym" = xyes], 17 | [AC_DEFINE( 18 | [HAVE_GNU_DL_DLSYM], 19 | [1], 20 | [Define to 1 if dlsym function is available in GNU dl.]) 21 | ]) 22 | ]) 23 | 24 | dnl Function to detect if OSS-Fuzz build environment is available 25 | AC_DEFUN([AX_TESTS_CHECK_OSSFUZZ], 26 | [AM_CONDITIONAL( 27 | HAVE_LIB_FUZZING_ENGINE, 28 | [test "x${LIB_FUZZING_ENGINE}" != x]) 29 | AC_SUBST( 30 | [LIB_FUZZING_ENGINE], 31 | ["${LIB_FUZZING_ENGINE}"]) 32 | ]) 33 | 34 | -------------------------------------------------------------------------------- /m4/types.m4: -------------------------------------------------------------------------------- 1 | dnl Functions for type definitions 2 | dnl 3 | dnl Version: 20180727 4 | 5 | dnl Function to detect if type definitions are available 6 | AC_DEFUN([AX_TYPES_CHECK_LOCAL], 7 | [AS_IF( 8 | [test "x$ac_cv_enable_winapi" = xyes], 9 | [ac_cv_enable_wide_character_type=yes]) 10 | 11 | AS_IF( 12 | [test "x$ac_cv_enable_wide_character_type" = xyes], 13 | [AC_DEFINE( 14 | [HAVE_WIDE_CHARACTER_TYPE], 15 | [1], 16 | [Define to 1 if wide character type should be used.]) 17 | AC_SUBST( 18 | [HAVE_WIDE_CHARACTER_TYPE], 19 | [1]) ], 20 | [AC_SUBST( 21 | [HAVE_WIDE_CHARACTER_TYPE], 22 | [0]) 23 | ]) 24 | 25 | AC_CHECK_HEADERS([sys/types.h inttypes.h stdint.h wchar.h]) 26 | 27 | AS_IF( 28 | [test "x$ac_cv_header_sys_types_h" = xyes], 29 | [AC_SUBST( 30 | [HAVE_SYS_TYPES_H], 31 | [1])], 32 | [AC_SUBST( 33 | [HAVE_SYS_TYPES_H], 34 | [0]) 35 | ]) 36 | 37 | AS_IF( 38 | [test "x$ac_cv_header_inttypes_h" = xyes], 39 | [AC_SUBST( 40 | [HAVE_INTTYPES_H], 41 | [1])], 42 | [AC_SUBST( 43 | [HAVE_INTTYPES_H], 44 | [0]) 45 | ]) 46 | 47 | AS_IF( 48 | [test "x$ac_cv_header_stdint_h" = xyes], 49 | [AC_SUBST( 50 | [HAVE_STDINT_H], 51 | [1])], 52 | [AC_SUBST( 53 | [HAVE_STDINT_H], 54 | [0]) 55 | ]) 56 | 57 | AS_IF( 58 | [test "x$ac_cv_header_wchar_h" = xyes], 59 | [AC_SUBST( 60 | [HAVE_WCHAR_H], 61 | [1]) ], 62 | [AC_SUBST( 63 | [HAVE_WCHAR_H], 64 | [0]) 65 | ]) 66 | 67 | AC_TYPE_MODE_T 68 | AC_TYPE_OFF_T 69 | AC_TYPE_SIZE_T 70 | 71 | AC_CHECK_TYPE( 72 | [size32_t], 73 | [AC_SUBST( 74 | [HAVE_SIZE32_T], 75 | [1])], 76 | [AC_SUBST( 77 | [HAVE_SIZE32_T], 78 | [0]) 79 | ]) 80 | 81 | AC_CHECK_TYPE( 82 | [ssize32_t], 83 | [AC_SUBST( 84 | [HAVE_SSIZE32_T], 85 | [1])], 86 | [AC_SUBST( 87 | [HAVE_SSIZE32_T], 88 | [0]) 89 | ]) 90 | 91 | AC_CHECK_TYPE( 92 | [size64_t], 93 | [AC_SUBST( 94 | [HAVE_SIZE64_T], 95 | [1])], 96 | [AC_SUBST( 97 | [HAVE_SIZE64_T], 98 | [0]) 99 | ]) 100 | 101 | AC_CHECK_TYPE( 102 | [ssize64_t], 103 | [AC_SUBST( 104 | [HAVE_SSIZE64_T], 105 | [1])], 106 | [AC_SUBST( 107 | [HAVE_SSIZE64_T], 108 | [0]) 109 | ]) 110 | 111 | AC_CHECK_TYPE( 112 | [off64_t], 113 | [AC_SUBST( 114 | [HAVE_OFF64_T], 115 | [1])], 116 | [AC_SUBST( 117 | [HAVE_OFF64_T], 118 | [0]) 119 | ]) 120 | 121 | AC_CHECK_TYPE([ssize_t]) 122 | AC_CHECK_TYPE([u64]) 123 | 124 | AC_CHECK_SIZEOF([int]) 125 | AC_CHECK_SIZEOF([long]) 126 | AC_CHECK_SIZEOF([off_t]) 127 | AC_CHECK_SIZEOF([size_t]) 128 | 129 | AS_IF( 130 | [test "x$ac_cv_header_wchar_h" = xyes], 131 | [AC_CHECK_SIZEOF([wchar_t])]) 132 | ]) 133 | 134 | -------------------------------------------------------------------------------- /manuals/Makefile.am: -------------------------------------------------------------------------------- 1 | man_MANS = \ 2 | evtxexport.1 \ 3 | evtxinfo.1 \ 4 | libevtx.3 5 | 6 | EXTRA_DIST = \ 7 | evtxexport.1 \ 8 | evtxinfo.1 \ 9 | libevtx.3 10 | 11 | DISTCLEANFILES = \ 12 | Makefile \ 13 | Makefile.in 14 | 15 | -------------------------------------------------------------------------------- /manuals/evtxinfo.1: -------------------------------------------------------------------------------- 1 | .Dd April 14, 2019 2 | .Dt evtxinfo 3 | .Os libevtx 4 | .Sh NAME 5 | .Nm evtxinfo 6 | .Nd determines information about a Windows XML EventViewer Log (EVTX) file 7 | .Sh SYNOPSIS 8 | .Nm evtxinfo 9 | .Op Fl c Ar codepage 10 | .Op Fl hvV 11 | .Ar source 12 | .Sh DESCRIPTION 13 | .Nm evtxinfo 14 | is a utility to determine information about a Windows XML EventViewer Log (EVTX) file 15 | .Pp 16 | .Nm evtxinfo 17 | is part of the 18 | .Nm libevtx 19 | package. 20 | .Nm libevtx 21 | is a library to accesss the Windows XML EventViewer Log (EVTX) format 22 | .Pp 23 | .Ar source 24 | is the source file. 25 | .Pp 26 | The options are as follows: 27 | .Bl -tag -width Ds 28 | .It Fl c Ar codepage 29 | specify the codepage of ASCII strings, options: ascii, windows-874, windows-932, windows-936, windows-949, windows-950, windows-1250, windows-1251, windows-1252 (default), windows-1253, windows-1254, windows-1255, windows-1256, windows-1257 or windows-1258 30 | .It Fl h 31 | shows this help 32 | .It Fl v 33 | verbose output to stderr 34 | .It Fl V 35 | print version 36 | .El 37 | .Sh ENVIRONMENT 38 | None 39 | .Sh FILES 40 | None 41 | .Sh EXAMPLES 42 | .Bd -literal 43 | .Dl ... 44 | .sp 45 | .Ed 46 | .Sh DIAGNOSTICS 47 | Errors, verbose and debug output are printed to stderr when verbose output \-v is enabled. 48 | Verbose and debug output are only printed when enabled at compilation. 49 | .Sh BUGS 50 | Please report bugs of any kind to or on the project website: 51 | https://github.com/libyal/libevtx/ 52 | .Sh AUTHOR 53 | These man pages were written by Joachim Metz. 54 | .Sh COPYRIGHT 55 | Copyright (C) 2011-2024, Joachim Metz . 56 | .Sh SEE ALSO 57 | -------------------------------------------------------------------------------- /msvscpp/Makefile.am: -------------------------------------------------------------------------------- 1 | MSVSCPP_FILES = \ 2 | evtx_test_chunk/evtx_test_chunk.vcproj \ 3 | evtx_test_chunks_table/evtx_test_chunks_table.vcproj \ 4 | evtx_test_error/evtx_test_error.vcproj \ 5 | evtx_test_file/evtx_test_file.vcproj \ 6 | evtx_test_io_handle/evtx_test_io_handle.vcproj \ 7 | evtx_test_notify/evtx_test_notify.vcproj \ 8 | evtx_test_record/evtx_test_record.vcproj \ 9 | evtx_test_record_values/evtx_test_record_values.vcproj \ 10 | evtx_test_support/evtx_test_support.vcproj \ 11 | evtx_test_template_definition/evtx_test_template_definition.vcproj \ 12 | evtx_test_tools_info_handle/evtx_test_tools_info_handle.vcproj \ 13 | evtx_test_tools_message_handle/evtx_test_tools_message_handle.vcproj \ 14 | evtx_test_tools_message_string/evtx_test_tools_message_string.vcproj \ 15 | evtx_test_tools_output/evtx_test_tools_output.vcproj \ 16 | evtx_test_tools_path_handle/evtx_test_tools_path_handle.vcproj \ 17 | evtx_test_tools_registry_file/evtx_test_tools_registry_file.vcproj \ 18 | evtx_test_tools_resource_file/evtx_test_tools_resource_file.vcproj \ 19 | evtx_test_tools_signal/evtx_test_tools_signal.vcproj \ 20 | evtxexport/evtxexport.vcproj \ 21 | evtxinfo/evtxinfo.vcproj \ 22 | libbfio/libbfio.vcproj \ 23 | libcdata/libcdata.vcproj \ 24 | libcdirectory/libcdirectory.vcproj \ 25 | libcerror/libcerror.vcproj \ 26 | libcfile/libcfile.vcproj \ 27 | libclocale/libclocale.vcproj \ 28 | libcnotify/libcnotify.vcproj \ 29 | libcpath/libcpath.vcproj \ 30 | libcsplit/libcsplit.vcproj \ 31 | libcthreads/libcthreads.vcproj \ 32 | libevtx/libevtx.vcproj \ 33 | libexe/libexe.vcproj \ 34 | libfcache/libfcache.vcproj \ 35 | libfdata/libfdata.vcproj \ 36 | libfdatetime/libfdatetime.vcproj \ 37 | libfguid/libfguid.vcproj \ 38 | libfvalue/libfvalue.vcproj \ 39 | libfwevt/libfwevt.vcproj \ 40 | libfwnt/libfwnt.vcproj \ 41 | libregf/libregf.vcproj \ 42 | libuna/libuna.vcproj \ 43 | libwrc/libwrc.vcproj \ 44 | pyevtx/pyevtx.vcproj \ 45 | libevtx.sln 46 | 47 | EXTRA_DIST = \ 48 | $(MSVSCPP_FILES) 49 | 50 | DISTCLEANFILES = \ 51 | Makefile \ 52 | Makefile.in 53 | 54 | -------------------------------------------------------------------------------- /ossfuzz/Makefile.am: -------------------------------------------------------------------------------- 1 | if HAVE_LIB_FUZZING_ENGINE 2 | AM_CPPFLAGS = \ 3 | -I../include -I$(top_srcdir)/include \ 4 | -I../common -I$(top_srcdir)/common \ 5 | @LIBCERROR_CPPFLAGS@ \ 6 | @LIBCDATA_CPPFLAGS@ \ 7 | @LIBCLOCALE_CPPFLAGS@ \ 8 | @LIBCNOTIFY_CPPFLAGS@ \ 9 | @LIBUNA_CPPFLAGS@ \ 10 | @LIBCFILE_CPPFLAGS@ \ 11 | @LIBCPATH_CPPFLAGS@ \ 12 | @LIBBFIO_CPPFLAGS@ 13 | 14 | bin_PROGRAMS = \ 15 | file_fuzzer \ 16 | record_fuzzer 17 | 18 | file_fuzzer_SOURCES = \ 19 | file_fuzzer.cc \ 20 | ossfuzz_libbfio.h \ 21 | ossfuzz_libevtx.h 22 | 23 | file_fuzzer_LDADD = \ 24 | @LIB_FUZZING_ENGINE@ \ 25 | @LIBBFIO_LIBADD@ \ 26 | @LIBCPATH_LIBADD@ \ 27 | @LIBCFILE_LIBADD@ \ 28 | @LIBUNA_LIBADD@ \ 29 | @LIBCDATA_LIBADD@ \ 30 | ../libevtx/libevtx.la \ 31 | @LIBCNOTIFY_LIBADD@ \ 32 | @LIBCLOCALE_LIBADD@ \ 33 | @LIBCERROR_LIBADD@ \ 34 | @LIBINTL@ 35 | 36 | record_fuzzer_SOURCES = \ 37 | ossfuzz_libbfio.h \ 38 | ossfuzz_libevtx.h \ 39 | record_fuzzer.cc 40 | 41 | record_fuzzer_LDADD = \ 42 | @LIB_FUZZING_ENGINE@ \ 43 | @LIBBFIO_LIBADD@ \ 44 | @LIBCPATH_LIBADD@ \ 45 | @LIBCFILE_LIBADD@ \ 46 | @LIBUNA_LIBADD@ \ 47 | @LIBCDATA_LIBADD@ \ 48 | ../libevtx/libevtx.la \ 49 | @LIBCNOTIFY_LIBADD@ \ 50 | @LIBCLOCALE_LIBADD@ \ 51 | @LIBCERROR_LIBADD@ \ 52 | @LIBINTL@ 53 | endif 54 | 55 | DISTCLEANFILES = \ 56 | Makefile \ 57 | Makefile.in 58 | 59 | splint-local: 60 | @echo "Running splint on file_fuzzer ..." 61 | -splint -preproc -redef $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(file_fuzzer_SOURCES) 62 | @echo "Running splint on record_fuzzer ..." 63 | -splint -preproc -redef $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(record_fuzzer_SOURCES) 64 | 65 | -------------------------------------------------------------------------------- /ossfuzz/file_fuzzer.cc: -------------------------------------------------------------------------------- 1 | /* 2 | * OSS-Fuzz target for libevtx file type 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #include 23 | #include 24 | 25 | /* Note that some of the OSS-Fuzz engines use C++ 26 | */ 27 | extern "C" { 28 | 29 | #include "ossfuzz_libbfio.h" 30 | #include "ossfuzz_libevtx.h" 31 | 32 | #if !defined( LIBEVTX_HAVE_BFIO ) 33 | 34 | /* Opens a file using a Basic File IO (bfio) handle 35 | * Returns 1 if successful or -1 on error 36 | */ 37 | LIBEVTX_EXTERN \ 38 | int libevtx_file_open_file_io_handle( 39 | libevtx_file_t *file, 40 | libbfio_handle_t *file_io_handle, 41 | int access_flags, 42 | libevtx_error_t **error ); 43 | 44 | #endif /* !defined( LIBEVTX_HAVE_BFIO ) */ 45 | 46 | int LLVMFuzzerTestOneInput( 47 | const uint8_t *data, 48 | size_t size ) 49 | { 50 | libbfio_handle_t *file_io_handle = NULL; 51 | libevtx_file_t *file = NULL; 52 | 53 | if( libbfio_memory_range_initialize( 54 | &file_io_handle, 55 | NULL ) != 1 ) 56 | { 57 | return( 0 ); 58 | } 59 | if( libbfio_memory_range_set( 60 | file_io_handle, 61 | (uint8_t *) data, 62 | size, 63 | NULL ) != 1 ) 64 | { 65 | goto on_error_libbfio; 66 | } 67 | if( libevtx_file_initialize( 68 | &file, 69 | NULL ) != 1 ) 70 | { 71 | goto on_error_libbfio; 72 | } 73 | if( libevtx_file_open_file_io_handle( 74 | file, 75 | file_io_handle, 76 | LIBEVTX_OPEN_READ, 77 | NULL ) != 1 ) 78 | { 79 | goto on_error_libevtx; 80 | } 81 | libevtx_file_close( 82 | file, 83 | NULL ); 84 | 85 | on_error_libevtx: 86 | libevtx_file_free( 87 | &file, 88 | NULL ); 89 | 90 | on_error_libbfio: 91 | libbfio_handle_free( 92 | &file_io_handle, 93 | NULL ); 94 | 95 | return( 0 ); 96 | } 97 | 98 | } /* extern "C" */ 99 | 100 | -------------------------------------------------------------------------------- /ossfuzz/ossfuzz_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _OSSFUZZ_LIBBFIO_H ) 23 | #define _OSSFUZZ_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) && !defined( HAVE_STATIC_EXECUTABLES ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _OSSFUZZ_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /ossfuzz/ossfuzz_libevtx.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libevtx header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _OSSFUZZ_LIBEVTX_H ) 23 | #define _OSSFUZZ_LIBEVTX_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _OSSFUZZ_LIBEVTX_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /po/ChangeLog: -------------------------------------------------------------------------------- 1 | 2016-11-01 gettextize 2 | -------------------------------------------------------------------------------- /po/Makevars.in: -------------------------------------------------------------------------------- 1 | # Makefile variables for PO directory in any package using GNU gettext. 2 | 3 | # Usually the message domain is the same as the package name. 4 | DOMAIN = @PACKAGE@ 5 | 6 | # These two variables depend on the location of this directory. 7 | subdir = po 8 | top_builddir = .. 9 | 10 | # These options get passed to xgettext. 11 | XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ 12 | 13 | # This is the copyright holder that gets inserted into the header of the 14 | # $(DOMAIN).pot file. Set this to the copyright holder of the surrounding 15 | # package. (Note that the msgstr strings, extracted from the package's 16 | # sources, belong to the copyright holder of the package.) Translators are 17 | # expected to transfer the copyright for their translations to this person 18 | # or entity, or to disclaim their copyright. The empty string stands for 19 | # the public domain; in this case the translators are expected to disclaim 20 | # their copyright. 21 | COPYRIGHT_HOLDER = Joachim Metz 22 | 23 | # This is the email address or URL to which the translators shall report 24 | # bugs in the untranslated strings: 25 | # - Strings which are not entire sentences, see the maintainer guidelines 26 | # in the GNU gettext documentation, section 'Preparing Strings'. 27 | # - Strings which use unclear terms or require additional context to be 28 | # understood. 29 | # - Strings which make invalid assumptions about notation of date, time or 30 | # money. 31 | # - Pluralisation problems. 32 | # - Incorrect English spelling. 33 | # - Incorrect formatting. 34 | # It can be your email address, or a mailing list address where translators 35 | # can write to without being subscribed, or the URL of a web page through 36 | # which the translators can contact you. 37 | MSGID_BUGS_ADDRESS = @PACKAGE_BUGREPORT@ 38 | 39 | # This is the list of locale categories, beyond LC_MESSAGES, for which the 40 | # message catalogs shall be used. It is usually empty. 41 | EXTRA_LOCALE_CATEGORIES = 42 | 43 | # Additional make targets. 44 | sources splint: 45 | 46 | -------------------------------------------------------------------------------- /po/POTFILES.in: -------------------------------------------------------------------------------- 1 | # List of source files which contain translatable strings. 2 | -------------------------------------------------------------------------------- /pyevtx/Makefile.am: -------------------------------------------------------------------------------- 1 | if HAVE_PYTHON 2 | AM_CFLAGS = \ 3 | -I../include -I$(top_srcdir)/include \ 4 | -I../common -I$(top_srcdir)/common \ 5 | @LIBCERROR_CPPFLAGS@ \ 6 | @LIBCDATA_CPPFLAGS@ \ 7 | @LIBCLOCALE_CPPFLAGS@ \ 8 | @LIBCSPLIT_CPPFLAGS@ \ 9 | @LIBUNA_CPPFLAGS@ \ 10 | @LIBCFILE_CPPFLAGS@ \ 11 | @LIBCPATH_CPPFLAGS@ \ 12 | @LIBBFIO_CPPFLAGS@ \ 13 | @LIBEVTX_DLL_IMPORT@ 14 | 15 | pyexec_LTLIBRARIES = pyevtx.la 16 | 17 | pyevtx_la_SOURCES = \ 18 | pyevtx.c pyevtx.h \ 19 | pyevtx_codepage.c pyevtx_codepage.h \ 20 | pyevtx_datetime.c pyevtx_datetime.h \ 21 | pyevtx_error.c pyevtx_error.h \ 22 | pyevtx_event_levels.c pyevtx_event_levels.h \ 23 | pyevtx_file.c pyevtx_file.h \ 24 | pyevtx_file_flags.c pyevtx_file_flags.h \ 25 | pyevtx_file_object_io_handle.c pyevtx_file_object_io_handle.h \ 26 | pyevtx_integer.c pyevtx_integer.h \ 27 | pyevtx_libbfio.h \ 28 | pyevtx_libcerror.h \ 29 | pyevtx_libclocale.h \ 30 | pyevtx_libevtx.h \ 31 | pyevtx_python.h \ 32 | pyevtx_record.c pyevtx_record.h \ 33 | pyevtx_records.c pyevtx_records.h \ 34 | pyevtx_strings.c pyevtx_strings.h \ 35 | pyevtx_unused.h 36 | 37 | pyevtx_la_LIBADD = \ 38 | @LIBCERROR_LIBADD@ \ 39 | ../libevtx/libevtx.la \ 40 | @LIBCDATA_LIBADD@ \ 41 | @LIBCLOCALE_LIBADD@ \ 42 | @LIBCSPLIT_LIBADD@ \ 43 | @LIBUNA_LIBADD@ \ 44 | @LIBCFILE_LIBADD@ \ 45 | @LIBCPATH_LIBADD@ \ 46 | @LIBBFIO_LIBADD@ 47 | 48 | pyevtx_la_CPPFLAGS = $(PYTHON_CPPFLAGS) 49 | pyevtx_la_LDFLAGS = -module -avoid-version $(PYTHON_LDFLAGS) 50 | 51 | endif 52 | 53 | DISTCLEANFILES = \ 54 | Makefile \ 55 | Makefile.in 56 | 57 | -------------------------------------------------------------------------------- /pyevtx/pyevtx.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python bindings module for libevtx (pyevtx) 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_H ) 23 | #define _PYEVTX_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_python.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | PyObject *pyevtx_get_version( 35 | PyObject *self, 36 | PyObject *arguments ); 37 | 38 | PyObject *pyevtx_check_file_signature( 39 | PyObject *self, 40 | PyObject *arguments, 41 | PyObject *keywords ); 42 | 43 | PyObject *pyevtx_check_file_signature_file_object( 44 | PyObject *self, 45 | PyObject *arguments, 46 | PyObject *keywords ); 47 | 48 | PyObject *pyevtx_open_new_file( 49 | PyObject *self, 50 | PyObject *arguments, 51 | PyObject *keywords ); 52 | 53 | PyObject *pyevtx_open_new_file_with_file_object( 54 | PyObject *self, 55 | PyObject *arguments, 56 | PyObject *keywords ); 57 | 58 | #if PY_MAJOR_VERSION >= 3 59 | PyMODINIT_FUNC PyInit_pyevtx( 60 | void ); 61 | #else 62 | PyMODINIT_FUNC initpyevtx( 63 | void ); 64 | #endif 65 | 66 | #if defined( __cplusplus ) 67 | } 68 | #endif 69 | 70 | #endif /* !defined( _PYEVTX_H ) */ 71 | 72 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_codepage.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Codepage functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_CODEPAGE_H ) 23 | #define _PYEVTX_CODEPAGE_H 24 | 25 | #include 26 | #include 27 | 28 | #if defined( __cplusplus ) 29 | extern "C" { 30 | #endif 31 | 32 | const char *pyevtx_codepage_to_string( 33 | int codepage ); 34 | 35 | /* TODO add list function */ 36 | 37 | #if defined( __cplusplus ) 38 | } 39 | #endif 40 | 41 | #endif /* !defined( _PYEVTX_CODEPAGE_H ) */ 42 | 43 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_datetime.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Date and time functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_DATETIME_H ) 23 | #define _PYEVTX_DATETIME_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_python.h" 29 | 30 | #if defined( __cplusplus ) 31 | extern "C" { 32 | #endif 33 | 34 | PyObject *pyevtx_datetime_new_from_time_elements( 35 | uint16_t year, 36 | uint64_t number_of_days, 37 | uint8_t hours, 38 | uint8_t minutes, 39 | uint8_t seconds, 40 | uint32_t micro_seconds ); 41 | 42 | PyObject *pyevtx_datetime_new_from_fat_date_time( 43 | uint32_t fat_date_time ); 44 | 45 | PyObject *pyevtx_datetime_new_from_filetime( 46 | uint64_t filetime ); 47 | 48 | PyObject *pyevtx_datetime_new_from_floatingtime( 49 | uint64_t floatingtime ); 50 | 51 | PyObject *pyevtx_datetime_new_from_hfs_time( 52 | uint32_t hfs_time ); 53 | 54 | PyObject *pyevtx_datetime_new_from_posix_time( 55 | int64_t posix_time ); 56 | 57 | PyObject *pyevtx_datetime_new_from_posix_time_in_micro_seconds( 58 | int64_t posix_time ); 59 | 60 | #if defined( __cplusplus ) 61 | } 62 | #endif 63 | 64 | #endif /* !defined( _PYEVTX_DATETIME_H ) */ 65 | 66 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_error.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Error functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_ERROR_H ) 23 | #define _PYEVTX_ERROR_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_libcerror.h" 29 | #include "pyevtx_python.h" 30 | 31 | #define PYEVTX_ERROR_STRING_SIZE 2048 32 | 33 | #if defined( __cplusplus ) 34 | extern "C" { 35 | #endif 36 | 37 | void pyevtx_error_fetch( 38 | libcerror_error_t **error, 39 | int error_domain, 40 | int error_code, 41 | const char *format_string, 42 | ... ); 43 | 44 | void pyevtx_error_fetch_and_raise( 45 | PyObject *exception_object, 46 | const char *format_string, 47 | ... ); 48 | 49 | void pyevtx_error_raise( 50 | libcerror_error_t *error, 51 | PyObject *exception_object, 52 | const char *format_string, 53 | ... ); 54 | 55 | #if defined( __cplusplus ) 56 | } 57 | #endif 58 | 59 | #endif /* !defined( _PYEVTX_ERROR_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_event_levels.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the libevtx event levels 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_EVENT_LEVELS_H ) 23 | #define _PYEVTX_EVENT_LEVELS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_libevtx.h" 29 | #include "pyevtx_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevtx_event_levels pyevtx_event_levels_t; 36 | 37 | struct pyevtx_event_levels 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | }; 43 | 44 | extern PyTypeObject pyevtx_event_levels_type_object; 45 | 46 | int pyevtx_event_levels_init_type( 47 | PyTypeObject *type_object ); 48 | 49 | PyObject *pyevtx_event_levels_new( 50 | void ); 51 | 52 | int pyevtx_event_levels_init( 53 | pyevtx_event_levels_t *definitions_object ); 54 | 55 | void pyevtx_event_levels_free( 56 | pyevtx_event_levels_t *definitions_object ); 57 | 58 | #if defined( __cplusplus ) 59 | } 60 | #endif 61 | 62 | #endif /* !defined( _PYEVTX_EVENT_LEVELS_H ) */ 63 | 64 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_file_flags.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the libevtx file flags 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_FILE_FLAGS_H ) 23 | #define _PYEVTX_FILE_FLAGS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_libevtx.h" 29 | #include "pyevtx_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevtx_file_flags pyevtx_file_flags_t; 36 | 37 | struct pyevtx_file_flags 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | }; 43 | 44 | extern PyTypeObject pyevtx_file_flags_type_object; 45 | 46 | int pyevtx_file_flags_init_type( 47 | PyTypeObject *type_object ); 48 | 49 | PyObject *pyevtx_file_flags_new( 50 | void ); 51 | 52 | int pyevtx_file_flags_init( 53 | pyevtx_file_flags_t *definitions_object ); 54 | 55 | void pyevtx_file_flags_free( 56 | pyevtx_file_flags_t *definitions_object ); 57 | 58 | #if defined( __cplusplus ) 59 | } 60 | #endif 61 | 62 | #endif /* !defined( _PYEVTX_FILE_FLAGS_H ) */ 63 | 64 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_integer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Integer functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_INTEGER_H ) 23 | #define _PYEVTX_INTEGER_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_libcerror.h" 29 | #include "pyevtx_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | PyObject *pyevtx_integer_signed_new_from_64bit( 36 | int64_t value_64bit ); 37 | 38 | PyObject *pyevtx_integer_unsigned_new_from_64bit( 39 | uint64_t value_64bit ); 40 | 41 | int pyevtx_integer_signed_copy_to_64bit( 42 | PyObject *integer_object, 43 | int64_t *value_64bit, 44 | libcerror_error_t **error ); 45 | 46 | int pyevtx_integer_unsigned_copy_to_64bit( 47 | PyObject *integer_object, 48 | uint64_t *value_64bit, 49 | libcerror_error_t **error ); 50 | 51 | #if defined( __cplusplus ) 52 | } 53 | #endif 54 | 55 | #endif /* !defined( _PYEVTX_INTEGER_H ) */ 56 | 57 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_LIBBFIO_H ) 23 | #define _PYEVTX_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 52 | 53 | #endif /* !defined( _PYEVTX_LIBBFIO_H ) */ 54 | 55 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_LIBCERROR_H ) 23 | #define _PYEVTX_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _PYEVTX_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_LIBCLOCALE_H ) 23 | #define _PYEVTX_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _PYEVTX_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_libevtx.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The internal libevtx header 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_LIBEVTX_H ) 23 | #define _PYEVTX_LIBEVTX_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _PYEVTX_LIBEVTX_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_libfwnt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libfwnt header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_LIBFWNT_H ) 23 | #define _PYEVTX_LIBFWNT_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBFWNT for local use of libfwnt 28 | */ 29 | #if defined( HAVE_LOCAL_LIBFWNT ) 30 | 31 | #include 32 | #include 33 | #include 34 | 35 | #else 36 | 37 | /* If libtool DLL support is enabled set LIBFWNT_DLL_IMPORT 38 | * before including libfwnt.h 39 | */ 40 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 41 | #define LIBFWNT_DLL_IMPORT 42 | #endif 43 | 44 | #include 45 | 46 | #endif 47 | 48 | #endif 49 | 50 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_python.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The python header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_PYTHON_H ) 23 | #define _PYEVTX_PYTHON_H 24 | 25 | #include 26 | 27 | #if PY_MAJOR_VERSION < 3 28 | 29 | /* Fix defines in pyconfig.h 30 | */ 31 | #undef _POSIX_C_SOURCE 32 | #undef _XOPEN_SOURCE 33 | 34 | /* Fix defines in pyport.h 35 | */ 36 | #undef HAVE_FSTAT 37 | #undef HAVE_STAT 38 | #undef HAVE_SSIZE_T 39 | #undef HAVE_INT32_T 40 | #undef HAVE_UINT32_T 41 | #undef HAVE_INT64_T 42 | #undef HAVE_UINT64_T 43 | 44 | #endif /* PY_MAJOR_VERSION < 3 */ 45 | 46 | /* Define PY_SSIZE_T_CLEAN to silence: 47 | * DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats 48 | * 49 | * PY_SSIZE_T_CLEAN was introduced in Python 2.5 50 | */ 51 | #define PY_SSIZE_T_CLEAN 52 | 53 | #include 54 | 55 | /* Python compatibility macros 56 | */ 57 | #if !defined( PyMODINIT_FUNC ) 58 | #if PY_MAJOR_VERSION >= 3 59 | #define PyMODINIT_FUNC PyObject * 60 | #else 61 | #define PyMODINIT_FUNC void 62 | #endif 63 | #endif /* !defined( PyMODINIT_FUNC ) */ 64 | 65 | #if !defined( PyVarObject_HEAD_INIT ) 66 | #define PyVarObject_HEAD_INIT( type, size ) \ 67 | PyObject_HEAD_INIT( type ) \ 68 | size, 69 | 70 | #endif /* !defined( PyVarObject_HEAD_INIT ) */ 71 | 72 | #if PY_MAJOR_VERSION >= 3 73 | #define Py_TPFLAGS_HAVE_ITER 0 74 | #endif 75 | 76 | #if !defined( Py_TYPE ) 77 | #define Py_TYPE( object ) \ 78 | ( ( (PyObject *) object )->ob_type ) 79 | 80 | #endif /* !defined( Py_TYPE ) */ 81 | 82 | #endif /* !defined( _PYEVTX_PYTHON_H ) */ 83 | 84 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_records.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the sequence and iterator object of records 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_RECORDS_H ) 23 | #define _PYEVTX_RECORDS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_libevtx.h" 29 | #include "pyevtx_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevtx_records pyevtx_records_t; 36 | 37 | struct pyevtx_records 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | 43 | /* The parent object 44 | */ 45 | PyObject *parent_object; 46 | 47 | /* The get item by index callback function 48 | */ 49 | PyObject* (*get_item_by_index)( 50 | PyObject *parent_object, 51 | int index ); 52 | 53 | /* The current index 54 | */ 55 | int current_index; 56 | 57 | /* The number of items 58 | */ 59 | int number_of_items; 60 | }; 61 | 62 | extern PyTypeObject pyevtx_records_type_object; 63 | 64 | PyObject *pyevtx_records_new( 65 | PyObject *parent_object, 66 | PyObject* (*get_item_by_index)( 67 | PyObject *parent_object, 68 | int index ), 69 | int number_of_items ); 70 | 71 | int pyevtx_records_init( 72 | pyevtx_records_t *sequence_object ); 73 | 74 | void pyevtx_records_free( 75 | pyevtx_records_t *sequence_object ); 76 | 77 | Py_ssize_t pyevtx_records_len( 78 | pyevtx_records_t *sequence_object ); 79 | 80 | PyObject *pyevtx_records_getitem( 81 | pyevtx_records_t *sequence_object, 82 | Py_ssize_t item_index ); 83 | 84 | PyObject *pyevtx_records_iter( 85 | pyevtx_records_t *sequence_object ); 86 | 87 | PyObject *pyevtx_records_iternext( 88 | pyevtx_records_t *sequence_object ); 89 | 90 | #if defined( __cplusplus ) 91 | } 92 | #endif 93 | 94 | #endif /* !defined( _PYEVTX_RECORDS_H ) */ 95 | 96 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_strings.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Python object definition of the sequence and iterator object of strings 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_STRINGS_H ) 23 | #define _PYEVTX_STRINGS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "pyevtx_libevtx.h" 29 | #include "pyevtx_python.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | typedef struct pyevtx_strings pyevtx_strings_t; 36 | 37 | struct pyevtx_strings 38 | { 39 | /* Python object initialization 40 | */ 41 | PyObject_HEAD 42 | 43 | /* The parent object 44 | */ 45 | PyObject *parent_object; 46 | 47 | /* The get item by index callback function 48 | */ 49 | PyObject* (*get_item_by_index)( 50 | PyObject *parent_object, 51 | int index ); 52 | 53 | /* The current index 54 | */ 55 | int current_index; 56 | 57 | /* The number of items 58 | */ 59 | int number_of_items; 60 | }; 61 | 62 | extern PyTypeObject pyevtx_strings_type_object; 63 | 64 | PyObject *pyevtx_strings_new( 65 | PyObject *parent_object, 66 | PyObject* (*get_item_by_index)( 67 | PyObject *parent_object, 68 | int index ), 69 | int number_of_items ); 70 | 71 | int pyevtx_strings_init( 72 | pyevtx_strings_t *sequence_object ); 73 | 74 | void pyevtx_strings_free( 75 | pyevtx_strings_t *sequence_object ); 76 | 77 | Py_ssize_t pyevtx_strings_len( 78 | pyevtx_strings_t *sequence_object ); 79 | 80 | PyObject *pyevtx_strings_getitem( 81 | pyevtx_strings_t *sequence_object, 82 | Py_ssize_t item_index ); 83 | 84 | PyObject *pyevtx_strings_iter( 85 | pyevtx_strings_t *sequence_object ); 86 | 87 | PyObject *pyevtx_strings_iternext( 88 | pyevtx_strings_t *sequence_object ); 89 | 90 | #if defined( __cplusplus ) 91 | } 92 | #endif 93 | 94 | #endif /* !defined( _PYEVTX_STRINGS_H ) */ 95 | 96 | -------------------------------------------------------------------------------- /pyevtx/pyevtx_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _PYEVTX_UNUSED_H ) 23 | #define _PYEVTX_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( PYEVTX_ATTRIBUTE_UNUSED ) 28 | #if defined( __GNUC__ ) && __GNUC__ >= 3 29 | #define PYEVTX_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 30 | #else 31 | #define PYEVTX_ATTRIBUTE_UNUSED 32 | #endif 33 | #endif 34 | 35 | #if defined( _MSC_VER ) 36 | #define PYEVTX_UNREFERENCED_PARAMETER( parameter ) \ 37 | UNREFERENCED_PARAMETER( parameter ); 38 | #else 39 | #define PYEVTX_UNREFERENCED_PARAMETER( parameter ) \ 40 | /* parameter */ 41 | #endif 42 | 43 | #endif /* !defined( _PYEVTX_UNUSED_H ) */ 44 | 45 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [build-system] 2 | requires = ["setuptools", "wheel"] 3 | build-backend = "setuptools.build_meta" 4 | 5 | -------------------------------------------------------------------------------- /runtests.ps1: -------------------------------------------------------------------------------- 1 | # Script that runs the tests 2 | # 3 | # Version: 20220103 4 | 5 | $ExitSuccess = 0 6 | $ExitFailure = 1 7 | $ExitIgnore = 77 8 | 9 | Set-Location -Path "tests" 10 | 11 | $Result = ${ExitSuccess} 12 | 13 | $Lines = Get-Content "Makefile.am" 14 | $InTests = $FALSE 15 | 16 | Foreach (${Line} in ${Lines}) 17 | { 18 | If (${InTests}) 19 | { 20 | If (-Not ${Line}) 21 | { 22 | ${InTests} = $FALSE 23 | 24 | Continue 25 | } 26 | ${Line} = ${Line}.TrimStart() 27 | 28 | If (${Line}.EndsWith(" \")) 29 | { 30 | ${Line} = ${Line}.Substring(0, ${Line}.Length - 2) 31 | } 32 | If (-Not (${Line}.EndsWith(".sh"))) 33 | { 34 | Continue 35 | } 36 | ${Line} = ${Line}.Substring(0, ${Line}.Length - 3) 37 | ${Line} = ".\${Line}.ps1" 38 | 39 | Try 40 | { 41 | Invoke-Expression ${Line} 42 | } 43 | Catch 44 | { 45 | $LastExitCode = ${ExitIgnore} 46 | } 47 | If (${LastExitCode} -eq ${ExitFailure}) 48 | { 49 | $Result = ${ExitFailure} 50 | Write-Host "FAIL" -foreground Red -nonewline 51 | } 52 | ElseIf (${LastExitCode} -eq ${ExitIgnore}) 53 | { 54 | Write-Host "SKIP" -foreground Cyan -nonewline 55 | } 56 | Else 57 | { 58 | Write-Host "PASS" -foreground Green -nonewline 59 | } 60 | Write-Host ": ${Line}" 61 | } 62 | ElseIf (${Line}.StartsWith("TESTS = ")) 63 | { 64 | ${InTests} = $TRUE 65 | } 66 | } 67 | 68 | Set-Location -Path ".." 69 | 70 | Exit ${Result} 71 | -------------------------------------------------------------------------------- /setup.cfg.in: -------------------------------------------------------------------------------- 1 | [metadata] 2 | name = libevtx-python 3 | version = @VERSION@ 4 | description = Python bindings module for libevtx 5 | long_description = Python bindings module for libevtx 6 | long_description_content_type = text/plain 7 | author = Joachim Metz 8 | author_email = joachim.metz@gmail.com 9 | license = GNU Lesser General Public License v3 or later (LGPLv3+) 10 | license_files = COPYING COPYING.LESSER 11 | classifiers = 12 | Development Status :: 3 - Alpha 13 | Programming Language :: Python 14 | 15 | [options] 16 | python_requires = >=3.7 17 | -------------------------------------------------------------------------------- /synctestdata.ps1: -------------------------------------------------------------------------------- 1 | # Script that synchronizes the local test data 2 | # 3 | # Version: 20230709 4 | 5 | $TestSet = "public" 6 | $TestInputDirectory = "tests/input" 7 | $TestFiles = "System.evtx" 8 | 9 | If (-Not (Test-Path ${TestInputDirectory})) 10 | { 11 | New-Item -Name ${TestInputDirectory} -ItemType "directory" | Out-Null 12 | } 13 | If (-Not (Test-Path "${TestInputDirectory}\${TestSet}")) 14 | { 15 | New-Item -Name "${TestInputDirectory}\${TestSet}" -ItemType "directory" | Out-Null 16 | } 17 | ForEach ($TestFile in ${TestFiles} -split " ") 18 | { 19 | $Url = "https://github.com/log2timeline/plaso/blob/main/test_data/${TestFile}?raw=true" 20 | 21 | Invoke-WebRequest -Uri ${Url} -OutFile "${TestInputDirectory}\${TestSet}\${TestFile}" 22 | } 23 | 24 | -------------------------------------------------------------------------------- /synctestdata.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script that synchronizes the local test data 3 | # 4 | # Version: 20161009 5 | 6 | TEST_SET="public"; 7 | TEST_INPUT_DIRECTORY="tests/input"; 8 | TEST_FILES="System.evtx"; 9 | 10 | mkdir -p "${TEST_INPUT_DIRECTORY}/${TEST_SET}"; 11 | 12 | for TEST_FILE in ${TEST_FILES}; 13 | do 14 | URL="https://github.com/log2timeline/plaso/blob/main/test_data/${TEST_FILE}?raw=true"; 15 | 16 | curl -L -o "${TEST_INPUT_DIRECTORY}/${TEST_SET}/${TEST_FILE}" ${URL}; 17 | done 18 | 19 | -------------------------------------------------------------------------------- /tests/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script to build from source 3 | # 4 | # Version: 20201121 5 | 6 | set -e 7 | 8 | ./synclibs.sh --use-head 9 | ./autogen.sh 10 | ./configure "$@" 11 | make > /dev/null 12 | 13 | -------------------------------------------------------------------------------- /tests/evtx_test_functions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Functions for testing 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_FUNCTIONS_H ) 23 | #define _EVTX_TEST_FUNCTIONS_H 24 | 25 | #include 26 | #include 27 | 28 | #include "evtx_test_libbfio.h" 29 | #include "evtx_test_libcerror.h" 30 | 31 | #if defined( __cplusplus ) 32 | extern "C" { 33 | #endif 34 | 35 | int evtx_test_get_narrow_source( 36 | const system_character_t *source, 37 | char *narrow_string, 38 | size_t narrow_string_size, 39 | libcerror_error_t **error ); 40 | 41 | #if defined( HAVE_WIDE_CHARACTER_TYPE ) 42 | 43 | int evtx_test_get_wide_source( 44 | const system_character_t *source, 45 | wchar_t *wide_string, 46 | size_t wide_string_size, 47 | libcerror_error_t **error ); 48 | 49 | #endif /* defined( HAVE_WIDE_CHARACTER_TYPE ) */ 50 | 51 | int evtx_test_open_file_io_handle( 52 | libbfio_handle_t **file_io_handle, 53 | uint8_t *data, 54 | size_t data_size, 55 | libcerror_error_t **error ); 56 | 57 | int evtx_test_close_file_io_handle( 58 | libbfio_handle_t **file_io_handle, 59 | libcerror_error_t **error ); 60 | 61 | #if defined( __cplusplus ) 62 | } 63 | #endif 64 | 65 | #endif /* !defined( _EVTX_TEST_FUNCTIONS_H ) */ 66 | 67 | -------------------------------------------------------------------------------- /tests/evtx_test_getopt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * GetOpt functions 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_GETOPT_H ) 23 | #define _EVTX_TEST_GETOPT_H 24 | 25 | #include 26 | #include 27 | 28 | /* unistd.h is included here to export getopt, optarg, optind and optopt 29 | */ 30 | #if defined( HAVE_UNISTD_H ) 31 | #include 32 | #endif 33 | 34 | #if defined( __cplusplus ) 35 | extern "C" { 36 | #endif 37 | 38 | #if defined( HAVE_GETOPT ) 39 | #define evtx_test_getopt( argument_count, argument_values, options_string ) \ 40 | getopt( argument_count, argument_values, options_string ) 41 | 42 | #else 43 | 44 | #if !defined( __CYGWIN__ ) 45 | extern int optind; 46 | extern system_character_t *optarg; 47 | extern system_integer_t optopt; 48 | 49 | #else 50 | int optind; 51 | system_character_t *optarg; 52 | system_integer_t optopt; 53 | 54 | #endif /* !defined( __CYGWIN__ ) */ 55 | 56 | system_integer_t evtx_test_getopt( 57 | int argument_count, 58 | system_character_t * const argument_values[], 59 | const system_character_t *options_string ); 60 | 61 | #endif /* defined( HAVE_GETOPT ) */ 62 | 63 | #if defined( __cplusplus ) 64 | } 65 | #endif 66 | 67 | #endif /* !defined( _EVTX_TEST_GETOPT_H ) */ 68 | 69 | -------------------------------------------------------------------------------- /tests/evtx_test_libbfio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libbfio header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_LIBBFIO_H ) 23 | #define _EVTX_TEST_LIBBFIO_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBBFIO for local use of libbfio 28 | */ 29 | #if defined( HAVE_LOCAL_LIBBFIO ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | 40 | #else 41 | 42 | /* If libtool DLL support is enabled set LIBBFIO_DLL_IMPORT 43 | * before including libbfio.h 44 | */ 45 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 46 | #define LIBBFIO_DLL_IMPORT 47 | #endif 48 | 49 | #include 50 | 51 | #if defined( HAVE_MULTI_THREAD_SUPPORT ) && !defined( LIBBFIO_HAVE_MULTI_THREAD_SUPPORT ) 52 | #error Multi-threading support requires libbfio with multi-threading support 53 | #endif 54 | 55 | #endif /* defined( HAVE_LOCAL_LIBBFIO ) */ 56 | 57 | #endif /* !defined( _EVTX_TEST_LIBBFIO_H ) */ 58 | 59 | -------------------------------------------------------------------------------- /tests/evtx_test_libcerror.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcerror header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_LIBCERROR_H ) 23 | #define _EVTX_TEST_LIBCERROR_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCERROR for local use of libcerror 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCERROR ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCERROR_DLL_IMPORT 39 | * before including libcerror.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCERROR_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCERROR ) */ 48 | 49 | #endif /* !defined( _EVTX_TEST_LIBCERROR_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/evtx_test_libclocale.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libclocale header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_LIBCLOCALE_H ) 23 | #define _EVTX_TEST_LIBCLOCALE_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCLOCALE for local use of libclocale 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCLOCALE ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCLOCALE_DLL_IMPORT 39 | * before including libclocale.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCLOCALE_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCLOCALE ) */ 48 | 49 | #endif /* !defined( _EVTX_TEST_LIBCLOCALE_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/evtx_test_libcnotify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libcnotify header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_LIBCNOTIFY_H ) 23 | #define _EVTX_TEST_LIBCNOTIFY_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBCNOTIFY for local use of libcnotify 28 | */ 29 | #if defined( HAVE_LOCAL_LIBCNOTIFY ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #else 37 | 38 | /* If libtool DLL support is enabled set LIBCNOTIFY_DLL_IMPORT 39 | * before including libcnotify.h 40 | */ 41 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 42 | #define LIBCNOTIFY_DLL_IMPORT 43 | #endif 44 | 45 | #include 46 | 47 | #endif /* defined( HAVE_LOCAL_LIBCNOTIFY ) */ 48 | 49 | #endif /* !defined( _EVTX_TEST_LIBCNOTIFY_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/evtx_test_libevtx.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libevtx header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_LIBEVTX_H ) 23 | #define _EVTX_TEST_LIBEVTX_H 24 | 25 | #include 26 | 27 | #include 28 | 29 | #endif /* !defined( _EVTX_TEST_LIBEVTX_H ) */ 30 | 31 | -------------------------------------------------------------------------------- /tests/evtx_test_libuna.h: -------------------------------------------------------------------------------- 1 | /* 2 | * The libuna header wrapper 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_LIBUNA_H ) 23 | #define _EVTX_TEST_LIBUNA_H 24 | 25 | #include 26 | 27 | /* Define HAVE_LOCAL_LIBUNA for local use of libuna 28 | */ 29 | #if defined( HAVE_LOCAL_LIBUNA ) 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | #include 39 | #include 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | 46 | #else 47 | 48 | /* If libtool DLL support is enabled set LIBUNA_DLL_IMPORT 49 | * before including libuna.h 50 | */ 51 | #if defined( _WIN32 ) && defined( DLL_IMPORT ) 52 | #define LIBUNA_DLL_IMPORT 53 | #endif 54 | 55 | #include 56 | 57 | #endif /* defined( HAVE_LOCAL_LIBUNA ) */ 58 | 59 | #endif /* !defined( _EVTX_TEST_LIBUNA_H ) */ 60 | 61 | -------------------------------------------------------------------------------- /tests/evtx_test_memory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Memory allocation functions for testing 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_MEMORY_H ) 23 | #define _EVTX_TEST_MEMORY_H 24 | 25 | #include 26 | 27 | #if defined( __cplusplus ) 28 | extern "C" { 29 | #endif 30 | 31 | #if defined( HAVE_GNU_DL_DLSYM ) && defined( __GNUC__ ) && !defined( LIBEVTX_DLL_IMPORT ) && !defined( __arm__ ) && !defined( __clang__ ) && !defined( __CYGWIN__ ) && !defined( __hppa__ ) && !defined( __loongarch__ ) && !defined( __mips__ ) && !defined( __riscv ) && !defined( __sparc__ ) && !defined( HAVE_ASAN ) 32 | #define HAVE_EVTX_TEST_MEMORY 1 33 | #endif 34 | 35 | #if defined( HAVE_EVTX_TEST_MEMORY ) 36 | 37 | extern int evtx_test_malloc_attempts_before_fail; 38 | 39 | extern int evtx_test_memcpy_attempts_before_fail; 40 | 41 | extern int evtx_test_memset_attempts_before_fail; 42 | 43 | extern int evtx_test_realloc_attempts_before_fail; 44 | 45 | #endif /* defined( HAVE_EVTX_TEST_MEMORY ) */ 46 | 47 | #if defined( __cplusplus ) 48 | } 49 | #endif 50 | 51 | #endif /* !defined( _EVTX_TEST_MEMORY_H ) */ 52 | 53 | -------------------------------------------------------------------------------- /tests/evtx_test_unused.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Definitions to silence compiler warnings about unused function attributes/parameters. 3 | * 4 | * Copyright (C) 2011-2024, Joachim Metz 5 | * 6 | * Refer to AUTHORS for acknowledgements. 7 | * 8 | * This program is free software: you can redistribute it and/or modify 9 | * it under the terms of the GNU Lesser General Public License as published by 10 | * the Free Software Foundation, either version 3 of the License, or 11 | * (at your option) any later version. 12 | * 13 | * This program is distributed in the hope that it will be useful, 14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | * GNU General Public License for more details. 17 | * 18 | * You should have received a copy of the GNU Lesser General Public License 19 | * along with this program. If not, see . 20 | */ 21 | 22 | #if !defined( _EVTX_TEST_UNUSED_H ) 23 | #define _EVTX_TEST_UNUSED_H 24 | 25 | #include 26 | 27 | #if !defined( EVTX_TEST_ATTRIBUTE_UNUSED ) 28 | 29 | #if defined( __GNUC__ ) && __GNUC__ >= 3 30 | #define EVTX_TEST_ATTRIBUTE_UNUSED __attribute__ ((__unused__)) 31 | 32 | #else 33 | #define EVTX_TEST_ATTRIBUTE_UNUSED 34 | 35 | #endif /* defined( __GNUC__ ) && __GNUC__ >= 3 */ 36 | 37 | #endif /* !defined( EVTX_TEST_ATTRIBUTE_UNUSED ) */ 38 | 39 | #if defined( _MSC_VER ) 40 | #define EVTX_TEST_UNREFERENCED_PARAMETER( parameter ) \ 41 | UNREFERENCED_PARAMETER( parameter ); 42 | 43 | #else 44 | #define EVTX_TEST_UNREFERENCED_PARAMETER( parameter ) \ 45 | /* parameter */ 46 | 47 | #endif /* defined( _MSC_VER ) */ 48 | 49 | #endif /* !defined( _EVTX_TEST_UNUSED_H ) */ 50 | 51 | -------------------------------------------------------------------------------- /tests/lsan.suppressions: -------------------------------------------------------------------------------- 1 | leak:/lib*/libpython* 2 | -------------------------------------------------------------------------------- /tests/pkgbuild.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script to build a MacOS pkg 3 | # 4 | # Version: 20201121 5 | 6 | set -e 7 | 8 | make install DESTDIR=${PWD}/osx-pkg 9 | mkdir -p ${PWD}/osx-pkg/usr/share/doc/libevtx 10 | cp AUTHORS COPYING COPYING.LESSER NEWS README ${PWD}/osx-pkg/usr/share/doc/libevtx 11 | 12 | VERSION=`sed '5!d; s/^ \[//;s/\],$//' configure.ac` 13 | pkgbuild --root osx-pkg --identifier com.github.libyal.libevtx --version ${VERSION} --ownership recommended ../libevtx-${VERSION}.pkg 14 | 15 | -------------------------------------------------------------------------------- /tests/runtests.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Script to run Python test scripts. 4 | # 5 | # Version: 20231024 6 | 7 | import glob 8 | import os 9 | import sys 10 | import unittest 11 | 12 | 13 | test_profile = ".pyevtx" 14 | input_glob = "*" 15 | option_sets = [] 16 | 17 | 18 | def ReadIgnoreList(test_profile): 19 | """Reads the test profile ignore file if it exists. 20 | 21 | Args: 22 | test_profile (str): test profile. 23 | 24 | Returns: 25 | set[str]: ignore list. 26 | """ 27 | ignore_file_path = os.path.join("tests", "input", test_profile, "ignore") 28 | if os.path.isfile(ignore_file_path): 29 | with open(ignore_file_path, "r", encoding="utf-8") as file_object: 30 | return set([line.strip() for line in file_object.readlines()]) 31 | 32 | return set() 33 | 34 | 35 | if __name__ == "__main__": 36 | print(f"Using Python version {sys.version!s}") 37 | 38 | test_loader = unittest.TestLoader() 39 | test_runner = unittest.TextTestRunner(verbosity=2) 40 | 41 | test_scripts = test_loader.discover("tests", pattern="*.py") 42 | 43 | ignore_list = ReadIgnoreList(test_profile) 44 | 45 | test_set = None 46 | source_file = None 47 | 48 | for test_set in glob.glob(os.path.join("tests", "input", "*")): 49 | test_set = test_set.rsplit(os.path.sep, maxsplit=1)[-1] 50 | if not test_set or test_set[0] == '.' or test_set in ignore_list: 51 | continue 52 | 53 | source_files = glob.glob(os.path.join( 54 | "tests", "input", test_set, input_glob)) 55 | if source_files: 56 | source_file = source_files[0] 57 | break 58 | 59 | setattr(unittest, "source", source_file) 60 | 61 | if source_file: 62 | for option_set in option_sets: 63 | test_file = os.path.basename(source_file) 64 | test_options_file_path = os.path.join( 65 | "tests", "input", test_profile, test_set, 66 | f"{test_file:s}.{option_set:s}") 67 | if os.path.isfile(test_options_file_path): 68 | with open(test_options_file_path, "r", encoding="utf-8") as file_object: 69 | lines = [line.strip() for line in file_object.readlines()] 70 | if lines[0] == "# libyal test data options": 71 | for line in lines[1:]: 72 | key, value = line.split("=", maxsplit=1) 73 | if key == 'offset': 74 | value = int(value) 75 | 76 | setattr(unittest, key, value) 77 | 78 | test_results = test_runner.run(test_scripts) 79 | if not test_results.wasSuccessful(): 80 | sys.exit(1) 81 | -------------------------------------------------------------------------------- /tests/runtests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script to run tests 3 | # 4 | # Version: 20201121 5 | 6 | if test -f ${PWD}/libevtx/.libs/libevtx.1.dylib && test -f ./pyevtx/.libs/pyevtx.so; 7 | then 8 | install_name_tool -change /usr/local/lib/libevtx.1.dylib ${PWD}/libevtx/.libs/libevtx.1.dylib ./pyevtx/.libs/pyevtx.so; 9 | fi 10 | 11 | make check CHECK_WITH_STDERR=1; 12 | RESULT=$?; 13 | 14 | if test ${RESULT} -ne 0 && test -f tests/test-suite.log; 15 | then 16 | cat tests/test-suite.log; 17 | fi 18 | exit ${RESULT}; 19 | 20 | -------------------------------------------------------------------------------- /tests/syncsharedlibs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Script that synchronizes the shared library dependencies 3 | # 4 | # Version: 20201121 5 | 6 | EXIT_SUCCESS=0; 7 | EXIT_FAILURE=1; 8 | 9 | GIT_URL_PREFIX="https://github.com/libyal"; 10 | SHARED_LIBS="libcerror libcthreads libcdata libclocale libcnotify libcsplit libuna libcfile libcpath libbfio libfcache libfdata libfdatetime libfguid libfwevt libfwnt libfvalue"; 11 | 12 | USE_HEAD=""; 13 | 14 | if test "$1" = "--use-head"; 15 | then 16 | USE_HEAD="--use-head"; 17 | fi 18 | 19 | OLDIFS=$IFS; 20 | IFS=" "; 21 | 22 | for SHARED_LIB in ${SHARED_LIBS}; 23 | do 24 | GIT_URL="${GIT_URL_PREFIX}/${SHARED_LIB}.git"; 25 | 26 | git clone --quiet ${GIT_URL} ${SHARED_LIB}-$$; 27 | 28 | if ! test -d ${SHARED_LIB}-$$; 29 | then 30 | echo "Unable to git clone: ${GIT_URL}"; 31 | 32 | IFS=$OLDIFS; 33 | 34 | exit ${EXIT_FAILURE}; 35 | fi 36 | (cd ${SHARED_LIB}-$$ && git fetch --quiet --all --tags --prune) 37 | 38 | LATEST_TAG=`cd ${SHARED_LIB}-$$ && git describe --tags --abbrev=0`; 39 | 40 | if test -n ${LATEST_TAG} && test -z ${USE_HEAD}; 41 | then 42 | echo "Synchronizing: ${SHARED_LIB} from ${GIT_URL} tag ${LATEST_TAG}"; 43 | 44 | (cd ${SHARED_LIB}-$$ && git checkout --quiet tags/${LATEST_TAG}); 45 | else 46 | echo "Synchronizing: ${SHARED_LIB} from ${GIT_URL} HEAD"; 47 | fi 48 | 49 | (cd ${SHARED_LIB}-$$ && ./synclibs.sh ${USE_HEAD} && ./autogen.sh); 50 | 51 | CONFIGURE_OPTIONS=""; 52 | 53 | (cd ${SHARED_LIB}-$$ && ./configure --help | grep -- '--enable-wide-character-type' > /dev/null); 54 | 55 | if test $? -eq 0; 56 | then 57 | CONFIGURE_OPTIONS="${CONFIGURE_OPTIONS} --enable-wide-character-type"; 58 | fi 59 | 60 | (cd ${SHARED_LIB}-$$ && ./configure --prefix=/usr ${CONFIGURE_OPTIONS} && make && sudo make install); 61 | 62 | rm -rf ${SHARED_LIB}-$$; 63 | done 64 | 65 | IFS=$OLDIFS; 66 | 67 | exit ${EXIT_SUCCESS}; 68 | 69 | -------------------------------------------------------------------------------- /tests/test_manpage.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Tests man pages. 3 | # 4 | # Version: 20240413 5 | 6 | EXIT_SUCCESS=0; 7 | EXIT_FAILURE=1; 8 | EXIT_IGNORE=77; 9 | 10 | run_test() 11 | { 12 | local INPUT_FILE=$1; 13 | local RESULT=0 14 | 15 | TEST_NAME=`basename ${INPUT_FILE}`; 16 | echo -n "Testing man with input: ${TEST_NAME}"; 17 | 18 | LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 man --warnings -E UTF-8 -l -Tutf8 -Z ${INPUT_FILE} > /dev/null 2> ${TMPDIR}/${TEST_NAME}.warnings; 19 | RESULT=$?; 20 | 21 | # For now line break warnings are ignored. 22 | if test -f ${TMPDIR}/${TEST_NAME}.warnings; 23 | then 24 | sed "/can't break line/ d" -i ${TMPDIR}/${TEST_NAME}.warnings; 25 | fi 26 | if test -s ${TMPDIR}/${TEST_NAME}.warnings; 27 | then 28 | RESULT=${EXIT_FAILURE}; 29 | fi 30 | if test ${RESULT} -ne ${EXIT_SUCCESS}; 31 | then 32 | echo " (FAIL)"; 33 | else 34 | echo " (PASS)"; 35 | fi 36 | if test -s ${TMPDIR}/${TEST_NAME}.warnings; 37 | then 38 | cat ${TMPDIR}/${TEST_NAME}.warnings; 39 | fi 40 | return ${RESULT}; 41 | } 42 | 43 | if test "${OSTYPE}" = "msys"; 44 | then 45 | exit ${EXIT_IGNORE}; 46 | fi 47 | 48 | TEST_DIRECTORY=`dirname $0`; 49 | 50 | TEST_RUNNER="${TEST_DIRECTORY}/test_runner.sh"; 51 | 52 | if ! test -f "${TEST_RUNNER}"; 53 | then 54 | echo "Missing test runner: ${TEST_RUNNER}"; 55 | 56 | exit ${EXIT_FAILURE}; 57 | fi 58 | 59 | source ${TEST_RUNNER}; 60 | 61 | assert_availability_binary man; 62 | 63 | RESULT=${EXIT_IGNORE}; 64 | 65 | TMPDIR="tmp$$"; 66 | 67 | rm -rf ${TMPDIR}; 68 | mkdir ${TMPDIR}; 69 | 70 | MANUALS_PATH="../manuals"; 71 | 72 | if ! test -d ${MANUALS_PATH}; 73 | then 74 | MANUALS_PATH="manuals"; 75 | fi 76 | 77 | if ! test -d ${MANUALS_PATH}; 78 | then 79 | echo "Manuals directory not found."; 80 | 81 | exit ${EXIT_IGNORE}; 82 | fi 83 | 84 | for INPUT_FILE in ${MANUALS_PATH}/*.[13]; 85 | do 86 | run_test "${INPUT_FILE}"; 87 | RESULT=$?; 88 | 89 | if test ${RESULT} -ne ${EXIT_SUCCESS}; 90 | then 91 | break; 92 | fi 93 | done 94 | 95 | rm -rf ${TMPDIR}; 96 | 97 | exit ${RESULT}; 98 | 99 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | [tox] 2 | envlist = auditwheel,py3{7,8,9,10,11,12} 3 | 4 | [testenv] 5 | usedevelop = True 6 | pip_pre = True 7 | passenv = 8 | CFLAGS 9 | CPPFLAGS 10 | INCLUDE 11 | LDFLAGS 12 | LIB 13 | deps = 14 | build 15 | setuptools >= 65 16 | wheel 17 | commands = 18 | python -m build --no-isolation --outdir=dist --wheel 19 | python -m pip install --no-index --find-links=dist libevtx-python 20 | python tests/runtests.py 21 | 22 | [testenv:auditwheel] 23 | usedevelop = True 24 | pip_pre = True 25 | deps = 26 | auditwheel 27 | setuptools >= 65 28 | commands = 29 | python -m auditwheel repair {posargs} 30 | --------------------------------------------------------------------------------