Man page - libevtx(3)

Packages contains this manual

Package:  libevtx-dev
apt-get install libevtx-dev

Manuals in package:
• libevtx(3)
Documentations in package:
• libevtx-dev

Manual

---

libevtx (3) Library Functions Manual libevtx (3)

NAME

libevtx.h — Library to access the Windows XML Event Log (EVTX) format

SYNOPSIS

#include <libevtx.h>

Support functions

const char *

libevtx_get_version ( void );

int

libevtx_get_access_flags_read ( void );

int

libevtx_get_codepage ( int *codepage , libevtx_error_t **error );

int

libevtx_set_codepage ( int codepage , libevtx_error_t **error );

int

libevtx_check_file_signature ( const char *filename , libevtx_error_t **error );

Available when compiled with wide character string support:

int

libevtx_check_file_signature_wide ( const wchar_t *filename , libevtx_error_t **error );

Available when compiled with libbfio support:

int

libevtx_check_file_signature_file_io_handle ( libbfio_handle_t *bfio_handle , libevtx_error_t **error );

Notify functions

void

libevtx_notify_set_verbose ( int verbose );

int

libevtx_notify_set_stream ( FILE *stream , libevtx_error_t **error );

int

libevtx_notify_stream_open ( const char *filename , libevtx_error_t **error );

int

libevtx_notify_stream_close ( libevtx_error_t **error );

Error functions

void

libevtx_error_free ( libevtx_error_t **error );

int

libevtx_error_fprint ( libevtx_error_t *error , FILE *stream );

int

libevtx_error_sprint ( libevtx_error_t *error , char *string , size_t size );

int

libevtx_error_backtrace_fprint ( libevtx_error_t *error , FILE *stream );

int

libevtx_error_backtrace_sprint ( libevtx_error_t *error , char *string , size_t size );

File functions

int

libevtx_file_initialize ( libevtx_file_t **file , libevtx_error_t **error );

int

libevtx_file_free ( libevtx_file_t **file , libevtx_error_t **error );

int

libevtx_file_signal_abort ( libevtx_file_t *file , libevtx_error_t **error );

int

libevtx_file_open ( libevtx_file_t *file , const char *filename , int access_flags , libevtx_error_t **error );

int

libevtx_file_close ( libevtx_file_t *file , libevtx_error_t **error );

int

libevtx_file_is_corrupted ( libevtx_file_t *file , libevtx_error_t **error );

int

libevtx_file_get_ascii_codepage ( libevtx_file_t *file , int *ascii_codepage , libevtx_error_t **error );

int

libevtx_file_set_ascii_codepage ( libevtx_file_t *file , int ascii_codepage , libevtx_error_t **error );

int

libevtx_file_get_format_version ( libevtx_file_t *file , uint16_t *major_version , uint16_t *minor_version , libevtx_error_t **error );

int

libevtx_file_get_flags ( libevtx_file_t *file , uint32_t *flags , libevtx_error_t **error );

int

libevtx_file_get_number_of_records ( libevtx_file_t *file , int *number_of_records , libevtx_error_t **error );

int

libevtx_file_get_record_by_index ( libevtx_file_t *file , int record_index , libevtx_record_t **record , libevtx_error_t **error );

int

libevtx_file_get_number_of_recovered_records ( libevtx_file_t *file , int *number_of_records , libevtx_error_t **error );

int

libevtx_file_get_recovered_record_by_index ( libevtx_file_t *file , int record_index , libevtx_record_t **record , libevtx_error_t **error );

Available when compiled with wide character string support:

int

libevtx_file_open_wide ( libevtx_file_t *file , const wchar_t *filename , int access_flags , libevtx_error_t **error );

Available when compiled with libbfio support:

int

libevtx_file_open_file_io_handle ( libevtx_file_t *file , libbfio_handle_t *file_io_handle , int access_flags , libevtx_error_t **error );

Record functions

int

libevtx_record_free ( libevtx_record_t **record , libevtx_error_t **error );

int

libevtx_record_get_offset ( libevtx_record_t *record , off64_t *offset , libevtx_error_t **error );

int

libevtx_record_get_identifier ( libevtx_record_t *record , uint64_t *identifier , libevtx_error_t **error );

int

libevtx_record_get_creation_time ( libevtx_record_t *record , uint64_t *filetime , libevtx_error_t **error );

int

libevtx_record_get_written_time ( libevtx_record_t *record , uint64_t *filetime , libevtx_error_t **error );

int

libevtx_record_get_event_identifier ( libevtx_record_t *record , uint32_t *event_identifier , libevtx_error_t **error );

int

libevtx_record_get_event_identifier_qualifiers ( libevtx_record_t *record , uint32_t *event_identifier_qualifiers , libevtx_error_t **error );

int

libevtx_record_get_event_version ( libevtx_record_t *record , uint8_t *event_version , libevtx_error_t **error );

int

libevtx_record_get_event_level ( libevtx_record_t *record , uint8_t *event_level , libevtx_error_t **error );

int

libevtx_record_get_utf8_provider_identifier_size ( libevtx_record_t *record , size_t *utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_provider_identifier ( libevtx_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_provider_identifier_size ( libevtx_record_t *record , size_t *utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_provider_identifier ( libevtx_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_source_name_size ( libevtx_record_t *record , size_t *utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_source_name ( libevtx_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_source_name_size ( libevtx_record_t *record , size_t *utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_source_name ( libevtx_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_channel_name_size ( libevtx_record_t *record , size_t *utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_channel_name ( libevtx_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_channel_name_size ( libevtx_record_t *record , size_t *utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_channel_name ( libevtx_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_computer_name_size ( libevtx_record_t *record , size_t *utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_computer_name ( libevtx_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_computer_name_size ( libevtx_record_t *record , size_t *utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_computer_name ( libevtx_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_user_security_identifier_size ( libevtx_record_t *record , size_t *utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_user_security_identifier ( libevtx_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_user_security_identifier_size ( libevtx_record_t *record , size_t *utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_user_security_identifier ( libevtx_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevtx_error_t **error );

int

libevtx_record_parse_data_with_template_definition ( libevtx_record_t *record , libevtx_template_definition_t *template_definition , libevtx_error_t **error );

int

libevtx_record_get_number_of_strings ( libevtx_record_t *record , int *number_of_strings , libevtx_error_t **error );

int

libevtx_record_get_utf8_string_size ( libevtx_record_t *record , int string_index , size_t *utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_string ( libevtx_record_t *record , int string_index , uint8_t *utf8_string , size_t utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_string_size ( libevtx_record_t *record , int string_index , size_t *utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_string ( libevtx_record_t *record , int string_index , uint16_t *utf16_string , size_t utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_data_size ( libevtx_record_t *record , size_t *data_size , libevtx_error_t **error );

int

libevtx_record_get_data ( libevtx_record_t *record , uint8_t *data , size_t data_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_xml_string_size ( libevtx_record_t *record , size_t *utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf8_xml_string ( libevtx_record_t *record , uint8_t *utf8_string , size_t utf8_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_xml_string_size ( libevtx_record_t *record , size_t *utf16_string_size , libevtx_error_t **error );

int

libevtx_record_get_utf16_xml_string ( libevtx_record_t *record , uint16_t *utf16_string , size_t utf16_string_size , libevtx_error_t **error );

Template definition functions

int

libevtx_template_definition_initialize ( libevtx_template_definition_t **template_definition , libevtx_error_t **error );

int

libevtx_template_definition_free ( libevtx_template_definition_t **template_definition , libevtx_error_t **error );

int

libevtx_template_definition_set_data ( libevtx_template_definition_t *template_definition , const uint8_t *data , size_t data_size , uint32_t data_offset , libevtx_error_t **error );

DESCRIPTION

The libevtx_get_version () function is used to retrieve the library version.

RETURN VALUES

Most of the functions return NULL or -1 on error, dependent on the return type. For the actual return values see "libevtx.h".

ENVIRONMENT

None

FILES

None

NOTES

libevtx can be compiled with wide character support (wchar_t).

To compile libevtx with wide character support use: ./configure --enable-wide-character-type=yes
or define: _UNICODE
or UNICODE
during compilation.

LIBEVTX_WIDE_CHARACTER_TYPE
in libevtx/features.h can be used to determine if libevtx was compiled with wide character support.

BUGS

Please report bugs of any kind on the project issue tracker: https://github.com/libyal/libevtx/issues

AUTHOR

These man pages are generated from "libevtx.h".

COPYRIGHT

Copyright (C) 2011-2024, Joachim Metz <joachim.metz@gmail.com>.

This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

SEE ALSO

the libevtx.h include file libevtx May 4, 2024 libevtx (3)

---