Library Functions Manual

NAME¶

libevtx.h — Library to access the Windows XML Event Log (EVTX) format

SYNOPSIS¶

#include <libevtx.h>

Support functions
const char *
libevtx_get_version(void);

int
libevtx_get_access_flags_read(void);

int
libevtx_get_codepage(int *codepage, libevtx_error_t **error);

int
libevtx_set_codepage(int codepage, libevtx_error_t **error);

int
libevtx_check_file_signature(const char *filename, libevtx_error_t **error);

Available when compiled with wide character string support:
int
libevtx_check_file_signature_wide(const wchar_t *filename, libevtx_error_t **error);

Available when compiled with libbfio support:
int
libevtx_check_file_signature_file_io_handle(libbfio_handle_t *bfio_handle, libevtx_error_t **error);

Notify functions
void
libevtx_notify_set_verbose(int verbose);

int
libevtx_notify_set_stream(FILE *stream, libevtx_error_t **error);

int
libevtx_notify_stream_open(const char *filename, libevtx_error_t **error);

int
libevtx_notify_stream_close(libevtx_error_t **error);

Error functions
void
libevtx_error_free(libevtx_error_t **error);

int
libevtx_error_fprint(libevtx_error_t *error, FILE *stream);

int
libevtx_error_sprint(libevtx_error_t *error, char *string, size_t size);

int
libevtx_error_backtrace_fprint(libevtx_error_t *error, FILE *stream);

int
libevtx_error_backtrace_sprint(libevtx_error_t *error, char *string, size_t size);

File functions
int
libevtx_file_initialize(libevtx_file_t **file, libevtx_error_t **error);

int
libevtx_file_free(libevtx_file_t **file, libevtx_error_t **error);

int
libevtx_file_signal_abort(libevtx_file_t *file, libevtx_error_t **error);

int
libevtx_file_open(libevtx_file_t *file, const char *filename, int access_flags, libevtx_error_t **error);

int
libevtx_file_close(libevtx_file_t *file, libevtx_error_t **error);

int
libevtx_file_is_corrupted(libevtx_file_t *file, libevtx_error_t **error);

int
libevtx_file_get_ascii_codepage(libevtx_file_t *file, int *ascii_codepage, libevtx_error_t **error);

int
libevtx_file_set_ascii_codepage(libevtx_file_t *file, int ascii_codepage, libevtx_error_t **error);

int
libevtx_file_get_format_version(libevtx_file_t *file, uint16_t *major_version, uint16_t *minor_version, libevtx_error_t **error);

int
libevtx_file_get_flags(libevtx_file_t *file, uint32_t *flags, libevtx_error_t **error);

int
libevtx_file_get_number_of_records(libevtx_file_t *file, int *number_of_records, libevtx_error_t **error);

int
libevtx_file_get_record_by_index(libevtx_file_t *file, int record_index, libevtx_record_t **record, libevtx_error_t **error);

int
libevtx_file_get_number_of_recovered_records(libevtx_file_t *file, int *number_of_records, libevtx_error_t **error);

int
libevtx_file_get_recovered_record_by_index(libevtx_file_t *file, int record_index, libevtx_record_t **record, libevtx_error_t **error);

Available when compiled with wide character string support:
int
libevtx_file_open_wide(libevtx_file_t *file, const wchar_t *filename, int access_flags, libevtx_error_t **error);

Available when compiled with libbfio support:
int
libevtx_file_open_file_io_handle(libevtx_file_t *file, libbfio_handle_t *file_io_handle, int access_flags, libevtx_error_t **error);

Record functions
int
libevtx_record_free(libevtx_record_t **record, libevtx_error_t **error);

int
libevtx_record_get_offset(libevtx_record_t *record, off64_t *offset, libevtx_error_t **error);

int
libevtx_record_get_identifier(libevtx_record_t *record, uint64_t *identifier, libevtx_error_t **error);

int
libevtx_record_get_creation_time(libevtx_record_t *record, uint64_t *filetime, libevtx_error_t **error);

int
libevtx_record_get_written_time(libevtx_record_t *record, uint64_t *filetime, libevtx_error_t **error);

int
libevtx_record_get_event_identifier(libevtx_record_t *record, uint32_t *event_identifier, libevtx_error_t **error);

int
libevtx_record_get_event_identifier_qualifiers(libevtx_record_t *record, uint32_t *event_identifier_qualifiers, libevtx_error_t **error);

int
libevtx_record_get_event_version(libevtx_record_t *record, uint8_t *event_version, libevtx_error_t **error);

int
libevtx_record_get_event_level(libevtx_record_t *record, uint8_t *event_level, libevtx_error_t **error);

int
libevtx_record_get_utf8_provider_identifier_size(libevtx_record_t *record, size_t *utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_provider_identifier(libevtx_record_t *record, uint8_t *utf8_string, size_t utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_provider_identifier_size(libevtx_record_t *record, size_t *utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_provider_identifier(libevtx_record_t *record, uint16_t *utf16_string, size_t utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_source_name_size(libevtx_record_t *record, size_t *utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_source_name(libevtx_record_t *record, uint8_t *utf8_string, size_t utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_source_name_size(libevtx_record_t *record, size_t *utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_source_name(libevtx_record_t *record, uint16_t *utf16_string, size_t utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_channel_name_size(libevtx_record_t *record, size_t *utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_channel_name(libevtx_record_t *record, uint8_t *utf8_string, size_t utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_channel_name_size(libevtx_record_t *record, size_t *utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_channel_name(libevtx_record_t *record, uint16_t *utf16_string, size_t utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_computer_name_size(libevtx_record_t *record, size_t *utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_computer_name(libevtx_record_t *record, uint8_t *utf8_string, size_t utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_computer_name_size(libevtx_record_t *record, size_t *utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_computer_name(libevtx_record_t *record, uint16_t *utf16_string, size_t utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_user_security_identifier_size(libevtx_record_t *record, size_t *utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_user_security_identifier(libevtx_record_t *record, uint8_t *utf8_string, size_t utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_user_security_identifier_size(libevtx_record_t *record, size_t *utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_user_security_identifier(libevtx_record_t *record, uint16_t *utf16_string, size_t utf16_string_size, libevtx_error_t **error);

int
libevtx_record_parse_data_with_template_definition(libevtx_record_t *record, libevtx_template_definition_t *template_definition, libevtx_error_t **error);

int
libevtx_record_get_number_of_strings(libevtx_record_t *record, int *number_of_strings, libevtx_error_t **error);

int
libevtx_record_get_utf8_string_size(libevtx_record_t *record, int string_index, size_t *utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_string(libevtx_record_t *record, int string_index, uint8_t *utf8_string, size_t utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_string_size(libevtx_record_t *record, int string_index, size_t *utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_string(libevtx_record_t *record, int string_index, uint16_t *utf16_string, size_t utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_data_size(libevtx_record_t *record, size_t *data_size, libevtx_error_t **error);

int
libevtx_record_get_data(libevtx_record_t *record, uint8_t *data, size_t data_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_xml_string_size(libevtx_record_t *record, size_t *utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf8_xml_string(libevtx_record_t *record, uint8_t *utf8_string, size_t utf8_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_xml_string_size(libevtx_record_t *record, size_t *utf16_string_size, libevtx_error_t **error);

int
libevtx_record_get_utf16_xml_string(libevtx_record_t *record, uint16_t *utf16_string, size_t utf16_string_size, libevtx_error_t **error);

Template definition functions
int
libevtx_template_definition_initialize(libevtx_template_definition_t **template_definition, libevtx_error_t **error);

int
libevtx_template_definition_free(libevtx_template_definition_t **template_definition, libevtx_error_t **error);

int
libevtx_template_definition_set_data(libevtx_template_definition_t *template_definition, const uint8_t *data, size_t data_size, uint32_t data_offset, libevtx_error_t **error);

DESCRIPTION¶

The libevtx_get_version() function is used to retrieve the library version.

RETURN VALUES¶

Most of the functions return NULL or -1 on error, dependent on the return type. For the actual return values see "libevtx.h".

ENVIRONMENT¶

None

FILES¶

None

NOTES¶

libevtx can be compiled with wide character support (wchar_t).

To compile libevtx with wide character support use: ./configure --enable-wide-character-type=yes
or define: _UNICODE
or UNICODE
during compilation.

LIBEVTX_WIDE_CHARACTER_TYPE
in libevtx/features.h can be used to determine if libevtx was compiled with wide character support.

BUGS¶

Please report bugs of any kind on the project issue tracker: https://github.com/libyal/libevtx/issues

AUTHOR¶

These man pages are generated from "libevtx.h".

COPYRIGHT¶

This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Source file:	libevtx.3.en.gz (from libevtx-devel 20240504-1.1)
Source last updated:	2024-05-04T08:14:10Z
Converted to HTML:	2024-11-21T01:45:34Z