Library Functions Manual

NAME¶

libfwevt.h — Library to support the Windows XML Event Log (EVTX) data types

SYNOPSIS¶

#include <libfwevt.h>

Support functions
const char *
libfwevt_get_version(void);

Notify functions
void
libfwevt_notify_set_verbose(int verbose);

int
libfwevt_notify_set_stream(FILE *stream, libfwevt_error_t **error);

int
libfwevt_notify_stream_open(const char *filename, libfwevt_error_t **error);

int
libfwevt_notify_stream_close(libfwevt_error_t **error);

Error functions
void
libfwevt_error_free(libfwevt_error_t **error);

int
libfwevt_error_fprint(libfwevt_error_t *error, FILE *stream);

int
libfwevt_error_sprint(libfwevt_error_t *error, char *string, size_t size);

int
libfwevt_error_backtrace_fprint(libfwevt_error_t *error, FILE *stream);

int
libfwevt_error_backtrace_sprint(libfwevt_error_t *error, char *string, size_t size);

Channel functions
int
libfwevt_channel_free(libfwevt_channel_t **channel, libfwevt_error_t **error);

int
libfwevt_channel_get_identifier(libfwevt_channel_t *channel, uint32_t *identifier, libfwevt_error_t **error);

int
libfwevt_channel_get_utf8_name_size(libfwevt_channel_t *channel, size_t *utf8_string_size, libfwevt_error_t **error);

int
libfwevt_channel_get_utf8_name(libfwevt_channel_t *channel, uint8_t *utf8_string, size_t utf8_string_size, libfwevt_error_t **error);

int
libfwevt_channel_get_utf16_name_size(libfwevt_channel_t *channel, size_t *utf16_string_size, libfwevt_error_t **error);

int
libfwevt_channel_get_utf16_name(libfwevt_channel_t *channel, uint16_t *utf16_string, size_t utf16_string_size, libfwevt_error_t **error);

Event functions
int
libfwevt_event_free(libfwevt_event_t **event, libfwevt_error_t **error);

int
libfwevt_event_get_identifier(libfwevt_event_t *event, uint32_t *identifier, libfwevt_error_t **error);

int
libfwevt_event_get_version(libfwevt_event_t *event, uint8_t *version, libfwevt_error_t **error);

int
libfwevt_event_get_message_identifier(libfwevt_event_t *event, uint32_t *message_identifier, libfwevt_error_t **error);

int
libfwevt_event_get_template_offset(libfwevt_event_t *event, uint32_t *template_offset, libfwevt_error_t **error);

Keyword functions
int
libfwevt_keyword_free(libfwevt_keyword_t **keyword, libfwevt_error_t **error);

Level functions
int
libfwevt_level_free(libfwevt_level_t **level, libfwevt_error_t **error);

Manifest functions
int
libfwevt_manifest_initialize(libfwevt_manifest_t **manifest, libfwevt_error_t **error);

int
libfwevt_manifest_free(libfwevt_manifest_t **manifest, libfwevt_error_t **error);

int
libfwevt_manifest_read(libfwevt_manifest_t *manifest, const uint8_t *data, size_t data_size, libfwevt_error_t **error);

int
libfwevt_manifest_get_number_of_providers(libfwevt_manifest_t *manifest, int *number_of_providers, libfwevt_error_t **error);

int
libfwevt_manifest_get_provider_by_index(libfwevt_manifest_t *manifest, int provider_index, libfwevt_provider_t **provider, libfwevt_error_t **error);

int
libfwevt_manifest_get_provider_by_identifier(libfwevt_manifest_t *manifest, const uint8_t *provider_identifier, size_t provider_identifier_size, libfwevt_provider_t **provider, libfwevt_error_t **error);

Map functions
int
libfwevt_map_free(libfwevt_map_t **map, libfwevt_error_t **error);

Opcode functions
int
libfwevt_opcode_free(libfwevt_opcode_t **opcode, libfwevt_error_t **error);

Provider functions
int
libfwevt_provider_free(libfwevt_provider_t **provider, libfwevt_error_t **error);

int
libfwevt_provider_get_identifier(libfwevt_provider_t *provider, uint8_t *guid_data, size_t guid_data_size, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_channels(libfwevt_provider_t *provider, int *number_of_channels, libfwevt_error_t **error);

int
libfwevt_provider_get_channel_by_index(libfwevt_provider_t *provider, int channel_index, libfwevt_channel_t **channel, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_events(libfwevt_provider_t *provider, int *number_of_events, libfwevt_error_t **error);

int
libfwevt_provider_get_event_by_index(libfwevt_provider_t *provider, int event_index, libfwevt_event_t **event, libfwevt_error_t **error);

int
libfwevt_provider_get_event_by_identifier(libfwevt_provider_t *provider, uint32_t event_identifier, libfwevt_event_t **event, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_keywords(libfwevt_provider_t *provider, int *number_of_keywords, libfwevt_error_t **error);

int
libfwevt_provider_get_keyword_by_index(libfwevt_provider_t *provider, int keyword_index, libfwevt_keyword_t **keyword, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_levels(libfwevt_provider_t *provider, int *number_of_levels, libfwevt_error_t **error);

int
libfwevt_provider_get_level_by_index(libfwevt_provider_t *provider, int level_index, libfwevt_level_t **level, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_maps(libfwevt_provider_t *provider, int *number_of_maps, libfwevt_error_t **error);

int
libfwevt_provider_get_map_by_index(libfwevt_provider_t *provider, int map_index, libfwevt_map_t **map, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_opcodes(libfwevt_provider_t *provider, int *number_of_opcodes, libfwevt_error_t **error);

int
libfwevt_provider_get_opcode_by_index(libfwevt_provider_t *provider, int opcode_index, libfwevt_opcode_t **opcode, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_tasks(libfwevt_provider_t *provider, int *number_of_tasks, libfwevt_error_t **error);

int
libfwevt_provider_get_task_by_index(libfwevt_provider_t *provider, int task_index, libfwevt_task_t **task, libfwevt_error_t **error);

int
libfwevt_provider_get_number_of_templates(libfwevt_provider_t *provider, int *number_of_templates, libfwevt_error_t **error);

int
libfwevt_provider_get_template_by_index(libfwevt_provider_t *provider, int template_index, libfwevt_template_t **wevt_template, libfwevt_error_t **error);

int
libfwevt_provider_get_template_by_offset(libfwevt_provider_t *provider, uint32_t offset, libfwevt_template_t **wevt_template, libfwevt_error_t **error);

Task functions
int
libfwevt_task_free(libfwevt_task_t **task, libfwevt_error_t **error);

Template functions
int
libfwevt_template_initialize(libfwevt_template_t **wevt_template, libfwevt_error_t **error);

int
libfwevt_template_free(libfwevt_template_t **wevt_template, libfwevt_error_t **error);

int
libfwevt_template_read(libfwevt_template_t *wevt_template, const uint8_t *data, size_t data_size, size_t data_offset, libfwevt_error_t **error);

int
libfwevt_template_read_xml_document(libfwevt_template_t *wevt_template, libfwevt_xml_document_t *xml_document, libfwevt_error_t **error);

int
libfwevt_template_set_ascii_codepage(libfwevt_template_t *wevt_template, int ascii_codepage, libfwevt_error_t **error);

int
libfwevt_template_set_data(libfwevt_template_t *wevt_template, const uint8_t *data, size_t data_size, libfwevt_error_t **error);

int
libfwevt_template_get_offset(libfwevt_template_t *wevt_template, uint32_t *offset, libfwevt_error_t **error);

int
libfwevt_template_set_offset(libfwevt_template_t *wevt_template, uint32_t offset, libfwevt_error_t **error);

int
libfwevt_template_get_size(libfwevt_template_t *wevt_template, uint32_t *size, libfwevt_error_t **error);

int
libfwevt_template_get_identifier(libfwevt_template_t *wevt_template, uint8_t *guid_data, size_t guid_data_size, libfwevt_error_t **error);

int
libfwevt_template_get_number_of_items(libfwevt_template_t *wevt_template, int *number_of_items, libfwevt_error_t **error);

int
libfwevt_template_get_item_by_index(libfwevt_template_t *wevt_template, int item_index, libfwevt_template_item_t **item, libfwevt_error_t **error);

Template item functions
int
libfwevt_template_item_free(libfwevt_template_item_t **template_item, libfwevt_error_t **error);

int
libfwevt_template_item_get_input_data_type(libfwevt_template_item_t *template_item, uint8_t *input_data_type, libfwevt_error_t **error);

int
libfwevt_template_item_get_output_data_type(libfwevt_template_item_t *template_item, uint8_t *output_data_type, libfwevt_error_t **error);

int
libfwevt_template_item_get_number_of_values(libfwevt_template_item_t *template_item, uint16_t *number_of_values, libfwevt_error_t **error);

int
libfwevt_template_item_get_value_data_size(libfwevt_template_item_t *template_item, uint16_t *value_data_size, libfwevt_error_t **error);

int
libfwevt_template_item_get_utf8_name_size(libfwevt_template_item_t *template_item, size_t *utf8_string_size, libfwevt_error_t **error);

int
libfwevt_template_item_get_utf8_name(libfwevt_template_item_t *template_item, uint8_t *utf8_string, size_t utf8_string_size, libfwevt_error_t **error);

int
libfwevt_template_item_get_utf16_name_size(libfwevt_template_item_t *template_item, size_t *utf16_string_size, libfwevt_error_t **error);

int
libfwevt_template_item_get_utf16_name(libfwevt_template_item_t *template_item, uint16_t *utf16_string, size_t utf16_string_size, libfwevt_error_t **error);

XML document functions
int
libfwevt_xml_document_initialize(libfwevt_xml_document_t **xml_document, libfwevt_error_t **error);

int
libfwevt_xml_document_free(libfwevt_xml_document_t **xml_document, libfwevt_error_t **error);

int
libfwevt_xml_document_get_root_xml_tag(libfwevt_xml_document_t *xml_document, libfwevt_xml_tag_t **root_xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_document_read(libfwevt_xml_document_t *xml_document, const uint8_t *binary_data, size_t binary_data_size, size_t binary_data_offset, int ascii_codepage, uint8_t flags, libfwevt_error_t **error);

int
libfwevt_xml_document_get_utf8_xml_string_size(libfwevt_xml_document_t *xml_document, size_t *utf8_string_size, libfwevt_error_t **error);

int
libfwevt_xml_document_get_utf8_xml_string(libfwevt_xml_document_t *xml_document, uint8_t *utf8_string, size_t utf8_string_size, libfwevt_error_t **error);

int
libfwevt_xml_document_get_utf16_xml_string_size(libfwevt_xml_document_t *xml_document, size_t *utf16_string_size, libfwevt_error_t **error);

int
libfwevt_xml_document_get_utf16_xml_string(libfwevt_xml_document_t *xml_document, uint16_t *utf16_string, size_t utf16_string_size, libfwevt_error_t **error);

XML tag functions
int
libfwevt_xml_tag_free(libfwevt_xml_tag_t **xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_utf8_name_size(libfwevt_xml_tag_t *xml_tag, size_t *utf8_string_size, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_utf8_name(libfwevt_xml_tag_t *xml_tag, uint8_t *utf8_string, size_t utf8_string_size, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_utf16_name_size(libfwevt_xml_tag_t *xml_tag, size_t *utf16_string_size, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_utf16_name(libfwevt_xml_tag_t *xml_tag, uint16_t *utf16_string, size_t utf16_string_size, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_value(libfwevt_xml_tag_t *xml_tag, libfwevt_xml_value_t **xml_value, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_number_of_attributes(libfwevt_xml_tag_t *xml_tag, int *number_of_attributes, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_attribute_by_index(libfwevt_xml_tag_t *xml_tag, int attribute_index, libfwevt_xml_tag_t **attribute_xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_attribute_by_utf8_name(libfwevt_xml_tag_t *xml_tag, const uint8_t *utf8_string, size_t utf8_string_length, libfwevt_xml_tag_t **attribute_xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_attribute_by_utf16_name(libfwevt_xml_tag_t *xml_tag, const uint16_t *utf16_string, size_t utf16_string_length, libfwevt_xml_tag_t **attribute_xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_number_of_elements(libfwevt_xml_tag_t *xml_tag, int *number_of_elements, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_element_by_index(libfwevt_xml_tag_t *xml_tag, int element_index, libfwevt_xml_tag_t **element_xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_element_by_utf8_name(libfwevt_xml_tag_t *xml_tag, const uint8_t *utf8_string, size_t utf8_string_length, libfwevt_xml_tag_t **element_xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_element_by_utf16_name(libfwevt_xml_tag_t *xml_tag, const uint16_t *utf16_string, size_t utf16_string_length, libfwevt_xml_tag_t **element_xml_tag, libfwevt_error_t **error);

int
libfwevt_xml_tag_get_flags(libfwevt_xml_tag_t *xml_tag, uint8_t *flags, libfwevt_error_t **error);

XML value functions
int
libfwevt_xml_value_free(libfwevt_xml_value_t **xml_value, libfwevt_error_t **error);

int
libfwevt_xml_value_get_data_size(libfwevt_xml_value_t *xml_value, size_t *data_size, libfwevt_error_t **error);

int
libfwevt_xml_value_copy_data(libfwevt_xml_value_t *xml_value, uint8_t *data, size_t data_size, libfwevt_error_t **error);

int
libfwevt_value_get_data_as_8bit_integer(libfwevt_xml_value_t *xml_value, uint8_t *value_8bit, libfwevt_error_t **error);

int
libfwevt_value_get_data_as_32bit_integer(libfwevt_xml_value_t *xml_value, uint32_t *value_32bit, libfwevt_error_t **error);

int
libfwevt_value_get_data_as_64bit_integer(libfwevt_xml_value_t *xml_value, uint64_t *value_64bit, libfwevt_error_t **error);

int
libfwevt_value_get_data_as_filetime(libfwevt_xml_value_t *xml_value, uint64_t *filetime, libfwevt_error_t **error);

int
libfwevt_xml_value_get_data_as_utf8_string_size(libfwevt_xml_value_t *xml_value, size_t *utf8_string_size, libfwevt_error_t **error);

int
libfwevt_xml_value_get_data_as_utf8_string(libfwevt_xml_value_t *xml_value, uint8_t *utf8_string, size_t utf8_string_size, libfwevt_error_t **error);

int
libfwevt_xml_value_get_data_as_utf16_string_size(libfwevt_xml_value_t *xml_value, size_t *utf16_string_size, libfwevt_error_t **error);

int
libfwevt_xml_value_get_data_as_utf16_string(libfwevt_xml_value_t *xml_value, uint16_t *utf16_string, size_t utf16_string_size, libfwevt_error_t **error);

DESCRIPTION¶

The libfwevt_get_version() function is used to retrieve the library version.

RETURN VALUES¶

Most of the functions return NULL or -1 on error, dependent on the return type. For the actual return values see "libfwevt.h".

ENVIRONMENT¶

None

FILES¶

None

BUGS¶

Please report bugs of any kind on the project issue tracker: https://github.com/libyal/libfwevt/issues

AUTHOR¶

These man pages are generated from "libfwevt.h".

COPYRIGHT¶

This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Source file:	libfwevt.3.en.gz (from libfwevt-devel 20240504-1.1)
Source last updated:	2024-05-04T07:57:19Z
Converted to HTML:	2024-11-21T01:45:31Z