Provided by: libevtx-dev_20181227-2.1build1_amd64 
NAME
libevtx.h — Library to access the Windows XML Event Log (EVTX) format
LIBRARY
library “libevtx”
SYNOPSIS
#include <libevtx.h>
Support functions
const char *
libevtx_get_version(void);
int
libevtx_get_access_flags_read(void);
int
libevtx_get_codepage(int *codepage, libevtx_error_t **error);
int
libevtx_set_codepage(int codepage, libevtx_error_t **error);
int
libevtx_check_file_signature(const char *filename, libevtx_error_t **error);
Available when compiled with wide character string support:
int
libevtx_check_file_signature_wide(const wchar_t *filename, libevtx_error_t **error);
Available when compiled with libbfio support:
int
libevtx_check_file_signature_file_io_handle(libbfio_handle_t *bfio_handle, libevtx_error_t **error);
Notify functions
void
libevtx_notify_set_verbose(int verbose);
int
libevtx_notify_set_stream(FILE *stream, libevtx_error_t **error);
int
libevtx_notify_stream_open(const char *filename, libevtx_error_t **error);
int
libevtx_notify_stream_close(libevtx_error_t **error);
Error functions
void
libevtx_error_free(libevtx_error_t **error);
int
libevtx_error_fprint(libevtx_error_t *error, FILE *stream);
int
libevtx_error_sprint(libevtx_error_t *error, char *string, size_t size);
int
libevtx_error_backtrace_fprint(libevtx_error_t *error, FILE *stream);
int
libevtx_error_backtrace_sprint(libevtx_error_t *error, char *string, size_t size);
File functions
int
libevtx_file_initialize(libevtx_file_t **file, libevtx_error_t **error);
int
libevtx_file_free(libevtx_file_t **file, libevtx_error_t **error);
int
libevtx_file_signal_abort(libevtx_file_t *file, libevtx_error_t **error);
int
libevtx_file_open(libevtx_file_t *file, const char *filename, int access_flags, libevtx_error_t **error);
int
libevtx_file_close(libevtx_file_t *file, libevtx_error_t **error);
int
libevtx_file_is_corrupted(libevtx_file_t *file, libevtx_error_t **error);
int
libevtx_file_get_ascii_codepage(libevtx_file_t *file, int *ascii_codepage, libevtx_error_t **error);
int
libevtx_file_set_ascii_codepage(libevtx_file_t *file, int ascii_codepage, libevtx_error_t **error);
int
libevtx_file_get_format_version(libevtx_file*_tiluei,nt16*_tajor_versionu,int16_tminor_versionl,ibevtx_error_t*error);
int
libevtx_file_get_flags(libevtx_file_t *file, uint32_t *flags, libevtx_error_t **error);
int
libevtx_file_get_number_of_records(libevtx_file_t *file, int *number_of_records, libevtx_error_t**error);
int
libevtx_file_get_record_by_index(libevtx_file_tfilei,nrtecord_indexl,ibevtx_record_t*recordl,ibevtx_error_t**error);
int
libevtx_file_get_number_of_recovered_records(libevtx_file_t*file,int*number_of_records,libevtx_error_t*error);
int
libevtx_file_get_recovered_record_by_index(libevtx_fil*ef_irtlneetc,ord_indelxi,bevtx_record*_trecorldi,bevtx_error*_terror);
Available when compiled with wide character string support:
int
libevtx_file_open_wide(libevtx_file_t*file,constwchar_t*filename,intaccess_flags,libevtx_error_t**error);
Available when compiled with libbfio support:
int
libevtx_file_open_file_io_handle(libevtx_file*_tillei,bbfio_handle*_tile_io_handliaenc,tcess_flaglsi,bevtx_error_t*error);
Record functions
int
libevtx_record_free(libevtx_record_t **record, libevtx_error_t **error);
int
libevtx_record_get_offset(libevtx_record_t *record, off64_t *offset, libevtx_error_t **error);
int
libevtx_record_get_identifier(libevtx_record_t *record, uint64_t *identifier, libevtx_error_t **error);
int
libevtx_record_get_written_time(libevtx_record_t *record, uint64_t *filetime, libevtx_error_t **error);
int
libevtx_record_get_event_identifier(libevtx_record_t*record,uint32_t*event_identifier,libevtx_error_t**error);
int
libevtx_record_get_event_identifier_qualifiers(libevtx_rec*orreudci_ntrt*d3e,2v_tnt_identifier_qualifileirbse,vtx_err*o*re_tror);
int
libevtx_record_get_event_level(libevtx_record_t *record, uint8_t *event_level, libevtx_error_t **error);
int
libevtx_record_get_utf8_provider_identifier_size(libevtx_record*_tecorsdi,ze*_ttf8_string_sizlei,bevtx_erro*r*_trror);
int
libevtx_record_get_utf8_provider_identifier(libevtx_reco*rrde_utoirndt*,8u_tf8_strisnigzu,et_t8_string_silzieb,evtx_erro*r*_trror);
int
libevtx_record_get_utf16_provider_identifier_size(libevtx_record*_tecorsdi,z*eu_tf16_string_silzieb,evtx_erro*r*_trror);
int
libevtx_record_get_utf16_provider_identifier(libevtx_reco*rrde_utoirndt*,1u6t_t16_strsiiunztgef,_t6_string_sliizbee,vtx_erro*r*_trror);
int
libevtx_record_get_utf8_source_name_size(libevtx_record_t*record,size_tutf8_string_sizel,ibevtx_error_t*error);
int
libevtx_record_get_utf8_source_name(libevtx_recor*dr_tcorudi,nt8*_ttf8_strinsgi,zeu_tf8_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf16_source_name_size(libevtx_record_trecords,ize_tutf16_string_sizel,ibevtx_error_t*error);
int
libevtx_record_get_utf16_source_name(libevtx_recor*dr_tcouridn,t1*6u_tf16_strisnigzu,et_t16_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf8_computer_name_size(libevtx_record_trecords,ize_tutf8_string_sizel,ibevtx_error_t*error);
int
libevtx_record_get_utf8_computer_name(libevtx_recor*dr_tcouridn,t*8u_tf8_strinsgi,zeu_tf8_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf16_computer_name_size(libevtx_record_trecords,ize_tutf16_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf16_computer_name(libevtx_recor*dr_tcouridn,t1*6u_tf16_strisnigzu,et_t16_string_silzieb,evtx_erro*r*_trror);
int
libevtx_record_get_utf8_user_security_identifier_size(libevtx_recor*dr_tcosridz*,eu_tf8_string_silzieb,evtx_err*o*re_tror);
int
libevtx_record_get_utf8_user_security_identifier(libevtx_reco*rrde_utoirn*dtu,8t_t8_strsiiunztgef,_t_string_sliizbee,vtx_err*o*re_tror);
int
libevtx_record_get_utf16_user_security_identifier_size(libevtx_recor*dr_tcosri*dzu,et_t16_string_sliizbee,vtx_err*o*re_tror);
int
libevtx_record_get_utf16_user_security_identifier(libevtx_rec*orreudci_n*trtud1t,6f_t6_stsriuiztnefg_,t6_string_sliizbee,vtx_err*o*re_tror);
int
libevtx_record_parse_data_with_template_definition(libevtx_r*ierbceeocvrotdrx__t,template_defi*ntietmipolna_te_defliinbietvitox*n_,eerrrroorr_tint
libevtx_record_get_number_of_strings(libevtx_record_t*record,int*number_of_strings,libevtx_error_t**error);
int
libevtx_record_get_utf8_string_size(libevtx_record_trecordis,nttring_indesxi,ze*_ttf8_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf8_string(libevtx_recor*dr_tcsoitrnrdti,ng_indueixn,t*8u_tf8_strisnigz,eu_tf8_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf16_string_size(libevtx_record*_tecorisdnt,tring_indesxi,ze*_ttf16_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf16_string(libevtx_reco*rrde_stoitrnrdti,ng_indueixn,t1*6u_tf16_strisnigzu,et_t16_string_silzieb,evtx_erro*r*_trror);
int
libevtx_record_get_data_size(libevtx_record_t *record, size_t *data_size, libevtx_error_t **error);
int
libevtx_record_get_data(libevtx_record_t *record, uint8_t *data, size_tdata_size,libevtx_error_t**error);
int
libevtx_record_get_utf8_xml_string_size(libevtx_record_trecords,ize_t*utf8_string_size,libevtx_error_t**error);
int
libevtx_record_get_utf8_xml_string(libevtx_record*_tecorudi,nt8*_ttf8_strinsgi,zeu_tf8_string_sizlei,bevtx_error*_terror);
int
libevtx_record_get_utf16_xml_string_size(libevtx_record_trecords,ize_tutf16_string_sizel,ibevtx_error_t**error);
int
libevtx_record_get_utf16_xml_string(libevtx_record*_tecorudi,nt16*_ttf16_strisnigzu,et_t16_string_silzieb,evtx_erro*r*_trror);
Template definition functions
int
libevtx_template_definition_initialize(libevtx_template_definition*_ttemplate_definitiolni,bevtx_error*_terror);
int
libevtx_template_definition_free(libevtx_template_definition_t**template_definition,libevtx_error_t**error);
int
libevtx_template_definition_set_data(libevtx_template_definit*itoenm_tlate_definuici*sdtondiaintaztos8teant__,t,tsiindztae3t,2a_toflfisbeetv,tx_er*r*oerr_tor);
DESCRIPTION
The libevtx_get_version() function is used to retrieve the library version.
RETURN VALUES
Most of the functions return NULL or -1 on error, dependent on the return type. For the actual return
values see "libevtx.h".
ENVIRONMENT
None
FILES
None
NOTES
libevtx allows to be compiled with wide character support (wchar_t).
To compile libevtx with wide character support use: ./configure --enable-wide-character-type=yes
or define: _UNICODE
or UNICODE
during compilation.
LIBEVTX_WIDE_CHARACTER_TYPE
in libevtx/features.h can be used to determine if libevtx was compiled with wide character support.
BUGS
Please report bugs of any kind on the project issue tracker: https://github.com/libyal/libevtx/issues
AUTHOR
These man pages are generated from "libevtx.h".
COPYRIGHT
Copyright (C) 2011-2018, Joachim Metz <joachim.metz@gmail.com>.
This is free software; see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
SEE ALSO
the libevtx.h include file
libevtx April 12, 2018 libevtx(3)