/
libevt.ini
87 lines (79 loc) · 3.46 KB
/
libevt.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
[project]
name: "libevt"
status: "alpha"
year_of_creation: "2011"
data_format: "Windows Event Log (EVT)"
documentation_url: "https://github.com/libyal/libevt/tree/main/documentation"
features: ["debug_output", "nuget"]
[dtFabric]
data_types: {
"end_of_file_record": {
"size": {"usage": "in_function"},
"signature1": {"debug_format": "hexadecimal"},
"signature2": {"debug_format": "hexadecimal"},
"signature3": {"debug_format": "hexadecimal"},
"signature4": {"debug_format": "hexadecimal"},
"first_record_offset": {"debug_format": "hexadecimal"},
"end_of_file_record_offset": {"debug_format": "hexadecimal"},
"last_record_number": {},
"first_record_number": {},
"copy_of_size": {"usage": "in_function"}
},
"event_record": {
"__options__": ["file_io_handle"],
"size": {"usage": "in_function"},
"signature": {},
"record_number": {"usage": "in_struct"},
"creation_time": {"usage": "in_struct"},
"last_written_time": {"usage": "in_struct"},
"event_identifier": {"usage": "in_struct"},
"event_type": {"usage": "in_struct"},
"number_of_strings": {},
"event_category": {"usage": "in_struct"},
"unknown1": {"debug_format": "hexadecimal"},
"unknown2": {"debug_format": "hexadecimal"},
"strings_offset": {"debug_format": "hexadecimal", "usage": "in_function"},
"user_security_identifier_size": {"usage": "in_function"},
"user_security_identifier_offset": {"debug_format": "hexadecimal", "usage": "in_function"},
"data_size": {"usage": "in_function"},
"data_offset": {"debug_format": "hexadecimal", "usage": "in_function"},
"source_name": {"usage": "in_struct"},
"computer_name": {"usage": "in_struct"},
"user_security_identifier": {"usage": "in_struct"},
"data": {"usage": "in_struct"},
"alignment_padding": {"debug_format": "hexadecimal"},
"copy_of_size": {"usage": "in_function"}
},
"file_header": {
"__options__": ["file_io_handle"],
"size": {"usage": "in_struct"},
"signature": {},
"major_format_version": {"usage": "in_struct"},
"minor_format_version": {"usage": "in_struct"},
"first_record_offset": {"debug_format": "hexadecimal", "usage": "in_struct"},
"end_of_file_record_offset": {"debug_format": "hexadecimal", "usage": "in_struct"},
"last_record_number": {},
"first_record_number": {},
"maximum_file_size": {},
"file_flags": {"debug_format": "hexadecimal", "usage": "in_struct"},
"retention": {"debug_format": "hexadecimal"},
"copy_of_size": {"usage": "in_struct"}
}}
[library]
public_types: ["file", "record"]
[tools]
description: "Several tools for reading Windows Event Log (EVT) files"
names: ["evtexport", "evtinfo"]
[troubleshooting]
example: "evtinfo AppEvent.Evt"
[development]
main_object: "file"
main_object_filename: "AppEvent.evt"
[tests]
profiles: ["libevt", "pyevt", "evtinfo", "evtexport"]
info_tool_options_per_profile: [""]
info_tool_profiles: ["evtinfo"]
example_filename1: "SysEvent.Evt"
example_filename2: "AppEvent.Evt"
[pypi]
appveyor_token: "VHuZiUWgTqTciKE2nsv/Lt6n/KFtRzbhOzJTaIf15+EpkzL/9WhbuFbzldCKcZ/emgKSQYYgDHYvb25BjTCb4HvPzbdeBq/w5MyLLpX+QKqJQxAyTAcnDk2SPJ9/itzY8j2Y4/fnfwXKGLFid/ZPXWN2lbMuyIUMR+dyRC9GeDEvjs1JFk1M/SX6W6sz/HpFEEL/Jfy8usqnnQiIAJpaT5AeW7i6ZtiEnHOTqqKmA0cwc1LapTxHhso8FPpn0+vEuMTsdC6b64Xk5ssCUNcS6w=="