File: ChangeLog

package info (click to toggle)
libevt 20200926-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye
  • size: 17,024 kB
  • sloc: ansic: 278,926; sh: 6,138; makefile: 1,728; python: 390; cpp: 88; sed: 16
file content (70 lines) | stat: -rw-r--r-- 2,268 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
 
TODO:
* move direct access to event record struct members in record values to functions
  - replace calls to libfvalue by libuna and libfwnt
  - handle strings, use split string?
* API have source and computer name functions return 0

* libevt
  - remove file_get_version
* evtexport, add date time format selection
* evtexport, add flags to strip strings and messages string of CR-LFs
* evtexport, add support for CVS and/or TSV format with surrounding quotes

* add parameter expansion support
* recovery: what about record that is recoverable but has a size mismatch
* msvscpp:
  - check and fix debug output generation
  - check 64-bit compilation output (warnings)
* check signal abort
* test find paths on windows
* get %WinDir%
  SYSTEM\CurrentControlSet\Control\Session Manager\Environment\windir
  - add callback for dealing with path expansion ?
* registry file:
  - detect the file type + version based on the base sub keys?
  - add file type specific support e.g. CurrentControlSet in key names ?
    or be more generic and allow HKEY_ ... type of keys and detect
    registry file type

* libcdirectory:
  - move WINAPI * path expansion from export handle to libcdirectory
* update manuals
  - evtexport add example output
* add error tollerability (+/-)
  - sizes and copy

Tools:
* API
  - functionality to parse event identifier ?
* registy file
  - what about NT4 root/base key support ?
* evtexport/export handle
  - validate eventlog/computername in system registry ?
  - use current control set nr ?
  - print if message file key not found
  - print if message file not found
  - print if message file has no resources
  - user sid - find corresponding user name ?
  - output data as CSV/TSV, DFXML ? (different output formatting modules)
  - print data
  - move output to separate code, e.g. libpff
* evtinfo
* pyevt
  - functionality to parse event identifier ?
  - string representations of event type ?
  - access to data
* tests
  - file wrap

Format:
* event flags ? (debug function)
* closing record number ?

Notes
* %SystemRoot% expansion support for WINNT and WINNT35
  check if this is set in SOFTWARE\Microsoft\Windows NT\CurrentVersion\ ?

20111003
* see `git log' for more recent change log
* Created initial version based on libnk2