windows

Documentation

Index

• type Buffer
  • func NewBuffer() Buffer
  • func (b *Buffer) FirstByte() *byte
  • func (b *Buffer) ReadBytes(offset uint32) ([]byte, error)
  • func (b *Buffer) ReadString(offset uint32) (string, error)
  • func (b *Buffer) ReadWideChars(offset uint32) ([]byte, error)
  • func (b *Buffer) SizeBytes() uint32
  • func (b *Buffer) SizeWide() uint32
  • func (b *Buffer) UpdateSizeBytes(size uint32)
  • func (b *Buffer) UpdateSizeWide(size uint32)
• type EventDataEntry
• type EventID
• type EventRaw
• type EventXML
• type Provider
• type TimeCreated

Types

type Buffer

type Buffer struct {
	// contains filtered or unexported fields
}

Buffer is a buffer of utf-16 bytes.

func NewBuffer

func NewBuffer() Buffer

NewBuffer creates a new buffer with the default buffer size

func (*Buffer) FirstByte

func (b *Buffer) FirstByte() *byte

FirstByte will return a pointer to the first byte.

func (*Buffer) ReadBytes

func (b *Buffer) ReadBytes(offset uint32) ([]byte, error)

ReadBytes will read UTF-8 bytes from the buffer, where offset is the number of bytes to be read

func (*Buffer) ReadString

func (b *Buffer) ReadString(offset uint32) (string, error)

ReadString will read a UTF-8 string from the buffer.

func (*Buffer) ReadWideChars

func (b *Buffer) ReadWideChars(offset uint32) ([]byte, error)

ReadWideChars will read UTF-8 bytes from the buffer, where offset is the number of wchars to read

func (*Buffer) SizeBytes

func (b *Buffer) SizeBytes() uint32

SizeBytes will return the size of the buffer as number of bytes.

func (*Buffer) SizeWide

func (b *Buffer) SizeWide() uint32

SizeWide returns the size of the buffer as number of wchars

func (*Buffer) UpdateSizeBytes

func (b *Buffer) UpdateSizeBytes(size uint32)

UpdateSizeBytes will update the size of the buffer to fit size bytes.

func (*Buffer) UpdateSizeWide

func (b *Buffer) UpdateSizeWide(size uint32)

UpdateSizeWide will update the size of the buffer to fit size wchars.

type EventDataEntry

type EventDataEntry struct {
	Name  string `xml:"Name,attr"`
	Value string `xml:",chardata"`
}

type EventID

type EventID struct {
	Qualifiers uint16 `xml:"Qualifiers,attr"`
	ID         uint32 `xml:",chardata"`
}

EventID is the identifier of the event.

type EventRaw

type EventRaw struct {
	TimeCreated   TimeCreated `xml:"System>TimeCreated"`
	RenderedLevel string      `xml:"RenderingInfo>Level"`
	Level         string      `xml:"System>Level"`
	Body          string      `xml:"-"`
}

EventRaw is the rendered xml of an event, however, its message is the original XML of the entire event.

type EventXML

type EventXML struct {
	EventID          EventID          `xml:"System>EventID"`
	Provider         Provider         `xml:"System>Provider"`
	Computer         string           `xml:"System>Computer"`
	Channel          string           `xml:"System>Channel"`
	RecordID         uint64           `xml:"System>EventRecordID"`
	TimeCreated      TimeCreated      `xml:"System>TimeCreated"`
	Message          string           `xml:"RenderingInfo>Message"`
	RenderedLevel    string           `xml:"RenderingInfo>Level"`
	Level            string           `xml:"System>Level"`
	RenderedTask     string           `xml:"RenderingInfo>Task"`
	Task             string           `xml:"System>Task"`
	RenderedOpcode   string           `xml:"RenderingInfo>Opcode"`
	Opcode           string           `xml:"System>Opcode"`
	RenderedKeywords []string         `xml:"RenderingInfo>Keywords>Keyword"`
	Keywords         []string         `xml:"System>Keywords"`
	EventData        []EventDataEntry `xml:"EventData>Data"`
}

EventXML is the rendered xml of an event.

type Provider

type Provider struct {
	Name            string `xml:"Name,attr"`
	GUID            string `xml:"Guid,attr"`
	EventSourceName string `xml:"EventSourceName,attr"`
}

Provider is the provider of the event.

type TimeCreated

type TimeCreated struct {
	SystemTime string `xml:"SystemTime,attr"`
}

TimeCreated is the creation time of the event.