int main( int argc, char * const argv[] ) #endif { libcerror_error_t *error = NULL; log_handle_t *log_handle = NULL; system_character_t *option_ascii_codepage = NULL; system_character_t *option_event_log_type = NULL; system_character_t *option_export_format = NULL; system_character_t *option_export_mode = NULL; system_character_t *option_log_filename = NULL; system_character_t *option_resource_files_path = NULL; system_character_t *option_preferred_language = NULL; system_character_t *option_registry_directory_name = NULL; system_character_t *option_software_registry_filename = NULL; system_character_t *option_system_registry_filename = NULL; system_character_t *source = NULL; char *program = "evtxexport"; system_integer_t option = 0; int result = 0; int use_template_definition = 0; int verbose = 0; libcnotify_stream_set( stderr, NULL ); libcnotify_verbose_set( 1 ); if( libclocale_initialize( "evtxtools", &error ) != 1 ) { fprintf( stderr, "Unable to initialize locale values.\n" ); goto on_error; } if( evtxtools_output_initialize( _IONBF, &error ) != 1 ) { fprintf( stderr, "Unable to initialize output settings.\n" ); goto on_error; } evtxoutput_version_fprint( stdout, program ); while( ( option = evtxtools_getopt( argc, argv, _SYSTEM_STRING( "c:f:hl:m:p:r:s:S:t:TvV" ) ) ) != (system_integer_t) -1 ) { switch( option ) { case (system_integer_t) '?': default: fprintf( stderr, "Invalid argument: %" PRIs_SYSTEM "\n", argv[ optind - 1 ] ); usage_fprint( stdout ); return( EXIT_FAILURE ); case (system_integer_t) 'c': option_ascii_codepage = optarg; break; case (system_integer_t) 'f': option_export_format = optarg; break; case (system_integer_t) 'h': usage_fprint( stdout ); return( EXIT_SUCCESS ); case (system_integer_t) 'l': option_log_filename = optarg; break; case (system_integer_t) 'm': option_export_mode = optarg; break; case (system_integer_t) 'p': option_resource_files_path = optarg; break; case (system_integer_t) 'r': option_registry_directory_name = optarg; break; case (system_integer_t) 's': option_system_registry_filename = optarg; break; case (system_integer_t) 'S': option_software_registry_filename = optarg; break; case (system_integer_t) 't': option_event_log_type = optarg; break; case (system_integer_t) 'T': use_template_definition = 1; break; case (system_integer_t) 'v': verbose = 1; break; case (system_integer_t) 'V': evtxoutput_copyright_fprint( stdout ); return( EXIT_SUCCESS ); } } if( optind == argc ) { fprintf( stderr, "Missing source file.\n" ); usage_fprint( stdout ); return( EXIT_FAILURE ); } source = argv[ optind ]; libcnotify_verbose_set( verbose ); libevtx_notify_set_stream( stderr, NULL ); libevtx_notify_set_verbose( verbose ); if( log_handle_initialize( &log_handle, &error ) != 1 ) { fprintf( stderr, "Unable to initialize log handle.\n" ); goto on_error; } if( export_handle_initialize( &evtxexport_export_handle, &error ) != 1 ) { fprintf( stderr, "Unable to initialize export handle.\n" ); goto on_error; } if( option_ascii_codepage != NULL ) { result = export_handle_set_ascii_codepage( evtxexport_export_handle, option_ascii_codepage, &error ); if( result == -1 ) { fprintf( stderr, "Unable to set ASCII codepage in export handle.\n" ); goto on_error; } else if( result == 0 ) { fprintf( stderr, "Unsupported ASCII codepage defaulting to: windows-1252.\n" ); } } if( option_event_log_type != NULL ) { result = export_handle_set_event_log_type( evtxexport_export_handle, option_event_log_type, &error ); if( result == -1 ) { fprintf( stderr, "Unable to set event log type in export handle.\n" ); goto on_error; } } if( option_export_format != NULL ) { result = export_handle_set_export_format( evtxexport_export_handle, option_export_format, &error ); if( result == -1 ) { fprintf( stderr, "Unable to set export format.\n" ); goto on_error; } else if( result == 0 ) { fprintf( stderr, "Unsupported export format defaulting to: text.\n" ); } } if( option_export_mode != NULL ) { result = export_handle_set_export_mode( evtxexport_export_handle, option_export_mode, &error ); if( result == -1 ) { fprintf( stderr, "Unable to set export mode.\n" ); goto on_error; } else if( result == 0 ) { fprintf( stderr, "Unsupported export mode defaulting to: items.\n" ); } } if( ( option_event_log_type == NULL ) || ( result == 0 ) ) { result = export_handle_set_event_log_type_from_filename( evtxexport_export_handle, source, &error ); if( result == -1 ) { fprintf( stderr, "Unable to set event log type from filename in export handle.\n" ); goto on_error; } } if( option_resource_files_path != NULL ) { if( export_handle_set_resource_files_path( evtxexport_export_handle, option_resource_files_path, &error ) != 1 ) { fprintf( stderr, "Unable to set resource files path in export handle.\n" ); goto on_error; } } if( option_software_registry_filename != NULL ) { if( export_handle_set_software_registry_filename( evtxexport_export_handle, option_software_registry_filename, &error ) != 1 ) { fprintf( stderr, "Unable to set software registry filename in export handle.\n" ); goto on_error; } } if( option_system_registry_filename != NULL ) { if( export_handle_set_system_registry_filename( evtxexport_export_handle, option_system_registry_filename, &error ) != 1 ) { fprintf( stderr, "Unable to set system registry filename in export handle.\n" ); goto on_error; } } if( option_registry_directory_name != NULL ) { if( export_handle_set_registry_directory_name( evtxexport_export_handle, option_registry_directory_name, &error ) != 1 ) { fprintf( stderr, "Unable to set registry directory name in export handle.\n" ); goto on_error; } } if( option_preferred_language != NULL ) { /* TODO set preferred language identifier from input */ if( export_handle_set_preferred_language_identifier( evtxexport_export_handle, 0x0409, &error ) != 1 ) { fprintf( stderr, "Unable to set preferred language identifier in export handle.\n" ); goto on_error; } } evtxexport_export_handle->use_template_definition = use_template_definition; evtxexport_export_handle->verbose = verbose; if( log_handle_open( log_handle, option_log_filename, &error ) != 1 ) { fprintf( stderr, "Unable to open log file: %" PRIs_SYSTEM ".\n", option_log_filename ); goto on_error; } if( export_handle_open_input( evtxexport_export_handle, source, &error ) != 1 ) { fprintf( stderr, "Unable to open: %" PRIs_SYSTEM ".\n", source ); goto on_error; } result = export_handle_export_file( evtxexport_export_handle, log_handle, &error ); if( result == -1 ) { fprintf( stderr, "Unable to export file.\n" ); goto on_error; } if( export_handle_close_input( evtxexport_export_handle, &error ) != 0 ) { fprintf( stderr, "Unable to close export handle.\n" ); goto on_error; } if( export_handle_free( &evtxexport_export_handle, &error ) != 1 ) { fprintf( stderr, "Unable to free export handle.\n" ); goto on_error; } if( log_handle_close( log_handle, &error ) != 0 ) { fprintf( stderr, "Unable to close log handle.\n" ); goto on_error; } if( log_handle_free( &log_handle, &error ) != 1 ) { fprintf( stderr, "Unable to free log handle.\n" ); goto on_error; } if( result == 0 ) { fprintf( stdout, "No records to export.\n" ); } return( EXIT_SUCCESS ); on_error: if( error != NULL ) { libcnotify_print_error_backtrace( error ); libcerror_error_free( &error ); } if( evtxexport_export_handle != NULL ) { export_handle_free( &evtxexport_export_handle, NULL ); } if( log_handle != NULL ) { log_handle_free( &log_handle, NULL ); } return( EXIT_FAILURE ); }
int main( int argc, char * const argv[] ) #endif { libevtx_error_t *error = NULL; system_character_t *option_ascii_codepage = NULL; system_character_t *source = NULL; char *program = "evtxinfo"; system_integer_t option = 0; int result = 0; int verbose = 0; libcnotify_stream_set( stderr, NULL ); libcnotify_verbose_set( 1 ); if( libclocale_initialize( "evtxtools", &error ) != 1 ) { fprintf( stderr, "Unable to initialize locale values.\n" ); goto on_error; } if( evtxtools_output_initialize( _IONBF, &error ) != 1 ) { fprintf( stderr, "Unable to initialize output settings.\n" ); goto on_error; } evtxoutput_version_fprint( stdout, program ); while( ( option = evtxtools_getopt( argc, argv, _SYSTEM_STRING( "c:hvV" ) ) ) != (system_integer_t) -1 ) { switch( option ) { case (system_integer_t) '?': default: fprintf( stderr, "Invalid argument: %" PRIs_SYSTEM "\n", argv[ optind - 1 ] ); usage_fprint( stdout ); return( EXIT_FAILURE ); case (system_integer_t) 'c': option_ascii_codepage = optarg; break; case (system_integer_t) 'h': usage_fprint( stdout ); return( EXIT_SUCCESS ); case (system_integer_t) 'v': verbose = 1; break; case (system_integer_t) 'V': evtxoutput_copyright_fprint( stdout ); return( EXIT_SUCCESS ); } } if( optind == argc ) { fprintf( stderr, "Missing source file.\n" ); usage_fprint( stdout ); return( EXIT_FAILURE ); } source = argv[ optind ]; libcnotify_verbose_set( verbose ); libevtx_notify_set_stream( stderr, NULL ); libevtx_notify_set_verbose( verbose ); if( info_handle_initialize( &evtxinfo_info_handle, &error ) != 1 ) { fprintf( stderr, "Unable to initialize info handle.\n" ); goto on_error; } if( option_ascii_codepage != NULL ) { result = info_handle_set_ascii_codepage( evtxinfo_info_handle, option_ascii_codepage, &error ); if( result == -1 ) { fprintf( stderr, "Unable to set ASCII codepage in info handle.\n" ); goto on_error; } else if( result == 0 ) { fprintf( stderr, "Unsupported ASCII codepage defaulting to: windows-1252.\n" ); } } result = info_handle_set_event_log_type_from_filename( evtxinfo_info_handle, source, &error ); if( result == -1 ) { fprintf( stderr, "Unable to set event log type from filename in info handle.\n" ); goto on_error; } if( info_handle_open( evtxinfo_info_handle, source, &error ) != 1 ) { fprintf( stderr, "Unable to open: %" PRIs_SYSTEM ".\n", source ); goto on_error; } if( info_handle_file_fprint( evtxinfo_info_handle, &error ) != 1 ) { fprintf( stderr, "Unable to print file information.\n" ); goto on_error; } if( info_handle_close( evtxinfo_info_handle, &error ) != 0 ) { fprintf( stderr, "Unable to close info handle.\n" ); goto on_error; } if( info_handle_free( &evtxinfo_info_handle, &error ) != 1 ) { fprintf( stderr, "Unable to free info handle.\n" ); goto on_error; } return( EXIT_SUCCESS ); on_error: if( error != NULL ) { libcnotify_print_error_backtrace( error ); libcerror_error_free( &error ); } if( evtxinfo_info_handle != NULL ) { info_handle_free( &evtxinfo_info_handle, NULL ); } return( EXIT_FAILURE ); }
int main( int argc, char * const argv[] ) #endif { libcstring_system_character_t *source = NULL; libcstring_system_integer_t option = 0; while( ( option = libcsystem_getopt( argc, argv, _LIBCSTRING_SYSTEM_STRING( "" ) ) ) != (libcstring_system_integer_t) -1 ) { switch( option ) { case (libcstring_system_integer_t) '?': default: fprintf( stderr, "Invalid argument: %" PRIs_LIBCSTRING_SYSTEM ".\n", argv[ optind - 1 ] ); return( EXIT_FAILURE ); } } if( optind == argc ) { fprintf( stderr, "Missing source file or device.\n" ); return( EXIT_FAILURE ); } source = argv[ optind ]; #if defined( HAVE_DEBUG_OUTPUT ) && defined( EVTX_TEST_OPEN_CLOSE_VERBOSE ) libevtx_notify_set_verbose( 1 ); libevtx_notify_set_stream( stderr, NULL ); #endif /* Case 0: single open and close of a file using filename */ if( evtx_test_single_open_close_file( source, LIBEVTX_OPEN_READ, 1 ) != 1 ) { fprintf( stderr, "Unable to test single open close.\n" ); return( EXIT_FAILURE ); } if( evtx_test_single_open_close_file( NULL, LIBEVTX_OPEN_READ, -1 ) != 1 ) { fprintf( stderr, "Unable to test single open close.\n" ); return( EXIT_FAILURE ); } if( evtx_test_single_open_close_file( source, LIBEVTX_OPEN_WRITE, -1 ) != 1 ) { fprintf( stderr, "Unable to test single open close.\n" ); return( EXIT_FAILURE ); } /* Case 1: multiple open and close of a file using filename */ if( evtx_test_multi_open_close_file( source, LIBEVTX_OPEN_READ, 1 ) != 1 ) { fprintf( stderr, "Unable to test multi open close.\n" ); return( EXIT_FAILURE ); } return( EXIT_SUCCESS ); }