public static BinaryEventLogRecord Fetch(BinaryReader reader) { uint recordLength = reader.ReadUInt32(); reader.BaseStream.Seek(-4, SeekOrigin.Current); byte[] recordBytes = reader.ReadBytes((int)recordLength); int nextStartIndexInBuffer = 0; BinaryEventLogRecord eventLog = new BinaryEventLogRecord(); eventLog._metadata = Metadata.Fetch(recordBytes); nextStartIndexInBuffer += Globals.MetadataSize; eventLog._sourceName = extractString(recordBytes, nextStartIndexInBuffer); nextStartIndexInBuffer += eventLog._sourceName.Length * Globals.UnicodeCharSize + Globals.NullCharSize; eventLog._computerName = extractString(recordBytes, nextStartIndexInBuffer); nextStartIndexInBuffer += eventLog._computerName.Length * Globals.UnicodeCharSize + Globals.NullCharSize; eventLog._userSid = new byte[eventLog._metadata.UserSidLength]; Array.Copy(recordBytes, nextStartIndexInBuffer, eventLog._userSid, 0, eventLog._metadata.UserSidLength); nextStartIndexInBuffer += (int)eventLog._metadata.UserSidLength; eventLog._message = Encoding.Unicode.GetString(recordBytes, nextStartIndexInBuffer, (int)(eventLog._metadata.DataOffset - eventLog._metadata.StringOffset)); eventLog._data = new byte[eventLog._metadata.DataLength]; Array.Copy(recordBytes, eventLog._data, eventLog._metadata.DataLength); return(eventLog); }
public override void Parse() { FileStream logStream = new FileStream(_fileName, FileMode.Open, FileAccess.Read); _logReader = new BinaryReader(logStream); _header = Header.Fetch(_logReader); _header.Verify(); while (BinaryEventLogRecord.CanHaveALogRecord(_logReader)) { BinaryEventLogRecord eventLogRecord = BinaryEventLogRecord.Fetch(_logReader); eventLogRecord.ContainingFile = this; _records.Add(eventLogRecord); } _footer = Footer.Fetch(_logReader); _footer.Verify(); logStream.Close(); _logReader.Close(); }
public static BinaryEventLogRecord Fetch(BinaryReader reader) { uint recordLength = reader.ReadUInt32(); reader.BaseStream.Seek(-4, SeekOrigin.Current); byte[] recordBytes = reader.ReadBytes((int) recordLength); int nextStartIndexInBuffer = 0; BinaryEventLogRecord eventLog = new BinaryEventLogRecord(); eventLog._metadata = Metadata.Fetch(recordBytes); nextStartIndexInBuffer += Globals.MetadataSize; eventLog._sourceName = extractString(recordBytes, nextStartIndexInBuffer); nextStartIndexInBuffer += eventLog._sourceName.Length*Globals.UnicodeCharSize + Globals.NullCharSize; eventLog._computerName = extractString(recordBytes, nextStartIndexInBuffer); nextStartIndexInBuffer += eventLog._computerName.Length*Globals.UnicodeCharSize + Globals.NullCharSize; eventLog._userSid = new byte[eventLog._metadata.UserSidLength]; Array.Copy(recordBytes, nextStartIndexInBuffer, eventLog._userSid, 0, eventLog._metadata.UserSidLength); nextStartIndexInBuffer += (int) eventLog._metadata.UserSidLength; eventLog._message = Encoding.Unicode.GetString(recordBytes, nextStartIndexInBuffer, (int) (eventLog._metadata.DataOffset - eventLog._metadata.StringOffset)); eventLog._data = new byte[eventLog._metadata.DataLength]; Array.Copy(recordBytes, eventLog._data, eventLog._metadata.DataLength); return eventLog; }