/// <summary>
///
/// </summary>
/// <param name="path"></param>
/// <returns></returns>
public static EventRecord[] Get(string path)
{
List <EventRecord> recordList = new List <EventRecord>();
// Get Content of EventLog
FileRecord fileRecord = FileRecord.Get(path, true);
byte[] bytes = fileRecord.GetContent();
// Get EventLog Header
EventLogHeader evtxHeader = new EventLogHeader(bytes);
int chunkOffset = 0x1000;
// Iterate through chunks
for (int i = 0; i < evtxHeader.NumberOfChunks; i++)
{
// Get Chunk Header
ChunkHeader chunkHeader = new ChunkHeader(bytes, chunkOffset);
if (chunkHeader.LastEventRecordNumber == -1)
{
break;
}
int recordOffset = chunkOffset + 0x200;
// Iterate through EventRecords
for (long j = chunkHeader.FirstEventRecordNumber; j <= chunkHeader.LastEventRecordNumber; j++)
{
EventRecord eventRecord = new EventRecord(bytes, chunkOffset, recordOffset, path);
recordList.Add(eventRecord);
recordOffset += (int)eventRecord.Size;
}
// Increment Chunk Offset to point to next chunk
chunkOffset += 0x10000;
}
return(recordList.ToArray());
}
public static EventRecord[] Get(string path)
{
List<EventRecord> recordList = new List<EventRecord>();
// Get Content of EventLog
FileRecord fileRecord = FileRecord.Get(path, true);
byte[] bytes = fileRecord.GetContent();
// Get EventLog Header
EventLogHeader evtxHeader = new EventLogHeader(bytes);
int chunkOffset = 0x1000;
// Iterate through chunks
for (int i = 0; i < evtxHeader.NumberOfChunks; i++)
{
// Get Chunk Header
ChunkHeader chunkHeader = new ChunkHeader(bytes, chunkOffset);
if(chunkHeader.LastEventRecordNumber == -1)
{
break;
}
int recordOffset = chunkOffset + 0x200;
// Iterate through EventRecords
for (long j = chunkHeader.FirstEventRecordNumber; j <= chunkHeader.LastEventRecordNumber; j++)
{
EventRecord eventRecord = new EventRecord(bytes, chunkOffset, recordOffset, path);
recordList.Add(eventRecord);
recordOffset += (int)eventRecord.Size;
}
// Increment Chunk Offset to point to next chunk
chunkOffset += 0x10000;
}
return recordList.ToArray();
}
