public Type0x21(BinaryReader log, int size, long chunkOffset, LogRoot root) { LogRoot newRoot = new LogRoot(log, chunkOffset, (uint)size, root.ParentLog); this.String = newRoot.ToXML(); }
public EventLog(string filename) { this.Strings = new Dictionary<long, string>(); using (FileStream stream = File.OpenRead(filename)) { using (BinaryReader reader = new BinaryReader(stream)) { byte[] h = reader.ReadBytes(8); if (!(h[0] == 'E' && h[1] == 'l' && h[2] == 'f' && h[3] == 'F' && h[4] == 'i' && h[5] == 'l' && h[6] == 'e')) throw new Exception("Unsupported file type"); int numOldLow, numOldHigh; int numCurLow, numCurHigh; int nextRecLow, nextRecHigh; numOldLow = reader.ReadInt32(); numOldHigh = reader.ReadInt32(); numCurLow = reader.ReadInt32(); numCurHigh = reader.ReadInt32(); nextRecLow = reader.ReadInt32(); nextRecHigh = reader.ReadInt32(); int numOld = (numOldHigh << 32) | numOldLow; int numCur = (numCurHigh << 32) | numCurLow; int nextRec = (nextRecHigh << 32) | nextRecLow; byte[] headerPart, versionMinor, versionMajor, headerLen, chunkCount; headerPart = reader.ReadBytes(4); versionMinor = reader.ReadBytes(2); versionMajor = reader.ReadBytes(2); headerLen = reader.ReadBytes(2); chunkCount = reader.ReadBytes(2); if (!BitConverter.IsLittleEndian) { Array.Reverse(headerLen); Array.Reverse(headerPart); Array.Reverse(versionMajor); Array.Reverse(versionMinor); Array.Reverse(chunkCount); } int chunkc = BitConverter.ToInt16(chunkCount,0); this.Templates = new Dictionary<string, Template> (); long chunkOffset = 0x1000; reader.BaseStream.Position = chunkOffset; int n = 1; for (int k = 0; k < chunkc; k++) { h = reader.ReadBytes(8); if (!(h[0] == 'E' && h[1] == 'l' && h[2] == 'f' && h[3] == 'C' && h[4] == 'h' && h[5] == 'n' && h[6] == 'k')) throw new Exception("Bad chunk at offset: " + reader.BaseStream.Position); ulong first = reader.ReadUInt64(); ulong last = reader.ReadUInt64(); ulong rfirst = reader.ReadUInt64(); //redundant first ulong rlast = reader.ReadUInt64(); //redundant last uint unk1 = reader.ReadUInt32(); uint unk2 = reader.ReadUInt32(); uint offset = reader.ReadUInt32(); uint crcData = reader.ReadUInt32(); uint crcHeader = reader.ReadUInt32(); if (crcData == 0) continue; //empty chunk uint nextOffset = 0x200; //first event in a chunk reader.BaseStream.Position = chunkOffset + nextOffset; //(512+4096) this.Roots = new List<LogRoot>(); for (ulong i = first; i <= last; i++) { long pos = reader.BaseStream.Position; h = reader.ReadBytes(2); if (h[0] != '*' || h[1] != '*') { Console.WriteLine("Bad event at position: " + reader.BaseStream.Position); continue; } reader.BaseStream.Position += 2; uint el = reader.ReadUInt32() - 28; long rid = reader.ReadInt64(); ulong ts = reader.ReadUInt64(); ts /= 1000; ts -= 116444736000000; int secs = (int)(ts / 10000); DateTime timestamp = GetTime (secs); LogRoot root = new LogRoot(reader, chunkOffset, el, this) { Offset = pos }; Console.WriteLine(root.ToXML()); this.Roots.Add(root); reader.BaseStream.Position = (el + pos); } reader.BaseStream.Position = chunkOffset = (n++*0x10000)+0x1000; } } } string xml = "<Events>"; foreach (LogRoot root in this.Roots) xml += root.ToXML(); Console.WriteLine(xml); xml += "</Events>"; this.XmlDocument = new XmlDocument(); this.XmlDocument.LoadXml(xml); }
public EventLog(string filename) { this.Strings = new Dictionary <long, string>(); using (FileStream stream = File.OpenRead(filename)) { using (BinaryReader reader = new BinaryReader(stream)) { byte[] h = reader.ReadBytes(8); if (!(h[0] == 'E' && h[1] == 'l' && h[2] == 'f' && h[3] == 'F' && h[4] == 'i' && h[5] == 'l' && h[6] == 'e')) { throw new Exception("Unsupported file type"); } int numOldLow, numOldHigh; int numCurLow, numCurHigh; int nextRecLow, nextRecHigh; numOldLow = reader.ReadInt32(); numOldHigh = reader.ReadInt32(); numCurLow = reader.ReadInt32(); numCurHigh = reader.ReadInt32(); nextRecLow = reader.ReadInt32(); nextRecHigh = reader.ReadInt32(); int numOld = (numOldHigh << 32) | numOldLow; int numCur = (numCurHigh << 32) | numCurLow; int nextRec = (nextRecHigh << 32) | nextRecLow; byte[] headerPart, versionMinor, versionMajor, headerLen, chunkCount; headerPart = reader.ReadBytes(4); versionMinor = reader.ReadBytes(2); versionMajor = reader.ReadBytes(2); headerLen = reader.ReadBytes(2); chunkCount = reader.ReadBytes(2); if (!BitConverter.IsLittleEndian) { Array.Reverse(headerLen); Array.Reverse(headerPart); Array.Reverse(versionMajor); Array.Reverse(versionMinor); Array.Reverse(chunkCount); } int chunkc = BitConverter.ToInt16(chunkCount, 0); this.Templates = new Dictionary <string, Template> (); long chunkOffset = 0x1000; reader.BaseStream.Position = chunkOffset; int n = 1; for (int k = 0; k < chunkc; k++) { h = reader.ReadBytes(8); if (!(h[0] == 'E' && h[1] == 'l' && h[2] == 'f' && h[3] == 'C' && h[4] == 'h' && h[5] == 'n' && h[6] == 'k')) { throw new Exception("Bad chunk at offset: " + reader.BaseStream.Position); } ulong first = reader.ReadUInt64(); ulong last = reader.ReadUInt64(); ulong rfirst = reader.ReadUInt64(); //redundant first ulong rlast = reader.ReadUInt64(); //redundant last uint unk1 = reader.ReadUInt32(); uint unk2 = reader.ReadUInt32(); uint offset = reader.ReadUInt32(); uint crcData = reader.ReadUInt32(); uint crcHeader = reader.ReadUInt32(); if (crcData == 0) { continue; //empty chunk } uint nextOffset = 0x200; //first event in a chunk reader.BaseStream.Position = chunkOffset + nextOffset; //(512+4096) this.Roots = new List <LogRoot>(); for (ulong i = first; i <= last; i++) { long pos = reader.BaseStream.Position; h = reader.ReadBytes(2); if (h[0] != '*' || h[1] != '*') { Console.WriteLine("Bad event at position: " + reader.BaseStream.Position); continue; } reader.BaseStream.Position += 2; uint el = reader.ReadUInt32() - 28; long rid = reader.ReadInt64(); ulong ts = reader.ReadUInt64(); ts /= 1000; ts -= 116444736000000; int secs = (int)(ts / 10000); DateTime timestamp = GetTime(secs); LogRoot root = new LogRoot(reader, chunkOffset, el, this) { Offset = pos }; Console.WriteLine(root.ToXML()); this.Roots.Add(root); reader.BaseStream.Position = (el + pos); } reader.BaseStream.Position = chunkOffset = (n++ *0x10000) + 0x1000; } } } string xml = "<Events>"; foreach (LogRoot root in this.Roots) { xml += root.ToXML(); } Console.WriteLine(xml); xml += "</Events>"; this.XmlDocument = new XmlDocument(); this.XmlDocument.LoadXml(xml); }