Codebase list libevt / c2873b60-8968-4734-8535-ddd8a0f57bee/main ChangeLog
c2873b60-8968-4734-8535-ddd8a0f57bee/main

Tree @c2873b60-8968-4734-8535-ddd8a0f57bee/main (Download .tar.gz)

ChangeLog @c2873b60-8968-4734-8535-ddd8a0f57bee/mainraw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
TODO:
* move direct access to event record struct members in record values to functions
  - replace calls to libfvalue by libuna and libfwnt
  - handle strings, use split string?
* API have source and computer name functions return 0

* libevt
  - remove file_get_version
* evtexport, add date time format selection
* evtexport, add flags to strip strings and messages string of CR-LFs
* evtexport, add support for CVS and/or TSV format with surrounding quotes

* add parameter expansion support
* recovery: what about record that is recoverable but has a size mismatch
* msvscpp:
  - check and fix debug output generation
  - check 64-bit compilation output (warnings)
* check signal abort
* test find paths on windows
* get %WinDir%
  SYSTEM\CurrentControlSet\Control\Session Manager\Environment\windir
  - add callback for dealing with path expansion ?
* registry file:
  - detect the file type + version based on the base sub keys?
  - add file type specific support e.g. CurrentControlSet in key names ?
    or be more generic and allow HKEY_ ... type of keys and detect
    registry file type

* libcdirectory:
  - move WINAPI * path expansion from export handle to libcdirectory
* update manuals
  - evtexport add example output
* add error tollerability (+/-)
  - sizes and copy

Tools:
* API
  - functionality to parse event identifier ?
* registy file
  - what about NT4 root/base key support ?
* evtexport/export handle
  - validate eventlog/computername in system registry ?
  - use current control set nr ?
  - print if message file key not found
  - print if message file not found
  - print if message file has no resources
  - user sid - find corresponding user name ?
  - output data as CSV/TSV, DFXML ? (different output formatting modules)
  - print data
  - move output to separate code, e.g. libpff
* evtinfo
* pyevt
  - functionality to parse event identifier ?
  - string representations of event type ?
  - access to data
* tests
  - file wrap

Format:
* event flags ? (debug function)
* closing record number ?

Notes
* %SystemRoot% expansion support for WINNT and WINNT35
  check if this is set in SOFTWARE\Microsoft\Windows NT\CurrentVersion\ ?

20111003
* see `git log' for more recent change log
* Created initial version based on libnk2