-
Notifications
You must be signed in to change notification settings - Fork 49
C development
TODO: work in progress
Most of the API functions return 1 if successful or -1 on error.
The close function is an exception since it returns 0 if successful or -1 on error.
More details about the return values for each API function can be found in libevtx.h
The following examples require the following headers to be included:
#include <stdlib.h>
#include <stdio.h>
#include <libevtx.h>
libevtx_error_t *error = NULL;
libevtx_file_t *file = NULL;
if( libevtx_file_initialize(&file, &error) != 1 )
{
fprintf(stderr, "Unable to initialize file.\n");
libevtx_error_free(&error);
exit(EXIT_FAILURE);
}
When calling the libevtx_file_initialize function the file argument must refer to NULL to allocate and initialize a file structure. The error argument is optional and can be NULL.
The function will return 1 if successful or -1 on error. On error an the library creates an error structure except if error is NULL e.g.
libevtx_file_initialize(&file, NULL);
The error structure must be freed by calling the libevtx_error_free function.
if( libevtx_file_free(&file, &error) != 1 )
{
fprintf(stderr, "Unable to free file.\n");
libevtx_error_free(&error);
exit(EXIT_FAILURE);
}
The function will return 1 if successful or -1 on error. File is set to NULL. The function will also close the file if it was opened.
filename = "Application.Evtx";
if( libevtx_file_open(file, filename, LIBEVTX_OPEN_READ, &error) != 1 )
{
fprintf(stderr, "Unable to open file.\n" );
libevtx_file_free(&file, NULL);
libevtx_error_free(&error);
exit(EXIT_FAILURE);
}
libevtx provides both narrow and wide character string functions for filenames. The wide character equivalent of the open function is libevtx_file_open_wide. By default libevtx will only enable wide character string support on Windows since other operating systems have build-in support for UTF-8 narrow character strings.
To compile with wide character support add --enable-wide-character-type=yes to configure, e.g.:
./configure --enable-wide-character-type=yes
Or on Windows define WINAPI and either _UNICODE
or UNICODE
When wide character string support is enabled LIBEVTX_HAVE_WIDE_CHARACTER_TYPE is defined in <libevtx/features.h>
TODO describe
libevtx allows to be compiled with file-like object support using libbfio. The libevtx configure script will automatically detect if a compatible version of libbfio is available.
When libbfio is support is enabled LIBEVTX_HAVE_BFIO is defined in <libevtx/features.h>
if( libevtx_file_close(file, &error) != 0 )
{
fprintf(stderr, "Unable to close file.\n" );
libevtx_file_free(&file, NULL);
libevtx_error_free(&error);
exit(EXIT_FAILURE);
}
- libevtx.h
- man 3 libevtx