Changes for libfwevt update

libyal · Apr 27, 2024 · 2c25f80 · 2c25f80
1 parent 438af26
commit 2c25f80
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 113 deletions.
diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.71])
 
 AC_INIT(
  [libevtx],
- [20240425],
+ [20240427],
  [[email protected]])
 
 AC_CONFIG_SRCDIR(

diff --git a/libevtx/Makefile.am b/libevtx/Makefile.am
@@ -50,7 +50,6 @@ libevtx_la_SOURCES = \
 	libevtx_libfdata.h \
 	libevtx_libfdatetime.h \
 	libevtx_libfguid.h \
-	libevtx_libfvalue.h \
 	libevtx_libfwevt.h \
 	libevtx_libuna.h \
 	libevtx_notify.c libevtx_notify.h \

diff --git a/libevtx/libevtx_libfvalue.h b/libevtx/libevtx_libfvalue.h
diff --git a/libevtx/libevtx_record_values.c b/libevtx/libevtx_record_values.c
@@ -30,7 +30,6 @@
 #include "libevtx_libcerror.h"
 #include "libevtx_libcnotify.h"
 #include "libevtx_libfdatetime.h"
-#include "libevtx_libfvalue.h"
 #include "libevtx_libfwevt.h"
 #include "libevtx_record_values.h"
 #include "libevtx_template_definition.h"
@@ -872,7 +871,7 @@ int libevtx_record_values_get_event_identifier(
 
 		return( -1 );
 	}
-	if( libfwevt_xml_value_copy_to_32bit(
+	if( libfwevt_value_get_data_as_32bit_integer(
 	     event_identifier_value,
 	     event_identifier,
 	     error ) != 1 )
@@ -1009,7 +1008,7 @@ int libevtx_record_values_get_event_identifier_qualifiers(
 
 			return( -1 );
 		}
-		if( libfwevt_xml_value_copy_to_32bit(
+		if( libfwevt_value_get_data_as_32bit_integer(
 		     qualifiers_value,
 		     event_identifier_qualifiers,
 		     error ) != 1 )
@@ -1133,7 +1132,7 @@ int libevtx_record_values_get_event_version(
 	}
 	if( record_values->version_value != NULL )
 	{
-		if( libfwevt_xml_value_copy_to_8bit(
+		if( libfwevt_value_get_data_as_8bit_integer(
 		     record_values->version_value,
 		     event_version,
 		     error ) != 1 )
@@ -1166,7 +1165,6 @@ int libevtx_record_values_get_creation_time(
 	libfwevt_xml_tag_t *time_created_xml_tag = NULL;
 	static char *function                    = "libevtx_record_values_get_creation_time";
 	int result                               = 0;
-	int value_type                           = 0;
 
 	if( record_values == NULL )
 	{
@@ -1287,52 +1285,20 @@ int libevtx_record_values_get_creation_time(
 			return( -1 );
 		}
 	}
-	if( libfwevt_xml_value_get_type(
+	if( libfwevt_value_get_data_as_filetime(
 	     record_values->time_created_value,
-	     &value_type,
+	     filetime,
 	     error ) != 1 )
 	{
 		libcerror_error_set(
 		 error,
 		 LIBCERROR_ERROR_DOMAIN_RUNTIME,
-		 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
-		 "%s: unable to retrieve provider TimeCreated XML element value type.",
+		 LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
+		 "%s: unable to copy TimeCreated value to FILETIME timestamp.",
 		 function );
 
 		return( -1 );
 	}
-/* TODO add support for LIBFVALUE_VALUE_TYPE_FILETIME
- * 2022-07-06T12:24:40.608115500Z
- */
-	if( value_type != LIBFVALUE_VALUE_TYPE_FILETIME )
-	{
-		libcerror_error_set(
-		 error,
-		 LIBCERROR_ERROR_DOMAIN_RUNTIME,
-		 LIBCERROR_RUNTIME_ERROR_UNSUPPORTED_VALUE,
-		 "%s: unsupported TimeCreated XML element value type: %d.",
-		 function,
-		 value_type );
-
-		return( -1 );
-	}
-	if( value_type == LIBFVALUE_VALUE_TYPE_FILETIME )
-	{
-		if( libfwevt_xml_value_copy_to_64bit(
-		     record_values->time_created_value,
-		     filetime,
-		     error ) != 1 )
-		{
-			libcerror_error_set(
-			 error,
-			 LIBCERROR_ERROR_DOMAIN_RUNTIME,
-			 LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
-			 "%s: unable to copy value to FILETIME timestamp.",
-			 function );
-
-			return( -1 );
-		}
-	}
 	return( 1 );
 }
 
@@ -1482,7 +1448,7 @@ int libevtx_record_values_get_event_level(
 			return( -1 );
 		}
 	}
-	if( libfwevt_xml_value_copy_to_8bit(
+	if( libfwevt_value_get_data_as_8bit_integer(
 	     record_values->level_value,
 	     event_level,
 	     error ) != 1 )

diff --git a/m4/libfwevt.m4 b/m4/libfwevt.m4
@@ -1,6 +1,6 @@
 dnl Checks for libfwevt required headers and functions
 dnl
-dnl Version: 20240426
+dnl Version: 20240427
 
 dnl Function to detect if libfwevt is available
 dnl ac_libfwevt_dummy is used to prevent AC_CHECK_LIB adding unnecessary -l<library> arguments
@@ -28,7 +28,7 @@ AC_DEFUN([AX_LIBFWEVT_CHECK_LIB],
         [test "x$cross_compiling" != "xyes" && test "x$PKGCONFIG" != "x"],
         [PKG_CHECK_MODULES(
           [libfwevt],
-          [libfwevt >= 20240425],
+          [libfwevt >= 20240427],
           [ac_cv_libfwevt=yes],
           [ac_cv_libfwevt=check])
         ])
@@ -587,17 +587,22 @@ AC_DEFUN([AX_LIBFWEVT_CHECK_LIB],
           [ac_cv_libfwevt=no])
         AC_CHECK_LIB(
           fwevt,
-          libfwevt_xml_value_copy_to_8bit,
+          libfwevt_value_get_data_as_8bit_integer,
           [ac_cv_libfwevt_dummy=yes],
           [ac_cv_libfwevt=no])
         AC_CHECK_LIB(
           fwevt,
-          libfwevt_xml_value_copy_to_32bit,
+          libfwevt_value_get_data_as_32bit_integer,
           [ac_cv_libfwevt_dummy=yes],
           [ac_cv_libfwevt=no])
         AC_CHECK_LIB(
           fwevt,
-          libfwevt_xml_value_copy_to_64bit,
+          libfwevt_value_get_data_as_64bit_integer,
+          [ac_cv_libfwevt_dummy=yes],
+          [ac_cv_libfwevt=no])
+        AC_CHECK_LIB(
+          fwevt,
+          libfwevt_value_get_data_as_filetime,
           [ac_cv_libfwevt_dummy=yes],
           [ac_cv_libfwevt=no])
         AC_CHECK_LIB(

diff --git a/msvscpp/libevtx/libevtx.vcproj b/msvscpp/libevtx/libevtx.vcproj
@@ -335,10 +335,6 @@
 				RelativePath="..\..\libevtx\libevtx_libfguid.h"
 				>
 			</File>
-			<File
-				RelativePath="..\..\libevtx\libevtx_libfvalue.h"
-				>
-			</File>
 			<File
 				RelativePath="..\..\libevtx\libevtx_libfwevt.h"
 				>

diff --git a/msvscpp/libfwevt/libfwevt.vcproj b/msvscpp/libfwevt/libfwevt.vcproj
@@ -154,6 +154,10 @@
 				RelativePath="..\..\libfwevt\libfwevt_channel.c"
 				>
 			</File>
+			<File
+				RelativePath="..\..\libfwevt\libfwevt_date_time.c"
+				>
+			</File>
 			<File
 				RelativePath="..\..\libfwevt\libfwevt_debug.c"
 				>
@@ -206,6 +210,10 @@
 				RelativePath="..\..\libfwevt\libfwevt_template.c"
 				>
 			</File>
+			<File
+				RelativePath="..\..\libfwevt\libfwevt_template_item.c"
+				>
+			</File>
 			<File
 				RelativePath="..\..\libfwevt\libfwevt_xml_document.c"
 				>
@@ -222,6 +230,10 @@
 				RelativePath="..\..\libfwevt\libfwevt_xml_token.c"
 				>
 			</File>
+			<File
+				RelativePath="..\..\libfwevt\libfwevt_xml_value.c"
+				>
+			</File>
 		</Filter>
 		<Filter
 			Name="Header Files"
@@ -236,6 +248,10 @@
 				RelativePath="..\..\libfwevt\libfwevt_channel.h"
 				>
 			</File>
+			<File
+				RelativePath="..\..\libfwevt\libfwevt_date_time.h"
+				>
+			</File>
 			<File
 				RelativePath="..\..\libfwevt\libfwevt_debug.h"
 				>
@@ -320,6 +336,10 @@
 				RelativePath="..\..\libfwevt\libfwevt_template.h"
 				>
 			</File>
+			<File
+				RelativePath="..\..\libfwevt\libfwevt_template_item.h"
+				>
+			</File>
 			<File
 				RelativePath="..\..\libfwevt\libfwevt_types.h"
 				>
@@ -344,6 +364,10 @@
 				RelativePath="..\..\libfwevt\libfwevt_xml_token.h"
 				>
 			</File>
+			<File
+				RelativePath="..\..\libfwevt\libfwevt_xml_value.h"
+				>
+			</File>
 		</Filter>
 		<Filter
 			Name="Resource Files"
-Original file line number
+Diff line change
@@ Expand Up / @@ -335,10 +335,6 @@ @@
     				RelativePath="..\..\libevtx\libevtx_libfguid.h"
     				>
     			</File>
-    			<File
-    				RelativePath="..\..\libevtx\libevtx_libfvalue.h"
-    				>
-    			</File>
     			<File
     				RelativePath="..\..\libevtx\libevtx_libfwevt.h"
     				>
@@ Expand Down @@