1 /* 2 * The event record definition of a Windows XML Event Log (EVTX) file 3 * 4 * Copyright (C) 2011-2021, Joachim Metz <joachim.metz@gmail.com> 5 * 6 * Refer to AUTHORS for acknowledgements. 7 * 8 * This program is free software: you can redistribute it and/or modify 9 * it under the terms of the GNU Lesser General Public License as published by 10 * the Free Software Foundation, either version 3 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU Lesser General Public License 19 * along with this program. If not, see <https://www.gnu.org/licenses/>. 20 */ 21 22 #if !defined( _EVTX_EVENT_RECORD_H ) 23 #define _EVTX_EVENT_RECORD_H 24 25 #include <common.h> 26 #include <types.h> 27 28 #if defined( __cplusplus ) 29 extern "C" { 30 #endif 31 32 typedef struct evtx_event_record_header evtx_event_record_header_t; 33 34 struct evtx_event_record_header 35 { 36 /* The file signature 37 * Consists of 4 bytes 38 * Consists of: "\x2a\x2a\x00\x00" 39 */ 40 uint8_t signature[ 4 ]; 41 42 /* The size 43 * Consists 4 bytes 44 */ 45 uint8_t size[ 4 ]; 46 47 /* The identifier 48 * Consists 8 bytes 49 */ 50 uint8_t identifier[ 8 ]; 51 52 /* The written time 53 * Consists 8 bytes 54 * Contains a filetime 55 */ 56 uint8_t written_time[ 8 ]; 57 }; 58 59 #if defined( __cplusplus ) 60 } 61 #endif 62 63 #endif /* !defined( _EVTX_EVENT_RECORD_H ) */ 64 65