1 /*
2 * Record functions
3 *
4 * Copyright (C) 2011-2021, Joachim Metz <joachim.metz@gmail.com>
5 *
6 * Refer to AUTHORS for acknowledgements.
7 *
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Lesser General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <https://www.gnu.org/licenses/>.
20 */
21
22 #include <common.h>
23 #include <memory.h>
24 #include <types.h>
25
26 #include "libevt_definitions.h"
27 #include "libevt_io_handle.h"
28 #include "libevt_libbfio.h"
29 #include "libevt_libcerror.h"
30 #include "libevt_libcthreads.h"
31 #include "libevt_record.h"
32 #include "libevt_record_values.h"
33
34 /* Creates record
35 * Make sure the value record is referencing, is set to NULL
36 * Returns 1 if successful or -1 on error
37 */
libevt_record_initialize(libevt_record_t ** record,libevt_io_handle_t * io_handle,libbfio_handle_t * file_io_handle,libevt_record_values_t * record_values,libcerror_error_t ** error)38 int libevt_record_initialize(
39 libevt_record_t **record,
40 libevt_io_handle_t *io_handle,
41 libbfio_handle_t *file_io_handle,
42 libevt_record_values_t *record_values,
43 libcerror_error_t **error )
44 {
45 libevt_internal_record_t *internal_record = NULL;
46 static char *function = "libevt_record_initialize";
47
48 if( record == NULL )
49 {
50 libcerror_error_set(
51 error,
52 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
53 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
54 "%s: invalid record.",
55 function );
56
57 return( -1 );
58 }
59 if( *record != NULL )
60 {
61 libcerror_error_set(
62 error,
63 LIBCERROR_ERROR_DOMAIN_RUNTIME,
64 LIBCERROR_RUNTIME_ERROR_VALUE_ALREADY_SET,
65 "%s: invalid record value already set.",
66 function );
67
68 return( -1 );
69 }
70 if( record_values == NULL )
71 {
72 libcerror_error_set(
73 error,
74 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
75 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
76 "%s: invalid record values.",
77 function );
78
79 return( -1 );
80 }
81 internal_record = memory_allocate_structure(
82 libevt_internal_record_t );
83
84 if( internal_record == NULL )
85 {
86 libcerror_error_set(
87 error,
88 LIBCERROR_ERROR_DOMAIN_RUNTIME,
89 LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED,
90 "%s: unable to create internal record.",
91 function );
92
93 goto on_error;
94 }
95 if( memory_set(
96 internal_record,
97 0,
98 sizeof( libevt_internal_record_t ) ) == NULL )
99 {
100 libcerror_error_set(
101 error,
102 LIBCERROR_ERROR_DOMAIN_MEMORY,
103 LIBCERROR_MEMORY_ERROR_SET_FAILED,
104 "%s: unable to clear internal record.",
105 function );
106
107 memory_free(
108 internal_record );
109
110 return( -1 );
111 }
112 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
113 if( libcthreads_read_write_lock_initialize(
114 &( internal_record->read_write_lock ),
115 error ) != 1 )
116 {
117 libcerror_error_set(
118 error,
119 LIBCERROR_ERROR_DOMAIN_RUNTIME,
120 LIBCERROR_RUNTIME_ERROR_INITIALIZE_FAILED,
121 "%s: unable to initialize read/write lock.",
122 function );
123
124 goto on_error;
125 }
126 #endif
127 internal_record->file_io_handle = file_io_handle;
128 internal_record->io_handle = io_handle;
129 internal_record->record_values = record_values;
130
131 *record = (libevt_record_t *) internal_record;
132
133 return( 1 );
134
135 on_error:
136 if( internal_record != NULL )
137 {
138 memory_free(
139 internal_record );
140 }
141 return( -1 );
142 }
143
144 /* Frees a record
145 * Returns 1 if successful or -1 on error
146 */
libevt_record_free(libevt_record_t ** record,libcerror_error_t ** error)147 int libevt_record_free(
148 libevt_record_t **record,
149 libcerror_error_t **error )
150 {
151 libevt_internal_record_t *internal_record = NULL;
152 static char *function = "libevt_record_free";
153 int result = 1;
154
155 if( record == NULL )
156 {
157 libcerror_error_set(
158 error,
159 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
160 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
161 "%s: invalid record.",
162 function );
163
164 return( -1 );
165 }
166 if( *record != NULL )
167 {
168 internal_record = (libevt_internal_record_t *) *record;
169 *record = NULL;
170
171 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
172 if( libcthreads_read_write_lock_free(
173 &( internal_record->read_write_lock ),
174 error ) != 1 )
175 {
176 libcerror_error_set(
177 error,
178 LIBCERROR_ERROR_DOMAIN_RUNTIME,
179 LIBCERROR_RUNTIME_ERROR_FINALIZE_FAILED,
180 "%s: unable to free read/write lock.",
181 function );
182
183 result = -1;
184 }
185 #endif
186 /* The file_io_handle, io_handle and record_values references are freed elsewhere
187 */
188 memory_free(
189 internal_record );
190 }
191 return( result );
192 }
193
194 /* Retrieves the offset
195 * Returns 1 if successful or -1 on error
196 */
libevt_record_get_offset(libevt_record_t * record,off64_t * offset,libcerror_error_t ** error)197 int libevt_record_get_offset(
198 libevt_record_t *record,
199 off64_t *offset,
200 libcerror_error_t **error )
201 {
202 libevt_internal_record_t *internal_record = NULL;
203 static char *function = "libevt_record_get_offset";
204 int result = 1;
205
206 if( record == NULL )
207 {
208 libcerror_error_set(
209 error,
210 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
211 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
212 "%s: invalid record.",
213 function );
214
215 return( -1 );
216 }
217 internal_record = (libevt_internal_record_t *) record;
218
219 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
220 if( libcthreads_read_write_lock_grab_for_read(
221 internal_record->read_write_lock,
222 error ) != 1 )
223 {
224 libcerror_error_set(
225 error,
226 LIBCERROR_ERROR_DOMAIN_RUNTIME,
227 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
228 "%s: unable to grab read/write lock for reading.",
229 function );
230
231 return( -1 );
232 }
233 #endif
234 if( libevt_record_values_get_offset(
235 internal_record->record_values,
236 offset,
237 error ) != 1 )
238 {
239 libcerror_error_set(
240 error,
241 LIBCERROR_ERROR_DOMAIN_RUNTIME,
242 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
243 "%s: unable to retrieve offset.",
244 function );
245
246 result = -1;
247 }
248 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
249 if( libcthreads_read_write_lock_release_for_read(
250 internal_record->read_write_lock,
251 error ) != 1 )
252 {
253 libcerror_error_set(
254 error,
255 LIBCERROR_ERROR_DOMAIN_RUNTIME,
256 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
257 "%s: unable to release read/write lock for reading.",
258 function );
259
260 return( -1 );
261 }
262 #endif
263 return( result );
264 }
265
266 /* Retrieves the identifier (record number)
267 * Returns 1 if successful or -1 on error
268 */
libevt_record_get_identifier(libevt_record_t * record,uint32_t * identifier,libcerror_error_t ** error)269 int libevt_record_get_identifier(
270 libevt_record_t *record,
271 uint32_t *identifier,
272 libcerror_error_t **error )
273 {
274 libevt_internal_record_t *internal_record = NULL;
275 static char *function = "libevt_record_get_identifier";
276 int result = 1;
277
278 if( record == NULL )
279 {
280 libcerror_error_set(
281 error,
282 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
283 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
284 "%s: invalid record.",
285 function );
286
287 return( -1 );
288 }
289 internal_record = (libevt_internal_record_t *) record;
290
291 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
292 if( libcthreads_read_write_lock_grab_for_read(
293 internal_record->read_write_lock,
294 error ) != 1 )
295 {
296 libcerror_error_set(
297 error,
298 LIBCERROR_ERROR_DOMAIN_RUNTIME,
299 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
300 "%s: unable to grab read/write lock for reading.",
301 function );
302
303 return( -1 );
304 }
305 #endif
306 if( libevt_record_values_get_number(
307 internal_record->record_values,
308 identifier,
309 error ) != 1 )
310 {
311 libcerror_error_set(
312 error,
313 LIBCERROR_ERROR_DOMAIN_RUNTIME,
314 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
315 "%s: unable to retrieve number.",
316 function );
317
318 result = -1;
319 }
320 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
321 if( libcthreads_read_write_lock_release_for_read(
322 internal_record->read_write_lock,
323 error ) != 1 )
324 {
325 libcerror_error_set(
326 error,
327 LIBCERROR_ERROR_DOMAIN_RUNTIME,
328 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
329 "%s: unable to release read/write lock for reading.",
330 function );
331
332 return( -1 );
333 }
334 #endif
335 return( result );
336 }
337
338 /* Retrieves the creation time
339 * The timestamp is a 32-bit POSIX date and time value
340 * Returns 1 if successful or -1 on error
341 */
libevt_record_get_creation_time(libevt_record_t * record,uint32_t * posix_time,libcerror_error_t ** error)342 int libevt_record_get_creation_time(
343 libevt_record_t *record,
344 uint32_t *posix_time,
345 libcerror_error_t **error )
346 {
347 libevt_internal_record_t *internal_record = NULL;
348 static char *function = "libevt_record_get_creation_time";
349 int result = 1;
350
351 if( record == NULL )
352 {
353 libcerror_error_set(
354 error,
355 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
356 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
357 "%s: invalid record.",
358 function );
359
360 return( -1 );
361 }
362 internal_record = (libevt_internal_record_t *) record;
363
364 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
365 if( libcthreads_read_write_lock_grab_for_read(
366 internal_record->read_write_lock,
367 error ) != 1 )
368 {
369 libcerror_error_set(
370 error,
371 LIBCERROR_ERROR_DOMAIN_RUNTIME,
372 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
373 "%s: unable to grab read/write lock for reading.",
374 function );
375
376 return( -1 );
377 }
378 #endif
379 if( libevt_record_values_get_creation_time(
380 internal_record->record_values,
381 posix_time,
382 error ) != 1 )
383 {
384 libcerror_error_set(
385 error,
386 LIBCERROR_ERROR_DOMAIN_RUNTIME,
387 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
388 "%s: unable to retrieve creation time from record values.",
389 function );
390
391 result = -1;
392 }
393 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
394 if( libcthreads_read_write_lock_release_for_read(
395 internal_record->read_write_lock,
396 error ) != 1 )
397 {
398 libcerror_error_set(
399 error,
400 LIBCERROR_ERROR_DOMAIN_RUNTIME,
401 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
402 "%s: unable to release read/write lock for reading.",
403 function );
404
405 return( -1 );
406 }
407 #endif
408 return( result );
409 }
410
411 /* Retrieves the written time
412 * The timestamp is a 32-bit POSIX date and time value
413 * Returns 1 if successful or -1 on error
414 */
libevt_record_get_written_time(libevt_record_t * record,uint32_t * posix_time,libcerror_error_t ** error)415 int libevt_record_get_written_time(
416 libevt_record_t *record,
417 uint32_t *posix_time,
418 libcerror_error_t **error )
419 {
420 libevt_internal_record_t *internal_record = NULL;
421 static char *function = "libevt_record_get_written_time";
422 int result = 1;
423
424 if( record == NULL )
425 {
426 libcerror_error_set(
427 error,
428 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
429 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
430 "%s: invalid record.",
431 function );
432
433 return( -1 );
434 }
435 internal_record = (libevt_internal_record_t *) record;
436
437 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
438 if( libcthreads_read_write_lock_grab_for_read(
439 internal_record->read_write_lock,
440 error ) != 1 )
441 {
442 libcerror_error_set(
443 error,
444 LIBCERROR_ERROR_DOMAIN_RUNTIME,
445 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
446 "%s: unable to grab read/write lock for reading.",
447 function );
448
449 return( -1 );
450 }
451 #endif
452 if( libevt_record_values_get_written_time(
453 internal_record->record_values,
454 posix_time,
455 error ) != 1 )
456 {
457 libcerror_error_set(
458 error,
459 LIBCERROR_ERROR_DOMAIN_RUNTIME,
460 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
461 "%s: unable to retrieve written time from record values.",
462 function );
463
464 result = -1;
465 }
466 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
467 if( libcthreads_read_write_lock_release_for_read(
468 internal_record->read_write_lock,
469 error ) != 1 )
470 {
471 libcerror_error_set(
472 error,
473 LIBCERROR_ERROR_DOMAIN_RUNTIME,
474 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
475 "%s: unable to release read/write lock for reading.",
476 function );
477
478 return( -1 );
479 }
480 #endif
481 return( result );
482 }
483
484 /* Retrieves the event identifier
485 * Returns 1 if successful or -1 on error
486 */
libevt_record_get_event_identifier(libevt_record_t * record,uint32_t * event_identifier,libcerror_error_t ** error)487 int libevt_record_get_event_identifier(
488 libevt_record_t *record,
489 uint32_t *event_identifier,
490 libcerror_error_t **error )
491 {
492 libevt_internal_record_t *internal_record = NULL;
493 static char *function = "libevt_record_get_event_identifier";
494 int result = 1;
495
496 if( record == NULL )
497 {
498 libcerror_error_set(
499 error,
500 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
501 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
502 "%s: invalid record.",
503 function );
504
505 return( -1 );
506 }
507 internal_record = (libevt_internal_record_t *) record;
508
509 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
510 if( libcthreads_read_write_lock_grab_for_read(
511 internal_record->read_write_lock,
512 error ) != 1 )
513 {
514 libcerror_error_set(
515 error,
516 LIBCERROR_ERROR_DOMAIN_RUNTIME,
517 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
518 "%s: unable to grab read/write lock for reading.",
519 function );
520
521 return( -1 );
522 }
523 #endif
524 if( libevt_record_values_get_event_identifier(
525 internal_record->record_values,
526 event_identifier,
527 error ) != 1 )
528 {
529 libcerror_error_set(
530 error,
531 LIBCERROR_ERROR_DOMAIN_RUNTIME,
532 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
533 "%s: unable to retrieve event identifier.",
534 function );
535
536 result = -1;
537 }
538 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
539 if( libcthreads_read_write_lock_release_for_read(
540 internal_record->read_write_lock,
541 error ) != 1 )
542 {
543 libcerror_error_set(
544 error,
545 LIBCERROR_ERROR_DOMAIN_RUNTIME,
546 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
547 "%s: unable to release read/write lock for reading.",
548 function );
549
550 return( -1 );
551 }
552 #endif
553 return( result );
554 }
555
556 /* Retrieves the event type
557 * Returns 1 if successful or -1 on error
558 */
libevt_record_get_event_type(libevt_record_t * record,uint16_t * event_type,libcerror_error_t ** error)559 int libevt_record_get_event_type(
560 libevt_record_t *record,
561 uint16_t *event_type,
562 libcerror_error_t **error )
563 {
564 libevt_internal_record_t *internal_record = NULL;
565 static char *function = "libevt_record_get_event_type";
566 int result = 1;
567
568 if( record == NULL )
569 {
570 libcerror_error_set(
571 error,
572 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
573 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
574 "%s: invalid record.",
575 function );
576
577 return( -1 );
578 }
579 internal_record = (libevt_internal_record_t *) record;
580
581 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
582 if( libcthreads_read_write_lock_grab_for_read(
583 internal_record->read_write_lock,
584 error ) != 1 )
585 {
586 libcerror_error_set(
587 error,
588 LIBCERROR_ERROR_DOMAIN_RUNTIME,
589 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
590 "%s: unable to grab read/write lock for reading.",
591 function );
592
593 return( -1 );
594 }
595 #endif
596 if( libevt_record_values_get_event_type(
597 internal_record->record_values,
598 event_type,
599 error ) != 1 )
600 {
601 libcerror_error_set(
602 error,
603 LIBCERROR_ERROR_DOMAIN_RUNTIME,
604 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
605 "%s: unable to retrieve event type.",
606 function );
607
608 result = -1;
609 }
610 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
611 if( libcthreads_read_write_lock_release_for_read(
612 internal_record->read_write_lock,
613 error ) != 1 )
614 {
615 libcerror_error_set(
616 error,
617 LIBCERROR_ERROR_DOMAIN_RUNTIME,
618 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
619 "%s: unable to release read/write lock for reading.",
620 function );
621
622 return( -1 );
623 }
624 #endif
625 return( result );
626 }
627
628 /* Retrieves the event category
629 * Returns 1 if successful or -1 on error
630 */
libevt_record_get_event_category(libevt_record_t * record,uint16_t * event_category,libcerror_error_t ** error)631 int libevt_record_get_event_category(
632 libevt_record_t *record,
633 uint16_t *event_category,
634 libcerror_error_t **error )
635 {
636 libevt_internal_record_t *internal_record = NULL;
637 static char *function = "libevt_record_get_event_category";
638 int result = 1;
639
640 if( record == NULL )
641 {
642 libcerror_error_set(
643 error,
644 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
645 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
646 "%s: invalid record.",
647 function );
648
649 return( -1 );
650 }
651 internal_record = (libevt_internal_record_t *) record;
652
653 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
654 if( libcthreads_read_write_lock_grab_for_read(
655 internal_record->read_write_lock,
656 error ) != 1 )
657 {
658 libcerror_error_set(
659 error,
660 LIBCERROR_ERROR_DOMAIN_RUNTIME,
661 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
662 "%s: unable to grab read/write lock for reading.",
663 function );
664
665 return( -1 );
666 }
667 #endif
668 if( libevt_record_values_get_event_category(
669 internal_record->record_values,
670 event_category,
671 error ) != 1 )
672 {
673 libcerror_error_set(
674 error,
675 LIBCERROR_ERROR_DOMAIN_RUNTIME,
676 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
677 "%s: unable to retrieve event category.",
678 function );
679
680 result = -1;
681 }
682 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
683 if( libcthreads_read_write_lock_release_for_read(
684 internal_record->read_write_lock,
685 error ) != 1 )
686 {
687 libcerror_error_set(
688 error,
689 LIBCERROR_ERROR_DOMAIN_RUNTIME,
690 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
691 "%s: unable to release read/write lock for reading.",
692 function );
693
694 return( -1 );
695 }
696 #endif
697 return( result );
698 }
699
700 /* Retrieves the size of the UTF-8 encoded source name
701 * The returned size includes the end of string character
702 * Returns 1 if successful, 0 if not available or -1 on error
703 */
libevt_record_get_utf8_source_name_size(libevt_record_t * record,size_t * utf8_string_size,libcerror_error_t ** error)704 int libevt_record_get_utf8_source_name_size(
705 libevt_record_t *record,
706 size_t *utf8_string_size,
707 libcerror_error_t **error )
708 {
709 libevt_internal_record_t *internal_record = NULL;
710 static char *function = "libevt_record_get_utf8_source_name_size";
711 int result = 0;
712
713 if( record == NULL )
714 {
715 libcerror_error_set(
716 error,
717 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
718 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
719 "%s: invalid record.",
720 function );
721
722 return( -1 );
723 }
724 internal_record = (libevt_internal_record_t *) record;
725
726 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
727 if( libcthreads_read_write_lock_grab_for_read(
728 internal_record->read_write_lock,
729 error ) != 1 )
730 {
731 libcerror_error_set(
732 error,
733 LIBCERROR_ERROR_DOMAIN_RUNTIME,
734 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
735 "%s: unable to grab read/write lock for reading.",
736 function );
737
738 return( -1 );
739 }
740 #endif
741 result = libevt_record_values_get_utf8_source_name_size(
742 internal_record->record_values,
743 utf8_string_size,
744 error );
745
746 if( result == -1 )
747 {
748 libcerror_error_set(
749 error,
750 LIBCERROR_ERROR_DOMAIN_RUNTIME,
751 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
752 "%s: unable to retrieve UTF-8 source name size.",
753 function );
754
755 result = -1;
756 }
757 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
758 if( libcthreads_read_write_lock_release_for_read(
759 internal_record->read_write_lock,
760 error ) != 1 )
761 {
762 libcerror_error_set(
763 error,
764 LIBCERROR_ERROR_DOMAIN_RUNTIME,
765 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
766 "%s: unable to release read/write lock for reading.",
767 function );
768
769 return( -1 );
770 }
771 #endif
772 return( result );
773 }
774
775 /* Retrieves the UTF-8 encoded source name
776 * The size should include the end of string character
777 * Returns 1 if successful, 0 if not available or -1 on error
778 */
libevt_record_get_utf8_source_name(libevt_record_t * record,uint8_t * utf8_string,size_t utf8_string_size,libcerror_error_t ** error)779 int libevt_record_get_utf8_source_name(
780 libevt_record_t *record,
781 uint8_t *utf8_string,
782 size_t utf8_string_size,
783 libcerror_error_t **error )
784 {
785 libevt_internal_record_t *internal_record = NULL;
786 static char *function = "libevt_record_get_utf8_source_name";
787 int result = 0;
788
789 if( record == NULL )
790 {
791 libcerror_error_set(
792 error,
793 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
794 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
795 "%s: invalid record.",
796 function );
797
798 return( -1 );
799 }
800 internal_record = (libevt_internal_record_t *) record;
801
802 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
803 if( libcthreads_read_write_lock_grab_for_read(
804 internal_record->read_write_lock,
805 error ) != 1 )
806 {
807 libcerror_error_set(
808 error,
809 LIBCERROR_ERROR_DOMAIN_RUNTIME,
810 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
811 "%s: unable to grab read/write lock for reading.",
812 function );
813
814 return( -1 );
815 }
816 #endif
817 result = libevt_record_values_get_utf8_source_name(
818 internal_record->record_values,
819 utf8_string,
820 utf8_string_size,
821 error );
822
823 if( result == -1 )
824 {
825 libcerror_error_set(
826 error,
827 LIBCERROR_ERROR_DOMAIN_RUNTIME,
828 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
829 "%s: unable to retrieve UTF-8 source name.",
830 function );
831
832 result = -1;
833 }
834 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
835 if( libcthreads_read_write_lock_release_for_read(
836 internal_record->read_write_lock,
837 error ) != 1 )
838 {
839 libcerror_error_set(
840 error,
841 LIBCERROR_ERROR_DOMAIN_RUNTIME,
842 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
843 "%s: unable to release read/write lock for reading.",
844 function );
845
846 return( -1 );
847 }
848 #endif
849 return( result );
850 }
851
852 /* Retrieves the size of the UTF-16 encoded source name
853 * The returned size includes the end of string character
854 * Returns 1 if successful, 0 if not available or -1 on error
855 */
libevt_record_get_utf16_source_name_size(libevt_record_t * record,size_t * utf16_string_size,libcerror_error_t ** error)856 int libevt_record_get_utf16_source_name_size(
857 libevt_record_t *record,
858 size_t *utf16_string_size,
859 libcerror_error_t **error )
860 {
861 libevt_internal_record_t *internal_record = NULL;
862 static char *function = "libevt_record_get_utf16_source_name_size";
863 int result = 0;
864
865 if( record == NULL )
866 {
867 libcerror_error_set(
868 error,
869 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
870 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
871 "%s: invalid record.",
872 function );
873
874 return( -1 );
875 }
876 internal_record = (libevt_internal_record_t *) record;
877
878 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
879 if( libcthreads_read_write_lock_grab_for_read(
880 internal_record->read_write_lock,
881 error ) != 1 )
882 {
883 libcerror_error_set(
884 error,
885 LIBCERROR_ERROR_DOMAIN_RUNTIME,
886 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
887 "%s: unable to grab read/write lock for reading.",
888 function );
889
890 return( -1 );
891 }
892 #endif
893 result = libevt_record_values_get_utf16_source_name_size(
894 internal_record->record_values,
895 utf16_string_size,
896 error );
897
898 if( result == -1 )
899 {
900 libcerror_error_set(
901 error,
902 LIBCERROR_ERROR_DOMAIN_RUNTIME,
903 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
904 "%s: unable to retrieve UTF-16 source name.",
905 function );
906
907 result = -1;
908 }
909 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
910 if( libcthreads_read_write_lock_release_for_read(
911 internal_record->read_write_lock,
912 error ) != 1 )
913 {
914 libcerror_error_set(
915 error,
916 LIBCERROR_ERROR_DOMAIN_RUNTIME,
917 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
918 "%s: unable to release read/write lock for reading.",
919 function );
920
921 return( -1 );
922 }
923 #endif
924 return( result );
925 }
926
927 /* Retrieves the UTF-16 encoded source name
928 * The size should include the end of string character
929 * Returns 1 if successful, 0 if not available or -1 on error
930 */
libevt_record_get_utf16_source_name(libevt_record_t * record,uint16_t * utf16_string,size_t utf16_string_size,libcerror_error_t ** error)931 int libevt_record_get_utf16_source_name(
932 libevt_record_t *record,
933 uint16_t *utf16_string,
934 size_t utf16_string_size,
935 libcerror_error_t **error )
936 {
937 libevt_internal_record_t *internal_record = NULL;
938 static char *function = "libevt_record_get_utf16_source_name";
939 int result = 0;
940
941 if( record == NULL )
942 {
943 libcerror_error_set(
944 error,
945 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
946 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
947 "%s: invalid record.",
948 function );
949
950 return( -1 );
951 }
952 internal_record = (libevt_internal_record_t *) record;
953
954 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
955 if( libcthreads_read_write_lock_grab_for_read(
956 internal_record->read_write_lock,
957 error ) != 1 )
958 {
959 libcerror_error_set(
960 error,
961 LIBCERROR_ERROR_DOMAIN_RUNTIME,
962 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
963 "%s: unable to grab read/write lock for reading.",
964 function );
965
966 return( -1 );
967 }
968 #endif
969 result = libevt_record_values_get_utf16_source_name(
970 internal_record->record_values,
971 utf16_string,
972 utf16_string_size,
973 error );
974
975 if( result == -1 )
976 {
977 libcerror_error_set(
978 error,
979 LIBCERROR_ERROR_DOMAIN_RUNTIME,
980 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
981 "%s: unable to retrieve UTF-16 source name.",
982 function );
983
984 result = -1;
985 }
986 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
987 if( libcthreads_read_write_lock_release_for_read(
988 internal_record->read_write_lock,
989 error ) != 1 )
990 {
991 libcerror_error_set(
992 error,
993 LIBCERROR_ERROR_DOMAIN_RUNTIME,
994 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
995 "%s: unable to release read/write lock for reading.",
996 function );
997
998 return( -1 );
999 }
1000 #endif
1001 return( result );
1002 }
1003
1004 /* Retrieves the size of the UTF-8 encoded computer name
1005 * The returned size includes the end of string character
1006 * Returns 1 if successful, 0 if not available or -1 on error
1007 */
libevt_record_get_utf8_computer_name_size(libevt_record_t * record,size_t * utf8_string_size,libcerror_error_t ** error)1008 int libevt_record_get_utf8_computer_name_size(
1009 libevt_record_t *record,
1010 size_t *utf8_string_size,
1011 libcerror_error_t **error )
1012 {
1013 libevt_internal_record_t *internal_record = NULL;
1014 static char *function = "libevt_record_get_utf8_computer_name_size";
1015 int result = 0;
1016
1017 if( record == NULL )
1018 {
1019 libcerror_error_set(
1020 error,
1021 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1022 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1023 "%s: invalid record.",
1024 function );
1025
1026 return( -1 );
1027 }
1028 internal_record = (libevt_internal_record_t *) record;
1029
1030 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1031 if( libcthreads_read_write_lock_grab_for_read(
1032 internal_record->read_write_lock,
1033 error ) != 1 )
1034 {
1035 libcerror_error_set(
1036 error,
1037 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1038 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1039 "%s: unable to grab read/write lock for reading.",
1040 function );
1041
1042 return( -1 );
1043 }
1044 #endif
1045 result = libevt_record_values_get_utf8_computer_name_size(
1046 internal_record->record_values,
1047 utf8_string_size,
1048 error );
1049
1050 if( result == -1 )
1051 {
1052 libcerror_error_set(
1053 error,
1054 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1055 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1056 "%s: unable to retrieve UTF-8 computer name size.",
1057 function );
1058
1059 result = -1;
1060 }
1061 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1062 if( libcthreads_read_write_lock_release_for_read(
1063 internal_record->read_write_lock,
1064 error ) != 1 )
1065 {
1066 libcerror_error_set(
1067 error,
1068 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1069 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1070 "%s: unable to release read/write lock for reading.",
1071 function );
1072
1073 return( -1 );
1074 }
1075 #endif
1076 return( result );
1077 }
1078
1079 /* Retrieves the UTF-8 encoded computer name
1080 * The size should include the end of string character
1081 * Returns 1 if successful, 0 if not available or -1 on error
1082 */
libevt_record_get_utf8_computer_name(libevt_record_t * record,uint8_t * utf8_string,size_t utf8_string_size,libcerror_error_t ** error)1083 int libevt_record_get_utf8_computer_name(
1084 libevt_record_t *record,
1085 uint8_t *utf8_string,
1086 size_t utf8_string_size,
1087 libcerror_error_t **error )
1088 {
1089 libevt_internal_record_t *internal_record = NULL;
1090 static char *function = "libevt_record_get_utf8_computer_name";
1091 int result = 0;
1092
1093 if( record == NULL )
1094 {
1095 libcerror_error_set(
1096 error,
1097 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1098 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1099 "%s: invalid record.",
1100 function );
1101
1102 return( -1 );
1103 }
1104 internal_record = (libevt_internal_record_t *) record;
1105
1106 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1107 if( libcthreads_read_write_lock_grab_for_read(
1108 internal_record->read_write_lock,
1109 error ) != 1 )
1110 {
1111 libcerror_error_set(
1112 error,
1113 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1114 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1115 "%s: unable to grab read/write lock for reading.",
1116 function );
1117
1118 return( -1 );
1119 }
1120 #endif
1121 result = libevt_record_values_get_utf8_computer_name(
1122 internal_record->record_values,
1123 utf8_string,
1124 utf8_string_size,
1125 error );
1126
1127 if( result == -1 )
1128 {
1129 libcerror_error_set(
1130 error,
1131 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1132 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1133 "%s: unable to retrieve UTF-8 computer name.",
1134 function );
1135
1136 result = -1;
1137 }
1138 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1139 if( libcthreads_read_write_lock_release_for_read(
1140 internal_record->read_write_lock,
1141 error ) != 1 )
1142 {
1143 libcerror_error_set(
1144 error,
1145 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1146 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1147 "%s: unable to release read/write lock for reading.",
1148 function );
1149
1150 return( -1 );
1151 }
1152 #endif
1153 return( result );
1154 }
1155
1156 /* Retrieves the size of the UTF-16 encoded computer name
1157 * The returned size includes the end of string character
1158 * Returns 1 if successful, 0 if not available or -1 on error
1159 */
libevt_record_get_utf16_computer_name_size(libevt_record_t * record,size_t * utf16_string_size,libcerror_error_t ** error)1160 int libevt_record_get_utf16_computer_name_size(
1161 libevt_record_t *record,
1162 size_t *utf16_string_size,
1163 libcerror_error_t **error )
1164 {
1165 libevt_internal_record_t *internal_record = NULL;
1166 static char *function = "libevt_record_get_utf16_computer_name_size";
1167 int result = 0;
1168
1169 if( record == NULL )
1170 {
1171 libcerror_error_set(
1172 error,
1173 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1174 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1175 "%s: invalid record.",
1176 function );
1177
1178 return( -1 );
1179 }
1180 internal_record = (libevt_internal_record_t *) record;
1181
1182 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1183 if( libcthreads_read_write_lock_grab_for_read(
1184 internal_record->read_write_lock,
1185 error ) != 1 )
1186 {
1187 libcerror_error_set(
1188 error,
1189 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1190 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1191 "%s: unable to grab read/write lock for reading.",
1192 function );
1193
1194 return( -1 );
1195 }
1196 #endif
1197 result = libevt_record_values_get_utf16_computer_name_size(
1198 internal_record->record_values,
1199 utf16_string_size,
1200 error );
1201
1202 if( result == -1 )
1203 {
1204 libcerror_error_set(
1205 error,
1206 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1207 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1208 "%s: unable to retrieve UTF-16 computer name.",
1209 function );
1210
1211 result = -1;
1212 }
1213 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1214 if( libcthreads_read_write_lock_release_for_read(
1215 internal_record->read_write_lock,
1216 error ) != 1 )
1217 {
1218 libcerror_error_set(
1219 error,
1220 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1221 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1222 "%s: unable to release read/write lock for reading.",
1223 function );
1224
1225 return( -1 );
1226 }
1227 #endif
1228 return( result );
1229 }
1230
1231 /* Retrieves the UTF-16 encoded computer name
1232 * The size should include the end of string character
1233 * Returns 1 if successful, 0 if not available or -1 on error
1234 */
libevt_record_get_utf16_computer_name(libevt_record_t * record,uint16_t * utf16_string,size_t utf16_string_size,libcerror_error_t ** error)1235 int libevt_record_get_utf16_computer_name(
1236 libevt_record_t *record,
1237 uint16_t *utf16_string,
1238 size_t utf16_string_size,
1239 libcerror_error_t **error )
1240 {
1241 libevt_internal_record_t *internal_record = NULL;
1242 static char *function = "libevt_record_get_utf16_computer_name";
1243 int result = 0;
1244
1245 if( record == NULL )
1246 {
1247 libcerror_error_set(
1248 error,
1249 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1250 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1251 "%s: invalid record.",
1252 function );
1253
1254 return( -1 );
1255 }
1256 internal_record = (libevt_internal_record_t *) record;
1257
1258 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1259 if( libcthreads_read_write_lock_grab_for_read(
1260 internal_record->read_write_lock,
1261 error ) != 1 )
1262 {
1263 libcerror_error_set(
1264 error,
1265 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1266 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1267 "%s: unable to grab read/write lock for reading.",
1268 function );
1269
1270 return( -1 );
1271 }
1272 #endif
1273 result = libevt_record_values_get_utf16_computer_name(
1274 internal_record->record_values,
1275 utf16_string,
1276 utf16_string_size,
1277 error );
1278
1279 if( result == -1 )
1280 {
1281 libcerror_error_set(
1282 error,
1283 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1284 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1285 "%s: unable to retrieve UTF-16 computer name.",
1286 function );
1287
1288 result = -1;
1289 }
1290 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1291 if( libcthreads_read_write_lock_release_for_read(
1292 internal_record->read_write_lock,
1293 error ) != 1 )
1294 {
1295 libcerror_error_set(
1296 error,
1297 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1298 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1299 "%s: unable to release read/write lock for reading.",
1300 function );
1301
1302 return( -1 );
1303 }
1304 #endif
1305 return( result );
1306 }
1307
1308 /* Retrieves the size of the UTF-8 encoded user security identifier
1309 * The returned size includes the end of string character
1310 * Returns 1 if successful, 0 if not available or -1 on error
1311 */
libevt_record_get_utf8_user_security_identifier_size(libevt_record_t * record,size_t * utf8_string_size,libcerror_error_t ** error)1312 int libevt_record_get_utf8_user_security_identifier_size(
1313 libevt_record_t *record,
1314 size_t *utf8_string_size,
1315 libcerror_error_t **error )
1316 {
1317 libevt_internal_record_t *internal_record = NULL;
1318 static char *function = "libevt_record_get_utf8_user_security_identifier_size";
1319 int result = 0;
1320
1321 if( record == NULL )
1322 {
1323 libcerror_error_set(
1324 error,
1325 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1326 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1327 "%s: invalid record.",
1328 function );
1329
1330 return( -1 );
1331 }
1332 internal_record = (libevt_internal_record_t *) record;
1333
1334 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1335 if( libcthreads_read_write_lock_grab_for_read(
1336 internal_record->read_write_lock,
1337 error ) != 1 )
1338 {
1339 libcerror_error_set(
1340 error,
1341 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1342 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1343 "%s: unable to grab read/write lock for reading.",
1344 function );
1345
1346 return( -1 );
1347 }
1348 #endif
1349 result = libevt_record_values_get_utf8_user_security_identifier_size(
1350 internal_record->record_values,
1351 utf8_string_size,
1352 error );
1353
1354 if( result == -1 )
1355 {
1356 libcerror_error_set(
1357 error,
1358 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1359 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1360 "%s: unable to retrieve the of the user security identifier as UTF-8 string.",
1361 function );
1362
1363 result = -1;
1364 }
1365 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1366 if( libcthreads_read_write_lock_release_for_read(
1367 internal_record->read_write_lock,
1368 error ) != 1 )
1369 {
1370 libcerror_error_set(
1371 error,
1372 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1373 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1374 "%s: unable to release read/write lock for reading.",
1375 function );
1376
1377 return( -1 );
1378 }
1379 #endif
1380 return( result );
1381 }
1382
1383 /* Retrieves the UTF-8 encoded user security identifier
1384 * The size should include the end of string character
1385 * Returns 1 if successful, 0 if not available or -1 on error
1386 */
libevt_record_get_utf8_user_security_identifier(libevt_record_t * record,uint8_t * utf8_string,size_t utf8_string_size,libcerror_error_t ** error)1387 int libevt_record_get_utf8_user_security_identifier(
1388 libevt_record_t *record,
1389 uint8_t *utf8_string,
1390 size_t utf8_string_size,
1391 libcerror_error_t **error )
1392 {
1393 libevt_internal_record_t *internal_record = NULL;
1394 static char *function = "libevt_record_get_utf8_user_security_identifier";
1395 int result = 0;
1396
1397 if( record == NULL )
1398 {
1399 libcerror_error_set(
1400 error,
1401 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1402 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1403 "%s: invalid record.",
1404 function );
1405
1406 return( -1 );
1407 }
1408 internal_record = (libevt_internal_record_t *) record;
1409
1410 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1411 if( libcthreads_read_write_lock_grab_for_read(
1412 internal_record->read_write_lock,
1413 error ) != 1 )
1414 {
1415 libcerror_error_set(
1416 error,
1417 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1418 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1419 "%s: unable to grab read/write lock for reading.",
1420 function );
1421
1422 return( -1 );
1423 }
1424 #endif
1425 result = libevt_record_values_get_utf8_user_security_identifier(
1426 internal_record->record_values,
1427 utf8_string,
1428 utf8_string_size,
1429 error );
1430
1431 if( result == -1 )
1432 {
1433 libcerror_error_set(
1434 error,
1435 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1436 LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
1437 "%s: unable to copy user security identifier to UTF-8 string.",
1438 function );
1439
1440 result = -1;
1441 }
1442 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1443 if( libcthreads_read_write_lock_release_for_read(
1444 internal_record->read_write_lock,
1445 error ) != 1 )
1446 {
1447 libcerror_error_set(
1448 error,
1449 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1450 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1451 "%s: unable to release read/write lock for reading.",
1452 function );
1453
1454 return( -1 );
1455 }
1456 #endif
1457 return( result );
1458 }
1459
1460 /* Retrieves the size of the UTF-16 encoded user security identifier
1461 * The returned size includes the end of string character
1462 * Returns 1 if successful, 0 if not available or -1 on error
1463 */
libevt_record_get_utf16_user_security_identifier_size(libevt_record_t * record,size_t * utf16_string_size,libcerror_error_t ** error)1464 int libevt_record_get_utf16_user_security_identifier_size(
1465 libevt_record_t *record,
1466 size_t *utf16_string_size,
1467 libcerror_error_t **error )
1468 {
1469 libevt_internal_record_t *internal_record = NULL;
1470 static char *function = "libevt_record_get_utf16_user_security_identifier_size";
1471 int result = 0;
1472
1473 if( record == NULL )
1474 {
1475 libcerror_error_set(
1476 error,
1477 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1478 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1479 "%s: invalid record.",
1480 function );
1481
1482 return( -1 );
1483 }
1484 internal_record = (libevt_internal_record_t *) record;
1485
1486 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1487 if( libcthreads_read_write_lock_grab_for_read(
1488 internal_record->read_write_lock,
1489 error ) != 1 )
1490 {
1491 libcerror_error_set(
1492 error,
1493 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1494 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1495 "%s: unable to grab read/write lock for reading.",
1496 function );
1497
1498 return( -1 );
1499 }
1500 #endif
1501 result = libevt_record_values_get_utf16_user_security_identifier_size(
1502 internal_record->record_values,
1503 utf16_string_size,
1504 error );
1505
1506 if( result == -1 )
1507 {
1508 libcerror_error_set(
1509 error,
1510 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1511 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1512 "%s: unable to retrieve the of the user security identifier as UTF-16 string.",
1513 function );
1514
1515 result = -1;
1516 }
1517 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1518 if( libcthreads_read_write_lock_release_for_read(
1519 internal_record->read_write_lock,
1520 error ) != 1 )
1521 {
1522 libcerror_error_set(
1523 error,
1524 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1525 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1526 "%s: unable to release read/write lock for reading.",
1527 function );
1528
1529 return( -1 );
1530 }
1531 #endif
1532 return( result );
1533 }
1534
1535 /* Retrieves the UTF-16 encoded user security identifier
1536 * The size should include the end of string character
1537 * Returns 1 if successful, 0 if not available or -1 on error
1538 */
libevt_record_get_utf16_user_security_identifier(libevt_record_t * record,uint16_t * utf16_string,size_t utf16_string_size,libcerror_error_t ** error)1539 int libevt_record_get_utf16_user_security_identifier(
1540 libevt_record_t *record,
1541 uint16_t *utf16_string,
1542 size_t utf16_string_size,
1543 libcerror_error_t **error )
1544 {
1545 libevt_internal_record_t *internal_record = NULL;
1546 static char *function = "libevt_record_get_utf16_user_security_identifier";
1547 int result = 0;
1548
1549 if( record == NULL )
1550 {
1551 libcerror_error_set(
1552 error,
1553 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1554 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1555 "%s: invalid record.",
1556 function );
1557
1558 return( -1 );
1559 }
1560 internal_record = (libevt_internal_record_t *) record;
1561
1562 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1563 if( libcthreads_read_write_lock_grab_for_read(
1564 internal_record->read_write_lock,
1565 error ) != 1 )
1566 {
1567 libcerror_error_set(
1568 error,
1569 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1570 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1571 "%s: unable to grab read/write lock for reading.",
1572 function );
1573
1574 return( -1 );
1575 }
1576 #endif
1577 result = libevt_record_values_get_utf16_user_security_identifier(
1578 internal_record->record_values,
1579 utf16_string,
1580 utf16_string_size,
1581 error );
1582
1583 if( result == -1 )
1584 {
1585 libcerror_error_set(
1586 error,
1587 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1588 LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
1589 "%s: unable to copy user security identifier to UTF-16 string.",
1590 function );
1591
1592 result = -1;
1593 }
1594 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1595 if( libcthreads_read_write_lock_release_for_read(
1596 internal_record->read_write_lock,
1597 error ) != 1 )
1598 {
1599 libcerror_error_set(
1600 error,
1601 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1602 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1603 "%s: unable to release read/write lock for reading.",
1604 function );
1605
1606 return( -1 );
1607 }
1608 #endif
1609 return( result );
1610 }
1611
1612 /* Retrieves the number of strings
1613 * Returns 1 if successful or -1 on error
1614 */
libevt_record_get_number_of_strings(libevt_record_t * record,int * number_of_strings,libcerror_error_t ** error)1615 int libevt_record_get_number_of_strings(
1616 libevt_record_t *record,
1617 int *number_of_strings,
1618 libcerror_error_t **error )
1619 {
1620 libevt_internal_record_t *internal_record = NULL;
1621 static char *function = "libevt_record_get_number_of_strings";
1622 int result = 1;
1623
1624 if( record == NULL )
1625 {
1626 libcerror_error_set(
1627 error,
1628 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1629 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1630 "%s: invalid record.",
1631 function );
1632
1633 return( -1 );
1634 }
1635 internal_record = (libevt_internal_record_t *) record;
1636
1637 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1638 if( libcthreads_read_write_lock_grab_for_read(
1639 internal_record->read_write_lock,
1640 error ) != 1 )
1641 {
1642 libcerror_error_set(
1643 error,
1644 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1645 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1646 "%s: unable to grab read/write lock for reading.",
1647 function );
1648
1649 return( -1 );
1650 }
1651 #endif
1652 if( libevt_record_values_get_number_of_strings(
1653 internal_record->record_values,
1654 number_of_strings,
1655 error ) != 1 )
1656 {
1657 libcerror_error_set(
1658 error,
1659 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1660 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1661 "%s: unable to retrieve number of strings.",
1662 function );
1663
1664 result = -1;
1665 }
1666 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1667 if( libcthreads_read_write_lock_release_for_read(
1668 internal_record->read_write_lock,
1669 error ) != 1 )
1670 {
1671 libcerror_error_set(
1672 error,
1673 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1674 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1675 "%s: unable to release read/write lock for reading.",
1676 function );
1677
1678 return( -1 );
1679 }
1680 #endif
1681 return( result );
1682 }
1683
1684 /* Retrieves the size of a specific UTF-8 encoded string
1685 * The returned size includes the end of string character
1686 * Returns 1 if successful or -1 on error
1687 */
libevt_record_get_utf8_string_size(libevt_record_t * record,int string_index,size_t * utf8_string_size,libcerror_error_t ** error)1688 int libevt_record_get_utf8_string_size(
1689 libevt_record_t *record,
1690 int string_index,
1691 size_t *utf8_string_size,
1692 libcerror_error_t **error )
1693 {
1694 libevt_internal_record_t *internal_record = NULL;
1695 static char *function = "libevt_record_get_utf8_string_size";
1696 int result = 1;
1697
1698 if( record == NULL )
1699 {
1700 libcerror_error_set(
1701 error,
1702 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1703 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1704 "%s: invalid record.",
1705 function );
1706
1707 return( -1 );
1708 }
1709 internal_record = (libevt_internal_record_t *) record;
1710
1711 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1712 if( libcthreads_read_write_lock_grab_for_read(
1713 internal_record->read_write_lock,
1714 error ) != 1 )
1715 {
1716 libcerror_error_set(
1717 error,
1718 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1719 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1720 "%s: unable to grab read/write lock for reading.",
1721 function );
1722
1723 return( -1 );
1724 }
1725 #endif
1726 if( libevt_record_values_get_utf8_string_size(
1727 internal_record->record_values,
1728 string_index,
1729 utf8_string_size,
1730 error ) != 1 )
1731 {
1732 libcerror_error_set(
1733 error,
1734 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1735 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1736 "%s: unable to retrieve UTF-8 string size of strings value entry: %d.",
1737 function,
1738 string_index );
1739
1740 result = -1;
1741 }
1742 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1743 if( libcthreads_read_write_lock_release_for_read(
1744 internal_record->read_write_lock,
1745 error ) != 1 )
1746 {
1747 libcerror_error_set(
1748 error,
1749 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1750 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1751 "%s: unable to release read/write lock for reading.",
1752 function );
1753
1754 return( -1 );
1755 }
1756 #endif
1757 return( result );
1758 }
1759
1760 /* Retrieves a specific UTF-8 encoded string
1761 * The size should include the end of string character
1762 * Returns 1 if successful or -1 on error
1763 */
libevt_record_get_utf8_string(libevt_record_t * record,int string_index,uint8_t * utf8_string,size_t utf8_string_size,libcerror_error_t ** error)1764 int libevt_record_get_utf8_string(
1765 libevt_record_t *record,
1766 int string_index,
1767 uint8_t *utf8_string,
1768 size_t utf8_string_size,
1769 libcerror_error_t **error )
1770 {
1771 libevt_internal_record_t *internal_record = NULL;
1772 static char *function = "libevt_record_get_utf8_string";
1773 int result = 1;
1774
1775 if( record == NULL )
1776 {
1777 libcerror_error_set(
1778 error,
1779 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1780 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1781 "%s: invalid record.",
1782 function );
1783
1784 return( -1 );
1785 }
1786 internal_record = (libevt_internal_record_t *) record;
1787
1788 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1789 if( libcthreads_read_write_lock_grab_for_read(
1790 internal_record->read_write_lock,
1791 error ) != 1 )
1792 {
1793 libcerror_error_set(
1794 error,
1795 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1796 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1797 "%s: unable to grab read/write lock for reading.",
1798 function );
1799
1800 return( -1 );
1801 }
1802 #endif
1803 if( libevt_record_values_get_utf8_string(
1804 internal_record->record_values,
1805 string_index,
1806 utf8_string,
1807 utf8_string_size,
1808 error ) != 1 )
1809 {
1810 libcerror_error_set(
1811 error,
1812 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1813 LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
1814 "%s: unable to copy strings value entry: %d to UTF-8 string.",
1815 function,
1816 string_index );
1817
1818 result = -1;
1819 }
1820 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1821 if( libcthreads_read_write_lock_release_for_read(
1822 internal_record->read_write_lock,
1823 error ) != 1 )
1824 {
1825 libcerror_error_set(
1826 error,
1827 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1828 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1829 "%s: unable to release read/write lock for reading.",
1830 function );
1831
1832 return( -1 );
1833 }
1834 #endif
1835 return( result );
1836 }
1837
1838 /* Retrieves the size of a specific UTF-16 encoded string
1839 * The returned size includes the end of string character
1840 * Returns 1 if successful or -1 on error
1841 */
libevt_record_get_utf16_string_size(libevt_record_t * record,int string_index,size_t * utf16_string_size,libcerror_error_t ** error)1842 int libevt_record_get_utf16_string_size(
1843 libevt_record_t *record,
1844 int string_index,
1845 size_t *utf16_string_size,
1846 libcerror_error_t **error )
1847 {
1848 libevt_internal_record_t *internal_record = NULL;
1849 static char *function = "libevt_record_get_utf16_string_size";
1850 int result = 1;
1851
1852 if( record == NULL )
1853 {
1854 libcerror_error_set(
1855 error,
1856 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1857 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1858 "%s: invalid record.",
1859 function );
1860
1861 return( -1 );
1862 }
1863 internal_record = (libevt_internal_record_t *) record;
1864
1865 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1866 if( libcthreads_read_write_lock_grab_for_read(
1867 internal_record->read_write_lock,
1868 error ) != 1 )
1869 {
1870 libcerror_error_set(
1871 error,
1872 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1873 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1874 "%s: unable to grab read/write lock for reading.",
1875 function );
1876
1877 return( -1 );
1878 }
1879 #endif
1880 if( libevt_record_values_get_utf16_string_size(
1881 internal_record->record_values,
1882 string_index,
1883 utf16_string_size,
1884 error ) != 1 )
1885 {
1886 libcerror_error_set(
1887 error,
1888 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1889 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
1890 "%s: unable to retrieve UTF-16 string size of strings value entry: %d.",
1891 function,
1892 string_index );
1893
1894 result = -1;
1895 }
1896 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1897 if( libcthreads_read_write_lock_release_for_read(
1898 internal_record->read_write_lock,
1899 error ) != 1 )
1900 {
1901 libcerror_error_set(
1902 error,
1903 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1904 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1905 "%s: unable to release read/write lock for reading.",
1906 function );
1907
1908 return( -1 );
1909 }
1910 #endif
1911 return( result );
1912 }
1913
1914 /* Retrieves a specific UTF-16 encoded string
1915 * The size should include the end of string character
1916 * Returns 1 if successful or -1 on error
1917 */
libevt_record_get_utf16_string(libevt_record_t * record,int string_index,uint16_t * utf16_string,size_t utf16_string_size,libcerror_error_t ** error)1918 int libevt_record_get_utf16_string(
1919 libevt_record_t *record,
1920 int string_index,
1921 uint16_t *utf16_string,
1922 size_t utf16_string_size,
1923 libcerror_error_t **error )
1924 {
1925 libevt_internal_record_t *internal_record = NULL;
1926 static char *function = "libevt_record_get_utf16_string";
1927 int result = 1;
1928
1929 if( record == NULL )
1930 {
1931 libcerror_error_set(
1932 error,
1933 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
1934 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
1935 "%s: invalid record.",
1936 function );
1937
1938 return( -1 );
1939 }
1940 internal_record = (libevt_internal_record_t *) record;
1941
1942 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1943 if( libcthreads_read_write_lock_grab_for_read(
1944 internal_record->read_write_lock,
1945 error ) != 1 )
1946 {
1947 libcerror_error_set(
1948 error,
1949 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1950 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1951 "%s: unable to grab read/write lock for reading.",
1952 function );
1953
1954 return( -1 );
1955 }
1956 #endif
1957 if( libevt_record_values_get_utf16_string(
1958 internal_record->record_values,
1959 string_index,
1960 utf16_string,
1961 utf16_string_size,
1962 error ) != 1 )
1963 {
1964 libcerror_error_set(
1965 error,
1966 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1967 LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
1968 "%s: unable to copy strings value entry: %d to UTF-16 string.",
1969 function,
1970 string_index );
1971
1972 result = -1;
1973 }
1974 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
1975 if( libcthreads_read_write_lock_release_for_read(
1976 internal_record->read_write_lock,
1977 error ) != 1 )
1978 {
1979 libcerror_error_set(
1980 error,
1981 LIBCERROR_ERROR_DOMAIN_RUNTIME,
1982 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
1983 "%s: unable to release read/write lock for reading.",
1984 function );
1985
1986 return( -1 );
1987 }
1988 #endif
1989 return( result );
1990 }
1991
1992 /* Retrieves the size of the data
1993 * Returns 1 if successful, 0 if not available or -1 on error
1994 */
libevt_record_get_data_size(libevt_record_t * record,size_t * data_size,libcerror_error_t ** error)1995 int libevt_record_get_data_size(
1996 libevt_record_t *record,
1997 size_t *data_size,
1998 libcerror_error_t **error )
1999 {
2000 libevt_internal_record_t *internal_record = NULL;
2001 static char *function = "libevt_record_get_data_size";
2002 int result = 0;
2003
2004 if( record == NULL )
2005 {
2006 libcerror_error_set(
2007 error,
2008 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
2009 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
2010 "%s: invalid record.",
2011 function );
2012
2013 return( -1 );
2014 }
2015 internal_record = (libevt_internal_record_t *) record;
2016
2017 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
2018 if( libcthreads_read_write_lock_grab_for_read(
2019 internal_record->read_write_lock,
2020 error ) != 1 )
2021 {
2022 libcerror_error_set(
2023 error,
2024 LIBCERROR_ERROR_DOMAIN_RUNTIME,
2025 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
2026 "%s: unable to grab read/write lock for reading.",
2027 function );
2028
2029 return( -1 );
2030 }
2031 #endif
2032 result = libevt_record_values_get_data_size(
2033 internal_record->record_values,
2034 data_size,
2035 error );
2036
2037 if( result == -1 )
2038 {
2039 libcerror_error_set(
2040 error,
2041 LIBCERROR_ERROR_DOMAIN_RUNTIME,
2042 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
2043 "%s: unable to retrieve data size.",
2044 function );
2045
2046 result = -1;
2047 }
2048 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
2049 if( libcthreads_read_write_lock_release_for_read(
2050 internal_record->read_write_lock,
2051 error ) != 1 )
2052 {
2053 libcerror_error_set(
2054 error,
2055 LIBCERROR_ERROR_DOMAIN_RUNTIME,
2056 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
2057 "%s: unable to release read/write lock for reading.",
2058 function );
2059
2060 return( -1 );
2061 }
2062 #endif
2063 return( result );
2064 }
2065
2066 /* Retrieves the data
2067 * Returns 1 if successful, 0 if not available or -1 on error
2068 */
libevt_record_get_data(libevt_record_t * record,uint8_t * data,size_t data_size,libcerror_error_t ** error)2069 int libevt_record_get_data(
2070 libevt_record_t *record,
2071 uint8_t *data,
2072 size_t data_size,
2073 libcerror_error_t **error )
2074 {
2075 libevt_internal_record_t *internal_record = NULL;
2076 static char *function = "libevt_record_get_data";
2077 int result = 0;
2078
2079 if( record == NULL )
2080 {
2081 libcerror_error_set(
2082 error,
2083 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
2084 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
2085 "%s: invalid record.",
2086 function );
2087
2088 return( -1 );
2089 }
2090 internal_record = (libevt_internal_record_t *) record;
2091
2092 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
2093 if( libcthreads_read_write_lock_grab_for_read(
2094 internal_record->read_write_lock,
2095 error ) != 1 )
2096 {
2097 libcerror_error_set(
2098 error,
2099 LIBCERROR_ERROR_DOMAIN_RUNTIME,
2100 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
2101 "%s: unable to grab read/write lock for reading.",
2102 function );
2103
2104 return( -1 );
2105 }
2106 #endif
2107 result = libevt_record_values_get_data(
2108 internal_record->record_values,
2109 data,
2110 data_size,
2111 error );
2112
2113 if( result == -1 )
2114 {
2115 libcerror_error_set(
2116 error,
2117 LIBCERROR_ERROR_DOMAIN_RUNTIME,
2118 LIBCERROR_RUNTIME_ERROR_COPY_FAILED,
2119 "%s: unable to copy data.",
2120 function );
2121
2122 result = -1;
2123 }
2124 #if defined( HAVE_LIBEVT_MULTI_THREAD_SUPPORT )
2125 if( libcthreads_read_write_lock_release_for_read(
2126 internal_record->read_write_lock,
2127 error ) != 1 )
2128 {
2129 libcerror_error_set(
2130 error,
2131 LIBCERROR_ERROR_DOMAIN_RUNTIME,
2132 LIBCERROR_RUNTIME_ERROR_SET_FAILED,
2133 "%s: unable to release read/write lock for reading.",
2134 function );
2135
2136 return( -1 );
2137 }
2138 #endif
2139 return( result );
2140 }
2141
2142