Skip to content

Fix rename#7

Merged
maximelb merged 7 commits intomasterfrom
fix-rename
Aug 21, 2025
Merged

Fix rename#7
maximelb merged 7 commits intomasterfrom
fix-rename

Conversation

@maximelb
Copy link
Copy Markdown

@maximelb maximelb commented Aug 21, 2025

Description of the change

Update deps and fix renamed API upstream.

Type of change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

scudette and others added 7 commits July 31, 2024 03:45
@scudette
Bugfix: When parsed within a template BinXMLElementStart is not same (V…
3e4ff3d 
…elocidex#30)

The struct layout is a bit different when parsed within a template or
not. Typically events forwarded from a different system do not have a
template interpolated so they will trigger this bug.

Dependency identifier is optional:
https://github.com/libyal/libevtx/blob/main/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc#414-element-start
@scudette
Bugfix: Support multiple messages for the same Event ID (Velocidex#31)
e5cd153 
Some event ID have multiple messages stored in the message lists - these
are generally designed for events which have different number of
properties. So for example the message file might contain two messages
for the same event id, one with 1 expansion and one with 2 expansions.
Then the application might emit an event to the log file with 2
properties or only 1 property of the same event id.

This pr stores both the messages and the number of expasions in the
message set and is able to select the most appropriate one for each
message - we aim to maximize the number of expasions available in the
message string.
@doracpphp
add chunk header LastEventRecOffset (Velocidex#32)
12e494a 
Added the 'Last event record data offset' field to the Chunk Header
because the data is present there.

Reference:
https://github.com/libyal/libevtx/blob/main/documentation/Windows%20XML%20Event%20Log%20(EVTX).asciidoc#31-chunk-header
@scudette
Bugfix: Substitution token should not parse XML in template context (V…
f4fa97e 
…elocidex#34)

Fixes: Velocidex#33
@maximelb
Merge remote-tracking branch 'upstream/master'
f8d00bf
@maximelb
Merge branch 'master' of github.com:refractionPOINT/evtx
8c468f9
@maximelb
Update deps and fix tomap rename.
ea198f5
@maximelb maximelb merged commit 06f8e57 into master Aug 21, 2025
1 check passed
@maximelb maximelb deleted the fix-rename branch August 21, 2025 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lcbill lcbill lcbill approved these changes

@josh-lc josh-lc Awaiting requested review from josh-lc

@tomaz-lc tomaz-lc Awaiting requested review from tomaz-lc

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@maximelb @lcbill @scudette @doracpphp