search

EricZimmerman / evtx

C# based evtx parser with lots of extras
MIT License
282 stars 59 forks source link

Integer instead of string #98

Closed forensenellanebbia closed 3 years ago

forensenellanebbia commented 3 years ago

Is there a way to consider a value as integer instead of string? My goal is to write a map that shows the remaining battery percentage (RemainingCapacity/FullChargeCapacity)*100 based on the following event:

<Event>
  <System>
    <Provider Name="Microsoft-Windows-Kernel-Power" Guid="331c3b3a-2005-44c2-ac5e-77220c37d6b4" />
    <EventID>105</EventID>
    <Version>1</Version>
    <Level>4</Level>
    <Task>100</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000404</Keywords>
    <TimeCreated SystemTime="2020-09-22 16:23:18.0478843" />
    <EventRecordID>5495</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="17436" />
    <Channel>System</Channel>
    <Computer>MYPC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="AcOnline">False</Data>
    <Data Name="RemainingCapacity">56293</Data>
    <Data Name="FullChargeCapacity">62654</Data>
  </EventData>
</Event>
AndrewRathbun commented 3 years ago

I believe this one is a typo and #99 is where the discussion will take place.

EricZimmerman commented 3 years ago

that starts to make life a lot more difficult, because now i have to track data types. i doubt this will happen, at least any time soon.