Closed 111andre111 closed 3 years ago
omerbenamram
commented
3 years ago Currently the code is only geared towards parsing of XML->BinXml, and going the other way would be a substantial amount of work to be compliant with other generic EVTX parsers, since EVTX is already rather complicated to parse efficiently because of seeking and jumps inside record blocks.
I don't believe I'll be able to personally devote time into this, but contributions are always welcome.
111andre111
commented
3 years ago Ok, thank you. If this is you focus this is acceptable. Are you aware of any other tools that can do this way XML -> BinXml. Because I never found something like this.
omerbenamram
commented
3 years ago @111andre111 I'm not aware of such tools - reopen if there's anything related to this library that needs addressing.
Are there any plans to extend this tool to support output to evtx files? And feed it with a former XML file?
With that both directions would be possible which I think would be extremely great for certain scenarios.
There is a format definition out there as well: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-even6/7cdd0c95-2181-4794-a094-55c78b389358?redirectedfrom=MSDN