Fix flags to be proper bitmasks and add no-CRC flag

omerbenamram / evtx

A Fast (and safe) parser for the Windows XML Event Log (EVTX) format

Apache License 2.0

663 stars 63 forks source link

Fix flags to be proper bitmasks and add no-CRC flag #188

Closed Robo210 closed 3 years ago

Robo210 commented 3 years ago

The NO_CRC32 flag indicates that the file header or chunk has no checksums computed for it, and is expected to be fixed at 0. Files with this flag set can be found in the system32\winevt\Logs folder on new-ish Windows Insider builds. Logs that have been exported via wevtutil.exe have the flag removed and the checksums computed as part of the export.

ohadravid commented 3 years ago

Awesome! Just add a test for this new file in tests/test_full_samples.rs

omerbenamram commented 3 years ago

Thanks a lot for this :)