alexkornitzer
commented
1 year ago Yep here is the sample, which was taken from here, challenge 1 (https://www.ashemery.com/dfir.html)
Closed alexkornitzer closed 1 year ago
alexkornitzer
commented
1 year ago Yep here is the sample, which was taken from here, challenge 1 (https://www.ashemery.com/dfir.html)
ohadravid
commented
1 year ago Great! So could you add a test like test_event_json_with_multiple_nodes_same_name or test_issue_65 with this example?
alexkornitzer
commented
1 year ago Done and squashed to keep the commit log clean.
Heya,
Very happy to finally have something to provide upstream to such a core crate in Chainsaw :)
Someone at work provided me with an evtx file which was failing to parse due to this size_t type.
From looking at an event log which utilises size_t it can be seen to output size_t in hex. This commit adds support for widths 4 & 8, by applying them to the HexInt32 and HexInt64 variants.
HandleId & ProcessId:
The assumptions above would make sense to me as this is usually how size_t is typedef'd. But I fully get if you would not want to merge this as it has only been tested on one sample and some assumptions have been made.