williballenthin
commented
3 years ago In short:
More detail: When I first started to develop this library (back in 2013 :-O) I didn't think enough about the module layout and so we end up with slightly confusing fully-qualified module/class names. Changing them now might lead to version problems so I've left things as is, though it leads to confusion like this. Sorry for that.
The project is Evtx and so there's a top level namespace Evtx.
There's a primary file that contains top level structures and so there's a mid level namespace Evtx.Evtx.
And within this file is a class named.... you guess it, Evtx, so the class you're trying to reference is Evtx.Evtx.Evtx. I'm sorry 🤦🏼
To debug this yourself, you can use dir(any instance, including modules) to see all the names available under that instance, e.g.
Final note, using the name evtx might kinda sorta work on Windows, which by default uses NTFS that is not case sensitive, but this is not portable and might break in weird places.
I feel like I must be making some stupid mistake, but I haven't been able to find the solution after a few hours of poking around.
On the other hand, IDLE appears to see the modules and auto suggests them.
Is there something I am missing to get this to work correctly? I appear to be having the same issue on Linux. I don't believe the issue is in regards to how I am importing python-evtx as I have been unable to use a number of projects that use Python-Evtx; they all seem to break at calling Evtx or View.
Thank you for any help that you can provide.