doc/Evtx/File.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>
Class: Evtx::File
— Documentation by YARD 0.8.7.6
</title>
<link rel="stylesheet" href="../css/style.css" type="text/css" charset="utf-8" />
<link rel="stylesheet" href="../css/common.css" type="text/css" charset="utf-8" />
<script type="text/javascript" charset="utf-8">
hasFrames = window.top.frames.main ? true : false;
relpath = '../';
framesUrl = "../frames.html#!Evtx/File.html";
</script>
<script type="text/javascript" charset="utf-8" src="../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../js/app.js"></script>
</head>
<body>
<div id="header">
<div id="menu">
<a href="../_index.html">Index (F)</a> »
<span class='title'><span class='object_link'><a href="../Evtx.html" title="Evtx (module)">Evtx</a></span></span>
»
<span class="title">File</span>
<div class="noframes"><span class="title">(</span><a href="." target="_top">no frames</a><span class="title">)</span></div>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../class_list.html">
Class List
</a>
<a class="full_list_link" id="method_list_link"
href="../method_list.html">
Method List
</a>
<a class="full_list_link" id="file_list_link"
href="../file_list.html">
File List
</a>
</div>
<div class="clear"></div>
</div>
<iframe id="search_frame"></iframe>
<div id="content"><h1>Class: Evtx::File
</h1>
<dl class="box">
<dt class="r1">Inherits:</dt>
<dd class="r1">
<span class="inheritName">Object</span>
<ul class="fullTree">
<li>Object</li>
<li class="next">Evtx::File</li>
</ul>
<a href="#" class="inheritanceTree">show all</a>
</dd>
<dt class="r2">Includes:</dt>
<dd class="r2"><span class='object_link'><a href="Constants.html" title="Evtx::Constants (module)">Constants</a></span></dd>
<dt class="r1 last">Defined in:</dt>
<dd class="r1 last">lib/evtx/file.rb</dd>
</dl>
<div class="clear"></div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>The Windows XML Event Log (EVTX) format was introducted in Windows Vista as
a replacement for the Windows Event Log (EVT) format.</p>
<p>The format consists of a small file header which is followed by a series of
chunks. Chunks are self-contained; with no event record ever extending over
the boundary between two chunks.</p>
<p>The event log files can normally be found in:</p>
<pre class="code ruby"><code class="ruby">C:\Windows\System32\winevt\Logs\</code></pre>
</div>
</div>
<div class="tags">
</div>
<h2>Constant Summary</h2>
<h2>Constant Summary</h2>
<h3 class="inherited">Constants included
from <span class='object_link'><a href="Constants.html" title="Evtx::Constants (module)">Constants</a></span></h3>
<p class="inherited"><span class='object_link'><a href="Constants.html#CHUNK_SIZE-constant" title="Evtx::Constants::CHUNK_SIZE (constant)">Constants::CHUNK_SIZE</a></span>, <span class='object_link'><a href="Constants.html#HEADER_SIZE-constant" title="Evtx::Constants::HEADER_SIZE (constant)">Constants::HEADER_SIZE</a></span></p>
<h2>Instance Attribute Summary <small>(<a href="#" class="summary_toggle">collapse</a>)</small></h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#chunks-instance_method" title="#chunks (instance method)">- (Array) <strong>chunks</strong> </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#fileheader-instance_method" title="#fileheader (instance method)">- (Evtx::FileHeader) <strong>fileheader</strong> </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h2>
Instance Method Summary
<small>(<a href="#" class="summary_toggle">collapse</a>)</small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">- (File) <strong>initialize</strong>(path) </a>
</span>
<span class="note title constructor">constructor</span>
<span class="summary_desc"><div class='inline'>
<p>A new instance of File.</p>
</div></span>
</li>
</ul>
<div id="constructor_details" class="method_details_list">
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
- (<tt><span class='object_link'><a href="" title="Evtx::File (class)">File</a></span></tt>) <strong>initialize</strong>(path)
</h3><div class="docstring">
<div class="discussion">
<p>Returns a new instance of File</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
24
25
26
27
28
29
30
31
32
33
34
35
36
37</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/evtx/file.rb', line 24</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_path'>path</span><span class='rparen'>)</span>
<span class='id identifier rubyid_offset'>offset</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_open'>open</span> <span class='id identifier rubyid_path'>path</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>'</span><span class='tstring_content'>r</span><span class='tstring_end'>'</span></span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_f'>f</span><span class='op'>|</span>
<span class='id identifier rubyid_buffer'>buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_f'>f</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span> <span class='int'>4096</span>
<span class='ivar'>@fileheader</span> <span class='op'>=</span> <span class='const'>FileHeader</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span><span class='lparen'>(</span><span class='id identifier rubyid_buffer'>buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_offset'>offset</span> <span class='op'>+=</span> <span class='const'>HEADER_SIZE</span>
<span class='id identifier rubyid_f'>f</span><span class='period'>.</span><span class='id identifier rubyid_seek'>seek</span> <span class='id identifier rubyid_offset'>offset</span>
<span class='ivar'>@fileheader</span><span class='period'>.</span><span class='id identifier rubyid_number_of_chunks'>number_of_chunks</span><span class='period'>.</span><span class='id identifier rubyid_times'>times</span> <span class='kw'>do</span>
<span class='id identifier rubyid_buffer'>buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_f'>f</span><span class='period'>.</span><span class='id identifier rubyid_read'>read</span> <span class='const'>CHUNK_SIZE</span>
<span class='id identifier rubyid_offset'>offset</span> <span class='op'>+=</span> <span class='const'>CHUNK_SIZE</span>
<span class='id identifier rubyid_f'>f</span><span class='period'>.</span><span class='id identifier rubyid_seek'>seek</span> <span class='id identifier rubyid_offset'>offset</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id="chunks=-instance_method"></span>
<div class="method_details first">
<h3 class="signature first" id="chunks-instance_method">
- (<tt>Array</tt>) <strong>chunks</strong>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
22
23
24</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/evtx/file.rb', line 22</span>
<span class='kw'>def</span> <span class='id identifier rubyid_chunks'>chunks</span>
<span class='ivar'>@chunks</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id="fileheader=-instance_method"></span>
<div class="method_details ">
<h3 class="signature " id="fileheader-instance_method">
- (<tt><span class='object_link'><a href="FileHeader.html" title="Evtx::FileHeader (class)">Evtx::FileHeader</a></span></tt>) <strong>fileheader</strong>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt><span class='object_link'><a href="FileHeader.html" title="Evtx::FileHeader (class)">Evtx::FileHeader</a></span></tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
19
20
21</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/evtx/file.rb', line 19</span>
<span class='kw'>def</span> <span class='id identifier rubyid_fileheader'>fileheader</span>
<span class='ivar'>@fileheader</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Wed Apr 27 13:25:06 2016 by
<a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.8.7.6 (ruby-2.3.0).
</div>
</body>
</html>