Eventlogedit-evtx--Evolution icon indicating copy to clipboard operation
Eventlogedit-evtx--Evolution copied to clipboard

Published 20 hours ago verified publisher icon 3gstudent

xml EvtxRecordId Error!

Open UbuntuOS-git opened this issue 2 years ago • 2 comments

Here! DeleteRecordofFile and DeleteRecordbyGetHandle:

*v7 = eventRecordIdentifier; ===> *v7 = *v7 - 1;

When the first recordID is not 1 , it will be wrong.

UbuntuOS-git avatar Sep 22 '22 02:09 UbuntuOS-git

DeleteRecordofFile and DeleteRecordbyGetHandle are not the final version, because there will still be traces of modification, and the format has not been completely corrected.

If you want to achieve the function, you can use DeleteRecordofFileEx and DeleteRecordbyGetHandleEx.

3gstudent avatar Sep 22 '22 07:09 3gstudent

But if use DeleteRecordofFileEx and DeleteRecordbyGetHandleEx,the EventRecordIDs are not consecutive...

UbuntuOS-git avatar Sep 22 '22 08:09 UbuntuOS-git