Encoding issue with ISO-8859

[rgarrigue]

Hello

I copy/pasted your 3rd example about reading events. It works sometimes, but I hit this encoding issue, most likely some event encoded in ISO-8859...

Traceback (most recent call last):
  File "C:/Users/Administrateur/Desktop/python_test.py", line 55, in <module>
    for event in query:
  File "C:\Python36\lib\site-packages\winevt\EventLog\Query.py", line 70, in __next__
    logger.error(get_last_error())
  File "C:\Python36\lib\site-packages\winevt\__init__.py", line 64, in get_last_error
    return ffi.string(ffi.cast("char **",buf)[0][0:chars]).decode('utf-8').strip("\r\n")
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xe9 in position 8: invalid continuation byte

Reading your code, there's no option to change encoding if needed, might be a good idea ?

[bannsec]

Ack. Thanks! You're right. I don't believe I need to have encoding as an option for the moment, but I am explicitly using the ANSI call, which means I should be using something like s.decode('windows-1252') to properly decode instead of utf-8. That should solve this issue and make it compliant with the ANSI call in general.

Guessing i did this elsewhere too... Will need to check.

[llimz]

Any advice how to make it works when we have this issue? Thank you.

[bannsec]

Hey, haven't had a change to rebuild this. Basically, you should be able to change the .decode('utf-8') to .decode('windows-1252'). That encoding is specifically the one that Windows claims to use for basically everything. That said, I have not tried this out on non-English languages, so you maybe would need to change that for a different encoding.

I'd give that change a try first as it should work.

[llimz]

Changing the decode value as you mentionned fixed the problem. Thank you.

[Berserker66]

Python has a special encoding called "ANSI" on windows, which selects the current running windows' ansi encoding page. You should either use that as encoding or use the unicode calls.