Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

xml EvtxRecordId Error! #15

Open
UbuntuOS-git opened this issue Sep 22, 2022 · 2 comments
Open

xml EvtxRecordId Error! #15

UbuntuOS-git opened this issue Sep 22, 2022 · 2 comments

Comments

@UbuntuOS-git
Copy link

Here!
DeleteRecordofFile and DeleteRecordbyGetHandle:

*v7 = eventRecordIdentifier;
===>
*v7 = *v7 - 1;

When the first recordID is not 1 , it will be wrong.

@3gstudent
Copy link
Owner

DeleteRecordofFile and DeleteRecordbyGetHandle are not the final version, because there will still be traces of modification, and the format has not been completely corrected.

If you want to achieve the function, you can use DeleteRecordofFileEx and DeleteRecordbyGetHandleEx.

@UbuntuOS-git
Copy link
Author

But if use DeleteRecordofFileEx and DeleteRecordbyGetHandleEx,the EventRecordIDs are not consecutive...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants