def ParseFileObject(self, parser_mediator, file_object, **kwargs):
"""Parses a Windows EventLog (EVT) file-like object.
Args:
parser_mediator: a parser mediator object (instance of ParserMediator).
file_object: a file-like object.
"""
evt_file = pyevt.file()
evt_file.set_ascii_codepage(parser_mediator.codepage)
try:
evt_file.open_file_object(file_object)
except IOError as exception:
parser_mediator.ProduceParseError(
u'unable to open file with error: {0:s}'.format(exception))
return
for record_index, evt_record in enumerate(evt_file.records):
try:
self._ParseRecord(parser_mediator, record_index, evt_record)
except IOError as exception:
parser_mediator.ProduceParseError(
u'unable to parse event record: {0:d} with error: {1:s}'.format(
record_index, exception))
for record_index, evt_record in enumerate(evt_file.recovered_records):
try:
self._ParseRecord(
parser_mediator, record_index, evt_record, recovered=True)
except IOError as exception:
parser_mediator.ProduceParseError((
u'unable to parse recovered event record: {0:d} with error: '
u'{1:s}').format(record_index, exception))
evt_file.close()
def test_open_close(self):
"""Tests the open and close functions."""
if not unittest.source:
return
evt_file = pyevt.file()
# Test open and close.
evt_file.open(unittest.source)
evt_file.close()
# Test open and close a second time to validate clean up on close.
evt_file.open(unittest.source)
evt_file.close()
file_object = open(unittest.source, "rb")
# Test open_file_object and close.
evt_file.open_file_object(file_object)
evt_file.close()
# Test open_file_object and close a second time to validate clean up on close.
evt_file.open_file_object(file_object)
evt_file.close()
# Test open_file_object and close and dereferencing file_object.
evt_file.open_file_object(file_object)
del file_object
evt_file.close()
def pyevt_test_single_open_close_file_object_with_dereference(
filename, mode):
"""Tests single file-like object open and close with dereference."""
description = (
"Testing single open close of file-like object with dereference of: "
"{0:s} with access: {1:s}\t").format(
get_filename_string(filename), get_mode_string(mode))
print(description, end="")
error_string = None
result = True
try:
file_object = open(filename, "rb")
evt_file = pyevt.file()
evt_file.open_file_object(file_object, mode)
del file_object
evt_file.close()
except Exception as exception:
error_string = str(exception)
result = False
if not result:
print("(FAIL)")
else:
print("(PASS)")
if error_string:
print(error_string)
return result
def pyevt_test_multi_open_close_file(filename, mode):
"""Tests multiple open and close."""
description = (
"Testing multi open close of: {0:s} with access: {1:s}"
"\t").format(get_filename_string(filename), get_mode_string(mode))
print(description, end="")
error_string = None
result = True
try:
evt_file = pyevt.file()
evt_file.open(filename, mode)
evt_file.close()
evt_file.open(filename, mode)
evt_file.close()
except Exception as exception:
error_string = str(exception)
result = False
if not result:
print("(FAIL)")
else:
print("(PASS)")
if error_string:
print(error_string)
return result
def test_close(self):
"""Tests the close function."""
if not unittest.source:
return
evt_file = pyevt.file()
with self.assertRaises(IOError):
evt_file.close()
def main( argc, argv ): result = 0 if argc != 1: print "Usage: pyevt_test_set_ascii_codepage.py\n" return 1 supported_codepages = [ "ascii", "cp874", "cp932", "cp936", "cp949", "cp950", "cp1250", "cp1251", "cp1252", "cp1253", "cp1254", "cp1255", "cp1256", "cp1257", "cp1258" ] unsupported_codepages = [ "iso-8859-1", "iso-8859-2", "iso-8859-3", "iso-8859-4", "iso-8859-5", "iso-8859-6", "iso-8859-7", "iso-8859-8", "iso-8859-9", "iso-8859-10", "iso-8859-11", "iso-8859-13", "iso-8859-14", "iso-8859-15", "iso-8859-16", "koi8_r", "koi8_u" ] evt_file = pyevt.file() for codepage in supported_codepages: print "Testing setting supported ASCII codepage of: %s:\t" %( codepage ), try: evt_file.ascii_codepage = codepage result = 0 except: result = 1 if result != 0: print "(FAIL)" return 1 print "(PASS)" print "Testing setting supported ASCII codepage of: %s:\t" %( codepage ), try: evt_file.set_ascii_codepage( codepage ) result = 0 except: result = 1 if result != 0: print "(FAIL)" return 1 print "(PASS)" for codepage in unsupported_codepages: print "Testing setting unsupported ASCII codepage of: %s:\t" %( codepage ), result = 1 try: evt_file.ascii_codepage = codepage except RuntimeError, exception: if exception.message == "pyevt_file_set_ascii_codepage_from_string: unable to determine ASCII codepage.": result = 0 except:
def _GetEventFileList(self):
'''Get file listing of event files from specified source path'''
self.filelist = []
if not os.path.isdir(self.options.events_path):
raise(Exception("Events directory does not exist: {}".format(self.options.events_path)))
for dirName, subdirList, fileList in os.walk(self.options.events_path):
for filename in fileList:
fullname = os.path.join(
dirName,
filename
)
if (filename.lower().endswith('.evt') or filename.lower().endswith('.evtx')):
if IsSupportedEventFile(fullname):
self.filelist.append(fullname)
elif filename.lower().endswith('.json'):
# Check for EvtXtract outputfiles #
if IsSupportedEvtXtractFile(fullname):
self.filelist.append(fullname)
self.filelist.sort()
progressBar = ProgressManager.ProgressBarClass(
Config.Config.UI_TYPE,
count = len(self.filelist),
description = u'Enumerating Event Files'.format(dirName)
)
_fcnt = 0
for filename in self.filelist:
if filename.lower().endswith('evtx'):
wefile = pyevtx.file()
wefile.open(filename)
self.total_records += wefile.get_number_of_records()
self.total_records += wefile.get_number_of_recovered_records()
wefile.close()
elif filename.lower().endswith('evt'):
wefile = pyevt.file()
wefile.open(filename)
self.total_records += wefile.get_number_of_records()
self.total_records += wefile.get_number_of_recovered_records()
wefile.close()
elif filename.lower().endswith('json'):
with open(filename) as wefile:
jstruct = json.load(wefile)
self.total_records += len(jstruct['valid_records'])
wefile.close()
progressBar.Increment(1)
_fcnt += 1
progressBar.Finish()
def pyevt_test_single_open_close_file(filename, mode):
"""Tests a single open and close."""
description = (
"Testing single open close of: {0:s} with access: {1:s}"
"\t").format(get_filename_string(filename), get_mode_string(mode))
print(description, end="")
error_string = None
result = True
try:
evt_file = pyevt.file()
evt_file.open(filename, mode)
evt_file.close()
except TypeError as exception:
expected_message = (
"{0:s}: unsupported string object type.").format(
"pyevt_file_open")
if not filename and str(exception) == expected_message:
pass
else:
error_string = str(exception)
result = False
except ValueError as exception:
expected_message = (
"{0:s}: unsupported mode: w.").format(
"pyevt_file_open")
if mode != "w" or str(exception) != expected_message:
error_string = str(exception)
result = False
except Exception as exception:
error_string = str(exception)
result = False
if not result:
print("(FAIL)")
else:
print("(PASS)")
if error_string:
print(error_string)
return result
def Parse(self, parser_context, file_entry):
"""Extract data from a Windows EventLog (EVT) file.
Args:
parser_context: A parser context object (instance of ParserContext).
file_entry: A file entry object (instance of dfvfs.FileEntry).
Yields:
An event object (instance of WinEvtRecordEvent) that contains the parsed
data.
"""
file_object = file_entry.GetFileObject()
evt_file = pyevt.file()
evt_file.set_ascii_codepage(parser_context.codepage)
try:
evt_file.open_file_object(file_object)
except IOError as exception:
evt_file.close()
file_object.close()
raise errors.UnableToParseFile(
u'[{0:s}] unable to parse file {1:s} with error: {2:s}'.format(
self.NAME, file_entry.name, exception))
for record_index in range(0, evt_file.number_of_records):
try:
evt_record = evt_file.get_record(record_index)
self._ParseRecord(parser_context, evt_record, file_entry=file_entry)
except IOError as exception:
logging.warning((
u'[{0:s}] unable to parse event record: {1:d} in file: {2:s} '
u'with error: {3:s}').format(
self.NAME, record_index, file_entry.name, exception))
for record_index in range(0, evt_file.number_of_recovered_records):
try:
evt_record = evt_file.get_recovered_record(record_index)
self._ParseRecord(
parser_context, evt_record, file_entry=file_entry, recovered=True)
except IOError as exception:
logging.info((
u'[{0:s}] unable to parse recovered event record: {1:d} in file: '
u'{2:s} with error: {3:s}').format(
self.NAME, record_index, file_entry.name, exception))
evt_file.close()
file_object.close()
def pyevt_test_single_open_close_file(filename, mode):
if not filename:
filename_string = "None"
else:
filename_string = filename
print("Testing single open close of: {0:s} with access: {1:s}\t".format(
filename_string, get_mode_string(mode)))
result = True
try:
evt_file = pyevt.file()
evt_file.open(filename, mode)
evt_file.close()
except TypeError as exception:
expected_message = (
"{0:s}: unsupported string object type.").format(
"pyevt_file_open")
if not filename and str(exception) == expected_message:
pass
else:
print(str(exception))
result = False
except ValueError as exception:
expected_message = (
"{0:s}: unsupported mode: w.").format(
"pyevt_file_open")
if mode != "w" or str(exception) != expected_message:
print(str(exception))
result = False
except Exception as exception:
print(str(exception))
result = False
if not result:
print("(FAIL)")
else:
print("(PASS)")
return result
def _OpenFile(self):
'''Open the WindowsEventHandler's evt or evtx file handle for processing'''
if self.ext.lower().endswith('evtx'):
self.eventfile_type = 'evtx'
self.file = pyevtx.file()
elif self.ext.lower().endswith('evt'):
self.eventfile_type = 'evt'
self.file = pyevt.file()
elif self.ext.lower().endswith('json'):
self.eventfile_type = 'evtxtract'
self.file = EvtXtractFile()
else:
raise Exception('{} Is not a supported extention. (.evt || .evtx || .json [EVTXtract json file]) [{}]'.format(
self.ext,
self.filename
))
self.file.open(self.filename)
def _ReadEVT(self, source):
"""Read an EventLog file.
Args:
source (str): name of the EventLog file that contains the process start
and stop events.
Yields:
pyevt.record: EventLog record.
"""
evt_file = pyevt.file()
evt_file.open(source)
# pylint: disable=not-an-iterable
for evt_record in evt_file.records:
yield evt_record
evt_file.close()
def ParseFileObject(self, parser_mediator, file_object, **kwargs):
"""Parses a Windows EventLog (EVT) file-like object.
Args:
parser_mediator: A parser mediator object (instance of ParserMediator).
file_object: A file-like object.
Raises:
UnableToParseFile: when the file cannot be parsed.
"""
file_name = parser_mediator.GetDisplayName()
evt_file = pyevt.file()
evt_file.set_ascii_codepage(parser_mediator.codepage)
try:
evt_file.open_file_object(file_object)
except IOError as exception:
evt_file.close()
raise errors.UnableToParseFile(
u'[{0:s}] unable to parse file {1:s} with error: {2:s}'.format(
self.NAME, file_name, exception))
for record_index in range(0, evt_file.number_of_records):
try:
evt_record = evt_file.get_record(record_index)
self._ParseRecord(parser_mediator, evt_record,)
except IOError as exception:
logging.warning((
u'[{0:s}] unable to parse event record: {1:d} in file: {2:s} '
u'with error: {3:s}').format(
self.NAME, record_index, file_name, exception))
for record_index in range(0, evt_file.number_of_recovered_records):
try:
evt_record = evt_file.get_recovered_record(record_index)
self._ParseRecord(parser_mediator, evt_record, recovered=True)
except IOError as exception:
logging.info((
u'[{0:s}] unable to parse recovered event record: {1:d} in file: '
u'{2:s} with error: {3:s}').format(
self.NAME, record_index, file_name, exception))
evt_file.close()
def test_open(self):
"""Tests the open function."""
if not unittest.source:
return
evt_file = pyevt.file()
evt_file.open(unittest.source)
with self.assertRaises(IOError):
evt_file.open(unittest.source)
evt_file.close()
with self.assertRaises(TypeError):
evt_file.open(None)
with self.assertRaises(ValueError):
evt_file.open(unittest.source, mode="w")
def test_set_ascii_codepage(self):
"""Tests the set_ascii_codepage function."""
supported_codepages = (
"ascii", "cp874", "cp932", "cp936", "cp949", "cp950", "cp1250",
"cp1251", "cp1252", "cp1253", "cp1254", "cp1255", "cp1256", "cp1257",
"cp1258")
evt_file = pyevt.file()
for codepage in supported_codepages:
evt_file.set_ascii_codepage(codepage)
unsupported_codepages = (
"iso-8859-1", "iso-8859-2", "iso-8859-3", "iso-8859-4", "iso-8859-5",
"iso-8859-6", "iso-8859-7", "iso-8859-8", "iso-8859-9", "iso-8859-10",
"iso-8859-11", "iso-8859-13", "iso-8859-14", "iso-8859-15",
"iso-8859-16", "koi8_r", "koi8_u")
for codepage in unsupported_codepages:
with self.assertRaises(RuntimeError):
evt_file.set_ascii_codepage(codepage)
def pyevt_test_single_open_close_file_object(filename, mode):
print(("Testing single open close of file-like object of: {0:s} "
"with access: {1:s}\t").format(filename, get_mode_string(mode)))
result = True
try:
file_object = open(filename, "rb")
evt_file = pyevt.file()
evt_file.open_file_object(file_object, mode)
evt_file.close()
except Exception as exception:
print(str(exception))
result = False
if not result:
print("(FAIL)")
else:
print("(PASS)")
return result
def pyevt_test_multi_open_close_file(filename, mode):
print("Testing multi open close of: {0:s} with access: {1:s}\t".format(
filename, get_mode_string(mode)))
result = True
try:
evt_file = pyevt.file()
evt_file.open(filename, mode)
evt_file.close()
evt_file.open(filename, mode)
evt_file.close()
except Exception as exception:
print(str(exception))
result = False
if not result:
print("(FAIL)")
else:
print("(PASS)")
return result
def ParseFileObject(self, parser_mediator, file_object, **kwargs):
"""Parses a Windows EventLog (EVT) file-like object.
Args:
parser_mediator: a parser mediator object (instance of ParserMediator).
file_object: a file-like object.
Raises:
UnableToParseFile: when the file cannot be parsed.
"""
evt_file = pyevt.file()
evt_file.set_ascii_codepage(parser_mediator.codepage)
try:
evt_file.open_file_object(file_object)
except IOError as exception:
display_name = parser_mediator.GetDisplayName()
raise errors.UnableToParseFile(
u'[{0:s}] unable to parse file {1:s} with error: {2:s}'.format(
self.NAME, display_name, exception))
for record_index, evt_record in enumerate(evt_file.records):
try:
self._ParseRecord(parser_mediator, record_index, evt_record)
except IOError as exception:
parser_mediator.ProduceParseError(
u'unable to parse event record: {0:d} with error: {1:s}'.format(
record_index, exception))
for record_index, evt_record in enumerate(evt_file.recovered_records):
try:
self._ParseRecord(
parser_mediator, record_index, evt_record, recovered=True)
except IOError as exception:
parser_mediator.ProduceParseError((
u'unable to parse recovered event record: {0:d} with error: '
u'{1:s}').format(record_index, exception))
evt_file.close()
def test_open_file_object(self):
"""Tests the open_file_object function."""
if not unittest.source:
return
file_object = open(unittest.source, "rb")
evt_file = pyevt.file()
evt_file.open_file_object(file_object)
with self.assertRaises(IOError):
evt_file.open_file_object(file_object)
evt_file.close()
# TODO: change IOError into TypeError
with self.assertRaises(IOError):
evt_file.open_file_object(None)
with self.assertRaises(ValueError):
evt_file.open_file_object(file_object, mode="w")
def ParseFileObject(self, parser_mediator, file_object):
"""Parses a Windows EventLog (EVT) file-like object.
Args:
parser_mediator (ParserMediator): mediates interactions between parsers
and other components, such as storage and dfvfs.
file_object (dfvfs.FileIO): a file-like object.
"""
evt_file = pyevt.file()
evt_file.set_ascii_codepage(parser_mediator.codepage)
try:
evt_file.open_file_object(file_object)
except IOError as exception:
parser_mediator.ProduceExtractionError(
'unable to open file with error: {0!s}'.format(exception))
return
try:
self._ParseRecords(parser_mediator, evt_file)
finally:
evt_file.close()
def ParseFileObject(self, parser_mediator, file_object, **kwargs):
"""Parses a Windows EventLog (EVT) file-like object.
Args:
parser_mediator: a parser mediator object (instance of ParserMediator).
file_object: a file-like object.
"""
evt_file = pyevt.file()
evt_file.set_ascii_codepage(parser_mediator.codepage)
try:
evt_file.open_file_object(file_object)
except IOError as exception:
parser_mediator.ProduceParseError(
u'unable to open file with error: {0:s}'.format(exception))
return
for record_index, evt_record in enumerate(evt_file.records):
try:
self._ParseRecord(parser_mediator, record_index, evt_record)
except IOError as exception:
parser_mediator.ProduceParseError(
u'unable to parse event record: {0:d} with error: {1:s}'.
format(record_index, exception))
for record_index, evt_record in enumerate(evt_file.recovered_records):
try:
self._ParseRecord(parser_mediator,
record_index,
evt_record,
recovered=True)
except IOError as exception:
parser_mediator.ProduceParseError((
u'unable to parse recovered event record: {0:d} with error: '
u'{1:s}').format(record_index, exception))
evt_file.close()
def Main():
DEBUG_FILE = sys.argv[1]
RECORD_INDEX = sys.argv[2]
RECOVERED = sys.argv[3]
if DEBUG_FILE.lower().endswith('.evt'):
evfile = pyevt.file()
evfile.open(DEBUG_FILE)
elif DEBUG_FILE.lower().endswith('.evtx'):
evfile = evtxfile.file()
evfile.open(DEBUG_FILE)
else:
print u'File needs .evt or .evtx extention. {}'.format(DEBUG_FILE)
sys.exit(1)
if RECOVERED:
record = evtxfile.get_record(RECORD_INDEX)
else:
record = evtxfile.get_recovered_record(RECORD_INDEX)
try:
xml_string = record.xml_string
except:
print u'Record has no xml_string'
list_names = [
'Event.EventData.Data',
'Event.EventData.Binary',
]
drec = XmlHandler.GetDictionary(
xml_string,
force_list=list_names
)
print drec
def test_open_file_object(self):
"""Tests the open_file_object function."""
if not unittest.source:
raise unittest.SkipTest("missing source")
if not os.path.isfile(unittest.source):
raise unittest.SkipTest("source not a regular file")
evt_file = pyevt.file()
with open(unittest.source, "rb") as file_object:
evt_file.open_file_object(file_object)
with self.assertRaises(IOError):
evt_file.open_file_object(file_object)
evt_file.close()
with self.assertRaises(TypeError):
evt_file.open_file_object(None)
with self.assertRaises(ValueError):
evt_file.open_file_object(file_object, mode="w")
def pyevt_test_single_open_close_file_object_with_dereference(filename, mode):
file_object = open(filename, mode)
evt_file = pyevt.file()
evt_file.open_file_object(file_object, mode)
del file_object
evt_file.close()
def pyevt_test_single_open_close_file_object(filename, mode):
file_object = open(filename, mode)
evt_file = pyevt.file()
evt_file.open_file_object(file_object, mode)
evt_file.close()
def pyevt_test_multi_open_close_file(filename, mode):
evt_file = pyevt.file()
evt_file.open(filename, mode)
evt_file.close()
evt_file.open(filename, mode)
evt_file.close()
def main(argc, argv):
result = 0
if argc != 1:
print "Usage: pyevt_test_set_ascii_codepage.py\n"
return 1
supported_codepages = [
"ascii", "cp874", "cp932", "cp936", "cp949", "cp950", "cp1250",
"cp1251", "cp1252", "cp1253", "cp1254", "cp1255", "cp1256", "cp1257",
"cp1258"
]
unsupported_codepages = [
"iso-8859-1", "iso-8859-2", "iso-8859-3", "iso-8859-4", "iso-8859-5",
"iso-8859-6", "iso-8859-7", "iso-8859-8", "iso-8859-9", "iso-8859-10",
"iso-8859-11", "iso-8859-13", "iso-8859-14", "iso-8859-15",
"iso-8859-16", "koi8_r", "koi8_u"
]
evt_file = pyevt.file()
for codepage in supported_codepages:
print "Testing setting supported ASCII codepage of: %s:\t" % (
codepage),
try:
evt_file.ascii_codepage = codepage
result = 0
except:
result = 1
if result != 0:
print "(FAIL)"
return 1
print "(PASS)"
print "Testing setting supported ASCII codepage of: %s:\t" % (
codepage),
try:
evt_file.set_ascii_codepage(codepage)
result = 0
except:
result = 1
if result != 0:
print "(FAIL)"
return 1
print "(PASS)"
for codepage in unsupported_codepages:
print "Testing setting unsupported ASCII codepage of: %s:\t" % (
codepage),
result = 1
try:
evt_file.ascii_codepage = codepage
except RuntimeError, exception:
if exception.message == "pyevt_file_set_ascii_codepage_from_string: unable to determine ASCII codepage.":
result = 0
except:
def test_signal_abort(self):
"""Tests the signal_abort function."""
evt_file = pyevt.file()
evt_file.signal_abort()
def main():
supported_codepages = [
"ascii", "cp874", "cp932", "cp936", "cp949", "cp950", "cp1250",
"cp1251", "cp1252", "cp1253", "cp1254", "cp1255", "cp1256", "cp1257",
"cp1258"
]
unsupported_codepages = [
"iso-8859-1", "iso-8859-2", "iso-8859-3", "iso-8859-4", "iso-8859-5",
"iso-8859-6", "iso-8859-7", "iso-8859-8", "iso-8859-9", "iso-8859-10",
"iso-8859-11", "iso-8859-13", "iso-8859-14", "iso-8859-15",
"iso-8859-16", "koi8_r", "koi8_u"
]
evt_file = pyevt.file()
result = True
for codepage in supported_codepages:
print("Testing setting supported ASCII codepage of: {0:s}:\t".format(
codepage)),
try:
evt_file.ascii_codepage = codepage
result = True
except:
result = False
if not result:
print("(FAIL)")
return False
print("(PASS)")
print("Testing setting supported ASCII codepage of: {0:s}:\t".format(
codepage)),
try:
evt_file.set_ascii_codepage(codepage)
result = True
except:
result = False
if not result:
print("(FAIL)")
return False
print("(PASS)")
for codepage in unsupported_codepages:
print("Testing setting unsupported ASCII codepage of: {0:s}:\t".
format(codepage)),
result = False
try:
evt_file.ascii_codepage = codepage
except RuntimeError as exception:
expected_message = (
"{0:s}: unable to determine ASCII codepage."
).format("pyevt_file_set_ascii_codepage_from_string")
if str(exception) == expected_message:
result = True
except:
pass
if not result:
print("(FAIL)")
return False
print("(PASS)")
print("Testing setting unsupported ASCII codepage of: {0:s}:\t".
format(codepage)),
result = False
try:
evt_file.set_ascii_codepage(codepage)
except RuntimeError as exception:
expected_message = (
"{0:s}: unable to determine ASCII codepage."
).format("pyevt_file_set_ascii_codepage_from_string")
if str(exception) == expected_message:
result = True
except:
pass
if not result:
print("(FAIL)")
return False
print("(PASS)")
return True
def test_signal_abort(self):
"""Tests the signal_abort function."""
evt_file = pyevt.file()
evt_file.signal_abort()
def main():
supported_codepages = [
"ascii", "cp874", "cp932", "cp936", "cp949", "cp950", "cp1250",
"cp1251", "cp1252", "cp1253", "cp1254", "cp1255", "cp1256", "cp1257",
"cp1258"]
unsupported_codepages = [
"iso-8859-1", "iso-8859-2", "iso-8859-3", "iso-8859-4", "iso-8859-5",
"iso-8859-6", "iso-8859-7", "iso-8859-8", "iso-8859-9", "iso-8859-10",
"iso-8859-11", "iso-8859-13", "iso-8859-14", "iso-8859-15",
"iso-8859-16", "koi8_r", "koi8_u"]
evt_file = pyevt.file()
result = True
for codepage in supported_codepages:
print("Testing setting supported ASCII codepage of: {0:s}:\t".format(
codepage)),
try:
evt_file.ascii_codepage = codepage
result = True
except:
result = False
if not result:
print("(FAIL)")
return False
print("(PASS)")
print("Testing setting supported ASCII codepage of: {0:s}:\t".format(
codepage)),
try:
evt_file.set_ascii_codepage(codepage)
result = True
except:
result = False
if not result:
print("(FAIL)")
return False
print("(PASS)")
for codepage in unsupported_codepages:
print("Testing setting unsupported ASCII codepage of: {0:s}:\t".format(
codepage)),
result = False
try:
evt_file.ascii_codepage = codepage
except RuntimeError as exception:
expected_message = (
"{0:s}: unable to determine ASCII codepage.").format(
"pyevt_file_set_ascii_codepage_from_string")
if str(exception) == expected_message:
result = True
except:
pass
if not result:
print("(FAIL)")
return False
print("(PASS)")
print("Testing setting unsupported ASCII codepage of: {0:s}:\t".format(
codepage)),
result = False
try:
evt_file.set_ascii_codepage(codepage)
except RuntimeError as exception:
expected_message = (
"{0:s}: unable to determine ASCII codepage.").format(
"pyevt_file_set_ascii_codepage_from_string")
if str(exception) == expected_message:
result = True
except:
pass
if not result:
print("(FAIL)")
return False
print("(PASS)")
return True
