def test_ElfrReportEventW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, NULL, 'Security', '') resp.dump() request = even.ElfrReportEventW() request['LogHandle'] = resp['LogHandle'] request['Time'] = 5000000 request['EventType'] = even.EVENTLOG_ERROR_TYPE request['EventCategory'] = 0 request['EventID'] = 7037 request['ComputerName'] = 'MYCOMPUTER!' request['NumStrings'] = 1 request['DataSize'] = 0 request['UserSID'].fromCanonical('S-1-2-5-21') nn = even.PRPC_UNICODE_STRING() nn['Data'] = 'HOLA BETUSSS' request['Strings'].append(nn) request['Data'] = NULL request['Flags'] = 0 request['RecordNumber'] = NULL request['TimeWritten'] = NULL try: resp = dce.request(request) resp.dump() except Exception, e: if str(e).find('STATUS_ACCESS_DENIED') < 0: raise
def test_hElfrBackupELFW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, 'Security', '') resp.dump() with assertRaisesRegex(self, DCERPCException, "STATUS_OBJECT_NAME_INVALID"): even.hElfrBackupELFW(dce, resp['LogHandle'], '\\??\\c:\\beto2')
def test_hElfrReadELW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, 'Security', '') resp.dump() resp = even.hElfrReadELW(dce, resp['LogHandle'], even.EVENTLOG_SEQUENTIAL_READ | even.EVENTLOG_FORWARDS_READ, 0, even.MAX_BATCH_BUFF) resp.dump()
def atest_hElfrBackupELFW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, NULL, 'Security', '') resp.dump() try: resp = even.hElfrBackupELFW(dce, resp['LogHandle'], '\\??\\c:\\beto2') resp.dump() except Exception, e: if str(e).find('STATUS_OBJECT_NAME_INVALID') < 0: raise
def test_ElfrBackupELFW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, 'Security', '') resp.dump() request = even.ElfrBackupELFW() request['LogHandle'] = resp['LogHandle'] request['BackupFileName'] = '\\??\\c:\\beto2' with assertRaisesRegex(self, DCERPCException, "STATUS_OBJECT_NAME_INVALID"): dce.request(request)
def test_hElfrBackupELFW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, 'Security', '') resp.dump() try: resp = even.hElfrBackupELFW(dce, resp['LogHandle'], '\\??\\c:\\beto2') resp.dump() except Exception as e: if str(e).find('STATUS_OBJECT_NAME_INVALID') < 0: raise
def atest_ElfrReadELW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, NULL, 'Security', '') resp.dump() request = even.ElfrReadELW() request['LogHandle'] = resp['LogHandle'] request['ReadFlags'] = even.EVENTLOG_SEQUENTIAL_READ | even.EVENTLOG_FORWARDS_READ request['RecordOffset'] = 0 request['NumberOfBytesToRead'] = even.MAX_BATCH_BUFF/2 resp = dce.request(request) resp.dump()
def test_ElfrReadELW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, 'Security', '') resp.dump() request = even.ElfrReadELW() request['LogHandle'] = resp['LogHandle'] request['ReadFlags'] = even.EVENTLOG_SEQUENTIAL_READ | even.EVENTLOG_FORWARDS_READ request['RecordOffset'] = 0 request['NumberOfBytesToRead'] = even.MAX_BATCH_BUFF resp = dce.request(request) resp.dump()
def atest_ElfrBackupELFW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, NULL, 'Security', '') resp.dump() request = even.ElfrBackupELFW() request['LogHandle'] = resp['LogHandle'] request['BackupFileName'] = '\\??\\c:\\beto2' try: resp = dce.request(request) resp.dump() except Exception, e: if str(e).find('STATUS_OBJECT_NAME_INVALID') < 0: raise
def atest_hElfrOpenELW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, NULL, 'Security', '') resp.dump()
def atest_hElfrReadELW(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, NULL, 'Security', '') resp.dump() resp = even.hElfrReadELW(dce, resp['LogHandle'],even.EVENTLOG_SEQUENTIAL_READ | even.EVENTLOG_FORWARDS_READ,0, even.MAX_BATCH_BUFF/2 ) resp.dump()
def test_hElfrOldestRecordNumber(self): dce, rpctransport = self.connect() resp = even.hElfrOpenELW(dce, 'Security', '') resp.dump() resp = even.hElfrOldestRecordNumber(dce, resp['LogHandle']) resp.dump()