Worked on Python bindings

evtxtools/info_handle.c

@@ -437,7 +437,7 @@ int info_handle_file_fprint(
 
 		return( -1 );
 	}
-	if( libevtx_file_get_version(
+	if( libevtx_file_get_format_version(
 	     info_handle->input_file,
 	     &major_version,
 	     &minor_version,
@@ -447,7 +447,7 @@ int info_handle_file_fprint(
 		 error,
 		 LIBCERROR_ERROR_DOMAIN_RUNTIME,
 		 LIBCERROR_RUNTIME_ERROR_GET_FAILED,
-		 "%s: unable to retrieve file version.",
+		 "%s: unable to retrieve format version.",
 		 function );
 
 		return( -1 );

include/libevtx.h.in

@@ -286,11 +286,11 @@ int libevtx_file_set_ascii_codepage(
      int ascii_codepage,
      libevtx_error_t **error );
 
-/* Retrieves the file version
+/* Retrieves the format version
  * Returns 1 if successful or -1 on error
  */
 LIBEVTX_EXTERN \
-int libevtx_file_get_version(
+int libevtx_file_get_format_version(
      libevtx_file_t *file,
      uint16_t *major_version,
      uint16_t *minor_version,
@@ -343,6 +343,24 @@ int libevtx_file_get_recovered_record(
      libevtx_record_t **record,
      libevtx_error_t **error );
 
+/* -------------------------------------------------------------------------
+ * File functions - deprecated
+ * ------------------------------------------------------------------------- */
+
+/* Retrieves the version
+ *
+ * This function deprecated use libevtx_file_get_format_version instead
+ *
+ * Returns 1 if successful or -1 on error
+ */
+LIBEVTX_DEPRECATED \
+LIBEVTX_EXTERN \
+int libevtx_file_get_version(
+     libevtx_file_t *file,
+     uint16_t *major_version,
+     uint16_t *minor_version,
+     libevtx_error_t **error );
+
 /* -------------------------------------------------------------------------
  * Record functions
  * ------------------------------------------------------------------------- */
@@ -373,14 +391,13 @@ int libevtx_record_get_identifier(
      uint64_t *identifier,
      libevtx_error_t **error );
 
-/* Retrieves the written time
- * The timestamp is a 64-bit FILETIME date and time value
+/* Retrieves the 64-bit FILETIME value containing the written time
  * Returns 1 if successful or -1 on error
  */
 LIBEVTX_EXTERN \
 int libevtx_record_get_written_time(
      libevtx_record_t *record,
-     uint64_t *written_time,
+     uint64_t *filetime,
      libevtx_error_t **error );
 
 /* Retrieves the event identifier

libevtx/libevtx_file.c

@@ -1703,6 +1703,70 @@ int libevtx_file_set_ascii_codepage(
 	return( 1 );
 }
 
+/* Retrieves the format version
+ * Returns 1 if successful or -1 on error
+ */
+int libevtx_file_get_format_version(
+     libevtx_file_t *file,
+     uint16_t *major_version,
+     uint16_t *minor_version,
+     libcerror_error_t **error )
+{
+	libevtx_internal_file_t *internal_file = NULL;
+	static char *function                  = "libevtx_file_get_format_version";
+
+	if( file == NULL )
+	{
+		libcerror_error_set(
+		 error,
+		 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
+		 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
+		 "%s: invalid file.",
+		 function );
+
+		return( -1 );
+	}
+	internal_file = (libevtx_internal_file_t *) file;
+
+	if( internal_file->io_handle == NULL )
+	{
+		libcerror_error_set(
+		 error,
+		 LIBCERROR_ERROR_DOMAIN_RUNTIME,
+		 LIBCERROR_RUNTIME_ERROR_VALUE_MISSING,
+		 "%s: invalid file - missing IO handle.",
+		 function );
+
+		return( -1 );
+	}
+	if( major_version == NULL )
+	{
+		libcerror_error_set(
+		 error,
+		 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
+		 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
+		 "%s: invalid major version.",
+		 function );
+
+		return( -1 );
+	}
+	if( minor_version == NULL )
+	{
+		libcerror_error_set(
+		 error,
+		 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
+		 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
+		 "%s: invalid minor version.",
+		 function );
+
+		return( -1 );
+	}
+	*major_version = internal_file->io_handle->major_version;
+	*minor_version = internal_file->io_handle->minor_version;
+
+	return( 1 );
+}
+
 /* Retrieves the file version
  * Returns 1 if successful or -1 on error
  */

libevtx/libevtx_file.h

@@ -152,6 +152,13 @@ int libevtx_file_set_ascii_codepage(
      int ascii_codepage,
      libcerror_error_t **error );
 
+LIBEVTX_EXTERN \
+int libevtx_file_get_format_version(
+     libevtx_file_t *file,
+     uint16_t *major_version,
+     uint16_t *minor_version,
+     libcerror_error_t **error );
+
 LIBEVTX_EXTERN \
 int libevtx_file_get_version(
      libevtx_file_t *file,

libevtx/libevtx_record.c

@@ -350,13 +350,12 @@ int libevtx_record_get_identifier(
 	return( 1 );
 }
 
-/* Retrieves the written time
- * The timestamp is a 64-bit FILETIME date and time value
+/* Retrieves the 64-bit FILETIME value containing the written time
  * Returns 1 if successful or -1 on error
  */
 int libevtx_record_get_written_time(
      libevtx_record_t *record,
-     uint64_t *written_time,
+     uint64_t *filetime,
      libcerror_error_t **error )
 {
 	libevtx_internal_record_t *internal_record = NULL;
@@ -386,18 +385,18 @@ int libevtx_record_get_written_time(
 
 		return( -1 );
 	}
-	if( written_time == NULL )
+	if( filetime == NULL )
 	{
 		libcerror_error_set(
 		 error,
 		 LIBCERROR_ERROR_DOMAIN_ARGUMENTS,
 		 LIBCERROR_ARGUMENT_ERROR_INVALID_VALUE,
-		 "%s: invalid written time.",
+		 "%s: invalid filetime.",
 		 function );
 
 		return( -1 );
 	}
-	*written_time = internal_record->record_values->written_time;
+	*filetime = internal_record->record_values->written_time;
 
 	return( 1 );
 }

libevtx/libevtx_record.h

@@ -85,7 +85,7 @@ int libevtx_record_get_identifier(
 LIBEVTX_EXTERN \
 int libevtx_record_get_written_time(
      libevtx_record_t *record,
-     uint64_t *written_time,
+     uint64_t *filetime,
      libcerror_error_t **error );
 
 LIBEVTX_EXTERN \

manuals/libevtx.3

@@ -1,4 +1,4 @@
-.Dd April 22, 2016
+.Dd November 15, 2016
 .Dt libevtx 3
 .Os libevtx
 .Sh NAME
@@ -69,7 +69,7 @@ File functions
 .Ft int
 .Fn libevtx_file_set_ascii_codepage "libevtx_file_t *file, int ascii_codepage, libevtx_error_t **error"
 .Ft int
-.Fn libevtx_file_get_version "libevtx_file_t *file, uint16_t *major_version, uint16_t *minor_version, libevtx_error_t **error"
+.Fn libevtx_file_get_format_version "libevtx_file_t *file, uint16_t *major_version, uint16_t *minor_version, libevtx_error_t **error"
 .Ft int
 .Fn libevtx_file_get_flags "libevtx_file_t *file, uint32_t *flags, libevtx_error_t **error"
 .Ft int
@@ -97,7 +97,7 @@ Record functions
 .Ft int
 .Fn libevtx_record_get_identifier "libevtx_record_t *record, uint64_t *identifier, libevtx_error_t **error"
 .Ft int
-.Fn libevtx_record_get_written_time "libevtx_record_t *record, uint64_t *written_time, libevtx_error_t **error"
+.Fn libevtx_record_get_written_time "libevtx_record_t *record, uint64_t *filetime, libevtx_error_t **error"
 .Ft int
 .Fn libevtx_record_get_event_identifier "libevtx_record_t *record, uint32_t *event_identifier, libevtx_error_t **error"
 .Ft int

pyevtx/pyevtx.h

@@ -57,5 +57,5 @@ PyMODINIT_FUNC initpyevtx(
 }
 #endif
 
-#endif
+#endif /* !defined( _PYEVTX_H ) */
 

pyevtx/pyevtx_codepage.h

@@ -38,5 +38,5 @@ const char *pyevtx_codepage_to_string(
 }
 #endif
 
-#endif /* !defined( _PYEVTX_CODEPAGE_H */
+#endif /* !defined( _PYEVTX_CODEPAGE_H ) */
 

pyevtx/pyevtx_datetime.h

@@ -44,5 +44,5 @@ PyObject *pyevtx_datetime_new_from_posix_time(
 }
 #endif
 
-#endif
+#endif /* !defined( _PYEVTX_DATETIME_H ) */
 

pyevtx/pyevtx_event_levels.h

@@ -59,5 +59,5 @@ void pyevtx_event_levels_free(
 }
 #endif
 
-#endif
+#endif /* !defined( _PYEVTX_EVENT_LEVELS_H ) */