Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ESE parser - internal fork #80

Open
wants to merge 44 commits into
base: master
Choose a base branch
from
Open

ESE parser - internal fork #80

wants to merge 44 commits into from

Conversation

srlehn
Copy link
Collaborator

@srlehn srlehn commented May 31, 2024

ESE parser - internal fork

not sure if this is the way to go

scudette and others added 30 commits November 3, 2019 09:09
@scudette
Initial commit
f089f37
@scudette
Initial commit of ordered dicts.
8f8de26
@scudette
Changed package name
c16e191
@scudette
Properly escape key values.
3b5a5f6
@scudette
Added some useful utilities. (#1)
97c468e
@scudette
Initial work on the parser.
4194f9d
@scudette
More development
eacfe8d
@scudette
Implemented Dump Table.
e04cb2f
@scudette
Merge pull request #1 from Velocidex/dev
accbd8c 
Implemented Dump Table.
@scudette
Support WebCache files.
4494ac6
@scudette
Merge pull request #2 from Velocidex/dev
a2d1f07 
Support WebCache files.
@scudette
Fixed bug in parsing tagged values. (#3)
454d6d7
@scudette
Performance optimizations. (#4)
fbe615a
@scudette
Bugfix: Do not walk pages we walked before. (#5)
40f3521
@scudette
Check for empty buffer (#7)
e7c1503 
Avoids panic on empty tags
@scudette
Force JSON serialization of times in UTC (#2)
0d78f9f 
Due to Golang limitations it is not possible to force json
serialization of time.Time into UTC in all cases. This hack is a
workaround this limitation by special casing time.Time inside an
ordereddict.Dict. It works well in most cases.
@scudette
Print dict as a JSON string. (#3)
1749497 
This is usually more useful than an ad-hoc String() method.
@scudette
Added Delete() method
bc44e4e 
This is not very efficient but should be ok for small dicts.
@scudette
Added convenience methods GetString() and GetInt64() (#4)
4cd6048
@scudette
Support all int types for GetInt64() (#5)
b012020
@scudette
Fixed bug in getstrings. (#6)
52f2ea5
@scudette
Fixed crash with GetStrings when value is nil (#7)
9f5b751
@scudette
No longer force json encoding of time to UTC (#8)
9460a67
@scudette
Prevent deadlock when self reference (#9)
cf5d904
@scudette
Added GUID cell type (#1) (#11)
aa39c37 
To support new User Access Log type ESE files.
@scudette
Support integers in tagged sections (#12)
40ce469 
Tagged sections are used to represent sparse rows. This is used to
store UAL day columns.
@scudette
Decode uint64 correctly from JSON (#11)
c5d39d5
@scudette
Fixed bug in parsing ESE Datetimes (#13)
bd222af 
Turns out the documentation is misleading - the time represents the
number of days since Dec 30 1899 not Jan 1 1900
@scudette
Added GetBool() convenience function (#12)
c8e40f1
@scudette
Support ordered yaml encoding (#13)
572009c
scudette and others added 13 commits January 7, 2022 17:50
@scudette
Sync deps (#14)
3dbe584
@scudette
Optimize Dict serialization. (#15)
79032cf
@scudette
Fix crash when unmarshaling zero value (#16)
da46091
@scudette
Decode time objects from JSON (#17)
6a7cb85
@scudette
Support 7 bit compression in large text fields (#17)
c3dbe80 
These are used in WebCacheV01.dat and Windows.edb commonly
@scudette
Build with ubuntu (#19)
9392344
@scudette
Null Terminate strings (#20)
e26c2c8
@scudette
Implement custom yaml unmarshal (#18)
2aa49cc
@scudette
Implemented long value support (#22)
744a605 
I discovered that the source code for ESE was published by Microsoft and
so this work is based around reading the original source code.

Added more documentation to the file format.
@scudette
Bugfix: Off by one on parsing tags can return garbage LINE (#23)
18bc6dc
@srlehn
Add 'ordereddict/' from commit '2aa49cc5d11d51b06db3d0234aea849a5c8f5…
e6ba9f6 
…e5d'

git-subtree-dir: ordereddict
git-subtree-mainline: 18bc6dc
git-subtree-split: 2aa49cc
@srlehn
Add 'internal/eseparser/' from commit 'e6ba9f6ca2b7736fff17e30081cd7d…
1c1cd22 
…f199424888'

git-subtree-dir: internal/eseparser
git-subtree-mainline: 8982889
git-subtree-split: e6ba9f6
@srlehn
create internal fork of www.velocidex.com/golang/go-ese/parser and gi…
cfb0ba4 
…thub.com/Velocidex/ordereddict with additional json and yaml dependencies stripped off
@srlehn srlehn requested a review from zellyn May 31, 2024 22:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zellyn zellyn Awaiting requested review from zellyn

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@srlehn @scudette