winevtrc package

Submodules

winevtrc.database module

Read from and write to SQLite databases.

class winevtrc.database.ResourcesSQLite3DatabaseReader[source]

Bases: object

Event Log resources SQLite database reader.

Close()[source]

Closes the database reader.

GetEventLogProviders()[source]

Retrieves the Event Log providers.

Yields:

EventLogProvider – an Event Log provider.

GetMessage(log_source, lcid, message_identifier)[source]

Retrieves a specific message for a specific Event Log source.

Parameters:
  • log_source (str) – Event Log source.

  • lcid (int) – language code identifier (LCID).

  • message_identifier (int) – message identifier.

Returns:

the message string or None if not available.

Return type:

str

GetMessages(log_source, lcid)[source]

Retrieves the messages of a specific Event Log source.

Parameters:
  • log_source (str) – Event Log source.

  • lcid (int) – language code identifier (LCID).

Yields:

tuple[int, str] – message identifier and message string.

GetMetadataAttribute(attribute_name)[source]

Retrieves the metadata attribute.

Parameters:

attribute_name (str) – name of the metadata attribute.

Returns:

value of the metadata attribute or None.

Return type:

str

Raises:
  • IOError – if more than one value is found in the database.

  • OSError – if more than one value is found in the database.

Open(filename)[source]

Opens the database reader.

Parameters:

filename (str) – filename of the database.

Returns:

True if successful or False if not.

Return type:

bool

__init__()[source]

Initializes the database reader.

class winevtrc.database.ResourcesSQLite3DatabaseWriter(string_format='wrc')[source]

Bases: object

Event Log resources SQLite database writer.

Close()[source]

Closes the database writer.

Open(filename)[source]

Opens the database writer.

Parameters:

filename (str) – filename of the database.

Returns:

True if successful or False if not.

Return type:

bool

WriteEventLogProvider(event_log_provider)[source]

Writes the Event Log provider.

Parameters:

event_log_provider (EventLogProvider) – Event Log provider.

WriteMessageFile(message_file)[source]

Writes a message file.

Parameters:

message_file (ExportMessageFile) – message file.

WriteMessageFilesPerEventLogProvider(event_log_provider, message_filename, message_file_type)[source]

Writes the message files used by an Event Log provider.

Parameters:
  • event_log_provider (EventLogProvider) – Event Log provider.

  • message_filename (str) – message filename.

  • message_file_type (str) – message file type.

WriteMessageTable(message_file, message_table)[source]

Writes a message table for a specific language identifier.

Parameters:
WriteMetadataAttribute(attribute_name, attribute_value)[source]

Writes a metadata attribute.

Parameters:
  • attribute_name (str) – name of the metadata attribute.

  • attribute_value (str) – value of the metadata attribute.

__init__(string_format='wrc')[source]

Initializes the database writer.

Parameters:

string_format (Optional[str]) – string format. The default is the Windows Resource (wrc) format.

class winevtrc.database.SQLite3DatabaseFile[source]

Bases: object

A SQLite database file.

Close()[source]

Closes the database file.

Raises:
  • IOError – if the database is not opened.

  • OSError – if the database is not opened.

CreateTable(table_name, column_definitions)[source]

Creates a table.

Parameters:
  • table_name (str) – table name.

  • column_definitions (list[str]) – column definitions.

Raises:
  • BackendError – if the database back-end raises an exception.

  • IOError – if the database is not opened or if the database is in read-only mode.

  • OSError – if the database is not opened or if the database is in read-only mode.

GetValues(table_names, column_names, condition)[source]

Retrieves values from a table.

Parameters:
  • table_names (list[str]) – table names.

  • column_names (list[str]) – column names.

  • condition (str) – condition.

Returns:

values generator.

Return type:

generator

Raises:
  • IOError – if the database is not opened.

  • OSError – if the database is not opened.

HasTable(table_name)[source]

Determines if a specific table exists.

Parameters:

table_name (str) – table name.

Returns:

True if the table exists, false otherwise.

Return type:

bool

Raises:
  • BackendError – if the database back-end raises an exception.

  • IOError – if the database is not opened.

  • OSError – if the database is not opened.

InsertValues(table_name, column_names, values)[source]

Inserts values into a table.

Parameters:
  • table_name (str) – table name.

  • column_names (list[str]) – column names.

  • values (list[str]) – values formatted as a string.

Raises:
  • BackendError – if the database back-end raises an exception.

  • IOError – if the database is not opened or if the database is in read-only mode or if an unsupported value type is encountered.

  • OSError – if the database is not opened or if the database is in read-only mode or if an unsupported value type is encountered.

Open(filename, read_only=False)[source]

Opens the database file.

Parameters:
  • filename (str) – filename of the database.

  • read_only (Optional[bool]) – True if the database should be opened in read-only mode. Since sqlite3 does not support a real read-only mode we fake it by only permitting SELECT queries.

Returns:

True if successful or False if not.

Return type:

bool

Raises:
  • BackendError – if the database back-end raises an exception.

  • IOError – if the database is already opened.

  • OSError – if the database is already opened.

__init__()[source]

Initializes the database file.

winevtrc.definitions module

The Windows Event Log resource definitions.

winevtrc.dfvfs_helpers module

dfVFS helpers.

winevtrc.dfvfs_helpers.AddDFVFSCLIArguments(argument_parser)[source]

Adds dfVFS command line arguments.

Parameters:

argument_parser (argparse.ArgumentParser) – argument parser.

class winevtrc.dfvfs_helpers.DFVFSFileSystemHelper(*args: Any, **kwargs: Any)[source]

Bases: FileSystemHelper, VolumeScanner

dfVFS file system helper.

BasenamePath(path)[source]

Determines the basename of the path.

Parameters:

path (str) – path.

Returns:

basename of the path.

Return type:

str

CheckFileExistsByPath(path)[source]

Checks if a specific file exists.

Parameters:

path (str) – path of the file.

Returns:

True if the file exists, False otherwise.

Return type:

bool

DirnamePath(path)[source]

Determines the directory name of the path.

Parameters:

path (str) – path.

Returns:

directory name of the path or None.

Return type:

str

GetFileSizeByPath(path)[source]

Retrieves the size of a specific file.

Parameters:

path (str) – path of the file.

Returns:

size of the file in bytes or None if not available.

Return type:

int

JoinPath(path_segments)[source]

Joins the path segments into a path.

Parameters:

path_segments (list[str]) – path segments.

Returns:

joined path segments prefixed with the path separator.

Return type:

str

ListDirectory(path)[source]

Lists the entries in a directory.

Parameters:

path (str) – path of the directory.

Yields:

str – name of a directory entry.

OpenFileByPath(path)[source]

Opens a specific file.

Parameters:

path (str) – path of the file.

Returns:

file-like object of the file.

Return type:

file

OpenFileSystem(path_spec)[source]

Opens a file system.

Parameters:

path_spec (dfvfs.PathSpec) – file system path specification.

SplitPath(path)[source]

Splits the path into path segments.

Parameters:

path (str) – path.

Returns:

path segments without the root path segment, which is

an empty string.

Return type:

list[str]

__init__(mediator)[source]

dfVFS file system helper.

Parameters:

mediator (dfvfs.VolumeScannerMediator) – mediator.

winevtrc.dfvfs_helpers.ParseDFVFSCLIArguments(options)[source]

Parses dfVFS command line arguments.

Parameters:

options (argparse.Namespace) – command line arguments.

Returns:

dfVFS file system helper or None if no file system

could be found.

Return type:

DFVFSFileSystemHelper

winevtrc.dfvfs_helpers.SetDFVFSBackEnd(back_end)[source]

Sets the dfVFS back-end.

Parameters:

back_end (str) – dfVFS back-end.

winevtrc.documentation module

Documentation writers.

class winevtrc.documentation.DocumentationFileWriter(path)[source]

Bases: object

Documentation file writer.

Close()[source]

Closes the documentation file writer object.

Open()[source]

Opens the documentation file writer object.

__enter__()[source]

Make this work with the ‘with’ statement.

__exit__(exception_type, value, traceback)[source]

Make this work with the ‘with’ statement.

__init__(path)[source]

Initializes a documentation file writer.

class winevtrc.documentation.EventLogProviderMarkdownWriter(path)[source]

Bases: DocumentationFileWriter

Event Log provider Markdown file writer.

WriteEventLogProvider(event_log_provider, windows_versions)[source]

Writes an Event Log provider to a Markdown file.

Parameters:
  • event_log_provider (EventLogProvider) – Event Log provider.

  • windows_versions (list[str]) – strings that identify the Windows versions.

class winevtrc.documentation.EventLogProvidersIndexRstWriter(path)[source]

Bases: DocumentationFileWriter

Event Log providers index.rst file writer.

WriteEventLogProvider(name)[source]

Writes an Event Log provider to the index.rst file.

Parameters:

name (str) – name of the Event Log provider.

class winevtrc.documentation.MessageFileMarkdownWriter(path)[source]

Bases: DocumentationFileWriter

Message file Markdown file writer.

WriteMessageFile(message_file)[source]

Writes a message file.

Parameters:

message_file (ExportMessageFile) – message file.

class winevtrc.documentation.MessageFilesIndexRstWriter(path)[source]

Bases: DocumentationFileWriter

Message files index.rst file writer.

WriteMessageFile(name)[source]

Writes a message file to the index.rst file.

Parameters:

name (str) – name of the message file.

winevtrc.errors module

The error objects.

exception winevtrc.errors.BackendError[source]

Bases: Error

Error that is raised for database back-end exceptions.

exception winevtrc.errors.Error[source]

Bases: Exception

The error interface.

winevtrc.eventlog_providers module

Windows Event Log providers collector.

class winevtrc.eventlog_providers.EventLogProvidersCollector[source]

Bases: object

Windows Event Log providers collector.

Collect(registry)[source]

Collects Windows Event Log providers from a Windows Registry.

Parameters:

registry (dfwinreg.WinRegistry) – Windows Registry.

Returns:

Event Log provider generator.

Return type:

generator[EventLogProvider]

winevtrc.exporter module

Windows Event Log message resource exporter.

class winevtrc.exporter.ExportEventLogProvider(name)[source]

Bases: object

Event Log provider.

name

name.

Type:

str

providers_with_versions

Event Log providers with corresponding Windows versions.

Type:

list[tuple[EventLogProvider, list[str]]]

__init__(name)[source]

Initialized an Event Log provider.

Parameters:

name (str) – name.

class winevtrc.exporter.ExportMessageFile(name)[source]

Bases: object

Windows Event Log message file.

message_tables

message tables.

Type:

list[MessageTable]

name

name.

Type:

str

windows_path

Windows path.

Type:

str

GetMessageTables()[source]

Retrieves the message tables.

Yields:

MessageTable – message table.

__init__(name)[source]

Initializes the message file.

Parameters:

name (str) – name.

class winevtrc.exporter.Exporter[source]

Bases: object

Exports the strings extracted from Windows EventLog message files.

Export(source_path, output_writer)[source]

Exports the strings extracted from message files.

Parameters:
__init__()[source]

Initializes a Windows Event Log message resource exporter.

class winevtrc.exporter.ExporterOutputWriter[source]

Bases: object

Exporter output writer.

abstract Close()[source]

Closes the output writer.

abstract Open()[source]

Opens the output writer.

Returns:

True if successful or False if not.

Return type:

bool

abstract WriteEventLogProvider(export_event_log_provider)[source]

Writes an Event Log provider.

Parameters:

export_event_log_provider (ExportEventLogProvider) – Event Log provider.

abstract WriteMessageFile(message_file)[source]

Writes a message file.

Parameters:

message_file (ExportMessageFile) – message file.

abstract WriteMessageFilesPerEventLogProvider(event_log_provider, message_file)[source]

Writes a mapping between an Event Log provider and a message file.

Parameters:

winevtrc.extractor module

Windows Event Log message resource extractor.

class winevtrc.extractor.EventMessageStringExtractor(*args: Any, **kwargs: Any)[source]

Bases: WindowsVolumeScanner

Windows Event Log message string extractor.

ascii_codepage

ASCII string codepage.

Type:

str

missing_message_filenames

names of message files that were not found or without a resource section.

Type:

list[str]

missing_resources_message_filenames

names of message files, where both a string and a message table resource is missing.

Type:

list[str]

preferred_language_identifier

preferred language identifier (LCID).

Type:

int

CollectEventLogProviders()[source]

Retrieves the Event Log providers.

Yields:

EventLogProvider – Event Log provider.

CollectSystemEnvironmentVariables()[source]

Collects the system environment variables.

GetMessageResourceFile(event_log_provider, message_filename)[source]

Retrieves an Event Log message resource file.

Parameters:
  • event_log_provider (EventLogProvider) – Event Log provider.

  • message_filename (str) – message filename.

Returns:

message resource file or None if not available or

already processed.

Return type:

WindowsResourceFile

GetNormalizedMessageFilePath(path)[source]

Retrieves a normalized variant of a message file path.

Parameters:

path (str) – path of a message file.

Returns:

normalized path of a message file.

Return type:

str

ScanForWindowsVolume(source_path, options=None)[source]

Scans for a Windows volume.

Parameters:
  • source_path (str) – source path.

  • options (Optional[VolumeScannerOptions]) – volume scanner options. If None the default volume scanner options are used, which are defined in the VolumeScannerOptions class.

Returns:

True if a Windows volume was found.

Return type:

bool

Raises:

ScannerError – if the source path does not exists, or if the source path is not a file or directory, or if the format of or within the source file is not supported.

__init__(debug=False, mediator=None)[source]

Initializes a Windows Event Log message string extractor.

Parameters:
  • debug (Optional[bool]) – True if debug information should be printed.

  • mediator (dfvfs.VolumeScannerMediator) – a volume scanner mediator or None.

property windows_version

The Windows version (getter).

winevtrc.file_system module

File system helper.

class winevtrc.file_system.FileSystemHelper[source]

Bases: object

File system helper interface.

abstract BasenamePath(path)[source]

Determines the basename of the path.

Parameters:

path (str) – path.

Returns:

basename of the path.

Return type:

str

abstract CheckFileExistsByPath(path)[source]

Checks if a specific file exists.

Parameters:

path (str) – path of the file.

Returns:

True if the file exists, False otherwise.

Return type:

bool

abstract DirnamePath(path)[source]

Determines the directory name of the path.

Parameters:

path (str) – path.

Returns:

directory name of the path or None.

Return type:

str

abstract GetFileSizeByPath(path)[source]

Retrieves the size of a specific file.

Parameters:

path (str) – path of the file.

Returns:

size of the file in bytes.

Return type:

int

abstract JoinPath(path_segments)[source]

Joins the path segments into a path.

Parameters:

path_segments (list[str]) – path segments.

Returns:

joined path segments prefixed with the path separator.

Return type:

str

abstract ListDirectory(path)[source]

Lists the entries in a directory.

Parameters:

path (str) – path of the directory.

Yields:

str – name of a directory entry.

abstract OpenFileByPath(path)[source]

Opens a specific file.

Parameters:

path (str) – path of the file.

Returns:

file-like object of the file.

Return type:

file

abstract SplitPath(path)[source]

Splits the path into path segments.

Parameters:

path (str) – path.

Returns:

path segments without the root path segment, which is

an empty string.

Return type:

list[str]

class winevtrc.file_system.NativeFileSystemHelper[source]

Bases: object

Python native system helper.

BasenamePath(path)[source]

Determines the basename of the path.

Parameters:

path (str) – path.

Returns:

basename of the path.

Return type:

str

CheckFileExistsByPath(path)[source]

Checks if a specific file exists.

Parameters:

path (str) – path of the file.

Returns:

True if the file exists, False otherwise.

Return type:

bool

DirnamePath(path)[source]

Determines the directory name of the path.

Parameters:

path (str) – path.

Returns:

directory name of the path or None.

Return type:

str

GetFileSizeByPath(path)[source]

Retrieves the size of a specific file.

Parameters:

path (str) – path of the file.

Returns:

size of the file in bytes.

Return type:

int

JoinPath(path_segments)[source]

Joins the path segments into a path.

Parameters:

path_segments (list[str]) – path segments.

Returns:

joined path segments prefixed with the path separator.

Return type:

str

ListDirectory(path)[source]

Lists the entries in a directory.

Parameters:

path (str) – path of the directory.

Yields:

str – name of a directory entry.

OpenFileByPath(path)[source]

Opens a specific file.

Parameters:

path (str) – path of the file.

Returns:

file-like object of the file.

Return type:

file

SplitPath(path)[source]

Splits the path into path segments.

Parameters:

path (str) – path.

Returns:

path segments without the root path segment, which is

an empty string.

Return type:

list[str]

winevtrc.language_tags module

Windows language tags.

class winevtrc.language_tags.WindowsLanguageTags[source]

Bases: object

Windows language tags.

classmethod GetLCIDForLanguageTag(language_tag)[source]

Retrieves the LCID for a specific language tag.

Parameters:

language_tag (str) – language tag.

Returns:

Windows NT language identifier (LCID) or None if not available.

Return type:

int

classmethod GetLanguageTagForLCID(lcid)[source]

Retrieves the language tag for a specific LCID.

Parameters:

lcid (int) – Windows NT language identifier (LCID).

Returns:

language tag or None if not available.

Return type:

str

winevtrc.resource_file module

Windows Resource file.

class winevtrc.resource_file.WindowsResourceFile(windows_path, ascii_codepage='cp1252', preferred_language_identifier=1033)[source]

Bases: object

Windows Resource file.

windows_path

Windows path of the resource file.

Type:

str

Close()[source]

Closes the Windows Resource file.

Raises:
  • IOError – if not open.

  • OSError – if not open.

GetMUILanguage()[source]

Retrieves the MUI language.

Returns:

MUI language or None if not available.

Return type:

str

GetMUIResource()[source]

Retrieves the MUI resource.

Returns:

MUI resource or None if not available.

Return type:

pywrc.mui_resource

GetMessageTableResource()[source]

Retrieves the message table resource.

Returns:

resource containing the message table resource or None

if not available.

Return type:

pywrc.resource

HasMessageTableResource()[source]

Determines if the resource file as a message table resource.

Returns:

True if the resource file as a message table resource.

Return type:

bool

OpenFileObject(file_object)[source]

Opens the Windows Resource file using a file-like object.

Parameters:

file_object (file) – file-like object.

Raises:
  • IOError – if already open.

  • OSError – if already open.

__init__(windows_path, ascii_codepage='cp1252', preferred_language_identifier=1033)[source]

Initializes the Windows Resource file.

Parameters:
  • windows_path (str) – normalized version of the Windows path.

  • ascii_codepage (Optional[str]) – ASCII string codepage.

  • preferred_language_identifier (Optional[int]) – preferred language identifier (LCID).

property file_version

the file version.

Type:

str

property product_version

the product version.

Type:

str

winevtrc.resources module

Windows Event Log resources.

class winevtrc.resources.EnvironmentVariable(name, value)[source]

Bases: object

Environment variable.

name

name.

Type:

str

value

value.

Type:

str

__init__(name, value)[source]

Initializes an environment variable.

Parameters:
  • name (str) – name.

  • value (str) – value.

class winevtrc.resources.EventLogProvider(*args: Any, **kwargs: Any)[source]

Bases: AttributeContainer

Windows Event Log provider.

additional_identifier

additional identifier of the provider, contains a GUID.

Type:

str

category_message_files

paths of the category message files.

Type:

set[str]

event_message_files

paths of the event message files.

Type:

set[str]

identifier

identifier of the provider, contains a GUID.

Type:

str

log_sources

names of the corresponding Event Log sources.

Type:

list[str]

log_types

Windows Event Log types.

Type:

list[str]

name

name of the provider.

Type:

str

parameter_message_files
paths of the parameter message

files.

windows_version (str): Windows version.

Type:

set[str]

CONTAINER_TYPE = 'windows_eventlog_provider'
SCHEMA = {'additional_identifier': 'str', 'category_message_files': 'List[str]', 'event_message_files': 'List[str]', 'identifier': 'str', 'log_sources': 'List[str]', 'log_types': 'List[str]', 'name': 'str', 'parameter_message_files': 'List[str]', 'windows_version': 'str'}
SetCategoryMessageFilenames(category_message_filenames)[source]

Sets the category message filenames.

Parameters:

category_message_filenames (str|list[str]) – category message filenames, where multiple filenames in the same string are separated by ‘;’.

SetEventMessageFilenames(event_message_filenames)[source]

Sets the event message filenames.

Parameters:

event_message_filenames (str|list[str]) – event message filenames, where multiple filenames in the same string are separated by ‘;’.

SetParameterMessageFilenames(parameter_message_filenames)[source]

Sets the parameter message filenames.

Parameters:

parameter_message_filenames (str|list[str]) – parameter message filenames, where multiple filenames in the same string are separated by ‘;’.

__init__()[source]

Initializes the Windows Event Log provider.

property log_source

name of the Windows Event Log source.

Type:

str

class winevtrc.resources.MessageFileDatabaseDescriptor(*args: Any, **kwargs: Any)[source]

Bases: AttributeContainer

Windows Event Log message file database descriptor.

database_filename

database filename.

Type:

str

message_filename

message filename.

Type:

str

CONTAINER_TYPE = 'message_file_database'
SCHEMA = {'database_filename': 'str', 'message_filename': 'str'}
__init__(database_filename=None, message_filename=None)[source]

Initializes a Windows Event Log message file database descriptor.

Parameters:
  • database_filename (Optional[str]) – database filename.

  • message_filename (Optional[str]) – message filename.

class winevtrc.resources.MessageFileDescriptor(*args: Any, **kwargs: Any)[source]

Bases: AttributeContainer

Windows Event Log message file descriptor.

file_version

file version.

Type:

str

message_filename

message filename.

Type:

str

product_version

product version.

Type:

str

windows_version

Windows version.

Type:

str

CONTAINER_TYPE = 'message_file'
SCHEMA = {'file_version': 'str', 'message_filename': 'str', 'product_version': 'str', 'windows_version': 'str'}
__init__(file_version=None, message_filename=None, product_version=None, windows_version=None)[source]

Initializes a Windows Event Log message file descriptor.

Parameters:
  • file_version (Optional[str]) – file version.

  • message_filename (Optional[str]) – message filename.

  • product_version (Optional[str]) – product version.

  • windows_version (Optional[str]) – Windows version.

class winevtrc.resources.MessageStringDescriptor(*args: Any, **kwargs: Any)[source]

Bases: AttributeContainer

Windows Event Log message string descriptor.

identifier

message identifier.

Type:

int

text

message text.

Type:

str

CONTAINER_TYPE = 'message_string'
GetMessageTableIdentifier()[source]

Retrieves the identifier of the associated message table.

Returns:

message table identifier or None when not

set.

Return type:

AttributeContainerIdentifier

SCHEMA = {'_message_table_identifier': 'AttributeContainerIdentifier', 'identifier': 'int', 'text': 'str'}
SetMessageTableIdentifier(message_table_identifier)[source]

Sets the identifier of the associated message table.

Parameters:

message_table_identifier (AttributeContainerIdentifier) – message table identifier.

__init__(identifier=None, text=None)[source]

Initializes a Windows Event Log message string descriptor.

Parameters:
  • identifier (Optional[int]) – message identifier.

  • text (Optional[int]) – message text.

class winevtrc.resources.MessageTable(language_identifier)[source]

Bases: object

Class that contains the messages per language.

file_versions

Windows Event Log resource file versions.

Type:

list[str]

language_identifier

language identifier (LCID).

Type:

int

message_strings

Windows Event Log resource message strings per identifier.

Type:

dict[int, str]

__init__(language_identifier)[source]

Initializes the message table.

Parameters:

lcid (int) – language identifier (LCID).

property lcid

language identifier (LCID).

Type:

int

class winevtrc.resources.MessageTableDescriptor(*args: Any, **kwargs: Any)[source]

Bases: AttributeContainer

Windows Event Log message table descriptor.

language_identifier

language identifier (LCID).

Type:

int

CONTAINER_TYPE = 'message_table'
GetMessageFileIdentifier()[source]

Retrieves the identifier of the associated message file.

Returns:

message file identifier or None when not

set.

Return type:

AttributeContainerIdentifier

SCHEMA = {'_message_file_identifier': 'AttributeContainerIdentifier', 'language_identifier': 'int'}
SetMessageFileIdentifier(message_file_identifier)[source]

Sets the identifier of the associated message file.

Parameters:

message_file_identifier (AttributeContainerIdentifier) – message file identifier.

__init__(language_identifier=None)[source]

Initializes a Windows Event Log message table descriptor.

Parameters:

language_identifier (Optional[int]) – language identifier (LCID).

winevtrc.storage module

Attribute container store.

class winevtrc.storage.JSONStringsListAttributeSerializer(*args: Any, **kwargs: Any)[source]

Bases: AttributeSerializer

JSON strings list attribute serializer.

DeserializeValue(value)[source]

Deserializes a value.

Parameters:

value (list[str]) – serialized value.

Returns:

runtime value.

Return type:

list[str]

SerializeValue(value)[source]

Serializes a value.

Parameters:

value (list[str]) – runtime value.

Returns:

serialized value.

Return type:

list[str]

winevtrc.versions module

Windows versions.

class winevtrc.versions.WindowsVersions[source]

Bases: object

Windows versions.

classmethod KeyFunction(windows_version)[source]

Key function for sorting.

Parameters:

windows_version (str) – Windows version.

Returns:

sort key and Windows version

Return type:

tuple[int, str]

Module contents

Windows Event Log resources (winevtrc).