:py:mod:`dissect.etl.headers.event` =================================== .. py:module:: dissect.etl.headers.event Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.etl.headers.event.EventDescriptor dissect.etl.headers.event.ExtType dissect.etl.headers.event.EventHeaderExtendedDataItem dissect.etl.headers.event.EventHeader Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: dissect.etl.headers.event.read_uuid dissect.etl.headers.event.read_instance_info dissect.etl.headers.event.read_stack_trace dissect.etl.headers.event.read_stack_trace64 dissect.etl.headers.event.read_provider_traits Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.etl.headers.event.extended_data_item_reader .. py:function:: read_uuid(data: bytes) -> uuid.UUID .. py:function:: read_instance_info(data: bytes) -> OrderedDict[str, Any] .. py:function:: read_stack_trace(data: bytes) -> OrderedDict[str, Any] .. py:function:: read_stack_trace64(data: bytes) -> OrderedDict[str, Any] .. py:function:: read_provider_traits(data: bytes) -> OrderedDict[str, Any] .. py:class:: EventDescriptor(header) An representation of the Event data in a event header. .. py:attribute:: __slots__ :value: ['id', 'version', 'channel', 'level', 'opcode', 'task', 'keywords'] .. py:class:: ExtType Bases: :py:obj:`enum.IntEnum` Enum where members are also (and must be) ints .. py:attribute:: RELATED_ACTIVITY_ID :value: 1 .. py:attribute:: SID :value: 2 .. py:attribute:: TS_ID :value: 3 .. py:attribute:: INSTANCE_INFO :value: 4 .. py:attribute:: STACK_TRACE32 :value: 5 .. py:attribute:: STACK_TRACE64 :value: 6 .. py:attribute:: PEBS_INDEX :value: 7 .. py:attribute:: PMC_COUNTERS :value: 8 .. py:attribute:: PSM_KEY :value: 9 .. py:attribute:: EVENT_KEY :value: 10 .. py:attribute:: EVENT_SCHEMA_TL :value: 11 .. py:attribute:: PROV_TRAITS :value: 12 .. py:attribute:: PROCESS_START_KEY :value: 13 .. py:attribute:: TYPE_MAX :value: 14 .. py:attribute:: UNKNOWN :value: 0 .. py:data:: extended_data_item_reader .. py:class:: EventHeaderExtendedDataItem(payload) Loads an extended data item from payload. .. py:attribute:: __slots__ :value: ['size', 'reserved1', 'ext_type', 'linkage', 'reserved2', 'data_size', 'data', 'raw_data'] .. py:method:: validate_header() -> None .. py:method:: __getattr__(name: str) -> Any .. py:method:: __repr__() Return repr(self). .. py:class:: EventHeader(marker: Marker, data: memoryview, etl) Bases: :py:obj:`dissect.etl.headers.headers.Header` A baseclass for the different ETL headers. .. py:property:: descriptor Event descriptor of the header. .. py:property:: header_extensions :type: list[EventHeaderExtendedDataItem] A list with all the extended data items for this Event. .. py:property:: minimal_size Minimum header size. .. py:property:: provider_id Provider that generated this event. .. py:property:: activity_id The ID associated with the activity in the event. At least, that is my assumption. .. py:property:: opcode The opcode used in this event. .. py:property:: thread_id The thread id that created this event. .. py:property:: process_id The process id that created this event. .. py:method:: additional_header_fields() -> dict[str, Any] Additional fields that hold interesting information. each header subclass defines what additional information it wants to return to a record.