3gstudent / eventlogedit-evtx--evolution Goto Github PK

Remove individual lines from Windows XML Event Log (EVTX) files

C++ 100.00%

eventlogedit-evtx--evolution's Introduction

Eventlogedit-evtx--Evolution

Remove individual lines from Windows XML Event Log (EVTX) files

Support: Win7 and later

Compare with DanderSpritz,my way don't need dll injection and support more version(Server2012 and later).(It can be used to delete the setup.evtx,others may be affected by competitive conditions.)

Need more test and suggestions.

The data structure and some code details are inspired by https://bbs.pediy.com/thread-219313.htm

My posts about the details:

Later I'll translate them into English.

Note:

WinXP and Win7,ObjectTypeNumber = 0x1c
Win8 and later,ObjectTypeNumber = 0x1e

DeleteRecordofFile.cpp

Read an evtx file(c:\test\Setup.evtx),then delete an event log(EventRecordID=14).

The new evtx file is saved as c:\test\SetupNew.evtx.

Delete the eventlog by rewriting the evtx file.

DeleteRecordofFileEx.cpp

Read an evtx file,then delete an event log.

The new file(temp.evtx) will be saved at the same path.

Delete the eventlog by using WinAPI EvtExportLog.

Setup.evtx

Number of events:15

SetupNew.evtx

Number of events:14

You can use DeleteRecordofFile.cpp to delete the second eventlog record(EventRecordID=14) of Setup.evtx.

SuspendorResumeTid.cpp

Suspend or resume the Eventlog Service's thread.

Use to stop or resume the system to collect logs.

SuspendorResumeTidEx.cpp

When the Eventlog Service is stopped(killed by me),I'll wait for it until it starts.

Use to stop the system to collect the logs when the Eventlog Service starts.

DeleteRecordbyTerminateProcess.cpp

Kill the eventlog service's process and delete one eventlog record,then restart the Eventlog Service.

Delete the eventlog by rewriting the evtx file.

DeleteRecordbyTerminateProcessEx.cpp

Kill the eventlog service's process and delete one eventlog record,then restart the Eventlog Service.

Delete the eventlog by using WinAPI EvtExportLog.

Note:

The EventRecordID of the events after the deleted one will not be changed.

DeleteRecordbyGetHandle.cpp

Get specified .evtx file's handle and delete one eventlog record.

It can be used to delete the setup.evtx,others may be affected by competitive conditions.

Delete the eventlog by rewriting the evtx file.

DeleteRecordbyGetHandleEx.cpp

Get specified .evtx file's handle and delete one eventlog record.

Read a .evtx file and replace the specified .evtx file with the data.

It can be used to delete the setup.evtx,others may be affected by competitive conditions.

Delete the eventlog by using WinAPI EvtExportLog.

Loader-rewriting.cpp

Get specified .evtx file's handle and inject a dll(Dll-rewriting.dll),use the dll to delete one eventlog record.

Delete the eventlog by rewriting the evtx file.

Dll-rewriting.cpp

Compile it into DLL.

Use the dll to delete one eventlog record.

Delete the eventlog by rewriting the evtx file.

DeleteRecord-EvtExportLog.cpp

Use API EvtExportLog to delete Eventlog Record.

The new file will be saved as temp.evtx.

Loader-EvtExportLog.cpp

Get specified .evtx file's handle and inject a dll(Dll-EvtExportLog.dll).

Read a .evtx file(from DeleteRecord-EvtExportLog.exe) and send the data to the dll,the dll will replace the specified .evtx file with the data.

Dll-EvtExportLog.cpp

Compile it into DLL.

Use the dll to delete one eventlog record.

Get data from Loader-EvtExportLog.exe,then replace the specified .evtx file with the data.

eventlogedit-evtx--evolution's People

Contributors

Stargazers

Watchers

Forkers

explife0011 qsdj jackson5sec cocaman vipzen gavz cybermonitor wisdark trietptm-on-coding-algorithms jack51706 mememero21japan sinmygit phpplay 7kbstorm killvxk h3llozy noodled samshine c0010 mmg1 2010phenix mining8 ith4cker nickhakkz yizhangnudt joswr1ght patrickstarwow n0ooooone scanfsec rv0p111 imulmul lazerhawk ctf2do whoamisysteminfo zzzzzzssssmmm9 ryan-johnson2 likescam fengjixuchui ssddn red-infosec 5l1v3r1 borisoo radtek tobey123 dj3ntg0d mygit2014 v1ckxy jianchi2001 fadinglr ronioncloud ffpepwowa invokethreatguy madusec iquechocosa int2ecall wbaby crack888wei unclenull shonker noostudent sec-fork endymi

eventlogedit-evtx--evolution's Issues

I need tutorial on how to make this work.

Can you tell me step by step what should I do?

FreeSpaceOffset is 0

At the file Eventlogedit-evtx--Evolution/DeleteRecordofFile.cpp

unsigned char *ChecksumBuf1 = new unsigned char[currentChunk->FreeSpaceOffset - 512];
				memcpy(ChecksumBuf1, (PBYTE)currentChunk + 512, currentChunk->FreeSpaceOffset - 512);
				crc32 = GetCRC32(ChecksumBuf1, currentChunk->FreeSpaceOffset - 512);

In this portion of code, you may have a bug/untreated case if there is the value of FreeSpaceOffset is 0.

I get 40+ errors and 2+ warnings when compiling.

I get all of these errors when compiling all of the files, if needed I can send all the warnings and errors for all files. Thanks for your help in advance.

When i tried to compile DeleteRecordByTerminateProcessEx.cpp
--------------------Configuration: mingw5 - CUI Debug, Builder Type: MinGW--------------------

Compiling F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp...
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:2:20: winevt.h: No such file or directory
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:14: error: ISO C++ forbids declaration of NTSTATUS' with no type [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:14: error: typedef NTSTATUS' is initialized (use typeof instead)
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:14: error: expected primary-expression before "attribute"
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:14: error: expected ,' or ;' before '(' token
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:142: error: printf' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:155: error: cannot convert WCHAR*' to const CHAR*' for argument 10' to BOOL EnumServicesStatusExA(SC_HANDLE__*, SC_ENUM_TYPE, DWORD, DWORD, BYTE*, DWORD, DWORD*, DWORD*, DWORD*, const CHAR*)' [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:160: error: printf' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:164: error: cannot convert WCHAR*' to const CHAR*' for argument 10' to BOOL EnumServicesStatusExA(SC_HANDLE__, SC_ENUM_TYPE, DWORD, DWORD, BYTE, DWORD, DWORD*, DWORD*, DWORD*, const CHAR*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:168: error: cannot convert CHAR*' to const wchar_t*' for argument 1' to size_t wcslen(const wchar_t*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:168: error: _wcslwr_s' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:169: error: cannot convert CHAR*' to const wchar_t*' for argument 1' to wchar_t* wcsstr(const wchar_t*, const wchar_t*)' [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:171: error: printf' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:192: error: cannot convert WCHAR*' to CHAR*' for argument 1' to UINT GetSystemDirectoryA(CHAR*, UINT)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:193: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:194: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:195: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:196: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:197: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:199: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:201: error: EvtExportLogFilePath' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:201: error: EvtExportLog' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:202: error: printf' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:218: error: _NtQuerySystemInformation' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:218: error: expected ;' before "NtQuerySystemInformation" [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:219: error: NtQuerySystemInformation' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:221: error: printf' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:227: error: printf' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:233: error: printf' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:238: error: NtQuerySystemInformation' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:242: error: printf' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:273: error: printf' was not declared in this scope
[Warning] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:282: warning: cast to pointer from integer of different size
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:307: error: printf' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:324: error: printf' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:336: error: printf' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:342: error: cannot convert WCHAR*' to CHAR*' for argument 1' to UINT GetSystemDirectoryA(CHAR*, UINT)' [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:343: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)' [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:344: error: cannot convert WCHAR*' to CHAR*' for argument 1' to CHAR* lstrcatA(CHAR*, const CHAR*)' [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:345: error: printf' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:357: error: cannot convert _TCHAR*' to WCHAR*' for argument 1' to BOOL DeleteRecord(WCHAR*, WCHAR*)'
[Warning] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:377: warning: NULL used in arithmetic
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:386: error: cannot convert _TCHAR*' to WCHAR*' for argument 1' to BOOL CloseFileHandle(WCHAR*, DWORD)'
[Warning] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:387: warning: NULL used in arithmetic
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:395: error: cannot convert const wchar_t*' to const CHAR*' for argument 1' to BOOL CopyFileA(const CHAR*, const CHAR*, BOOL)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyTerminateProcessEx.cpp:401: error: cannot convert const wchar_t*' to const CHAR*' for argument 1' to BOOL DeleteFileA(const CHAR*)'
[Error] g++.exe: 5\mingw\include: No such file or directory
[Error] g++.exe: 5\mingw\include\c++\3.4.5: No such file or directory
[Error] g++.exe: 5\mingw\lib\gcc\mingw32\3.4.5\include: No such file or directory
[Error] g++.exe: 5\mingw\bin: No such file or directory
[Error] g++.exe: 5\mingw\mingw32\bin: No such file or directory

Complete Build DeleteRecordbyTerminateProcessEx: 48 error(s), 3 warning(s)

DeleteRecordByGetHandle
--------------------Configuration: mingw5 - CUI Debug, Builder Type: MinGW--------------------

Compiling F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp...
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:59: error: ISO C++ forbids declaration of NTSTATUS' with no type [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:59: error: typedef NTSTATUS' is initialized (use typeof instead)
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:59: error: expected primary-expression before "attribute"
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:59: error: expected ,' or ;' before '(' token
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:144: error: invalid conversion from int (*)()' to void*'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:366: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:397: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:398: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:399: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:474: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:474: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:524: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:524: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:530: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:531: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:532: error: integer constant is too large for "long" type
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:611: error: sscanf_s' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:627: error: invalid conversion from int' to const wchar_t*' [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:627: error: initializing argument 2 of int swprintf(wchar_t*, const wchar_t*, ...)'
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:628: error: _wcslwr_s' was not declared in this scope [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:635: error: _NtQuerySystemInformation' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:635: error: expected ;' before "NtQuerySystemInformation" [Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:636: error: NtQuerySystemInformation' was not declared in this scope
[Error] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:655: error: `NtQuerySystemInformation' was not declared in this scope
[Warning] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:691: warning: cast to pointer from integer of different size
[Warning] F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp:751: warning: cast to pointer from integer of different size
[Error] g++.exe: 5\mingw\include: No such file or directory
[Error] g++.exe: 5\mingw\include\c++\3.4.5: No such file or directory
[Error] g++.exe: 5\mingw\lib\gcc\mingw32\3.4.5\include: No such file or directory
[Error] g++.exe: 5\mingw\bin: No such file or directory
[Error] g++.exe: 5\mingw\mingw32\bin: No such file or directory

Complete Compile F:\Lkms19\Hry\editlog\Eventlogedit-evtx--Evolution-master\DeleteRecordbyGetHandle.cpp: 29 error(s), 2 warning(s)

how to get here? please help

I think i have the .exe files but when I run them the cmd just blinks and dissappears

How to remove specific logs?

xml EvtxRecordId Error!

Here!
DeleteRecordofFile and DeleteRecordbyGetHandle:

*v7 = eventRecordIdentifier;
===>
*v7 = *v7 - 1;

When the first recordID is not 1 , it will be wrong.

About memcpy()

When the program runs to memcpy() in DeleteRecord() on another computer, it crashes.

Help???

I installed python and pip but i dont know what to do next. how to enable evtx commands? what to do with the .cpp files on your page? Please help.

request: win32 binary

is it possible to have binaries for windows 32bit?

so i just spent 5 hours reading the details which are in chinese and I have no clue how to work with the .exe files?

it just opens cmd and blinks.

Request: for a port

Hi,
could you please make a port of this code into powershell ?

Thanks

可以修改日志吗？

Why not do a perfect version?

Why not do a can solve closed and restart Eventlog service generate EventID for 7034 and 7036, and solve the problem of missing EventRecordID version?Modify DeleteRecordbyTerminateProcess. CPP operation process is as follows should be ok:

1.Try to EnableDebugPrivilege... Done
2.Try to OpenProcess... Done
(add ) Try to suspend eventlog Thead
3.Try to TerminateProcess... Done
4.Try to CloseFileHandle... Done
5.Try to Copy evtx file to current path... Done
6.Try to Delete the eventlog... Done
7.Try to replace evtx file... Done
8.Try to delete temp.evtx... Done
(add ) Try to eventlog process and suspend Thead
9.Try to Restart eventlog service...
(add ) Try to suspend eventlog Thead

openfile error

Hello,
I get openfile error when running DeleteRecordofFile.exe from commandline.
What does it mean? Any suggestions how to fix it? I dont have the logs open.
Thanx.

issue DeleteRecordofFileEx.exe

Hello , I created c:\temp folder and I moved DeleteRecordofFileEx.exe from https://github.com/3gstudent/Eventlogedit-evtx--Evolution/releases/tag/v1.0.0 and when I run CMD run as a Admin and run I got this see pic:
My goal is to remove one record from eventvwr I wanted to remove one record id and to generate that temp.evtx( after I run this command DeleteRecordofFileEx.exe System.evtx 7055 but there is no temp.evtx) Could you please help?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.