Version 1.0.3 of the Microsoft Vista and Windows 2008 Event Log parser is now available for download. As usual, it fixes some bugs and introduces new features.
As mentioned before, the integrity of file and chunk headers is protected by means of CRC32 check sums. The parser library now evaluates these check sums and the evtxinfo.pl sample program displays the results.
Hex digits are now shown in upper case to resemble the format of Microsoft's Event Viewer applet. This version fixes an error in the formatting of GUIDs.
Unfortunately I was not able to acquire test data for variant type 0x12. Therefore I decided to remove the handler module, Type0x12.pm.
The newly added file evtxsort.xsl provides a XML transformation to sort and normalize event log records.
