// readSID reads a pointer using the reader then parses the Windows SID // data that the pointer addresses within the buffer. func readSID(buffer []byte, reader io.Reader) (*eventlogging.SID, error) { offset, err := offset(buffer, reader) if err != nil { // Ignore NULL values. if err == ErrorEvtVarTypeNull { return nil, nil } return nil, err } sid := (*windows.SID)(unsafe.Pointer(&buffer[offset])) identifier, err := sid.String() if err != nil { return nil, err } account, domain, accountType, err := sid.LookupAccount("") if err != nil { // Ignore the error and return a partially populated SID. return &eventlogging.SID{Identifier: identifier}, nil } return &eventlogging.SID{ Identifier: identifier, Name: account, Domain: domain, Type: eventlogging.SIDType(accountType), }, nil }
// readSID reads a pointer using the reader then parses the Windows SID // data that the pointer addresses within the buffer. func readSID(buffer []byte, reader io.Reader) (*eventlogging.SID, error) { offset, err := offset(buffer, reader) if err != nil { // Ignore NULL values. if err == ErrorEvtVarTypeNull { return nil, nil } return nil, err } sid := (*windows.SID)(unsafe.Pointer(&buffer[offset])) account, domain, accountType, err := sid.LookupAccount("") if err != nil { return nil, err } return &eventlogging.SID{ Name: account, Domain: domain, SIDType: eventlogging.SIDType(accountType), }, nil }