This is the command grokevt-ripdll that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator
PROGRAM:
NAME
grokevt-ripdll - A tool for extracting message resources from a PE-formatted file.
SYNOPSIS
grokevt-ripdll input-dll output-db .SH DESCRIPTION grokevt-ripdll parses a PE-formatted
file (modern .exe and .dll files are examples PE-formatted files) and extracts all message
resources. These resources are then stored in a Berkeley-style database file, which maps
relative virtual addresses (RVAs) to the message resources themselves. These RVAs are what
can be found in a windows event log file (.evt extension) to reference the proper message
resource. This utility is not intended to be used directly by end-users. It is used by
grokevt-builddb(1) to extract resources from all DLL/EXEs referenced in the registry.
ARGUMENTS
input-dll
This is the PE formatted file to extract resources from. (It doesn't need to have a
.dll extension, but it is most commonly used on DLLs.)
output-db
The database file to store the RVA->message mapping in. If this file already
exists, it will be overwritten. To extract the entries stored in this database,
see grokevt-dumpmsgs(1).
Use grokevt-ripdll online using onworks.net services
