darvell/wireguard-windows-log-reader.py

## wireguard-windows-log-reader.py
from ctypes import *
from datetime import datetime
import struct
import os
import sys
MAX_LOG_LINE_LENGTH = 512
MAX_LINES = 2048
MAGIC = 0xBADBABE

POTENTIAL_WG_PATHS = [os.path.expandvars(os.path.join("%PROGRAMDATA%","WireGuard","log.bin")),os.path.expandvars(os.path.join("%WINDIR%","System32","config","systemprofile","AppData","Local","WireGuard","log.bin"))]

class LOGLINE(Structure):
    _fields_ = [("timeNs", c_int64), ("line", c_char * (MAX_LOG_LINE_LENGTH))]

class HEADER(Structure):
    _fields_ = [("magic", c_uint), ("lineCount", c_uint)]

def read_log(filepath):
    print("[INFO] Loading: {0}".format(filepath))
    with open(filepath, 'rb') as f:
        header = HEADER()
        f.readinto(header)

        if header.magic != MAGIC:
            raise Exception("Invalid WG log file.")

        print("[INFO] [File] Magic: {0:X} Lines: {1}".format(header.magic,header.lineCount))


        if header.lineCount > MAX_LINES:
            print("[WARNING] [File] Log line count is {0} lines larger than the technical max.".format(header.lineCount - MAX_LINES))

        print("[INFO] Printing logs now. You can now start caring about the input.")

        for lineIndex in range(0,header.lineCount):
            try:
                line = LOGLINE()
                f.readinto(line)
            except:
                print("Broke on {0}".format(lineIndex))
                break
            if(len(line.line) == 0):
                break
            timestamp = datetime.fromtimestamp(line.timeNs // 1000000000)
            print("{0} {1}".format(timestamp, line.line))

if __name__ == "__main__":
    if sys.argv[1:]:
        read_log(sys.arv[-1])
    else:
        print("[WARNING] No log file path provided. Checking the usual suspects.")
        found_file = False
        for p in POTENTIAL_WG_PATHS:
            if os.path.exists(p):
                found_file = True
                try:
                    read_log(p)
                except:
                    print("[ERROR] Unable to read {0}".format(p))

        if not found_file:
            print("[ERROR] Couldn't find log file. Maybe you need to be an administrator or go provide the location to log.bin yourself as an argument.")
	from ctypes import *
	from datetime import datetime
	import struct
	import os
	import sys
	MAX_LOG_LINE_LENGTH = 512
	MAX_LINES = 2048
	MAGIC = 0xBADBABE

	POTENTIAL_WG_PATHS = [os.path.expandvars(os.path.join("%PROGRAMDATA%","WireGuard","log.bin")),os.path.expandvars(os.path.join("%WINDIR%","System32","config","systemprofile","AppData","Local","WireGuard","log.bin"))]

	class LOGLINE(Structure):
	_fields_ = [("timeNs", c_int64), ("line", c_char * (MAX_LOG_LINE_LENGTH))]

	class HEADER(Structure):
	_fields_ = [("magic", c_uint), ("lineCount", c_uint)]

	def read_log(filepath):
	print("[INFO] Loading: {0}".format(filepath))
	with open(filepath, 'rb') as f:
	header = HEADER()
	f.readinto(header)

	if header.magic != MAGIC:
	raise Exception("Invalid WG log file.")

	print("[INFO] [File] Magic: {0:X} Lines: {1}".format(header.magic,header.lineCount))


	if header.lineCount > MAX_LINES:
	print("[WARNING] [File] Log line count is {0} lines larger than the technical max.".format(header.lineCount - MAX_LINES))

	print("[INFO] Printing logs now. You can now start caring about the input.")

	for lineIndex in range(0,header.lineCount):
	try:
	line = LOGLINE()
	f.readinto(line)
	except:
	print("Broke on {0}".format(lineIndex))
	break
	if(len(line.line) == 0):
	break
	timestamp = datetime.fromtimestamp(line.timeNs // 1000000000)
	print("{0} {1}".format(timestamp, line.line))

	if __name__ == "__main__":
	if sys.argv[1:]:
	read_log(sys.arv[-1])
	else:
	print("[WARNING] No log file path provided. Checking the usual suspects.")
	found_file = False
	for p in POTENTIAL_WG_PATHS:
	if os.path.exists(p):
	found_file = True
	try:
	read_log(p)
	except:
	print("[ERROR] Unable to read {0}".format(p))

	if not found_file:
	print("[ERROR] Couldn't find log file. Maybe you need to be an administrator or go provide the location to log.bin yourself as an argument.")