returned existing files to origin during restruct

agent/syscall/structs.go

@@ -0,0 +1,20 @@
+package syscall
+
+type EVENTLOGRECORD struct {
+	Length              uint32
+	Reserved            uint32
+	RecordNumber        uint32
+	TimeGenerated       uint32
+	TimeWritten         uint32
+	EventID             uint32
+	EventType           uint16
+	NumStrings          uint16
+	EventCategory       uint16
+	ReservedFlags       uint16
+	ClosingRecordNumber uint32
+	StringOffset        uint32
+	UserSidLength       uint32
+	UserSidOffset       uint32
+	DataLength          uint32
+	DataOffset          uint32
+}