From f45950dffa46e1d8018be716f8b90b664b975f0f Mon Sep 17 00:00:00 2001
From: Altair <AltairQ@users.noreply.github.com>
Date: Tue, 8 Jul 2025 08:15:58 +0100
Subject: [PATCH 1/2] Fix EvtVarTypeAnsiString conversion in winlogbeat
 (#44026)

* Naive first fix

* Fix import order

* Update strings_windows.go

* Update CHANGELOG.next.asciidoc

---------

Co-authored-by: Marc Guasch <marc-gr@users.noreply.github.com>
(cherry picked from commit 6e1d4ea57a9e8ea6ce352e2df0eb2c67e7c4d6ea)
---
 CHANGELOG.next.asciidoc           | 6 ++++++
 winlogbeat/sys/strings_windows.go | 5 ++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index f317eda772d4..a39127410199 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -149,6 +149,12 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 
 *Winlogbeat*
 
+- Fix message handling in the experimental api. {issue}19338[19338] {pull}41730[41730]
+- Sync missing changes in modules pipelines. {pull}42619[42619]
+- Reset EventLog if error EOF is encountered. {pull}42826[42826]
+- Implement backoff on error retrial. {pull}42826[42826]
+- Fix boolean key in security pipelines and sync pipelines with integration. {pull}43027[43027]
+- Fix EvtVarTypeAnsiString conversion {pull}44026[44026]
 
 
 *Elastic Logging Plugin*
diff --git a/winlogbeat/sys/strings_windows.go b/winlogbeat/sys/strings_windows.go
index 0ce8b09f5d63..bdfa4c897c68 100644
--- a/winlogbeat/sys/strings_windows.go
+++ b/winlogbeat/sys/strings_windows.go
@@ -18,6 +18,7 @@
 package sys
 
 import (
+	"bytes"
 	"sync"
 
 	"golang.org/x/sys/windows"
@@ -48,6 +49,8 @@ func initANSIDecoder() *encoding.Decoder {
 }
 
 func ANSIBytesToString(enc []byte) (string, error) {
-	out, err := getCachedANSIDecoder().Bytes(enc)
+	// Trim to the null terminator
+	prefix, _, _ := bytes.Cut(enc, []byte("\x00"))
+	out, err := getCachedANSIDecoder().Bytes(prefix)
 	return string(out), err
 }

From 6d935440ce925c77717ea6722a9996f5f248a31a Mon Sep 17 00:00:00 2001
From: Marc Guasch <marc-gr@users.noreply.github.com>
Date: Tue, 8 Jul 2025 10:54:20 +0200
Subject: [PATCH 2/2] Update CHANGELOG.next.asciidoc

---
 CHANGELOG.next.asciidoc | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index a39127410199..a24eac17b420 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -149,11 +149,6 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 
 *Winlogbeat*
 
-- Fix message handling in the experimental api. {issue}19338[19338] {pull}41730[41730]
-- Sync missing changes in modules pipelines. {pull}42619[42619]
-- Reset EventLog if error EOF is encountered. {pull}42826[42826]
-- Implement backoff on error retrial. {pull}42826[42826]
-- Fix boolean key in security pipelines and sync pipelines with integration. {pull}43027[43027]
 - Fix EvtVarTypeAnsiString conversion {pull}44026[44026]