RubyGems - win32-eventlog - Versions diffs - 0.4.6 → 0.4.7 - Mend

win32-eventlog 0.4.6 → 0.4.7

Files changed (7) hide show

data/CHANGES CHANGED

@@ -1,3 +1,14 @@
+= 0.4.7 - 8-Dec-2008
+* Fixed a bug where you couldn't write to custom (parent) event sources.
+  Thanks go to Tim Uckun for the spot.
+* Now handles ParameterMessageFiles, both in the EventLog.add_event_source
+  method and in terms of getting event descriptions properly. Thanks go to
+  botp for spotting the description problem.
+* The EventLog.open_backup method handles a block the same way that the
+  EventLog.open method does.
+* The EventLog.add_event_source now returns the creation disposition
+  instead of self.
 = 0.4.6 - 27-Aug-2007
 * Reading event logs is now approximately 5-7 times faster!
 * Fixed a potential bug where, in rare cases, event descriptions could be

data/README CHANGED

@@ -50,8 +50,8 @@
    them somewhere on your system.
 = Known Issues
-   The code currently only checks the EventMessage file, it does not check the
-   CategoryMessage or ParameterMessage files.
+   None known. Please file any bug reports on the project page at
+   http://www.rubyforge.org/projects/win32utils.
 = License
    Ruby's

data/doc/tutorial.txt CHANGED

@@ -4,9 +4,6 @@ strings for each event identifier, event category, and parameter. Register
 these files in the EventMessageFile, CategoryMessageFile, and
 ParameterMessageFile registry values for the event source.
-Note: ParameterMessageFiles are not yet supported in the add_event_source
-method and probably won't be unless requested.
 You can create one message file that contains descriptions for the event
 identifiers, categories, and parameters, or create three separate message
 files. Several applications can share the same message file.
@@ -49,21 +46,21 @@ command line utilities.  Follow these steps:
 2) rc -r -fo filename.res filename.rc
 3) link -dll -noentry -out:filename.dll filename.res
-Your other option is to use the win32-mc package, which is a simple wrapper
-for the above commands, and is included with this package.  You now have a
+Your other option is to use the win32-mc library, which is a simple wrapper
+for the above commands, and is included with this library.  You now have a
 dll that you can associate with your event source (i.e. the one you associate
 with your application).  You can also take a look at the C header file that
 .mc generates and use that in your own extensions if you like.
 After this you'll need to register your event source and associate the .dll
-file with it.  To do that, use the EventLog.add_event_source method.  Be sure
-to specifiy the number of categories manually - it is not calculated
+file with it.  To do that, use the EventLog.add_event_source method. Be sure
+to specify the number of categories manually - it is not calculated
 automatically by the OS.
 Returning to the .mc file, the example I used actually creates two categories,
 "error" and "warning", and one event message.  The numbers you assign here
 create corresponding (though not identical) values in the header file that
-is generated.  It is the values found in the header file that you pass to the
+is generated. It is the values found in the header file that you pass to the
 EventLog#report_event method for the category or event id.  Here's the
 relevant data from the foo.h file (using foo.mc above):
@@ -76,46 +73,46 @@ In the case of categories, that number is the name number that shows up in the
 is the text that shows up in the event description.
 The "data" field is what replaces "%1" as an actual text string in the event
-log, sort of like a printf (except that it's always a string).
+log, sort of like a printf format specifier, except that it's always a string.
 = Registering an event source
-First, create the .dll file from the .mc file.  Then register that .dll file
-for an event source we'll call "foo".  You can name the .dll file anything
+First, create the .dll file from the .mc file. Then register that .dll file
+for an event source we'll call "foo". You can name the .dll file anything
 you like, but for sanity's sake I recommend keeping the same as the event
 source name.
-require "win32/eventlog"
+require 'win32/eventlog'
 include Win32
-dll_file = "c:\\wherever\\foo.dll"
+dll_file = 'c:\\wherever\\foo.dll'
 EventLog.add_event_source(
-   "source"                => "Application",
-   "key_name"              => "foo",
-   "category_count"        => 2,
-   "event_message_file"    => dll_file,
-   "category_message_file" => dll_file
+   :source                => 'Application',
+   :key_name              => 'foo',
+   :category_count        => 2,
+   :event_message_file    => dll_file,
+   :category_message_file => dll_file
 )
-After you run this, you can run regedit and see that your event source has
-been inserted into the registry.  You can find it under:
+After you run this, you can run 'regedit' and see that your event source has
+been inserted into the registry. You can find it under:
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application.
 = Writing to the event source
-Now that our event source "foo" is registered, we can begin writing event
+Now that our event source 'foo' is registered, we can begin writing event
 log data for it.  Here's an example of how you use it:
-require "win32/eventlog"
+require 'win32/eventlog'
 include Win32
-EventLog.open("Application") do |log|
+EventLog.open('Application') do |log|
    log.report_event(
-      :source     => "foo",
+      :source     => 'foo',
       :event_type => EventLog::WARN,
-      :category   => "0x00000002L".hex,
-      :event_id   => "0xC0000003L".hex,
-      :data       => "I'm warning you!"
+      :category   => '0x00000002L'.hex,
+      :event_id   => '0x00000003L'.hex,
+      :data       => 'I'm warning you!'
    )
 end

data/lib/win32/eventlog.rb CHANGED

@@ -37,7 +37,7 @@ module Win32
       extend Windows::Error
       extend Windows::Registry
-      VERSION = '0.4.6'
+      VERSION = '0.4.7'
       # Aliased read flags
       FORWARDS_READ   = EVENTLOG_FORWARDS_READ
@@ -130,7 +130,7 @@ module Win32
       # Nearly identical to EventLog.open, except that the source is a backup
       # file and not an event source (and there is no default).
       #
-      def self.open_backup(file, source = 'Application', server = nil)
+      def self.open_backup(file, source = 'Application', server = nil, &block)
          @file   = file
          @source = source
          @server = server
@@ -139,18 +139,23 @@ module Win32
          raise TypeError unless @file.is_a?(String)
          raise TypeError unless @source.is_a?(String)
          raise TypeError unless @server.is_a?(String) if @server
-         self.new(source, server, file)
+         self.new(source, server, file, &block)
       end
-      # Adds an event source to the registry.  The following are valid keys:
+      # Adds an event source to the registry. Returns the disposition, which
+      # is either REG_CREATED_NEW_KEY (1) or REG_OPENED_EXISTING_KEY (2).
+      #
+      # The following are valid keys:
       #
-      # * source                - Source name.  Set to "Application" by default
-      # * key_name              - Name stored as the registry key
-      # * category_count        - Number of supported (custom) categories
-      # * event_message_file    - File (dll) that defines events
-      # * category_message_file - File (dll) that defines categories
-      # * supported_types       - See the 'event types' constants
+      # * source                 # Source name.  Set to "Application" by default
+      # * key_name               # Name stored as the registry key
+      # * category_count         # Number of supported (custom) categories
+      # * event_message_file     # File (dll) that defines events
+      # * category_message_file  # File (dll) that defines categories
+      # * parameter_message_file # File (dll) that contains values for
+      #   variables in the event description.
+      # * supported_types        # See the 'event types' constants
       #
       # Of these keys, only +key_name+ is mandatory.  An ArgumentError is
       # raised if you attempt to use an invalid key.  If +supported_types+
@@ -165,10 +170,8 @@ module Win32
       def self.add_event_source(args)
          raise TypeError unless args.is_a?(Hash)
-         hkey = [0].pack('L')
          valid_keys = %w/source key_name category_count event_message_file
-            category_message_file supported_types/
+            category_message_file parameter_message_file supported_types/
          key_base = "SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
@@ -192,13 +195,69 @@ module Win32
             raise Error, 'no event_type specified'
          end
-         key = key_base << hash['source'] << "\\" << hash['key_name']
+         hkey = [0].pack('L')
+         key  = key_base + hash['source']
+         disposition = [0].pack('L')
+         rv = RegCreateKeyEx(
+            HKEY_LOCAL_MACHINE,
+            key,
+            0,
+            nil,
+            REG_OPTION_NON_VOLATILE,
+            KEY_WRITE,
+            nil,
+            hkey,
+            disposition
+         )
+         if rv != ERROR_SUCCESS
+            error = 'RegCreateKeyEx() failed: ' + get_last_error
+            raise Error, error
+         end
+         hkey = hkey.unpack('L')[0]
+         data = "%SystemRoot%\\System32\\config\\#{hash['source']}.evt"
-         if RegCreateKey(HKEY_LOCAL_MACHINE, key, hkey) != ERROR_SUCCESS
-            error = 'RegCreateKey() failed: ' + get_last_error
+         rv = RegSetValueEx(
+            hkey,
+            'File',
+            0,
+            REG_EXPAND_SZ,
+            data,
+            data.size
+         )
+         if rv != ERROR_SUCCESS
+            error = 'RegSetValueEx() failed: ', get_last_error
+            RegCloseKey(hkey)
             raise Error, error
          end
+         RegCloseKey(hkey)
+         hkey = [0].pack('L')
+         key  = key_base << hash['source'] << "\\" << hash['key_name']
+         disposition = [0].pack('L')
+         rv = RegCreateKeyEx(
+         	HKEY_LOCAL_MACHINE,
+            key,
+            0,
+            nil,
+            REG_OPTION_NON_VOLATILE,
+            KEY_WRITE,
+            nil,
+            hkey,
+            disposition
+          )
+          if rv != ERROR_SUCCESS
+             raise Error, 'RegCreateKeyEx() failed: ' + get_last_error
+          end
          hkey = hkey.unpack('L')[0]
          if hash['category_count']
@@ -214,7 +273,7 @@ module Win32
             )
             if rv != ERROR_SUCCESS
-               error = 'RegSetValueEx() failed: ', get_last_error
+               error = 'RegSetValueEx() failed: ' + get_last_error
                RegCloseKey(hkey)
                raise Error, error
             end
@@ -233,7 +292,7 @@ module Win32
             )
             if rv != ERROR_SUCCESS
-               error = 'RegSetValueEx() failed: ', get_last_error
+               error = 'RegSetValueEx() failed: ' + get_last_error
                RegCloseKey(hkey)
                raise Error, error
             end
@@ -252,12 +311,31 @@ module Win32
             )
             if rv != ERROR_SUCCESS
-               error = 'RegSetValueEx() failed: ', get_last_error
+               error = 'RegSetValueEx() failed: ' + get_last_error
                RegCloseKey(hkey)
                raise Error, error
             end
          end
+         if hash['parameter_message_file']
+            data = File.expand_path(hash['parameter_message_file'])
+            rv = RegSetValueEx(
+               hkey,
+               'ParameterMessageFile',
+               0,
+               REG_EXPAND_SZ,
+               data,
+               data.size
+            )
+            if rv != ERROR_SUCCESS
+               error = 'RegSetValueEx() failed: ' + get_last_error
+               RegCloseKey(hkey)
+               raise Error, error
+            end
+         end
          data = [hash['supported_types']].pack('L')
          rv = RegSetValueEx(
             hkey,
@@ -269,13 +347,14 @@ module Win32
          )
          if rv != ERROR_SUCCESS
-            error = 'RegSetValueEx() failed: ', get_last_error
+            error = 'RegSetValueEx() failed: ' + get_last_error
             RegCloseKey(hkey)
             raise Error, error
          end
          RegCloseKey(hkey)
-         self
+         disposition.unpack('L')[0]
       end
       # Backs up the event log to +file+.  Note that you cannot backup to
@@ -429,9 +508,6 @@ module Win32
          end
       end
-      # EventLog#read(flags=nil, offset=0)
-      # EventLog#read(flags=nil, offset=0){ |log| ... }
-      #
       # Iterates over each record in the event log, yielding a EventLogStruct
       # for each record.  The offset value is only used when used in
       # conjunction with the EventLog::SEEK_READ flag.  Otherwise, it is
@@ -445,17 +521,17 @@ module Win32
       #
       # The EventLogStruct struct contains the following members:
       #
-      # record_number  # Fixnum
-      # time_generated # Time
-      # time_written   # Time
-      # event_id       # Fixnum
-      # event_type     # String
-      # category       # String
-      # source         # String
-      # computer       # String
-      # user           # String or nil
-      # description    # String or nil
-      # string_inserts # An array of Strings or nil
+      # * record_number  # Fixnum
+      # * time_generated # Time
+      # * time_written   # Time
+      # * event_id       # Fixnum
+      # * event_type     # String
+      # * category       # String
+      # * source         # String
+      # * computer       # String
+      # * user           # String or nil
+      # * description    # String or nil
+      # * string_inserts # An array of Strings or nil
       #
       # If no block is given the method returns an array of EventLogStruct's.
       #
@@ -547,25 +623,23 @@ module Win32
             end
          }
       end
-      # EventLog#report_event(key => value, ...)
-      #
       # Writes an event to the event log.  The following are valid keys:
       #
-      # source         # Event log source name. Defaults to "Application"
-      # event_id       # Event ID (defined in event message file)
-      # category       # Event category (defined in category message file)
-      # data           # String that is written to the log
-      # event_type     # Type of event, e.g. EventLog::ERROR, etc.
+      # * source     # Event log source name. Defaults to "Application"
+      # * event_id   # Event ID (defined in event message file)
+      # * category   # Event category (defined in category message file)
+      # * data       # String that is written to the log
+      # * event_type # Type of event, e.g. EventLog::ERROR, etc.
       #
-      # The +event_type+ keyword is the only mandatory keyword.  The others are
-      # optional.  Although the +source+ defaults to "Application", I
+      # The +event_type+ keyword is the only mandatory keyword. The others are
+      # optional. Although the +source+ defaults to "Application", I
       # recommend that you create an application specific event source and use
-      # that instead.  See the 'EventLog.add_event_source' method for more
+      # that instead. See the 'EventLog.add_event_source' method for more
       # details.
       #
       # The +event_id+ and +category+ values are defined in the message
-      # file(s) that you created for your application.  See the tutorial.txt
+      # file(s) that you created for your application. See the tutorial.txt
       # file for more details on how to create a message file.
       #
       # An ArgumentError is raised if you attempt to use an invalid key.
@@ -678,66 +752,6 @@ module Win32
          struct
       end
-      # Private method that gets the string inserts (Array) and the full
-      # event description (String) based on data from the EVENTLOGRECORD
-      # buffer.
-      #
-      def get_description(rec, event_source, lkey)
-         str     = rec[rec[36,4].unpack('L')[0] .. -1]
-         num     = rec[26,2].unpack('S')[0] # NumStrings
-         hkey    = [0].pack('L')
-         key     = BASE_KEY + "#{@source}\\#{event_source}"
-         buf     = 0.chr * 1024
-         va_list = nil
-         if num == 0
-            va_list_ptr = 0.chr * 4
-         else
-	         va_list = str.unpack('Z*' * num)
-	         va_list_ptr = va_list.map{ |x|
-	            [x + 0.chr].pack('P').unpack('L')[0]
-	         }.pack('L*')
-         end
-         if RegOpenKeyEx(lkey, key, 0, KEY_READ, hkey) == 0
-            value = 'EventMessageFile'
-            file  = 0.chr * MAX_SIZE
-            hkey  = hkey.unpack('L')[0]
-            size  = [file.length].pack('L')
-            if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
-               file = file.nstrip
-               exe  = 0.chr * MAX_SIZE
-               ExpandEnvironmentStrings(file, exe, exe.size)
-               exe = exe.nstrip
-               exe.split(';').each{ |file|
-                  hmodule  = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES)
-                  event_id = rec[20,4].unpack('L')[0]
-                  if hmodule != 0
-                     FormatMessage(
-                        FORMAT_MESSAGE_FROM_HMODULE |
-                        FORMAT_MESSAGE_ARGUMENT_ARRAY,
-                        hmodule,
-                        event_id,
-                        0,
-                        buf,
-                        buf.size,
-                        va_list_ptr
-                     )
-                     FreeLibrary(hmodule)
-                     break if buf.nstrip != "" # All messages read
-                  end
-               }
-            end
-            RegCloseKey(hkey)
-         end
-         [va_list, buf.strip]
-      end
       # Private method that retrieves the user name based on data in the
       # EVENTLOGRECORD buffer.
       #
@@ -785,5 +799,136 @@ module Win32
                nil
          end
       end
+      # Private method that gets the string inserts (Array) and the full
+      # event description (String) based on data from the EVENTLOGRECORD
+      # buffer.
+      #
+      def get_description(rec, event_source, lkey)
+         str     = rec[rec[36,4].unpack('L')[0] .. -1]
+         num     = rec[26,2].unpack('S')[0] # NumStrings
+         hkey    = [0].pack('L')
+         key     = BASE_KEY + "#{@source}\\#{event_source}"
+         buf     = 0.chr * 8192
+         va_list = va_list0 = (num == 0) ? [] : str.unpack('Z*' * num)
+         if RegOpenKeyEx(lkey, key, 0, KEY_READ, hkey) == 0
+            value = 'ParameterMessageFile'
+            file  = 0.chr * MAX_SIZE
+            hkey  = hkey.unpack('L')[0]
+            size  = [ file.length].pack('L')
+            if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
+               file = file.nstrip
+               exe  = 0.chr * MAX_SIZE
+               ExpandEnvironmentStrings(file, exe, exe.size)
+               exe = exe.nstrip
+               va_list = va_list0.map{ |v|
+                  va = v
+                  v.scan(/%%(\d+)/).uniq.each{ |x|
+                     exe.split(';').each{ |file|
+                        hmodule  = LoadLibraryEx(
+                           file,
+                           0,
+                           DONT_RESOLVE_DLL_REFERENCES
+                        )
+                        if hmodule != 0
+                           FormatMessage(
+                              FORMAT_MESSAGE_FROM_HMODULE |
+                              FORMAT_MESSAGE_ARGUMENT_ARRAY,
+                              hmodule,
+                              x.first.to_i,
+                              0,
+                              buf,
+                              buf.size,
+                              v
+                           )
+                           FreeLibrary(hmodule)
+                           break if buf.nstrip != ""
+                        end
+                     }
+                     va = va.gsub("%%#{x.first}", buf.nstrip)
+                  }
+                  va
+               }
+            end
+            value = 'EventMessageFile'
+            file  = 0.chr * MAX_SIZE
+            size  = [file.length].pack('L')
+            if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
+               file = file.nstrip
+               exe  = 0.chr * MAX_SIZE
+               ExpandEnvironmentStrings(file, exe, exe.size)
+               exe = exe.nstrip
+               # Try to retrieve message *without* expanding the inserts yet
+               exe.split(';').each{ |file|
+                  hmodule  = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES)
+                  event_id = rec[20,4].unpack('L')[0]
+                  if hmodule != 0
+                     FormatMessage(
+                        FORMAT_MESSAGE_FROM_HMODULE |
+                        FORMAT_MESSAGE_IGNORE_INSERTS,
+                        hmodule,
+                        event_id,
+                        0,
+                        buf,
+                        buf.size,
+                        nil
+                     )
+                     FreeLibrary(hmodule)
+                     break if buf.nstrip != "" # All messages read
+                  end
+               }
+               buf  = 0.chr * 8192 # Reset the buffer
+               # Determine higest %n insert number
+               max_insert = [num,buf.nstrip.scan(/%(\d+)/).map{|x|x[0].to_i}.max].compact.max
+               # Insert dummy strings not provided by caller
+               ((num+1)..(max_insert)).each{ |x| va_list.push("%#{x}") }
+               if num == 0
+                  va_list_ptr = 0.chr * 4
+               else
+                  va_list_ptr = va_list.map{ |x|
+                     [x + 0.chr].pack('P').unpack('L')[0]
+                  }.pack('L*')
+               end
+               exe.split(';').each{ |file|
+                  hmodule  = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES)
+                  event_id = rec[20,4].unpack('L')[0]
+                  if hmodule != 0
+                     FormatMessage(
+                        FORMAT_MESSAGE_FROM_HMODULE |
+                        FORMAT_MESSAGE_ARGUMENT_ARRAY,
+                        hmodule,
+                        event_id,
+                        0,
+                        buf,
+                        buf.size,
+                        va_list_ptr
+                     )
+                     FreeLibrary(hmodule)
+                     break if buf.nstrip != "" # All messages read
+                  end
+               }
+            end
+            RegCloseKey(hkey)
+         end
+         [va_list0, buf.strip]
+      end
    end
 end

data/test/tc_eventlog.rb CHANGED

@@ -23,7 +23,7 @@ class TC_EventLog < Test::Unit::TestCase
    end
    def test_version
-      assert_equal('0.4.6', EventLog::VERSION)
+      assert_equal('0.4.7', EventLog::VERSION)
    end
    # Use the alias to validate it as well.

data/win32-eventlog.gemspec CHANGED

@@ -2,7 +2,7 @@ require "rubygems"
 spec = Gem::Specification.new do |gem|
    gem.name        = "win32-eventlog"
-   gem.version     = "0.4.6"
+   gem.version     = "0.4.7"
    gem.author      = "Daniel J. Berger"
    gem.email       = "djberg96@gmail.com"
    gem.homepage    = "http://www.rubyforge.org/projects/win32utils"

metadata CHANGED

@@ -1,33 +1,37 @@
 --- !ruby/object:Gem::Specification
-rubygems_version: 0.9.4
-specification_version: 1
 name: win32-eventlog
 version: !ruby/object:Gem::Version
-  version: 0.4.6
-date: 2007-08-27 00:00:00 -06:00
-summary: Interface for the MS Windows Event Log.
-require_paths:
-- lib
-email: djberg96@gmail.com
-homepage: http://www.rubyforge.org/projects/win32utils
-rubyforge_project:
-description: Interface for the MS Windows Event Log.
-autorequire:
-default_executable:
-bindir: bin
-has_rdoc: true
-required_ruby_version: !ruby/object:Gem::Version::Requirement
-  requirements:
-  - - ">"
-    - !ruby/object:Gem::Version
-      version: 0.0.0
-  version:
+  version: 0.4.7
 platform: ruby
-signing_key:
-cert_chain:
-post_install_message:
 authors:
 - Daniel J. Berger
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2007-12-08 00:00:00 -07:00
+default_executable:
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: windows-pr
+  version_requirement:
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+    version:
+description: Interface for the MS Windows Event Log.
+email: djberg96@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README
+- CHANGES
+- MANIFEST
+- doc/tutorial.txt
 files:
 - lib/win32/eventlog.rb
 - lib/win32/mc.rb
@@ -48,28 +52,31 @@ files:
 - test
 - win32-eventlog.gemspec
 - doc/tutorial.txt
-test_files:
-- test/ts_all.rb
+has_rdoc: true
+homepage: http://www.rubyforge.org/projects/win32utils
+post_install_message:
 rdoc_options: []
-extra_rdoc_files:
-- README
-- CHANGES
-- MANIFEST
-- doc/tutorial.txt
-executables: []
-extensions: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
 requirements: []
-dependencies:
-- !ruby/object:Gem::Dependency
-  name: windows-pr
-  version_requirement:
-  version_requirements: !ruby/object:Gem::Version::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.5.0
-    version:
+rubyforge_project:
+rubygems_version: 0.9.5
+signing_key:
+specification_version: 2
+summary: Interface for the MS Windows Event Log.
+test_files:
+- test/ts_all.rb