win32-eventlog 0.4.8 → 0.4.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/CHANGES +9 -0
  2. data/README +5 -1
  3. data/lib/win32/eventlog.rb +255 -222
  4. data/win32-eventlog.gemspec +1 -1
  5. metadata +4 -5
data/CHANGES CHANGED
@@ -1,3 +1,12 @@
1
+ = 0.4.9 - 7-Sep-2008
2
+ * The private get_description method, which is used internally to read the
3
+ event log, has been updated to work with 64 bit Windows. The changes needed
4
+ for this require a more recent windows-pr library, i.e. 0.9.2 or later.
5
+ * Now properly separates the string inserts and description in the private
6
+ method get_last_event. This fixes the description and string_insert
7
+ properties for both the EventLog#tail and EventLog#notify_change methods.
8
+ * Some internal refactoring to use begin/ensure where appropriate.
9
+
1
10
  = 0.4.8 - 17-May-2008
2
11
  * Fixed in a bug in the EventLog#read method where a log entry requiring
3
12
  over 64k would fail and spiral into an infinite loop. Thanks go to
data/README CHANGED
@@ -50,7 +50,11 @@
50
50
  them somewhere on your system.
51
51
 
52
52
  = Known Issues
53
- None known. Please file any bug reports on the project page at
53
+ Not all event descriptions from Windows Vista/2008 or later will necessarily
54
+ be picked up because of a new event logging format and api that Microsoft
55
+ has introduced. This will be addressed in the next major release.
56
+
57
+ Please file any bug reports on the project page at
54
58
  http://www.rubyforge.org/projects/win32utils.
55
59
 
56
60
  = License
data/lib/win32/eventlog.rb CHANGED
@@ -37,7 +37,8 @@ module Win32
37
37
  extend Windows::Error
38
38
  extend Windows::Registry
39
39
 
40
- VERSION = '0.4.8'
40
+ # The version of the win32-eventlog library
41
+ VERSION = '0.4.9'
41
42
 
42
43
  # Aliased read flags
43
44
  FORWARDS_READ = EVENTLOG_FORWARDS_READ
@@ -170,8 +171,15 @@ module Win32
170
171
  def self.add_event_source(args)
171
172
  raise TypeError unless args.is_a?(Hash)
172
173
 
173
- valid_keys = %w/source key_name category_count event_message_file
174
- category_message_file parameter_message_file supported_types/
174
+ valid_keys = %w/
175
+ source
176
+ key_name
177
+ category_count
178
+ event_message_file
179
+ category_message_file
180
+ parameter_message_file
181
+ supported_types
182
+ /
175
183
 
176
184
  key_base = "SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
177
185
 
@@ -220,140 +228,139 @@ module Win32
220
228
  hkey = hkey.unpack('L')[0]
221
229
  data = "%SystemRoot%\\System32\\config\\#{hash['source']}.evt"
222
230
 
223
- rv = RegSetValueEx(
224
- hkey,
225
- 'File',
226
- 0,
227
- REG_EXPAND_SZ,
228
- data,
229
- data.size
230
- )
231
-
232
- if rv != ERROR_SUCCESS
233
- error = 'RegSetValueEx() failed: ', get_last_error
234
- RegCloseKey(hkey)
235
- raise Error, error
236
- end
237
-
238
- RegCloseKey(hkey)
239
-
240
- hkey = [0].pack('L')
241
- key = key_base << hash['source'] << "\\" << hash['key_name']
242
-
243
- disposition = [0].pack('L')
244
-
245
- rv = RegCreateKeyEx(
246
- HKEY_LOCAL_MACHINE,
247
- key,
248
- 0,
249
- nil,
250
- REG_OPTION_NON_VOLATILE,
251
- KEY_WRITE,
252
- nil,
253
- hkey,
254
- disposition
255
- )
256
-
257
- if rv != ERROR_SUCCESS
258
- raise Error, 'RegCreateKeyEx() failed: ' + get_last_error
259
- end
260
-
261
- hkey = hkey.unpack('L')[0]
262
-
263
- if hash['category_count']
264
- data = [hash['category_count']].pack('L')
265
-
231
+ begin
266
232
  rv = RegSetValueEx(
267
233
  hkey,
268
- 'CategoryCount',
234
+ 'File',
269
235
  0,
270
- REG_DWORD,
236
+ REG_EXPAND_SZ,
271
237
  data,
272
238
  data.size
273
239
  )
274
-
240
+
275
241
  if rv != ERROR_SUCCESS
276
- error = 'RegSetValueEx() failed: ' + get_last_error
277
- RegCloseKey(hkey)
242
+ error = 'RegSetValueEx() failed: ', get_last_error
278
243
  raise Error, error
279
244
  end
245
+ ensure
246
+ RegCloseKey(hkey)
280
247
  end
281
248
 
282
- if hash['category_message_file']
283
- data = File.expand_path(hash['category_message_file'])
284
-
285
- rv = RegSetValueEx(
286
- hkey,
287
- 'CategoryMessageFile',
249
+ hkey = [0].pack('L')
250
+ key = key_base << hash['source'] << "\\" << hash['key_name']
251
+
252
+ disposition = [0].pack('L')
253
+
254
+ begin
255
+ rv = RegCreateKeyEx(
256
+ HKEY_LOCAL_MACHINE,
257
+ key,
288
258
  0,
289
- REG_EXPAND_SZ,
290
- data,
291
- data.size
259
+ nil,
260
+ REG_OPTION_NON_VOLATILE,
261
+ KEY_WRITE,
262
+ nil,
263
+ hkey,
264
+ disposition
292
265
  )
293
-
266
+
294
267
  if rv != ERROR_SUCCESS
295
- error = 'RegSetValueEx() failed: ' + get_last_error
296
- RegCloseKey(hkey)
297
- raise Error, error
268
+ raise Error, 'RegCreateKeyEx() failed: ' + get_last_error
298
269
  end
299
- end
300
-
301
- if hash['event_message_file']
302
- data = File.expand_path(hash['event_message_file'])
303
270
 
304
- rv = RegSetValueEx(
305
- hkey,
306
- 'EventMessageFile',
307
- 0,
308
- REG_EXPAND_SZ,
309
- data,
310
- data.size
311
- )
271
+ hkey = hkey.unpack('L')[0]
312
272
 
313
- if rv != ERROR_SUCCESS
314
- error = 'RegSetValueEx() failed: ' + get_last_error
315
- RegCloseKey(hkey)
316
- raise Error, error
273
+ if hash['category_count']
274
+ data = [hash['category_count']].pack('L')
275
+
276
+ rv = RegSetValueEx(
277
+ hkey,
278
+ 'CategoryCount',
279
+ 0,
280
+ REG_DWORD,
281
+ data,
282
+ data.size
283
+ )
284
+
285
+ if rv != ERROR_SUCCESS
286
+ error = 'RegSetValueEx() failed: ' + get_last_error
287
+ raise Error, error
288
+ end
317
289
  end
318
- end
319
-
320
- if hash['parameter_message_file']
321
- data = File.expand_path(hash['parameter_message_file'])
322
-
290
+
291
+ if hash['category_message_file']
292
+ data = File.expand_path(hash['category_message_file'])
293
+
294
+ rv = RegSetValueEx(
295
+ hkey,
296
+ 'CategoryMessageFile',
297
+ 0,
298
+ REG_EXPAND_SZ,
299
+ data,
300
+ data.size
301
+ )
302
+
303
+ if rv != ERROR_SUCCESS
304
+ error = 'RegSetValueEx() failed: ' + get_last_error
305
+ raise Error, error
306
+ end
307
+ end
308
+
309
+ if hash['event_message_file']
310
+ data = File.expand_path(hash['event_message_file'])
311
+
312
+ rv = RegSetValueEx(
313
+ hkey,
314
+ 'EventMessageFile',
315
+ 0,
316
+ REG_EXPAND_SZ,
317
+ data,
318
+ data.size
319
+ )
320
+
321
+ if rv != ERROR_SUCCESS
322
+ error = 'RegSetValueEx() failed: ' + get_last_error
323
+ raise Error, error
324
+ end
325
+ end
326
+
327
+ if hash['parameter_message_file']
328
+ data = File.expand_path(hash['parameter_message_file'])
329
+
330
+ rv = RegSetValueEx(
331
+ hkey,
332
+ 'ParameterMessageFile',
333
+ 0,
334
+ REG_EXPAND_SZ,
335
+ data,
336
+ data.size
337
+ )
338
+
339
+ if rv != ERROR_SUCCESS
340
+ error = 'RegSetValueEx() failed: ' + get_last_error
341
+ raise Error, error
342
+ end
343
+ end
344
+
345
+ data = [hash['supported_types']].pack('L')
346
+
323
347
  rv = RegSetValueEx(
324
348
  hkey,
325
- 'ParameterMessageFile',
349
+ 'TypesSupported',
326
350
  0,
327
- REG_EXPAND_SZ,
351
+ REG_DWORD,
328
352
  data,
329
353
  data.size
330
354
  )
331
-
355
+
332
356
  if rv != ERROR_SUCCESS
333
357
  error = 'RegSetValueEx() failed: ' + get_last_error
334
- RegCloseKey(hkey)
335
358
  raise Error, error
336
359
  end
337
- end
338
-
339
- data = [hash['supported_types']].pack('L')
340
- rv = RegSetValueEx(
341
- hkey,
342
- 'TypesSupported',
343
- 0,
344
- REG_DWORD,
345
- data,
346
- data.size
347
- )
348
-
349
- if rv != ERROR_SUCCESS
350
- error = 'RegSetValueEx() failed: ' + get_last_error
360
+ ensure
351
361
  RegCloseKey(hkey)
352
- raise Error, error
353
362
  end
354
363
 
355
- RegCloseKey(hkey)
356
-
357
364
  disposition.unpack('L')[0]
358
365
  end
359
366
 
@@ -462,16 +469,18 @@ module Win32
462
469
 
463
470
  wait_result = WaitForSingleObject(event, INFINITE)
464
471
 
465
- if wait_result == WAIT_FAILED
466
- error = 'WaitForSingleObject() failed: ' + get_last_error
472
+ begin
473
+ if wait_result == WAIT_FAILED
474
+ error = 'WaitForSingleObject() failed: ' + get_last_error
475
+ raise Error, error
476
+ else
477
+ last = read_last_event
478
+ block.call(last)
479
+ end
480
+ ensure
467
481
  CloseHandle(event)
468
- raise Error, error
469
- else
470
- last = read_last_event
471
- block.call(last)
472
482
  end
473
483
 
474
- CloseHandle(event)
475
484
  self
476
485
  end
477
486
 
@@ -743,11 +752,11 @@ module Win32
743
752
  lkey = hkey.unpack('L').first
744
753
  end
745
754
 
746
- event_source = buf[56..-1].nstrip
747
- computer = buf[56 + event_source.length + 1..-1].nstrip
748
- event_type = get_event_type(buf[24,2].unpack('S')[0])
749
- user = get_user(buf)
750
- desc = get_description(buf, event_source, lkey)
755
+ event_source = buf[56..-1].nstrip
756
+ computer = buf[56 + event_source.length + 1..-1].nstrip
757
+ event_type = get_event_type(buf[24,2].unpack('S')[0])
758
+ user = get_user(buf)
759
+ strings, desc = get_description(buf, event_source, lkey)
751
760
 
752
761
  struct = EventLogStruct.new
753
762
  struct.source = event_source
@@ -759,6 +768,7 @@ module Win32
759
768
  struct.event_type = event_type
760
769
  struct.user = user
761
770
  struct.category = buf[28,2].unpack('S')[0]
771
+ struct.string_inserts = strings
762
772
  struct.description = desc
763
773
 
764
774
  struct
@@ -823,123 +833,146 @@ module Win32
823
833
  key = BASE_KEY + "#{@source}\\#{event_source}"
824
834
  buf = 0.chr * 8192
825
835
  va_list = va_list0 = (num == 0) ? [] : str.unpack('Z*' * num)
836
+
837
+ begin
838
+ if defined? Wow64DisableWow64FsRedirection
839
+ old_wow_val = 0.chr * 4
840
+ Wow64DisableWow64FsRedirection(old_wow_val)
841
+ end
826
842
 
827
- if RegOpenKeyEx(lkey, key, 0, KEY_READ, hkey) == 0
828
- value = 'ParameterMessageFile'
829
- file = 0.chr * MAX_SIZE
830
- hkey = hkey.unpack('L')[0]
831
- size = [ file.length].pack('L')
832
-
833
- if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
834
- file = file.nstrip
835
- exe = 0.chr * MAX_SIZE
836
- ExpandEnvironmentStrings(file, exe, exe.size)
837
- exe = exe.nstrip
838
-
839
- va_list = va_list0.map{ |v|
840
- va = v
841
-
842
- v.scan(/%%(\d+)/).uniq.each{ |x|
843
- exe.split(';').each{ |file|
844
- hmodule = LoadLibraryEx(
845
- file,
846
- 0,
847
- DONT_RESOLVE_DLL_REFERENCES
848
- )
849
-
850
- if hmodule != 0
851
- FormatMessage(
852
- FORMAT_MESSAGE_FROM_HMODULE |
853
- FORMAT_MESSAGE_ARGUMENT_ARRAY,
854
- hmodule,
855
- x.first.to_i,
843
+ if RegOpenKeyEx(lkey, key, 0, KEY_READ, hkey) == 0
844
+ value = 'ParameterMessageFile'
845
+ file = 0.chr * MAX_SIZE
846
+ hkey = hkey.unpack('L')[0]
847
+ size = [ file.length].pack('L')
848
+
849
+ if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
850
+ file = file.nstrip
851
+ exe = 0.chr * MAX_SIZE
852
+ ExpandEnvironmentStrings(file, exe, exe.size)
853
+ exe = exe.nstrip
854
+
855
+ va_list = va_list0.map{ |v|
856
+ va = v
857
+
858
+ v.scan(/%%(\d+)/).uniq.each{ |x|
859
+ exe.split(';').each{ |file|
860
+ hmodule = LoadLibraryEx(
861
+ file,
856
862
  0,
857
- buf,
858
- buf.size,
859
- v
863
+ DONT_RESOLVE_DLL_REFERENCES |
864
+ LOAD_LIBRARY_AS_DATAFILE
860
865
  )
861
- FreeLibrary(hmodule)
862
- break if buf.nstrip != ""
863
- end
866
+
867
+ if hmodule != 0
868
+ FormatMessage(
869
+ FORMAT_MESSAGE_FROM_HMODULE |
870
+ FORMAT_MESSAGE_ARGUMENT_ARRAY,
871
+ hmodule,
872
+ x.first.to_i,
873
+ 0,
874
+ buf,
875
+ buf.size,
876
+ v
877
+ )
878
+ FreeLibrary(hmodule)
879
+ break if buf.nstrip != ""
880
+ end
881
+ }
882
+ va = va.gsub("%%#{x.first}", buf.nstrip)
864
883
  }
865
- va = va.gsub("%%#{x.first}", buf.nstrip)
884
+ va
866
885
  }
867
- va
868
- }
869
- end
870
-
871
- value = 'EventMessageFile'
872
- file = 0.chr * MAX_SIZE
873
- size = [file.length].pack('L')
874
-
875
- if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
876
- file = file.nstrip
877
- exe = 0.chr * MAX_SIZE
886
+ end
887
+
888
+ value = 'EventMessageFile'
889
+ file = 0.chr * MAX_SIZE
890
+ size = [file.length].pack('L')
878
891
 
879
- ExpandEnvironmentStrings(file, exe, exe.size)
880
- exe = exe.nstrip
881
-
882
- # Try to retrieve message *without* expanding the inserts yet
883
- exe.split(';').each{ |file|
884
- hmodule = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES)
885
- event_id = rec[20,4].unpack('L')[0]
886
-
887
- if hmodule != 0
888
- FormatMessage(
889
- FORMAT_MESSAGE_FROM_HMODULE |
890
- FORMAT_MESSAGE_IGNORE_INSERTS,
891
- hmodule,
892
- event_id,
892
+ if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0
893
+ file = file.nstrip
894
+ exe = 0.chr * MAX_SIZE
895
+
896
+ ExpandEnvironmentStrings(file, exe, exe.size)
897
+ exe = exe.nstrip
898
+
899
+ # Try to retrieve message *without* expanding the inserts yet
900
+ exe.split(';').each{ |file|
901
+ hmodule = LoadLibraryEx(
902
+ file,
893
903
  0,
894
- buf,
895
- buf.size,
896
- nil
904
+ DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE
897
905
  )
898
-
899
- FreeLibrary(hmodule)
900
- break if buf.nstrip != "" # All messages read
901
- end
902
- }
903
-
904
- buf = 0.chr * 8192 # Reset the buffer
905
-
906
- # Determine higest %n insert number
907
- max_insert = [num,buf.nstrip.scan(/%(\d+)/).map{|x|x[0].to_i}.max].compact.max
908
-
909
- # Insert dummy strings not provided by caller
910
- ((num+1)..(max_insert)).each{ |x| va_list.push("%#{x}") }
911
-
912
- if num == 0
913
- va_list_ptr = 0.chr * 4
914
- else
915
- va_list_ptr = va_list.map{ |x|
916
- [x + 0.chr].pack('P').unpack('L')[0]
917
- }.pack('L*')
918
- end
919
-
920
- exe.split(';').each{ |file|
921
- hmodule = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES)
922
- event_id = rec[20,4].unpack('L')[0]
906
+
907
+ event_id = rec[20,4].unpack('L')[0]
908
+
909
+ if hmodule != 0
910
+ FormatMessage(
911
+ FORMAT_MESSAGE_FROM_HMODULE |
912
+ FORMAT_MESSAGE_IGNORE_INSERTS,
913
+ hmodule,
914
+ event_id,
915
+ 0,
916
+ buf,
917
+ buf.size,
918
+ nil
919
+ )
920
+
921
+ FreeLibrary(hmodule)
922
+ break if buf.nstrip != "" # All messages read
923
+ end
924
+ }
925
+
926
+ buf = 0.chr * 8192 # Reset the buffer
923
927
 
924
- if hmodule != 0
925
- FormatMessage(
926
- FORMAT_MESSAGE_FROM_HMODULE |
927
- FORMAT_MESSAGE_ARGUMENT_ARRAY,
928
- hmodule,
929
- event_id,
928
+ # Determine higest %n insert number
929
+ max_insert = [num, buf.nstrip.scan(/%(\d+)/).map{ |x| x[0].to_i }.max].compact.max
930
+
931
+ # Insert dummy strings not provided by caller
932
+ ((num+1)..(max_insert)).each{ |x| va_list.push("%#{x}") }
933
+
934
+ if num == 0
935
+ va_list_ptr = 0.chr * 4
936
+ else
937
+ va_list_ptr = va_list.map{ |x|
938
+ [x + 0.chr].pack('P').unpack('L')[0]
939
+ }.pack('L*')
940
+ end
941
+
942
+ exe.split(';').each{ |file|
943
+ hmodule = LoadLibraryEx(
944
+ file,
930
945
  0,
931
- buf,
932
- buf.size,
933
- va_list_ptr
946
+ DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE
934
947
  )
935
-
936
- FreeLibrary(hmodule)
937
- break if buf.nstrip != "" # All messages read
938
- end
939
- }
948
+
949
+ event_id = rec[20,4].unpack('L')[0]
950
+
951
+ if hmodule != 0
952
+ FormatMessage(
953
+ FORMAT_MESSAGE_FROM_HMODULE |
954
+ FORMAT_MESSAGE_ARGUMENT_ARRAY,
955
+ hmodule,
956
+ event_id,
957
+ 0,
958
+ buf,
959
+ buf.size,
960
+ va_list_ptr
961
+ )
962
+
963
+ FreeLibrary(hmodule)
964
+ break if buf.nstrip != "" # All messages read
965
+ end
966
+ }
967
+ end
968
+ RegCloseKey(hkey)
969
+ end
970
+ ensure
971
+ if defined? Wow64RevertWow64FsRedirection
972
+ Wow64RevertWow64FsRedirection(old_wow_val.unpack('L')[0])
940
973
  end
941
- RegCloseKey(hkey)
942
974
  end
975
+
943
976
  [va_list0, buf.strip]
944
977
  end
945
978
  end
data/win32-eventlog.gemspec CHANGED
@@ -2,7 +2,7 @@ require "rubygems"
2
2
 
3
3
  spec = Gem::Specification.new do |gem|
4
4
  gem.name = "win32-eventlog"
5
- gem.version = "0.4.8"
5
+ gem.version = "0.4.9"
6
6
  gem.author = "Daniel J. Berger"
7
7
  gem.email = "djberg96@gmail.com"
8
8
  gem.homepage = "http://www.rubyforge.org/projects/win32utils"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: win32-eventlog
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.8
4
+ version: 0.4.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel J. Berger
@@ -9,11 +9,12 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-05-17 00:00:00 -06:00
12
+ date: 2008-09-07 00:00:00 -06:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: windows-pr
17
+ type: :runtime
17
18
  version_requirement:
18
19
  version_requirements: !ruby/object:Gem::Requirement
19
20
  requirements:
@@ -35,13 +36,11 @@ extra_rdoc_files:
35
36
  files:
36
37
  - lib/win32/eventlog.rb
37
38
  - lib/win32/mc.rb
38
- - test/CVS
39
39
  - test/foo.mc
40
40
  - test/tc_eventlog.rb
41
41
  - test/tc_mc.rb
42
42
  - test/ts_all.rb
43
43
  - CHANGES
44
- - CVS
45
44
  - doc
46
45
  - examples
47
46
  - lib
@@ -74,7 +73,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
74
73
  requirements: []
75
74
 
76
75
  rubyforge_project:
77
- rubygems_version: 1.1.1
76
+ rubygems_version: 1.2.0
78
77
  signing_key:
79
78
  specification_version: 2
80
79
  summary: Interface for the MS Windows Event Log.