RubyGems - winevt_c - Versions diffs - 0.1.1-x86-mingw32 → 0.2.0-x86-mingw32 - Mend

winevt_c 0.1.1-x86-mingw32 → 0.2.0-x86-mingw32

Files changed (15) hide show

checksums.yaml +4 -4
data/example/eventlog.rb +11 -2
data/example/tailing.rb +13 -2
data/ext/winevt/winevt.c +6 -737
data/ext/winevt/winevt_bookmark.c +100 -0
data/ext/winevt/winevt_c.h +65 -0
data/ext/winevt/winevt_channel.c +103 -0
data/ext/winevt/winevt_query.c +245 -0
data/ext/winevt/winevt_subscribe.c +220 -0
data/ext/winevt/winevt_utils.c +236 -0
data/lib/winevt/2.4/winevt.so +0 -0
data/lib/winevt/2.5/winevt.so +0 -0
data/lib/winevt/2.6/winevt.so +0 -0
data/lib/winevt/version.rb +1 -1
metadata +8 -2

data/ext/winevt/winevt_bookmark.c ADDED Viewed

@@ -0,0 +1,100 @@
+#include <winevt_c.h>
+static void bookmark_free(void *ptr);
+static const rb_data_type_t rb_winevt_bookmark_type = {
+  "winevt/bookmark", {
+    0, bookmark_free, 0,
+  }, NULL, NULL,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+static void
+bookmark_free(void *ptr)
+{
+  struct WinevtBookmark *winevtBookmark = (struct WinevtBookmark *)ptr;
+  if (winevtBookmark->bookmark)
+    EvtClose(winevtBookmark->bookmark);
+  xfree(ptr);
+}
+static VALUE
+rb_winevt_bookmark_alloc(VALUE klass)
+{
+  VALUE obj;
+  struct WinevtBookmark *winevtBookmark;
+  obj = TypedData_Make_Struct(klass,
+                              struct WinevtBookmark,
+                              &rb_winevt_bookmark_type,
+                              winevtBookmark);
+  return obj;
+}
+static VALUE
+rb_winevt_bookmark_initialize(int argc, VALUE *argv, VALUE self)
+{
+  PWSTR bookmarkXml;
+  VALUE wbookmarkXmlBuf;
+  DWORD len;
+  struct WinevtBookmark *winevtBookmark;
+  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
+  if (argc == 0) {
+    winevtBookmark->bookmark = EvtCreateBookmark(NULL);
+  } else if (argc == 1) {
+    VALUE rb_bookmarkXml;
+    rb_scan_args(argc, argv, "10", &rb_bookmarkXml);
+    Check_Type(rb_bookmarkXml, T_STRING);
+    // bookmarkXml : To wide char
+    len = MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), NULL, 0);
+    bookmarkXml = ALLOCV_N(WCHAR, wbookmarkXmlBuf, len+1);
+    MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), bookmarkXml, len);
+    bookmarkXml[len] = L'\0';
+    winevtBookmark->bookmark = EvtCreateBookmark(bookmarkXml);
+    ALLOCV_END(wbookmarkXmlBuf);
+  }
+  return Qnil;
+}
+static VALUE
+rb_winevt_bookmark_update(VALUE self, VALUE event)
+{
+  struct WinevtQuery *winevtQuery;
+  struct WinevtBookmark *winevtBookmark;
+  winevtQuery = EventQuery(event);
+  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
+  if(EvtUpdateBookmark(winevtBookmark->bookmark, winevtQuery->event))
+    return Qtrue;
+  return Qfalse;
+}
+static VALUE
+rb_winevt_bookmark_render(VALUE self)
+{
+  char* result;
+  struct WinevtBookmark *winevtBookmark;
+  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
+  result = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
+  return rb_str_new2(result);
+}
+void Init_winevt_bookmark(VALUE rb_cEventLog)
+{
+  rb_cBookmark = rb_define_class_under(rb_cEventLog, "Bookmark", rb_cObject);
+  rb_define_alloc_func(rb_cBookmark, rb_winevt_bookmark_alloc);
+  rb_define_method(rb_cBookmark, "initialize", rb_winevt_bookmark_initialize, -1);
+  rb_define_method(rb_cBookmark, "update", rb_winevt_bookmark_update, 1);
+  rb_define_method(rb_cBookmark, "render", rb_winevt_bookmark_render, 0);
+}

data/ext/winevt/winevt_c.h ADDED Viewed

@@ -0,0 +1,65 @@
+#ifndef _WINEVT_C_H_
+#define _WINEVT_C_H_
+#include <ruby.h>
+#include <ruby/encoding.h>
+#ifdef __GNUC__
+# include <w32api.h>
+# define MINIMUM_WINDOWS_VERSION WindowsVista
+#else /* __GNUC__ */
+# define MINIMUM_WINDOWS_VERSION 0x0600 /* Vista */
+#endif /* __GNUC__ */
+#ifdef _WIN32_WINNT
+#  undef WIN32_WINNT
+#endif /* WIN32_WINNT */
+#define _WIN32_WINNT MINIMUM_WINDOWS_VERSION
+#include <winevt.h>
+#define EventQuery(object) ((struct WinevtQuery *)DATA_PTR(object))
+#define EventBookMark(object) ((struct WinevtBookmark *)DATA_PTR(object))
+#define EventChannel(object) ((struct WinevtChannel *)DATA_PTR(object))
+char* wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen);
+char* render_event(EVT_HANDLE handle, DWORD flags);
+char* get_description(EVT_HANDLE handle);
+VALUE rb_cQuery;
+VALUE rb_cChannel;
+VALUE rb_cBookmark;
+VALUE rb_cSubscribe;
+VALUE rb_eWinevtQueryError;
+struct WinevtChannel {
+  EVT_HANDLE channels;
+};
+struct WinevtBookmark {
+  EVT_HANDLE bookmark;
+  ULONG      count;
+};
+struct WinevtQuery {
+  EVT_HANDLE query;
+  EVT_HANDLE event;
+  ULONG      count;
+  LONG       offset;
+  LONG       timeout;
+};
+struct WinevtSubscribe {
+  HANDLE     signalEvent;
+  EVT_HANDLE subscription;
+  EVT_HANDLE bookmark;
+  EVT_HANDLE event;
+  DWORD      flags;
+  BOOL       tailing;
+};
+void Init_winevt_query(VALUE rb_cEventLog);
+void Init_winevt_channel(VALUE rb_cEventLog);
+void Init_winevt_bookmark(VALUE rb_cEventLog);
+void Init_winevt_subscribe(VALUE rb_cEventLog);
+#endif // _WINEVT_C_H

data/ext/winevt/winevt_channel.c ADDED Viewed

@@ -0,0 +1,103 @@
+#include <winevt_c.h>
+static void channel_free(void *ptr);
+static const rb_data_type_t rb_winevt_channel_type = {
+  "winevt/channel", {
+    0, channel_free, 0,
+  }, NULL, NULL,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+static void
+channel_free(void *ptr)
+{
+  struct WinevtChannel *winevtChannel = (struct WinevtChannel *)ptr;
+  if (winevtChannel->channels)
+    EvtClose(winevtChannel->channels);
+  xfree(ptr);
+}
+static VALUE
+rb_winevt_channel_alloc(VALUE klass)
+{
+  VALUE obj;
+  struct WinevtChannel *winevtChannel;
+  obj = TypedData_Make_Struct(klass,
+                              struct WinevtChannel,
+                              &rb_winevt_channel_type,
+                              winevtChannel);
+  return obj;
+}
+static VALUE
+rb_winevt_channel_initialize(VALUE klass)
+{
+  return Qnil;
+}
+static VALUE
+rb_winevt_channel_each(VALUE self)
+{
+  EVT_HANDLE hChannels;
+  struct WinevtChannel *winevtChannel;
+  char *errBuf;
+  char * result;
+  LPWSTR buffer = NULL;
+  LPWSTR temp = NULL;
+  DWORD bufferSize = 0;
+  DWORD bufferUsed = 0;
+  DWORD status = ERROR_SUCCESS;
+  RETURN_ENUMERATOR(self, 0, 0);
+  TypedData_Get_Struct(self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  hChannels = EvtOpenChannelEnum(NULL, 0);
+  if (hChannels) {
+    winevtChannel->channels = hChannels;
+  } else {
+    sprintf(errBuf, "Failed to enumerate channels with %s\n", GetLastError());
+    rb_raise(rb_eRuntimeError, errBuf);
+  }
+  while (1) {
+    if (!EvtNextChannelPath(winevtChannel->channels, bufferSize, buffer, &bufferUsed)) {
+      status = GetLastError();
+      if (ERROR_NO_MORE_ITEMS == status) {
+        break;
+      } else if (ERROR_INSUFFICIENT_BUFFER == status) {
+        bufferSize = bufferUsed;
+        temp = (LPWSTR)realloc(buffer, bufferSize * sizeof(WCHAR));
+        if (temp) {
+          buffer = temp;
+          temp = NULL;
+          EvtNextChannelPath(winevtChannel->channels, bufferSize, buffer, &bufferUsed);
+        } else {
+          status = ERROR_OUTOFMEMORY;
+          rb_raise(rb_eRuntimeError, "realloc failed");
+        }
+      } else {
+        sprintf(errBuf, "EvtNextChannelPath failed with %lu.\n", status);
+        rb_raise(rb_eRuntimeError, errBuf);
+      }
+    }
+    result = wstr_to_mbstr(CP_UTF8, buffer, -1);
+    rb_yield(rb_str_new2(result));
+  }
+  return Qnil;
+}
+void Init_winevt_channel(VALUE rb_cEventLog)
+{
+  rb_cChannel = rb_define_class_under(rb_cEventLog, "Channel", rb_cObject);
+  rb_define_alloc_func(rb_cChannel, rb_winevt_channel_alloc);
+  rb_define_method(rb_cChannel, "initialize", rb_winevt_channel_initialize, 0);
+  rb_define_method(rb_cChannel, "each", rb_winevt_channel_each, 0);
+}

data/ext/winevt/winevt_query.c ADDED Viewed

@@ -0,0 +1,245 @@
+#include <winevt_c.h>
+static void query_free(void *ptr);
+static const rb_data_type_t rb_winevt_query_type = {
+  "winevt/query", {
+    0, query_free, 0,
+  }, NULL, NULL,
+  RUBY_TYPED_FREE_IMMEDIATELY
+};
+static void
+query_free(void *ptr)
+{
+  struct WinevtQuery *winevtQuery = (struct WinevtQuery *)ptr;
+  if (winevtQuery->query)
+    EvtClose(winevtQuery->query);
+  if (winevtQuery->event)
+    EvtClose(winevtQuery->event);
+  xfree(ptr);
+}
+static VALUE
+rb_winevt_query_alloc(VALUE klass)
+{
+  VALUE obj;
+  struct WinevtQuery *winevtQuery;
+  obj = TypedData_Make_Struct(klass,
+                              struct WinevtQuery,
+                              &rb_winevt_query_type,
+                              winevtQuery);
+  return obj;
+}
+static VALUE
+rb_winevt_query_initialize(VALUE self, VALUE channel, VALUE xpath)
+{
+  PWSTR evtChannel, evtXPath;
+  struct WinevtQuery *winevtQuery;
+  DWORD len;
+  VALUE wchannelBuf, wpathBuf;
+  Check_Type(channel, T_STRING);
+  Check_Type(xpath, T_STRING);
+  // channel : To wide char
+  len = MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(channel), RSTRING_LEN(channel), NULL, 0);
+  evtChannel = ALLOCV_N(WCHAR, wchannelBuf, len+1);
+  MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(channel), RSTRING_LEN(channel), evtChannel, len);
+  evtChannel[len] = L'\0';
+  // xpath : To wide char
+  len = MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(xpath), RSTRING_LEN(xpath), NULL, 0);
+  evtXPath = ALLOCV_N(WCHAR, wpathBuf, len+1);
+  MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(xpath), RSTRING_LEN(xpath), evtXPath, len);
+  evtXPath[len] = L'\0';
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  winevtQuery->query = EvtQuery(NULL, evtChannel, evtXPath,
+                                EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
+  winevtQuery->offset = 0L;
+  winevtQuery->timeout = 0L;
+  ALLOCV_END(wchannelBuf);
+  ALLOCV_END(wpathBuf);
+  return Qnil;
+}
+static VALUE
+rb_winevt_query_get_offset(VALUE self, VALUE offset)
+{
+  struct WinevtQuery *winevtQuery;
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  return LONG2NUM(winevtQuery->offset);
+}
+static VALUE
+rb_winevt_query_set_offset(VALUE self, VALUE offset)
+{
+  struct WinevtQuery *winevtQuery;
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  winevtQuery->offset = NUM2LONG(offset);
+  return Qnil;
+}
+static VALUE
+rb_winevt_query_get_timeout(VALUE self, VALUE timeout)
+{
+  struct WinevtQuery *winevtQuery;
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  return LONG2NUM(winevtQuery->timeout);
+}
+static VALUE
+rb_winevt_query_set_timeout(VALUE self, VALUE timeout)
+{
+  struct WinevtQuery *winevtQuery;
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  winevtQuery->timeout = NUM2LONG(timeout);
+  return Qnil;
+}
+static VALUE
+rb_winevt_query_next(VALUE self)
+{
+  EVT_HANDLE event;
+  ULONG      count;
+  struct WinevtQuery *winevtQuery;
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  if (EvtNext(winevtQuery->query, 1, &event, INFINITE, 0, &count) != FALSE) {
+    winevtQuery->event = event;
+    winevtQuery->count = count;
+    return Qtrue;
+  }
+  return Qfalse;
+}
+static VALUE
+rb_winevt_query_render(VALUE self)
+{
+  char* result;
+  struct WinevtQuery *winevtQuery;
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  result = render_event(winevtQuery->event, EvtRenderEventXml);
+  get_description(winevtQuery->event);
+  return rb_str_new2(result);
+}
+static VALUE
+rb_winevt_query_message(VALUE self)
+{
+  char* result;
+  struct WinevtQuery *winevtQuery;
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  result = get_description(winevtQuery->event);
+  return rb_str_new2(result);
+}
+static DWORD
+get_evt_seek_flag_from_cstr(char* flag_str)
+{
+  if (strcmp(flag_str, "first") == 0)
+    return EvtSeekRelativeToFirst;
+  else if (strcmp(flag_str, "last") == 0)
+    return EvtSeekRelativeToLast;
+  else if (strcmp(flag_str, "current") == 0)
+    return EvtSeekRelativeToCurrent;
+  else if (strcmp(flag_str, "bookmark") == 0)
+    return EvtSeekRelativeToBookmark;
+  else if (strcmp(flag_str, "originmask") == 0)
+    return EvtSeekOriginMask;
+  else if (strcmp(flag_str, "strict") == 0)
+    return EvtSeekStrict;
+}
+static VALUE
+rb_winevt_query_seek(VALUE self, VALUE bookmark_or_flag)
+{
+  struct WinevtQuery *winevtQuery;
+  struct WinevtBookmark *winevtBookmark = NULL;
+  DWORD status;
+  DWORD flag;
+  switch (TYPE(bookmark_or_flag)) {
+  case T_SYMBOL:
+    flag = get_evt_seek_flag_from_cstr(RSTRING_PTR(rb_sym2str(bookmark_or_flag)));
+    break;
+  case T_STRING:
+    flag = get_evt_seek_flag_from_cstr(StringValueCStr(bookmark_or_flag));
+    break;
+  default:
+    if (!rb_obj_is_kind_of(bookmark_or_flag, rb_cBookmark))
+      rb_raise(rb_eArgError, "Expected a String or a Symbol or a Bookmark instance");
+    winevtBookmark = EventBookMark(bookmark_or_flag);
+  }
+  if (winevtBookmark) {
+    TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+    if (EvtSeek(winevtQuery->query, winevtQuery->offset, winevtBookmark->bookmark, winevtQuery->timeout, EvtSeekRelativeToBookmark))
+      return Qtrue;
+  } else {
+    TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+    if (EvtSeek(winevtQuery->query, winevtQuery->offset, NULL, winevtQuery->timeout, flag))
+      return Qtrue;
+  }
+  return Qfalse;
+}
+static VALUE
+rb_winevt_query_each(VALUE self)
+{
+  struct WinevtQuery *winevtQuery;
+  RETURN_ENUMERATOR(self, 0, 0);
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  while (rb_winevt_query_next(self)) {
+    rb_yield_values(2, rb_winevt_query_render(self), rb_winevt_query_message(self));
+  }
+  return Qnil;
+}
+void Init_winevt_query(VALUE rb_cEventLog)
+{
+  rb_cQuery = rb_define_class_under(rb_cEventLog, "Query", rb_cObject);
+  rb_define_alloc_func(rb_cQuery, rb_winevt_query_alloc);
+  rb_define_method(rb_cQuery, "initialize", rb_winevt_query_initialize, 2);
+  rb_define_method(rb_cQuery, "next", rb_winevt_query_next, 0);
+  rb_define_method(rb_cQuery, "render", rb_winevt_query_render, 0);
+  rb_define_method(rb_cQuery, "message", rb_winevt_query_message, 0);
+  rb_define_method(rb_cQuery, "seek", rb_winevt_query_seek, 1);
+  rb_define_method(rb_cQuery, "offset", rb_winevt_query_get_offset, 0);
+  rb_define_method(rb_cQuery, "offset=", rb_winevt_query_set_offset, 1);
+  rb_define_method(rb_cQuery, "timeout", rb_winevt_query_get_timeout, 0);
+  rb_define_method(rb_cQuery, "timeout=", rb_winevt_query_set_timeout, 1);
+  rb_define_method(rb_cQuery, "each", rb_winevt_query_each, 0);
+}