winevt_c 0.10.0 → 0.10.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/linux.yml +1 -1
- data/ext/winevt/winevt.c +4 -0
- data/ext/winevt/winevt_c.h +4 -1
- data/ext/winevt/winevt_query.c +3 -0
- data/ext/winevt/winevt_subscribe.c +30 -2
- data/ext/winevt/winevt_utils.cpp +10 -0
- data/lib/winevt/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 80b819f8d9870a7c09c90b34ca7750ddf913df9056369cc8a34b6c8883c13205
|
|
4
|
+
data.tar.gz: 49c44fb51e996fa70daae1ee8cfb4e12629624dd0d03f261b9680aa241326abf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 40985cde59f0eb8941fa07998a3461d20a02736c85765484778069790517519e273f82b75ee87499fb40f3b1018940de1ed67e31f1fc7e481b2d80f5dbcc617c
|
|
7
|
+
data.tar.gz: 862e1aa6620ec9763a82863ac5d74af158f13cb37637ea53434cf66f89e5ca039e16c52b9849a4f91b3326822ec2015cc6c5b298990259c0d8703b31d497e3d9
|
data/.github/workflows/linux.yml
CHANGED
data/ext/winevt/winevt.c
CHANGED
|
@@ -5,7 +5,9 @@ VALUE rb_cQuery;
|
|
|
5
5
|
VALUE rb_cEventLog;
|
|
6
6
|
VALUE rb_cSubscribe;
|
|
7
7
|
VALUE rb_eWinevtQueryError;
|
|
8
|
+
VALUE rb_eChannelNotFoundError;
|
|
8
9
|
VALUE rb_eRemoteHandlerError;
|
|
10
|
+
VALUE rb_eSubscribeHandlerError;
|
|
9
11
|
|
|
10
12
|
static ID id_call;
|
|
11
13
|
|
|
@@ -17,7 +19,9 @@ Init_winevt(void)
|
|
|
17
19
|
rb_cQuery = rb_define_class_under(rb_cEventLog, "Query", rb_cObject);
|
|
18
20
|
rb_cSubscribe = rb_define_class_under(rb_cEventLog, "Subscribe", rb_cObject);
|
|
19
21
|
rb_eWinevtQueryError = rb_define_class_under(rb_cQuery, "Error", rb_eStandardError);
|
|
22
|
+
rb_eChannelNotFoundError = rb_define_class_under(rb_cEventLog, "ChannelNotFoundError", rb_eStandardError);
|
|
20
23
|
rb_eRemoteHandlerError = rb_define_class_under(rb_cSubscribe, "RemoteHandlerError", rb_eRuntimeError);
|
|
24
|
+
rb_eSubscribeHandlerError = rb_define_class_under(rb_cSubscribe, "SubscribeHandlerError", rb_eRuntimeError);
|
|
21
25
|
|
|
22
26
|
Init_winevt_channel(rb_cEventLog);
|
|
23
27
|
Init_winevt_bookmark(rb_cEventLog);
|
data/ext/winevt/winevt_c.h
CHANGED
|
@@ -37,7 +37,8 @@ VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
|
|
|
37
37
|
#if defined(__cplusplus)
|
|
38
38
|
[[ noreturn ]]
|
|
39
39
|
#endif /* __cplusplus */
|
|
40
|
-
void
|
|
40
|
+
void raise_system_error(VALUE error, DWORD errorCode);
|
|
41
|
+
void raise_channel_not_found_error(VALUE channelPath);
|
|
41
42
|
VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
|
|
42
43
|
EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
|
|
43
44
|
LPWSTR username, LPWSTR password,
|
|
@@ -58,7 +59,9 @@ extern VALUE rb_cChannel;
|
|
|
58
59
|
extern VALUE rb_cBookmark;
|
|
59
60
|
extern VALUE rb_cSubscribe;
|
|
60
61
|
extern VALUE rb_eWinevtQueryError;
|
|
62
|
+
extern VALUE rb_eChannelNotFoundError;
|
|
61
63
|
extern VALUE rb_eRemoteHandlerError;
|
|
64
|
+
extern VALUE rb_eSubscribeHandlerError;
|
|
62
65
|
extern VALUE rb_cLocale;
|
|
63
66
|
extern VALUE rb_cSession;
|
|
64
67
|
|
data/ext/winevt/winevt_query.c
CHANGED
|
@@ -131,6 +131,9 @@ rb_winevt_query_initialize(VALUE argc, VALUE *argv, VALUE self)
|
|
|
131
131
|
hRemoteHandle, evtChannel, evtXPath, EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
|
|
132
132
|
err = GetLastError();
|
|
133
133
|
if (err != ERROR_SUCCESS) {
|
|
134
|
+
if (err == ERROR_EVT_CHANNEL_NOT_FOUND) {
|
|
135
|
+
raise_channel_not_found_error(channel);
|
|
136
|
+
}
|
|
134
137
|
raise_system_error(rb_eRuntimeError, err);
|
|
135
138
|
}
|
|
136
139
|
winevtQuery->offset = 0L;
|
|
@@ -174,7 +174,7 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
|
|
|
174
174
|
struct WinevtSession* winevtSession;
|
|
175
175
|
struct WinevtSubscribe* winevtSubscribe;
|
|
176
176
|
|
|
177
|
-
hSignalEvent = CreateEvent(NULL,
|
|
177
|
+
hSignalEvent = CreateEvent(NULL, TRUE, TRUE, NULL);
|
|
178
178
|
|
|
179
179
|
TypedData_Get_Struct(
|
|
180
180
|
self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
@@ -248,10 +248,17 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
|
|
|
248
248
|
if (hSignalEvent != NULL) {
|
|
249
249
|
CloseHandle(hSignalEvent);
|
|
250
250
|
}
|
|
251
|
+
|
|
251
252
|
if (rb_obj_is_kind_of(rb_session, rb_cSession)) {
|
|
252
253
|
rb_raise(rb_eRemoteHandlerError, "Remoting subscription is not working. errCode: %ld\n", status);
|
|
253
|
-
}
|
|
254
|
+
}
|
|
255
|
+
|
|
256
|
+
switch (status) {
|
|
257
|
+
case ERROR_EVT_CHANNEL_NOT_FOUND:
|
|
258
|
+
raise_channel_not_found_error(rb_path);
|
|
259
|
+
default:
|
|
254
260
|
raise_system_error(rb_eWinevtQueryError, status);
|
|
261
|
+
break;
|
|
255
262
|
}
|
|
256
263
|
}
|
|
257
264
|
|
|
@@ -334,6 +341,8 @@ rb_winevt_subscribe_next(VALUE self)
|
|
|
334
341
|
EVT_HANDLE hEvents[SUBSCRIBE_ARRAY_SIZE];
|
|
335
342
|
ULONG count = 0;
|
|
336
343
|
DWORD status = ERROR_SUCCESS;
|
|
344
|
+
DWORD dwWait = 0;
|
|
345
|
+
|
|
337
346
|
struct WinevtSubscribe* winevtSubscribe;
|
|
338
347
|
|
|
339
348
|
TypedData_Get_Struct(
|
|
@@ -348,6 +357,23 @@ rb_winevt_subscribe_next(VALUE self)
|
|
|
348
357
|
return Qfalse;
|
|
349
358
|
}
|
|
350
359
|
|
|
360
|
+
/* If a signalEvent notifies whether a state of processed event(s)
|
|
361
|
+
* is existing or not.
|
|
362
|
+
* For checking for a result of WaitForSingleObject,
|
|
363
|
+
* we need to raise SubscribeHandlerError exception when
|
|
364
|
+
* WAIT_FAILED is detected for further investigations.
|
|
365
|
+
* Note that we don't need to wait explicitly here.
|
|
366
|
+
* Because this function is inside of each enumerator.
|
|
367
|
+
* So, WaitForSingleObject should return immediately and should be
|
|
368
|
+
* processed with the latter each loops if there is no more items.
|
|
369
|
+
* Just intended to check that there is no errors here. */
|
|
370
|
+
dwWait = WaitForSingleObject(winevtSubscribe->signalEvent, 0);
|
|
371
|
+
if (dwWait == WAIT_FAILED) {
|
|
372
|
+
raise_system_error(rb_eSubscribeHandlerError, GetLastError());
|
|
373
|
+
} else if (dwWait != WAIT_OBJECT_0) {
|
|
374
|
+
return Qfalse;
|
|
375
|
+
}
|
|
376
|
+
|
|
351
377
|
if (!EvtNext(winevtSubscribe->subscription,
|
|
352
378
|
SUBSCRIBE_ARRAY_SIZE,
|
|
353
379
|
hEvents,
|
|
@@ -361,6 +387,8 @@ rb_winevt_subscribe_next(VALUE self)
|
|
|
361
387
|
if (ERROR_NO_MORE_ITEMS != status) {
|
|
362
388
|
return Qfalse;
|
|
363
389
|
}
|
|
390
|
+
|
|
391
|
+
ResetEvent(winevtSubscribe->signalEvent);
|
|
364
392
|
}
|
|
365
393
|
|
|
366
394
|
if (status == ERROR_SUCCESS) {
|
data/ext/winevt/winevt_utils.cpp
CHANGED
|
@@ -56,6 +56,16 @@ raise_system_error(VALUE error, DWORD errorCode)
|
|
|
56
56
|
#pragma GCC diagnostic pop
|
|
57
57
|
}
|
|
58
58
|
|
|
59
|
+
void
|
|
60
|
+
raise_channel_not_found_error(VALUE channelPath)
|
|
61
|
+
{
|
|
62
|
+
#pragma GCC diagnostic push
|
|
63
|
+
#pragma GCC diagnostic ignored "-Wformat="
|
|
64
|
+
#pragma GCC diagnostic ignored "-Wformat-extra-args"
|
|
65
|
+
rb_raise(rb_eChannelNotFoundError, "Channel Not Found: %" PRIsVALUE, channelPath);
|
|
66
|
+
#pragma GCC diagnostic pop
|
|
67
|
+
}
|
|
68
|
+
|
|
59
69
|
VALUE
|
|
60
70
|
render_to_rb_str(EVT_HANDLE handle, DWORD flags)
|
|
61
71
|
{
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: winevt_c
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.10.
|
|
4
|
+
version: 0.10.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-03-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|