RubyGems - winevt_c - Versions diffs - 0.2.2-x64-mingw32 → 0.2.3-x64-mingw32 - Mend

winevt_c 0.2.2-x64-mingw32 → 0.2.3-x64-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f56210fe02fd6f88d8c52cf935a8181f164da08cff966b3a79ef3d5120a9c9eb
-  data.tar.gz: 7b6d4b0aa74b08ba8ff954f8c3b5fbcfdd9bf98d2897fe4c82f12d47331f2c77
+  metadata.gz: 9e7f329d578b0b67f40eae8c55000be943bb710116e500ac044919aa7b633ecd
+  data.tar.gz: 8bd86cfc2c0653953ec7c5665719e3c8f79990dbcc1562ac7d592886563c82e1
 SHA512:
-  metadata.gz: 6c5543c487437a8cc5b9db6d77b4f03bfb079e5ca9b83d9688247dd2599e74edf6f6fcb164c4d7c2ee10f7c4680a5f278f86a2931b8b6893c7e1090ceaff20d2
-  data.tar.gz: 620ceb7ade1dfc5d484f367af9af9ab79f40734d66629aaa7a60d3f39c81b02be9a26e7d3028f3a794b71743b7543b78019ee13db3e2eb595785ba5d14b8db26
+  metadata.gz: f8f54dcc941815f5e0280ec3f1e0c0ec005d62d01ad5cf8446f2278f49959e40e13b5c7abd2bd1b2b6c96d8ffe64dd1c389f300123b722dd44bd229f5097c1e6
+  data.tar.gz: 70874739894f9627830cf6a5ceb95621768c169ec7c0f9ac890c26b3876dce83581961137506ac5f46f4af8c359ec12574006f306ea9ca031f9921b8008768de

data/ext/winevt/winevt_utils.c CHANGED Viewed

@@ -90,8 +90,9 @@ char* get_description(EVT_HANDLE handle)
   TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
   HMODULE hModule = NULL;
-  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID"};
-  EVT_HANDLE renderContext = EvtCreateRenderContext(2, eventProperties, EvtRenderContextValues);
+  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
+                                     L"Event/System/EventID/@Qualifiers"};
+  EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
   if (renderContext == NULL) {
     rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
   }
@@ -127,11 +128,15 @@ char* get_description(EVT_HANDLE handle)
     WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
   }
-  DWORD eventId = 0;
+  DWORD eventId = 0, qualifiers = 0;
   if (values[1].Type == EvtVarTypeUInt16) {
     eventId = values[1].UInt16Val;
   }
+  if (values[2].Type == EvtVarTypeUInt16) {
+    qualifiers = values[2].UInt16Val;
+  }
   // Open publisher metadata
   hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
   if (hMetadata == NULL) {
@@ -202,21 +207,25 @@ char* get_description(EVT_HANDLE handle)
     hModule = LoadLibraryEx(messageEXE, NULL,
                             DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
-    if(FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                      hModule,
-                      eventId,
-                      0, // Use current code page. Users must specify character encoding in Ruby side.
-                      descriptionBuffer,
-                      MAX_BUFFER,
-                      NULL) == 0){
-      FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                     hModule,
-                     0xB0000000 | eventId,
-                     0, // Use current code page. Users must specify character encoding in Ruby side.
-                     descriptionBuffer,
-                     MAX_BUFFER,
-                     NULL);
+    if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
+                         hModule,
+                         eventId,
+                         0, // Use current code page. Users must specify character encoding in Ruby side.
+                         descriptionBuffer,
+                         MAX_BUFFER,
+                       NULL)) {
+      if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
+        // clear buffer
+        ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
+        eventId = qualifiers << 16 | eventId;
+        FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
+                       hModule,
+                       eventId,
+                       0, // Use current code page. Users must specify character encoding in Ruby side.
+                       descriptionBuffer,
+                       MAX_BUFFER,
+                       NULL);
+      }
     }
   }

data/lib/winevt/2.4/winevt.so CHANGED Viewed

Binary file

data/lib/winevt/2.5/winevt.so CHANGED Viewed

Binary file

data/lib/winevt/2.6/winevt.so CHANGED Viewed

Binary file

data/lib/winevt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.2.2"
+  VERSION = "0.2.3"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: x64-mingw32
 authors:
 - Hiroshi Hatake