winevt_c 0.2.2-x86-mingw32 → 0.2.3-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/winevt/winevt_utils.c +27 -18
- data/lib/winevt/2.4/winevt.so +0 -0
- data/lib/winevt/2.5/winevt.so +0 -0
- data/lib/winevt/2.6/winevt.so +0 -0
- data/lib/winevt/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8ad01974ca0402f01ab200e2053cbc9392af3223c934d599bb660adb42790c06
|
|
4
|
+
data.tar.gz: 6f8d74c24c3234c28f77d63b8c58fdb587df5b5e05528b2b71677a35ae6702db
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 443c8e9d4276e5b3dd374f43eb10d233daaead3d648cb7e71e1bd97a1b35ebba49d3c71097576a9287f7a3405c8f969e8948cae7b2e88eefa5e8f807ae1f9b61
|
|
7
|
+
data.tar.gz: ecd6b690d4515f8221280d8ad5fdf16fad1977e58bcf720815fc8b54537d8a9dfc24cbfd7e04984634d812fd43d6faa9fd3984a29b887b16edee1d05f12fadf7
|
data/ext/winevt/winevt_utils.c
CHANGED
|
@@ -90,8 +90,9 @@ char* get_description(EVT_HANDLE handle)
|
|
|
90
90
|
TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
|
|
91
91
|
HMODULE hModule = NULL;
|
|
92
92
|
|
|
93
|
-
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID"
|
|
94
|
-
|
|
93
|
+
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
|
|
94
|
+
L"Event/System/EventID/@Qualifiers"};
|
|
95
|
+
EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
|
|
95
96
|
if (renderContext == NULL) {
|
|
96
97
|
rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
|
|
97
98
|
}
|
|
@@ -127,11 +128,15 @@ char* get_description(EVT_HANDLE handle)
|
|
|
127
128
|
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
|
|
128
129
|
}
|
|
129
130
|
|
|
130
|
-
DWORD eventId = 0;
|
|
131
|
+
DWORD eventId = 0, qualifiers = 0;
|
|
131
132
|
if (values[1].Type == EvtVarTypeUInt16) {
|
|
132
133
|
eventId = values[1].UInt16Val;
|
|
133
134
|
}
|
|
134
135
|
|
|
136
|
+
if (values[2].Type == EvtVarTypeUInt16) {
|
|
137
|
+
qualifiers = values[2].UInt16Val;
|
|
138
|
+
}
|
|
139
|
+
|
|
135
140
|
// Open publisher metadata
|
|
136
141
|
hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
|
137
142
|
if (hMetadata == NULL) {
|
|
@@ -202,21 +207,25 @@ char* get_description(EVT_HANDLE handle)
|
|
|
202
207
|
hModule = LoadLibraryEx(messageEXE, NULL,
|
|
203
208
|
DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
|
|
204
209
|
|
|
205
|
-
if(FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
210
|
+
if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
211
|
+
hModule,
|
|
212
|
+
eventId,
|
|
213
|
+
0, // Use current code page. Users must specify character encoding in Ruby side.
|
|
214
|
+
descriptionBuffer,
|
|
215
|
+
MAX_BUFFER,
|
|
216
|
+
NULL)) {
|
|
217
|
+
if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
|
|
218
|
+
// clear buffer
|
|
219
|
+
ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
|
|
220
|
+
eventId = qualifiers << 16 | eventId;
|
|
221
|
+
FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
222
|
+
hModule,
|
|
223
|
+
eventId,
|
|
224
|
+
0, // Use current code page. Users must specify character encoding in Ruby side.
|
|
225
|
+
descriptionBuffer,
|
|
226
|
+
MAX_BUFFER,
|
|
227
|
+
NULL);
|
|
228
|
+
}
|
|
220
229
|
}
|
|
221
230
|
}
|
|
222
231
|
|
data/lib/winevt/2.4/winevt.so
CHANGED
|
Binary file
|
data/lib/winevt/2.5/winevt.so
CHANGED
|
Binary file
|
data/lib/winevt/2.6/winevt.so
CHANGED
|
Binary file
|
data/lib/winevt/version.rb
CHANGED