RubyGems - winevt_c - Versions diffs - 0.2.2-x86-mingw32 → 0.2.3-x86-mingw32 - Mend

winevt_c 0.2.2-x86-mingw32 → 0.2.3-x86-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f6eaafbfe993c524c6cc8d95c0a169019bb87dab25febc025133998397fee9e
-  data.tar.gz: 5b36a013f94b523fa4ca848ead1fc3888512b18271f9d973b7d522bc39a87840
+  metadata.gz: 8ad01974ca0402f01ab200e2053cbc9392af3223c934d599bb660adb42790c06
+  data.tar.gz: 6f8d74c24c3234c28f77d63b8c58fdb587df5b5e05528b2b71677a35ae6702db
 SHA512:
-  metadata.gz: 95e0ff75505e614adec6cbb1ed7d753ea8551b5138c23411023cb590ec16d26a69ce34259fc25a7da10a8ab8ed839adaab956f9939bc3cae5ee7f6cee6612e2e
-  data.tar.gz: 2ce5f7827b2415f633c96c81836bd3e83f6344605790569d3ea9fb9df1d4f3fbf2a72a19678c0ea796a1e7f5bbc12e6059b4cba87e5b17c4b1a99d2e715cf373
+  metadata.gz: 443c8e9d4276e5b3dd374f43eb10d233daaead3d648cb7e71e1bd97a1b35ebba49d3c71097576a9287f7a3405c8f969e8948cae7b2e88eefa5e8f807ae1f9b61
+  data.tar.gz: ecd6b690d4515f8221280d8ad5fdf16fad1977e58bcf720815fc8b54537d8a9dfc24cbfd7e04984634d812fd43d6faa9fd3984a29b887b16edee1d05f12fadf7

data/ext/winevt/winevt_utils.c CHANGED Viewed

@@ -90,8 +90,9 @@ char* get_description(EVT_HANDLE handle)
   TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
   HMODULE hModule = NULL;
-  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID"};
-  EVT_HANDLE renderContext = EvtCreateRenderContext(2, eventProperties, EvtRenderContextValues);
+  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
+                                     L"Event/System/EventID/@Qualifiers"};
+  EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
   if (renderContext == NULL) {
     rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
   }
@@ -127,11 +128,15 @@ char* get_description(EVT_HANDLE handle)
     WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
   }
-  DWORD eventId = 0;
+  DWORD eventId = 0, qualifiers = 0;
   if (values[1].Type == EvtVarTypeUInt16) {
     eventId = values[1].UInt16Val;
   }
+  if (values[2].Type == EvtVarTypeUInt16) {
+    qualifiers = values[2].UInt16Val;
+  }
   // Open publisher metadata
   hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
   if (hMetadata == NULL) {
@@ -202,21 +207,25 @@ char* get_description(EVT_HANDLE handle)
     hModule = LoadLibraryEx(messageEXE, NULL,
                             DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
-    if(FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                      hModule,
-                      eventId,
-                      0, // Use current code page. Users must specify character encoding in Ruby side.
-                      descriptionBuffer,
-                      MAX_BUFFER,
-                      NULL) == 0){
-      FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                     hModule,
-                     0xB0000000 | eventId,
-                     0, // Use current code page. Users must specify character encoding in Ruby side.
-                     descriptionBuffer,
-                     MAX_BUFFER,
-                     NULL);
+    if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
+                         hModule,
+                         eventId,
+                         0, // Use current code page. Users must specify character encoding in Ruby side.
+                         descriptionBuffer,
+                         MAX_BUFFER,
+                       NULL)) {
+      if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
+        // clear buffer
+        ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
+        eventId = qualifiers << 16 | eventId;
+        FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
+                       hModule,
+                       eventId,
+                       0, // Use current code page. Users must specify character encoding in Ruby side.
+                       descriptionBuffer,
+                       MAX_BUFFER,
+                       NULL);
+      }
     }
   }

data/lib/winevt/2.4/winevt.so CHANGED Viewed

Binary file

data/lib/winevt/2.5/winevt.so CHANGED Viewed

Binary file

data/lib/winevt/2.6/winevt.so CHANGED Viewed

Binary file

data/lib/winevt/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.2.2"
+  VERSION = "0.2.3"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: x86-mingw32
 authors:
 - Hiroshi Hatake