winevt_c 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/winevt/winevt_utils.c +27 -18
- data/lib/winevt/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ceb67692c7a6324d2bad7e87b741d74abc6779ab9d3952eca5fe1852feefdfaa
|
4
|
+
data.tar.gz: 1c15645f07fbec4a07d3cb3f61eb702a9c7876784d03a56fbe3a0a24720c6067
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e903c5dfdefbc8add788b0bc3a5585ddaab32cb3811f4600a9126ec5f7d27977348955302b1e68700030e67af66b3c4d4e670d95ac1da3f11333df350bea23d
|
7
|
+
data.tar.gz: a48f284b8b70926a5cba4b92e98e5b172e88b4603701baf081648dfd9e5775fd6c9849cdefebfe92c8dbe46e0a82ced4d51c487827dc8eb70f5673e4a7ccdfc5
|
data/ext/winevt/winevt_utils.c
CHANGED
@@ -90,8 +90,9 @@ char* get_description(EVT_HANDLE handle)
|
|
90
90
|
TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
|
91
91
|
HMODULE hModule = NULL;
|
92
92
|
|
93
|
-
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID"
|
94
|
-
|
93
|
+
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
|
94
|
+
L"Event/System/EventID/@Qualifiers"};
|
95
|
+
EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
|
95
96
|
if (renderContext == NULL) {
|
96
97
|
rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
|
97
98
|
}
|
@@ -127,11 +128,15 @@ char* get_description(EVT_HANDLE handle)
|
|
127
128
|
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
|
128
129
|
}
|
129
130
|
|
130
|
-
DWORD eventId = 0;
|
131
|
+
DWORD eventId = 0, qualifiers = 0;
|
131
132
|
if (values[1].Type == EvtVarTypeUInt16) {
|
132
133
|
eventId = values[1].UInt16Val;
|
133
134
|
}
|
134
135
|
|
136
|
+
if (values[2].Type == EvtVarTypeUInt16) {
|
137
|
+
qualifiers = values[2].UInt16Val;
|
138
|
+
}
|
139
|
+
|
135
140
|
// Open publisher metadata
|
136
141
|
hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
137
142
|
if (hMetadata == NULL) {
|
@@ -202,21 +207,25 @@ char* get_description(EVT_HANDLE handle)
|
|
202
207
|
hModule = LoadLibraryEx(messageEXE, NULL,
|
203
208
|
DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
|
204
209
|
|
205
|
-
if(FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
|
210
|
+
if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
211
|
+
hModule,
|
212
|
+
eventId,
|
213
|
+
0, // Use current code page. Users must specify character encoding in Ruby side.
|
214
|
+
descriptionBuffer,
|
215
|
+
MAX_BUFFER,
|
216
|
+
NULL)) {
|
217
|
+
if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
|
218
|
+
// clear buffer
|
219
|
+
ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
|
220
|
+
eventId = qualifiers << 16 | eventId;
|
221
|
+
FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
222
|
+
hModule,
|
223
|
+
eventId,
|
224
|
+
0, // Use current code page. Users must specify character encoding in Ruby side.
|
225
|
+
descriptionBuffer,
|
226
|
+
MAX_BUFFER,
|
227
|
+
NULL);
|
228
|
+
}
|
220
229
|
}
|
221
230
|
}
|
222
231
|
|
data/lib/winevt/version.rb
CHANGED