winevt_c 0.3.2-x86-mingw32 → 0.3.3-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/winevt/winevt_utils.c +44 -17
- data/lib/winevt/2.4/winevt.so +0 -0
- data/lib/winevt/2.5/winevt.so +0 -0
- data/lib/winevt/2.6/winevt.so +0 -0
- data/lib/winevt/query.rb +3 -3
- data/lib/winevt/subscribe.rb +3 -3
- data/lib/winevt/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '08a0f43cef62aad6e5d4b0af93dbb900d4f0db4c1c6988aa6c47180a65868544'
|
4
|
+
data.tar.gz: '02907f6522776b4a7dc20d624806d74adc803fc7dcef64484cbc71ed26e5265d'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ea2b090beec056b28ce941fe25cc0fd77dce98924ccb57aca4a2922a7c9b2a1555eff1090d975ba8c9d725d21d2aac0dd040b95435abe7767db0953ac4b84f66
|
7
|
+
data.tar.gz: 3993f346442e8c94edf1e331112b4002fa06529267db527b04ab4352292f63f38aad193e8d5f73934359800abb79766e2912b80c9d40f8ee43da167f25e433b9
|
data/ext/winevt/winevt_utils.c
CHANGED
@@ -134,6 +134,9 @@ VALUE get_values(EVT_HANDLE handle)
|
|
134
134
|
|
135
135
|
for (int i = 0; i < propCount; i++) {
|
136
136
|
switch (pRenderedValues[i].Type) {
|
137
|
+
case EvtVarTypeNull:
|
138
|
+
rb_ary_push(userValues, Qnil);
|
139
|
+
break;
|
137
140
|
case EvtVarTypeString:
|
138
141
|
if (pRenderedValues[i].StringVal == NULL) {
|
139
142
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
|
@@ -193,16 +196,6 @@ VALUE get_values(EVT_HANDLE handle)
|
|
193
196
|
result = pRenderedValues[i].BooleanVal ? "true" : "false";
|
194
197
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
195
198
|
break;
|
196
|
-
case EvtVarTypeHexInt32:
|
197
|
-
rbObj = ULONG2NUM(pRenderedValues[i].UInt32Val);
|
198
|
-
rbObj = rb_sprintf("%#x", rbObj);
|
199
|
-
rb_ary_push(userValues, rbObj);
|
200
|
-
break;
|
201
|
-
case EvtVarTypeHexInt64:
|
202
|
-
rbObj = ULONG2NUM(pRenderedValues[i].UInt64Val);
|
203
|
-
rbObj = rb_sprintf("%#x", rbObj);
|
204
|
-
rb_ary_push(userValues, rbObj);
|
205
|
-
break;
|
206
199
|
case EvtVarTypeGuid:
|
207
200
|
if (pRenderedValues[i].GuidVal != NULL) {
|
208
201
|
StringFromCLSID(pRenderedValues[i].GuidVal, &tmpWChar);
|
@@ -212,13 +205,9 @@ VALUE get_values(EVT_HANDLE handle)
|
|
212
205
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
213
206
|
}
|
214
207
|
break;
|
215
|
-
case
|
216
|
-
|
217
|
-
|
218
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
219
|
-
} else {
|
220
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
221
|
-
}
|
208
|
+
case EvtVarTypeSizeT:
|
209
|
+
rbObj = SIZET2NUM(pRenderedValues[i].SizeTVal);
|
210
|
+
rb_ary_push(userValues, rbObj);
|
222
211
|
break;
|
223
212
|
case EvtVarTypeFileTime:
|
224
213
|
timestamp.QuadPart = pRenderedValues[i].FileTimeVal;
|
@@ -234,6 +223,44 @@ VALUE get_values(EVT_HANDLE handle)
|
|
234
223
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
235
224
|
}
|
236
225
|
break;
|
226
|
+
case EvtVarTypeSysTime:
|
227
|
+
if (pRenderedValues[i].SysTimeVal != NULL) {
|
228
|
+
st = *pRenderedValues[i].SysTimeVal;
|
229
|
+
sprintf(strTime, "%04d-%02d-%02d %02d:%02d:%02d.%dZ",
|
230
|
+
st.wYear , st.wMonth , st.wDay ,
|
231
|
+
st.wHour , st.wMinute , st.wSecond,
|
232
|
+
st.wMilliseconds);
|
233
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(strTime));
|
234
|
+
} else {
|
235
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
236
|
+
}
|
237
|
+
break;
|
238
|
+
case EvtVarTypeSid:
|
239
|
+
if (ConvertSidToStringSidW(pRenderedValues[i].SidVal, &tmpWChar)) {
|
240
|
+
result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
|
241
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
242
|
+
} else {
|
243
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
244
|
+
}
|
245
|
+
break;
|
246
|
+
case EvtVarTypeHexInt32:
|
247
|
+
rbObj = ULONG2NUM(pRenderedValues[i].UInt32Val);
|
248
|
+
rbObj = rb_sprintf("%#x", rbObj);
|
249
|
+
rb_ary_push(userValues, rbObj);
|
250
|
+
break;
|
251
|
+
case EvtVarTypeHexInt64:
|
252
|
+
rbObj = ULONG2NUM(pRenderedValues[i].UInt64Val);
|
253
|
+
rbObj = rb_sprintf("%#x", rbObj);
|
254
|
+
rb_ary_push(userValues, rbObj);
|
255
|
+
break;
|
256
|
+
case EvtVarTypeEvtXml:
|
257
|
+
if (pRenderedValues[i].XmlVal == NULL) {
|
258
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
|
259
|
+
} else {
|
260
|
+
result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].XmlVal, -1);
|
261
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
262
|
+
}
|
263
|
+
break;
|
237
264
|
default:
|
238
265
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
239
266
|
break;
|
data/lib/winevt/2.4/winevt.so
CHANGED
Binary file
|
data/lib/winevt/2.5/winevt.so
CHANGED
Binary file
|
data/lib/winevt/2.6/winevt.so
CHANGED
Binary file
|
data/lib/winevt/query.rb
CHANGED
@@ -4,9 +4,9 @@ module Winevt
|
|
4
4
|
alias_method :each_raw, :each
|
5
5
|
def each
|
6
6
|
each_raw do |xml, message, string_inserts|
|
7
|
-
|
8
|
-
|
9
|
-
yield(xml,
|
7
|
+
placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
|
8
|
+
replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
|
9
|
+
yield(xml, replaced_message, string_inserts)
|
10
10
|
end
|
11
11
|
end
|
12
12
|
end
|
data/lib/winevt/subscribe.rb
CHANGED
@@ -4,9 +4,9 @@ module Winevt
|
|
4
4
|
alias_method :each_raw, :each
|
5
5
|
def each
|
6
6
|
each_raw do |xml, message, string_inserts|
|
7
|
-
|
8
|
-
|
9
|
-
yield(xml,
|
7
|
+
placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
|
8
|
+
replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
|
9
|
+
yield(xml, replaced_message, string_inserts)
|
10
10
|
end
|
11
11
|
end
|
12
12
|
end
|
data/lib/winevt/version.rb
CHANGED