winevt_c 0.3.2 → 0.3.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 00ad0bd482eaac0eda25838c5a183d40a57cf99da30221e9c3eaaeb6a7b6f2f7
4
- data.tar.gz: 1ff2674b2503c078501740d851765b07a8010cd20e6dcc4e18560424266b860d
3
+ metadata.gz: 2c713acb1b15b2818f7cb81ecd564c923add4c2f34e7ef43f9f7cd3ea23b29ac
4
+ data.tar.gz: 8fd5b462b37d00132bf5adf5cd3ac13e225da909211295673581dc299aa22152
5
5
  SHA512:
6
- metadata.gz: e14a6ea1584be82c9e111f83387838043f54be435e6509cd36b8162c76b5ee2ab951b4b25676239462628edb167521980b00da480fb4b304cfa1da051abb347a
7
- data.tar.gz: ce59efd377aec40a5b63fb56e7fe36673b58b73aa54bc887f798c45eb2aadce3ee744b4c934110ee9f31a516621746f9f3f22868681d173067a7f4fb253837b1
6
+ metadata.gz: e4d48f7577dd0b39c525d5b444153caa747893818a7e6e1d46b0a26735ceeb0d9138aa6bad988d9eb97225595c61fbe1c11a6afeb2b200002ca61aa1fd77b49c
7
+ data.tar.gz: 66c894ca7b2b8cd70234c7ca67068b098c4179b74927d72672dfe10c9d9d5f82485de47a7c61f38f74fd77613c79e8497c1cdff5ac6b3f726e197f1bbb57252b
@@ -134,6 +134,9 @@ VALUE get_values(EVT_HANDLE handle)
134
134
 
135
135
  for (int i = 0; i < propCount; i++) {
136
136
  switch (pRenderedValues[i].Type) {
137
+ case EvtVarTypeNull:
138
+ rb_ary_push(userValues, Qnil);
139
+ break;
137
140
  case EvtVarTypeString:
138
141
  if (pRenderedValues[i].StringVal == NULL) {
139
142
  rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
@@ -193,16 +196,6 @@ VALUE get_values(EVT_HANDLE handle)
193
196
  result = pRenderedValues[i].BooleanVal ? "true" : "false";
194
197
  rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
195
198
  break;
196
- case EvtVarTypeHexInt32:
197
- rbObj = ULONG2NUM(pRenderedValues[i].UInt32Val);
198
- rbObj = rb_sprintf("%#x", rbObj);
199
- rb_ary_push(userValues, rbObj);
200
- break;
201
- case EvtVarTypeHexInt64:
202
- rbObj = ULONG2NUM(pRenderedValues[i].UInt64Val);
203
- rbObj = rb_sprintf("%#x", rbObj);
204
- rb_ary_push(userValues, rbObj);
205
- break;
206
199
  case EvtVarTypeGuid:
207
200
  if (pRenderedValues[i].GuidVal != NULL) {
208
201
  StringFromCLSID(pRenderedValues[i].GuidVal, &tmpWChar);
@@ -212,13 +205,9 @@ VALUE get_values(EVT_HANDLE handle)
212
205
  rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
213
206
  }
214
207
  break;
215
- case EvtVarTypeSid:
216
- if (ConvertSidToStringSidW(pRenderedValues[i].SidVal, &tmpWChar)) {
217
- result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
218
- rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
219
- } else {
220
- rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
221
- }
208
+ case EvtVarTypeSizeT:
209
+ rbObj = SIZET2NUM(pRenderedValues[i].SizeTVal);
210
+ rb_ary_push(userValues, rbObj);
222
211
  break;
223
212
  case EvtVarTypeFileTime:
224
213
  timestamp.QuadPart = pRenderedValues[i].FileTimeVal;
@@ -234,6 +223,44 @@ VALUE get_values(EVT_HANDLE handle)
234
223
  rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
235
224
  }
236
225
  break;
226
+ case EvtVarTypeSysTime:
227
+ if (pRenderedValues[i].SysTimeVal != NULL) {
228
+ st = *pRenderedValues[i].SysTimeVal;
229
+ sprintf(strTime, "%04d-%02d-%02d %02d:%02d:%02d.%dZ",
230
+ st.wYear , st.wMonth , st.wDay ,
231
+ st.wHour , st.wMinute , st.wSecond,
232
+ st.wMilliseconds);
233
+ rb_ary_push(userValues, rb_utf8_str_new_cstr(strTime));
234
+ } else {
235
+ rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
236
+ }
237
+ break;
238
+ case EvtVarTypeSid:
239
+ if (ConvertSidToStringSidW(pRenderedValues[i].SidVal, &tmpWChar)) {
240
+ result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
241
+ rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
242
+ } else {
243
+ rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
244
+ }
245
+ break;
246
+ case EvtVarTypeHexInt32:
247
+ rbObj = ULONG2NUM(pRenderedValues[i].UInt32Val);
248
+ rbObj = rb_sprintf("%#x", rbObj);
249
+ rb_ary_push(userValues, rbObj);
250
+ break;
251
+ case EvtVarTypeHexInt64:
252
+ rbObj = ULONG2NUM(pRenderedValues[i].UInt64Val);
253
+ rbObj = rb_sprintf("%#x", rbObj);
254
+ rb_ary_push(userValues, rbObj);
255
+ break;
256
+ case EvtVarTypeEvtXml:
257
+ if (pRenderedValues[i].XmlVal == NULL) {
258
+ rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
259
+ } else {
260
+ result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].XmlVal, -1);
261
+ rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
262
+ }
263
+ break;
237
264
  default:
238
265
  rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
239
266
  break;
data/lib/winevt/query.rb CHANGED
@@ -4,9 +4,9 @@ module Winevt
4
4
  alias_method :each_raw, :each
5
5
  def each
6
6
  each_raw do |xml, message, string_inserts|
7
- message = message.gsub(/(%\d+)/, '\1$s')
8
- message = sprintf(message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
9
- yield(xml, message, string_inserts)
7
+ placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
8
+ replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
9
+ yield(xml, replaced_message, string_inserts)
10
10
  end
11
11
  end
12
12
  end
@@ -4,9 +4,9 @@ module Winevt
4
4
  alias_method :each_raw, :each
5
5
  def each
6
6
  each_raw do |xml, message, string_inserts|
7
- message = message.gsub(/(%\d+)/, '\1$s')
8
- message = sprintf(message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
9
- yield(xml, message, string_inserts)
7
+ placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
8
+ replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
9
+ yield(xml, replaced_message, string_inserts)
10
10
  end
11
11
  end
12
12
  end
@@ -1,3 +1,3 @@
1
1
  module Winevt
2
- VERSION = "0.3.2"
2
+ VERSION = "0.3.3"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: winevt_c
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.3.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Hatake