winevt_c 0.3.6-x64-mingw32 → 0.3.7-x64-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c509d07278a788d94e9b52215187f80f7f4c3710f7efd8a99f6a7848302e6ba9
-  data.tar.gz: 071d32c6916ae398a74d8d6b840a9ade9d18f3d0ec22eb4cce3ceeca5b273f75
+  metadata.gz: 5c7791720b42de0b83936093a72a624d6e2299e9f1f6016f314c0a92a33c16c4
+  data.tar.gz: 1f03167cb8b8b964390a62fc77ac6f0e154e64c0ffd5d8844e78d6b5212689d6
 SHA512:
-  metadata.gz: 14275ebefb93219346c5a440b97b7bc7b7571938968d93df16fb6bc90fa8b33d8b53565993eed685ebd2671b7454699ccd92dfcceeb23cd564e5ff788b3d995a
-  data.tar.gz: 8d3d91aaabe4bdaef2dee488cdb3a94b52bf85772c807e4f7b4e1e270d3df30eaf591258962c8097bc07acdfa0f6f0f643e25ef83c9a0d1917900f4f86ab96db
+  metadata.gz: 0173d0f95fe50b624d2e19c31c61e716e19335167e98a014948fc3b88598a4518242371f6654fbc5556de12777b6652f9f83f89b76b42eb734f811c81b860840
+  data.tar.gz: ded694ff608926eb2637eb8725075553ed3470c054ac1ad58cef7bdfc9525646ce9858461c12ae0da98bfebd2952d85c95821ad7f9024e793bbfd0e6bf6dc8b5

data/ext/winevt/winevt_query.c

@@ -142,7 +142,6 @@ rb_winevt_query_render(VALUE self)
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
   result = render_event(winevtQuery->event, EvtRenderEventXml);
-  get_description(winevtQuery->event);
 
   return rb_utf8_str_new_cstr(result);
 }

data/ext/winevt/winevt_utils.c

@@ -282,27 +282,20 @@ VALUE get_values(EVT_HANDLE handle)
 char* get_description(EVT_HANDLE handle)
 {
 #define MAX_BUFFER 65535
-  WCHAR      buffer[4096], file[4096];
+  WCHAR      buffer[4096], *msg = buffer;
   WCHAR      descriptionBuffer[MAX_BUFFER];
   ULONG      bufferSize = 0;
   ULONG      bufferSizeNeeded = 0;
   EVT_HANDLE event;
   ULONG      status, count;
-  char*      errBuf;
   char*      result = "";
-  LPTSTR     msgBuf;
-  TCHAR publisherName[MAX_PATH];
-  TCHAR fileName[MAX_PATH];
+  LPTSTR     msgBuf = "";
   EVT_HANDLE hMetadata = NULL;
   PEVT_VARIANT values = NULL;
-  PEVT_VARIANT pProperty = NULL;
-  PEVT_VARIANT pTemp = NULL;
-  TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
-  HMODULE hModule = NULL;
-
-  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
-                                     L"Event/System/EventID/@Qualifiers"};
-  EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
+  PWSTR pwBuffer = NULL;
+
+  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
+  EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
   if (renderContext == NULL) {
     rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
   }
@@ -336,18 +329,6 @@ char* get_description(EVT_HANDLE handle)
 
   // Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
   values = (PEVT_VARIANT)buffer;
-  if ((values[0].Type == EvtVarTypeString) && (values[0].StringVal != NULL)) {
-    WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
-  }
-
-  DWORD eventId = 0, qualifiers = 0;
-  if (values[1].Type == EvtVarTypeUInt16) {
-    eventId = values[1].UInt16Val;
-  }
-
-  if (values[2].Type == EvtVarTypeUInt16) {
-    qualifiers = values[2].UInt16Val;
-  }
 
   // Open publisher metadata
   hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
@@ -357,91 +338,47 @@ char* get_description(EVT_HANDLE handle)
     goto cleanup;
   }
 
-  /* TODO: Should we implement parameter file reading in C?
-  // Get the metadata property. If the buffer is not big enough, reallocate the buffer.
-  // Get parameter file first.
-  if  (!EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count)) {
+  if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, 4096, buffer, &bufferSizeNeeded)) {
     status = GetLastError();
-    if (ERROR_INSUFFICIENT_BUFFER == status) {
-      bufferSize = count;
-      pTemp = (PEVT_VARIANT)realloc(pProperty, bufferSize);
-      if (pTemp) {
-        pProperty = pTemp;
-        pTemp = NULL;
-        EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count);
-      } else {
-        rb_raise(rb_eWinevtQueryError, "realloc failed");
-      }
-    }
-
-    if (ERROR_SUCCESS != (status = GetLastError())) {
-      rb_raise(rb_eWinevtQueryError, "EvtGetPublisherMetadataProperty for parameter file failed with %d\n", GetLastError());
-    }
-  }
-
-  if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
-    WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
-  }
-  if (paramEXE) {
-    ExpandEnvironmentStrings(fileName, paramEXE, _countof(paramEXE));
-  }
-  */
 
-  // Get the metadata property. If the buffer is not big enough, reallocate the buffer.
-  // Get message file contents.
-  if  (!EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataMessageFilePath, 0, bufferSize, pProperty, &count)) {
-    status = GetLastError();
-    if (ERROR_INSUFFICIENT_BUFFER == status) {
-      bufferSize = count;
-      pTemp = (PEVT_VARIANT)xrealloc(pProperty, bufferSize);
-      if (pTemp) {
-        pProperty = pTemp;
-        pTemp = NULL;
-        EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataMessageFilePath, 0, bufferSize, pProperty, &count);
-      } else {
-        rb_raise(rb_eWinevtQueryError, "realloc failed");
+    if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
+      switch (status) {
+      case ERROR_EVT_MESSAGE_NOT_FOUND:
+      case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
+      case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
+      case ERROR_RESOURCE_LANG_NOT_FOUND:
+      case ERROR_MUI_FILE_NOT_FOUND:
+      case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
+        return "";
       }
-    }
 
-    if (ERROR_SUCCESS != (status = GetLastError())) {
-      rb_raise(rb_eWinevtQueryError, "EvtGetPublisherMetadataProperty for message file failed with %d\n", GetLastError());
+      if (status != ERROR_INSUFFICIENT_BUFFER)
+        rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
     }
-  }
-
-  if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
-    WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
-  }
-  if (messageEXE) {
-    ExpandEnvironmentStrings(fileName, messageEXE, _countof(messageEXE));
-  }
 
-  if (messageEXE != NULL) {
-    hModule = LoadLibraryEx(messageEXE, NULL,
-                            DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
-
-    if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                       hModule,
-                       eventId,
-                       0, // Use current code page. Users must specify character encoding in Ruby side.
-                       descriptionBuffer,
-                       MAX_BUFFER,
-                       NULL)) {
-      if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
-        // clear buffer
-        ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
-        eventId = qualifiers << 16 | eventId;
-        FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                       hModule,
-                       eventId,
-                       0, // Use current code page. Users must specify character encoding in Ruby side.
-                       descriptionBuffer,
-                       MAX_BUFFER,
-                       NULL);
+    if (status == ERROR_INSUFFICIENT_BUFFER) {
+      msg = (WCHAR *)malloc(sizeof(WCHAR) * bufferSizeNeeded);
+
+      if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, msg, &bufferSizeNeeded)) {
+        status = GetLastError();
+
+        if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
+          switch (status) {
+          case ERROR_EVT_MESSAGE_NOT_FOUND:
+          case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
+          case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
+          case ERROR_RESOURCE_LANG_NOT_FOUND:
+          case ERROR_MUI_FILE_NOT_FOUND:
+          case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
+            return "";
+          }
+
+          rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
+        }
       }
     }
   }
-
-  result = wstr_to_mbstr(CP_UTF8, descriptionBuffer, -1);
+  result = wstr_to_mbstr(CP_UTF8, msg, -1);
 
 #undef MAX_BUFFER
 
@@ -453,8 +390,5 @@ cleanup:
   if (hMetadata)
     EvtClose(hMetadata);
 
-  if (hModule)
-    FreeLibrary(hModule);
-
   return result;
 }

data/lib/winevt/query.rb

@@ -1,14 +1,6 @@
 module Winevt
   class EventLog
     class Query
-      alias_method :each_raw, :each
-      def each
-        each_raw do |xml, message, string_inserts|
-          placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
-          replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
-          yield(xml, replaced_message, string_inserts)
-        end
-      end
     end
   end
 end

data/lib/winevt/subscribe.rb

@@ -1,14 +1,6 @@
 module Winevt
   class EventLog
     class Subscribe
-      alias_method :each_raw, :each
-      def each
-        each_raw do |xml, message, string_inserts|
-          placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
-          replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
-          yield(xml, replaced_message, string_inserts)
-        end
-      end
     end
   end
 end

data/lib/winevt/version.rb

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.3.6"
+  VERSION = "0.3.7"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.3.7
 platform: x64-mingw32
 authors:
 - Hiroshi Hatake
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-06-25 00:00:00.000000000 Z
+date: 2019-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler