RubyGems - winevt_c - Versions diffs - 0.3.6-x86-mingw32 → 0.3.7-x86-mingw32 - Mend

@@ -282,27 +282,20 @@ VALUE get_values(EVT_HANDLE handle)
 char* get_description(EVT_HANDLE handle)
 {
 #define MAX_BUFFER 65535
-  WCHAR      buffer[4096], file[4096];
+  WCHAR      buffer[4096], *msg = buffer;
   WCHAR      descriptionBuffer[MAX_BUFFER];
   ULONG      bufferSize = 0;
   ULONG      bufferSizeNeeded = 0;
   EVT_HANDLE event;
   ULONG      status, count;
-  char*      errBuf;
   char*      result = "";
-  LPTSTR     msgBuf;
-  TCHAR publisherName[MAX_PATH];
-  TCHAR fileName[MAX_PATH];
+  LPTSTR     msgBuf = "";
   EVT_HANDLE hMetadata = NULL;
   PEVT_VARIANT values = NULL;
-  PEVT_VARIANT pProperty = NULL;
-  PEVT_VARIANT pTemp = NULL;
-  TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
-  HMODULE hModule = NULL;
-  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
-                                     L"Event/System/EventID/@Qualifiers"};
-  EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
+  PWSTR pwBuffer = NULL;
+  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
+  EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
   if (renderContext == NULL) {
     rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
   }
@@ -336,18 +329,6 @@ char* get_description(EVT_HANDLE handle)
   // Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
   values = (PEVT_VARIANT)buffer;
-  if ((values[0].Type == EvtVarTypeString) && (values[0].StringVal != NULL)) {
-    WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
-  }
-  DWORD eventId = 0, qualifiers = 0;
-  if (values[1].Type == EvtVarTypeUInt16) {
-    eventId = values[1].UInt16Val;
-  }
-  if (values[2].Type == EvtVarTypeUInt16) {
-    qualifiers = values[2].UInt16Val;
-  }
   // Open publisher metadata
   hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
@@ -357,91 +338,47 @@ char* get_description(EVT_HANDLE handle)
     goto cleanup;
   }
-  /* TODO: Should we implement parameter file reading in C?
-  // Get the metadata property. If the buffer is not big enough, reallocate the buffer.
-  // Get parameter file first.
-  if  (!EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count)) {
+  if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, 4096, buffer, &bufferSizeNeeded)) {
     status = GetLastError();
-    if (ERROR_INSUFFICIENT_BUFFER == status) {
-      bufferSize = count;
-      pTemp = (PEVT_VARIANT)realloc(pProperty, bufferSize);
-      if (pTemp) {
-        pProperty = pTemp;
-        pTemp = NULL;
-        EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count);
-      } else {
-        rb_raise(rb_eWinevtQueryError, "realloc failed");
-      }
-    }
-    if (ERROR_SUCCESS != (status = GetLastError())) {
-      rb_raise(rb_eWinevtQueryError, "EvtGetPublisherMetadataProperty for parameter file failed with %d\n", GetLastError());
-    }
-  }
-  if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
-    WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
-  }
-  if (paramEXE) {
-    ExpandEnvironmentStrings(fileName, paramEXE, _countof(paramEXE));
-  }
-  */
-  // Get the metadata property. If the buffer is not big enough, reallocate the buffer.
-  // Get message file contents.
-  if  (!EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataMessageFilePath, 0, bufferSize, pProperty, &count)) {
-    status = GetLastError();
-    if (ERROR_INSUFFICIENT_BUFFER == status) {
-      bufferSize = count;
-      pTemp = (PEVT_VARIANT)xrealloc(pProperty, bufferSize);
-      if (pTemp) {
-        pProperty = pTemp;
-        pTemp = NULL;
-        EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataMessageFilePath, 0, bufferSize, pProperty, &count);
-      } else {
-        rb_raise(rb_eWinevtQueryError, "realloc failed");
+    if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
+      switch (status) {
+      case ERROR_EVT_MESSAGE_NOT_FOUND:
+      case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
+      case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
+      case ERROR_RESOURCE_LANG_NOT_FOUND:
+      case ERROR_MUI_FILE_NOT_FOUND:
+      case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
+        return "";
       }
-    }
-    if (ERROR_SUCCESS != (status = GetLastError())) {
-      rb_raise(rb_eWinevtQueryError, "EvtGetPublisherMetadataProperty for message file failed with %d\n", GetLastError());
+      if (status != ERROR_INSUFFICIENT_BUFFER)
+        rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
     }
-  }
-  if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
-    WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
-  }
-  if (messageEXE) {
-    ExpandEnvironmentStrings(fileName, messageEXE, _countof(messageEXE));
-  }
-  if (messageEXE != NULL) {
-    hModule = LoadLibraryEx(messageEXE, NULL,
-                            DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
-    if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                       hModule,
-                       eventId,
-                       0, // Use current code page. Users must specify character encoding in Ruby side.
-                       descriptionBuffer,
-                       MAX_BUFFER,
-                       NULL)) {
-      if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
-        // clear buffer
-        ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
-        eventId = qualifiers << 16 | eventId;
-        FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
-                       hModule,
-                       eventId,
-                       0, // Use current code page. Users must specify character encoding in Ruby side.
-                       descriptionBuffer,
-                       MAX_BUFFER,
-                       NULL);
+    if (status == ERROR_INSUFFICIENT_BUFFER) {
+      msg = (WCHAR *)malloc(sizeof(WCHAR) * bufferSizeNeeded);
+      if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, msg, &bufferSizeNeeded)) {
+        status = GetLastError();
+        if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
+          switch (status) {
+          case ERROR_EVT_MESSAGE_NOT_FOUND:
+          case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
+          case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
+          case ERROR_RESOURCE_LANG_NOT_FOUND:
+          case ERROR_MUI_FILE_NOT_FOUND:
+          case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
+            return "";
+          }
+          rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
+        }
       }
     }
   }
-  result = wstr_to_mbstr(CP_UTF8, descriptionBuffer, -1);
+  result = wstr_to_mbstr(CP_UTF8, msg, -1);
 #undef MAX_BUFFER
@@ -453,8 +390,5 @@ cleanup:
   if (hMetadata)
     EvtClose(hMetadata);
-  if (hModule)
-    FreeLibrary(hModule);
   return result;
 }

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b42000e49f939672b4a5dd2ec7e6f67d57ca5aa4bab75d24f6887ba448d0a35d
-  data.tar.gz: 6e678607cc1e46772ad460c41315643d57c40338da293cb6e1ecbd15300cabf7
+  metadata.gz: 8939d729801ab1a729c79d8f235701ed4a0c3dfdc9d7f2a1c051229e02427e6d
+  data.tar.gz: 258be227456979bf0c7a571242224fa4b9f09c453cc1b8057861300432e9bd9c
 SHA512:
-  metadata.gz: 741589e615eea5ae2bc2f9cb7e9b6f76830eb9276d4814406b1f46a1f44c226acfa7cec9f3980dcbadd7d4aafc54391174995457aecef11a389b46820bae5ad2
-  data.tar.gz: fb1f19204fe658e2055ee9602a63a3e2f28f60b615a6e8533f8873743a0ee245809bb3c3ae6df656a53ead76c11222a32f9b0d0bc7a143c9f56ff5d54494e59a
+  metadata.gz: '02779f97d3417bd3f290cb3fe9bafc03ec81d8a14f5594f540c644819e9e000edb2dfd6367d404cbe6a08024b8806d95a396a55642f1a223107dd0f29d321324'
+  data.tar.gz: 98c1b97da39a08b358e92444da64ceba18b2ce3019e387ff37dd873ca46ec36077b895dcfcd297bb52a3f6aa38b744c9c3b95530786d4fda5feae4d9a4faa3e1

@@ -142,7 +142,6 @@ rb_winevt_query_render(VALUE self)
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
   result = render_event(winevtQuery->event, EvtRenderEventXml);
-  get_description(winevtQuery->event);
   return rb_utf8_str_new_cstr(result);
 }

@@ -1,14 +1,6 @@
 module Winevt
   class EventLog
     class Query
-      alias_method :each_raw, :each
-      def each
-        each_raw do |xml, message, string_inserts|
-          placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
-          replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
-          yield(xml, replaced_message, string_inserts)
-        end
-      end
     end
   end
 end

@@ -1,14 +1,6 @@
 module Winevt
   class EventLog
     class Subscribe
-      alias_method :each_raw, :each
-      def each
-        each_raw do |xml, message, string_inserts|
-          placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
-          replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
-          yield(xml, replaced_message, string_inserts)
-        end
-      end
     end
   end
 end

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.3.6"
+  VERSION = "0.3.7"
 end

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.3.6
+  version: 0.3.7
 platform: x86-mingw32
 authors:
 - Hiroshi Hatake
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-06-25 00:00:00.000000000 Z
+date: 2019-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler

winevt_c 0.3.6-x86-mingw32 → 0.3.7-x86-mingw32