winevt_c 0.3.6-x86-mingw32 → 0.3.7-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/winevt/winevt_query.c +0 -1
- data/ext/winevt/winevt_utils.c +38 -104
- data/lib/winevt/2.4/winevt.so +0 -0
- data/lib/winevt/2.5/winevt.so +0 -0
- data/lib/winevt/2.6/winevt.so +0 -0
- data/lib/winevt/query.rb +0 -8
- data/lib/winevt/subscribe.rb +0 -8
- data/lib/winevt/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8939d729801ab1a729c79d8f235701ed4a0c3dfdc9d7f2a1c051229e02427e6d
|
4
|
+
data.tar.gz: 258be227456979bf0c7a571242224fa4b9f09c453cc1b8057861300432e9bd9c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: '02779f97d3417bd3f290cb3fe9bafc03ec81d8a14f5594f540c644819e9e000edb2dfd6367d404cbe6a08024b8806d95a396a55642f1a223107dd0f29d321324'
|
7
|
+
data.tar.gz: 98c1b97da39a08b358e92444da64ceba18b2ce3019e387ff37dd873ca46ec36077b895dcfcd297bb52a3f6aa38b744c9c3b95530786d4fda5feae4d9a4faa3e1
|
data/ext/winevt/winevt_query.c
CHANGED
@@ -142,7 +142,6 @@ rb_winevt_query_render(VALUE self)
|
|
142
142
|
|
143
143
|
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
144
144
|
result = render_event(winevtQuery->event, EvtRenderEventXml);
|
145
|
-
get_description(winevtQuery->event);
|
146
145
|
|
147
146
|
return rb_utf8_str_new_cstr(result);
|
148
147
|
}
|
data/ext/winevt/winevt_utils.c
CHANGED
@@ -282,27 +282,20 @@ VALUE get_values(EVT_HANDLE handle)
|
|
282
282
|
char* get_description(EVT_HANDLE handle)
|
283
283
|
{
|
284
284
|
#define MAX_BUFFER 65535
|
285
|
-
WCHAR buffer[4096],
|
285
|
+
WCHAR buffer[4096], *msg = buffer;
|
286
286
|
WCHAR descriptionBuffer[MAX_BUFFER];
|
287
287
|
ULONG bufferSize = 0;
|
288
288
|
ULONG bufferSizeNeeded = 0;
|
289
289
|
EVT_HANDLE event;
|
290
290
|
ULONG status, count;
|
291
|
-
char* errBuf;
|
292
291
|
char* result = "";
|
293
|
-
LPTSTR msgBuf;
|
294
|
-
TCHAR publisherName[MAX_PATH];
|
295
|
-
TCHAR fileName[MAX_PATH];
|
292
|
+
LPTSTR msgBuf = "";
|
296
293
|
EVT_HANDLE hMetadata = NULL;
|
297
294
|
PEVT_VARIANT values = NULL;
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
302
|
-
|
303
|
-
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
|
304
|
-
L"Event/System/EventID/@Qualifiers"};
|
305
|
-
EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
|
295
|
+
PWSTR pwBuffer = NULL;
|
296
|
+
|
297
|
+
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
|
298
|
+
EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
|
306
299
|
if (renderContext == NULL) {
|
307
300
|
rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
|
308
301
|
}
|
@@ -336,18 +329,6 @@ char* get_description(EVT_HANDLE handle)
|
|
336
329
|
|
337
330
|
// Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
|
338
331
|
values = (PEVT_VARIANT)buffer;
|
339
|
-
if ((values[0].Type == EvtVarTypeString) && (values[0].StringVal != NULL)) {
|
340
|
-
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
|
341
|
-
}
|
342
|
-
|
343
|
-
DWORD eventId = 0, qualifiers = 0;
|
344
|
-
if (values[1].Type == EvtVarTypeUInt16) {
|
345
|
-
eventId = values[1].UInt16Val;
|
346
|
-
}
|
347
|
-
|
348
|
-
if (values[2].Type == EvtVarTypeUInt16) {
|
349
|
-
qualifiers = values[2].UInt16Val;
|
350
|
-
}
|
351
332
|
|
352
333
|
// Open publisher metadata
|
353
334
|
hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
@@ -357,91 +338,47 @@ char* get_description(EVT_HANDLE handle)
|
|
357
338
|
goto cleanup;
|
358
339
|
}
|
359
340
|
|
360
|
-
|
361
|
-
// Get the metadata property. If the buffer is not big enough, reallocate the buffer.
|
362
|
-
// Get parameter file first.
|
363
|
-
if (!EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count)) {
|
341
|
+
if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, 4096, buffer, &bufferSizeNeeded)) {
|
364
342
|
status = GetLastError();
|
365
|
-
if (ERROR_INSUFFICIENT_BUFFER == status) {
|
366
|
-
bufferSize = count;
|
367
|
-
pTemp = (PEVT_VARIANT)realloc(pProperty, bufferSize);
|
368
|
-
if (pTemp) {
|
369
|
-
pProperty = pTemp;
|
370
|
-
pTemp = NULL;
|
371
|
-
EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count);
|
372
|
-
} else {
|
373
|
-
rb_raise(rb_eWinevtQueryError, "realloc failed");
|
374
|
-
}
|
375
|
-
}
|
376
|
-
|
377
|
-
if (ERROR_SUCCESS != (status = GetLastError())) {
|
378
|
-
rb_raise(rb_eWinevtQueryError, "EvtGetPublisherMetadataProperty for parameter file failed with %d\n", GetLastError());
|
379
|
-
}
|
380
|
-
}
|
381
|
-
|
382
|
-
if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
|
383
|
-
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
|
384
|
-
}
|
385
|
-
if (paramEXE) {
|
386
|
-
ExpandEnvironmentStrings(fileName, paramEXE, _countof(paramEXE));
|
387
|
-
}
|
388
|
-
*/
|
389
343
|
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
pTemp = NULL;
|
400
|
-
EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataMessageFilePath, 0, bufferSize, pProperty, &count);
|
401
|
-
} else {
|
402
|
-
rb_raise(rb_eWinevtQueryError, "realloc failed");
|
344
|
+
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
345
|
+
switch (status) {
|
346
|
+
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
347
|
+
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
348
|
+
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
349
|
+
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
350
|
+
case ERROR_MUI_FILE_NOT_FOUND:
|
351
|
+
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
|
352
|
+
return "";
|
403
353
|
}
|
404
|
-
}
|
405
354
|
|
406
|
-
|
407
|
-
|
355
|
+
if (status != ERROR_INSUFFICIENT_BUFFER)
|
356
|
+
rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
|
408
357
|
}
|
409
|
-
}
|
410
|
-
|
411
|
-
if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
|
412
|
-
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
|
413
|
-
}
|
414
|
-
if (messageEXE) {
|
415
|
-
ExpandEnvironmentStrings(fileName, messageEXE, _countof(messageEXE));
|
416
|
-
}
|
417
358
|
|
418
|
-
|
419
|
-
|
420
|
-
|
421
|
-
|
422
|
-
|
423
|
-
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
|
430
|
-
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
descriptionBuffer,
|
438
|
-
MAX_BUFFER,
|
439
|
-
NULL);
|
359
|
+
if (status == ERROR_INSUFFICIENT_BUFFER) {
|
360
|
+
msg = (WCHAR *)malloc(sizeof(WCHAR) * bufferSizeNeeded);
|
361
|
+
|
362
|
+
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, msg, &bufferSizeNeeded)) {
|
363
|
+
status = GetLastError();
|
364
|
+
|
365
|
+
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
366
|
+
switch (status) {
|
367
|
+
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
368
|
+
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
369
|
+
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
370
|
+
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
371
|
+
case ERROR_MUI_FILE_NOT_FOUND:
|
372
|
+
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
|
373
|
+
return "";
|
374
|
+
}
|
375
|
+
|
376
|
+
rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
|
377
|
+
}
|
440
378
|
}
|
441
379
|
}
|
442
380
|
}
|
443
|
-
|
444
|
-
result = wstr_to_mbstr(CP_UTF8, descriptionBuffer, -1);
|
381
|
+
result = wstr_to_mbstr(CP_UTF8, msg, -1);
|
445
382
|
|
446
383
|
#undef MAX_BUFFER
|
447
384
|
|
@@ -453,8 +390,5 @@ cleanup:
|
|
453
390
|
if (hMetadata)
|
454
391
|
EvtClose(hMetadata);
|
455
392
|
|
456
|
-
if (hModule)
|
457
|
-
FreeLibrary(hModule);
|
458
|
-
|
459
393
|
return result;
|
460
394
|
}
|
data/lib/winevt/2.4/winevt.so
CHANGED
Binary file
|
data/lib/winevt/2.5/winevt.so
CHANGED
Binary file
|
data/lib/winevt/2.6/winevt.so
CHANGED
Binary file
|
data/lib/winevt/query.rb
CHANGED
@@ -1,14 +1,6 @@
|
|
1
1
|
module Winevt
|
2
2
|
class EventLog
|
3
3
|
class Query
|
4
|
-
alias_method :each_raw, :each
|
5
|
-
def each
|
6
|
-
each_raw do |xml, message, string_inserts|
|
7
|
-
placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
|
8
|
-
replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
|
9
|
-
yield(xml, replaced_message, string_inserts)
|
10
|
-
end
|
11
|
-
end
|
12
4
|
end
|
13
5
|
end
|
14
6
|
end
|
data/lib/winevt/subscribe.rb
CHANGED
@@ -1,14 +1,6 @@
|
|
1
1
|
module Winevt
|
2
2
|
class EventLog
|
3
3
|
class Subscribe
|
4
|
-
alias_method :each_raw, :each
|
5
|
-
def each
|
6
|
-
each_raw do |xml, message, string_inserts|
|
7
|
-
placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
|
8
|
-
replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
|
9
|
-
yield(xml, replaced_message, string_inserts)
|
10
|
-
end
|
11
|
-
end
|
12
4
|
end
|
13
5
|
end
|
14
6
|
end
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: winevt_c
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.7
|
5
5
|
platform: x86-mingw32
|
6
6
|
authors:
|
7
7
|
- Hiroshi Hatake
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-06-
|
11
|
+
date: 2019-06-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|