winevt_c 0.3.8-x64-mingw32 → 0.4.0-x64-mingw32

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b27f73e02d0f7008b45a13f4c387b7c56bd35e2a09ce651567ff207f9ebfc20f
-  data.tar.gz: 603032df87a9905a851b762c17a71b41d11d63ea5fbf81d2771c29cb4677c6dc
+  metadata.gz: c3db8c9996ea38b08c444720be709a582bba72bba3c3e0bfe40afcc59868c6a3
+  data.tar.gz: 5b811af403f50472d36b4ed027f2fd2d7b800b00b9255541fcb7ef18bfde9a06
 SHA512:
-  metadata.gz: 15916af51fe7d755b9faffcddb800b79b731af1ab6d4ab2d4163e9f6174fb70124f17d4fa51d0ce6365d639d24964a6e88237f7e70efbdd949a05d0943aff7c3
-  data.tar.gz: 1e061b1a1cd8a52978ae75ad928646fc833257c45fa0a95af29183b5ccddd98c02f6c097c91a7ba4ac5eb52360a0f561b42d735c9691705617e6d14dd20df4c0
+  metadata.gz: d9479f6e2a60ff18e0f4fa6ad5e295b5584231c11829b7b2804f082c321e02df62cd60ffda2d0017b45639f43c7eb57b49ed37bed899e82d0835c0046a91b95b
+  data.tar.gz: edd45eb310d5461633072d7296f2f64aa545c749e708fd0c04e234ce7b5c9d64b4f299f0a51a377c68db17fad953b540bd90d0974d76ff4e5ac6134a8a63577a

data/ext/winevt/winevt_bookmark.c

@@ -79,14 +79,19 @@ rb_winevt_bookmark_update(VALUE self, VALUE event)
 static VALUE
 rb_winevt_bookmark_render(VALUE self)
 {
+  WCHAR* wResult;
   char* result;
   struct WinevtBookmark *winevtBookmark;
+  VALUE utf8str;
 
   TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
+  wResult = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
+  result = wstr_to_mbstr(CP_UTF8, wResult, -1);
 
-  result = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
+  utf8str = rb_utf8_str_new_cstr(result);
+  free_allocated_mbstr(result);
 
-  return rb_str_new2(result);
+  return utf8str;
 }
 
 void Init_winevt_bookmark(VALUE rb_cEventLog)

data/ext/winevt/winevt_c.h

@@ -22,8 +22,9 @@
 #define EventChannel(object) ((struct WinevtChannel *)DATA_PTR(object))
 
 char* wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen);
-char* render_event(EVT_HANDLE handle, DWORD flags);
-char* get_description(EVT_HANDLE handle);
+void free_allocated_mbstr(const char* str);
+WCHAR* render_event(EVT_HANDLE handle, DWORD flags);
+WCHAR* get_description(EVT_HANDLE handle);
 VALUE get_values(EVT_HANDLE handle);
 
 VALUE rb_cQuery;

data/ext/winevt/winevt_channel.c

@@ -49,6 +49,7 @@ rb_winevt_channel_each(VALUE self)
   DWORD bufferSize = 0;
   DWORD bufferUsed = 0;
   DWORD status = ERROR_SUCCESS;
+  VALUE utf8str;
 
   RETURN_ENUMERATOR(self, 0, 0);
 
@@ -88,7 +89,10 @@ rb_winevt_channel_each(VALUE self)
 
     result = wstr_to_mbstr(CP_UTF8, buffer, -1);
 
-    rb_yield(rb_utf8_str_new_cstr(result));
+    utf8str = rb_utf8_str_new_cstr(result);
+    free_allocated_mbstr(result);
+
+    rb_yield(utf8str);
   }
 
   return Qnil;

data/ext/winevt/winevt_query.c

@@ -137,25 +137,37 @@ rb_winevt_query_next(VALUE self)
 static VALUE
 rb_winevt_query_render(VALUE self)
 {
+  WCHAR* wResult;
   char* result;
   struct WinevtQuery *winevtQuery;
+  VALUE utf8str;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
-  result = render_event(winevtQuery->event, EvtRenderEventXml);
+  wResult = render_event(winevtQuery->event, EvtRenderEventXml);
+  result = wstr_to_mbstr(CP_UTF8, wResult, -1);
 
-  return rb_utf8_str_new_cstr(result);
+  utf8str = rb_utf8_str_new_cstr(result);
+  free_allocated_mbstr(result);
+
+  return utf8str;
 }
 
 static VALUE
 rb_winevt_query_message(VALUE self)
 {
+  WCHAR* wResult;
   char* result;
   struct WinevtQuery *winevtQuery;
+  VALUE utf8str;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
-  result = get_description(winevtQuery->event);
+  wResult = get_description(winevtQuery->event);
+  result = wstr_to_mbstr(CP_UTF8, wResult, -1);
+
+  utf8str = rb_utf8_str_new_cstr(result);
+  free_allocated_mbstr(result);
 
-  return rb_utf8_str_new_cstr(result);
+  return utf8str;
 }
 
 static VALUE

data/ext/winevt/winevt_subscribe.c

@@ -153,25 +153,37 @@ rb_winevt_subscribe_next(VALUE self)
 static VALUE
 rb_winevt_subscribe_render(VALUE self)
 {
+  WCHAR* wResult;
   char* result;
   struct WinevtSubscribe *winevtSubscribe;
+  VALUE utf8str;
 
   TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
-  result = render_event(winevtSubscribe->event, EvtRenderEventXml);
+  wResult = render_event(winevtSubscribe->event, EvtRenderEventXml);
+  result = wstr_to_mbstr(CP_UTF8, wResult, -1);
 
-  return rb_utf8_str_new_cstr(result);
+  utf8str = rb_utf8_str_new_cstr(result);
+  free_allocated_mbstr(result);
+
+  return utf8str;
 }
 
 static VALUE
 rb_winevt_subscribe_message(VALUE self)
 {
+  WCHAR* wResult;
   char* result;
   struct WinevtSubscribe *winevtSubscribe;
+  VALUE utf8str;
 
   TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
-  result = get_description(winevtSubscribe->event);
+  wResult = get_description(winevtSubscribe->event);
+  result = wstr_to_mbstr(CP_UTF8, wResult, -1);
+
+  utf8str = rb_utf8_str_new_cstr(result);
+  free_allocated_mbstr(result);
 
-  return rb_utf8_str_new_cstr(result);
+  return utf8str;
 }
 
 static VALUE
@@ -205,14 +217,20 @@ rb_winevt_subscribe_each(VALUE self)
 static VALUE
 rb_winevt_subscribe_get_bookmark(VALUE self)
 {
+  WCHAR* wResult;
   char* result;
   struct WinevtSubscribe *winevtSubscribe;
+  VALUE utf8str;
 
   TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
 
-  result = render_event(winevtSubscribe->bookmark, EvtRenderBookmark);
+  wResult = render_event(winevtSubscribe->bookmark, EvtRenderBookmark);
+  result = wstr_to_mbstr(CP_UTF8, wResult, -1);
+
+  utf8str = rb_utf8_str_new_cstr(result);
+  free_allocated_mbstr(result);
 
-  return rb_str_new2(result);
+  return utf8str;
 }
 
 void Init_winevt_subscribe(VALUE rb_cEventLog)

data/ext/winevt/winevt_utils.c

@@ -13,20 +13,26 @@ wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen)
     return ptr;
 }
 
-char* render_event(EVT_HANDLE handle, DWORD flags)
+void free_allocated_mbstr(const char* str)
+{
+  if (str)
+    xfree((char *)str);
+}
+
+WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
 {
   PWSTR      buffer = NULL;
   ULONG      bufferSize = 0;
   ULONG      bufferSizeNeeded = 0;
   ULONG      status, count;
-  char*      result;
+  static WCHAR* result = L"";
   LPTSTR     msgBuf;
 
   do {
     if (bufferSizeNeeded > bufferSize) {
       free(buffer);
       bufferSize = bufferSizeNeeded;
-      buffer = malloc(bufferSize);
+      buffer = xmalloc(bufferSize);
       if (buffer == NULL) {
         status = ERROR_OUTOFMEMORY;
         bufferSize = 0;
@@ -63,10 +69,10 @@ char* render_event(EVT_HANDLE handle, DWORD flags)
     rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
   }
 
-  result = wstr_to_mbstr(CP_UTF8, buffer, -1);
+  result = buffer;
 
   if (buffer)
-    free(buffer);
+    xfree(buffer);
 
   return result;
 }
@@ -92,7 +98,7 @@ VALUE get_values(EVT_HANDLE handle)
     if (bufferSizeNeeded > bufferSize) {
       free(buffer);
       bufferSize = bufferSizeNeeded;
-      buffer = malloc(bufferSize);
+      buffer = xmalloc(bufferSize);
       if (buffer == NULL) {
         status = ERROR_OUTOFMEMORY;
         bufferSize = 0;
@@ -147,6 +153,7 @@ VALUE get_values(EVT_HANDLE handle)
       } else {
         result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].StringVal, -1);
         rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
+        free_allocated_mbstr(result);
       }
       break;
     case EvtVarTypeAnsiString:
@@ -191,6 +198,7 @@ VALUE get_values(EVT_HANDLE handle)
     case EvtVarTypeSingle:
       sprintf(result, "%f", pRenderedValues[i].SingleVal);
       rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
+      free_allocated_mbstr(result);
       break;
     case EvtVarTypeDouble:
       sprintf(result, "%lf", pRenderedValues[i].DoubleVal);
@@ -205,6 +213,7 @@ VALUE get_values(EVT_HANDLE handle)
         StringFromCLSID(pRenderedValues[i].GuidVal, &tmpWChar);
         result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
         rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
+        free_allocated_mbstr(result);
       } else {
         rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
       }
@@ -243,6 +252,7 @@ VALUE get_values(EVT_HANDLE handle)
       if (ConvertSidToStringSidW(pRenderedValues[i].SidVal, &tmpWChar)) {
         result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
         rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
+        free_allocated_mbstr(result);
       } else {
         rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
       }
@@ -263,6 +273,7 @@ VALUE get_values(EVT_HANDLE handle)
       } else {
         result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].XmlVal, -1);
         rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
+        free_allocated_mbstr(result);
       }
       break;
     default:
@@ -272,70 +283,26 @@ VALUE get_values(EVT_HANDLE handle)
   }
 
   if (buffer)
-    free(buffer);
+    xfree(buffer);
+
+  if (renderContext)
+    EvtClose(renderContext);
 
   return userValues;
 }
 
-char* get_description(EVT_HANDLE handle)
+static WCHAR* get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
 {
-#define MAX_BUFFER 65535
-  WCHAR      buffer[4096], *msg = buffer;
-  WCHAR      descriptionBuffer[MAX_BUFFER];
-  ULONG      bufferSize = 0;
-  ULONG      bufferSizeNeeded = 0;
-  ULONG      status, count;
-  char*      result = "";
-  LPTSTR     msgBuf = "";
-  EVT_HANDLE hMetadata = NULL;
-  PEVT_VARIANT values = NULL;
+#define BUFSIZE 4096
+  static WCHAR* result = L"";
+  ULONG  status;
+  ULONG bufferSizeNeeded = 0;
   LPVOID lpMsgBuf;
+  WCHAR*     prevBuffer;
+  WCHAR     *message;
 
-  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
-  EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
-  if (renderContext == NULL) {
-    rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
-  }
-
-  if (EvtRender(renderContext,
-                handle,
-                EvtRenderEventValues,
-                _countof(buffer),
-                buffer,
-                &bufferSizeNeeded,
-                &count) != FALSE) {
-    status = ERROR_SUCCESS;
-  } else {
-    status = GetLastError();
-  }
-
-  if (status != ERROR_SUCCESS) {
-    FormatMessage(
-        FORMAT_MESSAGE_ALLOCATE_BUFFER |
-        FORMAT_MESSAGE_FROM_SYSTEM |
-        FORMAT_MESSAGE_IGNORE_INSERTS,
-        NULL, status,
-        MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
-        msgBuf, 0, NULL);
-
-    VALUE errmsg = rb_str_new2(msgBuf);
-    LocalFree(msgBuf);
-
-    rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
-  }
-
-  // Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
-  values = (PEVT_VARIANT)buffer;
-
-  // Open publisher metadata
-  hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
-  if (hMetadata == NULL) {
-    // When winevt_c cannot open metadata, then give up to obtain
-    // message file and clean up immediately.
-    goto cleanup;
-  }
-
-  if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, 4096, buffer, &bufferSizeNeeded)) {
+  message = (WCHAR *)xmalloc(sizeof(WCHAR) * BUFSIZE);
+  if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, BUFSIZE, message, &bufferSizeNeeded)) {
     status = GetLastError();
 
     if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
@@ -361,7 +328,8 @@ char* get_description(EVT_HANDLE handle)
                          MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
                          (WCHAR *) &lpMsgBuf, 0, NULL);
 
-        result = wstr_to_mbstr(CP_UTF8, (WCHAR *)lpMsgBuf, -1);
+        result = (WCHAR *)lpMsgBuf;
+        LocalFree(lpMsgBuf);
 
         goto cleanup;
       }
@@ -373,9 +341,10 @@ char* get_description(EVT_HANDLE handle)
     }
 
     if (status == ERROR_INSUFFICIENT_BUFFER) {
-      msg = (WCHAR *)malloc(sizeof(WCHAR) * bufferSizeNeeded);
+      prevBuffer = message;
+      message = (WCHAR *)realloc(prevBuffer, sizeof(WCHAR) * bufferSizeNeeded);
 
-      if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, msg, &bufferSizeNeeded)) {
+      if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, message, &bufferSizeNeeded)) {
         status = GetLastError();
 
         if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
@@ -401,7 +370,8 @@ char* get_description(EVT_HANDLE handle)
                              MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
                              (WCHAR *) &lpMsgBuf, 0, NULL);
 
-            result = wstr_to_mbstr(CP_UTF8, (WCHAR *)lpMsgBuf, -1);
+            result = (WCHAR *)lpMsgBuf;
+            LocalFree(lpMsgBuf);
 
             goto cleanup;
           }
@@ -411,9 +381,78 @@ char* get_description(EVT_HANDLE handle)
       }
     }
   }
-  result = wstr_to_mbstr(CP_UTF8, msg, -1);
 
-#undef MAX_BUFFER
+  result = message;
+
+cleanup:
+
+  if (message)
+    xfree(message);
+
+  return result;
+
+#undef BUFSIZE
+}
+
+WCHAR* get_description(EVT_HANDLE handle)
+{
+#define BUFSIZE 4096
+  WCHAR      buffer[BUFSIZE];
+  ULONG      bufferSize = 0;
+  ULONG      bufferSizeNeeded = 0;
+  ULONG      status, count;
+  static WCHAR *result = L"";
+  LPTSTR     msgBuf = "";
+  EVT_HANDLE hMetadata = NULL;
+  PEVT_VARIANT values = NULL;
+
+  static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
+  EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
+  if (renderContext == NULL) {
+    rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
+  }
+
+  if (EvtRender(renderContext,
+                handle,
+                EvtRenderEventValues,
+                _countof(buffer),
+                buffer,
+                &bufferSizeNeeded,
+                &count) != FALSE) {
+    status = ERROR_SUCCESS;
+  } else {
+    status = GetLastError();
+  }
+
+  if (status != ERROR_SUCCESS) {
+    FormatMessage(
+        FORMAT_MESSAGE_ALLOCATE_BUFFER |
+        FORMAT_MESSAGE_FROM_SYSTEM |
+        FORMAT_MESSAGE_IGNORE_INSERTS,
+        NULL, status,
+        MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+        msgBuf, 0, NULL);
+
+    VALUE errmsg = rb_str_new2(msgBuf);
+    LocalFree(msgBuf);
+
+    rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
+  }
+
+  // Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
+  values = (PEVT_VARIANT)buffer;
+
+  // Open publisher metadata
+  hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
+  if (hMetadata == NULL) {
+    // When winevt_c cannot open metadata, then give up to obtain
+    // message file and clean up immediately.
+    goto cleanup;
+  }
+
+  result = get_message(hMetadata, handle);
+
+#undef BUFSIZE
 
 cleanup:
 

data/lib/winevt/version.rb

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.3.8"
+  VERSION = "0.4.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.3.8
+  version: 0.4.0
 platform: x64-mingw32
 authors:
 - Hiroshi Hatake
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-06-27 00:00:00.000000000 Z
+date: 2019-06-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler