winevt_c 0.3.8-x86-mingw32 → 0.4.0-x86-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/winevt/winevt_bookmark.c +7 -2
- data/ext/winevt/winevt_c.h +3 -2
- data/ext/winevt/winevt_channel.c +5 -1
- data/ext/winevt/winevt_query.c +16 -4
- data/ext/winevt/winevt_subscribe.c +24 -6
- data/ext/winevt/winevt_utils.c +108 -69
- data/lib/winevt/2.4/winevt.so +0 -0
- data/lib/winevt/2.5/winevt.so +0 -0
- data/lib/winevt/2.6/winevt.so +0 -0
- data/lib/winevt/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e0861d47eb17f69967842c4ca2ee4b95bf878a5e8fd00037f290f9c5d427169
|
4
|
+
data.tar.gz: c215213706cebf991096c43a2d2908aa451c565fa1ef260419a99eac2e1048d7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c60e58ef313ea9d21c8d481649c8a7e302908d3a24ba69f253ed3706fc339187aa87ea779b10c69d31d77d925530bf15edd8aec3b628032f7bacddc7a75a3658
|
7
|
+
data.tar.gz: dac9f1488b6ee48dc55749c195b95b92f602ac96f6725f35651ae06d697fcd1ab7a114a045075cd2de61acd321ec703ef5c6e584248174a41afe83da54ccb6b7
|
@@ -79,14 +79,19 @@ rb_winevt_bookmark_update(VALUE self, VALUE event)
|
|
79
79
|
static VALUE
|
80
80
|
rb_winevt_bookmark_render(VALUE self)
|
81
81
|
{
|
82
|
+
WCHAR* wResult;
|
82
83
|
char* result;
|
83
84
|
struct WinevtBookmark *winevtBookmark;
|
85
|
+
VALUE utf8str;
|
84
86
|
|
85
87
|
TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
|
88
|
+
wResult = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
|
89
|
+
result = wstr_to_mbstr(CP_UTF8, wResult, -1);
|
86
90
|
|
87
|
-
|
91
|
+
utf8str = rb_utf8_str_new_cstr(result);
|
92
|
+
free_allocated_mbstr(result);
|
88
93
|
|
89
|
-
return
|
94
|
+
return utf8str;
|
90
95
|
}
|
91
96
|
|
92
97
|
void Init_winevt_bookmark(VALUE rb_cEventLog)
|
data/ext/winevt/winevt_c.h
CHANGED
@@ -22,8 +22,9 @@
|
|
22
22
|
#define EventChannel(object) ((struct WinevtChannel *)DATA_PTR(object))
|
23
23
|
|
24
24
|
char* wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen);
|
25
|
-
|
26
|
-
|
25
|
+
void free_allocated_mbstr(const char* str);
|
26
|
+
WCHAR* render_event(EVT_HANDLE handle, DWORD flags);
|
27
|
+
WCHAR* get_description(EVT_HANDLE handle);
|
27
28
|
VALUE get_values(EVT_HANDLE handle);
|
28
29
|
|
29
30
|
VALUE rb_cQuery;
|
data/ext/winevt/winevt_channel.c
CHANGED
@@ -49,6 +49,7 @@ rb_winevt_channel_each(VALUE self)
|
|
49
49
|
DWORD bufferSize = 0;
|
50
50
|
DWORD bufferUsed = 0;
|
51
51
|
DWORD status = ERROR_SUCCESS;
|
52
|
+
VALUE utf8str;
|
52
53
|
|
53
54
|
RETURN_ENUMERATOR(self, 0, 0);
|
54
55
|
|
@@ -88,7 +89,10 @@ rb_winevt_channel_each(VALUE self)
|
|
88
89
|
|
89
90
|
result = wstr_to_mbstr(CP_UTF8, buffer, -1);
|
90
91
|
|
91
|
-
|
92
|
+
utf8str = rb_utf8_str_new_cstr(result);
|
93
|
+
free_allocated_mbstr(result);
|
94
|
+
|
95
|
+
rb_yield(utf8str);
|
92
96
|
}
|
93
97
|
|
94
98
|
return Qnil;
|
data/ext/winevt/winevt_query.c
CHANGED
@@ -137,25 +137,37 @@ rb_winevt_query_next(VALUE self)
|
|
137
137
|
static VALUE
|
138
138
|
rb_winevt_query_render(VALUE self)
|
139
139
|
{
|
140
|
+
WCHAR* wResult;
|
140
141
|
char* result;
|
141
142
|
struct WinevtQuery *winevtQuery;
|
143
|
+
VALUE utf8str;
|
142
144
|
|
143
145
|
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
144
|
-
|
146
|
+
wResult = render_event(winevtQuery->event, EvtRenderEventXml);
|
147
|
+
result = wstr_to_mbstr(CP_UTF8, wResult, -1);
|
145
148
|
|
146
|
-
|
149
|
+
utf8str = rb_utf8_str_new_cstr(result);
|
150
|
+
free_allocated_mbstr(result);
|
151
|
+
|
152
|
+
return utf8str;
|
147
153
|
}
|
148
154
|
|
149
155
|
static VALUE
|
150
156
|
rb_winevt_query_message(VALUE self)
|
151
157
|
{
|
158
|
+
WCHAR* wResult;
|
152
159
|
char* result;
|
153
160
|
struct WinevtQuery *winevtQuery;
|
161
|
+
VALUE utf8str;
|
154
162
|
|
155
163
|
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
156
|
-
|
164
|
+
wResult = get_description(winevtQuery->event);
|
165
|
+
result = wstr_to_mbstr(CP_UTF8, wResult, -1);
|
166
|
+
|
167
|
+
utf8str = rb_utf8_str_new_cstr(result);
|
168
|
+
free_allocated_mbstr(result);
|
157
169
|
|
158
|
-
return
|
170
|
+
return utf8str;
|
159
171
|
}
|
160
172
|
|
161
173
|
static VALUE
|
@@ -153,25 +153,37 @@ rb_winevt_subscribe_next(VALUE self)
|
|
153
153
|
static VALUE
|
154
154
|
rb_winevt_subscribe_render(VALUE self)
|
155
155
|
{
|
156
|
+
WCHAR* wResult;
|
156
157
|
char* result;
|
157
158
|
struct WinevtSubscribe *winevtSubscribe;
|
159
|
+
VALUE utf8str;
|
158
160
|
|
159
161
|
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
160
|
-
|
162
|
+
wResult = render_event(winevtSubscribe->event, EvtRenderEventXml);
|
163
|
+
result = wstr_to_mbstr(CP_UTF8, wResult, -1);
|
161
164
|
|
162
|
-
|
165
|
+
utf8str = rb_utf8_str_new_cstr(result);
|
166
|
+
free_allocated_mbstr(result);
|
167
|
+
|
168
|
+
return utf8str;
|
163
169
|
}
|
164
170
|
|
165
171
|
static VALUE
|
166
172
|
rb_winevt_subscribe_message(VALUE self)
|
167
173
|
{
|
174
|
+
WCHAR* wResult;
|
168
175
|
char* result;
|
169
176
|
struct WinevtSubscribe *winevtSubscribe;
|
177
|
+
VALUE utf8str;
|
170
178
|
|
171
179
|
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
172
|
-
|
180
|
+
wResult = get_description(winevtSubscribe->event);
|
181
|
+
result = wstr_to_mbstr(CP_UTF8, wResult, -1);
|
182
|
+
|
183
|
+
utf8str = rb_utf8_str_new_cstr(result);
|
184
|
+
free_allocated_mbstr(result);
|
173
185
|
|
174
|
-
return
|
186
|
+
return utf8str;
|
175
187
|
}
|
176
188
|
|
177
189
|
static VALUE
|
@@ -205,14 +217,20 @@ rb_winevt_subscribe_each(VALUE self)
|
|
205
217
|
static VALUE
|
206
218
|
rb_winevt_subscribe_get_bookmark(VALUE self)
|
207
219
|
{
|
220
|
+
WCHAR* wResult;
|
208
221
|
char* result;
|
209
222
|
struct WinevtSubscribe *winevtSubscribe;
|
223
|
+
VALUE utf8str;
|
210
224
|
|
211
225
|
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
212
226
|
|
213
|
-
|
227
|
+
wResult = render_event(winevtSubscribe->bookmark, EvtRenderBookmark);
|
228
|
+
result = wstr_to_mbstr(CP_UTF8, wResult, -1);
|
229
|
+
|
230
|
+
utf8str = rb_utf8_str_new_cstr(result);
|
231
|
+
free_allocated_mbstr(result);
|
214
232
|
|
215
|
-
return
|
233
|
+
return utf8str;
|
216
234
|
}
|
217
235
|
|
218
236
|
void Init_winevt_subscribe(VALUE rb_cEventLog)
|
data/ext/winevt/winevt_utils.c
CHANGED
@@ -13,20 +13,26 @@ wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen)
|
|
13
13
|
return ptr;
|
14
14
|
}
|
15
15
|
|
16
|
-
|
16
|
+
void free_allocated_mbstr(const char* str)
|
17
|
+
{
|
18
|
+
if (str)
|
19
|
+
xfree((char *)str);
|
20
|
+
}
|
21
|
+
|
22
|
+
WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
17
23
|
{
|
18
24
|
PWSTR buffer = NULL;
|
19
25
|
ULONG bufferSize = 0;
|
20
26
|
ULONG bufferSizeNeeded = 0;
|
21
27
|
ULONG status, count;
|
22
|
-
|
28
|
+
static WCHAR* result = L"";
|
23
29
|
LPTSTR msgBuf;
|
24
30
|
|
25
31
|
do {
|
26
32
|
if (bufferSizeNeeded > bufferSize) {
|
27
33
|
free(buffer);
|
28
34
|
bufferSize = bufferSizeNeeded;
|
29
|
-
buffer =
|
35
|
+
buffer = xmalloc(bufferSize);
|
30
36
|
if (buffer == NULL) {
|
31
37
|
status = ERROR_OUTOFMEMORY;
|
32
38
|
bufferSize = 0;
|
@@ -63,10 +69,10 @@ char* render_event(EVT_HANDLE handle, DWORD flags)
|
|
63
69
|
rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
|
64
70
|
}
|
65
71
|
|
66
|
-
result =
|
72
|
+
result = buffer;
|
67
73
|
|
68
74
|
if (buffer)
|
69
|
-
|
75
|
+
xfree(buffer);
|
70
76
|
|
71
77
|
return result;
|
72
78
|
}
|
@@ -92,7 +98,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
92
98
|
if (bufferSizeNeeded > bufferSize) {
|
93
99
|
free(buffer);
|
94
100
|
bufferSize = bufferSizeNeeded;
|
95
|
-
buffer =
|
101
|
+
buffer = xmalloc(bufferSize);
|
96
102
|
if (buffer == NULL) {
|
97
103
|
status = ERROR_OUTOFMEMORY;
|
98
104
|
bufferSize = 0;
|
@@ -147,6 +153,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
147
153
|
} else {
|
148
154
|
result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].StringVal, -1);
|
149
155
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
156
|
+
free_allocated_mbstr(result);
|
150
157
|
}
|
151
158
|
break;
|
152
159
|
case EvtVarTypeAnsiString:
|
@@ -191,6 +198,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
191
198
|
case EvtVarTypeSingle:
|
192
199
|
sprintf(result, "%f", pRenderedValues[i].SingleVal);
|
193
200
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
201
|
+
free_allocated_mbstr(result);
|
194
202
|
break;
|
195
203
|
case EvtVarTypeDouble:
|
196
204
|
sprintf(result, "%lf", pRenderedValues[i].DoubleVal);
|
@@ -205,6 +213,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
205
213
|
StringFromCLSID(pRenderedValues[i].GuidVal, &tmpWChar);
|
206
214
|
result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
|
207
215
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
216
|
+
free_allocated_mbstr(result);
|
208
217
|
} else {
|
209
218
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
210
219
|
}
|
@@ -243,6 +252,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
243
252
|
if (ConvertSidToStringSidW(pRenderedValues[i].SidVal, &tmpWChar)) {
|
244
253
|
result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
|
245
254
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
255
|
+
free_allocated_mbstr(result);
|
246
256
|
} else {
|
247
257
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
248
258
|
}
|
@@ -263,6 +273,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
263
273
|
} else {
|
264
274
|
result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].XmlVal, -1);
|
265
275
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
276
|
+
free_allocated_mbstr(result);
|
266
277
|
}
|
267
278
|
break;
|
268
279
|
default:
|
@@ -272,70 +283,26 @@ VALUE get_values(EVT_HANDLE handle)
|
|
272
283
|
}
|
273
284
|
|
274
285
|
if (buffer)
|
275
|
-
|
286
|
+
xfree(buffer);
|
287
|
+
|
288
|
+
if (renderContext)
|
289
|
+
EvtClose(renderContext);
|
276
290
|
|
277
291
|
return userValues;
|
278
292
|
}
|
279
293
|
|
280
|
-
|
294
|
+
static WCHAR* get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
281
295
|
{
|
282
|
-
#define
|
283
|
-
WCHAR
|
284
|
-
|
285
|
-
ULONG
|
286
|
-
ULONG bufferSizeNeeded = 0;
|
287
|
-
ULONG status, count;
|
288
|
-
char* result = "";
|
289
|
-
LPTSTR msgBuf = "";
|
290
|
-
EVT_HANDLE hMetadata = NULL;
|
291
|
-
PEVT_VARIANT values = NULL;
|
296
|
+
#define BUFSIZE 4096
|
297
|
+
static WCHAR* result = L"";
|
298
|
+
ULONG status;
|
299
|
+
ULONG bufferSizeNeeded = 0;
|
292
300
|
LPVOID lpMsgBuf;
|
301
|
+
WCHAR* prevBuffer;
|
302
|
+
WCHAR *message;
|
293
303
|
|
294
|
-
|
295
|
-
|
296
|
-
if (renderContext == NULL) {
|
297
|
-
rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
|
298
|
-
}
|
299
|
-
|
300
|
-
if (EvtRender(renderContext,
|
301
|
-
handle,
|
302
|
-
EvtRenderEventValues,
|
303
|
-
_countof(buffer),
|
304
|
-
buffer,
|
305
|
-
&bufferSizeNeeded,
|
306
|
-
&count) != FALSE) {
|
307
|
-
status = ERROR_SUCCESS;
|
308
|
-
} else {
|
309
|
-
status = GetLastError();
|
310
|
-
}
|
311
|
-
|
312
|
-
if (status != ERROR_SUCCESS) {
|
313
|
-
FormatMessage(
|
314
|
-
FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
315
|
-
FORMAT_MESSAGE_FROM_SYSTEM |
|
316
|
-
FORMAT_MESSAGE_IGNORE_INSERTS,
|
317
|
-
NULL, status,
|
318
|
-
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
|
319
|
-
msgBuf, 0, NULL);
|
320
|
-
|
321
|
-
VALUE errmsg = rb_str_new2(msgBuf);
|
322
|
-
LocalFree(msgBuf);
|
323
|
-
|
324
|
-
rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
|
325
|
-
}
|
326
|
-
|
327
|
-
// Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
|
328
|
-
values = (PEVT_VARIANT)buffer;
|
329
|
-
|
330
|
-
// Open publisher metadata
|
331
|
-
hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
332
|
-
if (hMetadata == NULL) {
|
333
|
-
// When winevt_c cannot open metadata, then give up to obtain
|
334
|
-
// message file and clean up immediately.
|
335
|
-
goto cleanup;
|
336
|
-
}
|
337
|
-
|
338
|
-
if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, 4096, buffer, &bufferSizeNeeded)) {
|
304
|
+
message = (WCHAR *)xmalloc(sizeof(WCHAR) * BUFSIZE);
|
305
|
+
if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, BUFSIZE, message, &bufferSizeNeeded)) {
|
339
306
|
status = GetLastError();
|
340
307
|
|
341
308
|
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
@@ -361,7 +328,8 @@ char* get_description(EVT_HANDLE handle)
|
|
361
328
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
362
329
|
(WCHAR *) &lpMsgBuf, 0, NULL);
|
363
330
|
|
364
|
-
result =
|
331
|
+
result = (WCHAR *)lpMsgBuf;
|
332
|
+
LocalFree(lpMsgBuf);
|
365
333
|
|
366
334
|
goto cleanup;
|
367
335
|
}
|
@@ -373,9 +341,10 @@ char* get_description(EVT_HANDLE handle)
|
|
373
341
|
}
|
374
342
|
|
375
343
|
if (status == ERROR_INSUFFICIENT_BUFFER) {
|
376
|
-
|
344
|
+
prevBuffer = message;
|
345
|
+
message = (WCHAR *)realloc(prevBuffer, sizeof(WCHAR) * bufferSizeNeeded);
|
377
346
|
|
378
|
-
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded,
|
347
|
+
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, message, &bufferSizeNeeded)) {
|
379
348
|
status = GetLastError();
|
380
349
|
|
381
350
|
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
@@ -401,7 +370,8 @@ char* get_description(EVT_HANDLE handle)
|
|
401
370
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
402
371
|
(WCHAR *) &lpMsgBuf, 0, NULL);
|
403
372
|
|
404
|
-
result =
|
373
|
+
result = (WCHAR *)lpMsgBuf;
|
374
|
+
LocalFree(lpMsgBuf);
|
405
375
|
|
406
376
|
goto cleanup;
|
407
377
|
}
|
@@ -411,9 +381,78 @@ char* get_description(EVT_HANDLE handle)
|
|
411
381
|
}
|
412
382
|
}
|
413
383
|
}
|
414
|
-
result = wstr_to_mbstr(CP_UTF8, msg, -1);
|
415
384
|
|
416
|
-
|
385
|
+
result = message;
|
386
|
+
|
387
|
+
cleanup:
|
388
|
+
|
389
|
+
if (message)
|
390
|
+
xfree(message);
|
391
|
+
|
392
|
+
return result;
|
393
|
+
|
394
|
+
#undef BUFSIZE
|
395
|
+
}
|
396
|
+
|
397
|
+
WCHAR* get_description(EVT_HANDLE handle)
|
398
|
+
{
|
399
|
+
#define BUFSIZE 4096
|
400
|
+
WCHAR buffer[BUFSIZE];
|
401
|
+
ULONG bufferSize = 0;
|
402
|
+
ULONG bufferSizeNeeded = 0;
|
403
|
+
ULONG status, count;
|
404
|
+
static WCHAR *result = L"";
|
405
|
+
LPTSTR msgBuf = "";
|
406
|
+
EVT_HANDLE hMetadata = NULL;
|
407
|
+
PEVT_VARIANT values = NULL;
|
408
|
+
|
409
|
+
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
|
410
|
+
EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
|
411
|
+
if (renderContext == NULL) {
|
412
|
+
rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
|
413
|
+
}
|
414
|
+
|
415
|
+
if (EvtRender(renderContext,
|
416
|
+
handle,
|
417
|
+
EvtRenderEventValues,
|
418
|
+
_countof(buffer),
|
419
|
+
buffer,
|
420
|
+
&bufferSizeNeeded,
|
421
|
+
&count) != FALSE) {
|
422
|
+
status = ERROR_SUCCESS;
|
423
|
+
} else {
|
424
|
+
status = GetLastError();
|
425
|
+
}
|
426
|
+
|
427
|
+
if (status != ERROR_SUCCESS) {
|
428
|
+
FormatMessage(
|
429
|
+
FORMAT_MESSAGE_ALLOCATE_BUFFER |
|
430
|
+
FORMAT_MESSAGE_FROM_SYSTEM |
|
431
|
+
FORMAT_MESSAGE_IGNORE_INSERTS,
|
432
|
+
NULL, status,
|
433
|
+
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
|
434
|
+
msgBuf, 0, NULL);
|
435
|
+
|
436
|
+
VALUE errmsg = rb_str_new2(msgBuf);
|
437
|
+
LocalFree(msgBuf);
|
438
|
+
|
439
|
+
rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
|
440
|
+
}
|
441
|
+
|
442
|
+
// Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
|
443
|
+
values = (PEVT_VARIANT)buffer;
|
444
|
+
|
445
|
+
// Open publisher metadata
|
446
|
+
hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
447
|
+
if (hMetadata == NULL) {
|
448
|
+
// When winevt_c cannot open metadata, then give up to obtain
|
449
|
+
// message file and clean up immediately.
|
450
|
+
goto cleanup;
|
451
|
+
}
|
452
|
+
|
453
|
+
result = get_message(hMetadata, handle);
|
454
|
+
|
455
|
+
#undef BUFSIZE
|
417
456
|
|
418
457
|
cleanup:
|
419
458
|
|
data/lib/winevt/2.4/winevt.so
CHANGED
Binary file
|
data/lib/winevt/2.5/winevt.so
CHANGED
Binary file
|
data/lib/winevt/2.6/winevt.so
CHANGED
Binary file
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: winevt_c
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: x86-mingw32
|
6
6
|
authors:
|
7
7
|
- Hiroshi Hatake
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-06-
|
11
|
+
date: 2019-06-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|