winevt_c 0.3.8 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ac595d99bc6422ccdbbd74c8df98fad0fea9a6679c3858cc891d898cd22c6062
4
- data.tar.gz: 42c8309fadbbc077f4999aa14b91e7a5d15f28747ad24961609d6152370ac12d
3
+ metadata.gz: 244a14b164c848b25d2aa5dbc75c5ccdbdb7af62424f37f6463d1be30b673484
4
+ data.tar.gz: 954aa6d48fd5643d5992841f926c17b0b5c38790f6c1e9e9a4c37c2a2974c4ee
5
5
  SHA512:
6
- metadata.gz: ee9d551fb4c229631e70b1e2e779fcebb3f87fe99a7c795a8a3fa9278ee8e7a2f8cfcad156f8189b380613d63746625913cb00dd7505f232ed6ea2dbc74fcfbd
7
- data.tar.gz: 98af1f800f0628d2ddd96d974f9fa5ade5e1dfa9a5026a45ef3ab805516b860019c219af49bc3335f065725e1800202a474aaa18dd2abbc6e8826048b1588899
6
+ metadata.gz: ac5be5abad00314ee60ec70c914ff53523eea1a918c17133fdde614d2638ddad9fab8f72dd9d57c492b467deaaf0c0c99b58a178b9b3dd072c42656ce93c8e3d
7
+ data.tar.gz: 59a8a65f8a68c6548f46863e3b82345a5bb0f0a679a63c900e5dd29232940ab421f16b52c0859e1d87430202ca3797b84674b8b6b2cf8d5d3d96aa3bba6d69f8
@@ -79,14 +79,19 @@ rb_winevt_bookmark_update(VALUE self, VALUE event)
79
79
  static VALUE
80
80
  rb_winevt_bookmark_render(VALUE self)
81
81
  {
82
+ WCHAR* wResult;
82
83
  char* result;
83
84
  struct WinevtBookmark *winevtBookmark;
85
+ VALUE utf8str;
84
86
 
85
87
  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
88
+ wResult = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
89
+ result = wstr_to_mbstr(CP_UTF8, wResult, -1);
86
90
 
87
- result = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
91
+ utf8str = rb_utf8_str_new_cstr(result);
92
+ free_allocated_mbstr(result);
88
93
 
89
- return rb_str_new2(result);
94
+ return utf8str;
90
95
  }
91
96
 
92
97
  void Init_winevt_bookmark(VALUE rb_cEventLog)
@@ -22,8 +22,9 @@
22
22
  #define EventChannel(object) ((struct WinevtChannel *)DATA_PTR(object))
23
23
 
24
24
  char* wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen);
25
- char* render_event(EVT_HANDLE handle, DWORD flags);
26
- char* get_description(EVT_HANDLE handle);
25
+ void free_allocated_mbstr(const char* str);
26
+ WCHAR* render_event(EVT_HANDLE handle, DWORD flags);
27
+ WCHAR* get_description(EVT_HANDLE handle);
27
28
  VALUE get_values(EVT_HANDLE handle);
28
29
 
29
30
  VALUE rb_cQuery;
@@ -49,6 +49,7 @@ rb_winevt_channel_each(VALUE self)
49
49
  DWORD bufferSize = 0;
50
50
  DWORD bufferUsed = 0;
51
51
  DWORD status = ERROR_SUCCESS;
52
+ VALUE utf8str;
52
53
 
53
54
  RETURN_ENUMERATOR(self, 0, 0);
54
55
 
@@ -88,7 +89,10 @@ rb_winevt_channel_each(VALUE self)
88
89
 
89
90
  result = wstr_to_mbstr(CP_UTF8, buffer, -1);
90
91
 
91
- rb_yield(rb_utf8_str_new_cstr(result));
92
+ utf8str = rb_utf8_str_new_cstr(result);
93
+ free_allocated_mbstr(result);
94
+
95
+ rb_yield(utf8str);
92
96
  }
93
97
 
94
98
  return Qnil;
@@ -137,25 +137,37 @@ rb_winevt_query_next(VALUE self)
137
137
  static VALUE
138
138
  rb_winevt_query_render(VALUE self)
139
139
  {
140
+ WCHAR* wResult;
140
141
  char* result;
141
142
  struct WinevtQuery *winevtQuery;
143
+ VALUE utf8str;
142
144
 
143
145
  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
144
- result = render_event(winevtQuery->event, EvtRenderEventXml);
146
+ wResult = render_event(winevtQuery->event, EvtRenderEventXml);
147
+ result = wstr_to_mbstr(CP_UTF8, wResult, -1);
145
148
 
146
- return rb_utf8_str_new_cstr(result);
149
+ utf8str = rb_utf8_str_new_cstr(result);
150
+ free_allocated_mbstr(result);
151
+
152
+ return utf8str;
147
153
  }
148
154
 
149
155
  static VALUE
150
156
  rb_winevt_query_message(VALUE self)
151
157
  {
158
+ WCHAR* wResult;
152
159
  char* result;
153
160
  struct WinevtQuery *winevtQuery;
161
+ VALUE utf8str;
154
162
 
155
163
  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
156
- result = get_description(winevtQuery->event);
164
+ wResult = get_description(winevtQuery->event);
165
+ result = wstr_to_mbstr(CP_UTF8, wResult, -1);
166
+
167
+ utf8str = rb_utf8_str_new_cstr(result);
168
+ free_allocated_mbstr(result);
157
169
 
158
- return rb_utf8_str_new_cstr(result);
170
+ return utf8str;
159
171
  }
160
172
 
161
173
  static VALUE
@@ -153,25 +153,37 @@ rb_winevt_subscribe_next(VALUE self)
153
153
  static VALUE
154
154
  rb_winevt_subscribe_render(VALUE self)
155
155
  {
156
+ WCHAR* wResult;
156
157
  char* result;
157
158
  struct WinevtSubscribe *winevtSubscribe;
159
+ VALUE utf8str;
158
160
 
159
161
  TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
160
- result = render_event(winevtSubscribe->event, EvtRenderEventXml);
162
+ wResult = render_event(winevtSubscribe->event, EvtRenderEventXml);
163
+ result = wstr_to_mbstr(CP_UTF8, wResult, -1);
161
164
 
162
- return rb_utf8_str_new_cstr(result);
165
+ utf8str = rb_utf8_str_new_cstr(result);
166
+ free_allocated_mbstr(result);
167
+
168
+ return utf8str;
163
169
  }
164
170
 
165
171
  static VALUE
166
172
  rb_winevt_subscribe_message(VALUE self)
167
173
  {
174
+ WCHAR* wResult;
168
175
  char* result;
169
176
  struct WinevtSubscribe *winevtSubscribe;
177
+ VALUE utf8str;
170
178
 
171
179
  TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
172
- result = get_description(winevtSubscribe->event);
180
+ wResult = get_description(winevtSubscribe->event);
181
+ result = wstr_to_mbstr(CP_UTF8, wResult, -1);
182
+
183
+ utf8str = rb_utf8_str_new_cstr(result);
184
+ free_allocated_mbstr(result);
173
185
 
174
- return rb_utf8_str_new_cstr(result);
186
+ return utf8str;
175
187
  }
176
188
 
177
189
  static VALUE
@@ -205,14 +217,20 @@ rb_winevt_subscribe_each(VALUE self)
205
217
  static VALUE
206
218
  rb_winevt_subscribe_get_bookmark(VALUE self)
207
219
  {
220
+ WCHAR* wResult;
208
221
  char* result;
209
222
  struct WinevtSubscribe *winevtSubscribe;
223
+ VALUE utf8str;
210
224
 
211
225
  TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
212
226
 
213
- result = render_event(winevtSubscribe->bookmark, EvtRenderBookmark);
227
+ wResult = render_event(winevtSubscribe->bookmark, EvtRenderBookmark);
228
+ result = wstr_to_mbstr(CP_UTF8, wResult, -1);
229
+
230
+ utf8str = rb_utf8_str_new_cstr(result);
231
+ free_allocated_mbstr(result);
214
232
 
215
- return rb_str_new2(result);
233
+ return utf8str;
216
234
  }
217
235
 
218
236
  void Init_winevt_subscribe(VALUE rb_cEventLog)
@@ -13,20 +13,26 @@ wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen)
13
13
  return ptr;
14
14
  }
15
15
 
16
- char* render_event(EVT_HANDLE handle, DWORD flags)
16
+ void free_allocated_mbstr(const char* str)
17
+ {
18
+ if (str)
19
+ xfree((char *)str);
20
+ }
21
+
22
+ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
17
23
  {
18
24
  PWSTR buffer = NULL;
19
25
  ULONG bufferSize = 0;
20
26
  ULONG bufferSizeNeeded = 0;
21
27
  ULONG status, count;
22
- char* result;
28
+ static WCHAR* result = L"";
23
29
  LPTSTR msgBuf;
24
30
 
25
31
  do {
26
32
  if (bufferSizeNeeded > bufferSize) {
27
33
  free(buffer);
28
34
  bufferSize = bufferSizeNeeded;
29
- buffer = malloc(bufferSize);
35
+ buffer = xmalloc(bufferSize);
30
36
  if (buffer == NULL) {
31
37
  status = ERROR_OUTOFMEMORY;
32
38
  bufferSize = 0;
@@ -63,10 +69,10 @@ char* render_event(EVT_HANDLE handle, DWORD flags)
63
69
  rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
64
70
  }
65
71
 
66
- result = wstr_to_mbstr(CP_UTF8, buffer, -1);
72
+ result = buffer;
67
73
 
68
74
  if (buffer)
69
- free(buffer);
75
+ xfree(buffer);
70
76
 
71
77
  return result;
72
78
  }
@@ -92,7 +98,7 @@ VALUE get_values(EVT_HANDLE handle)
92
98
  if (bufferSizeNeeded > bufferSize) {
93
99
  free(buffer);
94
100
  bufferSize = bufferSizeNeeded;
95
- buffer = malloc(bufferSize);
101
+ buffer = xmalloc(bufferSize);
96
102
  if (buffer == NULL) {
97
103
  status = ERROR_OUTOFMEMORY;
98
104
  bufferSize = 0;
@@ -147,6 +153,7 @@ VALUE get_values(EVT_HANDLE handle)
147
153
  } else {
148
154
  result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].StringVal, -1);
149
155
  rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
156
+ free_allocated_mbstr(result);
150
157
  }
151
158
  break;
152
159
  case EvtVarTypeAnsiString:
@@ -191,6 +198,7 @@ VALUE get_values(EVT_HANDLE handle)
191
198
  case EvtVarTypeSingle:
192
199
  sprintf(result, "%f", pRenderedValues[i].SingleVal);
193
200
  rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
201
+ free_allocated_mbstr(result);
194
202
  break;
195
203
  case EvtVarTypeDouble:
196
204
  sprintf(result, "%lf", pRenderedValues[i].DoubleVal);
@@ -205,6 +213,7 @@ VALUE get_values(EVT_HANDLE handle)
205
213
  StringFromCLSID(pRenderedValues[i].GuidVal, &tmpWChar);
206
214
  result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
207
215
  rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
216
+ free_allocated_mbstr(result);
208
217
  } else {
209
218
  rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
210
219
  }
@@ -243,6 +252,7 @@ VALUE get_values(EVT_HANDLE handle)
243
252
  if (ConvertSidToStringSidW(pRenderedValues[i].SidVal, &tmpWChar)) {
244
253
  result = wstr_to_mbstr(CP_UTF8, tmpWChar, -1);
245
254
  rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
255
+ free_allocated_mbstr(result);
246
256
  } else {
247
257
  rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
248
258
  }
@@ -263,6 +273,7 @@ VALUE get_values(EVT_HANDLE handle)
263
273
  } else {
264
274
  result = wstr_to_mbstr(CP_UTF8, pRenderedValues[i].XmlVal, -1);
265
275
  rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
276
+ free_allocated_mbstr(result);
266
277
  }
267
278
  break;
268
279
  default:
@@ -272,70 +283,26 @@ VALUE get_values(EVT_HANDLE handle)
272
283
  }
273
284
 
274
285
  if (buffer)
275
- free(buffer);
286
+ xfree(buffer);
287
+
288
+ if (renderContext)
289
+ EvtClose(renderContext);
276
290
 
277
291
  return userValues;
278
292
  }
279
293
 
280
- char* get_description(EVT_HANDLE handle)
294
+ static WCHAR* get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
281
295
  {
282
- #define MAX_BUFFER 65535
283
- WCHAR buffer[4096], *msg = buffer;
284
- WCHAR descriptionBuffer[MAX_BUFFER];
285
- ULONG bufferSize = 0;
286
- ULONG bufferSizeNeeded = 0;
287
- ULONG status, count;
288
- char* result = "";
289
- LPTSTR msgBuf = "";
290
- EVT_HANDLE hMetadata = NULL;
291
- PEVT_VARIANT values = NULL;
296
+ #define BUFSIZE 4096
297
+ static WCHAR* result = L"";
298
+ ULONG status;
299
+ ULONG bufferSizeNeeded = 0;
292
300
  LPVOID lpMsgBuf;
301
+ WCHAR* prevBuffer;
302
+ WCHAR *message;
293
303
 
294
- static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
295
- EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
296
- if (renderContext == NULL) {
297
- rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
298
- }
299
-
300
- if (EvtRender(renderContext,
301
- handle,
302
- EvtRenderEventValues,
303
- _countof(buffer),
304
- buffer,
305
- &bufferSizeNeeded,
306
- &count) != FALSE) {
307
- status = ERROR_SUCCESS;
308
- } else {
309
- status = GetLastError();
310
- }
311
-
312
- if (status != ERROR_SUCCESS) {
313
- FormatMessage(
314
- FORMAT_MESSAGE_ALLOCATE_BUFFER |
315
- FORMAT_MESSAGE_FROM_SYSTEM |
316
- FORMAT_MESSAGE_IGNORE_INSERTS,
317
- NULL, status,
318
- MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
319
- msgBuf, 0, NULL);
320
-
321
- VALUE errmsg = rb_str_new2(msgBuf);
322
- LocalFree(msgBuf);
323
-
324
- rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
325
- }
326
-
327
- // Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
328
- values = (PEVT_VARIANT)buffer;
329
-
330
- // Open publisher metadata
331
- hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
332
- if (hMetadata == NULL) {
333
- // When winevt_c cannot open metadata, then give up to obtain
334
- // message file and clean up immediately.
335
- goto cleanup;
336
- }
337
-
338
- if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, 4096, buffer, &bufferSizeNeeded)) {
304
+ message = (WCHAR *)xmalloc(sizeof(WCHAR) * BUFSIZE);
305
+ if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, BUFSIZE, message, &bufferSizeNeeded)) {
339
306
  status = GetLastError();
340
307
 
341
308
  if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
@@ -361,7 +328,8 @@ char* get_description(EVT_HANDLE handle)
361
328
  MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
362
329
  (WCHAR *) &lpMsgBuf, 0, NULL);
363
330
 
364
- result = wstr_to_mbstr(CP_UTF8, (WCHAR *)lpMsgBuf, -1);
331
+ result = (WCHAR *)lpMsgBuf;
332
+ LocalFree(lpMsgBuf);
365
333
 
366
334
  goto cleanup;
367
335
  }
@@ -373,9 +341,10 @@ char* get_description(EVT_HANDLE handle)
373
341
  }
374
342
 
375
343
  if (status == ERROR_INSUFFICIENT_BUFFER) {
376
- msg = (WCHAR *)malloc(sizeof(WCHAR) * bufferSizeNeeded);
344
+ prevBuffer = message;
345
+ message = (WCHAR *)realloc(prevBuffer, sizeof(WCHAR) * bufferSizeNeeded);
377
346
 
378
- if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, msg, &bufferSizeNeeded)) {
347
+ if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, message, &bufferSizeNeeded)) {
379
348
  status = GetLastError();
380
349
 
381
350
  if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
@@ -401,7 +370,8 @@ char* get_description(EVT_HANDLE handle)
401
370
  MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
402
371
  (WCHAR *) &lpMsgBuf, 0, NULL);
403
372
 
404
- result = wstr_to_mbstr(CP_UTF8, (WCHAR *)lpMsgBuf, -1);
373
+ result = (WCHAR *)lpMsgBuf;
374
+ LocalFree(lpMsgBuf);
405
375
 
406
376
  goto cleanup;
407
377
  }
@@ -411,9 +381,78 @@ char* get_description(EVT_HANDLE handle)
411
381
  }
412
382
  }
413
383
  }
414
- result = wstr_to_mbstr(CP_UTF8, msg, -1);
415
384
 
416
- #undef MAX_BUFFER
385
+ result = message;
386
+
387
+ cleanup:
388
+
389
+ if (message)
390
+ xfree(message);
391
+
392
+ return result;
393
+
394
+ #undef BUFSIZE
395
+ }
396
+
397
+ WCHAR* get_description(EVT_HANDLE handle)
398
+ {
399
+ #define BUFSIZE 4096
400
+ WCHAR buffer[BUFSIZE];
401
+ ULONG bufferSize = 0;
402
+ ULONG bufferSizeNeeded = 0;
403
+ ULONG status, count;
404
+ static WCHAR *result = L"";
405
+ LPTSTR msgBuf = "";
406
+ EVT_HANDLE hMetadata = NULL;
407
+ PEVT_VARIANT values = NULL;
408
+
409
+ static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
410
+ EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
411
+ if (renderContext == NULL) {
412
+ rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
413
+ }
414
+
415
+ if (EvtRender(renderContext,
416
+ handle,
417
+ EvtRenderEventValues,
418
+ _countof(buffer),
419
+ buffer,
420
+ &bufferSizeNeeded,
421
+ &count) != FALSE) {
422
+ status = ERROR_SUCCESS;
423
+ } else {
424
+ status = GetLastError();
425
+ }
426
+
427
+ if (status != ERROR_SUCCESS) {
428
+ FormatMessage(
429
+ FORMAT_MESSAGE_ALLOCATE_BUFFER |
430
+ FORMAT_MESSAGE_FROM_SYSTEM |
431
+ FORMAT_MESSAGE_IGNORE_INSERTS,
432
+ NULL, status,
433
+ MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
434
+ msgBuf, 0, NULL);
435
+
436
+ VALUE errmsg = rb_str_new2(msgBuf);
437
+ LocalFree(msgBuf);
438
+
439
+ rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
440
+ }
441
+
442
+ // Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
443
+ values = (PEVT_VARIANT)buffer;
444
+
445
+ // Open publisher metadata
446
+ hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
447
+ if (hMetadata == NULL) {
448
+ // When winevt_c cannot open metadata, then give up to obtain
449
+ // message file and clean up immediately.
450
+ goto cleanup;
451
+ }
452
+
453
+ result = get_message(hMetadata, handle);
454
+
455
+ #undef BUFSIZE
417
456
 
418
457
  cleanup:
419
458
 
@@ -1,3 +1,3 @@
1
1
  module Winevt
2
- VERSION = "0.3.8"
2
+ VERSION = "0.4.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: winevt_c
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.8
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Hatake
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-06-27 00:00:00.000000000 Z
11
+ date: 2019-06-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler