winevt_c 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/winevt/extconf.rb +1 -0
- data/ext/winevt/winevt_bookmark.c +2 -0
- data/ext/winevt/winevt_c.h +8 -0
- data/ext/winevt/winevt_query.c +0 -1
- data/ext/winevt/winevt_subscribe.c +0 -1
- data/ext/winevt/{winevt_utils.c → winevt_utils.cpp} +43 -48
- data/lib/winevt/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0981a5360392cd5a0a16cda1d2f1bc88dd199ee2a3a1df9b5a58ad5aedacd9f0'
|
4
|
+
data.tar.gz: 93114a7d1062c2911ba1b59ae16b7d573c831eb56f14120f8faed963ec07ac25
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 03cdfea8f51c5aba392b12c710c7e6250a8eb860c4badaa5493d958768f2090a85da494c000a43cdd73c0ea1edd01d63fa539b93de4c87eb34305a5b1370a780
|
7
|
+
data.tar.gz: 99da720ae70548866887793bf225aa2ec09702924f92b7b3819afb81403079084c8bb1ac258b5fcf3a3303c9df9bf1d717a6fe306aa2b421d90dbed638b9dc2d
|
data/ext/winevt/extconf.rb
CHANGED
data/ext/winevt/winevt_c.h
CHANGED
@@ -21,12 +21,20 @@
|
|
21
21
|
#define EventBookMark(object) ((struct WinevtBookmark *)DATA_PTR(object))
|
22
22
|
#define EventChannel(object) ((struct WinevtChannel *)DATA_PTR(object))
|
23
23
|
|
24
|
+
#ifdef __cplusplus
|
25
|
+
extern "C" {
|
26
|
+
#endif /* __cplusplus */
|
27
|
+
|
24
28
|
char* wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen);
|
25
29
|
void free_allocated_mbstr(const char* str);
|
26
30
|
WCHAR* render_event(EVT_HANDLE handle, DWORD flags);
|
27
31
|
WCHAR* get_description(EVT_HANDLE handle);
|
28
32
|
VALUE get_values(EVT_HANDLE handle);
|
29
33
|
|
34
|
+
#ifdef __cplusplus
|
35
|
+
}
|
36
|
+
#endif /* __cplusplus */
|
37
|
+
|
30
38
|
VALUE rb_cQuery;
|
31
39
|
VALUE rb_cChannel;
|
32
40
|
VALUE rb_cBookmark;
|
data/ext/winevt/winevt_query.c
CHANGED
@@ -78,7 +78,6 @@ rb_winevt_subscribe_subscribe(int argc, VALUE *argv, VALUE self)
|
|
78
78
|
VALUE wpathBuf, wqueryBuf;
|
79
79
|
PWSTR path, query;
|
80
80
|
DWORD status = ERROR_SUCCESS;
|
81
|
-
struct WinevtBookmark *winevtBookmark;
|
82
81
|
struct WinevtSubscribe *winevtSubscribe;
|
83
82
|
|
84
83
|
hSignalEvent = CreateEvent(NULL, FALSE, FALSE, NULL);
|
@@ -1,13 +1,14 @@
|
|
1
1
|
#include <winevt_c.h>
|
2
2
|
#include <sddl.h>
|
3
3
|
#include <stdlib.h>
|
4
|
+
#include <string>
|
4
5
|
|
5
6
|
char*
|
6
7
|
wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen)
|
7
8
|
{
|
8
9
|
char *ptr;
|
9
10
|
int len = WideCharToMultiByte(cp, 0, wstr, clen, NULL, 0, NULL, NULL);
|
10
|
-
if (!(ptr = xmalloc(len))) return 0;
|
11
|
+
if (!(ptr = static_cast<char *>(xmalloc(len)))) return 0;
|
11
12
|
WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, NULL, NULL);
|
12
13
|
|
13
14
|
return ptr;
|
@@ -25,14 +26,14 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
25
26
|
ULONG bufferSize = 0;
|
26
27
|
ULONG bufferSizeNeeded = 0;
|
27
28
|
ULONG status, count;
|
28
|
-
static WCHAR* result
|
29
|
+
static WCHAR* result;
|
29
30
|
LPTSTR msgBuf;
|
30
31
|
|
31
32
|
do {
|
32
33
|
if (bufferSizeNeeded > bufferSize) {
|
33
34
|
free(buffer);
|
34
35
|
bufferSize = bufferSizeNeeded;
|
35
|
-
buffer = xmalloc(bufferSize);
|
36
|
+
buffer = static_cast<WCHAR *>(xmalloc(bufferSize));
|
36
37
|
if (buffer == NULL) {
|
37
38
|
status = ERROR_OUTOFMEMORY;
|
38
39
|
bufferSize = 0;
|
@@ -77,13 +78,23 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
77
78
|
return result;
|
78
79
|
}
|
79
80
|
|
81
|
+
static std::wstring guid_to_wstr(const GUID& guid) {
|
82
|
+
LPOLESTR p = NULL;
|
83
|
+
if (FAILED(StringFromCLSID(guid, &p))) {
|
84
|
+
return NULL;
|
85
|
+
}
|
86
|
+
std::wstring s(p);
|
87
|
+
CoTaskMemFree(p);
|
88
|
+
return s;
|
89
|
+
}
|
90
|
+
|
80
91
|
VALUE get_values(EVT_HANDLE handle)
|
81
92
|
{
|
82
|
-
|
93
|
+
std::wstring buffer;
|
83
94
|
ULONG bufferSize = 0;
|
84
95
|
ULONG bufferSizeNeeded = 0;
|
85
96
|
DWORD status, propCount = 0;
|
86
|
-
char *result
|
97
|
+
char *result;
|
87
98
|
LPTSTR msgBuf;
|
88
99
|
WCHAR* tmpWChar = NULL;
|
89
100
|
VALUE userValues = rb_ary_new();
|
@@ -96,10 +107,9 @@ VALUE get_values(EVT_HANDLE handle)
|
|
96
107
|
|
97
108
|
do {
|
98
109
|
if (bufferSizeNeeded > bufferSize) {
|
99
|
-
free(buffer);
|
100
110
|
bufferSize = bufferSizeNeeded;
|
101
|
-
buffer
|
102
|
-
if (buffer == NULL) {
|
111
|
+
buffer.resize(bufferSize);
|
112
|
+
if (buffer.c_str() == NULL) {
|
103
113
|
status = ERROR_OUTOFMEMORY;
|
104
114
|
bufferSize = 0;
|
105
115
|
rb_raise(rb_eWinevtQueryError, "Out of memory");
|
@@ -110,8 +120,8 @@ VALUE get_values(EVT_HANDLE handle)
|
|
110
120
|
if (EvtRender(renderContext,
|
111
121
|
handle,
|
112
122
|
EvtRenderEventValues,
|
113
|
-
|
114
|
-
buffer,
|
123
|
+
buffer.size(),
|
124
|
+
&buffer[0],
|
115
125
|
&bufferSizeNeeded,
|
116
126
|
&propCount) != FALSE) {
|
117
127
|
status = ERROR_SUCCESS;
|
@@ -135,7 +145,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
135
145
|
rb_raise(rb_eWinevtQueryError, "ErrorCode: %d\nError: %s\n", status, RSTRING_PTR(errmsg));
|
136
146
|
}
|
137
147
|
|
138
|
-
PEVT_VARIANT pRenderedValues = (PEVT_VARIANT)buffer;
|
148
|
+
PEVT_VARIANT pRenderedValues = (PEVT_VARIANT)buffer.c_str();
|
139
149
|
LARGE_INTEGER timestamp;
|
140
150
|
SYSTEMTIME st;
|
141
151
|
FILETIME ft;
|
@@ -205,16 +215,16 @@ VALUE get_values(EVT_HANDLE handle)
|
|
205
215
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
206
216
|
break;
|
207
217
|
case EvtVarTypeBoolean:
|
208
|
-
result = pRenderedValues[i].BooleanVal ? "true" : "false";
|
218
|
+
result = const_cast<char *>(pRenderedValues[i].BooleanVal ? "true" : "false");
|
209
219
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
210
220
|
break;
|
211
221
|
case EvtVarTypeGuid:
|
212
222
|
if (pRenderedValues[i].GuidVal != NULL) {
|
213
|
-
|
214
|
-
|
223
|
+
const GUID guid = *pRenderedValues[i].GuidVal;
|
224
|
+
std::wstring wstr = guid_to_wstr(guid);
|
225
|
+
result = wstr_to_mbstr(CP_UTF8, wstr.c_str(), -1);
|
215
226
|
rb_ary_push(userValues, rb_utf8_str_new_cstr(result));
|
216
227
|
free_allocated_mbstr(result);
|
217
|
-
CoTaskMemFree(tmpWChar);
|
218
228
|
} else {
|
219
229
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
220
230
|
}
|
@@ -284,28 +294,22 @@ VALUE get_values(EVT_HANDLE handle)
|
|
284
294
|
}
|
285
295
|
}
|
286
296
|
|
287
|
-
if (buffer)
|
288
|
-
xfree(buffer);
|
289
|
-
|
290
297
|
if (renderContext)
|
291
298
|
EvtClose(renderContext);
|
292
299
|
|
293
300
|
return userValues;
|
294
301
|
}
|
295
302
|
|
296
|
-
static
|
303
|
+
static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
297
304
|
{
|
298
305
|
#define BUFSIZE 4096
|
299
|
-
|
306
|
+
std::wstring result;
|
300
307
|
ULONG status;
|
301
308
|
ULONG bufferSizeNeeded = 0;
|
302
309
|
LPVOID lpMsgBuf;
|
303
|
-
|
304
|
-
WCHAR *message;
|
305
|
-
WCHAR *reallocatedMessage;
|
310
|
+
std::wstring message(BUFSIZE, '\0');
|
306
311
|
|
307
|
-
|
308
|
-
if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, BUFSIZE, message, &bufferSizeNeeded)) {
|
312
|
+
if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, message.size(), &message[0], &bufferSizeNeeded)) {
|
309
313
|
status = GetLastError();
|
310
314
|
|
311
315
|
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
@@ -331,7 +335,7 @@ static WCHAR* get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
331
335
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
332
336
|
(WCHAR *) &lpMsgBuf, 0, NULL);
|
333
337
|
|
334
|
-
result =
|
338
|
+
result = (WCHAR *)lpMsgBuf;
|
335
339
|
LocalFree(lpMsgBuf);
|
336
340
|
|
337
341
|
goto cleanup;
|
@@ -344,14 +348,9 @@ static WCHAR* get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
344
348
|
}
|
345
349
|
|
346
350
|
if (status == ERROR_INSUFFICIENT_BUFFER) {
|
347
|
-
|
348
|
-
reallocatedMessage = (WCHAR *)realloc(prevBuffer, sizeof(WCHAR) * bufferSizeNeeded);
|
349
|
-
if (reallocatedMessage == NULL) {
|
350
|
-
rb_raise(rb_eWinevtQueryError, "Reallocation failed.");
|
351
|
-
}
|
352
|
-
message = reallocatedMessage;
|
351
|
+
message.resize(bufferSizeNeeded);
|
353
352
|
|
354
|
-
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent,
|
353
|
+
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, message.size(), &message[0], &bufferSizeNeeded)) {
|
355
354
|
status = GetLastError();
|
356
355
|
|
357
356
|
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
@@ -377,7 +376,7 @@ static WCHAR* get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
377
376
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
378
377
|
(WCHAR *) &lpMsgBuf, 0, NULL);
|
379
378
|
|
380
|
-
result =
|
379
|
+
result = (WCHAR *)lpMsgBuf;
|
381
380
|
LocalFree(lpMsgBuf);
|
382
381
|
|
383
382
|
goto cleanup;
|
@@ -389,14 +388,11 @@ static WCHAR* get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
389
388
|
}
|
390
389
|
}
|
391
390
|
|
392
|
-
result =
|
391
|
+
result = message;
|
393
392
|
|
394
393
|
cleanup:
|
395
394
|
|
396
|
-
|
397
|
-
xfree(message);
|
398
|
-
|
399
|
-
return result;
|
395
|
+
return std::wstring(result);
|
400
396
|
|
401
397
|
#undef BUFSIZE
|
402
398
|
}
|
@@ -404,14 +400,13 @@ cleanup:
|
|
404
400
|
WCHAR* get_description(EVT_HANDLE handle)
|
405
401
|
{
|
406
402
|
#define BUFSIZE 4096
|
407
|
-
|
403
|
+
std::wstring buffer(BUFSIZE, '\0');
|
408
404
|
ULONG bufferSize = 0;
|
409
405
|
ULONG bufferSizeNeeded = 0;
|
410
406
|
ULONG status, count;
|
411
|
-
|
412
|
-
LPTSTR msgBuf
|
407
|
+
std::wstring result;
|
408
|
+
LPTSTR msgBuf;
|
413
409
|
EVT_HANDLE hMetadata = NULL;
|
414
|
-
PEVT_VARIANT values = NULL;
|
415
410
|
|
416
411
|
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
|
417
412
|
EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
|
@@ -422,8 +417,8 @@ WCHAR* get_description(EVT_HANDLE handle)
|
|
422
417
|
if (EvtRender(renderContext,
|
423
418
|
handle,
|
424
419
|
EvtRenderEventValues,
|
425
|
-
|
426
|
-
buffer,
|
420
|
+
buffer.size(),
|
421
|
+
&buffer[0],
|
427
422
|
&bufferSizeNeeded,
|
428
423
|
&count) != FALSE) {
|
429
424
|
status = ERROR_SUCCESS;
|
@@ -447,7 +442,7 @@ WCHAR* get_description(EVT_HANDLE handle)
|
|
447
442
|
}
|
448
443
|
|
449
444
|
// Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
|
450
|
-
values = (
|
445
|
+
const PEVT_VARIANT values = reinterpret_cast<PEVT_VARIANT>(const_cast<WCHAR *>(buffer.c_str()));
|
451
446
|
|
452
447
|
// Open publisher metadata
|
453
448
|
hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
@@ -457,7 +452,7 @@ WCHAR* get_description(EVT_HANDLE handle)
|
|
457
452
|
goto cleanup;
|
458
453
|
}
|
459
454
|
|
460
|
-
result =
|
455
|
+
result = get_message(hMetadata, handle);
|
461
456
|
|
462
457
|
#undef BUFSIZE
|
463
458
|
|
@@ -469,5 +464,5 @@ cleanup:
|
|
469
464
|
if (hMetadata)
|
470
465
|
EvtClose(hMetadata);
|
471
466
|
|
472
|
-
return result;
|
467
|
+
return const_cast<WCHAR *>(result.c_str());
|
473
468
|
}
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: winevt_c
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hiroshi Hatake
|
@@ -112,7 +112,7 @@ files:
|
|
112
112
|
- ext/winevt/winevt_channel.c
|
113
113
|
- ext/winevt/winevt_query.c
|
114
114
|
- ext/winevt/winevt_subscribe.c
|
115
|
-
- ext/winevt/winevt_utils.
|
115
|
+
- ext/winevt/winevt_utils.cpp
|
116
116
|
- lib/winevt.rb
|
117
117
|
- lib/winevt/query.rb
|
118
118
|
- lib/winevt/subscribe.rb
|