winevt_c 0.4.7.rc2 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/example/tailing.rb +1 -0
- data/ext/winevt/winevt_channel.c +12 -2
- data/ext/winevt/winevt_query.c +33 -5
- data/ext/winevt/winevt_subscribe.c +36 -4
- data/ext/winevt/winevt_utils.cpp +47 -38
- data/lib/winevt/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c5fe0d33a16157b78dd2d2dba8f35aab97d17fd4a331dcbcca982dd1b19bf6c
|
|
4
|
+
data.tar.gz: 9a54b57a79cce2295c03b640d66f09bca1f862b8514e9eebd4e0ec424ad1a134
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0cdf4bcb81c5cd0cbd3c26a552e9310cb14cc528daa22d0216ad9af86e65978f9757267677b7a399754cc1f6e490df84616fb1af943ad8494239efc25a4c5bcb
|
|
7
|
+
data.tar.gz: f10753a472d9306ec0ac217e5186787382d33921809a7d48cc3cf0a99abe7dacab2c1b784a2bcc6444fc42a51f7d8c6c51fc81648e2adb71e5ac6cd3059e0999
|
data/example/tailing.rb
CHANGED
data/ext/winevt/winevt_channel.c
CHANGED
|
@@ -71,16 +71,20 @@ rb_winevt_channel_each(VALUE self)
|
|
|
71
71
|
break;
|
|
72
72
|
} else if (ERROR_INSUFFICIENT_BUFFER == status) {
|
|
73
73
|
bufferSize = bufferUsed;
|
|
74
|
-
temp = (LPWSTR)
|
|
74
|
+
temp = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
|
|
75
75
|
if (temp) {
|
|
76
76
|
buffer = temp;
|
|
77
77
|
temp = NULL;
|
|
78
|
-
|
|
78
|
+
continue;
|
|
79
79
|
} else {
|
|
80
|
+
free(buffer);
|
|
81
|
+
EvtClose(winevtChannel->channels);
|
|
80
82
|
status = ERROR_OUTOFMEMORY;
|
|
81
83
|
rb_raise(rb_eRuntimeError, "realloc failed");
|
|
82
84
|
}
|
|
83
85
|
} else {
|
|
86
|
+
free(buffer);
|
|
87
|
+
EvtClose(winevtChannel->channels);
|
|
84
88
|
_snprintf_s(errBuf, 256, _TRUNCATE, "EvtNextChannelPath failed with %lu.\n", status);
|
|
85
89
|
rb_raise(rb_eRuntimeError, errBuf);
|
|
86
90
|
}
|
|
@@ -91,6 +95,12 @@ rb_winevt_channel_each(VALUE self)
|
|
|
91
95
|
rb_yield(utf8str);
|
|
92
96
|
}
|
|
93
97
|
|
|
98
|
+
if (winevtChannel->channels)
|
|
99
|
+
EvtClose(winevtChannel->channels);
|
|
100
|
+
|
|
101
|
+
if (buffer)
|
|
102
|
+
free(buffer);
|
|
103
|
+
|
|
94
104
|
return Qnil;
|
|
95
105
|
}
|
|
96
106
|
|
data/ext/winevt/winevt_query.c
CHANGED
|
@@ -229,7 +229,21 @@ rb_winevt_query_seek(VALUE self, VALUE bookmark_or_flag)
|
|
|
229
229
|
}
|
|
230
230
|
|
|
231
231
|
static VALUE
|
|
232
|
-
|
|
232
|
+
rb_winevt_query_close_handle(VALUE self)
|
|
233
|
+
{
|
|
234
|
+
struct WinevtQuery *winevtQuery;
|
|
235
|
+
|
|
236
|
+
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
237
|
+
|
|
238
|
+
if (winevtQuery->event != NULL) {
|
|
239
|
+
EvtClose(winevtQuery->event);
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
return Qnil;
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
static VALUE
|
|
246
|
+
rb_winevt_query_each_yield(VALUE self)
|
|
233
247
|
{
|
|
234
248
|
struct WinevtQuery *winevtQuery;
|
|
235
249
|
|
|
@@ -237,11 +251,24 @@ rb_winevt_query_each(VALUE self)
|
|
|
237
251
|
|
|
238
252
|
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
239
253
|
|
|
254
|
+
rb_yield_values(3,
|
|
255
|
+
rb_winevt_query_render(self),
|
|
256
|
+
rb_winevt_query_message(self),
|
|
257
|
+
rb_winevt_query_string_inserts(self));
|
|
258
|
+
|
|
259
|
+
return Qnil;
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
static VALUE
|
|
263
|
+
rb_winevt_query_each(VALUE self)
|
|
264
|
+
{
|
|
265
|
+
struct WinevtQuery *winevtQuery;
|
|
266
|
+
|
|
267
|
+
RETURN_ENUMERATOR(self, 0, 0);
|
|
268
|
+
|
|
269
|
+
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
240
270
|
while (rb_winevt_query_next(self)) {
|
|
241
|
-
|
|
242
|
-
rb_winevt_query_render(self),
|
|
243
|
-
rb_winevt_query_message(self),
|
|
244
|
-
rb_winevt_query_string_inserts(self));
|
|
271
|
+
rb_ensure(rb_winevt_query_each_yield, self, rb_winevt_query_close_handle, self);
|
|
245
272
|
}
|
|
246
273
|
|
|
247
274
|
return Qnil;
|
|
@@ -262,5 +289,6 @@ void Init_winevt_query(VALUE rb_cEventLog)
|
|
|
262
289
|
rb_define_method(rb_cQuery, "offset=", rb_winevt_query_set_offset, 1);
|
|
263
290
|
rb_define_method(rb_cQuery, "timeout", rb_winevt_query_get_timeout, 0);
|
|
264
291
|
rb_define_method(rb_cQuery, "timeout=", rb_winevt_query_set_timeout, 1);
|
|
292
|
+
rb_define_method(rb_cQuery, "close_handle", rb_winevt_query_close_handle, 0);
|
|
265
293
|
rb_define_method(rb_cQuery, "each", rb_winevt_query_each, 0);
|
|
266
294
|
}
|
|
@@ -114,6 +114,9 @@ rb_winevt_subscribe_subscribe(int argc, VALUE *argv, VALUE self)
|
|
|
114
114
|
|
|
115
115
|
hSubscription = EvtSubscribe(NULL, hSignalEvent, path, query, hBookmark, NULL, NULL, flags);
|
|
116
116
|
|
|
117
|
+
ALLOCV_END(wpathBuf);
|
|
118
|
+
ALLOCV_END(wqueryBuf);
|
|
119
|
+
|
|
117
120
|
winevtSubscribe->signalEvent = hSignalEvent;
|
|
118
121
|
winevtSubscribe->subscription = hSubscription;
|
|
119
122
|
if (hBookmark) {
|
|
@@ -192,6 +195,37 @@ rb_winevt_subscribe_string_inserts(VALUE self)
|
|
|
192
195
|
return get_values(winevtSubscribe->event);
|
|
193
196
|
}
|
|
194
197
|
|
|
198
|
+
static VALUE
|
|
199
|
+
rb_winevt_subscribe_close_handle(VALUE self)
|
|
200
|
+
{
|
|
201
|
+
struct WinevtSubscribe *winevtSubscribe;
|
|
202
|
+
|
|
203
|
+
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
204
|
+
|
|
205
|
+
if (winevtSubscribe->event != NULL) {
|
|
206
|
+
EvtClose(winevtSubscribe->event);
|
|
207
|
+
}
|
|
208
|
+
|
|
209
|
+
return Qnil;
|
|
210
|
+
}
|
|
211
|
+
|
|
212
|
+
static VALUE
|
|
213
|
+
rb_winevt_subscribe_each_yield(VALUE self)
|
|
214
|
+
{
|
|
215
|
+
struct WinevtSubscribe *winevtSubscribe;
|
|
216
|
+
|
|
217
|
+
RETURN_ENUMERATOR(self, 0, 0);
|
|
218
|
+
|
|
219
|
+
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
220
|
+
|
|
221
|
+
rb_yield_values(3,
|
|
222
|
+
rb_winevt_subscribe_render(self),
|
|
223
|
+
rb_winevt_subscribe_message(self),
|
|
224
|
+
rb_winevt_subscribe_string_inserts(self));
|
|
225
|
+
|
|
226
|
+
return Qnil;
|
|
227
|
+
}
|
|
228
|
+
|
|
195
229
|
static VALUE
|
|
196
230
|
rb_winevt_subscribe_each(VALUE self)
|
|
197
231
|
{
|
|
@@ -202,10 +236,7 @@ rb_winevt_subscribe_each(VALUE self)
|
|
|
202
236
|
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
203
237
|
|
|
204
238
|
while (rb_winevt_subscribe_next(self)) {
|
|
205
|
-
|
|
206
|
-
rb_winevt_subscribe_render(self),
|
|
207
|
-
rb_winevt_subscribe_message(self),
|
|
208
|
-
rb_winevt_subscribe_string_inserts(self));
|
|
239
|
+
rb_ensure(rb_winevt_subscribe_each_yield, self, rb_winevt_subscribe_close_handle, self);
|
|
209
240
|
}
|
|
210
241
|
|
|
211
242
|
return Qnil;
|
|
@@ -238,6 +269,7 @@ void Init_winevt_subscribe(VALUE rb_cEventLog)
|
|
|
238
269
|
rb_define_method(rb_cSubscribe, "message", rb_winevt_subscribe_message, 0);
|
|
239
270
|
rb_define_method(rb_cSubscribe, "string_inserts", rb_winevt_subscribe_string_inserts, 0);
|
|
240
271
|
rb_define_method(rb_cSubscribe, "each", rb_winevt_subscribe_each, 0);
|
|
272
|
+
rb_define_method(rb_cSubscribe, "close_handle", rb_winevt_subscribe_close_handle, 0);
|
|
241
273
|
rb_define_method(rb_cSubscribe, "bookmark", rb_winevt_subscribe_get_bookmark, 0);
|
|
242
274
|
rb_define_method(rb_cSubscribe, "tail?", rb_winevt_subscribe_tail_p, 0);
|
|
243
275
|
rb_define_method(rb_cSubscribe, "tail=", rb_winevt_subscribe_set_tail, 1);
|
data/ext/winevt/winevt_utils.cpp
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#include <sddl.h>
|
|
3
3
|
#include <stdlib.h>
|
|
4
4
|
#include <string>
|
|
5
|
-
#include <
|
|
5
|
+
#include <vector>
|
|
6
6
|
|
|
7
7
|
char*
|
|
8
8
|
wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen)
|
|
@@ -24,17 +24,20 @@ void free_allocated_mbstr(const char* str)
|
|
|
24
24
|
VALUE
|
|
25
25
|
wstr_to_rb_str(UINT cp, const WCHAR *wstr, int clen)
|
|
26
26
|
{
|
|
27
|
+
VALUE vstr;
|
|
28
|
+
CHAR *ptr;
|
|
27
29
|
int len = WideCharToMultiByte(cp, 0, wstr, clen, nullptr, 0, nullptr, nullptr);
|
|
28
|
-
|
|
29
|
-
WideCharToMultiByte(cp, 0, wstr, clen, ptr
|
|
30
|
-
VALUE str = rb_utf8_str_new_cstr(ptr
|
|
30
|
+
ptr = (CHAR*)ALLOCV_N(CHAR, vstr, len);
|
|
31
|
+
WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, nullptr, nullptr);
|
|
32
|
+
VALUE str = rb_utf8_str_new_cstr(ptr);
|
|
33
|
+
ALLOCV_END(vstr);
|
|
31
34
|
|
|
32
35
|
return str;
|
|
33
36
|
}
|
|
34
37
|
|
|
35
38
|
WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
36
39
|
{
|
|
37
|
-
std::
|
|
40
|
+
std::vector<WCHAR> buffer(1);
|
|
38
41
|
ULONG bufferSize = 0;
|
|
39
42
|
ULONG bufferSizeNeeded = 0;
|
|
40
43
|
ULONG status, count;
|
|
@@ -44,8 +47,10 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
|
44
47
|
do {
|
|
45
48
|
if (bufferSizeNeeded > bufferSize) {
|
|
46
49
|
bufferSize = bufferSizeNeeded;
|
|
47
|
-
|
|
48
|
-
|
|
50
|
+
try {
|
|
51
|
+
buffer.resize(bufferSize);
|
|
52
|
+
buffer.shrink_to_fit();
|
|
53
|
+
} catch (std::bad_alloc e) {
|
|
49
54
|
status = ERROR_OUTOFMEMORY;
|
|
50
55
|
bufferSize = 0;
|
|
51
56
|
rb_raise(rb_eWinevtQueryError, "Out of memory");
|
|
@@ -56,8 +61,8 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
|
56
61
|
if (EvtRender(nullptr,
|
|
57
62
|
handle,
|
|
58
63
|
flags,
|
|
59
|
-
|
|
60
|
-
buffer.
|
|
64
|
+
buffer.size(),
|
|
65
|
+
&buffer.front(),
|
|
61
66
|
&bufferSizeNeeded,
|
|
62
67
|
&count) != FALSE) {
|
|
63
68
|
status = ERROR_SUCCESS;
|
|
@@ -81,7 +86,7 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
|
81
86
|
rb_raise(rb_eWinevtQueryError, "ErrorCode: %ld\nError: %s\n", status, RSTRING_PTR(errmsg));
|
|
82
87
|
}
|
|
83
88
|
|
|
84
|
-
result = _wcsdup(buffer.
|
|
89
|
+
result = _wcsdup(&buffer.front());
|
|
85
90
|
|
|
86
91
|
return result;
|
|
87
92
|
}
|
|
@@ -98,7 +103,7 @@ static std::wstring guid_to_wstr(const GUID& guid) {
|
|
|
98
103
|
|
|
99
104
|
VALUE get_values(EVT_HANDLE handle)
|
|
100
105
|
{
|
|
101
|
-
std::
|
|
106
|
+
std::vector<WCHAR> buffer;
|
|
102
107
|
ULONG bufferSize = 0;
|
|
103
108
|
ULONG bufferSizeNeeded = 0;
|
|
104
109
|
DWORD status, propCount = 0;
|
|
@@ -118,6 +123,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
118
123
|
bufferSize = bufferSizeNeeded;
|
|
119
124
|
try {
|
|
120
125
|
buffer.resize(bufferSize);
|
|
126
|
+
buffer.shrink_to_fit();
|
|
121
127
|
} catch (std::bad_alloc e) {
|
|
122
128
|
status = ERROR_OUTOFMEMORY;
|
|
123
129
|
bufferSize = 0;
|
|
@@ -130,7 +136,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
130
136
|
handle,
|
|
131
137
|
EvtRenderEventValues,
|
|
132
138
|
buffer.size(),
|
|
133
|
-
&buffer
|
|
139
|
+
&buffer.front(),
|
|
134
140
|
&bufferSizeNeeded,
|
|
135
141
|
&propCount) != FALSE) {
|
|
136
142
|
status = ERROR_SUCCESS;
|
|
@@ -154,12 +160,12 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
154
160
|
rb_raise(rb_eWinevtQueryError, "ErrorCode: %lu\nError: %s\n", status, RSTRING_PTR(errmsg));
|
|
155
161
|
}
|
|
156
162
|
|
|
157
|
-
PEVT_VARIANT pRenderedValues = reinterpret_cast<PEVT_VARIANT>(
|
|
163
|
+
PEVT_VARIANT pRenderedValues = reinterpret_cast<PEVT_VARIANT>(&buffer.front());
|
|
158
164
|
LARGE_INTEGER timestamp;
|
|
159
165
|
SYSTEMTIME st;
|
|
160
166
|
FILETIME ft;
|
|
161
|
-
CHAR strTime
|
|
162
|
-
std::
|
|
167
|
+
std::vector<CHAR> strTime(128);
|
|
168
|
+
std::vector<CHAR> sResult(256);
|
|
163
169
|
VALUE rbObj;
|
|
164
170
|
|
|
165
171
|
for (int i = 0; i < propCount; i++) {
|
|
@@ -172,7 +178,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
172
178
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
|
|
173
179
|
} else {
|
|
174
180
|
std::wstring wStr(pRenderedValues[i].StringVal);
|
|
175
|
-
rbObj = wstr_to_rb_str(CP_UTF8, wStr
|
|
181
|
+
rbObj = wstr_to_rb_str(CP_UTF8, &wStr[0], -1);
|
|
176
182
|
rb_ary_push(userValues, rbObj);
|
|
177
183
|
}
|
|
178
184
|
break;
|
|
@@ -216,16 +222,16 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
216
222
|
rb_ary_push(userValues, rbObj);
|
|
217
223
|
break;
|
|
218
224
|
case EvtVarTypeSingle:
|
|
219
|
-
_snprintf_s(sResult.
|
|
220
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(sResult.
|
|
225
|
+
_snprintf_s(&sResult.front(), sResult.size(), _TRUNCATE, "%f", pRenderedValues[i].SingleVal);
|
|
226
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&sResult.front()));
|
|
221
227
|
break;
|
|
222
228
|
case EvtVarTypeDouble:
|
|
223
|
-
_snprintf_s(sResult.
|
|
224
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(sResult.
|
|
229
|
+
_snprintf_s(&sResult.front(), sResult.size(), _TRUNCATE, "%lf", pRenderedValues[i].DoubleVal);
|
|
230
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&sResult.front()));
|
|
225
231
|
break;
|
|
226
232
|
case EvtVarTypeBoolean:
|
|
227
|
-
|
|
228
|
-
rb_ary_push(userValues,
|
|
233
|
+
rbObj = pRenderedValues[i].BooleanVal ? Qtrue : Qfalse;
|
|
234
|
+
rb_ary_push(userValues, rbObj);
|
|
229
235
|
break;
|
|
230
236
|
case EvtVarTypeGuid:
|
|
231
237
|
if (pRenderedValues[i].GuidVal != nullptr) {
|
|
@@ -246,11 +252,11 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
246
252
|
ft.dwHighDateTime = timestamp.HighPart;
|
|
247
253
|
ft.dwLowDateTime = timestamp.LowPart;
|
|
248
254
|
if (FileTimeToSystemTime( &ft, &st )) {
|
|
249
|
-
_snprintf_s(strTime,
|
|
255
|
+
_snprintf_s(&strTime.front(), strTime.size(), _TRUNCATE, "%04d-%02d-%02d %02d:%02d:%02d.%dZ",
|
|
250
256
|
st.wYear , st.wMonth , st.wDay ,
|
|
251
257
|
st.wHour , st.wMinute , st.wSecond,
|
|
252
258
|
st.wMilliseconds);
|
|
253
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(strTime));
|
|
259
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&strTime.front()));
|
|
254
260
|
} else {
|
|
255
261
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
|
256
262
|
}
|
|
@@ -258,11 +264,11 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
258
264
|
case EvtVarTypeSysTime:
|
|
259
265
|
if (pRenderedValues[i].SysTimeVal != nullptr) {
|
|
260
266
|
st = *pRenderedValues[i].SysTimeVal;
|
|
261
|
-
_snprintf_s(strTime,
|
|
267
|
+
_snprintf_s(&strTime.front(), strTime.size(), _TRUNCATE, "%04d-%02d-%02d %02d:%02d:%02d.%dZ",
|
|
262
268
|
st.wYear , st.wMonth , st.wDay ,
|
|
263
269
|
st.wHour , st.wMinute , st.wSecond,
|
|
264
270
|
st.wMilliseconds);
|
|
265
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(strTime));
|
|
271
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&strTime.front()));
|
|
266
272
|
} else {
|
|
267
273
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
|
268
274
|
}
|
|
@@ -306,14 +312,14 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
306
312
|
return userValues;
|
|
307
313
|
}
|
|
308
314
|
|
|
309
|
-
static std::
|
|
315
|
+
static std::vector<WCHAR> get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
310
316
|
{
|
|
311
317
|
#define BUFSIZE 4096
|
|
312
|
-
std::
|
|
318
|
+
std::vector<WCHAR> result;
|
|
313
319
|
ULONG status;
|
|
314
320
|
ULONG bufferSizeNeeded = 0;
|
|
315
321
|
LPVOID lpMsgBuf;
|
|
316
|
-
std::
|
|
322
|
+
std::vector<WCHAR> message(BUFSIZE);
|
|
317
323
|
|
|
318
324
|
if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, nullptr, EvtFormatMessageEvent, message.size(), &message[0], &bufferSizeNeeded)) {
|
|
319
325
|
status = GetLastError();
|
|
@@ -341,7 +347,8 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
341
347
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
|
342
348
|
reinterpret_cast<WCHAR *>(&lpMsgBuf), 0, nullptr);
|
|
343
349
|
|
|
344
|
-
|
|
350
|
+
std::wstring ret(reinterpret_cast<WCHAR *>(lpMsgBuf));
|
|
351
|
+
std::copy( ret.begin(), ret.end(), std::back_inserter(result));
|
|
345
352
|
LocalFree(lpMsgBuf);
|
|
346
353
|
|
|
347
354
|
goto cleanup;
|
|
@@ -355,8 +362,9 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
355
362
|
|
|
356
363
|
if (status == ERROR_INSUFFICIENT_BUFFER) {
|
|
357
364
|
message.resize(bufferSizeNeeded);
|
|
365
|
+
message.shrink_to_fit();
|
|
358
366
|
|
|
359
|
-
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, nullptr, EvtFormatMessageEvent, message.size(), &message
|
|
367
|
+
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, nullptr, EvtFormatMessageEvent, message.size(), &message.front(), &bufferSizeNeeded)) {
|
|
360
368
|
status = GetLastError();
|
|
361
369
|
|
|
362
370
|
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
|
@@ -382,7 +390,8 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
382
390
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
|
383
391
|
reinterpret_cast<WCHAR *>(&lpMsgBuf), 0, nullptr);
|
|
384
392
|
|
|
385
|
-
|
|
393
|
+
std::wstring ret(reinterpret_cast<WCHAR *>(lpMsgBuf));
|
|
394
|
+
std::copy( ret.begin(), ret.end(), std::back_inserter(result));
|
|
386
395
|
LocalFree(lpMsgBuf);
|
|
387
396
|
|
|
388
397
|
goto cleanup;
|
|
@@ -398,7 +407,7 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
398
407
|
|
|
399
408
|
cleanup:
|
|
400
409
|
|
|
401
|
-
return
|
|
410
|
+
return result;
|
|
402
411
|
|
|
403
412
|
#undef BUFSIZE
|
|
404
413
|
}
|
|
@@ -406,11 +415,11 @@ cleanup:
|
|
|
406
415
|
WCHAR* get_description(EVT_HANDLE handle)
|
|
407
416
|
{
|
|
408
417
|
#define BUFSIZE 4096
|
|
409
|
-
std::
|
|
418
|
+
std::vector<WCHAR> buffer(BUFSIZE);
|
|
410
419
|
ULONG bufferSize = 0;
|
|
411
420
|
ULONG bufferSizeNeeded = 0;
|
|
412
421
|
ULONG status, count;
|
|
413
|
-
std::
|
|
422
|
+
std::vector<WCHAR> result;
|
|
414
423
|
LPTSTR msgBuf;
|
|
415
424
|
EVT_HANDLE hMetadata = nullptr;
|
|
416
425
|
|
|
@@ -424,7 +433,7 @@ WCHAR* get_description(EVT_HANDLE handle)
|
|
|
424
433
|
handle,
|
|
425
434
|
EvtRenderEventValues,
|
|
426
435
|
buffer.size(),
|
|
427
|
-
&buffer
|
|
436
|
+
&buffer.front(),
|
|
428
437
|
&bufferSizeNeeded,
|
|
429
438
|
&count) != FALSE) {
|
|
430
439
|
status = ERROR_SUCCESS;
|
|
@@ -448,7 +457,7 @@ WCHAR* get_description(EVT_HANDLE handle)
|
|
|
448
457
|
}
|
|
449
458
|
|
|
450
459
|
// Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
|
|
451
|
-
const PEVT_VARIANT values = reinterpret_cast<PEVT_VARIANT>(
|
|
460
|
+
const PEVT_VARIANT values = reinterpret_cast<PEVT_VARIANT>(&buffer.front());
|
|
452
461
|
|
|
453
462
|
// Open publisher metadata
|
|
454
463
|
hMetadata = EvtOpenPublisherMetadata(nullptr, values[0].StringVal, nullptr, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
|
@@ -470,5 +479,5 @@ cleanup:
|
|
|
470
479
|
if (hMetadata)
|
|
471
480
|
EvtClose(hMetadata);
|
|
472
481
|
|
|
473
|
-
return _wcsdup(result.
|
|
482
|
+
return _wcsdup(result.data());
|
|
474
483
|
}
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: winevt_c
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-07-
|
|
11
|
+
date: 2019-07-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -133,9 +133,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
133
133
|
version: '2.4'
|
|
134
134
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
|
-
- - "
|
|
136
|
+
- - ">="
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
138
|
+
version: '0'
|
|
139
139
|
requirements: []
|
|
140
140
|
rubyforge_project:
|
|
141
141
|
rubygems_version: 2.7.3
|