winevt_c 0.4.7.rc2 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/example/tailing.rb +1 -0
- data/ext/winevt/winevt_channel.c +12 -2
- data/ext/winevt/winevt_query.c +33 -5
- data/ext/winevt/winevt_subscribe.c +36 -4
- data/ext/winevt/winevt_utils.cpp +47 -38
- data/lib/winevt/version.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c5fe0d33a16157b78dd2d2dba8f35aab97d17fd4a331dcbcca982dd1b19bf6c
|
|
4
|
+
data.tar.gz: 9a54b57a79cce2295c03b640d66f09bca1f862b8514e9eebd4e0ec424ad1a134
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0cdf4bcb81c5cd0cbd3c26a552e9310cb14cc528daa22d0216ad9af86e65978f9757267677b7a399754cc1f6e490df84616fb1af943ad8494239efc25a4c5bcb
|
|
7
|
+
data.tar.gz: f10753a472d9306ec0ac217e5186787382d33921809a7d48cc3cf0a99abe7dacab2c1b784a2bcc6444fc42a51f7d8c6c51fc81648e2adb71e5ac6cd3059e0999
|
data/example/tailing.rb
CHANGED
data/ext/winevt/winevt_channel.c
CHANGED
|
@@ -71,16 +71,20 @@ rb_winevt_channel_each(VALUE self)
|
|
|
71
71
|
break;
|
|
72
72
|
} else if (ERROR_INSUFFICIENT_BUFFER == status) {
|
|
73
73
|
bufferSize = bufferUsed;
|
|
74
|
-
temp = (LPWSTR)
|
|
74
|
+
temp = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
|
|
75
75
|
if (temp) {
|
|
76
76
|
buffer = temp;
|
|
77
77
|
temp = NULL;
|
|
78
|
-
|
|
78
|
+
continue;
|
|
79
79
|
} else {
|
|
80
|
+
free(buffer);
|
|
81
|
+
EvtClose(winevtChannel->channels);
|
|
80
82
|
status = ERROR_OUTOFMEMORY;
|
|
81
83
|
rb_raise(rb_eRuntimeError, "realloc failed");
|
|
82
84
|
}
|
|
83
85
|
} else {
|
|
86
|
+
free(buffer);
|
|
87
|
+
EvtClose(winevtChannel->channels);
|
|
84
88
|
_snprintf_s(errBuf, 256, _TRUNCATE, "EvtNextChannelPath failed with %lu.\n", status);
|
|
85
89
|
rb_raise(rb_eRuntimeError, errBuf);
|
|
86
90
|
}
|
|
@@ -91,6 +95,12 @@ rb_winevt_channel_each(VALUE self)
|
|
|
91
95
|
rb_yield(utf8str);
|
|
92
96
|
}
|
|
93
97
|
|
|
98
|
+
if (winevtChannel->channels)
|
|
99
|
+
EvtClose(winevtChannel->channels);
|
|
100
|
+
|
|
101
|
+
if (buffer)
|
|
102
|
+
free(buffer);
|
|
103
|
+
|
|
94
104
|
return Qnil;
|
|
95
105
|
}
|
|
96
106
|
|
data/ext/winevt/winevt_query.c
CHANGED
|
@@ -229,7 +229,21 @@ rb_winevt_query_seek(VALUE self, VALUE bookmark_or_flag)
|
|
|
229
229
|
}
|
|
230
230
|
|
|
231
231
|
static VALUE
|
|
232
|
-
|
|
232
|
+
rb_winevt_query_close_handle(VALUE self)
|
|
233
|
+
{
|
|
234
|
+
struct WinevtQuery *winevtQuery;
|
|
235
|
+
|
|
236
|
+
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
237
|
+
|
|
238
|
+
if (winevtQuery->event != NULL) {
|
|
239
|
+
EvtClose(winevtQuery->event);
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
return Qnil;
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
static VALUE
|
|
246
|
+
rb_winevt_query_each_yield(VALUE self)
|
|
233
247
|
{
|
|
234
248
|
struct WinevtQuery *winevtQuery;
|
|
235
249
|
|
|
@@ -237,11 +251,24 @@ rb_winevt_query_each(VALUE self)
|
|
|
237
251
|
|
|
238
252
|
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
239
253
|
|
|
254
|
+
rb_yield_values(3,
|
|
255
|
+
rb_winevt_query_render(self),
|
|
256
|
+
rb_winevt_query_message(self),
|
|
257
|
+
rb_winevt_query_string_inserts(self));
|
|
258
|
+
|
|
259
|
+
return Qnil;
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
static VALUE
|
|
263
|
+
rb_winevt_query_each(VALUE self)
|
|
264
|
+
{
|
|
265
|
+
struct WinevtQuery *winevtQuery;
|
|
266
|
+
|
|
267
|
+
RETURN_ENUMERATOR(self, 0, 0);
|
|
268
|
+
|
|
269
|
+
TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
|
|
240
270
|
while (rb_winevt_query_next(self)) {
|
|
241
|
-
|
|
242
|
-
rb_winevt_query_render(self),
|
|
243
|
-
rb_winevt_query_message(self),
|
|
244
|
-
rb_winevt_query_string_inserts(self));
|
|
271
|
+
rb_ensure(rb_winevt_query_each_yield, self, rb_winevt_query_close_handle, self);
|
|
245
272
|
}
|
|
246
273
|
|
|
247
274
|
return Qnil;
|
|
@@ -262,5 +289,6 @@ void Init_winevt_query(VALUE rb_cEventLog)
|
|
|
262
289
|
rb_define_method(rb_cQuery, "offset=", rb_winevt_query_set_offset, 1);
|
|
263
290
|
rb_define_method(rb_cQuery, "timeout", rb_winevt_query_get_timeout, 0);
|
|
264
291
|
rb_define_method(rb_cQuery, "timeout=", rb_winevt_query_set_timeout, 1);
|
|
292
|
+
rb_define_method(rb_cQuery, "close_handle", rb_winevt_query_close_handle, 0);
|
|
265
293
|
rb_define_method(rb_cQuery, "each", rb_winevt_query_each, 0);
|
|
266
294
|
}
|
|
@@ -114,6 +114,9 @@ rb_winevt_subscribe_subscribe(int argc, VALUE *argv, VALUE self)
|
|
|
114
114
|
|
|
115
115
|
hSubscription = EvtSubscribe(NULL, hSignalEvent, path, query, hBookmark, NULL, NULL, flags);
|
|
116
116
|
|
|
117
|
+
ALLOCV_END(wpathBuf);
|
|
118
|
+
ALLOCV_END(wqueryBuf);
|
|
119
|
+
|
|
117
120
|
winevtSubscribe->signalEvent = hSignalEvent;
|
|
118
121
|
winevtSubscribe->subscription = hSubscription;
|
|
119
122
|
if (hBookmark) {
|
|
@@ -192,6 +195,37 @@ rb_winevt_subscribe_string_inserts(VALUE self)
|
|
|
192
195
|
return get_values(winevtSubscribe->event);
|
|
193
196
|
}
|
|
194
197
|
|
|
198
|
+
static VALUE
|
|
199
|
+
rb_winevt_subscribe_close_handle(VALUE self)
|
|
200
|
+
{
|
|
201
|
+
struct WinevtSubscribe *winevtSubscribe;
|
|
202
|
+
|
|
203
|
+
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
204
|
+
|
|
205
|
+
if (winevtSubscribe->event != NULL) {
|
|
206
|
+
EvtClose(winevtSubscribe->event);
|
|
207
|
+
}
|
|
208
|
+
|
|
209
|
+
return Qnil;
|
|
210
|
+
}
|
|
211
|
+
|
|
212
|
+
static VALUE
|
|
213
|
+
rb_winevt_subscribe_each_yield(VALUE self)
|
|
214
|
+
{
|
|
215
|
+
struct WinevtSubscribe *winevtSubscribe;
|
|
216
|
+
|
|
217
|
+
RETURN_ENUMERATOR(self, 0, 0);
|
|
218
|
+
|
|
219
|
+
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
220
|
+
|
|
221
|
+
rb_yield_values(3,
|
|
222
|
+
rb_winevt_subscribe_render(self),
|
|
223
|
+
rb_winevt_subscribe_message(self),
|
|
224
|
+
rb_winevt_subscribe_string_inserts(self));
|
|
225
|
+
|
|
226
|
+
return Qnil;
|
|
227
|
+
}
|
|
228
|
+
|
|
195
229
|
static VALUE
|
|
196
230
|
rb_winevt_subscribe_each(VALUE self)
|
|
197
231
|
{
|
|
@@ -202,10 +236,7 @@ rb_winevt_subscribe_each(VALUE self)
|
|
|
202
236
|
TypedData_Get_Struct(self, struct WinevtSubscribe, &rb_winevt_subscribe_type, winevtSubscribe);
|
|
203
237
|
|
|
204
238
|
while (rb_winevt_subscribe_next(self)) {
|
|
205
|
-
|
|
206
|
-
rb_winevt_subscribe_render(self),
|
|
207
|
-
rb_winevt_subscribe_message(self),
|
|
208
|
-
rb_winevt_subscribe_string_inserts(self));
|
|
239
|
+
rb_ensure(rb_winevt_subscribe_each_yield, self, rb_winevt_subscribe_close_handle, self);
|
|
209
240
|
}
|
|
210
241
|
|
|
211
242
|
return Qnil;
|
|
@@ -238,6 +269,7 @@ void Init_winevt_subscribe(VALUE rb_cEventLog)
|
|
|
238
269
|
rb_define_method(rb_cSubscribe, "message", rb_winevt_subscribe_message, 0);
|
|
239
270
|
rb_define_method(rb_cSubscribe, "string_inserts", rb_winevt_subscribe_string_inserts, 0);
|
|
240
271
|
rb_define_method(rb_cSubscribe, "each", rb_winevt_subscribe_each, 0);
|
|
272
|
+
rb_define_method(rb_cSubscribe, "close_handle", rb_winevt_subscribe_close_handle, 0);
|
|
241
273
|
rb_define_method(rb_cSubscribe, "bookmark", rb_winevt_subscribe_get_bookmark, 0);
|
|
242
274
|
rb_define_method(rb_cSubscribe, "tail?", rb_winevt_subscribe_tail_p, 0);
|
|
243
275
|
rb_define_method(rb_cSubscribe, "tail=", rb_winevt_subscribe_set_tail, 1);
|
data/ext/winevt/winevt_utils.cpp
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
#include <sddl.h>
|
|
3
3
|
#include <stdlib.h>
|
|
4
4
|
#include <string>
|
|
5
|
-
#include <
|
|
5
|
+
#include <vector>
|
|
6
6
|
|
|
7
7
|
char*
|
|
8
8
|
wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen)
|
|
@@ -24,17 +24,20 @@ void free_allocated_mbstr(const char* str)
|
|
|
24
24
|
VALUE
|
|
25
25
|
wstr_to_rb_str(UINT cp, const WCHAR *wstr, int clen)
|
|
26
26
|
{
|
|
27
|
+
VALUE vstr;
|
|
28
|
+
CHAR *ptr;
|
|
27
29
|
int len = WideCharToMultiByte(cp, 0, wstr, clen, nullptr, 0, nullptr, nullptr);
|
|
28
|
-
|
|
29
|
-
WideCharToMultiByte(cp, 0, wstr, clen, ptr
|
|
30
|
-
VALUE str = rb_utf8_str_new_cstr(ptr
|
|
30
|
+
ptr = (CHAR*)ALLOCV_N(CHAR, vstr, len);
|
|
31
|
+
WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, nullptr, nullptr);
|
|
32
|
+
VALUE str = rb_utf8_str_new_cstr(ptr);
|
|
33
|
+
ALLOCV_END(vstr);
|
|
31
34
|
|
|
32
35
|
return str;
|
|
33
36
|
}
|
|
34
37
|
|
|
35
38
|
WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
36
39
|
{
|
|
37
|
-
std::
|
|
40
|
+
std::vector<WCHAR> buffer(1);
|
|
38
41
|
ULONG bufferSize = 0;
|
|
39
42
|
ULONG bufferSizeNeeded = 0;
|
|
40
43
|
ULONG status, count;
|
|
@@ -44,8 +47,10 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
|
44
47
|
do {
|
|
45
48
|
if (bufferSizeNeeded > bufferSize) {
|
|
46
49
|
bufferSize = bufferSizeNeeded;
|
|
47
|
-
|
|
48
|
-
|
|
50
|
+
try {
|
|
51
|
+
buffer.resize(bufferSize);
|
|
52
|
+
buffer.shrink_to_fit();
|
|
53
|
+
} catch (std::bad_alloc e) {
|
|
49
54
|
status = ERROR_OUTOFMEMORY;
|
|
50
55
|
bufferSize = 0;
|
|
51
56
|
rb_raise(rb_eWinevtQueryError, "Out of memory");
|
|
@@ -56,8 +61,8 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
|
56
61
|
if (EvtRender(nullptr,
|
|
57
62
|
handle,
|
|
58
63
|
flags,
|
|
59
|
-
|
|
60
|
-
buffer.
|
|
64
|
+
buffer.size(),
|
|
65
|
+
&buffer.front(),
|
|
61
66
|
&bufferSizeNeeded,
|
|
62
67
|
&count) != FALSE) {
|
|
63
68
|
status = ERROR_SUCCESS;
|
|
@@ -81,7 +86,7 @@ WCHAR* render_event(EVT_HANDLE handle, DWORD flags)
|
|
|
81
86
|
rb_raise(rb_eWinevtQueryError, "ErrorCode: %ld\nError: %s\n", status, RSTRING_PTR(errmsg));
|
|
82
87
|
}
|
|
83
88
|
|
|
84
|
-
result = _wcsdup(buffer.
|
|
89
|
+
result = _wcsdup(&buffer.front());
|
|
85
90
|
|
|
86
91
|
return result;
|
|
87
92
|
}
|
|
@@ -98,7 +103,7 @@ static std::wstring guid_to_wstr(const GUID& guid) {
|
|
|
98
103
|
|
|
99
104
|
VALUE get_values(EVT_HANDLE handle)
|
|
100
105
|
{
|
|
101
|
-
std::
|
|
106
|
+
std::vector<WCHAR> buffer;
|
|
102
107
|
ULONG bufferSize = 0;
|
|
103
108
|
ULONG bufferSizeNeeded = 0;
|
|
104
109
|
DWORD status, propCount = 0;
|
|
@@ -118,6 +123,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
118
123
|
bufferSize = bufferSizeNeeded;
|
|
119
124
|
try {
|
|
120
125
|
buffer.resize(bufferSize);
|
|
126
|
+
buffer.shrink_to_fit();
|
|
121
127
|
} catch (std::bad_alloc e) {
|
|
122
128
|
status = ERROR_OUTOFMEMORY;
|
|
123
129
|
bufferSize = 0;
|
|
@@ -130,7 +136,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
130
136
|
handle,
|
|
131
137
|
EvtRenderEventValues,
|
|
132
138
|
buffer.size(),
|
|
133
|
-
&buffer
|
|
139
|
+
&buffer.front(),
|
|
134
140
|
&bufferSizeNeeded,
|
|
135
141
|
&propCount) != FALSE) {
|
|
136
142
|
status = ERROR_SUCCESS;
|
|
@@ -154,12 +160,12 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
154
160
|
rb_raise(rb_eWinevtQueryError, "ErrorCode: %lu\nError: %s\n", status, RSTRING_PTR(errmsg));
|
|
155
161
|
}
|
|
156
162
|
|
|
157
|
-
PEVT_VARIANT pRenderedValues = reinterpret_cast<PEVT_VARIANT>(
|
|
163
|
+
PEVT_VARIANT pRenderedValues = reinterpret_cast<PEVT_VARIANT>(&buffer.front());
|
|
158
164
|
LARGE_INTEGER timestamp;
|
|
159
165
|
SYSTEMTIME st;
|
|
160
166
|
FILETIME ft;
|
|
161
|
-
CHAR strTime
|
|
162
|
-
std::
|
|
167
|
+
std::vector<CHAR> strTime(128);
|
|
168
|
+
std::vector<CHAR> sResult(256);
|
|
163
169
|
VALUE rbObj;
|
|
164
170
|
|
|
165
171
|
for (int i = 0; i < propCount; i++) {
|
|
@@ -172,7 +178,7 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
172
178
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
|
|
173
179
|
} else {
|
|
174
180
|
std::wstring wStr(pRenderedValues[i].StringVal);
|
|
175
|
-
rbObj = wstr_to_rb_str(CP_UTF8, wStr
|
|
181
|
+
rbObj = wstr_to_rb_str(CP_UTF8, &wStr[0], -1);
|
|
176
182
|
rb_ary_push(userValues, rbObj);
|
|
177
183
|
}
|
|
178
184
|
break;
|
|
@@ -216,16 +222,16 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
216
222
|
rb_ary_push(userValues, rbObj);
|
|
217
223
|
break;
|
|
218
224
|
case EvtVarTypeSingle:
|
|
219
|
-
_snprintf_s(sResult.
|
|
220
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(sResult.
|
|
225
|
+
_snprintf_s(&sResult.front(), sResult.size(), _TRUNCATE, "%f", pRenderedValues[i].SingleVal);
|
|
226
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&sResult.front()));
|
|
221
227
|
break;
|
|
222
228
|
case EvtVarTypeDouble:
|
|
223
|
-
_snprintf_s(sResult.
|
|
224
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(sResult.
|
|
229
|
+
_snprintf_s(&sResult.front(), sResult.size(), _TRUNCATE, "%lf", pRenderedValues[i].DoubleVal);
|
|
230
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&sResult.front()));
|
|
225
231
|
break;
|
|
226
232
|
case EvtVarTypeBoolean:
|
|
227
|
-
|
|
228
|
-
rb_ary_push(userValues,
|
|
233
|
+
rbObj = pRenderedValues[i].BooleanVal ? Qtrue : Qfalse;
|
|
234
|
+
rb_ary_push(userValues, rbObj);
|
|
229
235
|
break;
|
|
230
236
|
case EvtVarTypeGuid:
|
|
231
237
|
if (pRenderedValues[i].GuidVal != nullptr) {
|
|
@@ -246,11 +252,11 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
246
252
|
ft.dwHighDateTime = timestamp.HighPart;
|
|
247
253
|
ft.dwLowDateTime = timestamp.LowPart;
|
|
248
254
|
if (FileTimeToSystemTime( &ft, &st )) {
|
|
249
|
-
_snprintf_s(strTime,
|
|
255
|
+
_snprintf_s(&strTime.front(), strTime.size(), _TRUNCATE, "%04d-%02d-%02d %02d:%02d:%02d.%dZ",
|
|
250
256
|
st.wYear , st.wMonth , st.wDay ,
|
|
251
257
|
st.wHour , st.wMinute , st.wSecond,
|
|
252
258
|
st.wMilliseconds);
|
|
253
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(strTime));
|
|
259
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&strTime.front()));
|
|
254
260
|
} else {
|
|
255
261
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
|
256
262
|
}
|
|
@@ -258,11 +264,11 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
258
264
|
case EvtVarTypeSysTime:
|
|
259
265
|
if (pRenderedValues[i].SysTimeVal != nullptr) {
|
|
260
266
|
st = *pRenderedValues[i].SysTimeVal;
|
|
261
|
-
_snprintf_s(strTime,
|
|
267
|
+
_snprintf_s(&strTime.front(), strTime.size(), _TRUNCATE, "%04d-%02d-%02d %02d:%02d:%02d.%dZ",
|
|
262
268
|
st.wYear , st.wMonth , st.wDay ,
|
|
263
269
|
st.wHour , st.wMinute , st.wSecond,
|
|
264
270
|
st.wMilliseconds);
|
|
265
|
-
rb_ary_push(userValues, rb_utf8_str_new_cstr(strTime));
|
|
271
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr(&strTime.front()));
|
|
266
272
|
} else {
|
|
267
273
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
|
268
274
|
}
|
|
@@ -306,14 +312,14 @@ VALUE get_values(EVT_HANDLE handle)
|
|
|
306
312
|
return userValues;
|
|
307
313
|
}
|
|
308
314
|
|
|
309
|
-
static std::
|
|
315
|
+
static std::vector<WCHAR> get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
310
316
|
{
|
|
311
317
|
#define BUFSIZE 4096
|
|
312
|
-
std::
|
|
318
|
+
std::vector<WCHAR> result;
|
|
313
319
|
ULONG status;
|
|
314
320
|
ULONG bufferSizeNeeded = 0;
|
|
315
321
|
LPVOID lpMsgBuf;
|
|
316
|
-
std::
|
|
322
|
+
std::vector<WCHAR> message(BUFSIZE);
|
|
317
323
|
|
|
318
324
|
if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, nullptr, EvtFormatMessageEvent, message.size(), &message[0], &bufferSizeNeeded)) {
|
|
319
325
|
status = GetLastError();
|
|
@@ -341,7 +347,8 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
341
347
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
|
342
348
|
reinterpret_cast<WCHAR *>(&lpMsgBuf), 0, nullptr);
|
|
343
349
|
|
|
344
|
-
|
|
350
|
+
std::wstring ret(reinterpret_cast<WCHAR *>(lpMsgBuf));
|
|
351
|
+
std::copy( ret.begin(), ret.end(), std::back_inserter(result));
|
|
345
352
|
LocalFree(lpMsgBuf);
|
|
346
353
|
|
|
347
354
|
goto cleanup;
|
|
@@ -355,8 +362,9 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
355
362
|
|
|
356
363
|
if (status == ERROR_INSUFFICIENT_BUFFER) {
|
|
357
364
|
message.resize(bufferSizeNeeded);
|
|
365
|
+
message.shrink_to_fit();
|
|
358
366
|
|
|
359
|
-
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, nullptr, EvtFormatMessageEvent, message.size(), &message
|
|
367
|
+
if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, nullptr, EvtFormatMessageEvent, message.size(), &message.front(), &bufferSizeNeeded)) {
|
|
360
368
|
status = GetLastError();
|
|
361
369
|
|
|
362
370
|
if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
|
|
@@ -382,7 +390,8 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
382
390
|
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
|
383
391
|
reinterpret_cast<WCHAR *>(&lpMsgBuf), 0, nullptr);
|
|
384
392
|
|
|
385
|
-
|
|
393
|
+
std::wstring ret(reinterpret_cast<WCHAR *>(lpMsgBuf));
|
|
394
|
+
std::copy( ret.begin(), ret.end(), std::back_inserter(result));
|
|
386
395
|
LocalFree(lpMsgBuf);
|
|
387
396
|
|
|
388
397
|
goto cleanup;
|
|
@@ -398,7 +407,7 @@ static std::wstring get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
398
407
|
|
|
399
408
|
cleanup:
|
|
400
409
|
|
|
401
|
-
return
|
|
410
|
+
return result;
|
|
402
411
|
|
|
403
412
|
#undef BUFSIZE
|
|
404
413
|
}
|
|
@@ -406,11 +415,11 @@ cleanup:
|
|
|
406
415
|
WCHAR* get_description(EVT_HANDLE handle)
|
|
407
416
|
{
|
|
408
417
|
#define BUFSIZE 4096
|
|
409
|
-
std::
|
|
418
|
+
std::vector<WCHAR> buffer(BUFSIZE);
|
|
410
419
|
ULONG bufferSize = 0;
|
|
411
420
|
ULONG bufferSizeNeeded = 0;
|
|
412
421
|
ULONG status, count;
|
|
413
|
-
std::
|
|
422
|
+
std::vector<WCHAR> result;
|
|
414
423
|
LPTSTR msgBuf;
|
|
415
424
|
EVT_HANDLE hMetadata = nullptr;
|
|
416
425
|
|
|
@@ -424,7 +433,7 @@ WCHAR* get_description(EVT_HANDLE handle)
|
|
|
424
433
|
handle,
|
|
425
434
|
EvtRenderEventValues,
|
|
426
435
|
buffer.size(),
|
|
427
|
-
&buffer
|
|
436
|
+
&buffer.front(),
|
|
428
437
|
&bufferSizeNeeded,
|
|
429
438
|
&count) != FALSE) {
|
|
430
439
|
status = ERROR_SUCCESS;
|
|
@@ -448,7 +457,7 @@ WCHAR* get_description(EVT_HANDLE handle)
|
|
|
448
457
|
}
|
|
449
458
|
|
|
450
459
|
// Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
|
|
451
|
-
const PEVT_VARIANT values = reinterpret_cast<PEVT_VARIANT>(
|
|
460
|
+
const PEVT_VARIANT values = reinterpret_cast<PEVT_VARIANT>(&buffer.front());
|
|
452
461
|
|
|
453
462
|
// Open publisher metadata
|
|
454
463
|
hMetadata = EvtOpenPublisherMetadata(nullptr, values[0].StringVal, nullptr, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
|
@@ -470,5 +479,5 @@ cleanup:
|
|
|
470
479
|
if (hMetadata)
|
|
471
480
|
EvtClose(hMetadata);
|
|
472
481
|
|
|
473
|
-
return _wcsdup(result.
|
|
482
|
+
return _wcsdup(result.data());
|
|
474
483
|
}
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: winevt_c
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-07-
|
|
11
|
+
date: 2019-07-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -133,9 +133,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
133
133
|
version: '2.4'
|
|
134
134
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
135
135
|
requirements:
|
|
136
|
-
- - "
|
|
136
|
+
- - ">="
|
|
137
137
|
- !ruby/object:Gem::Version
|
|
138
|
-
version:
|
|
138
|
+
version: '0'
|
|
139
139
|
requirements: []
|
|
140
140
|
rubyforge_project:
|
|
141
141
|
rubygems_version: 2.7.3
|