RubyGems - winevt_c - Versions diffs - 0.5.1 → 0.6.0 - Mend

winevt_c 0.5.1 → 0.6.0

Files changed (14) hide show

checksums.yaml +4 -4
data/.clang-format +5 -0
data/README.md +2 -2
data/example/rate_limit.rb +14 -0
data/ext/winevt/extconf.rb +2 -2
data/ext/winevt/winevt_bookmark.c +44 -39
data/ext/winevt/winevt_c.h +42 -26
data/ext/winevt/winevt_channel.c +43 -29
data/ext/winevt/winevt_query.c +140 -92
data/ext/winevt/winevt_subscribe.c +214 -89
data/ext/winevt/winevt_utils.cpp +540 -335
data/lib/winevt/version.rb +1 -1
data/winevt_c.gemspec +1 -1
metadata +5 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75744148e9ca94521748b06833b718e340adff8024aa2d2c95560561b2f78067
-  data.tar.gz: c9ccac540fa71ee98862084e765d93ef99e82e0da8ffa539bad5fe01ade3206b
+  metadata.gz: 12f9385269dcef7feb299a038947855285d7ffb76d8d331941dfa2d30f56fdb4
+  data.tar.gz: f122b6172ae73587a3a518d79d25a7a64daa735a552fb998cfd5f9e2a5fddc07
 SHA512:
-  metadata.gz: c3fa73323e1d79dc1336c8d9d0984f9a00e0f683b38e4fcbd9ffc46c101a6e5727bf542210c59171e997c9fea0662b8b1078a9f7b44748c933623b47de5693c2
-  data.tar.gz: 2e32151fa6b178f98c7c6f97e28e5cbcdd83050bb738cade7cf85f23ba6faf6b8dd09c81c8d51a7460428dff57345fd922aab405b4756b2311632badca8abd2a
+  metadata.gz: 92d91fafb48fe5a4cc63ad82a9eca050cac7e2db38538347f6a9c247b5218604360a155233d1f37c38ce9967ca6af46f150fedb0d77c261e201fb99a675c0996
+  data.tar.gz: 5fcc3b81d00788d63380692942fe29822fe6a53d058463ce7848409310abb242a187dfb24414c5cdfc17943d6b57f027a9e1ddbeb2ae03c7eee2594215080eb1

data/.clang-format ADDED Viewed

@@ -0,0 +1,5 @@
+BasedOnStyle: Mozilla
+ColumnLimit: 90
+BinPackParameters: true
+BinPackArguments: false
+AllowShortCaseLabelsOnASingleLine: false

data/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # winevt_c
-[![Build status](https://ci.appveyor.com/api/projects/status/hr3phv8ihvgc68oj/branch/master?svg=true)](https://ci.appveyor.com/project/cosmo0920/winevt-c/branch/master)
+[![Build status](https://ci.appveyor.com/api/projects/status/o5771b3cb6x3acq0/branch/master?svg=true)](https://ci.appveyor.com/project/cosmo0920/winevt-c-6145k/branch/master)
 ## Prerequisites
@@ -35,4 +35,4 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/cosmo0920/winevt_c.
+Bug reports and pull requests are welcome on GitHub at https://github.com/fluent-plugins-nursery/winevt_c.

data/example/rate_limit.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require 'winevt'
+@subscribe = Winevt::EventLog::Subscribe.new
+@subscribe.tail = true
+@subscribe.rate_limit = 80
+@subscribe.subscribe(
+  "Application", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]"
+)
+while true do
+  @subscribe.each do |eventlog, message, string_inserts|
+    puts ({eventlog: eventlog, data: message})
+  end
+  sleep(0.1)
+end

data/ext/winevt/extconf.rb CHANGED Viewed

@@ -16,8 +16,8 @@ have_library("advapi32")
 have_library("ole32")
 $LDFLAGS << " -lwevtapi -ladvapi32 -lole32"
-$CFLAGS << " -std=c99 -fPIC -fms-extensions "
-$CXXFLAGS << " -std=c++11 -fPIC -fms-extensions "
+$CFLAGS << " -Wall -std=c99 -fPIC -fms-extensions "
+$CXXFLAGS << " -Wall -std=c++11 -fPIC -fms-extensions "
 # $CFLAGS << " -g -O0 -ggdb"
 # $CXXFLAGS << " -g -O0 -ggdb"

data/ext/winevt/winevt_bookmark.c CHANGED Viewed

@@ -1,18 +1,21 @@
 #include <winevt_c.h>
-static void bookmark_free(void *ptr);
-static const rb_data_type_t rb_winevt_bookmark_type = {
-  "winevt/bookmark", {
-    0, bookmark_free, 0,
-  }, NULL, NULL,
-  RUBY_TYPED_FREE_IMMEDIATELY
-};
+static void bookmark_free(void* ptr);
+static const rb_data_type_t rb_winevt_bookmark_type = { "winevt/bookmark",
+                                                        {
+                                                          0,
+                                                          bookmark_free,
+                                                          0,
+                                                        },
+                                                        NULL,
+                                                        NULL,
+                                                        RUBY_TYPED_FREE_IMMEDIATELY };
 static void
-bookmark_free(void *ptr)
+bookmark_free(void* ptr)
 {
-  struct WinevtBookmark *winevtBookmark = (struct WinevtBookmark *)ptr;
+  struct WinevtBookmark* winevtBookmark = (struct WinevtBookmark*)ptr;
   if (winevtBookmark->bookmark)
     EvtClose(winevtBookmark->bookmark);
@@ -23,23 +26,22 @@ static VALUE
 rb_winevt_bookmark_alloc(VALUE klass)
 {
   VALUE obj;
-  struct WinevtBookmark *winevtBookmark;
-  obj = TypedData_Make_Struct(klass,
-                              struct WinevtBookmark,
-                              &rb_winevt_bookmark_type,
-                              winevtBookmark);
+  struct WinevtBookmark* winevtBookmark;
+  obj = TypedData_Make_Struct(
+    klass, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
   return obj;
 }
 static VALUE
-rb_winevt_bookmark_initialize(int argc, VALUE *argv, VALUE self)
+rb_winevt_bookmark_initialize(int argc, VALUE* argv, VALUE self)
 {
   PWSTR bookmarkXml;
   VALUE wbookmarkXmlBuf;
   DWORD len;
-  struct WinevtBookmark *winevtBookmark;
+  struct WinevtBookmark* winevtBookmark;
-  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
+  TypedData_Get_Struct(
+    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
   if (argc == 0) {
     winevtBookmark->bookmark = EvtCreateBookmark(NULL);
@@ -49,9 +51,15 @@ rb_winevt_bookmark_initialize(int argc, VALUE *argv, VALUE self)
     Check_Type(rb_bookmarkXml, T_STRING);
     // bookmarkXml : To wide char
-    len = MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), NULL, 0);
-    bookmarkXml = ALLOCV_N(WCHAR, wbookmarkXmlBuf, len+1);
-    MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), bookmarkXml, len);
+    len = MultiByteToWideChar(
+      CP_UTF8, 0, RSTRING_PTR(rb_bookmarkXml), RSTRING_LEN(rb_bookmarkXml), NULL, 0);
+    bookmarkXml = ALLOCV_N(WCHAR, wbookmarkXmlBuf, len + 1);
+    MultiByteToWideChar(CP_UTF8,
+                        0,
+                        RSTRING_PTR(rb_bookmarkXml),
+                        RSTRING_LEN(rb_bookmarkXml),
+                        bookmarkXml,
+                        len);
     bookmarkXml[len] = L'\0';
     winevtBookmark->bookmark = EvtCreateBookmark(bookmarkXml);
     ALLOCV_END(wbookmarkXmlBuf);
@@ -63,37 +71,34 @@ rb_winevt_bookmark_initialize(int argc, VALUE *argv, VALUE self)
 static VALUE
 rb_winevt_bookmark_update(VALUE self, VALUE event)
 {
-  struct WinevtQuery *winevtQuery;
-  struct WinevtBookmark *winevtBookmark;
+  struct WinevtQuery* winevtQuery;
+  struct WinevtBookmark* winevtBookmark;
   winevtQuery = EventQuery(event);
-  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  if(EvtUpdateBookmark(winevtBookmark->bookmark, winevtQuery->event))
-    return Qtrue;
+  TypedData_Get_Struct(
+    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  return Qfalse;
+  for (int i = 0; i < winevtQuery->count; i++) {
+    if (!EvtUpdateBookmark(winevtBookmark->bookmark, winevtQuery->hEvents[i]))
+      return Qfalse;
+  }
+  return Qtrue;
 }
 static VALUE
 rb_winevt_bookmark_render(VALUE self)
 {
-  WCHAR* wResult;
-  struct WinevtBookmark *winevtBookmark;
-  VALUE utf8str;
-  TypedData_Get_Struct(self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  wResult = render_event(winevtBookmark->bookmark, EvtRenderBookmark);
-  utf8str = wstr_to_rb_str(CP_UTF8, wResult, -1);
+  struct WinevtBookmark* winevtBookmark;
-  if (wResult != NULL)
-    free(wResult);
+  TypedData_Get_Struct(
+    self, struct WinevtBookmark, &rb_winevt_bookmark_type, winevtBookmark);
-  return utf8str;
+  return render_to_rb_str(winevtBookmark->bookmark, EvtRenderBookmark);
 }
-void Init_winevt_bookmark(VALUE rb_cEventLog)
+void
+Init_winevt_bookmark(VALUE rb_cEventLog)
 {
   rb_cBookmark = rb_define_class_under(rb_cEventLog, "Bookmark", rb_cObject);

data/ext/winevt/winevt_c.h CHANGED Viewed

@@ -5,67 +5,83 @@
 #include <ruby/encoding.h>
 #ifdef __GNUC__
-# include <w32api.h>
-# define MINIMUM_WINDOWS_VERSION WindowsVista
-#else /* __GNUC__ */
-# define MINIMUM_WINDOWS_VERSION 0x0600 /* Vista */
-#endif /* __GNUC__ */
+#include <w32api.h>
+#define MINIMUM_WINDOWS_VERSION WindowsVista
+#else                                  /* __GNUC__ */
+#define MINIMUM_WINDOWS_VERSION 0x0600 /* Vista */
+#endif                                 /* __GNUC__ */
 #ifdef _WIN32_WINNT
-#  undef _WIN32_WINNT
+#undef _WIN32_WINNT
 #endif /* WIN32_WINNT */
 #define _WIN32_WINNT MINIMUM_WINDOWS_VERSION
+#include <time.h>
 #include <winevt.h>
-#define EventQuery(object) ((struct WinevtQuery *)DATA_PTR(object))
-#define EventBookMark(object) ((struct WinevtBookmark *)DATA_PTR(object))
-#define EventChannel(object) ((struct WinevtChannel *)DATA_PTR(object))
+#define EventQuery(object) ((struct WinevtQuery*)DATA_PTR(object))
+#define EventBookMark(object) ((struct WinevtBookmark*)DATA_PTR(object))
+#define EventChannel(object) ((struct WinevtChannel*)DATA_PTR(object))
 #ifdef __cplusplus
 extern "C" {
 #endif /* __cplusplus */
-char* wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen);
-void free_allocated_mbstr(const char* str);
-VALUE wstr_to_rb_str(UINT cp, const WCHAR *wstr, int clen);
-WCHAR* render_event(EVT_HANDLE handle, DWORD flags);
+VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
+VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
 WCHAR* get_description(EVT_HANDLE handle);
 VALUE get_values(EVT_HANDLE handle);
+VALUE render_system_event(EVT_HANDLE handle);
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
 VALUE rb_cQuery;
+VALUE rb_cFlag;
 VALUE rb_cChannel;
 VALUE rb_cBookmark;
 VALUE rb_cSubscribe;
 VALUE rb_eWinevtQueryError;
-struct WinevtChannel {
+struct WinevtChannel
+{
   EVT_HANDLE channels;
 };
-struct WinevtBookmark {
+struct WinevtBookmark
+{
   EVT_HANDLE bookmark;
-  ULONG      count;
+  ULONG count;
 };
-struct WinevtQuery {
+#define QUERY_ARRAY_SIZE 10
+struct WinevtQuery
+{
   EVT_HANDLE query;
-  EVT_HANDLE event;
-  ULONG      count;
-  LONG       offset;
-  LONG       timeout;
+  EVT_HANDLE hEvents[QUERY_ARRAY_SIZE];
+  ULONG count;
+  LONG offset;
+  LONG timeout;
+  BOOL renderAsXML;
 };
-struct WinevtSubscribe {
-  HANDLE     signalEvent;
+#define SUBSCRIBE_ARRAY_SIZE 10
+#define SUBSCRIBE_RATE_INFINITE -1
+struct WinevtSubscribe
+{
+  HANDLE signalEvent;
   EVT_HANDLE subscription;
   EVT_HANDLE bookmark;
-  EVT_HANDLE event;
-  DWORD      flags;
-  BOOL       tailing;
+  EVT_HANDLE hEvents[SUBSCRIBE_ARRAY_SIZE];
+  DWORD count;
+  DWORD flags;
+  BOOL tailing;
+  DWORD rateLimit;
+  time_t lastTime;
+  DWORD currentRate;
+  BOOL renderAsXML;
 };
 void Init_winevt_query(VALUE rb_cEventLog);

data/ext/winevt/winevt_channel.c CHANGED Viewed

@@ -1,18 +1,21 @@
 #include <winevt_c.h>
-static void channel_free(void *ptr);
-static const rb_data_type_t rb_winevt_channel_type = {
-  "winevt/channel", {
-    0, channel_free, 0,
-  }, NULL, NULL,
-  RUBY_TYPED_FREE_IMMEDIATELY
-};
+static void channel_free(void* ptr);
+static const rb_data_type_t rb_winevt_channel_type = { "winevt/channel",
+                                                       {
+                                                         0,
+                                                         channel_free,
+                                                         0,
+                                                       },
+                                                       NULL,
+                                                       NULL,
+                                                       RUBY_TYPED_FREE_IMMEDIATELY };
 static void
-channel_free(void *ptr)
+channel_free(void* ptr)
 {
-  struct WinevtChannel *winevtChannel = (struct WinevtChannel *)ptr;
+  struct WinevtChannel* winevtChannel = (struct WinevtChannel*)ptr;
   if (winevtChannel->channels)
     EvtClose(winevtChannel->channels);
@@ -23,11 +26,9 @@ static VALUE
 rb_winevt_channel_alloc(VALUE klass)
 {
   VALUE obj;
-  struct WinevtChannel *winevtChannel;
-  obj = TypedData_Make_Struct(klass,
-                              struct WinevtChannel,
-                              &rb_winevt_channel_type,
-                              winevtChannel);
+  struct WinevtChannel* winevtChannel;
+  obj = TypedData_Make_Struct(
+    klass, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
   return obj;
 }
@@ -41,10 +42,9 @@ static VALUE
 rb_winevt_channel_each(VALUE self)
 {
   EVT_HANDLE hChannels;
-  struct WinevtChannel *winevtChannel;
+  struct WinevtChannel* winevtChannel;
   char errBuf[256];
   LPWSTR buffer = NULL;
-  LPWSTR temp = NULL;
   DWORD bufferSize = 0;
   DWORD bufferUsed = 0;
   DWORD status = ERROR_SUCCESS;
@@ -52,14 +52,19 @@ rb_winevt_channel_each(VALUE self)
   RETURN_ENUMERATOR(self, 0, 0);
-  TypedData_Get_Struct(self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
   hChannels = EvtOpenChannelEnum(NULL, 0);
   if (hChannels) {
     winevtChannel->channels = hChannels;
   } else {
-    _snprintf_s(errBuf, 256, _TRUNCATE, "Failed to enumerate channels with %s\n", GetLastError());
+    _snprintf_s(errBuf,
+                _countof(errBuf),
+                _TRUNCATE,
+                "Failed to enumerate channels with %lu\n",
+                GetLastError());
     rb_raise(rb_eRuntimeError, errBuf);
   }
@@ -71,40 +76,49 @@ rb_winevt_channel_each(VALUE self)
         break;
       } else if (ERROR_INSUFFICIENT_BUFFER == status) {
         bufferSize = bufferUsed;
-        temp = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
-        if (temp) {
-          buffer = temp;
-          temp = NULL;
+        buffer = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
+        if (buffer) {
           continue;
         } else {
           free(buffer);
           EvtClose(winevtChannel->channels);
-          status = ERROR_OUTOFMEMORY;
+          winevtChannel->channels = NULL;
           rb_raise(rb_eRuntimeError, "realloc failed");
         }
       } else {
         free(buffer);
         EvtClose(winevtChannel->channels);
-        _snprintf_s(errBuf, 256, _TRUNCATE, "EvtNextChannelPath failed with %lu.\n", status);
+        winevtChannel->channels = NULL;
+        _snprintf_s(errBuf,
+                    _countof(errBuf),
+                    _TRUNCATE,
+                    "EvtNextChannelPath failed with %lu.\n",
+                    status);
         rb_raise(rb_eRuntimeError, errBuf);
       }
     }
     utf8str = wstr_to_rb_str(CP_UTF8, buffer, -1);
+    free(buffer);
+    buffer = NULL;
+    bufferSize = 0;
     rb_yield(utf8str);
   }
-  if (winevtChannel->channels)
+  if (winevtChannel->channels) {
     EvtClose(winevtChannel->channels);
+    winevtChannel->channels = NULL;
+  }
-  if (buffer)
-    free(buffer);
+  free(buffer);
   return Qnil;
 }
-void Init_winevt_channel(VALUE rb_cEventLog)
+void
+Init_winevt_channel(VALUE rb_cEventLog)
 {
   rb_cChannel = rb_define_class_under(rb_cEventLog, "Channel", rb_cObject);
   rb_define_alloc_func(rb_cChannel, rb_winevt_channel_alloc);