winevt_c 0.5.1 → 0.6.0

data/ext/winevt/winevt_query.c

@@ -1,24 +1,28 @@
 #include <winevt_c.h>
 
-static void query_free(void *ptr);
-
-static const rb_data_type_t rb_winevt_query_type = {
-  "winevt/query", {
-    0, query_free, 0,
-  }, NULL, NULL,
-  RUBY_TYPED_FREE_IMMEDIATELY
-};
+static void query_free(void* ptr);
+
+static const rb_data_type_t rb_winevt_query_type = { "winevt/query",
+                                                     {
+                                                       0,
+                                                       query_free,
+                                                       0,
+                                                     },
+                                                     NULL,
+                                                     NULL,
+                                                     RUBY_TYPED_FREE_IMMEDIATELY };
 
 static void
-query_free(void *ptr)
+query_free(void* ptr)
 {
-  struct WinevtQuery *winevtQuery = (struct WinevtQuery *)ptr;
+  struct WinevtQuery* winevtQuery = (struct WinevtQuery*)ptr;
   if (winevtQuery->query)
     EvtClose(winevtQuery->query);
 
-  if (winevtQuery->event)
-    EvtClose(winevtQuery->event);
-
+  for (int i = 0; i < winevtQuery->count; i++) {
+    if (winevtQuery->hEvents[i])
+      EvtClose(winevtQuery->hEvents[i]);
+  }
   xfree(ptr);
 }
 
@@ -26,11 +30,9 @@ static VALUE
 rb_winevt_query_alloc(VALUE klass)
 {
   VALUE obj;
-  struct WinevtQuery *winevtQuery;
-  obj = TypedData_Make_Struct(klass,
-                              struct WinevtQuery,
-                              &rb_winevt_query_type,
-                              winevtQuery);
+  struct WinevtQuery* winevtQuery;
+  obj =
+    TypedData_Make_Struct(klass, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
   return obj;
 }
 
@@ -38,7 +40,7 @@ static VALUE
 rb_winevt_query_initialize(VALUE self, VALUE channel, VALUE xpath)
 {
   PWSTR evtChannel, evtXPath;
-  struct WinevtQuery *winevtQuery;
+  struct WinevtQuery* winevtQuery;
   DWORD len;
   VALUE wchannelBuf, wpathBuf;
 
@@ -46,23 +48,26 @@ rb_winevt_query_initialize(VALUE self, VALUE channel, VALUE xpath)
   Check_Type(xpath, T_STRING);
 
   // channel : To wide char
-  len = MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(channel), RSTRING_LEN(channel), NULL, 0);
-  evtChannel = ALLOCV_N(WCHAR, wchannelBuf, len+1);
-  MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(channel), RSTRING_LEN(channel), evtChannel, len);
+  len =
+    MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(channel), RSTRING_LEN(channel), NULL, 0);
+  evtChannel = ALLOCV_N(WCHAR, wchannelBuf, len + 1);
+  MultiByteToWideChar(
+    CP_UTF8, 0, RSTRING_PTR(channel), RSTRING_LEN(channel), evtChannel, len);
   evtChannel[len] = L'\0';
 
   // xpath : To wide char
   len = MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(xpath), RSTRING_LEN(xpath), NULL, 0);
-  evtXPath = ALLOCV_N(WCHAR, wpathBuf, len+1);
+  evtXPath = ALLOCV_N(WCHAR, wpathBuf, len + 1);
   MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(xpath), RSTRING_LEN(xpath), evtXPath, len);
   evtXPath[len] = L'\0';
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
-  winevtQuery->query = EvtQuery(NULL, evtChannel, evtXPath,
-                                EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
+  winevtQuery->query = EvtQuery(
+    NULL, evtChannel, evtXPath, EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
   winevtQuery->offset = 0L;
   winevtQuery->timeout = 0L;
+  winevtQuery->renderAsXML = TRUE;
 
   ALLOCV_END(wchannelBuf);
   ALLOCV_END(wpathBuf);
@@ -73,7 +78,7 @@ rb_winevt_query_initialize(VALUE self, VALUE channel, VALUE xpath)
 static VALUE
 rb_winevt_query_get_offset(VALUE self, VALUE offset)
 {
-  struct WinevtQuery *winevtQuery;
+  struct WinevtQuery* winevtQuery;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
@@ -83,7 +88,7 @@ rb_winevt_query_get_offset(VALUE self, VALUE offset)
 static VALUE
 rb_winevt_query_set_offset(VALUE self, VALUE offset)
 {
-  struct WinevtQuery *winevtQuery;
+  struct WinevtQuery* winevtQuery;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
@@ -95,7 +100,7 @@ rb_winevt_query_set_offset(VALUE self, VALUE offset)
 static VALUE
 rb_winevt_query_get_timeout(VALUE self, VALUE timeout)
 {
-  struct WinevtQuery *winevtQuery;
+  struct WinevtQuery* winevtQuery;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
@@ -105,7 +110,7 @@ rb_winevt_query_get_timeout(VALUE self, VALUE timeout)
 static VALUE
 rb_winevt_query_set_timeout(VALUE self, VALUE timeout)
 {
-  struct WinevtQuery *winevtQuery;
+  struct WinevtQuery* winevtQuery;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
@@ -117,15 +122,25 @@ rb_winevt_query_set_timeout(VALUE self, VALUE timeout)
 static VALUE
 rb_winevt_query_next(VALUE self)
 {
-  EVT_HANDLE event;
-  ULONG      count;
-  struct WinevtQuery *winevtQuery;
+  EVT_HANDLE hEvents[QUERY_ARRAY_SIZE];
+  ULONG count;
+  DWORD status = ERROR_SUCCESS;
+  struct WinevtQuery* winevtQuery;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
-  if (EvtNext(winevtQuery->query, 1, &event, INFINITE, 0, &count) != FALSE) {
-    winevtQuery->event = event;
+  if (!EvtNext(winevtQuery->query, QUERY_ARRAY_SIZE, hEvents, INFINITE, 0, &count)) {
+    status = GetLastError();
+    if (ERROR_NO_MORE_ITEMS != status) {
+      return Qfalse;
+    }
+  }
+
+  if (status == ERROR_SUCCESS) {
     winevtQuery->count = count;
+    for (int i = 0; i < count; i++){
+      winevtQuery->hEvents[i] = hEvents[i];
+    }
 
     return Qtrue;
   }
@@ -133,48 +148,37 @@ rb_winevt_query_next(VALUE self)
   return Qfalse;
 }
 
-
 static VALUE
-rb_winevt_query_render(VALUE self)
+rb_winevt_query_render(VALUE self, EVT_HANDLE event)
 {
-  WCHAR* wResult;
-  struct WinevtQuery *winevtQuery;
-  VALUE utf8str;
+  struct WinevtQuery* winevtQuery;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
-  wResult = render_event(winevtQuery->event, EvtRenderEventXml);
-  utf8str = wstr_to_rb_str(CP_UTF8, wResult, -1);
 
-  if (wResult != NULL)
-    free(wResult);
-
-  return utf8str;
+  if (winevtQuery->renderAsXML) {
+    return render_to_rb_str(event, EvtRenderEventXml);
+  } else {
+    return render_system_event(event);
+  }
 }
 
 static VALUE
-rb_winevt_query_message(VALUE self)
+rb_winevt_query_message(EVT_HANDLE event)
 {
   WCHAR* wResult;
-  struct WinevtQuery *winevtQuery;
   VALUE utf8str;
 
-  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
-  wResult = get_description(winevtQuery->event);
+  wResult = get_description(event);
   utf8str = wstr_to_rb_str(CP_UTF8, wResult, -1);
-
-  if (wResult != NULL)
-    free(wResult);
+  free(wResult);
 
   return utf8str;
 }
 
 static VALUE
-rb_winevt_query_string_inserts(VALUE self)
+rb_winevt_query_string_inserts(EVT_HANDLE event)
 {
-  struct WinevtQuery *winevtQuery;
-
-  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
-  return get_values(winevtQuery->event);
+  return get_values(event);
 }
 
 static DWORD
@@ -192,37 +196,50 @@ get_evt_seek_flag_from_cstr(char* flag_str)
     return EvtSeekOriginMask;
   else if (strcmp(flag_str, "strict") == 0)
     return EvtSeekStrict;
+  else
+    rb_raise(rb_eArgError, "Unknown seek flag: %s", flag_str);
+
+  return 0;
 }
 
 static VALUE
 rb_winevt_query_seek(VALUE self, VALUE bookmark_or_flag)
 {
-  struct WinevtQuery *winevtQuery;
-  struct WinevtBookmark *winevtBookmark = NULL;
-  DWORD flag;
+  struct WinevtQuery* winevtQuery;
+  struct WinevtBookmark* winevtBookmark = NULL;
+  DWORD flag = 0;
 
   switch (TYPE(bookmark_or_flag)) {
-  case T_SYMBOL:
-    flag = get_evt_seek_flag_from_cstr(RSTRING_PTR(rb_sym2str(bookmark_or_flag)));
-    break;
-  case T_STRING:
-    flag = get_evt_seek_flag_from_cstr(StringValueCStr(bookmark_or_flag));
-    break;
-  default:
-    if (!rb_obj_is_kind_of(bookmark_or_flag, rb_cBookmark))
-      rb_raise(rb_eArgError, "Expected a String or a Symbol or a Bookmark instance");
-
-    winevtBookmark = EventBookMark(bookmark_or_flag);
+    case T_SYMBOL:
+      flag = get_evt_seek_flag_from_cstr(RSTRING_PTR(rb_sym2str(bookmark_or_flag)));
+      break;
+    case T_STRING:
+      flag = get_evt_seek_flag_from_cstr(StringValueCStr(bookmark_or_flag));
+      break;
+    case T_FIXNUM:
+      flag = NUM2LONG(bookmark_or_flag);
+      break;
+    default:
+      if (!rb_obj_is_kind_of(bookmark_or_flag, rb_cBookmark))
+        rb_raise(rb_eArgError, "Expected a String or a Symbol or a Bookmark instance");
+
+      winevtBookmark = EventBookMark(bookmark_or_flag);
   }
 
   if (winevtBookmark) {
     TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
-    if (EvtSeek(winevtQuery->query, winevtQuery->offset, winevtBookmark->bookmark, winevtQuery->timeout, EvtSeekRelativeToBookmark))
+    if (EvtSeek(winevtQuery->query,
+                winevtQuery->offset,
+                winevtBookmark->bookmark,
+                winevtQuery->timeout,
+                EvtSeekRelativeToBookmark))
       return Qtrue;
   } else {
     TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
-    if (EvtSeek(winevtQuery->query, winevtQuery->offset, NULL, winevtQuery->timeout, flag))
+    if (EvtSeek(
+          winevtQuery->query, winevtQuery->offset, NULL, winevtQuery->timeout, flag)) {
       return Qtrue;
+    }
   }
 
   return Qfalse;
@@ -231,12 +248,15 @@ rb_winevt_query_seek(VALUE self, VALUE bookmark_or_flag)
 static VALUE
 rb_winevt_query_close_handle(VALUE self)
 {
-  struct WinevtQuery *winevtQuery;
+  struct WinevtQuery* winevtQuery;
 
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
-  if (winevtQuery->event != NULL) {
-    EvtClose(winevtQuery->event);
+  for (int i = 0; i < winevtQuery->count; i++){
+    if (winevtQuery->hEvents[i] != NULL) {
+      EvtClose(winevtQuery->hEvents[i]);
+      winevtQuery->hEvents[i] = NULL;
+    }
   }
 
   return Qnil;
@@ -245,28 +265,26 @@ rb_winevt_query_close_handle(VALUE self)
 static VALUE
 rb_winevt_query_each_yield(VALUE self)
 {
-  struct WinevtQuery *winevtQuery;
-
   RETURN_ENUMERATOR(self, 0, 0);
 
-  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+  struct WinevtQuery* winevtQuery;
 
-  rb_yield_values(3,
-                  rb_winevt_query_render(self),
-                  rb_winevt_query_message(self),
-                  rb_winevt_query_string_inserts(self));
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
+  for (int i = 0; i < winevtQuery->count; i++) {
+    rb_yield_values(3,
+                    rb_winevt_query_render(self, winevtQuery->hEvents[i]),
+                    rb_winevt_query_message(winevtQuery->hEvents[i]),
+                    rb_winevt_query_string_inserts(winevtQuery->hEvents[i]));
+  }
   return Qnil;
 }
 
 static VALUE
 rb_winevt_query_each(VALUE self)
 {
-  struct WinevtQuery *winevtQuery;
-
   RETURN_ENUMERATOR(self, 0, 0);
 
-  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
   while (rb_winevt_query_next(self)) {
     rb_ensure(rb_winevt_query_each_yield, self, rb_winevt_query_close_handle, self);
   }
@@ -274,21 +292,51 @@ rb_winevt_query_each(VALUE self)
   return Qnil;
 }
 
-void Init_winevt_query(VALUE rb_cEventLog)
+static VALUE
+rb_winevt_query_render_as_xml_p(VALUE self)
 {
-  rb_cQuery = rb_define_class_under(rb_cEventLog, "Query", rb_cObject);
+  struct WinevtQuery* winevtQuery;
+
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  return winevtQuery->renderAsXML ? Qtrue : Qfalse;
+}
+
+static VALUE
+rb_winevt_query_set_render_as_xml(VALUE self, VALUE rb_render_as_xml)
+{
+  struct WinevtQuery* winevtQuery;
 
+  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  winevtQuery->renderAsXML = RTEST(rb_render_as_xml);
+
+  return Qnil;
+}
+
+void
+Init_winevt_query(VALUE rb_cEventLog)
+{
+  rb_cQuery = rb_define_class_under(rb_cEventLog, "Query", rb_cObject);
   rb_define_alloc_func(rb_cQuery, rb_winevt_query_alloc);
+
+  rb_cFlag = rb_define_module_under(rb_cQuery, "Flag");
+
+  rb_define_const(rb_cFlag, "RelativeToFirst", LONG2NUM(EvtSeekRelativeToFirst));
+  rb_define_const(rb_cFlag, "RelativeToLast", LONG2NUM(EvtSeekRelativeToLast));
+  rb_define_const(rb_cFlag, "RelativeToCurrent", LONG2NUM(EvtSeekRelativeToCurrent));
+  rb_define_const(rb_cFlag, "RelativeToBookmark", LONG2NUM(EvtSeekRelativeToBookmark));
+  rb_define_const(rb_cFlag, "OriginMask", LONG2NUM(EvtSeekOriginMask));
+  rb_define_const(rb_cFlag, "Strict", LONG2NUM(EvtSeekStrict));
+
   rb_define_method(rb_cQuery, "initialize", rb_winevt_query_initialize, 2);
   rb_define_method(rb_cQuery, "next", rb_winevt_query_next, 0);
-  rb_define_method(rb_cQuery, "render", rb_winevt_query_render, 0);
-  rb_define_method(rb_cQuery, "message", rb_winevt_query_message, 0);
-  rb_define_method(rb_cQuery, "string_inserts", rb_winevt_query_string_inserts, 0);
   rb_define_method(rb_cQuery, "seek", rb_winevt_query_seek, 1);
   rb_define_method(rb_cQuery, "offset", rb_winevt_query_get_offset, 0);
   rb_define_method(rb_cQuery, "offset=", rb_winevt_query_set_offset, 1);
   rb_define_method(rb_cQuery, "timeout", rb_winevt_query_get_timeout, 0);
   rb_define_method(rb_cQuery, "timeout=", rb_winevt_query_set_timeout, 1);
-  rb_define_method(rb_cQuery, "close_handle", rb_winevt_query_close_handle, 0);
   rb_define_method(rb_cQuery, "each", rb_winevt_query_each, 0);
+  rb_define_method(rb_cQuery, "render_as_xml?", rb_winevt_query_render_as_xml_p, 0);
+  rb_define_method(rb_cQuery, "render_as_xml=", rb_winevt_query_set_render_as_xml, 1);
 }