winevt_c 0.7.3 → 0.9.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a95471f55e9dee6e48a8836c27e360dc8f8abc8d8687106805702502586acb2
-  data.tar.gz: c64666d6e09ce6e5fb4eb04f2cd951eeae8d656b9e20efc70375503ca253c453
+  metadata.gz: d691ef9954d626041b79d1d63a4258537ded33c0f9c07c9551fd40b6aa211f12
+  data.tar.gz: fbe964ae721b310ca9c9adcf092b0f5ab4f0207e154c41287c17b2a6275932db
 SHA512:
-  metadata.gz: ea964c952d8dc9f2d05639309a7a04be8564e13f563b6fce60c6f6fbd70b35d91d28d9f1436e1e1baf88db5cf7d77e66f115d70ad6ea76c99afc5f6cf99044c3
-  data.tar.gz: c39eeeaa3cfdb4c90a526a5a2a2a7ebc5e217624b89f526b697ab65a07b02118f40b6e1fcd9ef533022d5312d43dee279b9bdca20aba93f5788fddf3fe7cfe8d
+  metadata.gz: 90059826d6c9ab0efdce70b7d4c5c4490c69e522fbcaef284e3616aa043b4de63731fe3805c9c4b8837842e44da04f376d8a813b750f926c3ab474c88c332b8c
+  data.tar.gz: 4c75263c161461089b754d512c5d7eaaa9aec9d8e7debeff1d9e0c98c73639f4157f332b5c32ad805b6e3df08e8a330e2e5d76fa85902dc70f133c4e4180ea87

data/README.md

@@ -31,6 +31,61 @@ Or install it yourself as:
 ## Usage
 
 Usage examples are found in [example directory](example).
+
+### Multilingual description
+
+Currently, the following locales should be supported to output description:
+
+locale    | language
+---------:|:--------
+bg\_BG    | Bulgarian
+zh\_CN    | Simplified Chinese
+zh\_TW    | Traditional Chinese
+zh\_HK    | Chinese (Hong Kong)
+zh\_SG    | Chinese (Singapore)
+hr\_HR    | Croatian
+cz\_CZ    | Czech
+da\_DK    | Danish
+nl\_NL    | Dutch
+nl\_BG    | Dutch (Belgium)
+en\_US    | English (United States)
+en\_GB    | English (UK)
+en\_AU    | English (Australia)
+en\_CA    | English (Canada)
+en\_NZ    | English (New Zealand)
+en\_IE    | English (Ireland)
+fi\_FI    | Finnish
+fr\_FR    | French
+fr\_BE    | French (Belgium)
+fr\_CA    | French (Canada)
+fr\_CH    | French (Swiss)
+de\_DE    | German
+de\_CH    | German (Swiss)
+de\_AT    | German (Austria)
+el\_GR    | Greek (Ελληνικά)
+hu\_HU    | Hungarian
+is\_IS    | Icelandic
+it\_IT    | Italian (Italy)
+it\_CH    | Italian (Swiss)
+ja\_JP    | Japanese
+ko\_KO    | Korean
+no\_NO    | Norwegian (Bokmål)
+nb\_NO    | Norwegian (Bokmål)
+nn\_NO    | Norwegian (Nynorsk)
+pl\_PL    | Polish (Poland)
+pt\_PT    | Portuguese
+pt\_BR    | Portuguese (Brazil)
+ro\_RO    | Romanian
+ru\_RU    | Russian (русский язык)
+sk\_SK    | Slovak
+sl\_SI    | Slovenian
+es\_ES    | Spanish
+es\_ES\_T | Spanish (Traditional)
+es\_MX    | Spanish (Mexico)
+es\_ES\_M | Spanish (Modern)
+sv\_SE    | Swedish
+tr\_TR    | Turkish
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.

data/example/eventlog.rb

@@ -1,6 +1,10 @@
 require 'winevt'
 
-@query = Winevt::EventLog::Query.new("Application", "*[System[(Level <= 3) and TimeCreated[timediff(@SystemTime) <= 86400000]]]")
+@session = Winevt::EventLog::Session.new("127.0.0.1") # Or remote box ip
+# @session.domain = "<EXAMPLEGROUP>"
+# @session.username = "<username>"
+# @session.password = "<password>"
+@query = Winevt::EventLog::Query.new("Application", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]", @session)
 
 @query.render_as_xml = true
 @query.preserve_qualifiers = true

data/example/locale.rb

@@ -0,0 +1,13 @@
+require 'winevt'
+
+@locale = Winevt::EventLog::Locale.new
+
+header = <<EOC
+locale    | language
+---------:|:--------
+EOC
+
+print header
+@locale.each do |code, desc|
+  print "#{code.gsub("_", "\\_")}#{" "*(8 - code.size)}| #{desc}\n"
+end

data/example/tailing.rb

@@ -1,11 +1,17 @@
 require 'winevt'
 
+@session = Winevt::EventLog::Session.new("127.0.0.1") # Or remote box ip
+# @session.domain = "<EXAMPLEGROUP>"
+# @session.username = "<username>"
+# @session.password = "<password>"
+@bookmark = Winevt::EventLog::Bookmark.new
 @subscribe = Winevt::EventLog::Subscribe.new
 @subscribe.read_existing_events = true
 @subscribe.preserve_qualifiers = true
 @subscribe.render_as_xml = true
 @subscribe.subscribe(
-  "Security", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]"
+  "Security", "*[System[(Level <= 4) and TimeCreated[timediff(@SystemTime) <= 86400000]]]",
+  @bookmark, @session
 )
 while true do
   @subscribe.each do |eventlog, message, string_inserts|

data/ext/winevt/winevt.c

@@ -1,7 +1,11 @@
 #include <winevt_c.h>
 
 VALUE rb_mWinevt;
+VALUE rb_cQuery;
 VALUE rb_cEventLog;
+VALUE rb_cSubscribe;
+VALUE rb_eWinevtQueryError;
+VALUE rb_eRemoteHandlerError;
 
 static ID id_call;
 
@@ -13,11 +17,14 @@ Init_winevt(void)
   rb_cQuery = rb_define_class_under(rb_cEventLog, "Query", rb_cObject);
   rb_cSubscribe = rb_define_class_under(rb_cEventLog, "Subscribe", rb_cObject);
   rb_eWinevtQueryError = rb_define_class_under(rb_cQuery, "Error", rb_eStandardError);
+  rb_eRemoteHandlerError = rb_define_class_under(rb_cSubscribe, "RemoteHandlerError", rb_eRuntimeError);
 
   Init_winevt_channel(rb_cEventLog);
   Init_winevt_bookmark(rb_cEventLog);
   Init_winevt_query(rb_cEventLog);
   Init_winevt_subscribe(rb_cEventLog);
+  Init_winevt_locale(rb_cEventLog);
+  Init_winevt_session(rb_cEventLog);
 
   id_call = rb_intern("call");
 }

data/ext/winevt/winevt_bookmark.c

@@ -19,6 +19,8 @@
  */
 /* clang-format pn */
 
+VALUE rb_cBookmark;
+
 static void bookmark_free(void* ptr);
 
 static const rb_data_type_t rb_winevt_bookmark_type = { "winevt/bookmark",

data/ext/winevt/winevt_c.h

@@ -21,6 +21,13 @@
 #define EventQuery(object) ((struct WinevtQuery*)DATA_PTR(object))
 #define EventBookMark(object) ((struct WinevtBookmark*)DATA_PTR(object))
 #define EventChannel(object) ((struct WinevtChannel*)DATA_PTR(object))
+#define EventSession(object) ((struct WinevtSession*)DATA_PTR(object))
+
+typedef struct {
+  LANGID langID;
+  CHAR* langCode;
+  CHAR* description;
+} LocaleInfo;
 
 #ifdef __cplusplus
 extern "C" {
@@ -32,20 +39,40 @@ VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
 #endif /* __cplusplus */
 void  raise_system_error(VALUE error, DWORD errorCode);
 VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
-WCHAR* get_description(EVT_HANDLE handle);
+EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
+                             LPWSTR username, LPWSTR password,
+                             EVT_RPC_LOGIN_FLAGS flags);
+WCHAR* get_description(EVT_HANDLE handle, LANGID langID, EVT_HANDLE hRemote);
 VALUE get_values(EVT_HANDLE handle);
 VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers);
+LocaleInfo* get_locale_info_from_rb_str(VALUE rb_locale_str);
 
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */
 
-VALUE rb_cQuery;
-VALUE rb_cFlag;
-VALUE rb_cChannel;
-VALUE rb_cBookmark;
-VALUE rb_cSubscribe;
-VALUE rb_eWinevtQueryError;
+extern VALUE rb_cQuery;
+extern VALUE rb_cFlag;
+extern VALUE rb_cChannel;
+extern VALUE rb_cBookmark;
+extern VALUE rb_cSubscribe;
+extern VALUE rb_eWinevtQueryError;
+extern VALUE rb_eRemoteHandlerError;
+extern VALUE rb_cLocale;
+extern VALUE rb_cSession;
+
+struct WinevtSession {
+  LPWSTR server;
+  LPWSTR domain;
+  LPWSTR username;
+  LPWSTR password;
+  EVT_RPC_LOGIN_FLAGS flags;
+};
+
+extern LocaleInfo localeInfoTable[];
+extern LocaleInfo default_locale;
+
+struct WinevtLocale {};
 
 struct WinevtChannel
 {
@@ -70,6 +97,8 @@ struct WinevtQuery
   LONG timeout;
   BOOL renderAsXML;
   BOOL preserveQualifiers;
+  LocaleInfo *localeInfo;
+  EVT_HANDLE remoteHandle;
 };
 
 #define SUBSCRIBE_ARRAY_SIZE 10
@@ -89,11 +118,15 @@ struct WinevtSubscribe
   DWORD currentRate;
   BOOL renderAsXML;
   BOOL preserveQualifiers;
+  LocaleInfo* localeInfo;
+  EVT_HANDLE remoteHandle;
 };
 
 void Init_winevt_query(VALUE rb_cEventLog);
 void Init_winevt_channel(VALUE rb_cEventLog);
 void Init_winevt_bookmark(VALUE rb_cEventLog);
 void Init_winevt_subscribe(VALUE rb_cEventLog);
+void Init_winevt_locale(VALUE rb_cEventLog);
+void Init_winevt_session(VALUE rb_cEventLog);
 
 #endif // _WINEVT_C_H

data/ext/winevt/winevt_channel.c

@@ -19,6 +19,8 @@
  *  print channels
  */
 
+VALUE rb_cChannel;
+
 DWORD is_subscribable_channel_p(EVT_HANDLE hChannel, BOOL force_enumerate);
 DWORD check_subscribable_with_channel_config_type(int Id, PEVT_VARIANT pProperty, BOOL force_enumerate);
 static void channel_free(void* ptr);

data/ext/winevt/winevt_locale.c

@@ -0,0 +1,92 @@
+#include <winevt_c.h>
+
+
+/* clang-format off */
+/*
+ * Document-class: Winevt::EventLog::Locale
+ *
+ * handle locales for Windows EventLog's description.
+ *
+ * @example
+ *  require 'winevt'
+ *
+ *  @locale = Winevt::EventLog::Locale.new
+ *  @locale.each {|code, desc|
+ *    print code, desc
+ *  }
+ * @since v0.8.1
+ */
+/* clang-format on */
+
+VALUE rb_cLocale;
+
+static void locale_free(void* ptr);
+
+static const rb_data_type_t rb_winevt_locale_type = { "winevt/locale",
+                                                       {
+                                                         0,
+                                                         locale_free,
+                                                         0,
+                                                       },
+                                                       NULL,
+                                                       NULL,
+                                                       RUBY_TYPED_FREE_IMMEDIATELY };
+
+static void
+locale_free(void* ptr)
+{
+  xfree(ptr);
+}
+
+static VALUE
+rb_winevt_locale_alloc(VALUE klass)
+{
+  VALUE obj;
+  struct WinevtLocale* winevtLocale;
+  obj = TypedData_Make_Struct(
+    klass, struct WinevtLocale, &rb_winevt_locale_type, winevtLocale);
+  return obj;
+}
+
+/*
+ * Initalize Locale class.
+ *
+ * @return [Locale]
+ *
+ */
+static VALUE
+rb_winevt_locale_initialize(VALUE self)
+{
+  return Qnil;
+}
+
+/*
+ * Enumerate supported locales and its descriptions
+ *
+ * @yield (String, String)
+ *
+ */
+static VALUE
+rb_winevt_locale_each(VALUE self)
+{
+  RETURN_ENUMERATOR(self, 0, 0);
+
+  for (int i = 0; localeInfoTable[i].langCode != NULL; i++) {
+    rb_yield_values(2,
+                    rb_utf8_str_new_cstr(localeInfoTable[i].langCode),
+                    rb_utf8_str_new_cstr(localeInfoTable[i].description));
+  }
+
+  return Qnil;
+}
+
+void
+Init_winevt_locale(VALUE rb_cEventLog)
+{
+  rb_cLocale = rb_define_class_under(rb_cEventLog, "Locale", rb_cObject);
+
+  rb_define_alloc_func(rb_cLocale, rb_winevt_locale_alloc);
+
+  rb_define_method(rb_cLocale, "initialize", rb_winevt_locale_initialize, 0);
+  rb_define_method(rb_cLocale, "each", rb_winevt_locale_each, 0);
+}

data/ext/winevt/winevt_locale_info.c

@@ -0,0 +1,68 @@
+#include <winevt_c.h>
+
+LocaleInfo localeInfoTable [] = {
+  { MAKELANGID(LANG_BULGARIAN,  SUBLANG_DEFAULT),              "bg_BG",   "Bulgarian"},
+  { MAKELANGID(LANG_CHINESE,    SUBLANG_CHINESE_SIMPLIFIED),   "zh_CN",   "Simplified Chinese "},
+  { MAKELANGID(LANG_CHINESE,    SUBLANG_CHINESE_TRADITIONAL),  "zh_TW",   "Traditional Chinese"},
+  { MAKELANGID(LANG_CHINESE,    SUBLANG_CHINESE_HONGKONG),     "zh_HK",   "Chinese (Hong Kong)"},
+  { MAKELANGID(LANG_CHINESE,    SUBLANG_CHINESE_SINGAPORE),    "zh_SG",   "Chinese (Singapore)"},
+  { MAKELANGID(LANG_CROATIAN,   SUBLANG_DEFAULT),              "hr_HR",   "Croatian"},
+  { MAKELANGID(LANG_CZECH,      SUBLANG_DEFAULT),              "cs_CZ",   "Czech"},
+  { MAKELANGID(LANG_DANISH,     SUBLANG_DEFAULT),              "da_DK",   "Dannish"},
+  { MAKELANGID(LANG_DUTCH,      SUBLANG_DUTCH),                "nl_NL",   "Dutch"},
+  { MAKELANGID(LANG_DUTCH,      SUBLANG_DUTCH_BELGIAN),        "nl_BE",   "Dutch (Belgium)"},
+  { MAKELANGID(LANG_ENGLISH,    SUBLANG_DEFAULT),              "en_US",   "English (United States)"},
+  { MAKELANGID(LANG_ENGLISH,    SUBLANG_ENGLISH_UK),           "en_GB",   "English (UK)"},
+  { MAKELANGID(LANG_ENGLISH,    SUBLANG_ENGLISH_AUS),          "en_AU",   "English (Australia)"},
+  { MAKELANGID(LANG_ENGLISH,    SUBLANG_ENGLISH_CAN),          "en_CA",   "English (Canada)"},
+  { MAKELANGID(LANG_ENGLISH,    SUBLANG_ENGLISH_NZ),           "en_NZ",   "English (New Zealand)"},
+  { MAKELANGID(LANG_ENGLISH,    SUBLANG_ENGLISH_EIRE),         "en_IE",   "English (Ireland)"},
+  { MAKELANGID(LANG_FINNISH,    SUBLANG_DEFAULT),              "fi_FI",   "Finnish"},
+  { MAKELANGID(LANG_FRENCH,     SUBLANG_FRENCH),               "fr_FR",   "French"},
+  { MAKELANGID(LANG_FRENCH,     SUBLANG_FRENCH_BELGIAN),       "fr_BE",   "French (Belgium)"},
+  { MAKELANGID(LANG_FRENCH,     SUBLANG_FRENCH_CANADIAN),      "fr_CA",   "French (Canada)"},
+  { MAKELANGID(LANG_FRENCH,     SUBLANG_FRENCH_SWISS),         "fr_CH",   "French (Swiss)"},
+  { MAKELANGID(LANG_GERMAN,     SUBLANG_GERMAN),               "de_DE",   "German"},
+  { MAKELANGID(LANG_GERMAN,     SUBLANG_GERMAN_SWISS),         "de_CH",   "German (Swiss)"},
+  { MAKELANGID(LANG_GERMAN,     SUBLANG_GERMAN_AUSTRIAN),      "de_AT",   "German (Austria))"},
+  { MAKELANGID(LANG_GREEK,      SUBLANG_DEFAULT),              "el_GR",   "Greek (Ελληνικά)"},
+  { MAKELANGID(LANG_HUNGARIAN,  SUBLANG_DEFAULT),              "hu_HU",   "Hungarian"},
+  { MAKELANGID(LANG_ICELANDIC,  SUBLANG_DEFAULT),              "is_IS",   "Icelandic"},
+  { MAKELANGID(LANG_ITALIAN,    SUBLANG_ITALIAN),              "it_IT",   "Italian (Italy)"},
+  { MAKELANGID(LANG_ITALIAN,    SUBLANG_ITALIAN_SWISS),        "it_CH",   "Italian (Swiss)"},
+  { MAKELANGID(LANG_JAPANESE,   SUBLANG_DEFAULT),              "ja_JP",   "Japanases"},
+  { MAKELANGID(LANG_KOREAN,     SUBLANG_DEFAULT),              "ko_KO",   "Korean"},
+  { MAKELANGID(LANG_NORWEGIAN,  SUBLANG_NORWEGIAN_BOKMAL),     "no_NO",   "Norwegian (Bokmål)"},
+  { MAKELANGID(LANG_NORWEGIAN,  SUBLANG_NORWEGIAN_BOKMAL),     "nb_NO",   "Norwegian (Bokmål)"},
+  { MAKELANGID(LANG_NORWEGIAN,  SUBLANG_NORWEGIAN_NYNORSK),    "nn_NO",   "Norwegian (Nynorsk)"},
+  { MAKELANGID(LANG_POLISH,     SUBLANG_DEFAULT),              "pl_PL",   "Polish"},
+  { MAKELANGID(LANG_PORTUGUESE, SUBLANG_PORTUGUESE),           "pt_PT",   "Portuguese"},
+  { MAKELANGID(LANG_PORTUGUESE, SUBLANG_PORTUGUESE_BRAZILIAN), "pt_BR",   "Portuguese (Brazil)"},
+  { MAKELANGID(LANG_ROMANIAN,   SUBLANG_DEFAULT),              "ro_RO",   "Romanian"},
+  { MAKELANGID(LANG_RUSSIAN,    SUBLANG_DEFAULT),              "ru_RU",   "Russian  (русский язык)"},
+  { MAKELANGID(LANG_SLOVAK,     SUBLANG_DEFAULT),              "sk_SK",   "Slovak"},
+  { MAKELANGID(LANG_SLOVENIAN,  SUBLANG_DEFAULT),              "sl_SI",   "Slovenian"},
+  { MAKELANGID(LANG_SPANISH,    SUBLANG_SPANISH),              "es_ES",   "Spanish"},
+  { MAKELANGID(LANG_SPANISH,    SUBLANG_SPANISH),              "es_ES_T", "Spanish (Traditional)"},
+  { MAKELANGID(LANG_SPANISH,    SUBLANG_SPANISH_MEXICAN),      "es_MX",   "Spanish (Mexico)"},
+  { MAKELANGID(LANG_SPANISH,    SUBLANG_SPANISH_MODERN),       "es_ES_M", "Spanish (Modern)"},
+  { MAKELANGID(LANG_SWEDISH,    SUBLANG_DEFAULT),              "sv_SE",   "Swedish"},
+  { MAKELANGID(LANG_TURKISH,    SUBLANG_DEFAULT),              "tr_TR",   "Turkish"},
+  { 0, NULL, NULL}
+};
+
+LocaleInfo default_locale = {MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), "neutral", "Default"};
+
+LocaleInfo*
+get_locale_info_from_rb_str(VALUE rb_locale_str)
+{
+  CHAR* locale_str = StringValuePtr(rb_locale_str);
+
+  for (int i = 0; localeInfoTable[i].langCode != NULL; i++) {
+    if (stricmp(localeInfoTable[i].langCode, locale_str) == 0) {
+      return &localeInfoTable[i];
+    }
+  }
+
+  rb_raise(rb_eArgError, "Unknown locale: %s", locale_str);
+}

data/ext/winevt/winevt_query.c

@@ -17,6 +17,7 @@
  */
 /* clang-format on */
 
+VALUE rb_cFlag;
 
 static void query_free(void* ptr);
 
@@ -31,16 +32,32 @@ static const rb_data_type_t rb_winevt_query_type = { "winevt/query",
                                                      RUBY_TYPED_FREE_IMMEDIATELY };
 
 static void
-query_free(void* ptr)
+close_handles(struct WinevtQuery* winevtQuery)
 {
-  struct WinevtQuery* winevtQuery = (struct WinevtQuery*)ptr;
-  if (winevtQuery->query)
+  if (winevtQuery->query) {
     EvtClose(winevtQuery->query);
+    winevtQuery->query = NULL;
+  }
 
   for (int i = 0; i < winevtQuery->count; i++) {
-    if (winevtQuery->hEvents[i])
+    if (winevtQuery->hEvents[i]) {
       EvtClose(winevtQuery->hEvents[i]);
+      winevtQuery->hEvents[i] = NULL;
+    }
+  }
+
+  if (winevtQuery->remoteHandle) {
+    EvtClose(winevtQuery->remoteHandle);
+    winevtQuery->remoteHandle = NULL;
   }
+}
+
+static void
+query_free(void* ptr)
+{
+  struct WinevtQuery* winevtQuery = (struct WinevtQuery*)ptr;
+  close_handles(winevtQuery);
+
   xfree(ptr);
 }
 
@@ -57,22 +74,44 @@ rb_winevt_query_alloc(VALUE klass)
 /*
  * Initalize Query class.
  *
- * @param channel [String] Querying EventLog channel.
- * @param xpath [String] Querying XPath.
+ * @overload initialize(channel, xpath, session=nil)
+ *   @param channel [String] Querying EventLog channel.
+ *   @param xpath [String] Querying XPath.
+ *   @param session [Session] Session information for remoting access.
  * @return [Query]
  *
  */
 static VALUE
-rb_winevt_query_initialize(VALUE self, VALUE channel, VALUE xpath)
+rb_winevt_query_initialize(VALUE argc, VALUE *argv, VALUE self)
 {
   PWSTR evtChannel, evtXPath;
+  VALUE channel, xpath, session;
   struct WinevtQuery* winevtQuery;
+  struct WinevtSession* winevtSession;
+  EVT_HANDLE hRemoteHandle = NULL;
   DWORD len;
   VALUE wchannelBuf, wpathBuf;
+  DWORD err;
 
+  rb_scan_args(argc, argv, "21", &channel, &xpath, &session);
   Check_Type(channel, T_STRING);
   Check_Type(xpath, T_STRING);
 
+  if (rb_obj_is_kind_of(session, rb_cSession)) {
+    winevtSession = EventSession(session);
+
+    hRemoteHandle = connect_to_remote(winevtSession->server,
+                                      winevtSession->domain,
+                                      winevtSession->username,
+                                      winevtSession->password,
+                                      winevtSession->flags);
+
+    err = GetLastError();
+    if (err != ERROR_SUCCESS) {
+      raise_system_error(rb_eRuntimeError, err);
+    }
+  }
+
   // channel : To wide char
   len =
     MultiByteToWideChar(CP_UTF8, 0, RSTRING_PTR(channel), RSTRING_LEN(channel), NULL, 0);
@@ -90,11 +129,17 @@ rb_winevt_query_initialize(VALUE self, VALUE channel, VALUE xpath)
   TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
 
   winevtQuery->query = EvtQuery(
-    NULL, evtChannel, evtXPath, EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
+    hRemoteHandle, evtChannel, evtXPath, EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
+  err = GetLastError();
+  if (err != ERROR_SUCCESS) {
+    raise_system_error(rb_eRuntimeError, err);
+  }
   winevtQuery->offset = 0L;
   winevtQuery->timeout = 0L;
   winevtQuery->renderAsXML = TRUE;
   winevtQuery->preserveQualifiers = FALSE;
+  winevtQuery->localeInfo = &default_locale;
+  winevtQuery->remoteHandle = hRemoteHandle;
 
   ALLOCV_END(wchannelBuf);
   ALLOCV_END(wpathBuf);
@@ -186,6 +231,9 @@ rb_winevt_query_next(VALUE self)
 
   if (!EvtNext(winevtQuery->query, QUERY_ARRAY_SIZE, hEvents, INFINITE, 0, &count)) {
     status = GetLastError();
+    if (ERROR_CANCELLED == status) {
+      return Qfalse;
+    }
     if (ERROR_NO_MORE_ITEMS != status) {
       return Qfalse;
     }
@@ -218,12 +266,12 @@ rb_winevt_query_render(VALUE self, EVT_HANDLE event)
 }
 
 static VALUE
-rb_winevt_query_message(EVT_HANDLE event)
+rb_winevt_query_message(EVT_HANDLE event, LocaleInfo* localeInfo, EVT_HANDLE hRemote)
 {
   WCHAR* wResult;
   VALUE utf8str;
 
-  wResult = get_description(event);
+  wResult = get_description(event, localeInfo->langID, hRemote);
   utf8str = wstr_to_rb_str(CP_UTF8, wResult, -1);
   free(wResult);
 
@@ -335,7 +383,8 @@ rb_winevt_query_each_yield(VALUE self)
   for (int i = 0; i < winevtQuery->count; i++) {
     rb_yield_values(3,
                     rb_winevt_query_render(self, winevtQuery->hEvents[i]),
-                    rb_winevt_query_message(winevtQuery->hEvents[i]),
+                    rb_winevt_query_message(winevtQuery->hEvents[i], winevtQuery->localeInfo,
+                                            winevtQuery->remoteHandle),
                     rb_winevt_query_string_inserts(winevtQuery->hEvents[i]));
   }
   return Qnil;
@@ -399,7 +448,7 @@ rb_winevt_query_set_render_as_xml(VALUE self, VALUE rb_render_as_xml)
  * This method specifies whether preserving qualifiers key or not.
  *
  * @since 0.7.3
- * @param rb_render_as_xml [Boolean]
+ * @param rb_preserve_qualifiers [Boolean]
  */
 static VALUE
 rb_winevt_query_set_preserve_qualifiers(VALUE self, VALUE rb_preserve_qualifiers)
@@ -431,6 +480,92 @@ rb_winevt_query_get_preserve_qualifiers_p(VALUE self)
   return winevtQuery->preserveQualifiers ? Qtrue : Qfalse;
 }
 
+/*
+ * This method specifies locale with [String].
+ *
+ * @since 0.8.0
+ * @param rb_locale_str [String]
+ */
+static VALUE
+rb_winevt_query_set_locale(VALUE self, VALUE rb_locale_str)
+{
+  struct WinevtQuery* winevtQuery;
+  LocaleInfo* locale_info = &default_locale;
+
+  TypedData_Get_Struct(
+    self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  locale_info = get_locale_info_from_rb_str(rb_locale_str);
+
+  winevtQuery->localeInfo = locale_info;
+
+  return Qnil;
+}
+
+/*
+ * This method obtains specified locale with [String].
+ *
+ * @since 0.8.0
+ */
+static VALUE
+rb_winevt_query_get_locale(VALUE self)
+{
+  struct WinevtQuery* winevtQuery;
+
+  TypedData_Get_Struct(
+    self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  if (winevtQuery->localeInfo->langCode) {
+    return rb_str_new2(winevtQuery->localeInfo->langCode);
+  } else {
+    return rb_str_new2(default_locale.langCode);
+  }
+}
+
+/*
+ * This method cancels channel query.
+ *
+ * @return [Boolean]
+ * @since 0.9.1
+ */
+static VALUE
+rb_winevt_query_cancel(VALUE self)
+{
+  struct WinevtQuery* winevtQuery;
+  BOOL result = FALSE;
+
+  TypedData_Get_Struct(
+    self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  if (winevtQuery->query) {
+    result = EvtCancel(winevtQuery->query);
+  }
+
+  if (result) {
+    return Qtrue;
+  } else {
+    return Qfalse;
+  }
+}
+
+/*
+ * This method closes channel handles forcibly.
+ *
+ * @since 0.9.1
+ */
+static VALUE
+rb_winevt_query_close(VALUE self)
+{
+  struct WinevtQuery* winevtQuery;
+
+  TypedData_Get_Struct(
+    self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
+
+  close_handles(winevtQuery);
+
+  return Qnil;
+}
+
 void
 Init_winevt_query(VALUE rb_cEventLog)
 {
@@ -478,7 +613,7 @@ Init_winevt_query(VALUE rb_cEventLog)
   rb_define_const(rb_cFlag, "Strict", LONG2NUM(EvtSeekStrict));
   /* clang-format on */
 
-  rb_define_method(rb_cQuery, "initialize", rb_winevt_query_initialize, 2);
+  rb_define_method(rb_cQuery, "initialize", rb_winevt_query_initialize, -1);
   rb_define_method(rb_cQuery, "next", rb_winevt_query_next, 0);
   rb_define_method(rb_cQuery, "seek", rb_winevt_query_seek, 1);
   rb_define_method(rb_cQuery, "offset", rb_winevt_query_get_offset, 0);
@@ -496,4 +631,20 @@ Init_winevt_query(VALUE rb_cEventLog)
    * @since 0.7.3
    */
   rb_define_method(rb_cQuery, "preserve_qualifiers=", rb_winevt_query_set_preserve_qualifiers, 1);
+  /*
+   * @since 0.8.0
+   */
+  rb_define_method(rb_cQuery, "locale", rb_winevt_query_get_locale, 0);
+  /*
+   * @since 0.8.0
+   */
+  rb_define_method(rb_cQuery, "locale=", rb_winevt_query_set_locale, 1);
+  /*
+   * @since 0.9.1
+   */
+  rb_define_method(rb_cQuery, "cancel", rb_winevt_query_cancel, 0);
+  /*
+   * @since 0.9.1
+   */
+  rb_define_method(rb_cQuery, "close", rb_winevt_query_close, 0);
 }