RubyGems - winevt_c - Versions diffs - 0.9.1 → 0.9.2 - Mend

winevt_c 0.9.1 → 0.9.2

Files changed (34) hide show

checksums.yaml +4 -4
data/.clang-format +4 -4
data/.github/workflows/linux.yml +26 -0
data/Gemfile +6 -6
data/LICENSE.txt +202 -202
data/README.md +97 -97
data/Rakefile +37 -37
data/appveyor.yml +32 -26
data/example/bookmark.rb +9 -9
data/example/enumerate_channels.rb +13 -13
data/example/eventlog.rb +13 -13
data/example/locale.rb +13 -13
data/example/rate_limit.rb +14 -14
data/example/tailing.rb +21 -21
data/ext/winevt/extconf.rb +24 -24
data/ext/winevt/winevt.c +30 -30
data/ext/winevt/winevt_bookmark.c +149 -149
data/ext/winevt/winevt_c.h +132 -132
data/ext/winevt/winevt_channel.c +327 -327
data/ext/winevt/winevt_locale.c +92 -92
data/ext/winevt/winevt_locale_info.c +68 -68
data/ext/winevt/winevt_query.c +650 -650
data/ext/winevt/winevt_session.c +425 -425
data/ext/winevt/winevt_subscribe.c +757 -757
data/ext/winevt/winevt_utils.cpp +723 -718
data/lib/winevt.rb +14 -14
data/lib/winevt/bookmark.rb +6 -6
data/lib/winevt/query.rb +6 -6
data/lib/winevt/session.rb +15 -15
data/lib/winevt/subscribe.rb +18 -18
data/lib/winevt/version.rb +3 -3
data/winevt_c.gemspec +34 -34
metadata +8 -9
data/.travis.yml +0 -15

data/ext/winevt/winevt_c.h CHANGED Viewed

@@ -1,132 +1,132 @@
-#ifndef _WINEVT_C_H_
-#define _WINEVT_C_H_
-#include <ruby.h>
-#include <ruby/encoding.h>
-#ifdef __GNUC__
-#include <w32api.h>
-#define MINIMUM_WINDOWS_VERSION WindowsVista
-#else                                  /* __GNUC__ */
-#define MINIMUM_WINDOWS_VERSION 0x0600 /* Vista */
-#endif                                 /* __GNUC__ */
-#ifdef _WIN32_WINNT
-#undef _WIN32_WINNT
-#endif /* WIN32_WINNT */
-#define _WIN32_WINNT MINIMUM_WINDOWS_VERSION
-#include <time.h>
-#include <winevt.h>
-#define EventQuery(object) ((struct WinevtQuery*)DATA_PTR(object))
-#define EventBookMark(object) ((struct WinevtBookmark*)DATA_PTR(object))
-#define EventChannel(object) ((struct WinevtChannel*)DATA_PTR(object))
-#define EventSession(object) ((struct WinevtSession*)DATA_PTR(object))
-typedef struct {
-  LANGID langID;
-  CHAR* langCode;
-  CHAR* description;
-} LocaleInfo;
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
-#if defined(__cplusplus)
-[[ noreturn ]]
-#endif /* __cplusplus */
-void  raise_system_error(VALUE error, DWORD errorCode);
-VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
-EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
-                             LPWSTR username, LPWSTR password,
-                             EVT_RPC_LOGIN_FLAGS flags);
-WCHAR* get_description(EVT_HANDLE handle, LANGID langID, EVT_HANDLE hRemote);
-VALUE get_values(EVT_HANDLE handle);
-VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers);
-LocaleInfo* get_locale_info_from_rb_str(VALUE rb_locale_str);
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-extern VALUE rb_cQuery;
-extern VALUE rb_cFlag;
-extern VALUE rb_cChannel;
-extern VALUE rb_cBookmark;
-extern VALUE rb_cSubscribe;
-extern VALUE rb_eWinevtQueryError;
-extern VALUE rb_eRemoteHandlerError;
-extern VALUE rb_cLocale;
-extern VALUE rb_cSession;
-struct WinevtSession {
-  LPWSTR server;
-  LPWSTR domain;
-  LPWSTR username;
-  LPWSTR password;
-  EVT_RPC_LOGIN_FLAGS flags;
-};
-extern LocaleInfo localeInfoTable[];
-extern LocaleInfo default_locale;
-struct WinevtLocale {};
-struct WinevtChannel
-{
-  EVT_HANDLE channels;
-  BOOL force_enumerate;
-};
-struct WinevtBookmark
-{
-  EVT_HANDLE bookmark;
-  ULONG count;
-};
-#define QUERY_ARRAY_SIZE 10
-struct WinevtQuery
-{
-  EVT_HANDLE query;
-  EVT_HANDLE hEvents[QUERY_ARRAY_SIZE];
-  ULONG count;
-  LONG offset;
-  LONG timeout;
-  BOOL renderAsXML;
-  BOOL preserveQualifiers;
-  LocaleInfo *localeInfo;
-  EVT_HANDLE remoteHandle;
-};
-#define SUBSCRIBE_ARRAY_SIZE 10
-#define SUBSCRIBE_RATE_INFINITE -1
-struct WinevtSubscribe
-{
-  HANDLE signalEvent;
-  EVT_HANDLE subscription;
-  EVT_HANDLE bookmark;
-  EVT_HANDLE hEvents[SUBSCRIBE_ARRAY_SIZE];
-  DWORD count;
-  DWORD flags;
-  BOOL readExistingEvents;
-  DWORD rateLimit;
-  time_t lastTime;
-  DWORD currentRate;
-  BOOL renderAsXML;
-  BOOL preserveQualifiers;
-  LocaleInfo* localeInfo;
-  EVT_HANDLE remoteHandle;
-};
-void Init_winevt_query(VALUE rb_cEventLog);
-void Init_winevt_channel(VALUE rb_cEventLog);
-void Init_winevt_bookmark(VALUE rb_cEventLog);
-void Init_winevt_subscribe(VALUE rb_cEventLog);
-void Init_winevt_locale(VALUE rb_cEventLog);
-void Init_winevt_session(VALUE rb_cEventLog);
-#endif // _WINEVT_C_H
+#ifndef _WINEVT_C_H_
+#define _WINEVT_C_H_
+#include <ruby.h>
+#include <ruby/encoding.h>
+#ifdef __GNUC__
+#include <w32api.h>
+#define MINIMUM_WINDOWS_VERSION WindowsVista
+#else                                  /* __GNUC__ */
+#define MINIMUM_WINDOWS_VERSION 0x0600 /* Vista */
+#endif                                 /* __GNUC__ */
+#ifdef _WIN32_WINNT
+#undef _WIN32_WINNT
+#endif /* WIN32_WINNT */
+#define _WIN32_WINNT MINIMUM_WINDOWS_VERSION
+#include <time.h>
+#include <winevt.h>
+#define EventQuery(object) ((struct WinevtQuery*)DATA_PTR(object))
+#define EventBookMark(object) ((struct WinevtBookmark*)DATA_PTR(object))
+#define EventChannel(object) ((struct WinevtChannel*)DATA_PTR(object))
+#define EventSession(object) ((struct WinevtSession*)DATA_PTR(object))
+typedef struct {
+  LANGID langID;
+  CHAR* langCode;
+  CHAR* description;
+} LocaleInfo;
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
+#if defined(__cplusplus)
+[[ noreturn ]]
+#endif /* __cplusplus */
+void  raise_system_error(VALUE error, DWORD errorCode);
+VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
+EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
+                             LPWSTR username, LPWSTR password,
+                             EVT_RPC_LOGIN_FLAGS flags);
+WCHAR* get_description(EVT_HANDLE handle, LANGID langID, EVT_HANDLE hRemote);
+VALUE get_values(EVT_HANDLE handle);
+VALUE render_system_event(EVT_HANDLE handle, BOOL preserve_qualifiers);
+LocaleInfo* get_locale_info_from_rb_str(VALUE rb_locale_str);
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+extern VALUE rb_cQuery;
+extern VALUE rb_cFlag;
+extern VALUE rb_cChannel;
+extern VALUE rb_cBookmark;
+extern VALUE rb_cSubscribe;
+extern VALUE rb_eWinevtQueryError;
+extern VALUE rb_eRemoteHandlerError;
+extern VALUE rb_cLocale;
+extern VALUE rb_cSession;
+struct WinevtSession {
+  LPWSTR server;
+  LPWSTR domain;
+  LPWSTR username;
+  LPWSTR password;
+  EVT_RPC_LOGIN_FLAGS flags;
+};
+extern LocaleInfo localeInfoTable[];
+extern LocaleInfo default_locale;
+struct WinevtLocale {};
+struct WinevtChannel
+{
+  EVT_HANDLE channels;
+  BOOL force_enumerate;
+};
+struct WinevtBookmark
+{
+  EVT_HANDLE bookmark;
+  ULONG count;
+};
+#define QUERY_ARRAY_SIZE 10
+struct WinevtQuery
+{
+  EVT_HANDLE query;
+  EVT_HANDLE hEvents[QUERY_ARRAY_SIZE];
+  ULONG count;
+  LONG offset;
+  LONG timeout;
+  BOOL renderAsXML;
+  BOOL preserveQualifiers;
+  LocaleInfo *localeInfo;
+  EVT_HANDLE remoteHandle;
+};
+#define SUBSCRIBE_ARRAY_SIZE 10
+#define SUBSCRIBE_RATE_INFINITE -1
+struct WinevtSubscribe
+{
+  HANDLE signalEvent;
+  EVT_HANDLE subscription;
+  EVT_HANDLE bookmark;
+  EVT_HANDLE hEvents[SUBSCRIBE_ARRAY_SIZE];
+  DWORD count;
+  DWORD flags;
+  BOOL readExistingEvents;
+  DWORD rateLimit;
+  time_t lastTime;
+  DWORD currentRate;
+  BOOL renderAsXML;
+  BOOL preserveQualifiers;
+  LocaleInfo* localeInfo;
+  EVT_HANDLE remoteHandle;
+};
+void Init_winevt_query(VALUE rb_cEventLog);
+void Init_winevt_channel(VALUE rb_cEventLog);
+void Init_winevt_bookmark(VALUE rb_cEventLog);
+void Init_winevt_subscribe(VALUE rb_cEventLog);
+void Init_winevt_locale(VALUE rb_cEventLog);
+void Init_winevt_session(VALUE rb_cEventLog);
+#endif // _WINEVT_C_H

data/ext/winevt/winevt_channel.c CHANGED Viewed

@@ -1,327 +1,327 @@
-#include <winevt_c.h>
-/*
- * Document-class: Winevt::EventLog::Channel
- *
- * Retrieve Windows EventLog channel name.
- *
- * @example
- *  require 'winevt'
- *  channels = []
- *  @channel = Winevt::EventLog::Channel.new
- *  # If users want to retrieve all channel names that
- *  # including type of Debug and Analytical,
- *  # it should be set as true.
- *  @channel.force_enumerate = false
- *  @channel.each do |channel|
- *    channels << channel
- *  end
- *  print channels
- */
-VALUE rb_cChannel;
-DWORD is_subscribable_channel_p(EVT_HANDLE hChannel, BOOL force_enumerate);
-DWORD check_subscribable_with_channel_config_type(int Id, PEVT_VARIANT pProperty, BOOL force_enumerate);
-static void channel_free(void* ptr);
-static const rb_data_type_t rb_winevt_channel_type = { "winevt/channel",
-                                                       {
-                                                         0,
-                                                         channel_free,
-                                                         0,
-                                                       },
-                                                       NULL,
-                                                       NULL,
-                                                       RUBY_TYPED_FREE_IMMEDIATELY };
-static void
-channel_free(void* ptr)
-{
-  struct WinevtChannel* winevtChannel = (struct WinevtChannel*)ptr;
-  if (winevtChannel->channels)
-    EvtClose(winevtChannel->channels);
-  xfree(ptr);
-}
-static VALUE
-rb_winevt_channel_alloc(VALUE klass)
-{
-  VALUE obj;
-  struct WinevtChannel* winevtChannel;
-  obj = TypedData_Make_Struct(
-    klass, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
-  return obj;
-}
-/*
- * Initalize Channel class.
- *
- * @return [Channel]
- *
- */
-static VALUE
-rb_winevt_channel_initialize(VALUE self)
-{
-  struct WinevtChannel* winevtChannel;
-  TypedData_Get_Struct(
-    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
-  winevtChannel->force_enumerate = FALSE;
-  return Qnil;
-}
-/*
- * This method specifies whether forcing to enumerate channel which
- * type is Debug and Analytical or not.
- *
- * @param rb_force_enumerate_p [Boolean]
- * @since 0.7.1
- */
-static VALUE
-rb_winevt_channel_set_force_enumerate(VALUE self, VALUE rb_force_enumerate_p)
-{
-  struct WinevtChannel* winevtChannel;
-  TypedData_Get_Struct(
-    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
-  winevtChannel->force_enumerate = RTEST(rb_force_enumerate_p);
-  return Qnil;
-}
-/*
- * This method returns whether forcing to enumerate channel which type
- * is Debug and Analytical or not.
- *
- * @return [Boolean]
- * @since 0.7.1
- */
-static VALUE
-rb_winevt_channel_get_force_enumerate(VALUE self)
-{
-  struct WinevtChannel* winevtChannel;
-  TypedData_Get_Struct(
-    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
-  return winevtChannel->force_enumerate ? Qtrue : Qfalse;
-}
-DWORD is_subscribable_channel_p(EVT_HANDLE hChannel, BOOL force_enumerate)
-{
-  PEVT_VARIANT pProperty = NULL;
-  PEVT_VARIANT pTemp = NULL;
-  DWORD dwBufferSize = 0;
-  DWORD dwBufferUsed = 0;
-  DWORD status = ERROR_SUCCESS;
-  for (int Id = 0; Id < EvtChannelConfigPropertyIdEND; Id++) {
-    if (!EvtGetChannelConfigProperty(hChannel, (EVT_CHANNEL_CONFIG_PROPERTY_ID)Id, 0, dwBufferSize, pProperty, &dwBufferUsed)) {
-      status = GetLastError();
-      if (ERROR_INSUFFICIENT_BUFFER == status) {
-        dwBufferSize = dwBufferUsed;
-        pTemp = (PEVT_VARIANT)realloc(pProperty, dwBufferSize);
-        if (pTemp) {
-          pProperty = pTemp;
-          pTemp = NULL;
-          EvtGetChannelConfigProperty(hChannel, (EVT_CHANNEL_CONFIG_PROPERTY_ID)Id, 0, dwBufferSize, pProperty, &dwBufferUsed);
-          status = GetLastError();
-        } else {
-          free(pProperty);
-          status = ERROR_OUTOFMEMORY;
-          goto cleanup;
-        }
-      }
-      if (ERROR_SUCCESS != status) {
-        free(pProperty);
-        goto cleanup;
-      }
-    }
-    status = check_subscribable_with_channel_config_type(Id, pProperty, force_enumerate);
-    if (status != ERROR_SUCCESS)
-      break;
-  }
-cleanup:
-  free(pProperty);
-  return status;
-}
-#define EVENT_DEBUG_TYPE 2
-#define EVENT_ANALYTICAL_TYPE 3
-DWORD check_subscribable_with_channel_config_type(int Id, PEVT_VARIANT pProperty, BOOL force_enumerate)
-{
-  DWORD status = ERROR_SUCCESS;
-  switch(Id) {
-  case EvtChannelConfigType:
-    if (!force_enumerate &&
-        (pProperty->UInt32Val == EVENT_DEBUG_TYPE ||
-         pProperty->UInt32Val == EVENT_ANALYTICAL_TYPE)) {
-      return ERROR_INVALID_DATA;
-    }
-    break;
-  }
-  return status;
-}
-#undef EVENT_DEBUG_TYPE
-#undef EVENT_ANALYTICAL_TYPE
-/*
- * Enumerate Windows EventLog channels
- *
- * @yield (String)
- *
- */
-static VALUE
-rb_winevt_channel_each(VALUE self)
-{
-  EVT_HANDLE hChannels;
-  EVT_HANDLE hChannelConfig = NULL;
-  struct WinevtChannel* winevtChannel;
-  char errBuf[256];
-  LPWSTR buffer = NULL;
-  DWORD bufferSize = 0;
-  DWORD bufferUsed = 0;
-  DWORD status = ERROR_SUCCESS;
-  VALUE utf8str;
-  RETURN_ENUMERATOR(self, 0, 0);
-  TypedData_Get_Struct(
-    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
-  hChannels = EvtOpenChannelEnum(NULL, 0);
-  if (hChannels) {
-    winevtChannel->channels = hChannels;
-  } else {
-    _snprintf_s(errBuf,
-                _countof(errBuf),
-                _TRUNCATE,
-                "Failed to enumerate channels with %lu\n",
-                GetLastError());
-    rb_raise(rb_eRuntimeError, errBuf);
-  }
-  while (1) {
-    if (!EvtNextChannelPath(winevtChannel->channels, bufferSize, buffer, &bufferUsed)) {
-      status = GetLastError();
-      if (ERROR_NO_MORE_ITEMS == status) {
-        break;
-      } else if (ERROR_INSUFFICIENT_BUFFER == status) {
-        bufferSize = bufferUsed;
-        buffer = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
-        if (buffer) {
-          continue;
-        } else {
-          free(buffer);
-          EvtClose(winevtChannel->channels);
-          winevtChannel->channels = NULL;
-          rb_raise(rb_eRuntimeError, "realloc failed");
-        }
-      } else {
-        free(buffer);
-        EvtClose(winevtChannel->channels);
-        winevtChannel->channels = NULL;
-        _snprintf_s(errBuf,
-                    _countof(errBuf),
-                    _TRUNCATE,
-                    "EvtNextChannelPath failed with %lu.\n",
-                    status);
-        rb_raise(rb_eRuntimeError, errBuf);
-      }
-    }
-    hChannelConfig = EvtOpenChannelConfig(NULL, buffer, 0);
-    if (NULL == hChannelConfig) {
-      _snprintf_s(errBuf,
-                  _countof(errBuf),
-                  _TRUNCATE,
-                  "EvtOpenChannelConfig failed with %lu.\n",
-                  GetLastError());
-      EvtClose(winevtChannel->channels);
-      winevtChannel->channels = NULL;
-      free(buffer);
-      buffer = NULL;
-      bufferSize = 0;
-      rb_raise(rb_eRuntimeError, errBuf);
-    }
-    status = is_subscribable_channel_p(hChannelConfig, winevtChannel->force_enumerate);
-    EvtClose(hChannelConfig);
-    if (status == ERROR_INVALID_DATA) {
-      free(buffer);
-      buffer = NULL;
-      bufferSize = 0;
-      continue;
-    }
-    if (status == ERROR_OUTOFMEMORY) {
-      EvtClose(winevtChannel->channels);
-      winevtChannel->channels = NULL;
-      free(buffer);
-      buffer = NULL;
-      bufferSize = 0;
-      rb_raise(rb_eRuntimeError, "realloc failed\n");
-    } else if (status != ERROR_SUCCESS) {
-      EvtClose(winevtChannel->channels);
-      winevtChannel->channels = NULL;
-      free(buffer);
-      buffer = NULL;
-      bufferSize = 0;
-      rb_raise(rb_eRuntimeError, "is_subscribe_channel_p is failed with %ld\n", status);
-    }
-    utf8str = wstr_to_rb_str(CP_UTF8, buffer, -1);
-    free(buffer);
-    buffer = NULL;
-    bufferSize = 0;
-    rb_yield(utf8str);
-  }
-  if (winevtChannel->channels) {
-    EvtClose(winevtChannel->channels);
-    winevtChannel->channels = NULL;
-  }
-  free(buffer);
-  return Qnil;
-}
-void
-Init_winevt_channel(VALUE rb_cEventLog)
-{
-  rb_cChannel = rb_define_class_under(rb_cEventLog, "Channel", rb_cObject);
-  rb_define_alloc_func(rb_cChannel, rb_winevt_channel_alloc);
-  rb_define_method(rb_cChannel, "initialize", rb_winevt_channel_initialize, 0);
-  rb_define_method(rb_cChannel, "each", rb_winevt_channel_each, 0);
-  rb_define_method(rb_cChannel, "force_enumerate", rb_winevt_channel_get_force_enumerate, 0);
-  rb_define_method(rb_cChannel, "force_enumerate=", rb_winevt_channel_set_force_enumerate, 1);
-}
+#include <winevt_c.h>
+/*
+ * Document-class: Winevt::EventLog::Channel
+ *
+ * Retrieve Windows EventLog channel name.
+ *
+ * @example
+ *  require 'winevt'
+ *  channels = []
+ *  @channel = Winevt::EventLog::Channel.new
+ *  # If users want to retrieve all channel names that
+ *  # including type of Debug and Analytical,
+ *  # it should be set as true.
+ *  @channel.force_enumerate = false
+ *  @channel.each do |channel|
+ *    channels << channel
+ *  end
+ *  print channels
+ */
+VALUE rb_cChannel;
+DWORD is_subscribable_channel_p(EVT_HANDLE hChannel, BOOL force_enumerate);
+DWORD check_subscribable_with_channel_config_type(int Id, PEVT_VARIANT pProperty, BOOL force_enumerate);
+static void channel_free(void* ptr);
+static const rb_data_type_t rb_winevt_channel_type = { "winevt/channel",
+                                                       {
+                                                         0,
+                                                         channel_free,
+                                                         0,
+                                                       },
+                                                       NULL,
+                                                       NULL,
+                                                       RUBY_TYPED_FREE_IMMEDIATELY };
+static void
+channel_free(void* ptr)
+{
+  struct WinevtChannel* winevtChannel = (struct WinevtChannel*)ptr;
+  if (winevtChannel->channels)
+    EvtClose(winevtChannel->channels);
+  xfree(ptr);
+}
+static VALUE
+rb_winevt_channel_alloc(VALUE klass)
+{
+  VALUE obj;
+  struct WinevtChannel* winevtChannel;
+  obj = TypedData_Make_Struct(
+    klass, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  return obj;
+}
+/*
+ * Initalize Channel class.
+ *
+ * @return [Channel]
+ *
+ */
+static VALUE
+rb_winevt_channel_initialize(VALUE self)
+{
+  struct WinevtChannel* winevtChannel;
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  winevtChannel->force_enumerate = FALSE;
+  return Qnil;
+}
+/*
+ * This method specifies whether forcing to enumerate channel which
+ * type is Debug and Analytical or not.
+ *
+ * @param rb_force_enumerate_p [Boolean]
+ * @since 0.7.1
+ */
+static VALUE
+rb_winevt_channel_set_force_enumerate(VALUE self, VALUE rb_force_enumerate_p)
+{
+  struct WinevtChannel* winevtChannel;
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  winevtChannel->force_enumerate = RTEST(rb_force_enumerate_p);
+  return Qnil;
+}
+/*
+ * This method returns whether forcing to enumerate channel which type
+ * is Debug and Analytical or not.
+ *
+ * @return [Boolean]
+ * @since 0.7.1
+ */
+static VALUE
+rb_winevt_channel_get_force_enumerate(VALUE self)
+{
+  struct WinevtChannel* winevtChannel;
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  return winevtChannel->force_enumerate ? Qtrue : Qfalse;
+}
+DWORD is_subscribable_channel_p(EVT_HANDLE hChannel, BOOL force_enumerate)
+{
+  PEVT_VARIANT pProperty = NULL;
+  PEVT_VARIANT pTemp = NULL;
+  DWORD dwBufferSize = 0;
+  DWORD dwBufferUsed = 0;
+  DWORD status = ERROR_SUCCESS;
+  for (int Id = 0; Id < EvtChannelConfigPropertyIdEND; Id++) {
+    if (!EvtGetChannelConfigProperty(hChannel, (EVT_CHANNEL_CONFIG_PROPERTY_ID)Id, 0, dwBufferSize, pProperty, &dwBufferUsed)) {
+      status = GetLastError();
+      if (ERROR_INSUFFICIENT_BUFFER == status) {
+        dwBufferSize = dwBufferUsed;
+        pTemp = (PEVT_VARIANT)realloc(pProperty, dwBufferSize);
+        if (pTemp) {
+          pProperty = pTemp;
+          pTemp = NULL;
+          EvtGetChannelConfigProperty(hChannel, (EVT_CHANNEL_CONFIG_PROPERTY_ID)Id, 0, dwBufferSize, pProperty, &dwBufferUsed);
+          status = GetLastError();
+        } else {
+          free(pProperty);
+          status = ERROR_OUTOFMEMORY;
+          goto cleanup;
+        }
+      }
+      if (ERROR_SUCCESS != status) {
+        free(pProperty);
+        goto cleanup;
+      }
+    }
+    status = check_subscribable_with_channel_config_type(Id, pProperty, force_enumerate);
+    if (status != ERROR_SUCCESS)
+      break;
+  }
+cleanup:
+  free(pProperty);
+  return status;
+}
+#define EVENT_DEBUG_TYPE 2
+#define EVENT_ANALYTICAL_TYPE 3
+DWORD check_subscribable_with_channel_config_type(int Id, PEVT_VARIANT pProperty, BOOL force_enumerate)
+{
+  DWORD status = ERROR_SUCCESS;
+  switch(Id) {
+  case EvtChannelConfigType:
+    if (!force_enumerate &&
+        (pProperty->UInt32Val == EVENT_DEBUG_TYPE ||
+         pProperty->UInt32Val == EVENT_ANALYTICAL_TYPE)) {
+      return ERROR_INVALID_DATA;
+    }
+    break;
+  }
+  return status;
+}
+#undef EVENT_DEBUG_TYPE
+#undef EVENT_ANALYTICAL_TYPE
+/*
+ * Enumerate Windows EventLog channels
+ *
+ * @yield (String)
+ *
+ */
+static VALUE
+rb_winevt_channel_each(VALUE self)
+{
+  EVT_HANDLE hChannels;
+  EVT_HANDLE hChannelConfig = NULL;
+  struct WinevtChannel* winevtChannel;
+  char errBuf[256];
+  LPWSTR buffer = NULL;
+  DWORD bufferSize = 0;
+  DWORD bufferUsed = 0;
+  DWORD status = ERROR_SUCCESS;
+  VALUE utf8str;
+  RETURN_ENUMERATOR(self, 0, 0);
+  TypedData_Get_Struct(
+    self, struct WinevtChannel, &rb_winevt_channel_type, winevtChannel);
+  hChannels = EvtOpenChannelEnum(NULL, 0);
+  if (hChannels) {
+    winevtChannel->channels = hChannels;
+  } else {
+    _snprintf_s(errBuf,
+                _countof(errBuf),
+                _TRUNCATE,
+                "Failed to enumerate channels with %lu\n",
+                GetLastError());
+    rb_raise(rb_eRuntimeError, errBuf);
+  }
+  while (1) {
+    if (!EvtNextChannelPath(winevtChannel->channels, bufferSize, buffer, &bufferUsed)) {
+      status = GetLastError();
+      if (ERROR_NO_MORE_ITEMS == status) {
+        break;
+      } else if (ERROR_INSUFFICIENT_BUFFER == status) {
+        bufferSize = bufferUsed;
+        buffer = (LPWSTR)malloc(bufferSize * sizeof(WCHAR));
+        if (buffer) {
+          continue;
+        } else {
+          free(buffer);
+          EvtClose(winevtChannel->channels);
+          winevtChannel->channels = NULL;
+          rb_raise(rb_eRuntimeError, "realloc failed");
+        }
+      } else {
+        free(buffer);
+        EvtClose(winevtChannel->channels);
+        winevtChannel->channels = NULL;
+        _snprintf_s(errBuf,
+                    _countof(errBuf),
+                    _TRUNCATE,
+                    "EvtNextChannelPath failed with %lu.\n",
+                    status);
+        rb_raise(rb_eRuntimeError, errBuf);
+      }
+    }
+    hChannelConfig = EvtOpenChannelConfig(NULL, buffer, 0);
+    if (NULL == hChannelConfig) {
+      _snprintf_s(errBuf,
+                  _countof(errBuf),
+                  _TRUNCATE,
+                  "EvtOpenChannelConfig failed with %lu.\n",
+                  GetLastError());
+      EvtClose(winevtChannel->channels);
+      winevtChannel->channels = NULL;
+      free(buffer);
+      buffer = NULL;
+      bufferSize = 0;
+      rb_raise(rb_eRuntimeError, errBuf);
+    }
+    status = is_subscribable_channel_p(hChannelConfig, winevtChannel->force_enumerate);
+    EvtClose(hChannelConfig);
+    if (status == ERROR_INVALID_DATA) {
+      free(buffer);
+      buffer = NULL;
+      bufferSize = 0;
+      continue;
+    }
+    if (status == ERROR_OUTOFMEMORY) {
+      EvtClose(winevtChannel->channels);
+      winevtChannel->channels = NULL;
+      free(buffer);
+      buffer = NULL;
+      bufferSize = 0;
+      rb_raise(rb_eRuntimeError, "realloc failed\n");
+    } else if (status != ERROR_SUCCESS) {
+      EvtClose(winevtChannel->channels);
+      winevtChannel->channels = NULL;
+      free(buffer);
+      buffer = NULL;
+      bufferSize = 0;
+      rb_raise(rb_eRuntimeError, "is_subscribe_channel_p is failed with %ld\n", status);
+    }
+    utf8str = wstr_to_rb_str(CP_UTF8, buffer, -1);
+    free(buffer);
+    buffer = NULL;
+    bufferSize = 0;
+    rb_yield(utf8str);
+  }
+  if (winevtChannel->channels) {
+    EvtClose(winevtChannel->channels);
+    winevtChannel->channels = NULL;
+  }
+  free(buffer);
+  return Qnil;
+}
+void
+Init_winevt_channel(VALUE rb_cEventLog)
+{
+  rb_cChannel = rb_define_class_under(rb_cEventLog, "Channel", rb_cObject);
+  rb_define_alloc_func(rb_cChannel, rb_winevt_channel_alloc);
+  rb_define_method(rb_cChannel, "initialize", rb_winevt_channel_initialize, 0);
+  rb_define_method(rb_cChannel, "each", rb_winevt_channel_each, 0);
+  rb_define_method(rb_cChannel, "force_enumerate", rb_winevt_channel_get_force_enumerate, 0);
+  rb_define_method(rb_cChannel, "force_enumerate=", rb_winevt_channel_set_force_enumerate, 1);
+}