winevt_c 0.9.3 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f8e0f057816ea6023a893cda0b9af765f4f0b47bab15491fb71862114be55e61
-  data.tar.gz: 2dee722cd48e235222fb891106ba4c8fbe80f5141db4fad0237784acd8804704
+  metadata.gz: 87d082b15698183b841886fbdffe603679006050fc91c7ea6043bf5987275e3f
+  data.tar.gz: ab529bd44369e0c256263aee77ba416a42469bbaf71b0de9f523db81921bbfef
 SHA512:
-  metadata.gz: 442e12311a0ad1f3d26255a4d841174072e4fd1f50ab9b113654231a95f3d779c1b91e04449e1126cd16432f11de9427b4436e9954ac0ae1fa78cfcc45b378a2
-  data.tar.gz: 9f8d8c1d10a1c589514039de18acb0a0c2910f99928d44d90c1a21b523e145e1946f585438f52f1a5a4ddde5c9a4b54503ce1f96aa9d30e9b4d20a5169fc135f
+  metadata.gz: a5b728bc6422d8fc1a17ab10fbbc6ad10aa673b3faec5b035269826859ef4e14bd63def67a69618c21a2e4d1a7951d2d2f2881676ee049348b996bb706b21ec5
+  data.tar.gz: '0483519d86d5abd1fe5672ee124fdadf839bd9f9a50b41cb1aaac37dd886154dc0a4e5af4d6901c4cc6f2da9e99ad6e98e82cfb8cf6630a69dd3dda0d127ddfa'

data/appveyor.yml

@@ -20,6 +20,8 @@ test_script:
 # https://www.appveyor.com/docs/installed-software/#ruby
 environment:
   matrix:
+    - ruby_version: "31-x64"
+    - ruby_version: "31"
     - ruby_version: "30-x64"
     - ruby_version: "30"
     - ruby_version: "27-x64"
@@ -30,3 +32,17 @@ environment:
     - ruby_version: "25"
     - ruby_version: "24-x64"
     - ruby_version: "24"
+
+for:
+-
+  matrix:
+    only:
+      - ruby_version: "31-x64"
+  install:
+    - SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
+    - ruby --version
+    - gem --version
+    - bundle --version
+    - ridk.cmd install 1 3
+    - ridk.cmd exec bundle install
+    - ridk.cmd exec bundle exec rake compile

data/ext/winevt/winevt_utils.cpp

@@ -10,9 +10,24 @@ wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen)
 {
   VALUE vstr;
   CHAR* ptr;
+  int ret = -1;
+  DWORD err = ERROR_SUCCESS;
+  if (wstr == NULL) {
+    return rb_utf8_str_new_cstr("");
+  }
+
   int len = WideCharToMultiByte(cp, 0, wstr, clen, nullptr, 0, nullptr, nullptr);
   ptr = ALLOCV_N(CHAR, vstr, len);
-  WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, nullptr, nullptr);
+  // For memory safety.
+  ZeroMemory(ptr, sizeof(CHAR) * len);
+  ret = WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, nullptr, nullptr);
+  // return 0 should be failure.
+  // ref: https://docs.microsoft.com/en-us/windows/win32/api/stringapiset/nf-stringapiset-widechartomultibyte#return-value
+  if (ret == 0) {
+    err = GetLastError();
+    ALLOCV_END(vstr);
+    raise_system_error(rb_eRuntimeError, err);
+  }
   VALUE str = rb_utf8_str_new_cstr(ptr);
   ALLOCV_END(vstr);
 
@@ -114,6 +129,36 @@ guid_to_wstr(const GUID& guid)
   return s;
 }
 
+static VALUE
+make_displayable_binary_string(PBYTE bin, size_t length)
+{
+  const char *HEX_TABLE = "0123456789ABCDEF";
+  CHAR *buffer;
+  int size = length * 2 + 1;
+  size_t i, j;
+  unsigned int idx = 0;
+  VALUE vbuffer;
+
+  if (length == 0) {
+    return rb_str_new2("(NULL)");
+  }
+
+  buffer = ALLOCV_N(CHAR, vbuffer, size);
+
+  for (i = 0; i < length; i++) {
+    for (j = 0; j < 2; j++) {
+      idx = (unsigned int)(bin[i] >> (j * 4) & 0x0F);
+      buffer[2*i+(1-j)] = HEX_TABLE[idx];
+    }
+  }
+  buffer[size - 1] = '\0';
+
+  VALUE str = rb_str_new2(buffer);
+  ALLOCV_END(vbuffer);
+
+  return str;
+}
+
 static VALUE
 extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
 {
@@ -287,6 +332,14 @@ extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
           rb_ary_push(userValues, rbObj);
         }
         break;
+      case EvtVarTypeBinary:
+        if (pRenderedValues[i].BinaryVal == nullptr) {
+          rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
+        } else {
+          rbObj = make_displayable_binary_string(pRenderedValues[i].BinaryVal, pRenderedValues[i].Count);
+          rb_ary_push(userValues, rbObj);
+        }
+        break;
       default:
         rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
         break;
@@ -367,6 +420,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
         case ERROR_EVT_MESSAGE_NOT_FOUND:
         case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
         case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
+        case ERROR_RESOURCE_DATA_NOT_FOUND:
+        case ERROR_RESOURCE_TYPE_NOT_FOUND:
+        case ERROR_RESOURCE_NAME_NOT_FOUND:
         case ERROR_RESOURCE_LANG_NOT_FOUND:
         case ERROR_MUI_FILE_NOT_FOUND:
         case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT: {
@@ -419,6 +475,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
             case ERROR_EVT_MESSAGE_NOT_FOUND:
             case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
             case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
+            case ERROR_RESOURCE_DATA_NOT_FOUND:
+            case ERROR_RESOURCE_TYPE_NOT_FOUND:
+            case ERROR_RESOURCE_NAME_NOT_FOUND:
             case ERROR_RESOURCE_LANG_NOT_FOUND:
             case ERROR_MUI_FILE_NOT_FOUND:
             case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
@@ -652,30 +711,34 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
                  ? Qnil
                  : rb_str_new2(buffer));
 
-  ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
-  ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
-  ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);
-
-  FileTimeToSystemTime(&ft, &st);
-  ullNanoseconds =
-    (ullTimeStamp % 10000000) *
-    100; // Display nanoseconds instead of milliseconds for higher resolution
-  _snprintf_s(buffer,
-              _countof(buffer),
-              _TRUNCATE,
-              "%02d/%02d/%02d %02d:%02d:%02d.%llu",
-              st.wYear,
-              st.wMonth,
-              st.wDay,
-              st.wHour,
-              st.wMinute,
-              st.wSecond,
-              ullNanoseconds);
-  rb_hash_aset(hash,
-               rb_str_new2("TimeCreated"),
-               (EvtVarTypeNull == pRenderedValues[EvtSystemKeywords].Type)
-                 ? Qnil
-                 : rb_str_new2(buffer));
+  if (EvtVarTypeNull != pRenderedValues[EvtSystemTimeCreated].Type) {
+    ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
+    ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
+    ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);
+
+    FileTimeToSystemTime(&ft, &st);
+    ullNanoseconds =
+        (ullTimeStamp % 10000000) *
+        100; // Display nanoseconds instead of milliseconds for higher resolution
+    _snprintf_s(buffer,
+                _countof(buffer),
+                _TRUNCATE,
+                "%02d/%02d/%02d %02d:%02d:%02d.%llu",
+                st.wYear,
+                st.wMonth,
+                st.wDay,
+                st.wHour,
+                st.wMinute,
+                st.wSecond,
+                ullNanoseconds);
+    rb_hash_aset(hash,
+                 rb_str_new2("TimeCreated"),
+                 rb_str_new2(buffer));
+  } else {
+    rb_hash_aset(hash,
+                 rb_str_new2("TimeCreated"),
+                 Qnil);
+  }
   _snprintf_s(buffer,
               _countof(buffer),
               _TRUNCATE,

data/lib/winevt/version.rb

@@ -1,3 +1,3 @@
 module Winevt
-  VERSION = "0.9.3"
+  VERSION = "0.10.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: winevt_c
 version: !ruby/object:Gem::Version
-  version: 0.9.3
+  version: 0.10.0
 platform: ruby
 authors:
 - Hiroshi Hatake
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-20 00:00:00.000000000 Z
+date: 2022-07-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -161,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.5
 signing_key: 
 specification_version: 4
 summary: Windows Event Log API bindings from winevt.h.