winevt_c 0.9.3 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/appveyor.yml +16 -0
- data/ext/winevt/winevt_utils.cpp +88 -25
- data/lib/winevt/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 87d082b15698183b841886fbdffe603679006050fc91c7ea6043bf5987275e3f
|
|
4
|
+
data.tar.gz: ab529bd44369e0c256263aee77ba416a42469bbaf71b0de9f523db81921bbfef
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a5b728bc6422d8fc1a17ab10fbbc6ad10aa673b3faec5b035269826859ef4e14bd63def67a69618c21a2e4d1a7951d2d2f2881676ee049348b996bb706b21ec5
|
|
7
|
+
data.tar.gz: '0483519d86d5abd1fe5672ee124fdadf839bd9f9a50b41cb1aaac37dd886154dc0a4e5af4d6901c4cc6f2da9e99ad6e98e82cfb8cf6630a69dd3dda0d127ddfa'
|
data/appveyor.yml
CHANGED
|
@@ -20,6 +20,8 @@ test_script:
|
|
|
20
20
|
# https://www.appveyor.com/docs/installed-software/#ruby
|
|
21
21
|
environment:
|
|
22
22
|
matrix:
|
|
23
|
+
- ruby_version: "31-x64"
|
|
24
|
+
- ruby_version: "31"
|
|
23
25
|
- ruby_version: "30-x64"
|
|
24
26
|
- ruby_version: "30"
|
|
25
27
|
- ruby_version: "27-x64"
|
|
@@ -30,3 +32,17 @@ environment:
|
|
|
30
32
|
- ruby_version: "25"
|
|
31
33
|
- ruby_version: "24-x64"
|
|
32
34
|
- ruby_version: "24"
|
|
35
|
+
|
|
36
|
+
for:
|
|
37
|
+
-
|
|
38
|
+
matrix:
|
|
39
|
+
only:
|
|
40
|
+
- ruby_version: "31-x64"
|
|
41
|
+
install:
|
|
42
|
+
- SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
|
|
43
|
+
- ruby --version
|
|
44
|
+
- gem --version
|
|
45
|
+
- bundle --version
|
|
46
|
+
- ridk.cmd install 1 3
|
|
47
|
+
- ridk.cmd exec bundle install
|
|
48
|
+
- ridk.cmd exec bundle exec rake compile
|
data/ext/winevt/winevt_utils.cpp
CHANGED
|
@@ -10,9 +10,24 @@ wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen)
|
|
|
10
10
|
{
|
|
11
11
|
VALUE vstr;
|
|
12
12
|
CHAR* ptr;
|
|
13
|
+
int ret = -1;
|
|
14
|
+
DWORD err = ERROR_SUCCESS;
|
|
15
|
+
if (wstr == NULL) {
|
|
16
|
+
return rb_utf8_str_new_cstr("");
|
|
17
|
+
}
|
|
18
|
+
|
|
13
19
|
int len = WideCharToMultiByte(cp, 0, wstr, clen, nullptr, 0, nullptr, nullptr);
|
|
14
20
|
ptr = ALLOCV_N(CHAR, vstr, len);
|
|
15
|
-
|
|
21
|
+
// For memory safety.
|
|
22
|
+
ZeroMemory(ptr, sizeof(CHAR) * len);
|
|
23
|
+
ret = WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, nullptr, nullptr);
|
|
24
|
+
// return 0 should be failure.
|
|
25
|
+
// ref: https://docs.microsoft.com/en-us/windows/win32/api/stringapiset/nf-stringapiset-widechartomultibyte#return-value
|
|
26
|
+
if (ret == 0) {
|
|
27
|
+
err = GetLastError();
|
|
28
|
+
ALLOCV_END(vstr);
|
|
29
|
+
raise_system_error(rb_eRuntimeError, err);
|
|
30
|
+
}
|
|
16
31
|
VALUE str = rb_utf8_str_new_cstr(ptr);
|
|
17
32
|
ALLOCV_END(vstr);
|
|
18
33
|
|
|
@@ -114,6 +129,36 @@ guid_to_wstr(const GUID& guid)
|
|
|
114
129
|
return s;
|
|
115
130
|
}
|
|
116
131
|
|
|
132
|
+
static VALUE
|
|
133
|
+
make_displayable_binary_string(PBYTE bin, size_t length)
|
|
134
|
+
{
|
|
135
|
+
const char *HEX_TABLE = "0123456789ABCDEF";
|
|
136
|
+
CHAR *buffer;
|
|
137
|
+
int size = length * 2 + 1;
|
|
138
|
+
size_t i, j;
|
|
139
|
+
unsigned int idx = 0;
|
|
140
|
+
VALUE vbuffer;
|
|
141
|
+
|
|
142
|
+
if (length == 0) {
|
|
143
|
+
return rb_str_new2("(NULL)");
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
buffer = ALLOCV_N(CHAR, vbuffer, size);
|
|
147
|
+
|
|
148
|
+
for (i = 0; i < length; i++) {
|
|
149
|
+
for (j = 0; j < 2; j++) {
|
|
150
|
+
idx = (unsigned int)(bin[i] >> (j * 4) & 0x0F);
|
|
151
|
+
buffer[2*i+(1-j)] = HEX_TABLE[idx];
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
buffer[size - 1] = '\0';
|
|
155
|
+
|
|
156
|
+
VALUE str = rb_str_new2(buffer);
|
|
157
|
+
ALLOCV_END(vbuffer);
|
|
158
|
+
|
|
159
|
+
return str;
|
|
160
|
+
}
|
|
161
|
+
|
|
117
162
|
static VALUE
|
|
118
163
|
extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
|
|
119
164
|
{
|
|
@@ -287,6 +332,14 @@ extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
|
|
|
287
332
|
rb_ary_push(userValues, rbObj);
|
|
288
333
|
}
|
|
289
334
|
break;
|
|
335
|
+
case EvtVarTypeBinary:
|
|
336
|
+
if (pRenderedValues[i].BinaryVal == nullptr) {
|
|
337
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
|
|
338
|
+
} else {
|
|
339
|
+
rbObj = make_displayable_binary_string(pRenderedValues[i].BinaryVal, pRenderedValues[i].Count);
|
|
340
|
+
rb_ary_push(userValues, rbObj);
|
|
341
|
+
}
|
|
342
|
+
break;
|
|
290
343
|
default:
|
|
291
344
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
|
292
345
|
break;
|
|
@@ -367,6 +420,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
367
420
|
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
|
368
421
|
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
|
369
422
|
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
|
423
|
+
case ERROR_RESOURCE_DATA_NOT_FOUND:
|
|
424
|
+
case ERROR_RESOURCE_TYPE_NOT_FOUND:
|
|
425
|
+
case ERROR_RESOURCE_NAME_NOT_FOUND:
|
|
370
426
|
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
|
371
427
|
case ERROR_MUI_FILE_NOT_FOUND:
|
|
372
428
|
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT: {
|
|
@@ -419,6 +475,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
419
475
|
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
|
420
476
|
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
|
421
477
|
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
|
478
|
+
case ERROR_RESOURCE_DATA_NOT_FOUND:
|
|
479
|
+
case ERROR_RESOURCE_TYPE_NOT_FOUND:
|
|
480
|
+
case ERROR_RESOURCE_NAME_NOT_FOUND:
|
|
422
481
|
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
|
423
482
|
case ERROR_MUI_FILE_NOT_FOUND:
|
|
424
483
|
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
|
|
@@ -652,30 +711,34 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
|
|
|
652
711
|
? Qnil
|
|
653
712
|
: rb_str_new2(buffer));
|
|
654
713
|
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
674
|
-
|
|
675
|
-
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
714
|
+
if (EvtVarTypeNull != pRenderedValues[EvtSystemTimeCreated].Type) {
|
|
715
|
+
ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
|
|
716
|
+
ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
|
|
717
|
+
ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);
|
|
718
|
+
|
|
719
|
+
FileTimeToSystemTime(&ft, &st);
|
|
720
|
+
ullNanoseconds =
|
|
721
|
+
(ullTimeStamp % 10000000) *
|
|
722
|
+
100; // Display nanoseconds instead of milliseconds for higher resolution
|
|
723
|
+
_snprintf_s(buffer,
|
|
724
|
+
_countof(buffer),
|
|
725
|
+
_TRUNCATE,
|
|
726
|
+
"%02d/%02d/%02d %02d:%02d:%02d.%llu",
|
|
727
|
+
st.wYear,
|
|
728
|
+
st.wMonth,
|
|
729
|
+
st.wDay,
|
|
730
|
+
st.wHour,
|
|
731
|
+
st.wMinute,
|
|
732
|
+
st.wSecond,
|
|
733
|
+
ullNanoseconds);
|
|
734
|
+
rb_hash_aset(hash,
|
|
735
|
+
rb_str_new2("TimeCreated"),
|
|
736
|
+
rb_str_new2(buffer));
|
|
737
|
+
} else {
|
|
738
|
+
rb_hash_aset(hash,
|
|
739
|
+
rb_str_new2("TimeCreated"),
|
|
740
|
+
Qnil);
|
|
741
|
+
}
|
|
679
742
|
_snprintf_s(buffer,
|
|
680
743
|
_countof(buffer),
|
|
681
744
|
_TRUNCATE,
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: winevt_c
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-07-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -161,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
161
161
|
- !ruby/object:Gem::Version
|
|
162
162
|
version: '0'
|
|
163
163
|
requirements: []
|
|
164
|
-
rubygems_version: 3.
|
|
164
|
+
rubygems_version: 3.3.5
|
|
165
165
|
signing_key:
|
|
166
166
|
specification_version: 4
|
|
167
167
|
summary: Windows Event Log API bindings from winevt.h.
|