winevt_c 0.9.3 → 0.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/appveyor.yml +16 -0
- data/ext/winevt/winevt.c +2 -0
- data/ext/winevt/winevt_c.h +3 -1
- data/ext/winevt/winevt_query.c +3 -0
- data/ext/winevt/winevt_subscribe.c +8 -1
- data/ext/winevt/winevt_utils.cpp +98 -25
- data/lib/winevt/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d3ebf96df7a93d6d2a4dae15cba8cc7a76617e752f758aeb8c355c43abd988d
|
4
|
+
data.tar.gz: de33f1ee85dacba17dbe5b32e98a45d4a57fdde7d931db70dd3b4e054f22c82b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 83bbe0ca77653a773bf29005236478865f1efb9917f312b5fc8f37485a3ddd068962f4eb2bac7da99916fcd0553b78ed140ac1900441c397e767bad39915c09d
|
7
|
+
data.tar.gz: fdf8aba88fb62518e52ea4dc65d44247706c5a578e078c224a850323737af2d886afc525fd431ca2652a8a65e375bfc2c960b94667e4839c155ab82f5b3462f1
|
data/appveyor.yml
CHANGED
@@ -20,6 +20,8 @@ test_script:
|
|
20
20
|
# https://www.appveyor.com/docs/installed-software/#ruby
|
21
21
|
environment:
|
22
22
|
matrix:
|
23
|
+
- ruby_version: "31-x64"
|
24
|
+
- ruby_version: "31"
|
23
25
|
- ruby_version: "30-x64"
|
24
26
|
- ruby_version: "30"
|
25
27
|
- ruby_version: "27-x64"
|
@@ -30,3 +32,17 @@ environment:
|
|
30
32
|
- ruby_version: "25"
|
31
33
|
- ruby_version: "24-x64"
|
32
34
|
- ruby_version: "24"
|
35
|
+
|
36
|
+
for:
|
37
|
+
-
|
38
|
+
matrix:
|
39
|
+
only:
|
40
|
+
- ruby_version: "31-x64"
|
41
|
+
install:
|
42
|
+
- SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
|
43
|
+
- ruby --version
|
44
|
+
- gem --version
|
45
|
+
- bundle --version
|
46
|
+
- ridk.cmd install 1 3
|
47
|
+
- ridk.cmd exec bundle install
|
48
|
+
- ridk.cmd exec bundle exec rake compile
|
data/ext/winevt/winevt.c
CHANGED
@@ -5,6 +5,7 @@ VALUE rb_cQuery;
|
|
5
5
|
VALUE rb_cEventLog;
|
6
6
|
VALUE rb_cSubscribe;
|
7
7
|
VALUE rb_eWinevtQueryError;
|
8
|
+
VALUE rb_eChannelNotFoundError;
|
8
9
|
VALUE rb_eRemoteHandlerError;
|
9
10
|
|
10
11
|
static ID id_call;
|
@@ -17,6 +18,7 @@ Init_winevt(void)
|
|
17
18
|
rb_cQuery = rb_define_class_under(rb_cEventLog, "Query", rb_cObject);
|
18
19
|
rb_cSubscribe = rb_define_class_under(rb_cEventLog, "Subscribe", rb_cObject);
|
19
20
|
rb_eWinevtQueryError = rb_define_class_under(rb_cQuery, "Error", rb_eStandardError);
|
21
|
+
rb_eChannelNotFoundError = rb_define_class_under(rb_cEventLog, "ChannelNotFoundError", rb_eStandardError);
|
20
22
|
rb_eRemoteHandlerError = rb_define_class_under(rb_cSubscribe, "RemoteHandlerError", rb_eRuntimeError);
|
21
23
|
|
22
24
|
Init_winevt_channel(rb_cEventLog);
|
data/ext/winevt/winevt_c.h
CHANGED
@@ -37,7 +37,8 @@ VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
|
|
37
37
|
#if defined(__cplusplus)
|
38
38
|
[[ noreturn ]]
|
39
39
|
#endif /* __cplusplus */
|
40
|
-
void
|
40
|
+
void raise_system_error(VALUE error, DWORD errorCode);
|
41
|
+
void raise_channel_not_found_error(VALUE channelPath);
|
41
42
|
VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
|
42
43
|
EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
|
43
44
|
LPWSTR username, LPWSTR password,
|
@@ -58,6 +59,7 @@ extern VALUE rb_cChannel;
|
|
58
59
|
extern VALUE rb_cBookmark;
|
59
60
|
extern VALUE rb_cSubscribe;
|
60
61
|
extern VALUE rb_eWinevtQueryError;
|
62
|
+
extern VALUE rb_eChannelNotFoundError;
|
61
63
|
extern VALUE rb_eRemoteHandlerError;
|
62
64
|
extern VALUE rb_cLocale;
|
63
65
|
extern VALUE rb_cSession;
|
data/ext/winevt/winevt_query.c
CHANGED
@@ -131,6 +131,9 @@ rb_winevt_query_initialize(VALUE argc, VALUE *argv, VALUE self)
|
|
131
131
|
hRemoteHandle, evtChannel, evtXPath, EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
|
132
132
|
err = GetLastError();
|
133
133
|
if (err != ERROR_SUCCESS) {
|
134
|
+
if (err == ERROR_EVT_CHANNEL_NOT_FOUND) {
|
135
|
+
raise_channel_not_found_error(channel);
|
136
|
+
}
|
134
137
|
raise_system_error(rb_eRuntimeError, err);
|
135
138
|
}
|
136
139
|
winevtQuery->offset = 0L;
|
@@ -248,10 +248,17 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
|
|
248
248
|
if (hSignalEvent != NULL) {
|
249
249
|
CloseHandle(hSignalEvent);
|
250
250
|
}
|
251
|
+
|
251
252
|
if (rb_obj_is_kind_of(rb_session, rb_cSession)) {
|
252
253
|
rb_raise(rb_eRemoteHandlerError, "Remoting subscription is not working. errCode: %ld\n", status);
|
253
|
-
}
|
254
|
+
}
|
255
|
+
|
256
|
+
switch (status) {
|
257
|
+
case ERROR_EVT_CHANNEL_NOT_FOUND:
|
258
|
+
raise_channel_not_found_error(rb_path);
|
259
|
+
default:
|
254
260
|
raise_system_error(rb_eWinevtQueryError, status);
|
261
|
+
break;
|
255
262
|
}
|
256
263
|
}
|
257
264
|
|
data/ext/winevt/winevt_utils.cpp
CHANGED
@@ -10,9 +10,24 @@ wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen)
|
|
10
10
|
{
|
11
11
|
VALUE vstr;
|
12
12
|
CHAR* ptr;
|
13
|
+
int ret = -1;
|
14
|
+
DWORD err = ERROR_SUCCESS;
|
15
|
+
if (wstr == NULL) {
|
16
|
+
return rb_utf8_str_new_cstr("");
|
17
|
+
}
|
18
|
+
|
13
19
|
int len = WideCharToMultiByte(cp, 0, wstr, clen, nullptr, 0, nullptr, nullptr);
|
14
20
|
ptr = ALLOCV_N(CHAR, vstr, len);
|
15
|
-
|
21
|
+
// For memory safety.
|
22
|
+
ZeroMemory(ptr, sizeof(CHAR) * len);
|
23
|
+
ret = WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, nullptr, nullptr);
|
24
|
+
// return 0 should be failure.
|
25
|
+
// ref: https://docs.microsoft.com/en-us/windows/win32/api/stringapiset/nf-stringapiset-widechartomultibyte#return-value
|
26
|
+
if (ret == 0) {
|
27
|
+
err = GetLastError();
|
28
|
+
ALLOCV_END(vstr);
|
29
|
+
raise_system_error(rb_eRuntimeError, err);
|
30
|
+
}
|
16
31
|
VALUE str = rb_utf8_str_new_cstr(ptr);
|
17
32
|
ALLOCV_END(vstr);
|
18
33
|
|
@@ -41,6 +56,16 @@ raise_system_error(VALUE error, DWORD errorCode)
|
|
41
56
|
#pragma GCC diagnostic pop
|
42
57
|
}
|
43
58
|
|
59
|
+
void
|
60
|
+
raise_channel_not_found_error(VALUE channelPath)
|
61
|
+
{
|
62
|
+
#pragma GCC diagnostic push
|
63
|
+
#pragma GCC diagnostic ignored "-Wformat="
|
64
|
+
#pragma GCC diagnostic ignored "-Wformat-extra-args"
|
65
|
+
rb_raise(rb_eChannelNotFoundError, "Channel Not Found: %" PRIsVALUE, channelPath);
|
66
|
+
#pragma GCC diagnostic pop
|
67
|
+
}
|
68
|
+
|
44
69
|
VALUE
|
45
70
|
render_to_rb_str(EVT_HANDLE handle, DWORD flags)
|
46
71
|
{
|
@@ -114,6 +139,36 @@ guid_to_wstr(const GUID& guid)
|
|
114
139
|
return s;
|
115
140
|
}
|
116
141
|
|
142
|
+
static VALUE
|
143
|
+
make_displayable_binary_string(PBYTE bin, size_t length)
|
144
|
+
{
|
145
|
+
const char *HEX_TABLE = "0123456789ABCDEF";
|
146
|
+
CHAR *buffer;
|
147
|
+
int size = length * 2 + 1;
|
148
|
+
size_t i, j;
|
149
|
+
unsigned int idx = 0;
|
150
|
+
VALUE vbuffer;
|
151
|
+
|
152
|
+
if (length == 0) {
|
153
|
+
return rb_str_new2("(NULL)");
|
154
|
+
}
|
155
|
+
|
156
|
+
buffer = ALLOCV_N(CHAR, vbuffer, size);
|
157
|
+
|
158
|
+
for (i = 0; i < length; i++) {
|
159
|
+
for (j = 0; j < 2; j++) {
|
160
|
+
idx = (unsigned int)(bin[i] >> (j * 4) & 0x0F);
|
161
|
+
buffer[2*i+(1-j)] = HEX_TABLE[idx];
|
162
|
+
}
|
163
|
+
}
|
164
|
+
buffer[size - 1] = '\0';
|
165
|
+
|
166
|
+
VALUE str = rb_str_new2(buffer);
|
167
|
+
ALLOCV_END(vbuffer);
|
168
|
+
|
169
|
+
return str;
|
170
|
+
}
|
171
|
+
|
117
172
|
static VALUE
|
118
173
|
extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
|
119
174
|
{
|
@@ -287,6 +342,14 @@ extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
|
|
287
342
|
rb_ary_push(userValues, rbObj);
|
288
343
|
}
|
289
344
|
break;
|
345
|
+
case EvtVarTypeBinary:
|
346
|
+
if (pRenderedValues[i].BinaryVal == nullptr) {
|
347
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
|
348
|
+
} else {
|
349
|
+
rbObj = make_displayable_binary_string(pRenderedValues[i].BinaryVal, pRenderedValues[i].Count);
|
350
|
+
rb_ary_push(userValues, rbObj);
|
351
|
+
}
|
352
|
+
break;
|
290
353
|
default:
|
291
354
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
292
355
|
break;
|
@@ -367,6 +430,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
367
430
|
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
368
431
|
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
369
432
|
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
433
|
+
case ERROR_RESOURCE_DATA_NOT_FOUND:
|
434
|
+
case ERROR_RESOURCE_TYPE_NOT_FOUND:
|
435
|
+
case ERROR_RESOURCE_NAME_NOT_FOUND:
|
370
436
|
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
371
437
|
case ERROR_MUI_FILE_NOT_FOUND:
|
372
438
|
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT: {
|
@@ -419,6 +485,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
419
485
|
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
420
486
|
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
421
487
|
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
488
|
+
case ERROR_RESOURCE_DATA_NOT_FOUND:
|
489
|
+
case ERROR_RESOURCE_TYPE_NOT_FOUND:
|
490
|
+
case ERROR_RESOURCE_NAME_NOT_FOUND:
|
422
491
|
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
423
492
|
case ERROR_MUI_FILE_NOT_FOUND:
|
424
493
|
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
|
@@ -652,30 +721,34 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
|
|
652
721
|
? Qnil
|
653
722
|
: rb_str_new2(buffer));
|
654
723
|
|
655
|
-
|
656
|
-
|
657
|
-
|
658
|
-
|
659
|
-
|
660
|
-
|
661
|
-
|
662
|
-
|
663
|
-
|
664
|
-
|
665
|
-
|
666
|
-
|
667
|
-
|
668
|
-
|
669
|
-
|
670
|
-
|
671
|
-
|
672
|
-
|
673
|
-
|
674
|
-
|
675
|
-
|
676
|
-
|
677
|
-
|
678
|
-
|
724
|
+
if (EvtVarTypeNull != pRenderedValues[EvtSystemTimeCreated].Type) {
|
725
|
+
ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
|
726
|
+
ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
|
727
|
+
ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);
|
728
|
+
|
729
|
+
FileTimeToSystemTime(&ft, &st);
|
730
|
+
ullNanoseconds =
|
731
|
+
(ullTimeStamp % 10000000) *
|
732
|
+
100; // Display nanoseconds instead of milliseconds for higher resolution
|
733
|
+
_snprintf_s(buffer,
|
734
|
+
_countof(buffer),
|
735
|
+
_TRUNCATE,
|
736
|
+
"%02d/%02d/%02d %02d:%02d:%02d.%llu",
|
737
|
+
st.wYear,
|
738
|
+
st.wMonth,
|
739
|
+
st.wDay,
|
740
|
+
st.wHour,
|
741
|
+
st.wMinute,
|
742
|
+
st.wSecond,
|
743
|
+
ullNanoseconds);
|
744
|
+
rb_hash_aset(hash,
|
745
|
+
rb_str_new2("TimeCreated"),
|
746
|
+
rb_str_new2(buffer));
|
747
|
+
} else {
|
748
|
+
rb_hash_aset(hash,
|
749
|
+
rb_str_new2("TimeCreated"),
|
750
|
+
Qnil);
|
751
|
+
}
|
679
752
|
_snprintf_s(buffer,
|
680
753
|
_countof(buffer),
|
681
754
|
_TRUNCATE,
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: winevt_c
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.10.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hiroshi Hatake
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-09-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -161,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
161
161
|
- !ruby/object:Gem::Version
|
162
162
|
version: '0'
|
163
163
|
requirements: []
|
164
|
-
rubygems_version: 3.
|
164
|
+
rubygems_version: 3.3.5
|
165
165
|
signing_key:
|
166
166
|
specification_version: 4
|
167
167
|
summary: Windows Event Log API bindings from winevt.h.
|