winevt_c 0.9.3 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/appveyor.yml +16 -0
- data/ext/winevt/winevt.c +2 -0
- data/ext/winevt/winevt_c.h +3 -1
- data/ext/winevt/winevt_query.c +3 -0
- data/ext/winevt/winevt_subscribe.c +8 -1
- data/ext/winevt/winevt_utils.cpp +98 -25
- data/lib/winevt/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d3ebf96df7a93d6d2a4dae15cba8cc7a76617e752f758aeb8c355c43abd988d
|
|
4
|
+
data.tar.gz: de33f1ee85dacba17dbe5b32e98a45d4a57fdde7d931db70dd3b4e054f22c82b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83bbe0ca77653a773bf29005236478865f1efb9917f312b5fc8f37485a3ddd068962f4eb2bac7da99916fcd0553b78ed140ac1900441c397e767bad39915c09d
|
|
7
|
+
data.tar.gz: fdf8aba88fb62518e52ea4dc65d44247706c5a578e078c224a850323737af2d886afc525fd431ca2652a8a65e375bfc2c960b94667e4839c155ab82f5b3462f1
|
data/appveyor.yml
CHANGED
|
@@ -20,6 +20,8 @@ test_script:
|
|
|
20
20
|
# https://www.appveyor.com/docs/installed-software/#ruby
|
|
21
21
|
environment:
|
|
22
22
|
matrix:
|
|
23
|
+
- ruby_version: "31-x64"
|
|
24
|
+
- ruby_version: "31"
|
|
23
25
|
- ruby_version: "30-x64"
|
|
24
26
|
- ruby_version: "30"
|
|
25
27
|
- ruby_version: "27-x64"
|
|
@@ -30,3 +32,17 @@ environment:
|
|
|
30
32
|
- ruby_version: "25"
|
|
31
33
|
- ruby_version: "24-x64"
|
|
32
34
|
- ruby_version: "24"
|
|
35
|
+
|
|
36
|
+
for:
|
|
37
|
+
-
|
|
38
|
+
matrix:
|
|
39
|
+
only:
|
|
40
|
+
- ruby_version: "31-x64"
|
|
41
|
+
install:
|
|
42
|
+
- SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
|
|
43
|
+
- ruby --version
|
|
44
|
+
- gem --version
|
|
45
|
+
- bundle --version
|
|
46
|
+
- ridk.cmd install 1 3
|
|
47
|
+
- ridk.cmd exec bundle install
|
|
48
|
+
- ridk.cmd exec bundle exec rake compile
|
data/ext/winevt/winevt.c
CHANGED
|
@@ -5,6 +5,7 @@ VALUE rb_cQuery;
|
|
|
5
5
|
VALUE rb_cEventLog;
|
|
6
6
|
VALUE rb_cSubscribe;
|
|
7
7
|
VALUE rb_eWinevtQueryError;
|
|
8
|
+
VALUE rb_eChannelNotFoundError;
|
|
8
9
|
VALUE rb_eRemoteHandlerError;
|
|
9
10
|
|
|
10
11
|
static ID id_call;
|
|
@@ -17,6 +18,7 @@ Init_winevt(void)
|
|
|
17
18
|
rb_cQuery = rb_define_class_under(rb_cEventLog, "Query", rb_cObject);
|
|
18
19
|
rb_cSubscribe = rb_define_class_under(rb_cEventLog, "Subscribe", rb_cObject);
|
|
19
20
|
rb_eWinevtQueryError = rb_define_class_under(rb_cQuery, "Error", rb_eStandardError);
|
|
21
|
+
rb_eChannelNotFoundError = rb_define_class_under(rb_cEventLog, "ChannelNotFoundError", rb_eStandardError);
|
|
20
22
|
rb_eRemoteHandlerError = rb_define_class_under(rb_cSubscribe, "RemoteHandlerError", rb_eRuntimeError);
|
|
21
23
|
|
|
22
24
|
Init_winevt_channel(rb_cEventLog);
|
data/ext/winevt/winevt_c.h
CHANGED
|
@@ -37,7 +37,8 @@ VALUE wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen);
|
|
|
37
37
|
#if defined(__cplusplus)
|
|
38
38
|
[[ noreturn ]]
|
|
39
39
|
#endif /* __cplusplus */
|
|
40
|
-
void
|
|
40
|
+
void raise_system_error(VALUE error, DWORD errorCode);
|
|
41
|
+
void raise_channel_not_found_error(VALUE channelPath);
|
|
41
42
|
VALUE render_to_rb_str(EVT_HANDLE handle, DWORD flags);
|
|
42
43
|
EVT_HANDLE connect_to_remote(LPWSTR computerName, LPWSTR domain,
|
|
43
44
|
LPWSTR username, LPWSTR password,
|
|
@@ -58,6 +59,7 @@ extern VALUE rb_cChannel;
|
|
|
58
59
|
extern VALUE rb_cBookmark;
|
|
59
60
|
extern VALUE rb_cSubscribe;
|
|
60
61
|
extern VALUE rb_eWinevtQueryError;
|
|
62
|
+
extern VALUE rb_eChannelNotFoundError;
|
|
61
63
|
extern VALUE rb_eRemoteHandlerError;
|
|
62
64
|
extern VALUE rb_cLocale;
|
|
63
65
|
extern VALUE rb_cSession;
|
data/ext/winevt/winevt_query.c
CHANGED
|
@@ -131,6 +131,9 @@ rb_winevt_query_initialize(VALUE argc, VALUE *argv, VALUE self)
|
|
|
131
131
|
hRemoteHandle, evtChannel, evtXPath, EvtQueryChannelPath | EvtQueryTolerateQueryErrors);
|
|
132
132
|
err = GetLastError();
|
|
133
133
|
if (err != ERROR_SUCCESS) {
|
|
134
|
+
if (err == ERROR_EVT_CHANNEL_NOT_FOUND) {
|
|
135
|
+
raise_channel_not_found_error(channel);
|
|
136
|
+
}
|
|
134
137
|
raise_system_error(rb_eRuntimeError, err);
|
|
135
138
|
}
|
|
136
139
|
winevtQuery->offset = 0L;
|
|
@@ -248,10 +248,17 @@ rb_winevt_subscribe_subscribe(int argc, VALUE* argv, VALUE self)
|
|
|
248
248
|
if (hSignalEvent != NULL) {
|
|
249
249
|
CloseHandle(hSignalEvent);
|
|
250
250
|
}
|
|
251
|
+
|
|
251
252
|
if (rb_obj_is_kind_of(rb_session, rb_cSession)) {
|
|
252
253
|
rb_raise(rb_eRemoteHandlerError, "Remoting subscription is not working. errCode: %ld\n", status);
|
|
253
|
-
}
|
|
254
|
+
}
|
|
255
|
+
|
|
256
|
+
switch (status) {
|
|
257
|
+
case ERROR_EVT_CHANNEL_NOT_FOUND:
|
|
258
|
+
raise_channel_not_found_error(rb_path);
|
|
259
|
+
default:
|
|
254
260
|
raise_system_error(rb_eWinevtQueryError, status);
|
|
261
|
+
break;
|
|
255
262
|
}
|
|
256
263
|
}
|
|
257
264
|
|
data/ext/winevt/winevt_utils.cpp
CHANGED
|
@@ -10,9 +10,24 @@ wstr_to_rb_str(UINT cp, const WCHAR* wstr, int clen)
|
|
|
10
10
|
{
|
|
11
11
|
VALUE vstr;
|
|
12
12
|
CHAR* ptr;
|
|
13
|
+
int ret = -1;
|
|
14
|
+
DWORD err = ERROR_SUCCESS;
|
|
15
|
+
if (wstr == NULL) {
|
|
16
|
+
return rb_utf8_str_new_cstr("");
|
|
17
|
+
}
|
|
18
|
+
|
|
13
19
|
int len = WideCharToMultiByte(cp, 0, wstr, clen, nullptr, 0, nullptr, nullptr);
|
|
14
20
|
ptr = ALLOCV_N(CHAR, vstr, len);
|
|
15
|
-
|
|
21
|
+
// For memory safety.
|
|
22
|
+
ZeroMemory(ptr, sizeof(CHAR) * len);
|
|
23
|
+
ret = WideCharToMultiByte(cp, 0, wstr, clen, ptr, len, nullptr, nullptr);
|
|
24
|
+
// return 0 should be failure.
|
|
25
|
+
// ref: https://docs.microsoft.com/en-us/windows/win32/api/stringapiset/nf-stringapiset-widechartomultibyte#return-value
|
|
26
|
+
if (ret == 0) {
|
|
27
|
+
err = GetLastError();
|
|
28
|
+
ALLOCV_END(vstr);
|
|
29
|
+
raise_system_error(rb_eRuntimeError, err);
|
|
30
|
+
}
|
|
16
31
|
VALUE str = rb_utf8_str_new_cstr(ptr);
|
|
17
32
|
ALLOCV_END(vstr);
|
|
18
33
|
|
|
@@ -41,6 +56,16 @@ raise_system_error(VALUE error, DWORD errorCode)
|
|
|
41
56
|
#pragma GCC diagnostic pop
|
|
42
57
|
}
|
|
43
58
|
|
|
59
|
+
void
|
|
60
|
+
raise_channel_not_found_error(VALUE channelPath)
|
|
61
|
+
{
|
|
62
|
+
#pragma GCC diagnostic push
|
|
63
|
+
#pragma GCC diagnostic ignored "-Wformat="
|
|
64
|
+
#pragma GCC diagnostic ignored "-Wformat-extra-args"
|
|
65
|
+
rb_raise(rb_eChannelNotFoundError, "Channel Not Found: %" PRIsVALUE, channelPath);
|
|
66
|
+
#pragma GCC diagnostic pop
|
|
67
|
+
}
|
|
68
|
+
|
|
44
69
|
VALUE
|
|
45
70
|
render_to_rb_str(EVT_HANDLE handle, DWORD flags)
|
|
46
71
|
{
|
|
@@ -114,6 +139,36 @@ guid_to_wstr(const GUID& guid)
|
|
|
114
139
|
return s;
|
|
115
140
|
}
|
|
116
141
|
|
|
142
|
+
static VALUE
|
|
143
|
+
make_displayable_binary_string(PBYTE bin, size_t length)
|
|
144
|
+
{
|
|
145
|
+
const char *HEX_TABLE = "0123456789ABCDEF";
|
|
146
|
+
CHAR *buffer;
|
|
147
|
+
int size = length * 2 + 1;
|
|
148
|
+
size_t i, j;
|
|
149
|
+
unsigned int idx = 0;
|
|
150
|
+
VALUE vbuffer;
|
|
151
|
+
|
|
152
|
+
if (length == 0) {
|
|
153
|
+
return rb_str_new2("(NULL)");
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
buffer = ALLOCV_N(CHAR, vbuffer, size);
|
|
157
|
+
|
|
158
|
+
for (i = 0; i < length; i++) {
|
|
159
|
+
for (j = 0; j < 2; j++) {
|
|
160
|
+
idx = (unsigned int)(bin[i] >> (j * 4) & 0x0F);
|
|
161
|
+
buffer[2*i+(1-j)] = HEX_TABLE[idx];
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
buffer[size - 1] = '\0';
|
|
165
|
+
|
|
166
|
+
VALUE str = rb_str_new2(buffer);
|
|
167
|
+
ALLOCV_END(vbuffer);
|
|
168
|
+
|
|
169
|
+
return str;
|
|
170
|
+
}
|
|
171
|
+
|
|
117
172
|
static VALUE
|
|
118
173
|
extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
|
|
119
174
|
{
|
|
@@ -287,6 +342,14 @@ extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
|
|
|
287
342
|
rb_ary_push(userValues, rbObj);
|
|
288
343
|
}
|
|
289
344
|
break;
|
|
345
|
+
case EvtVarTypeBinary:
|
|
346
|
+
if (pRenderedValues[i].BinaryVal == nullptr) {
|
|
347
|
+
rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
|
|
348
|
+
} else {
|
|
349
|
+
rbObj = make_displayable_binary_string(pRenderedValues[i].BinaryVal, pRenderedValues[i].Count);
|
|
350
|
+
rb_ary_push(userValues, rbObj);
|
|
351
|
+
}
|
|
352
|
+
break;
|
|
290
353
|
default:
|
|
291
354
|
rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
|
|
292
355
|
break;
|
|
@@ -367,6 +430,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
367
430
|
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
|
368
431
|
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
|
369
432
|
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
|
433
|
+
case ERROR_RESOURCE_DATA_NOT_FOUND:
|
|
434
|
+
case ERROR_RESOURCE_TYPE_NOT_FOUND:
|
|
435
|
+
case ERROR_RESOURCE_NAME_NOT_FOUND:
|
|
370
436
|
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
|
371
437
|
case ERROR_MUI_FILE_NOT_FOUND:
|
|
372
438
|
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT: {
|
|
@@ -419,6 +485,9 @@ get_message(EVT_HANDLE hMetadata, EVT_HANDLE handle)
|
|
|
419
485
|
case ERROR_EVT_MESSAGE_NOT_FOUND:
|
|
420
486
|
case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
|
|
421
487
|
case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
|
|
488
|
+
case ERROR_RESOURCE_DATA_NOT_FOUND:
|
|
489
|
+
case ERROR_RESOURCE_TYPE_NOT_FOUND:
|
|
490
|
+
case ERROR_RESOURCE_NAME_NOT_FOUND:
|
|
422
491
|
case ERROR_RESOURCE_LANG_NOT_FOUND:
|
|
423
492
|
case ERROR_MUI_FILE_NOT_FOUND:
|
|
424
493
|
case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
|
|
@@ -652,30 +721,34 @@ render_system_event(EVT_HANDLE hEvent, BOOL preserve_qualifiers)
|
|
|
652
721
|
? Qnil
|
|
653
722
|
: rb_str_new2(buffer));
|
|
654
723
|
|
|
655
|
-
|
|
656
|
-
|
|
657
|
-
|
|
658
|
-
|
|
659
|
-
|
|
660
|
-
|
|
661
|
-
|
|
662
|
-
|
|
663
|
-
|
|
664
|
-
|
|
665
|
-
|
|
666
|
-
|
|
667
|
-
|
|
668
|
-
|
|
669
|
-
|
|
670
|
-
|
|
671
|
-
|
|
672
|
-
|
|
673
|
-
|
|
674
|
-
|
|
675
|
-
|
|
676
|
-
|
|
677
|
-
|
|
678
|
-
|
|
724
|
+
if (EvtVarTypeNull != pRenderedValues[EvtSystemTimeCreated].Type) {
|
|
725
|
+
ullTimeStamp = pRenderedValues[EvtSystemTimeCreated].FileTimeVal;
|
|
726
|
+
ft.dwHighDateTime = (DWORD)((ullTimeStamp >> 32) & 0xFFFFFFFF);
|
|
727
|
+
ft.dwLowDateTime = (DWORD)(ullTimeStamp & 0xFFFFFFFF);
|
|
728
|
+
|
|
729
|
+
FileTimeToSystemTime(&ft, &st);
|
|
730
|
+
ullNanoseconds =
|
|
731
|
+
(ullTimeStamp % 10000000) *
|
|
732
|
+
100; // Display nanoseconds instead of milliseconds for higher resolution
|
|
733
|
+
_snprintf_s(buffer,
|
|
734
|
+
_countof(buffer),
|
|
735
|
+
_TRUNCATE,
|
|
736
|
+
"%02d/%02d/%02d %02d:%02d:%02d.%llu",
|
|
737
|
+
st.wYear,
|
|
738
|
+
st.wMonth,
|
|
739
|
+
st.wDay,
|
|
740
|
+
st.wHour,
|
|
741
|
+
st.wMinute,
|
|
742
|
+
st.wSecond,
|
|
743
|
+
ullNanoseconds);
|
|
744
|
+
rb_hash_aset(hash,
|
|
745
|
+
rb_str_new2("TimeCreated"),
|
|
746
|
+
rb_str_new2(buffer));
|
|
747
|
+
} else {
|
|
748
|
+
rb_hash_aset(hash,
|
|
749
|
+
rb_str_new2("TimeCreated"),
|
|
750
|
+
Qnil);
|
|
751
|
+
}
|
|
679
752
|
_snprintf_s(buffer,
|
|
680
753
|
_countof(buffer),
|
|
681
754
|
_TRUNCATE,
|
data/lib/winevt/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: winevt_c
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.10.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-09-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -161,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
161
161
|
- !ruby/object:Gem::Version
|
|
162
162
|
version: '0'
|
|
163
163
|
requirements: []
|
|
164
|
-
rubygems_version: 3.
|
|
164
|
+
rubygems_version: 3.3.5
|
|
165
165
|
signing_key:
|
|
166
166
|
specification_version: 4
|
|
167
167
|
summary: Windows Event Log API bindings from winevt.h.
|