winevt_c 0.2.2-x64-mingw32 → 0.2.3-x64-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/ext/winevt/winevt_utils.c +27 -18
- data/lib/winevt/2.4/winevt.so +0 -0
- data/lib/winevt/2.5/winevt.so +0 -0
- data/lib/winevt/2.6/winevt.so +0 -0
- data/lib/winevt/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9e7f329d578b0b67f40eae8c55000be943bb710116e500ac044919aa7b633ecd
|
|
4
|
+
data.tar.gz: 8bd86cfc2c0653953ec7c5665719e3c8f79990dbcc1562ac7d592886563c82e1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f8f54dcc941815f5e0280ec3f1e0c0ec005d62d01ad5cf8446f2278f49959e40e13b5c7abd2bd1b2b6c96d8ffe64dd1c389f300123b722dd44bd229f5097c1e6
|
|
7
|
+
data.tar.gz: 70874739894f9627830cf6a5ceb95621768c169ec7c0f9ac890c26b3876dce83581961137506ac5f46f4af8c359ec12574006f306ea9ca031f9921b8008768de
|
data/ext/winevt/winevt_utils.c
CHANGED
|
@@ -90,8 +90,9 @@ char* get_description(EVT_HANDLE handle)
|
|
|
90
90
|
TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
|
|
91
91
|
HMODULE hModule = NULL;
|
|
92
92
|
|
|
93
|
-
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID"
|
|
94
|
-
|
|
93
|
+
static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
|
|
94
|
+
L"Event/System/EventID/@Qualifiers"};
|
|
95
|
+
EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
|
|
95
96
|
if (renderContext == NULL) {
|
|
96
97
|
rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
|
|
97
98
|
}
|
|
@@ -127,11 +128,15 @@ char* get_description(EVT_HANDLE handle)
|
|
|
127
128
|
WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
|
|
128
129
|
}
|
|
129
130
|
|
|
130
|
-
DWORD eventId = 0;
|
|
131
|
+
DWORD eventId = 0, qualifiers = 0;
|
|
131
132
|
if (values[1].Type == EvtVarTypeUInt16) {
|
|
132
133
|
eventId = values[1].UInt16Val;
|
|
133
134
|
}
|
|
134
135
|
|
|
136
|
+
if (values[2].Type == EvtVarTypeUInt16) {
|
|
137
|
+
qualifiers = values[2].UInt16Val;
|
|
138
|
+
}
|
|
139
|
+
|
|
135
140
|
// Open publisher metadata
|
|
136
141
|
hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
|
|
137
142
|
if (hMetadata == NULL) {
|
|
@@ -202,21 +207,25 @@ char* get_description(EVT_HANDLE handle)
|
|
|
202
207
|
hModule = LoadLibraryEx(messageEXE, NULL,
|
|
203
208
|
DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
|
|
204
209
|
|
|
205
|
-
if(FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
210
|
+
if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
211
|
+
hModule,
|
|
212
|
+
eventId,
|
|
213
|
+
0, // Use current code page. Users must specify character encoding in Ruby side.
|
|
214
|
+
descriptionBuffer,
|
|
215
|
+
MAX_BUFFER,
|
|
216
|
+
NULL)) {
|
|
217
|
+
if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
|
|
218
|
+
// clear buffer
|
|
219
|
+
ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
|
|
220
|
+
eventId = qualifiers << 16 | eventId;
|
|
221
|
+
FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
|
|
222
|
+
hModule,
|
|
223
|
+
eventId,
|
|
224
|
+
0, // Use current code page. Users must specify character encoding in Ruby side.
|
|
225
|
+
descriptionBuffer,
|
|
226
|
+
MAX_BUFFER,
|
|
227
|
+
NULL);
|
|
228
|
+
}
|
|
220
229
|
}
|
|
221
230
|
}
|
|
222
231
|
|
data/lib/winevt/2.4/winevt.so
CHANGED
|
Binary file
|
data/lib/winevt/2.5/winevt.so
CHANGED
|
Binary file
|
data/lib/winevt/2.6/winevt.so
CHANGED
|
Binary file
|
data/lib/winevt/version.rb
CHANGED