winevt_c 0.3.6 → 0.3.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7a51085b5870b9ca54cc61070efc7b9c2e337f64db3c49c26bd02134989e4c49
4
- data.tar.gz: 78a567ee5ccc9f71a909131218272d8868e240981de93f91492247bbb4456585
3
+ metadata.gz: '09884e034a7cae3228dd7531156419f3f3838249eed22babb630adef47e12907'
4
+ data.tar.gz: a0839583a5c6a8d14e493f8af87dc4ca31f658add382222f7104690e1f39dfc4
5
5
  SHA512:
6
- metadata.gz: e4e0df85d30e468bf018168244c6979725e7e57bb9e9e5d361b83148b2d6a2ee7bba90d04de232eac59c70260635a628f230f4362cb6c1ae73bdab3c3634adeb
7
- data.tar.gz: 7fb4a5811543f623a028e951498c4ad6637b00c716615c9bc5d5f1b781bb008551477237c6a9c409aecafcbd1a12b0457439fdc2da23ebeee27ddf748df93336
6
+ metadata.gz: 22e5cd794c57f957cdee9aca0b91a9975d7f8ccd50bd9975f3e0538176b417616f5da3aebcfeec8853f7398286cc0ede1507670d002c78fd5236d578b70ee672
7
+ data.tar.gz: fc7ea5311b493b56cdb2942fee4469eaa6efd2dd4655806a8ecdedaa64b030595d248c8fb285712dcfe30c6792921990d1cffe1264d6ea46ec0552c8a1584244
@@ -142,7 +142,6 @@ rb_winevt_query_render(VALUE self)
142
142
 
143
143
  TypedData_Get_Struct(self, struct WinevtQuery, &rb_winevt_query_type, winevtQuery);
144
144
  result = render_event(winevtQuery->event, EvtRenderEventXml);
145
- get_description(winevtQuery->event);
146
145
 
147
146
  return rb_utf8_str_new_cstr(result);
148
147
  }
@@ -282,27 +282,20 @@ VALUE get_values(EVT_HANDLE handle)
282
282
  char* get_description(EVT_HANDLE handle)
283
283
  {
284
284
  #define MAX_BUFFER 65535
285
- WCHAR buffer[4096], file[4096];
285
+ WCHAR buffer[4096], *msg = buffer;
286
286
  WCHAR descriptionBuffer[MAX_BUFFER];
287
287
  ULONG bufferSize = 0;
288
288
  ULONG bufferSizeNeeded = 0;
289
289
  EVT_HANDLE event;
290
290
  ULONG status, count;
291
- char* errBuf;
292
291
  char* result = "";
293
- LPTSTR msgBuf;
294
- TCHAR publisherName[MAX_PATH];
295
- TCHAR fileName[MAX_PATH];
292
+ LPTSTR msgBuf = "";
296
293
  EVT_HANDLE hMetadata = NULL;
297
294
  PEVT_VARIANT values = NULL;
298
- PEVT_VARIANT pProperty = NULL;
299
- PEVT_VARIANT pTemp = NULL;
300
- TCHAR paramEXE[MAX_PATH], messageEXE[MAX_PATH];
301
- HMODULE hModule = NULL;
302
-
303
- static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name", L"Event/System/EventID",
304
- L"Event/System/EventID/@Qualifiers"};
305
- EVT_HANDLE renderContext = EvtCreateRenderContext(3, eventProperties, EvtRenderContextValues);
295
+ PWSTR pwBuffer = NULL;
296
+
297
+ static PCWSTR eventProperties[] = {L"Event/System/Provider/@Name"};
298
+ EVT_HANDLE renderContext = EvtCreateRenderContext(1, eventProperties, EvtRenderContextValues);
306
299
  if (renderContext == NULL) {
307
300
  rb_raise(rb_eWinevtQueryError, "Failed to create renderContext");
308
301
  }
@@ -336,18 +329,6 @@ char* get_description(EVT_HANDLE handle)
336
329
 
337
330
  // Obtain buffer as EVT_VARIANT pointer. To avoid ErrorCide 87 in EvtRender.
338
331
  values = (PEVT_VARIANT)buffer;
339
- if ((values[0].Type == EvtVarTypeString) && (values[0].StringVal != NULL)) {
340
- WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, values[0].StringVal, -1, publisherName, MAX_PATH, NULL, NULL);
341
- }
342
-
343
- DWORD eventId = 0, qualifiers = 0;
344
- if (values[1].Type == EvtVarTypeUInt16) {
345
- eventId = values[1].UInt16Val;
346
- }
347
-
348
- if (values[2].Type == EvtVarTypeUInt16) {
349
- qualifiers = values[2].UInt16Val;
350
- }
351
332
 
352
333
  // Open publisher metadata
353
334
  hMetadata = EvtOpenPublisherMetadata(NULL, values[0].StringVal, NULL, MAKELCID(MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), SORT_DEFAULT), 0);
@@ -357,91 +338,47 @@ char* get_description(EVT_HANDLE handle)
357
338
  goto cleanup;
358
339
  }
359
340
 
360
- /* TODO: Should we implement parameter file reading in C?
361
- // Get the metadata property. If the buffer is not big enough, reallocate the buffer.
362
- // Get parameter file first.
363
- if (!EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count)) {
341
+ if (!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, 4096, buffer, &bufferSizeNeeded)) {
364
342
  status = GetLastError();
365
- if (ERROR_INSUFFICIENT_BUFFER == status) {
366
- bufferSize = count;
367
- pTemp = (PEVT_VARIANT)realloc(pProperty, bufferSize);
368
- if (pTemp) {
369
- pProperty = pTemp;
370
- pTemp = NULL;
371
- EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataParameterFilePath, 0, bufferSize, pProperty, &count);
372
- } else {
373
- rb_raise(rb_eWinevtQueryError, "realloc failed");
374
- }
375
- }
376
-
377
- if (ERROR_SUCCESS != (status = GetLastError())) {
378
- rb_raise(rb_eWinevtQueryError, "EvtGetPublisherMetadataProperty for parameter file failed with %d\n", GetLastError());
379
- }
380
- }
381
-
382
- if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
383
- WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
384
- }
385
- if (paramEXE) {
386
- ExpandEnvironmentStrings(fileName, paramEXE, _countof(paramEXE));
387
- }
388
- */
389
343
 
390
- // Get the metadata property. If the buffer is not big enough, reallocate the buffer.
391
- // Get message file contents.
392
- if (!EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataMessageFilePath, 0, bufferSize, pProperty, &count)) {
393
- status = GetLastError();
394
- if (ERROR_INSUFFICIENT_BUFFER == status) {
395
- bufferSize = count;
396
- pTemp = (PEVT_VARIANT)xrealloc(pProperty, bufferSize);
397
- if (pTemp) {
398
- pProperty = pTemp;
399
- pTemp = NULL;
400
- EvtGetPublisherMetadataProperty(hMetadata, EvtPublisherMetadataMessageFilePath, 0, bufferSize, pProperty, &count);
401
- } else {
402
- rb_raise(rb_eWinevtQueryError, "realloc failed");
344
+ if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
345
+ switch (status) {
346
+ case ERROR_EVT_MESSAGE_NOT_FOUND:
347
+ case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
348
+ case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
349
+ case ERROR_RESOURCE_LANG_NOT_FOUND:
350
+ case ERROR_MUI_FILE_NOT_FOUND:
351
+ case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
352
+ return "";
403
353
  }
404
- }
405
354
 
406
- if (ERROR_SUCCESS != (status = GetLastError())) {
407
- rb_raise(rb_eWinevtQueryError, "EvtGetPublisherMetadataProperty for message file failed with %d\n", GetLastError());
355
+ if (status != ERROR_INSUFFICIENT_BUFFER)
356
+ rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
408
357
  }
409
- }
410
-
411
- if ((pProperty->Type == EvtVarTypeString) && (pProperty->StringVal != NULL)) {
412
- WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK | WC_DEFAULTCHAR, pProperty->StringVal, -1, fileName, MAX_PATH, NULL, NULL);
413
- }
414
- if (messageEXE) {
415
- ExpandEnvironmentStrings(fileName, messageEXE, _countof(messageEXE));
416
- }
417
358
 
418
- if (messageEXE != NULL) {
419
- hModule = LoadLibraryEx(messageEXE, NULL,
420
- DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE);
421
-
422
- if(!FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
423
- hModule,
424
- eventId,
425
- 0, // Use current code page. Users must specify character encoding in Ruby side.
426
- descriptionBuffer,
427
- MAX_BUFFER,
428
- NULL)) {
429
- if (ERROR_MR_MID_NOT_FOUND == GetLastError()) {
430
- // clear buffer
431
- ZeroMemory(descriptionBuffer, sizeof(descriptionBuffer));
432
- eventId = qualifiers << 16 | eventId;
433
- FormatMessageW(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
434
- hModule,
435
- eventId,
436
- 0, // Use current code page. Users must specify character encoding in Ruby side.
437
- descriptionBuffer,
438
- MAX_BUFFER,
439
- NULL);
359
+ if (status == ERROR_INSUFFICIENT_BUFFER) {
360
+ msg = (WCHAR *)malloc(sizeof(WCHAR) * bufferSizeNeeded);
361
+
362
+ if(!EvtFormatMessage(hMetadata, handle, 0xffffffff, 0, NULL, EvtFormatMessageEvent, bufferSizeNeeded, msg, &bufferSizeNeeded)) {
363
+ status = GetLastError();
364
+
365
+ if (status != ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
366
+ switch (status) {
367
+ case ERROR_EVT_MESSAGE_NOT_FOUND:
368
+ case ERROR_EVT_MESSAGE_ID_NOT_FOUND:
369
+ case ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
370
+ case ERROR_RESOURCE_LANG_NOT_FOUND:
371
+ case ERROR_MUI_FILE_NOT_FOUND:
372
+ case ERROR_EVT_UNRESOLVED_PARAMETER_INSERT:
373
+ return "";
374
+ }
375
+
376
+ rb_raise(rb_eWinevtQueryError, "ErrorCode: %d", status);
377
+ }
440
378
  }
441
379
  }
442
380
  }
443
-
444
- result = wstr_to_mbstr(CP_UTF8, descriptionBuffer, -1);
381
+ result = wstr_to_mbstr(CP_UTF8, msg, -1);
445
382
 
446
383
  #undef MAX_BUFFER
447
384
 
@@ -453,8 +390,5 @@ cleanup:
453
390
  if (hMetadata)
454
391
  EvtClose(hMetadata);
455
392
 
456
- if (hModule)
457
- FreeLibrary(hModule);
458
-
459
393
  return result;
460
394
  }
data/lib/winevt/query.rb CHANGED
@@ -1,14 +1,6 @@
1
1
  module Winevt
2
2
  class EventLog
3
3
  class Query
4
- alias_method :each_raw, :each
5
- def each
6
- each_raw do |xml, message, string_inserts|
7
- placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
8
- replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
9
- yield(xml, replaced_message, string_inserts)
10
- end
11
- end
12
4
  end
13
5
  end
14
6
  end
@@ -1,14 +1,6 @@
1
1
  module Winevt
2
2
  class EventLog
3
3
  class Subscribe
4
- alias_method :each_raw, :each
5
- def each
6
- each_raw do |xml, message, string_inserts|
7
- placeholdered_message = message.gsub(/(%\d+)/, '\1$s')
8
- replaced_message = sprintf(placeholdered_message, *string_inserts) rescue message.gsub(/(%\d+)/, "?")
9
- yield(xml, replaced_message, string_inserts)
10
- end
11
- end
12
4
  end
13
5
  end
14
6
  end
@@ -1,3 +1,3 @@
1
1
  module Winevt
2
- VERSION = "0.3.6"
2
+ VERSION = "0.3.7"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: winevt_c
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.6
4
+ version: 0.3.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Hiroshi Hatake
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-06-25 00:00:00.000000000 Z
11
+ date: 2019-06-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler