nwinread 1.0.0

package/.gitattributes

@@ -0,0 +1,2 @@
+# Auto detect text files and perform LF normalization
+* text=auto

package/CHANGES.md

@@ -0,0 +1,120 @@
+# Resumen de Correcciones - nwinread
+
+## Limpieza de Archivos (8 de febrero de 2026)
+
+### Archivos Eliminados
+- `native/eventlog_new.cc` - Archivo temporal de desarrollo
+- `native/eventlog_simple.cc` - Archivo temporal de desarrollo  
+- `native/binding.gyp` - Duplicado innecesario
+- `native/build/` - Carpeta de build duplicada
+- `native/node_modules/` - Dependencias duplicadas
+
+### Archivos Agregados
+- `.gitignore` - Para mantener el repositorio limpio
+
+### Estructura Final Limpia
+```
+nwinread/
+├── binding.gyp           # Configuración de build
+├── index.js             # API principal
+├── package.json         # Configuración del proyecto
+├── README.md            # Documentación
+├── test.js              # Pruebas
+├── CHANGES.md           # Este archivo
+├── .gitignore           # Archivos a ignorar en git
+├── native/
+│   └── eventlog.cc      # Código fuente C++
+└── build/               # Resultado de compilación
+    └── Release/
+        └── eventlog.node
+```
+
+## Problemas Encontrados y Solucionados
+
+### 1. **Inconsistencia en nombres de funciones**
+- **Problema**: En `index.js` se llamaba `native.readEvents()` pero en C++ se exportaba como `read`
+- **Solución**: Corregido para usar `native.read()` con parámetros individuales
+
+### 2. **Problemas de compilación con node-addon-api**
+- **Problema**: Errores de sintaxis con la versión 8.x de node-addon-api
+- **Solución**: Migrado a Node-API puro (node_api.h) que es más estable
+
+### 3. **Configuración de binding.gyp**
+- **Problema**: Configuración incorrecta para Windows y librerías
+- **Solución**: Simplificado para usar Node-API puro y linking correcto a wevtapi.lib
+
+### 4. **Manejo de errores mejorado**
+- **Problema**: Manejo básico de errores sin validación
+- **Solución**: Agregado validación exhaustiva de parámetros y manejo de errores de Windows API
+
+### 5. **Scripts de build**
+- **Problema**: Faltaban scripts convenientes para build
+- **Solución**: Agregados scripts `build`, `rebuild`, `clean`, y `test` en package.json
+
+## Archivos Modificados/Creados
+
+### `package.json`
+- Agregados scripts de build y prueba
+- Removida dependencia de node-addon-api
+- Agregada descripción del proyecto
+
+### `index.js`
+- Corregida llamada a función nativa
+- Mejorada API con parámetros explícitos
+- Agregada documentación de parámetros
+
+### `native/eventlog.cc`
+- Reescrito completamente usando Node-API puro
+- Agregado manejo robusto de errores
+- Mejorada validación de parámetros
+- Mejor conversión de strings UTF-8/UTF-16
+
+### `binding.gyp`
+- Simplificado para Node-API puro
+- Configuración correcta para Windows
+- Linking apropiado a wevtapi.lib
+
+### `test.js`
+- Creado archivo de prueba funcional
+- Prueba lectura del log de Sistema
+- Validación de resultados
+
+### `README.md`
+- Documentación completa actualizada
+- Instrucciones de instalación y uso
+- Ejemplos de código
+- Solución de problemas comunes
+
+## Estado Final
+
+✅ **Compilación**: Exitosa sin errores  
+✅ **Funcionalidad**: Módulo lee eventos de Windows correctamente  
+✅ **Pruebas**: Pasan exitosamente  
+✅ **API**: Interfaz limpia y bien documentada  
+
+## Funcionalidades Implementadas
+
+- Lectura de eventos desde cualquier canal de Windows Event Log
+- Soporte para 3 modos de lectura (principio, final, watermark)
+- Validación robusta de parámetros
+- Manejo apropiado de errores de Windows API
+- Conversión correcta de codificación UTF-8/UTF-16
+- Extracción de Event Record IDs del XML
+- Limitación configurable del número de eventos
+
+## Uso del Módulo
+
+```javascript
+const nwinread = require('nwinread');
+
+const result = nwinread.readEvents(
+  'System',                    // Canal
+  nwinread.START_MODE.END,     // Modo
+  0,                          // Watermark
+  10                          // Máximo eventos
+);
+
+console.log(`Encontrados ${result.records.length} eventos`);
+```
+
+El proyecto ahora está completamente funcional y listo para producción.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Solzimer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,135 @@
+# nwinread - Windows Event Log Reader
+
+A native Node.js module for reading Windows event logs using the Windows Event Log API.
+
+## Requirements
+
+- Windows Vista/7/8/10/11 or Windows Server 2008/2012/2016/2019/2022
+- Node.js (version 14 or higher)
+- Visual Studio Build Tools or Visual Studio Community
+- Python (for node-gyp)
+
+## Installation
+
+```bash
+npm install
+npm run build
+```
+
+### Manual step-by-step installation
+
+```bash
+# Install dependencies
+npm install node-addon-api
+npm install -g node-gyp
+
+# Configure and compile the native module
+node-gyp configure
+node-gyp build
+
+# Or use the package.json script
+npm run build
+```
+
+## Usage
+
+```javascript
+const nwinread = require('nwinread');
+
+// Read events from the end of the log (all events)
+const result = nwinread.readEvents(
+  'System',                    // Channel (System, Application, Security, etc.)  
+  nwinread.START_MODE.END,     // Read mode
+  0,                          // Watermark (for WATERMARK mode)
+  10                          // Maximum number of events
+);
+
+// Read events with specific ID filter
+const filteredResult = nwinread.readEvents(
+  'System',                    // Channel
+  nwinread.START_MODE.BEGINNING, // Read mode
+  0,                          // Watermark
+  20,                         // Maximum number of events
+  [7045, 7034, 7036]          // Event IDs filter (optional)
+);
+
+console.log(`Found ${result.records.length} events`);
+console.log(`Last Record ID: ${result.lastRecordId}`);
+
+console.log(`Filtered events: ${filteredResult.records.length}`);
+
+// Process events
+result.records.forEach((event, index) => {
+  console.log(`Event ${index + 1}:`);
+  console.log(`  Record ID: ${event.recordId}`);
+  console.log(`  XML: ${event.xml.substring(0, 100)}...`);
+});
+```
+
+## Read modes
+
+- `START_MODE.BEGINNING` (0): Read from the beginning of the log
+- `START_MODE.END` (1): Read from the end of the log  
+- `START_MODE.WATERMARK` (2): Read from a specific Record ID
+
+## API
+
+### readEvents(channel, mode, watermark, maxEvents, eventIds)
+
+- **channel** (string): Event channel name (e.g.: 'System', 'Application', 'Security')
+- **mode** (number): Read mode (use START_MODE constants)
+- **watermark** (number): Record ID to start from (only for WATERMARK mode)
+- **maxEvents** (number): Maximum number of events to read (1-10000)
+- **eventIds** (array|null, optional): Array of Event IDs to filter. If `null`, `undefined`, or empty array, no filter is applied
+
+**Returns:** Object with properties:
+- `records`: Array of events with `xml` and `recordId` properties
+- `lastRecordId`: ID of the last processed record
+
+### Event ID filtering examples
+
+```javascript
+// No filter - all events
+const allEvents = nwinread.readEvents('System', nwinread.START_MODE.BEGINNING, 0, 10);
+
+// Filter only Windows service events
+const serviceEvents = nwinread.readEvents('System', nwinread.START_MODE.BEGINNING, 0, 10, [7034, 7035, 7036, 7040, 7045]);
+
+// Filter specific critical events
+const criticalEvents = nwinread.readEvents('System', nwinread.START_MODE.BEGINNING, 0, 10, [1000, 1001, 1002]);
+
+// Empty array = no filter (equivalent to null)
+const noFilter = nwinread.readEvents('System', nwinread.START_MODE.BEGINNING, 0, 10, []);
+```
+
+### Common Event IDs
+
+- **7034**: Service crashed
+- **7035**: Service start/stop control sent  
+- **7036**: Service started/stopped
+- **7040**: Service startup type changed
+- **7045**: New service installed
+- **1000**: Application error
+- **1001**: Application hang
+- **4624**: Successful account logon (Security log)
+- **4625**: Failed account logon (Security log)
+
+## Testing
+
+```bash
+npm test
+```
+
+## Troubleshooting
+
+1. **Compilation error**: Make sure you have Visual Studio Build Tools installed
+2. **Permission error**: Some logs require administrator privileges
+3. **Channel not found**: Verify that the channel name is correct
+
+## Common channels
+
+- `System`: System events
+- `Application`: Application events  
+- `Security`: Security events (requires admin permissions)
+- `Setup`: Installation events
+- `Microsoft-Windows-PowerShell/Operational`: PowerShell events

package/binding.gyp

@@ -0,0 +1,27 @@
+{
+  "targets": [
+    {
+      "target_name": "eventlog",
+      "sources": [ "native/eventlog.cc" ],
+      "defines": [ 
+        "UNICODE",
+        "_UNICODE",
+        "WIN32_LEAN_AND_MEAN",
+        "_WIN32_WINNT=0x0600"
+      ],
+      "conditions": [
+        ['OS=="win"', {
+          "link_settings": {
+            "libraries": [ "-lwevtapi.lib" ]
+          },
+          "msvs_settings": {
+            "VCCLCompilerTool": {
+              "ExceptionHandling": 1,
+              "AdditionalOptions": [ "/utf-8" ]
+            }
+          }
+        }]
+      ]
+    }
+  ]
+}

package/build/binding.sln

@@ -0,0 +1,19 @@
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2015
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eventlog", "eventlog.vcxproj", "{3EC5C0A2-29FB-8AA2-6EDD-875B8159EA7D}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Release|x64 = Release|x64
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{3EC5C0A2-29FB-8AA2-6EDD-875B8159EA7D}.Debug|x64.ActiveCfg = Debug|x64
+		{3EC5C0A2-29FB-8AA2-6EDD-875B8159EA7D}.Debug|x64.Build.0 = Debug|x64
+		{3EC5C0A2-29FB-8AA2-6EDD-875B8159EA7D}.Release|x64.ActiveCfg = Release|x64
+		{3EC5C0A2-29FB-8AA2-6EDD-875B8159EA7D}.Release|x64.Build.0 = Release|x64
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal

package/build/eventlog.vcxproj

@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{3EC5C0A2-29FB-8AA2-6EDD-875B8159EA7D}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>eventlog</RootNamespace>
+    <IgnoreWarnCompileDuplicatedFilename>true</IgnoreWarnCompileDuplicatedFilename>
+    <PreferredToolArchitecture>x64</PreferredToolArchitecture>
+    <WindowsTargetPlatformVersion>10.0.22000.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props"/>
+  <PropertyGroup Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+  </PropertyGroup>
+  <PropertyGroup Label="Locals">
+    <PlatformToolset>v143</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props"/>
+  <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props"/>
+  <ImportGroup Label="ExtensionSettings"/>
+  <ImportGroup Label="PropertySheets">
+    <Import Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props"/>
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros"/>
+  <PropertyGroup>
+    <ExecutablePath>$(ExecutablePath);$(MSBuildProjectDirectory)\..\bin\;$(MSBuildProjectDirectory)\..\bin\</ExecutablePath>
+    <IgnoreImportLibrary>true</IgnoreImportLibrary>
+    <IntDir>$(Configuration)\obj\$(ProjectName)\</IntDir>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</LinkIncremental>
+    <LinkIncremental Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
+    <TargetExt Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">.node</TargetExt>
+    <TargetExt Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">.node</TargetExt>
+    <TargetExt Condition="'$(Configuration)|$(Platform)'=='Release|x64'">.node</TargetExt>
+    <TargetExt Condition="'$(Configuration)|$(Platform)'=='Release|x64'">.node</TargetExt>
+    <TargetName>$(ProjectName)</TargetName>
+    <TargetPath>$(OutDir)\$(ProjectName).node</TargetPath>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\include\node;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\src;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\config;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\openssl\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\uv\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\zlib;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\v8\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalOptions>/Zc:__cplusplus -std:c++20 /Zm2000 /utf-8 %(AdditionalOptions)</AdditionalOptions>
+      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
+      <BufferSecurityCheck>true</BufferSecurityCheck>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+      <DisableSpecificWarnings>4351;4355;4800;4251;4275;4244;4267;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+      <ExceptionHandling>Sync</ExceptionHandling>
+      <MinimalRebuild>false</MinimalRebuild>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <OmitFramePointers>false</OmitFramePointers>
+      <Optimization>Disabled</Optimization>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PreprocessorDefinitions>NODE_GYP_MODULE_NAME=eventlog;USING_UV_SHARED=1;USING_V8_SHARED=1;V8_DEPRECATION_WARNINGS=1;_GLIBCXX_USE_CXX11_ABI=1;_FILE_OFFSET_BITS=64;WIN32;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;_HAS_EXCEPTIONS=0;NOMINMAX;OPENSSL_NO_PINSHARED;OPENSSL_THREADS;UNICODE;_UNICODE;WIN32_LEAN_AND_MEAN;_WIN32_WINNT=0x0600;BUILDING_NODE_EXTENSION;HOST_BINARY=&quot;node.exe&quot;;DEBUG;_DEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+      <StringPooling>true</StringPooling>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+    </ClCompile>
+    <Lib>
+      <AdditionalOptions>/LTCG:INCREMENTAL %(AdditionalOptions)</AdditionalOptions>
+    </Lib>
+    <Link>
+      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;delayimp.lib;&quot;C:\\Users\\solzi\\AppData\\Local\\node-gyp\\Cache\\22.17.0\\x64\\node.lib&quot;;wevtapi.lib</AdditionalDependencies>
+      <AdditionalOptions>/LTCG:INCREMENTAL /ignore:4199 %(AdditionalOptions)</AdditionalOptions>
+      <DelayLoadDLLs>node.exe;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <OptimizeReferences>true</OptimizeReferences>
+      <OutputFile>$(OutDir)$(ProjectName).node</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetExt>.node</TargetExt>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+    <ResourceCompile>
+      <AdditionalIncludeDirectories>C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\include\node;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\src;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\config;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\openssl\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\uv\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\zlib;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\v8\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NODE_GYP_MODULE_NAME=eventlog;USING_UV_SHARED=1;USING_V8_SHARED=1;V8_DEPRECATION_WARNINGS=1;_GLIBCXX_USE_CXX11_ABI=1;_FILE_OFFSET_BITS=64;WIN32;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;_HAS_EXCEPTIONS=0;NOMINMAX;OPENSSL_NO_PINSHARED;OPENSSL_THREADS;UNICODE;_UNICODE;WIN32_LEAN_AND_MEAN;_WIN32_WINNT=0x0600;BUILDING_NODE_EXTENSION;HOST_BINARY=&quot;node.exe&quot;;DEBUG;_DEBUG;%(PreprocessorDefinitions);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ResourceCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <AdditionalIncludeDirectories>C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\include\node;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\src;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\config;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\openssl\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\uv\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\zlib;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\v8\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalOptions>/Zc:__cplusplus -std:c++20 /Zm2000 /utf-8 %(AdditionalOptions)</AdditionalOptions>
+      <BufferSecurityCheck>true</BufferSecurityCheck>
+      <DebugInformationFormat>OldStyle</DebugInformationFormat>
+      <DisableSpecificWarnings>4351;4355;4800;4251;4275;4244;4267;%(DisableSpecificWarnings)</DisableSpecificWarnings>
+      <ExceptionHandling>Sync</ExceptionHandling>
+      <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <OmitFramePointers>true</OmitFramePointers>
+      <Optimization>Full</Optimization>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <PreprocessorDefinitions>NODE_GYP_MODULE_NAME=eventlog;USING_UV_SHARED=1;USING_V8_SHARED=1;V8_DEPRECATION_WARNINGS=1;_GLIBCXX_USE_CXX11_ABI=1;_FILE_OFFSET_BITS=64;WIN32;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;_HAS_EXCEPTIONS=0;NOMINMAX;OPENSSL_NO_PINSHARED;OPENSSL_THREADS;UNICODE;_UNICODE;WIN32_LEAN_AND_MEAN;_WIN32_WINNT=0x0600;BUILDING_NODE_EXTENSION;HOST_BINARY=&quot;node.exe&quot;;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <RuntimeTypeInfo>false</RuntimeTypeInfo>
+      <StringPooling>true</StringPooling>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TreatWarningAsError>false</TreatWarningAsError>
+      <WarningLevel>Level3</WarningLevel>
+      <WholeProgramOptimization>true</WholeProgramOptimization>
+    </ClCompile>
+    <Lib>
+      <AdditionalOptions>/LTCG:INCREMENTAL %(AdditionalOptions)</AdditionalOptions>
+    </Lib>
+    <Link>
+      <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;delayimp.lib;&quot;C:\\Users\\solzi\\AppData\\Local\\node-gyp\\Cache\\22.17.0\\x64\\node.lib&quot;;wevtapi.lib</AdditionalDependencies>
+      <AdditionalOptions>/LTCG:INCREMENTAL /ignore:4199 %(AdditionalOptions)</AdditionalOptions>
+      <DelayLoadDLLs>node.exe;%(DelayLoadDLLs)</DelayLoadDLLs>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <OptimizeReferences>true</OptimizeReferences>
+      <OutputFile>$(OutDir)$(ProjectName).node</OutputFile>
+      <SuppressStartupBanner>true</SuppressStartupBanner>
+      <TargetExt>.node</TargetExt>
+      <TargetMachine>MachineX64</TargetMachine>
+    </Link>
+    <ResourceCompile>
+      <AdditionalIncludeDirectories>C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\include\node;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\src;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\config;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\openssl\openssl\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\uv\include;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\zlib;C:\Users\solzi\AppData\Local\node-gyp\Cache\22.17.0\deps\v8\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <PreprocessorDefinitions>NODE_GYP_MODULE_NAME=eventlog;USING_UV_SHARED=1;USING_V8_SHARED=1;V8_DEPRECATION_WARNINGS=1;_GLIBCXX_USE_CXX11_ABI=1;_FILE_OFFSET_BITS=64;WIN32;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_DEPRECATE;_HAS_EXCEPTIONS=0;NOMINMAX;OPENSSL_NO_PINSHARED;OPENSSL_THREADS;UNICODE;_UNICODE;WIN32_LEAN_AND_MEAN;_WIN32_WINNT=0x0600;BUILDING_NODE_EXTENSION;HOST_BINARY=&quot;node.exe&quot;;%(PreprocessorDefinitions);%(PreprocessorDefinitions)</PreprocessorDefinitions>
+    </ResourceCompile>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <None Include="..\binding.gyp"/>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\native\eventlog.cc">
+      <ObjectFileName>$(IntDir)\native\eventlog.obj</ObjectFileName>
+    </ClCompile>
+    <ClCompile Include="C:\Users\solzi\AppData\Roaming\nvm\v22.17.0\node_modules\node-gyp\src\win_delay_load_hook.cc"/>
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets"/>
+  <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets"/>
+  <ImportGroup Label="ExtensionTargets"/>
+</Project>

package/build/eventlog.vcxproj.filters

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="..">
+      <UniqueIdentifier>{13ED4249-1F9C-5F0F-2651-29A73F3A7059}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="..\native">
+      <UniqueIdentifier>{751DE1B9-2CA6-B33D-2A40-92CBD5B002F3}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:">
+      <UniqueIdentifier>{F87FD356-0FEB-9BC5-D1FA-368C81420008}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users">
+      <UniqueIdentifier>{707347A1-1ABA-A9B2-9AF4-DE122F5D7F08}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi">
+      <UniqueIdentifier>{36F44239-C2BD-2609-082B-8716CC7F3439}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi\AppData">
+      <UniqueIdentifier>{DABCEBCE-33D1-4D68-EC67-0BC19A2A0901}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi\AppData\Roaming">
+      <UniqueIdentifier>{06897101-0A2C-F34A-36C2-4D0BE8BF5EB9}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi\AppData\Roaming\nvm">
+      <UniqueIdentifier>{C6BD613B-358D-2DCD-8B8A-73765EB3E8E4}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi\AppData\Roaming\nvm\v22.17.0">
+      <UniqueIdentifier>{EEBCB736-7B17-79B2-FBF2-41E78D86FD71}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi\AppData\Roaming\nvm\v22.17.0\node_modules">
+      <UniqueIdentifier>{126A39EA-1D28-5689-C126-0DA0AB5837A0}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi\AppData\Roaming\nvm\v22.17.0\node_modules\node-gyp">
+      <UniqueIdentifier>{49558BB4-6D34-CA91-A65D-85A65792DC11}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="C:\Users\solzi\AppData\Roaming\nvm\v22.17.0\node_modules\node-gyp\src">
+      <UniqueIdentifier>{F1003AD6-4B6D-45DF-3F56-5CAC869BF55E}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="..">
+      <UniqueIdentifier>{13ED4249-1F9C-5F0F-2651-29A73F3A7059}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\native\eventlog.cc">
+      <Filter>..\native</Filter>
+    </ClCompile>
+    <ClCompile Include="C:\Users\solzi\AppData\Roaming\nvm\v22.17.0\node_modules\node-gyp\src\win_delay_load_hook.cc">
+      <Filter>C:\Users\solzi\AppData\Roaming\nvm\v22.17.0\node_modules\node-gyp\src</Filter>
+    </ClCompile>
+    <None Include="..\binding.gyp">
+      <Filter>..</Filter>
+    </None>
+  </ItemGroup>
+</Project>

package/index.js

@@ -0,0 +1,17 @@
+const native = require('./build/Release/eventlog.node');
+
+const START_MODE = {
+  BEGINNING: 0,
+  END: 1,
+  WATERMARK: 2
+};
+
+module.exports = {
+  START_MODE,
+
+  readEvents(channel, mode = START_MODE.BEGINNING, watermark = 0, maxEvents = 100, eventIds = null) {
+    // Si eventIds es null, undefined, o un array vacío, no se aplica filtro
+    const filterIds = (eventIds && eventIds.length > 0) ? eventIds : null;
+    return native.read(channel, mode, watermark, maxEvents, filterIds);
+  }
+};

package/native/eventlog.cc

@@ -0,0 +1,298 @@
+#include <node_api.h>
+#include <windows.h>
+#include <winevt.h>
+#include <vector>
+#include <string>
+#include <cassert>
+
+#pragma comment(lib, "wevtapi.lib")
+
+enum ReadMode {
+  FROM_BEGINNING = 0,
+  FROM_END = 1,
+  FROM_WATERMARK = 2
+};
+
+// Convierte UTF-8 a wide string
+std::wstring Utf8ToWide(const std::string& str) {
+  if (str.empty()) return std::wstring();
+  
+  int size = MultiByteToWideChar(CP_UTF8, 0, str.c_str(), -1, NULL, 0);
+  if (size == 0) return std::wstring();
+  
+  std::wstring w(size, 0);
+  MultiByteToWideChar(CP_UTF8, 0, str.c_str(), -1, &w[0], size);
+  return w;
+}
+
+// Convierte wide string a UTF-8
+std::string WideToUtf8(const std::wstring& wstr) {
+  if (wstr.empty()) return std::string();
+  
+  int size = WideCharToMultiByte(CP_UTF8, 0, wstr.c_str(), -1, NULL, 0, NULL, NULL);
+  if (size == 0) return std::string();
+  
+  std::string str(size, 0);
+  WideCharToMultiByte(CP_UTF8, 0, wstr.c_str(), -1, &str[0], size, NULL, NULL);
+  return str;
+}
+
+napi_value ReadEventLog(napi_env env, napi_callback_info info) {
+  napi_status status;
+  size_t argc = 5;
+  napi_value args[5];
+  
+  // Obtener argumentos
+  status = napi_get_cb_info(env, info, &argc, args, nullptr, nullptr);
+  assert(status == napi_ok);
+  
+  if (argc < 4) {
+    napi_throw_type_error(env, nullptr, "Expected 4-5 arguments: (channel, mode, watermark, maxEvents, eventIds?)");
+    return nullptr;
+  }
+  
+  // Extraer channel
+  size_t channel_len;
+  status = napi_get_value_string_utf8(env, args[0], nullptr, 0, &channel_len);
+  assert(status == napi_ok);
+  
+  std::string channel(channel_len, '\0');
+  status = napi_get_value_string_utf8(env, args[0], &channel[0], channel_len + 1, &channel_len);
+  assert(status == napi_ok);
+  
+  // Extraer otros argumentos
+  int32_t mode;
+  int64_t watermark;
+  int32_t maxEvents;
+  
+  status = napi_get_value_int32(env, args[1], &mode);
+  assert(status == napi_ok);
+  
+  status = napi_get_value_int64(env, args[2], &watermark);
+  assert(status == napi_ok);
+  
+  status = napi_get_value_int32(env, args[3], &maxEvents);
+  assert(status == napi_ok);
+  
+  // Procesar eventIds (parámetro opcional)
+  std::vector<int32_t> eventIds;
+  if (argc >= 5) {
+    napi_valuetype valueType;
+    status = napi_typeof(env, args[4], &valueType);
+    
+    if (valueType != napi_null && valueType != napi_undefined) {
+      bool isArray;
+      status = napi_is_array(env, args[4], &isArray);
+      assert(status == napi_ok);
+      
+      if (isArray) {
+        uint32_t arrayLength;
+        status = napi_get_array_length(env, args[4], &arrayLength);
+        assert(status == napi_ok);
+        
+        for (uint32_t i = 0; i < arrayLength; i++) {
+          napi_value element;
+          status = napi_get_element(env, args[4], i, &element);
+          assert(status == napi_ok);
+          
+          int32_t eventId;
+          status = napi_get_value_int32(env, element, &eventId);
+          if (status == napi_ok && eventId > 0) {
+            eventIds.push_back(eventId);
+          }
+        }
+      }
+    }
+  }
+  
+  // Validar parámetros
+  if (channel.empty()) {
+    napi_throw_type_error(env, nullptr, "Channel name cannot be empty");
+    return nullptr;
+  }
+  
+  if (mode < 0 || mode > 2) {
+    napi_throw_type_error(env, nullptr, "Invalid mode. Must be 0, 1, or 2");
+    return nullptr;
+  }
+  
+  if (maxEvents <= 0 || maxEvents > 10000) {
+    napi_throw_type_error(env, nullptr, "maxEvents must be between 1 and 10000");
+    return nullptr;
+  }
+  
+  DWORD flags = EvtQueryChannelPath;
+  if (mode == FROM_END) {
+    flags |= EvtQueryReverseDirection;
+  }
+  
+  std::wstring query;
+  
+  // Construir filtro de Event IDs si se proporcionaron
+  std::wstring eventIdFilter;
+  if (!eventIds.empty()) {
+    eventIdFilter = L"System/EventID=";
+    for (size_t i = 0; i < eventIds.size(); i++) {
+      if (i > 0) {
+        eventIdFilter += L" or System/EventID=";
+      }
+      eventIdFilter += std::to_wstring(eventIds[i]);
+    }
+  }
+  
+  // Construir filtro de watermark si es necesario
+  std::wstring watermarkFilter;
+  if (mode == FROM_WATERMARK && watermark > 0) {
+    watermarkFilter = L"System/EventRecordID > " + std::to_wstring(watermark);
+  }
+  
+  // Combinar filtros
+  if (!eventIdFilter.empty() || !watermarkFilter.empty()) {
+    query = L"*[";
+    
+    if (!eventIdFilter.empty() && !watermarkFilter.empty()) {
+      query += L"(" + eventIdFilter + L") and (" + watermarkFilter + L")";
+    } else if (!eventIdFilter.empty()) {
+      query += eventIdFilter;
+    } else {
+      query += watermarkFilter;
+    }
+    
+    query += L"]";
+  }
+  
+  EVT_HANDLE hQuery = EvtQuery(
+    NULL,
+    Utf8ToWide(channel).c_str(),
+    query.empty() ? NULL : query.c_str(),
+    flags
+  );
+  
+  if (!hQuery) {
+    DWORD errorCode = GetLastError();
+    std::string errorMsg = "EvtQuery failed with error code: " + std::to_string(errorCode);
+    napi_throw_error(env, nullptr, errorMsg.c_str());
+    return nullptr;
+  }
+  
+  std::vector<EVT_HANDLE> events(maxEvents);
+  DWORD returned = 0;
+  
+  BOOL ok = EvtNext(
+    hQuery,
+    maxEvents,
+    events.data(),
+    INFINITE,
+    0,
+    &returned
+  );
+  
+  // Crear array de resultados
+  napi_value records;
+  status = napi_create_array(env, &records);
+  assert(status == napi_ok);
+  
+  uint64_t lastRecordId = watermark;
+  DWORD index = 0;
+  
+  if (ok || GetLastError() == ERROR_NO_MORE_ITEMS) {
+    for (DWORD i = 0; i < returned; i++) {
+      DWORD bufferUsed = 0;
+      DWORD propCount = 0;
+      
+      // Primera llamada para obtener el tamaño del buffer
+      EvtRender(NULL, events[i], EvtRenderEventXml, 0, NULL, &bufferUsed, &propCount);
+      
+      if (bufferUsed == 0) {
+        EvtClose(events[i]);
+        continue;
+      }
+      
+      std::vector<wchar_t> buffer(bufferUsed / sizeof(wchar_t));
+      
+      // Segunda llamada para obtener los datos
+      if (EvtRender(NULL, events[i], EvtRenderEventXml, bufferUsed, buffer.data(), &bufferUsed, &propCount)) {
+        std::wstring xml(buffer.data());
+        std::string xmlUtf8 = WideToUtf8(xml);
+        
+        // Extraer EventRecordID del XML
+        size_t pos = xml.find(L"<EventRecordID>");
+        if (pos != std::wstring::npos) {
+          size_t end = xml.find(L"</EventRecordID>", pos);
+          if (end != std::wstring::npos) {
+            std::wstring recordIdStr = xml.substr(pos + 15, end - (pos + 15));
+            try {
+              lastRecordId = std::stoull(recordIdStr);
+            } catch (...) {
+              // Mantener valor anterior si hay error
+            }
+          }
+        }
+        
+        // Crear objeto record
+        napi_value rec;
+        status = napi_create_object(env, &rec);
+        assert(status == napi_ok);
+        
+        // Agregar xml
+        napi_value xml_val;
+        status = napi_create_string_utf8(env, xmlUtf8.c_str(), xmlUtf8.length(), &xml_val);
+        assert(status == napi_ok);
+        status = napi_set_named_property(env, rec, "xml", xml_val);
+        assert(status == napi_ok);
+        
+        // Agregar recordId
+        napi_value recordId_val;
+        status = napi_create_double(env, (double)lastRecordId, &recordId_val);
+        assert(status == napi_ok);
+        status = napi_set_named_property(env, rec, "recordId", recordId_val);
+        assert(status == napi_ok);
+        
+        // Agregar al array
+        status = napi_set_element(env, records, index++, rec);
+        assert(status == napi_ok);
+      }
+      
+      EvtClose(events[i]);
+    }
+  } else {
+    EvtClose(hQuery);
+    DWORD errorCode = GetLastError();
+    std::string errorMsg = "EvtNext failed with error code: " + std::to_string(errorCode);
+    napi_throw_error(env, nullptr, errorMsg.c_str());
+    return nullptr;
+  }
+  
+  EvtClose(hQuery);
+  
+  // Crear objeto resultado
+  napi_value result;
+  status = napi_create_object(env, &result);
+  assert(status == napi_ok);
+  
+  status = napi_set_named_property(env, result, "records", records);
+  assert(status == napi_ok);
+  
+  napi_value lastRecordId_val;
+  status = napi_create_double(env, (double)lastRecordId, &lastRecordId_val);
+  assert(status == napi_ok);
+  status = napi_set_named_property(env, result, "lastRecordId", lastRecordId_val);
+  assert(status == napi_ok);
+  
+  return result;
+}
+
+napi_value Init(napi_env env, napi_value exports) {
+  napi_status status;
+  napi_value fn;
+  
+  status = napi_create_function(env, nullptr, 0, ReadEventLog, nullptr, &fn);
+  assert(status == napi_ok);
+  
+  status = napi_set_named_property(env, exports, "read", fn);
+  assert(status == napi_ok);
+  
+  return exports;
+}
+
+NAPI_MODULE(NODE_GYP_MODULE_NAME, Init)

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "nwinread",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "build": "node-gyp configure && node-gyp build",
+    "rebuild": "node-gyp rebuild",
+    "clean": "node-gyp clean",
+    "test": "node test.js"
+  },
+  "author": "solzimer",
+  "license": "MIT",
+  "description": "Native Windows Event Log Reader for Node.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/solzimer/nwinread.git"
+  },
+  "devDependencies": {
+    "node-gyp": "^10.0.0"
+  },
+  "gypfile": true
+}

package/test.js

@@ -0,0 +1,34 @@
+const nwinread = require('./index.js');
+
+console.log('Testing nwinread module...');
+
+const watermark = parseInt(process.argv[2]) || 0;
+const testEventIds = process.argv[3] ? process.argv[3].split(',').map(id => parseInt(id)) : null;
+
+console.log(`Using watermark: ${watermark}`);
+console.log(`Event ID filter: ${testEventIds ? testEventIds.join(', ') : 'None (all events)'}`);
+
+try {
+  // Prueba básica - leer desde el log de sistema con filtro opcional de IDs
+  const mode = watermark > 0 ? nwinread.START_MODE.WATERMARK : nwinread.START_MODE.BEGINNING;
+  const result = nwinread.readEvents('System', mode, watermark, 10, testEventIds);
+
+  console.log(`Found ${result.records.length} events`);
+  console.log(`Last Record ID: ${result.lastRecordId}`);
+
+  result.records.forEach((record, index) => {
+    console.log(`\nEvent ${index + 1}:`);
+    console.log(`Record ID: ${record.recordId}`);
+    console.log(`XML: ${record.xml.substring(0, 200)}...`); // Mostrar solo los primeros 200 caracteres
+  });
+
+  console.log('\nTest completed successfully!');
+  console.log('\nUsage examples:');
+  console.log('  node test.js                    - Read all events from beginning');
+  console.log('  node test.js 0 1000,1001        - Read events with IDs 1000 and 1001');
+  console.log('  node test.js 123                - Read from watermark 123, all events');
+  console.log('  node test.js 123 7045,7034,7036 - Read from watermark 123, filter by service event IDs');
+} catch (error) {
+  console.error('Test failed:', error.message);
+  process.exit(1);
+}