[Win32utils-devel] Need a little help with the pure Ruby win32-eventlog

Tue May 16 23:51:08 EDT 2006

Hi,

2006/5/17, Daniel Berger <djberg96 at gmail.com>:
> Hi all,
>
> I'm working on the EventLog#read method for the pure Ruby version of
> win32-eventlog, but I'm stuck on the get_description private method.
>
> Here are the problems:
>
> * I don't think I'm advancing the EVENTLOGRECORD properly between
> iterations.  Take a look at the end of the "while dwread > 0" loop.  I
> get some records, but not all of them.
>
> * I'm not sure how to properly populate or pack/unpack the va_list,
> which is later passed to the FormatMessage() function.
>
> Please take a look.
>
> Thanks,
>
> Dan

Here is the patch:

--- eventlog.rb	2006-05-17 10:40:34.000000000 +0900
+++ eventlog.rb.new	2006-05-17 12:46:18.978361600 +0900
@@ -227,6 +227,7 @@
                struct.event_type     = event_type
                struct.user           = user
                struct.category       = buf[26,2].unpack('S').first
+               struct.description 	 = desc

                if block_given?
                   yield struct
@@ -239,9 +240,9 @@
                end

                length = buf[0,4].unpack('L').first # Length
-
-               dwread -= buf.strip.length
-               buf += 0.chr * length
+
+               dwread -= length
+               buf = buf[length..-1]
             end

             buf = 0.chr * BUFFER_SIZE
@@ -254,19 +255,20 @@
       private

       # TODO: finish
-      def get_description(rec, event_source)
-         str     = rec[36,4].unpack('L').first # StringOffset
+      def get_description(rec, event_source)
+         str     = [rec].pack('P').unpack('L').first +
rec[36,4].unpack('L').first # StringOffset
          num     = rec[24,2].unpack('S').first # NumStrings
          hkey    = [0].pack('L')
          key     = BASE_KEY + "#{@source}\\#{event_source}"
          va_list = []
+         buf = 0.chr * 1024

          # TODO: Fix this loop
          0.upto(num){
             va_list.push(str)
             str += str.size + 1
          }
-
+         	va_list_ptr = va_list.pack('L*')
          if RegOpenKeyEx(HKEY_LOCAL_MACHINE, key, 0, KEY_READ, hkey) == 0
             value = 'EventMessageFile'
             file  = 0.chr * MAX_SIZE
@@ -284,9 +286,7 @@
                   hmodule  = LoadLibraryEx(file, 0, LOAD_LIBRARY_AS_DATAFILE)
                   event_id = rec[20,4].unpack('L').first
                   if hmodule != 0
-                     buf = 0.chr * 260
                      FormatMessage(
-                        FORMAT_MESSAGE_ALLOCATE_BUFFER |
                         FORMAT_MESSAGE_FROM_HMODULE |
                         FORMAT_MESSAGE_FROM_SYSTEM |
                         FORMAT_MESSAGE_ARGUMENT_ARRAY,
@@ -295,7 +295,7 @@
                         0,
                         buf,
                         buf.size,
-                        va_list # TODO: unpack this properly
+                        va_list_ptr
                      )
                      FreeLibrary(hmodule)
                   end
@@ -304,6 +304,6 @@

             RegCloseKey(hkey)
          end
+         buf.strip
       end


Regards,

Park Heesob

