Example 1 with SYSTEMTIME
use of com.sun.jna.platform.win32.WinBase.SYSTEMTIME in project jna by java-native-access.
the class WevtapiTest method testReadEvents.
public void testReadEvents() throws Exception {
EVT_HANDLE queryHandle = null;
EVT_HANDLE contextHandle = null;
File testEvtx = new File(getClass().getResource("/res/WevtapiTest.sample1.evtx").toURI());
StringBuilder sb = new StringBuilder();
try {
// test EvtQuery
queryHandle = Wevtapi.INSTANCE.EvtQuery(null, testEvtx.getPath(), null, Winevt.EVT_QUERY_FLAGS.EvtQueryFilePath);
// test EvtCreateRenderContext
String[] targets = { "Event/System/Provider/@Name", "Event/System/EventRecordID", "Event/System/EventID", "Event/EventData/Data", "Event/System/TimeCreated/@SystemTime" };
contextHandle = Wevtapi.INSTANCE.EvtCreateRenderContext(targets.length, targets, Winevt.EVT_RENDER_CONTEXT_FLAGS.EvtRenderContextValues);
// test EvtNext
int eventArraySize = 10;
int evtNextTimeout = 1000;
int arrayIndex = 0;
EVT_HANDLE[] eventArray = new EVT_HANDLE[eventArraySize];
IntByReference returned = new IntByReference();
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd");
while (Wevtapi.INSTANCE.EvtNext(queryHandle, eventArraySize, eventArray, evtNextTimeout, 0, returned)) {
// test EvtRender
Memory buff;
IntByReference propertyCount = new IntByReference();
Winevt.EVT_VARIANT evtVariant = new Winevt.EVT_VARIANT();
for (int i = 0; i < returned.getValue(); i++) {
buff = WevtapiUtil.EvtRender(contextHandle, eventArray[i], Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues, propertyCount);
assertThat("PropertyCount", propertyCount.getValue(), is(5));
useMemory(evtVariant, buff, 0);
assertThat("Provider Name", (String) evtVariant.getValue(), is("testSource"));
sb.append((String) evtVariant.getValue());
useMemory(evtVariant, buff, 1);
assertThat("EventRecordID", (Long) evtVariant.getValue(), is((long) arrayIndex * eventArraySize + i + 1));
useMemory(evtVariant, buff, 2);
assertThat("EventID", (Short) evtVariant.getValue(), is((short) (5000 + (arrayIndex * eventArraySize + i + 1))));
useMemory(evtVariant, buff, 3);
String[] args = (String[]) evtVariant.getValue();
assertThat("Data#length", args.length, is(1));
assertThat("Data#value", args[0], is("testMessage" + (arrayIndex * eventArraySize + i + 1)));
useMemory(evtVariant, buff, 4);
Date systemtime = ((WinBase.FILETIME) evtVariant.getValue()).toDate();
assertThat("TimeCreated", dateFormat.format(systemtime), is("2016-08-17"));
}
arrayIndex++;
}
if (Kernel32.INSTANCE.GetLastError() != WinError.ERROR_SUCCESS && Kernel32.INSTANCE.GetLastError() != WinError.ERROR_NO_MORE_ITEMS) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
assertThat(sb.length() > 0, is(true));
} finally {
// test EvtClose
if (queryHandle != null) {
Wevtapi.INSTANCE.EvtClose(queryHandle);
}
if (contextHandle != null) {
Wevtapi.INSTANCE.EvtClose(contextHandle);
}
}
// =========== Test accessing binary data and empty value ================
queryHandle = null;
contextHandle = null;
testEvtx = new File(getClass().getResource("/res/WevtapiTest.sample2.evtx").toURI());
try {
queryHandle = Wevtapi.INSTANCE.EvtQuery(null, testEvtx.getPath(), null, Winevt.EVT_QUERY_FLAGS.EvtQueryFilePath);
String[] targets = { "Event/EventData/Binary", "Event/System/Correlation" };
contextHandle = Wevtapi.INSTANCE.EvtCreateRenderContext(targets.length, targets, Winevt.EVT_RENDER_CONTEXT_FLAGS.EvtRenderContextValues);
int read = 0;
int eventArraySize = 1;
int evtNextTimeout = 1000;
EVT_HANDLE[] eventArray = new EVT_HANDLE[eventArraySize];
IntByReference returned = new IntByReference();
while (Wevtapi.INSTANCE.EvtNext(queryHandle, eventArraySize, eventArray, evtNextTimeout, 0, returned)) {
Memory buff;
IntByReference propertyCount = new IntByReference();
Winevt.EVT_VARIANT evtVariant = new Winevt.EVT_VARIANT();
for (int i = 0; i < returned.getValue(); i++) {
read++;
buff = WevtapiUtil.EvtRender(contextHandle, eventArray[i], Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues, propertyCount);
assertThat("PropertyCount", propertyCount.getValue(), is(2));
useMemory(evtVariant, buff, 0);
assertThat("Binary", (byte[]) evtVariant.getValue(), is(new byte[] { (byte) 0xD9, (byte) 0x06, 0, 0 }));
useMemory(evtVariant, buff, 1);
assertThat("Correlation", evtVariant.getValue(), nullValue());
}
}
assertThat(read, is(1));
} finally {
// test EvtClose
if (queryHandle != null) {
Wevtapi.INSTANCE.EvtClose(queryHandle);
}
if (contextHandle != null) {
Wevtapi.INSTANCE.EvtClose(contextHandle);
}
}
// =========== Test accessing GUID + SID data ================
queryHandle = null;
contextHandle = null;
testEvtx = new File(getClass().getResource("/res/WevtapiTest.sample3.evtx").toURI());
try {
queryHandle = Wevtapi.INSTANCE.EvtQuery(null, testEvtx.getPath(), null, Winevt.EVT_QUERY_FLAGS.EvtQueryFilePath);
String[] targets = { "Event/System/Security/@UserID", "Event/System/Provider/@Guid" };
contextHandle = Wevtapi.INSTANCE.EvtCreateRenderContext(targets.length, targets, Winevt.EVT_RENDER_CONTEXT_FLAGS.EvtRenderContextValues);
int read = 0;
int eventArraySize = 1;
int evtNextTimeout = 1000;
EVT_HANDLE[] eventArray = new EVT_HANDLE[eventArraySize];
IntByReference returned = new IntByReference();
while (Wevtapi.INSTANCE.EvtNext(queryHandle, eventArraySize, eventArray, evtNextTimeout, 0, returned)) {
Memory buff;
IntByReference propertyCount = new IntByReference();
Winevt.EVT_VARIANT evtVariant = new Winevt.EVT_VARIANT();
for (int i = 0; i < returned.getValue(); i++) {
read++;
buff = WevtapiUtil.EvtRender(contextHandle, eventArray[i], Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues, propertyCount);
assertThat("PropertyCount", propertyCount.getValue(), is(2));
useMemory(evtVariant, buff, 0);
assertThat("Security#UserID", ((WinNT.PSID) evtVariant.getValue()).getSidString(), is("S-1-5-21-3178902164-3053647283-518304804-1001"));
useMemory(evtVariant, buff, 1);
assertThat("Provider#GUID", ((Guid.GUID) evtVariant.getValue()).toGuidString(), is("{B0AA8734-56F7-41CC-B2F4-DE228E98B946}"));
}
}
assertThat(read, is(1));
} finally {
// test EvtClose
if (queryHandle != null) {
Wevtapi.INSTANCE.EvtClose(queryHandle);
}
if (contextHandle != null) {
Wevtapi.INSTANCE.EvtClose(contextHandle);
}
}
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
Memory(com.sun.jna.Memory)
Date(java.util.Date)
EVT_HANDLE(com.sun.jna.platform.win32.Winevt.EVT_HANDLE)
File(java.io.File)
SimpleDateFormat(java.text.SimpleDateFormat)
Example 2 with SYSTEMTIME
use of com.sun.jna.platform.win32.WinBase.SYSTEMTIME in project jna by java-native-access.
the class WinBaseTest method testCalendarToSystemTimeConversion.
public void testCalendarToSystemTimeConversion() {
Calendar expected = Calendar.getInstance();
SYSTEMTIME sysTime = new SYSTEMTIME();
sysTime.fromCalendar(expected);
assertEquals("Mismatched systime year", expected.get(Calendar.YEAR), sysTime.wYear);
assertEquals("Mismatched systime month", (1 + expected.get(Calendar.MONTH) - Calendar.JANUARY), sysTime.wMonth);
assertEquals("Mismatched systime day", expected.get(Calendar.DAY_OF_MONTH), sysTime.wDay);
assertEquals("Mismatched systime weekday", expected.get(Calendar.DAY_OF_WEEK) - Calendar.SUNDAY, sysTime.wDayOfWeek);
assertEquals("Mismatched systime hour", expected.get(Calendar.HOUR_OF_DAY), sysTime.wHour);
assertEquals("Mismatched systime minute", expected.get(Calendar.MINUTE), sysTime.wMinute);
assertEquals("Mismatched systime second", expected.get(Calendar.SECOND), sysTime.wSecond);
// NOTE: we do not check millis due to clock granularity issues
Calendar actual = sysTime.toCalendar();
assertEquals("Mismatched calendar year", sysTime.wYear, actual.get(Calendar.YEAR));
assertEquals("Mismatched calendar month", Calendar.JANUARY + (sysTime.wMonth - 1), actual.get(Calendar.MONTH));
assertEquals("Mismatched calendar day", sysTime.wDay, actual.get(Calendar.DAY_OF_MONTH));
assertEquals("Mismatched calendar weekday", sysTime.wDayOfWeek, actual.get(Calendar.DAY_OF_WEEK) - Calendar.SUNDAY);
assertEquals("Mismatched calendar hour", sysTime.wHour, actual.get(Calendar.HOUR_OF_DAY));
assertEquals("Mismatched calendar minute", sysTime.wMinute, actual.get(Calendar.MINUTE));
assertEquals("Mismatched calendar second", sysTime.wSecond, actual.get(Calendar.SECOND));
// NOTE: we do not check millis due to clock granularity issues
assertEquals("Mismatched reconstructed year", expected.get(Calendar.YEAR), actual.get(Calendar.YEAR));
assertEquals("Mismatched reconstructed month", expected.get(Calendar.MONTH), actual.get(Calendar.MONTH));
assertEquals("Mismatched reconstructed day", expected.get(Calendar.DAY_OF_MONTH), actual.get(Calendar.DAY_OF_MONTH));
assertEquals("Mismatched reconstructed weekday", expected.get(Calendar.DAY_OF_WEEK), actual.get(Calendar.DAY_OF_WEEK));
assertEquals("Mismatched reconstructed hour", expected.get(Calendar.HOUR_OF_DAY), actual.get(Calendar.HOUR_OF_DAY));
assertEquals("Mismatched reconstructed minute", expected.get(Calendar.MINUTE), actual.get(Calendar.MINUTE));
assertEquals("Mismatched reconstructed second", expected.get(Calendar.SECOND), actual.get(Calendar.SECOND));
// NOTE: we do not check millis due to clock granularity issues
}
Also used :
SYSTEMTIME(com.sun.jna.platform.win32.WinBase.SYSTEMTIME)
Calendar(java.util.Calendar)
Example 3 with SYSTEMTIME
use of com.sun.jna.platform.win32.WinBase.SYSTEMTIME in project jna by java-native-access.
the class VariantTest method testVariantDate.
public void testVariantDate() {
SYSTEMTIME lpSystemTime = new SYSTEMTIME();
Kernel32.INSTANCE.GetLocalTime(lpSystemTime);
DoubleByReference pvtime = new DoubleByReference();
OleAuto.INSTANCE.SystemTimeToVariantTime(lpSystemTime, pvtime);
VARIANT variantDate = new VARIANT(new DATE(pvtime.getValue()));
}
Also used :
DoubleByReference(com.sun.jna.ptr.DoubleByReference)
DATE(com.sun.jna.platform.win32.OaIdl.DATE)
SYSTEMTIME(com.sun.jna.platform.win32.WinBase.SYSTEMTIME)
VARIANT(com.sun.jna.platform.win32.Variant.VARIANT)
Example 4 with SYSTEMTIME
use of com.sun.jna.platform.win32.WinBase.SYSTEMTIME in project jna by java-native-access.
the class Kernel32Test method testFileTimeFromLargeInteger.
/**
* Test FILETIME's LARGE_INTEGER constructor
* @throws IOException
*/
public final void testFileTimeFromLargeInteger() throws IOException {
File tmp = File.createTempFile("testGetFileInformationByHandleEx", "jna");
tmp.deleteOnExit();
HANDLE hFile = Kernel32.INSTANCE.CreateFile(tmp.getAbsolutePath(), WinNT.GENERIC_WRITE, WinNT.FILE_SHARE_WRITE, new WinBase.SECURITY_ATTRIBUTES(), WinNT.OPEN_EXISTING, WinNT.FILE_ATTRIBUTE_NORMAL, null);
assertFalse(WinBase.INVALID_HANDLE_VALUE.equals(hFile));
try {
Memory p = new Memory(FILE_BASIC_INFO.sizeOf());
if (false == Kernel32.INSTANCE.GetFileInformationByHandleEx(hFile, WinBase.FileBasicInfo, p, new DWORD(p.size()))) {
fail("GetFileInformationByHandleEx failed with " + Kernel32.INSTANCE.GetLastError());
}
FILE_BASIC_INFO fbi = new FILE_BASIC_INFO(p);
FILETIME ft = new FILETIME(fbi.LastWriteTime);
SYSTEMTIME stUTC = new SYSTEMTIME();
SYSTEMTIME stLocal = new SYSTEMTIME();
Kernel32.INSTANCE.FileTimeToSystemTime(ft, stUTC);
// Covert to local
Kernel32.INSTANCE.SystemTimeToTzSpecificLocalTime(null, stUTC, stLocal);
FileTime calculatedCreateTime = FileTime.fromMillis(stLocal.toCalendar().getTimeInMillis());
// Actual file's createTime
FileTime createTime = Files.getLastModifiedTime(Paths.get(tmp.getAbsolutePath()));
assertEquals(createTime.toMillis(), calculatedCreateTime.toMillis());
} finally {
Kernel32.INSTANCE.CloseHandle(hFile);
}
}
Also used :
FILETIME(com.sun.jna.platform.win32.WinBase.FILETIME)
Memory(com.sun.jna.Memory)
SYSTEMTIME(com.sun.jna.platform.win32.WinBase.SYSTEMTIME)
DWORD(com.sun.jna.platform.win32.WinDef.DWORD)
FileTime(java.nio.file.attribute.FileTime)
File(java.io.File)
HANDLE(com.sun.jna.platform.win32.WinNT.HANDLE)
FILE_BASIC_INFO(com.sun.jna.platform.win32.WinBase.FILE_BASIC_INFO)
Example 5 with SYSTEMTIME
use of com.sun.jna.platform.win32.WinBase.SYSTEMTIME in project jna by java-native-access.
the class Kernel32Test method testSystemTimeToFileTimeAndFileTimeToSystemTime.
/**
* Test both SystemTimeToFileTime and FileTimeToSystemTime
* @throws IOException
*/
public final void testSystemTimeToFileTimeAndFileTimeToSystemTime() throws IOException {
WinBase.SYSTEMTIME systemTime = new WinBase.SYSTEMTIME();
Kernel32.INSTANCE.GetSystemTime(systemTime);
WinBase.FILETIME fileTime = new WinBase.FILETIME();
if (false == Kernel32.INSTANCE.SystemTimeToFileTime(systemTime, fileTime)) {
fail("SystemTimeToFileTime failed with " + Kernel32.INSTANCE.GetLastError());
}
WinBase.SYSTEMTIME newSystemTime = new WinBase.SYSTEMTIME();
if (false == Kernel32.INSTANCE.FileTimeToSystemTime(fileTime, newSystemTime)) {
fail("FileTimeToSystemTime failed with " + Kernel32.INSTANCE.GetLastError());
}
assertEquals(systemTime.wYear, newSystemTime.wYear);
assertEquals(systemTime.wDay, newSystemTime.wDay);
assertEquals(systemTime.wMonth, newSystemTime.wMonth);
assertEquals(systemTime.wHour, newSystemTime.wHour);
assertEquals(systemTime.wMinute, newSystemTime.wMinute);
assertEquals(systemTime.wSecond, newSystemTime.wSecond);
assertEquals(systemTime.wMilliseconds, newSystemTime.wMilliseconds);
}
Also used :
SYSTEMTIME(com.sun.jna.platform.win32.WinBase.SYSTEMTIME)
FILETIME(com.sun.jna.platform.win32.WinBase.FILETIME)
SYSTEMTIME(com.sun.jna.platform.win32.WinBase.SYSTEMTIME)
FILETIME(com.sun.jna.platform.win32.WinBase.FILETIME)
Aggregations
SYSTEMTIME (com.sun.jna.platform.win32.WinBase.SYSTEMTIME)4
Memory (com.sun.jna.Memory)2
FILETIME (com.sun.jna.platform.win32.WinBase.FILETIME)2
File (java.io.File)2
DATE (com.sun.jna.platform.win32.OaIdl.DATE)1
VARIANT (com.sun.jna.platform.win32.Variant.VARIANT)1
FILE_BASIC_INFO (com.sun.jna.platform.win32.WinBase.FILE_BASIC_INFO)1
DWORD (com.sun.jna.platform.win32.WinDef.DWORD)1
HANDLE (com.sun.jna.platform.win32.WinNT.HANDLE)1
EVT_HANDLE (com.sun.jna.platform.win32.Winevt.EVT_HANDLE)1
DoubleByReference (com.sun.jna.ptr.DoubleByReference)1
IntByReference (com.sun.jna.ptr.IntByReference)1
FileTime (java.nio.file.attribute.FileTime)1
SimpleDateFormat (java.text.SimpleDateFormat)1
Calendar (java.util.Calendar)1
Date (java.util.Date)1
