Example 6 with EVT_HANDLE
use of com.sun.jna.platform.win32.Winevt.EVT_HANDLE in project jna by java-native-access.
the class WevtapiTest method testEvtGetQueryInfo.
public void testEvtGetQueryInfo() throws Exception {
EVT_HANDLE queryHandle = null;
try {
queryHandle = Wevtapi.INSTANCE.EvtQuery(null, "Application", null, Winevt.EVT_QUERY_FLAGS.EvtQueryChannelPath);
Memory buff = new Memory(1024);
IntByReference bufferUsed = new IntByReference();
if (!Wevtapi.INSTANCE.EvtGetQueryInfo(queryHandle, Winevt.EVT_QUERY_PROPERTY_ID.EvtQueryNames, (int) buff.size(), buff, bufferUsed)) {
if (Kernel32.INSTANCE.GetLastError() == WinError.ERROR_INSUFFICIENT_BUFFER) {
buff = new Memory(bufferUsed.getValue());
if (!Wevtapi.INSTANCE.EvtGetQueryInfo(queryHandle, Winevt.EVT_QUERY_PROPERTY_ID.EvtQueryNames, (int) buff.size(), buff, bufferUsed)) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
}
}
Winevt.EVT_VARIANT evtVariant = new Winevt.EVT_VARIANT(buff.share(0));
evtVariant.readField("Type");
StringBuilder sb = new StringBuilder();
evtVariant.readField("Count");
int count = evtVariant.Count;
useMemory(evtVariant, buff, 0);
String[] queryNames = (String[]) evtVariant.getValue();
for (int i = 0; i < count; i++) {
sb.append(queryNames[i]);
}
assertThat(sb.toString(), is("Application"));
} finally {
if (queryHandle != null) {
Wevtapi.INSTANCE.EvtClose(queryHandle);
}
}
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
EVT_HANDLE(com.sun.jna.platform.win32.Winevt.EVT_HANDLE)
Memory(com.sun.jna.Memory)
Example 7 with EVT_HANDLE
use of com.sun.jna.platform.win32.Winevt.EVT_HANDLE in project jna by java-native-access.
the class WevtapiUtil method EvtGetChannelConfigProperty.
/**
* Gets the specified channel configuration property.
*
* @param channelHandle [in] A handle to the channel's configuration properties that
* the {@link Wevtapi#EvtOpenChannelConfig} function returns.
* @param propertyId [in] The identifier of the channel property to retrieve. For a list of property
* identifiers, see the {@link Winevt.EVT_CHANNEL_CONFIG_PROPERTY_ID} enumeration.
* @return EVT_VARIANT(already reading from native memory)
*/
public static EVT_VARIANT EvtGetChannelConfigProperty(EVT_HANDLE channelHandle, int propertyId) {
IntByReference propertyValueBufferUsed = new IntByReference();
boolean result = Wevtapi.INSTANCE.EvtGetChannelConfigProperty(channelHandle, propertyId, 0, 0, null, propertyValueBufferUsed);
int errorCode = Kernel32.INSTANCE.GetLastError();
if ((!result) && errorCode != Kernel32.ERROR_INSUFFICIENT_BUFFER) {
throw new Win32Exception(errorCode);
}
Memory propertyValueBuffer = new Memory(propertyValueBufferUsed.getValue());
result = Wevtapi.INSTANCE.EvtGetChannelConfigProperty(channelHandle, propertyId, 0, (int) propertyValueBuffer.size(), propertyValueBuffer, propertyValueBufferUsed);
if (!result) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
EVT_VARIANT resultEvt = new EVT_VARIANT(propertyValueBuffer);
resultEvt.read();
return resultEvt;
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
EVT_VARIANT(com.sun.jna.platform.win32.Winevt.EVT_VARIANT)
Memory(com.sun.jna.Memory)
Example 8 with EVT_HANDLE
use of com.sun.jna.platform.win32.Winevt.EVT_HANDLE in project jna by java-native-access.
the class WevtapiTest method testEvtCreateBookmark.
public void testEvtCreateBookmark() throws Exception {
EVT_HANDLE queryHandle = null;
EVT_HANDLE contextHandle = null;
File testEvtx = new File(getClass().getResource("/res/WevtapiTest.sample1.evtx").toURI());
StringBuilder sb = new StringBuilder();
try {
queryHandle = Wevtapi.INSTANCE.EvtQuery(null, testEvtx.getPath(), null, Winevt.EVT_QUERY_FLAGS.EvtQueryFilePath);
// test EvtCreateBookmark
EVT_HANDLE hBookmark = Wevtapi.INSTANCE.EvtCreateBookmark("<BookmarkList><Bookmark Channel='" + testEvtx.getAbsolutePath() + "' RecordId='" + 11 + "' IsCurrent='true'/></BookmarkList>");
if (hBookmark == null) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
// test EvtSeek
if (!Wevtapi.INSTANCE.EvtSeek(queryHandle, 0L, hBookmark, 0, Winevt.EVT_SEEK_FLAGS.EvtSeekRelativeToBookmark)) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
String[] targets = { "Event/System/EventRecordID" };
contextHandle = Wevtapi.INSTANCE.EvtCreateRenderContext(targets.length, targets, Winevt.EVT_RENDER_CONTEXT_FLAGS.EvtRenderContextValues);
int eventArraySize = 10;
int evtNextTimeout = 1000;
int arrayIndex = 1;
Memory buff;
IntByReference propertyCount = new IntByReference();
Winevt.EVT_VARIANT evtVariant = new Winevt.EVT_VARIANT();
EVT_HANDLE[] eventArray = new EVT_HANDLE[eventArraySize];
IntByReference returned = new IntByReference();
while (Wevtapi.INSTANCE.EvtNext(queryHandle, eventArraySize, eventArray, evtNextTimeout, 0, returned)) {
for (int i = 0; i < returned.getValue(); i++) {
EVT_HANDLE evtHandle = eventArray[i];
try {
buff = WevtapiUtil.EvtRender(contextHandle, eventArray[i], Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues, propertyCount);
useMemory(evtVariant, buff, 0);
assertThat("EventRecordID", (Long) evtVariant.getValue(), is((long) arrayIndex * eventArraySize + i + 1));
sb.append(evtVariant.getValue());
// test EvtUpdateBookmark
if (!Wevtapi.INSTANCE.EvtUpdateBookmark(hBookmark, eventArray[i])) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
} finally {
if (eventArray[i] != null) {
Wevtapi.INSTANCE.EvtClose(eventArray[i]);
}
}
}
arrayIndex++;
}
if (Kernel32.INSTANCE.GetLastError() != WinError.ERROR_SUCCESS && Kernel32.INSTANCE.GetLastError() != WinError.ERROR_NO_MORE_ITEMS) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
buff = WevtapiUtil.EvtRender(null, hBookmark, Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark, propertyCount);
assertThat(buff.getWideString(0), is("<BookmarkList>\r\n <Bookmark Channel='" + testEvtx.getAbsolutePath() + "' RecordId='" + 20 + "' IsCurrent='true'/>\r\n</BookmarkList>"));
assertThat(sb.length() > 0, is(true));
} finally {
if (queryHandle != null) {
Wevtapi.INSTANCE.EvtClose(queryHandle);
}
if (contextHandle != null) {
Wevtapi.INSTANCE.EvtClose(contextHandle);
}
}
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
Memory(com.sun.jna.Memory)
EVT_HANDLE(com.sun.jna.platform.win32.Winevt.EVT_HANDLE)
File(java.io.File)
Example 9 with EVT_HANDLE
use of com.sun.jna.platform.win32.Winevt.EVT_HANDLE in project jna by java-native-access.
the class WevtapiTest method _evtGetExtendedStatus.
private String _evtGetExtendedStatus(String query) {
EVT_HANDLE handle = null;
String result;
try {
handle = Wevtapi.INSTANCE.EvtQuery(null, "Application", query, Winevt.EVT_QUERY_FLAGS.EvtQueryChannelPath);
result = WevtapiUtil.EvtGetExtendedStatus();
} finally {
if (handle != null) {
Wevtapi.INSTANCE.EvtClose(handle);
}
}
return result;
}
Also used :
EVT_HANDLE(com.sun.jna.platform.win32.Winevt.EVT_HANDLE)
Example 10 with EVT_HANDLE
use of com.sun.jna.platform.win32.Winevt.EVT_HANDLE in project jna by java-native-access.
the class WevtapiTest method testEvtGetEventInfo.
public void testEvtGetEventInfo() throws Exception {
EVT_HANDLE queryHandle = null;
EVT_HANDLE contextHandle = null;
File testEvtx = new File(getClass().getResource("/res/WevtapiTest.sample1.evtx").toURI());
StringBuilder sb = new StringBuilder();
try {
queryHandle = Wevtapi.INSTANCE.EvtQuery(null, testEvtx.getPath(), null, Winevt.EVT_QUERY_FLAGS.EvtQueryFilePath);
String[] targets = { "Event/System/EventRecordID" };
contextHandle = Wevtapi.INSTANCE.EvtCreateRenderContext(targets.length, targets, Winevt.EVT_RENDER_CONTEXT_FLAGS.EvtRenderContextValues);
int eventArraySize = 10;
int evtNextTimeout = 1000;
Memory buff = new Memory(1024);
Winevt.EVT_VARIANT evtVariant = new Winevt.EVT_VARIANT();
EVT_HANDLE[] eventArray = new EVT_HANDLE[eventArraySize];
IntByReference buffUsed = new IntByReference();
IntByReference returned = new IntByReference();
while (Wevtapi.INSTANCE.EvtNext(queryHandle, eventArraySize, eventArray, evtNextTimeout, 0, returned)) {
for (int i = 0; i < returned.getValue(); i++) {
try {
if (!Wevtapi.INSTANCE.EvtGetEventInfo(eventArray[i], Winevt.EVT_EVENT_PROPERTY_ID.EvtEventPath, (int) buff.size(), buff, buffUsed)) {
if (Kernel32.INSTANCE.GetLastError() == WinError.ERROR_INSUFFICIENT_BUFFER) {
buff = new Memory(buffUsed.getValue());
if (!Wevtapi.INSTANCE.EvtGetEventInfo(eventArray[i], Winevt.EVT_EVENT_PROPERTY_ID.EvtEventPath, (int) buff.size(), buff, buffUsed)) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
}
}
useMemory(evtVariant, buff, 0);
assertThat("Evtx Path", (String) evtVariant.getValue(), is(testEvtx.getAbsolutePath()));
sb.append((String) evtVariant.getValue());
} finally {
if (eventArray[i] != null) {
Wevtapi.INSTANCE.EvtClose(eventArray[i]);
}
}
}
}
if (Kernel32.INSTANCE.GetLastError() != WinError.ERROR_SUCCESS && Kernel32.INSTANCE.GetLastError() != WinError.ERROR_NO_MORE_ITEMS) {
throw new Win32Exception(Kernel32.INSTANCE.GetLastError());
}
assertThat(sb.length() > 0, is(true));
} finally {
if (queryHandle != null) {
Wevtapi.INSTANCE.EvtClose(queryHandle);
}
if (contextHandle != null) {
Wevtapi.INSTANCE.EvtClose(contextHandle);
}
}
}
Also used :
IntByReference(com.sun.jna.ptr.IntByReference)
Memory(com.sun.jna.Memory)
EVT_HANDLE(com.sun.jna.platform.win32.Winevt.EVT_HANDLE)
File(java.io.File)
Aggregations
EVT_HANDLE (com.sun.jna.platform.win32.Winevt.EVT_HANDLE)10
IntByReference (com.sun.jna.ptr.IntByReference)7
Memory (com.sun.jna.Memory)6
File (java.io.File)4
ArrayList (java.util.ArrayList)2
BOOL (com.sun.jna.platform.win32.WinDef.BOOL)1
EVT_VARIANT (com.sun.jna.platform.win32.Winevt.EVT_VARIANT)1
SimpleDateFormat (java.text.SimpleDateFormat)1
Date (java.util.Date)1
