win32utils devel - Jan 2006 - [Fwd: [win32utils-help][6822] Eventlog problem]

Dang, I thought we solved this.

Any ideas?

Dan

PS - I realized after reading this I forgot to bump the version number 
for 0.3.3 - I''ve uploaded a new zip file with the correct version
number.
-------------- next part --------------
An embedded message was scrubbed...
From: alain Fioretti <noreply at rubyforge.org>
Subject: [win32utils-help][6822] Eventlog problem
Date: Thu, 5 Jan 2006 09:02:42 +0100
Size: 3660
Url:
http://rubyforge.org/pipermail/win32utils-devel/attachments/20060105/cfdbb6eb/win32utils-help6822Eventlogproblem.eml

Hi,
----- Original Message ----- 
From: "Daniel Berger" <djberg96 at gmail.com>
To: "Development and ideas for win32utils projects" 
<win32utils-devel at rubyforge.org>
Sent: Thursday, January 05, 2006 11:53 PM
Subject: [Win32utils-devel] [Fwd: [win32utils-help][6822] Eventlog problem]

> Dang, I thought we solved this.
>
> Any ideas?
>
It seems another bug.
I cannot reproduce same problem.
Could you send me a crashed event log backup file?
> PS - I realized after reading this I forgot to bump the version number
> for 0.3.3 - I''ve uploaded a new zip file with the correct version
number.
>
BTW, I found a bug in open_backup method.
It often raised segmentation fault when reading backup event log file.
The eventlog_open_backup function in eventlog.c should be modified like 
this:
===========================================static VALUE eventlog_open_backup(int
argc, VALUE* argv, VALUE klass){
  TCHAR* lpFileName;
   TCHAR* lpSourceName;
   TCHAR* lpUNCServerName;
   VALUE v_file_name, v_source_name, v_server_name, self;
   ELS* ptr;

   self = eventlog_allocate(klass);
   Data_Get_Struct(self, ELS, ptr);
   rb_scan_args(argc, argv, "12", &v_file_name,
&v_source_name,
&v_server_name);
   lpFileName = TEXT(StringValuePtr(v_file_name));
   if(NIL_P(v_source_name))
      v_source_name = rb_str_new2("Application");

   lpSourceName = TEXT(StringValuePtr(v_source_name));
   if(NIL_P(v_server_name))
      lpUNCServerName = NULL;
   else
      lpUNCServerName = TEXT(StringValuePtr(v_server_name));
   ptr->hEventLog = OpenBackupEventLog(
      lpUNCServerName,
      lpFileName
   );
   if(!ptr->hEventLog){
      sprintf(error, "OpenBackupEventLog() call failed: %s",
            ErrorDescription(GetLastError()));
      rb_raise(rb_eArgError,error);
   }

   rb_iv_set(self, "@file", v_file_name);
   rb_iv_set(self, "@source", v_source_name);
   rb_iv_set(self, "@server", v_server_name);

   return self;
}
==================================================================
Regards,
Park Heesob

Park Heesob wrote:
>Hi,
>----- Original Message ----- 
>From: "Daniel Berger" <djberg96 at gmail.com>
>To: "Development and ideas for win32utils projects" 
><win32utils-devel at rubyforge.org>
>Sent: Thursday, January 05, 2006 11:53 PM
>Subject: [Win32utils-devel] [Fwd: [win32utils-help][6822] Eventlog problem]
>
>
>  
>
>>Dang, I thought we solved this.
>>
>>Any ideas?
>>
>>    
>>
>It seems another bug.
>I cannot reproduce same problem.
>Could you send me a crashed event log backup file?
>
>  
>
>>PS - I realized after reading this I forgot to bump the version number
>>for 0.3.3 - I''ve uploaded a new zip file with the correct
version number.
>>
>>    
>>
>BTW, I found a bug in open_backup method.
>It often raised segmentation fault when reading backup event log file.
>The eventlog_open_backup function in eventlog.c should be modified like 
>this:
>
>  
>
Although you are correct that the first argument to open_backup should 
be mandatory, that''s not the problem.  I went back and figured out that
something broke between 0.2.4 and 0.2.5 (and I''m probably the one that 
broke it, sorry).  I''ve made both 0.2.4 and 0.2.5 public again, so you 
can download them from the project page and try to figure out what I 
screwed up.

Attached is the log file causing the problem.

Dan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: System.bak
Type: application/octet-stream
Size: 269012 bytes
Desc: not available
Url :
http://rubyforge.org/pipermail/win32utils-devel/attachments/20060107/4fd26667/System-0001.obj

Hi,
On Sat, 07 Jan 2006 07:38:09 -0700, Daniel Berger wrote
> Park Heesob wrote:
> 
> >Hi,
> >----- Original Message ----- 
> >From: "Daniel Berger" <djberg96 at gmail.com>
> >To: "Development and ideas for win32utils projects" 
> ><win32utils-devel at rubyforge.org>
> >Sent: Thursday, January 05, 2006 11:53 PM
> >Subject: [Win32utils-devel] [Fwd: [win32utils-help][6822] Eventlog
problem]
> >
> >
> >  
> >
> >>Dang, I thought we solved this.
> >>
> >>Any ideas?
> >>
> >>    
> >>
> >It seems another bug.
> >I cannot reproduce same problem.
> >Could you send me a crashed event log backup file?
> >
> >  
> >
> >>PS - I realized after reading this I forgot to bump the version
number
> >>for 0.3.3 - I''ve uploaded a new zip file with the correct
version number.
> >>
> >>    
> >>
> >BTW, I found a bug in open_backup method.
> >It often raised segmentation fault when reading backup event log file.
> >The eventlog_open_backup function in eventlog.c should be modified like
> >this:
> >
> >  
> >
> Although you are correct that the first argument to open_backup should 
> be mandatory, that''s not the problem.  I went back and figured out
that
> something broke between 0.2.4 and 0.2.5 (and I''m probably the one
that
> broke it, sorry).  I''ve made both 0.2.4 and 0.2.5 public again, so
you
> can download them from the project page and try to figure out what I 
> screwed up.
> 
On open_back, the problem is not the first argument, but the second argument. it
is related with
eventlog_iread function. it uses @source variable. 
> Attached is the log file causing the problem.
> 
Did you try that event log file on your pc?
In my pc, it is not causing any problem with my modified version.
It seems a normal eventlog file.


Regards,

Park Heesob

Park Heesob wrote:
>Hi,
>On Sat, 07 Jan 2006 07:38:09 -0700, Daniel Berger wrote
>  
>
>>Park Heesob wrote:
>>
>>    
>>
>>>Hi,
>>>----- Original Message ----- 
>>>From: "Daniel Berger" <djberg96 at gmail.com>
>>>To: "Development and ideas for win32utils projects" 
>>><win32utils-devel at rubyforge.org>
>>>Sent: Thursday, January 05, 2006 11:53 PM
>>>Subject: [Win32utils-devel] [Fwd: [win32utils-help][6822] Eventlog
problem]
>>>
>>>
>>> 
>>>
>>>      
>>>
>>>>Dang, I thought we solved this.
>>>>
>>>>Any ideas?
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>It seems another bug.
>>>I cannot reproduce same problem.
>>>Could you send me a crashed event log backup file?
>>>
>>> 
>>>
>>>      
>>>
>>>>PS - I realized after reading this I forgot to bump the version
number
>>>>for 0.3.3 - I''ve uploaded a new zip file with the
correct version number.
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>BTW, I found a bug in open_backup method.
>>>It often raised segmentation fault when reading backup event log
file.
>>>The eventlog_open_backup function in eventlog.c should be modified
like
>>>this:
>>>
>>> 
>>>
>>>      
>>>
>>Although you are correct that the first argument to open_backup should 
>>be mandatory, that''s not the problem.  I went back and figured
out that
>>something broke between 0.2.4 and 0.2.5 (and I''m probably the
one that
>>broke it, sorry).  I''ve made both 0.2.4 and 0.2.5 public again,
so you
>>can download them from the project page and try to figure out what I 
>>screwed up.
>>
>>    
>>
>On open_back, the problem is not the first argument, but the second
argument. it is related with
>eventlog_iread function. it uses @source variable. 
>
>  
>
>>Attached is the log file causing the problem.
>>
>>    
>>
>Did you try that event log file on your pc?
>In my pc, it is not causing any problem with my modified version.
>It seems a normal eventlog file.
>
>
>Regards,
>
>Park Heesob
>  
>
No, it didn''t work for me.  It looks more like a problem with the 
allocation scheme, i.e calling eventlog_allocate() directly.  That''s 
what changed from 0.2.4 to 0.2.5.  It doesn''t look like instance 
variables set in open_backup are getting set properly.  When I try to 
print out @source in eventlog_iread, it''s null, and I don''t
know why.
I''m actually confused in general by what the proper way to instantiate 
an object is on the C side now, since there are now about 6 different 
approaches one could take, and I don''t know what the best one is.

I''ll have to find a way to add tests for this into the tc_eventlog.rb 
test case, though I had problems making it work last time.

I''ll keep hammering at it.

Dan

Hi,
On Sat, 07 Jan 2006 11:37:11 -0700, Daniel Berger wrote
> 
> No, it didn''t work for me.  It looks more like a problem with the 
> allocation scheme, i.e calling eventlog_allocate() directly. 
That''s
> what changed from 0.2.4 to 0.2.5.  It doesn''t look like instance 
> variables set in open_backup are getting set properly.  When I try to 
> print out @source in eventlog_iread, it''s null, and I
don''t know why.
> I''m actually confused in general by what the proper way to
instantiate
> an object is on the C side now, since there are now about 6 different 
> approaches one could take, and I don''t know what the best one is.
> 
> I''ll have to find a way to add tests for this into the
tc_eventlog.rb
> test case, though I had problems making it work last time.
> 
> I''ll keep hammering at it.
> 
If your @source is null, it''s because you omitted it.

You must specify source like this:
e = EventLog.open_backup("c:\\system.bak","System")

Regards,

Park Heesob

Park Heesob wrote:
>Hi,
>On Sat, 07 Jan 2006 11:37:11 -0700, Daniel Berger wrote
>  
>
>>No, it didn''t work for me.  It looks more like a problem with
the
>>allocation scheme, i.e calling eventlog_allocate() directly. 
That''s
>>what changed from 0.2.4 to 0.2.5.  It doesn''t look like
instance
>>variables set in open_backup are getting set properly.  When I try to 
>>print out @source in eventlog_iread, it''s null, and I
don''t know why.
>>I''m actually confused in general by what the proper way to
instantiate
>>an object is on the C side now, since there are now about 6 different 
>>approaches one could take, and I don''t know what the best one
is.
>>
>>I''ll have to find a way to add tests for this into the
tc_eventlog.rb
>>test case, though I had problems making it work last time.
>>
>>I''ll keep hammering at it.
>>
>>    
>>
>If your @source is null, it''s because you omitted it.
>
>You must specify source like this:
>e = EventLog.open_backup("c:\\system.bak","System")
>
>Regards,
>
>Park Heesob
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>win32utils-devel mailing list
>win32utils-devel at rubyforge.org
>http://rubyforge.org/mailman/listinfo/win32utils-devel
>  
>
I finally narrowed the segfault down to this in the GetDescription 
method in eventlog.h:

if(NIL_P(value)){
      value = rb_str_new2("The description for Event ID cannot be 
found.\r\n\
         The following information is part of the event:\r\n");
      if(NIL_P(va_list[0])) /* BOOM */
         rb_str_cat(value, "Event LogFile Corrupted",
           strlen("Event LogFile Corrupted"));
       else
             rb_str_cat(value, va_list[0], strlen(va_list[0]));
   }

So, to prevent a segfault that line should be changed to:

if(!va_list[0]))

On a side note, it appears that I can''t even open this file using the 
GUI tool - it says "select a type for this log".

So, is the solution then to allow the user to set the log type 
("Application", "Security", etc"), and default to
"Application"?  Is
that what you''ve been saying all along and I''m just thick?

Well, if anything, at least I was able to narrow down the segfault. :)

Regards,

Dan

Park Heesob wrote:
>Hi,
>On Sat, 07 Jan 2006 11:37:11 -0700, Daniel Berger wrote
>  
>
>>No, it didn''t work for me.  It looks more like a problem with
the
>>allocation scheme, i.e calling eventlog_allocate() directly. 
That''s
>>what changed from 0.2.4 to 0.2.5.  It doesn''t look like
instance
>>variables set in open_backup are getting set properly.  When I try to 
>>print out @source in eventlog_iread, it''s null, and I
don''t know why.
>>I''m actually confused in general by what the proper way to
instantiate
>>an object is on the C side now, since there are now about 6 different 
>>approaches one could take, and I don''t know what the best one
is.
>>
>>I''ll have to find a way to add tests for this into the
tc_eventlog.rb
>>test case, though I had problems making it work last time.
>>
>>I''ll keep hammering at it.
>>
>>    
>>
>If your @source is null, it''s because you omitted it.
>
>You must specify source like this:
>e = EventLog.open_backup("c:\\system.bak","System")
>
>Regards,
>
>Park Heesob
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>win32utils-devel mailing list
>win32utils-devel at rubyforge.org
>http://rubyforge.org/mailman/listinfo/win32utils-devel
>  
>
Ok, nevermind all my thrashing about - everything''s fixed in CVS, I 
added some more tests, and I should have a release out shortly.

Dan