noreply at rubyforge.org
2008-Aug-29 12:11 UTC
[Win32utils-devel] [ win32utils-Bugs-21726 ] Description not shown on Win2k3-x64
Bugs item #21726, was opened at 2008-08-29 14:11 You can respond by visiting: http://rubyforge.org/tracker/?func=detail&atid=411&aid=21726&group_id=85 Category: win32-eventlog Group: Code Status: Open Resolution: None Priority: 3 Submitted By: Damjan Rems (ther) Assigned to: Nobody (None) Summary: Description not shown on Win2k3-x64 Initial Comment: I have only one 64bit server so I cannot commit if the same error was also present before or is consistant. Win2k3 R2 Standard x64: #<struct Struct::EventLogStruct record_number=4826, time_generated=Fri Aug 29 13:29:07 +0200 2008, time_written=Fri Aug 29 13:29:07 +0200 2008, event_id=16022, event_type="information", category=16, source="MSExchangeTransport", computer="MYMAIL", user=nil, string_inserts=[], description=""> #<struct Struct::EventLogStruct record_number=4825, time_generated=Fri Aug 29 13:29:07 +0200 2008, time_written=Fri Aug 29 13:29:07 +0200 2008, event_id=16002,event_type="information", category=16, source="MSExchangeTransport", computer="MYMAIL", user=nil, string_inserts=[], description=""> Another machine Win2k3 R2 Standard 32 bit: #<struct Struct::EventLogStruct record_number=489, time_generated=Tue Aug 26 21:42:05 +0200 2008, time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2003, event_type="information", category=16, source="ESENT", computer="MYDC", user=nil,string_inserts=["lsass", "480", "", "4"], description="lsass (480) Shadow copy 4 freeze stopped."> #<struct Struct::EventLogStruct record_number=488, time_generated=Tue Aug 26 21:42:05 +0200 2008, time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2001, event_type="information", category=16, source="ESENT", computer="MYDC", user=nil,string_inserts=["lsass", "480", "", "4"], description="lsass (480) Shadow copy 4 freeze started."> by TheR ---------------------------------------------------------------------- You can respond by visiting: http://rubyforge.org/tracker/?func=detail&atid=411&aid=21726&group_id=85
Berger, Daniel
2008-Sep-02 13:57 UTC
[Win32utils-devel] [ win32utils-Bugs-21726 ] Description not shownon Win2k3-x64
Anyone on the list have access to a 64-bit version of Windows? Dan> -----Original Message----- > From: win32utils-devel-bounces at rubyforge.org > [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of > noreply at rubyforge.org > Sent: Friday, August 29, 2008 6:11 AM > To: noreply at rubyforge.org > Subject: [Win32utils-devel] [ win32utils-Bugs-21726 ] > Description not shownon Win2k3-x64 > > Bugs item #21726, was opened at 2008-08-29 14:11 You can > respond by visiting: > http://rubyforge.org/tracker/?func=detail&atid=411&aid=21726&g > roup_id=85 > > Category: win32-eventlog > Group: Code > Status: Open > Resolution: None > Priority: 3 > Submitted By: Damjan Rems (ther) > Assigned to: Nobody (None) > Summary: Description not shown on Win2k3-x64 > > Initial Comment: > > I have only one 64bit server so I cannot commit if the same > error was also present before or is consistant. > > Win2k3 R2 Standard x64: > #<struct Struct::EventLogStruct record_number=4826, > time_generated=Fri Aug 29 13:29:07 +0200 2008, > time_written=Fri Aug 29 13:29:07 +0200 2008, event_id=16022, > event_type="information", category=16, > source="MSExchangeTransport", computer="MYMAIL", user=nil, > string_inserts=[], description=""> #<struct > Struct::EventLogStruct record_number=4825, time_generated=Fri > Aug 29 13:29:07 +0200 2008, time_written=Fri Aug 29 13:29:07 > +0200 2008, event_id=16002,event_type="information", > category=16, source="MSExchangeTransport", computer="MYMAIL", > user=nil, string_inserts=[], description=""> > > > Another machine > Win2k3 R2 Standard 32 bit: > #<struct Struct::EventLogStruct record_number=489, > time_generated=Tue Aug 26 21:42:05 +0200 2008, > time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2003, > event_type="information", category=16, source="ESENT", > computer="MYDC", user=nil,string_inserts=["lsass", "480", "", > "4"], description="lsass (480) Shadow copy 4 freeze > stopped."> #<struct Struct::EventLogStruct record_number=488, > time_generated=Tue Aug 26 21:42:05 +0200 2008, > time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2001, > event_type="information", category=16, source="ESENT", > computer="MYDC", user=nil,string_inserts=["lsass", "480", "", > "4"], description="lsass (480) Shadow copy 4 freeze started."> > > > by > TheR > > > ---------------------------------------------------------------------- > > You can respond by visiting: > http://rubyforge.org/tracker/?func=detail&atid=411&aid=21726&g > roup_id=85 > _______________________________________________ > win32utils-devel mailing list > win32utils-devel at rubyforge.org > http://rubyforge.org/mailman/listinfo/win32utils-devel >This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
Heesob Park
2008-Sep-04 00:54 UTC
[Win32utils-devel] [ win32utils-Bugs-21726 ] Description not shownon Win2k3-x64
Hi, 2008/9/2 Berger, Daniel <Daniel.Berger at qwest.com>:> Anyone on the list have access to a 64-bit version of Windows? > > DanI have confirmed it on my 64bit Vista Ultimate. I will look into it further to fix the problem. Regards, Park Heesob> >> -----Original Message----- >> From: win32utils-devel-bounces at rubyforge.org >> [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of >> noreply at rubyforge.org >> Sent: Friday, August 29, 2008 6:11 AM >> To: noreply at rubyforge.org >> Subject: [Win32utils-devel] [ win32utils-Bugs-21726 ] >> Description not shownon Win2k3-x64 >> >> Bugs item #21726, was opened at 2008-08-29 14:11 You can >> respond by visiting: >> http://rubyforge.org/tracker/?func=detail&atid=411&aid=21726&g >> roup_id=85 >> >> Category: win32-eventlog >> Group: Code >> Status: Open >> Resolution: None >> Priority: 3 >> Submitted By: Damjan Rems (ther) >> Assigned to: Nobody (None) >> Summary: Description not shown on Win2k3-x64 >> >> Initial Comment: >> >> I have only one 64bit server so I cannot commit if the same >> error was also present before or is consistant. >> >> Win2k3 R2 Standard x64: >> #<struct Struct::EventLogStruct record_number=4826, >> time_generated=Fri Aug 29 13:29:07 +0200 2008, >> time_written=Fri Aug 29 13:29:07 +0200 2008, event_id=16022, >> event_type="information", category=16, >> source="MSExchangeTransport", computer="MYMAIL", user=nil, >> string_inserts=[], description=""> #<struct >> Struct::EventLogStruct record_number=4825, time_generated=Fri >> Aug 29 13:29:07 +0200 2008, time_written=Fri Aug 29 13:29:07 >> +0200 2008, event_id=16002,event_type="information", >> category=16, source="MSExchangeTransport", computer="MYMAIL", >> user=nil, string_inserts=[], description=""> >> >> >> Another machine >> Win2k3 R2 Standard 32 bit: >> #<struct Struct::EventLogStruct record_number=489, >> time_generated=Tue Aug 26 21:42:05 +0200 2008, >> time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2003, >> event_type="information", category=16, source="ESENT", >> computer="MYDC", user=nil,string_inserts=["lsass", "480", "", >> "4"], description="lsass (480) Shadow copy 4 freeze >> stopped."> #<struct Struct::EventLogStruct record_number=488, >> time_generated=Tue Aug 26 21:42:05 +0200 2008, >> time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2001, >> event_type="information", category=16, source="ESENT", >> computer="MYDC", user=nil,string_inserts=["lsass", "480", "", >> "4"], description="lsass (480) Shadow copy 4 freeze started."> >> >> >> by >> TheR >> >>
Park Heesob
2008-Sep-04 14:31 UTC
[Win32utils-devel] [ win32utils-Bugs-21726 ] Description notshownon Win2k3-x64
Hi, ----- Original Message ----- From: "Berger, Daniel" <Daniel.Berger at qwest.com> To: "Development and ideas for win32utils projects" <win32utils-devel at rubyforge.org> Sent: Tuesday, September 02, 2008 10:57 PM Subject: Re: [Win32utils-devel] [ win32utils-Bugs-21726 ] Description notshownon Win2k3-x64> Anyone on the list have access to a 64-bit version of Windows? > > Dan > >> -----Original Message----- >> From: win32utils-devel-bounces at rubyforge.org >> [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of >> noreply at rubyforge.org >> Sent: Friday, August 29, 2008 6:11 AM >> To: noreply at rubyforge.org >> Subject: [Win32utils-devel] [ win32utils-Bugs-21726 ] >> Description not shownon Win2k3-x64 >> >> Bugs item #21726, was opened at 2008-08-29 14:11 You can >> respond by visiting: >> http://rubyforge.org/tracker/?func=detail&atid=411&aid=21726&g >> roup_id=85 >> >> Category: win32-eventlog >> Group: Code >> Status: Open >> Resolution: None >> Priority: 3 >> Submitted By: Damjan Rems (ther) >> Assigned to: Nobody (None) >> Summary: Description not shown on Win2k3-x64 >> >> Initial Comment: >> >> I have only one 64bit server so I cannot commit if the same >> error was also present before or is consistant. >> >> Win2k3 R2 Standard x64: >> #<struct Struct::EventLogStruct record_number=4826, >> time_generated=Fri Aug 29 13:29:07 +0200 2008, >> time_written=Fri Aug 29 13:29:07 +0200 2008, event_id=16022, >> event_type="information", category=16, >> source="MSExchangeTransport", computer="MYMAIL", user=nil, >> string_inserts=[], description=""> #<struct >> Struct::EventLogStruct record_number=4825, time_generated=Fri >> Aug 29 13:29:07 +0200 2008, time_written=Fri Aug 29 13:29:07 >> +0200 2008, event_id=16002,event_type="information", >> category=16, source="MSExchangeTransport", computer="MYMAIL", >> user=nil, string_inserts=[], description=""> >> >> >> Another machine >> Win2k3 R2 Standard 32 bit: >> #<struct Struct::EventLogStruct record_number=489, >> time_generated=Tue Aug 26 21:42:05 +0200 2008, >> time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2003, >> event_type="information", category=16, source="ESENT", >> computer="MYDC", user=nil,string_inserts=["lsass", "480", "", >> "4"], description="lsass (480) Shadow copy 4 freeze >> stopped."> #<struct Struct::EventLogStruct record_number=488, >> time_generated=Tue Aug 26 21:42:05 +0200 2008, >> time_written=Tue Aug 26 21:42:05 +0200 2008, event_id=2001, >> event_type="information", category=16, source="ESENT", >> computer="MYDC", user=nil,string_inserts=["lsass", "480", "", >> "4"], description="lsass (480) Shadow copy 4 freeze started."> >> >> >> by >> TheR >>There are two issues running 32bit application on the 64bit Windows OS. 1. File System Redirector(http://msdn.microsoft.com/en-us/library/aa384187(VS.85).aspx) 2. Loading 64bit dll file with 32bit LoadLibraryEx API. Here is a patched code for get_description: (0x2 is LOAD_LIBRARY_AS_DATAFILE) def get_description(rec, event_source, lkey) begin wow64DisableWow64FsRedirection = API.new(''Wow64DisableWow64FsRedirection'', ''P'', ''B'', ''kernel32'') wow64RevertWow64FsRedirection = API.new(''Wow64RevertWow64FsRedirection'', ''L'', ''B'', ''kernel32'') rescue Win32::API::Error wow64DisableWow64FsRedirection = nil wow64RevertWow64FsRedirection = nil end val = 0.chr * 4 wow64DisableWow64FsRedirection.call(val) if wow64DisableWow64FsRedirection str = rec[rec[36,4].unpack(''L'')[0] .. -1] num = rec[26,2].unpack(''S'')[0] # NumStrings hkey = [0].pack(''L'') key = BASE_KEY + "#{@source}\\#{event_source}" buf = 0.chr * 8192 va_list = va_list0 = (num == 0) ? [] : str.unpack(''Z*'' * num) if RegOpenKeyEx(lkey, key, 0, KEY_READ, hkey) == 0 value = ''ParameterMessageFile'' file = 0.chr * MAX_SIZE hkey = hkey.unpack(''L'')[0] size = [ file.length].pack(''L'') if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0 file = file.nstrip exe = 0.chr * MAX_SIZE ExpandEnvironmentStrings(file, exe, exe.size) exe = exe.nstrip va_list = va_list0.map{ |v| va = v v.scan(/%%(\d+)/).uniq.each{ |x| exe.split('';'').each{ |file| hmodule = LoadLibraryEx( file, 0, DONT_RESOLVE_DLL_REFERENCES|0x2 ) if hmodule != 0 FormatMessage( FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, hmodule, x.first.to_i, 0, buf, buf.size, v ) FreeLibrary(hmodule) break if buf.nstrip != "" end } va = va.gsub("%%#{x.first}", buf.nstrip) } va } end value = ''EventMessageFile'' file = 0.chr * MAX_SIZE size = [file.length].pack(''L'') if RegQueryValueEx(hkey, value, 0, 0, file, size) == 0 file = file.nstrip exe = 0.chr * MAX_SIZE ExpandEnvironmentStrings(file, exe, exe.size) exe = exe.nstrip # Try to retrieve message *without* expanding the inserts yet exe.split('';'').each{ |file| hmodule = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES|0x2) event_id = rec[20,4].unpack(''L'')[0] if hmodule != 0 FormatMessage( FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS, hmodule, event_id, 0, buf, buf.size, nil ) FreeLibrary(hmodule) break if buf.nstrip != "" # All messages read end } buf = 0.chr * 8192 # Reset the buffer # Determine higest %n insert number max_insert = [num,buf.nstrip.scan(/%(\d+)/).map{|x|x[0].to_i}.max].compact.max # Insert dummy strings not provided by caller ((num+1)..(max_insert)).each{ |x| va_list.push("%#{x}") } if num == 0 va_list_ptr = 0.chr * 4 else va_list_ptr = va_list.map{ |x| [x + 0.chr].pack(''P'').unpack(''L'')[0] }.pack(''L*'') end exe.split('';'').each{ |file| hmodule = LoadLibraryEx(file, 0, DONT_RESOLVE_DLL_REFERENCES|0x2) event_id = rec[20,4].unpack(''L'')[0] if hmodule != 0 FormatMessage( FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, hmodule, event_id, 0, buf, buf.size, va_list_ptr ) FreeLibrary(hmodule) break if buf.nstrip != "" # All messages read end } end RegCloseKey(hkey) end wow64RevertWow64FsRedirection.call(val.unpack(''L'')[0]) if wow64RevertWow64FsRedirection [va_list0, buf.strip] end end end Regards, Park Heesob
Berger, Daniel
2008-Sep-04 18:48 UTC
[Win32utils-devel] [ win32utils-Bugs-21726 ] Descriptionnotshownon Win2k3-x64
> -----Original Message----- > From: win32utils-devel-bounces at rubyforge.org > [mailto:win32utils-devel-bounces at rubyforge.org] On Behalf Of > Park Heesob > Sent: Thursday, September 04, 2008 8:31 AM > To: Development and ideas for win32utils projects > Subject: Re: [Win32utils-devel] [ win32utils-Bugs-21726 ] > Descriptionnotshownon Win2k3-x64> > Anyone on the list have access to a 64-bit version of Windows?<snip>> There are two issues running 32bit application on the 64bit > Windows OS. > > 1. File System > Redirector(http://msdn.microsoft.com/en-us/library/aa384187(VS > .85).aspx) > > 2. Loading 64bit dll file with 32bit LoadLibraryEx API. > > Here is a patched code for get_description: > (0x2 is LOAD_LIBRARY_AS_DATAFILE)<snip> Excellent. I''ve committed the changes you made, though I''ve made some minor changes. First, I''ve added Wow64DisableWow64FsRedirection and Wow64RevertWow64FsRedirection to the windows-pr library, and they''ll be included in the 0.9.2 release, and win32-eventlog will now require 0.9.2 or later. Second, I wrapped the whole thing in a begin/ensure clause to make it a little more robust. I updated a few unrelated sections of code to do this as well. Thanks! Dan This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.