def read(flags = nil, offset = 0)
buf = 0.chr * BUFFER_SIZE
size = buf.size
read = [0].pack('L')
needed = [0].pack('L')
array = []
lkey = HKEY_LOCAL_MACHINE
unless flags
flags = FORWARDS_READ | SEQUENTIAL_READ
end
if @server
hkey = [0].pack('L')
if RegConnectRegistry(@server, HKEY_LOCAL_MACHINE, hkey) != 0
raise Error, get_last_error
end
lkey = hkey.unpack('L').first
end
while ReadEventLog(@handle, flags, offset, buf, size, read, needed) ||
GetLastError() == ERROR_INSUFFICIENT_BUFFER
if GetLastError() == ERROR_INSUFFICIENT_BUFFER
buf += 0.chr * needed.unpack('L')[0]
ReadEventLog(@handle, flags, offset, buf, size, read, needed)
end
dwread = read.unpack('L')[0]
while dwread > 0
struct = EventLogStruct.new
event_source = buf[56..-1].nstrip
computer = buf[56 + event_source.length + 1..-1].nstrip
user = get_user(buf)
strings, desc = get_description(buf, event_source, lkey)
struct.source = event_source
struct.computer = computer
struct.record_number = buf[8,4].unpack('L')[0]
struct.time_generated = Time.at(buf[12,4].unpack('L')[0])
struct.time_written = Time.at(buf[16,4].unpack('L')[0])
struct.event_id = buf[20,4].unpack('L')[0] & 0x0000FFFF
struct.event_type = get_event_type(buf[24,2].unpack('S')[0])
struct.user = user
struct.category = buf[28,2].unpack('S')[0]
struct.string_inserts = strings
struct.description = desc
if block_given?
yield struct
else
array.push(struct)
end
if flags & EVENTLOG_BACKWARDS_READ > 0
offset = buf[8,4].unpack('L')[0] - 1
else
offset = buf[8,4].unpack('L')[0] + 1
end
length = buf[0,4].unpack('L')[0]
dwread -= length
buf = buf[length..-1]
end
buf = 0.chr * BUFFER_SIZE
read = [0].pack('L')
end
block_given? ? nil : array
end