@Override
public synchronized int onEvent(
int evtSubscribeNotifyAction, WinDef.PVOID userContext, WinNT.HANDLE eventHandle) {
if (logger.isDebugEnabled()) {
logger.debug("onEvent(" + evtSubscribeNotifyAction + ", " + userContext + ", " + eventHandle);
}
if (evtSubscribeNotifyAction == WEvtApi.EvtSubscribeNotifyAction.ERROR) {
if (eventHandle.getPointer().getInt(0)
== WEvtApi.EvtSubscribeErrors.ERROR_EVT_QUERY_RESULT_STALE) {
logger.error(MISSING_EVENT_MESSAGE);
} else {
logger.error(RECEIVED_THE_FOLLOWING_WIN32_ERROR + eventHandle.getPointer().getInt(0));
}
} else if (evtSubscribeNotifyAction == WEvtApi.EvtSubscribeNotifyAction.DELIVER) {
wEvtApi.EvtRender(
null, eventHandle, WEvtApi.EvtRenderFlags.EVENT_XML, size, buffer, used, propertyCount);
// Not enough room in buffer, resize so it's big enough
if (kernel32.GetLastError() == W32Errors.ERROR_INSUFFICIENT_BUFFER) {
int newMaxSize = used.getInt(0);
// Check for overflow or too big
if (newMaxSize < size || newMaxSize > maxBufferSize) {
logger.error(
"Dropping event "
+ eventHandle
+ " because it couldn't be rendered within "
+ maxBufferSize
+ " bytes.");
// Ignored, see
// https://msdn.microsoft.com/en-us/library/windows/desktop/aa385577(v=vs.85).aspx
return 0;
}
size = newMaxSize;
buffer = new Memory(size);
wEvtApi.EvtRender(
null, eventHandle, WEvtApi.EvtRenderFlags.EVENT_XML, size, buffer, used, propertyCount);
}
int lastError = kernel32.GetLastError();
if (lastError == W32Errors.ERROR_SUCCESS) {
int usedBytes = used.getInt(0);
String string = Charsets.UTF_16LE.decode(buffer.getByteBuffer(0, usedBytes)).toString();
if (string.endsWith("\u0000")) {
string = string.substring(0, string.length() - 1);
}
consumer.accept(string);
} else {
logger.error(
EVT_RENDER_RETURNED_THE_FOLLOWING_ERROR_CODE + errorLookup.getLastError() + ".");
}
}
// Ignored, see https://msdn.microsoft.com/en-us/library/windows/desktop/aa385577(v=vs.85).aspx
return 0;
}
public static int getWindowsProcessId(Process proc) throws Exception {
if (proc.getClass().getName().equals("java.lang.Win32Process")
|| proc.getClass().getName().equals("java.lang.ProcessImpl")) {
/* determine the pid on windows plattforms */
Field f = proc.getClass().getDeclaredField("handle");
f.setAccessible(true);
long handl = f.getLong(proc);
Kernel32 kernel = Kernel32.INSTANCE;
WinNT.HANDLE handle = new WinNT.HANDLE();
handle.setPointer(Pointer.createConstant(handl));
return kernel.GetProcessId(handle);
}
return 0;
}
/**
* Gets Display Information
*
* @return An array of Display objects representing monitors, etc.
*/
public static Display[] getDisplays() {
List<Display> displays = new ArrayList<>();
Guid.GUID monitorGuid = new Guid.GUID("E6F07B5F-EE97-4a90-B076-33F57BF4EAA7");
WinNT.HANDLE hDevInfo =
SetupApi.INSTANCE.SetupDiGetClassDevs(
monitorGuid, null, null, SetupApi.DIGCF_PRESENT | SetupApi.DIGCF_DEVICEINTERFACE);
if (!hDevInfo.equals(WinNT.INVALID_HANDLE_VALUE)) {
SP_DEVICE_INTERFACE_DATA deviceInterfaceData = new SetupApi.SP_DEVICE_INTERFACE_DATA();
deviceInterfaceData.cbSize = deviceInterfaceData.size();
// build a DevInfo Data structure
SP_DEVINFO_DATA info = new SetupApi.SP_DEVINFO_DATA();
for (int memberIndex = 0;
SetupApi.INSTANCE.SetupDiEnumDeviceInfo(hDevInfo, memberIndex, info);
memberIndex++) {
HKEY key =
SetupApi.INSTANCE.SetupDiOpenDevRegKey(
hDevInfo,
info,
SetupApi.DICS_FLAG_GLOBAL,
0,
SetupApi.DIREG_DEV,
WinNT.KEY_QUERY_VALUE);
byte[] edid = new byte[1];
Advapi32 advapi32 = Advapi32.INSTANCE;
IntByReference pType = new IntByReference();
IntByReference lpcbData = new IntByReference();
if (advapi32.RegQueryValueEx(key, "EDID", 0, pType, edid, lpcbData)
== WinError.ERROR_MORE_DATA) {
edid = new byte[lpcbData.getValue()];
if (advapi32.RegQueryValueEx(key, "EDID", 0, pType, edid, lpcbData)
== WinError.ERROR_SUCCESS) {
Display display = new WindowsDisplay(edid);
displays.add(display);
}
}
Advapi32.INSTANCE.RegCloseKey(key);
}
}
return displays.toArray(new Display[displays.size()]);
}
