From 18da2a2567377fec05cbb5777ab2cac9da52e23d Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hatake@calyptia.com>
Date: Fri, 15 Oct 2021 13:39:25 +0900
Subject: [PATCH 1/2] utils: Support Binary type of string inserts decoding

Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
---
 ext/winevt/winevt_utils.cpp | 39 +++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/ext/winevt/winevt_utils.cpp b/ext/winevt/winevt_utils.cpp
index 0710bb5..badb8c2 100644
--- a/ext/winevt/winevt_utils.cpp
+++ b/ext/winevt/winevt_utils.cpp
@@ -129,6 +129,37 @@ guid_to_wstr(const GUID& guid)
   return s;
 }
 
+static VALUE
+make_displayable_binary_string(PBYTE bin, size_t length)
+{
+  const char *HEX_TABLE = "0123456789ABCDEF";
+  CHAR *buffer;
+  int size = length * 2;
+  size_t i, j;
+  unsigned int idx = 0;
+  VALUE vbuffer;
+
+  if (length == 0) {
+    return rb_str_new2("(NULL)");
+  }
+
+  buffer = ALLOCV_N(CHAR, vbuffer, size);
+  // For memory safety.
+  ZeroMemory(buffer, sizeof(CHAR) * size);
+
+  for (i = 0; i < length; i++) {
+    for (j = 0; j < 2; j++) {
+      idx = (unsigned int)(bin[i] >> (j * 4) & 0x0F);
+      buffer[2*i+(1-j)] = HEX_TABLE[idx];
+    }
+  }
+
+  VALUE str = rb_str_new2(buffer);
+  ALLOCV_END(vbuffer);
+
+  return str;
+}
+
 static VALUE
 extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
 {
@@ -302,6 +333,14 @@ extract_user_evt_variants(PEVT_VARIANT pRenderedValues, DWORD propCount)
           rb_ary_push(userValues, rbObj);
         }
         break;
+      case EvtVarTypeBinary:
+        if (pRenderedValues[i].BinaryVal == nullptr) {
+          rb_ary_push(userValues, rb_utf8_str_new_cstr("(NULL)"));
+        } else {
+          rbObj = make_displayable_binary_string(pRenderedValues[i].BinaryVal, pRenderedValues[i].Count);
+          rb_ary_push(userValues, rbObj);
+        }
+        break;
       default:
         rb_ary_push(userValues, rb_utf8_str_new_cstr("?"));
         break;

From 1d803aac4c3d8979585ddc8e0f071c815a077755 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hatake@calyptia.com>
Date: Fri, 15 Oct 2021 13:58:31 +0900
Subject: [PATCH 2/2] utils: Terminate binary decoded string with NULL
 explicitly

Signed-off-by: Hiroshi Hatake <hatake@calyptia.com>
---
 ext/winevt/winevt_utils.cpp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/ext/winevt/winevt_utils.cpp b/ext/winevt/winevt_utils.cpp
index badb8c2..350a902 100644
--- a/ext/winevt/winevt_utils.cpp
+++ b/ext/winevt/winevt_utils.cpp
@@ -134,7 +134,7 @@ make_displayable_binary_string(PBYTE bin, size_t length)
 {
   const char *HEX_TABLE = "0123456789ABCDEF";
   CHAR *buffer;
-  int size = length * 2;
+  int size = length * 2 + 1;
   size_t i, j;
   unsigned int idx = 0;
   VALUE vbuffer;
@@ -144,8 +144,6 @@ make_displayable_binary_string(PBYTE bin, size_t length)
   }
 
   buffer = ALLOCV_N(CHAR, vbuffer, size);
-  // For memory safety.
-  ZeroMemory(buffer, sizeof(CHAR) * size);
 
   for (i = 0; i < length; i++) {
     for (j = 0; j < 2; j++) {
@@ -153,6 +151,7 @@ make_displayable_binary_string(PBYTE bin, size_t length)
       buffer[2*i+(1-j)] = HEX_TABLE[idx];
     }
   }
+  buffer[size - 1] = '\0';
 
   VALUE str = rb_str_new2(buffer);
   ALLOCV_END(vbuffer);