Opened 15 years ago
Closed 15 years ago
#1393 closed Bug (Fixed)
Script crashes with error reported in EventLog.au3 at line 475
| Reported by: | jonwetherbee@… | Owned by: | Jpm |
|---|---|---|---|
| Milestone: | 3.3.3.2 | Component: | Standard UDFs |
| Version: | 3.3.2.0 | Severity: | None |
| Keywords: | Cc: |
Description
My Usage:
Script uses EventLog.au3 to access remote event logs. The task is to simply open, read all available records, and close the log.
Problem:
Shortly after starting, script crashes reporting an error at line 475 of EventLog.au3 involving use of a subscript with a non-array variable. This code assumes _SecurityLookupAccountSid only returns an array. In fact, _SecurityLookupAccountSid can return zero.
Initial Solution:
Change the code in EventLog.au3 line 475 to test for an array before using it.
Below are the two functions involved in the problem. The first is _EventLogDecodeUserName from EventLog.au3 - where the error is. The second is _SecurityLookupAccountSid from Security.au3 for reference only.
######################################################
REFERENCE: (Taken from EventLog.au3)
######################################################
Note that _EventLogDecodeUserName assumes _SecurityLookupAccountSid
will always returns an array.
; #INTERNAL_USE_ONLY# ===========================================================================================================
; Name...........: _EventLogDecodeUserName
; Description ...: Decodes the user name from an event log record
; Syntax.........: _EventLogDecodeUserName($tEventLog)
; Parameters ....: $tEventLog - tagEVENTLOGRECORD structure
; Return values .: Success - User name
; Author ........: Paul Campbell (PaulIA)
; Modified.......: Gary Frost (gafrost)
; Remarks .......: This function is used internally
; Related .......:
; Link ..........:
; Example .......:
; ===============================================================================================================================
Func _EventLogDecodeUserName($tEventLog)
Local $pEventLog = DllStructGetPtr($tEventLog)
If DllStructGetData($tEventLog, "UserSidLength") = 0 Then Return ""
Local $pAcctSID = $pEventLog + DllStructGetData($tEventLog, "UserSidOffset")
Local $aAcctInfo = _SecurityLookupAccountSid($pAcctSID)
; Return $aAcctInfo[1] [original line 475] Revised 5-Jan-2010 - jrw
If IsArray($aAcctInfo) Then Return $aAcctInfo[1] Return ''
EndFunc ;==>_EventLogDecodeUserName
######################################################
REFERENCE: (Taken from Security.au3)
######################################################
Note that _SecurityLookupAccountSid MAY NOT return an array.
=======
; #FUNCTION# ====================================================================================================================
; Name...........: _SecurityLookupAccountSid
; Description ...: Retrieves the name of the account for a SID
; Syntax.........: _SecurityLookupAccountSid($vSID)
; Parameters ....: $vSID - Either a binary SID or a string SID
; Return values .: Success - Array with the following format:
; |$aAcct[0] - Account name
; |$aAcct[1] - Domain name
; |$aAcct[2] - SID type, which can be one of the following values:
; | 1 - Indicates a user SID
; | 2 - Indicates a group SID
; | 3 - Indicates a domain SID
; | 4 - Indicates an alias SID
; | 5 - Indicates a SID for a well-known group
; | 6 - Indicates a SID for a deleted account
; | 7 - Indicates an invalid SID
; | 8 - Indicates an unknown SID type
; | 9 - Indicates a SID for a computer
; Failure - 0
; Author ........: Paul Campbell (PaulIA)
; Modified.......:
; Remarks .......:
; Related .......: _SecurityLookupAccountName, _SecurityGetAccountSid
; Link ..........: @@MsdnLink@@ LookupAccountSid
; Example .......:
; ===============================================================================================================================
Func _SecurityLookupAccountSid($vSID)
Local $pSID, $aAcct[3]
If IsString($vSID) Then
Local $tSID = _SecurityStringSidToSid($vSID)
$pSID = DllStructGetPtr($tSID)
Else
$pSID = $vSID
EndIf
If Not _SecurityIsValidSid($pSID) Then Return SetError(-1, 0, 0)
Local $aResult = DllCall("advapi32.dll", "bool", "LookupAccountSidW", "ptr", 0, "ptr", $pSID, "wstr", "", "dword*", 256, _
"wstr", "", "dword*", 256, "int*", 0)
If @error Then Return SetError(@error, @extended, 0)
If Not $aResult[0] Then Return 0
Local $aAcct[3]
$aAcct[0] = $aResult[3] ; Name
$aAcct[1] = $aResult[5] ; Domain
$aAcct[2] = $aResult[7] ; SNU
Return $aAcct
EndFunc ;==>_SecurityLookupAccountSid
Attachments (0)
Change History (1)
comment:1 Changed 15 years ago by Jpm
- Milestone set to 3.3.3.2
- Owner changed from Gary to Jpm
- Resolution set to Fixed
- Status changed from new to closed
Guidelines for posting comments:
- You cannot re-open a ticket but you may still leave a comment if you have additional information to add.
- In-depth discussions should take place on the forum.
For more information see the full version of the ticket guidelines here.
Fixed by revision [5524] in version: 3.3.3.2