How do you work out and supply required input GUID information in JNA?
400 views
Skip to first unread message
Trevor Maggs
Jul 19, 2017, 10:14:38 PM7/19/17
to Java Native Access
According to https://msdn.microsoft.com/en-us/library/windows/desktop/aa375702(v=vs.85).aspx, AuditQuerySystemPolicy is the function I want to use:
BOOLEAN WINAPI AuditQuerySystemPolicy(
_In_ const GUID *pSubCategoryGuids,
_In_ ULONG PolicyCount,
_Out_ PAUDIT_POLICY_INFORMATION *ppAuditPolicy
);My aim is to fetch Local Audit Policy values through the ppAuditPolicy pointer, but I am struggling to use JNA to convert (map) to the right format for the pSubCategoryGuids pointer as required by this WinAPI function.
My main calling JNA code:
import com.sun.jna.platform.win32.Win32Exception;
import com.sun.jna.ptr.PointerByReference;
public class LocalAuditPolicyTest
{
public static void main(String[] args)
{
try
{
PointerByReference guidref = new PointerByReference(); <== How do you input the right GUID values? Not sure if that is correct?
PointerByReference bufptr = new PointerByReference();
boolean retStatus = WinAuditPolicy.INSTANCE.AuditQuerySystemPolicy(guidref, 1, bufptr);
WinAuditPolicy.AUDIT_POLICY_INFORMATION advapi32 = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(bufptr.getValue());
System.out.printf("TEST ANSWER: %d, Status = %s%n", advapi32.AuditingInformation, retStatus);
}
catch (UnsatisfiedLinkError | NoClassDefFoundError | Win32Exception exc)
{
exc.printStackTrace();
}
}
}Do not worry about receiving the information via ppAuditPolicy as I know how to do it, but not with supplying a correct GUID value to input in pSubCategoryGuids pointer? Anyone who knows please tell me how? Thanks in advance.
croudet
Jul 20, 2017, 8:51:01 AM7/20/17
to Java Native Access
Hi,
Look at SetupApi and SetupApiTest:
https://github.com/java-native-access/jna/blob/84cc37948f7359ff3c51f17d993291c22a7884aa/contrib/platform/test/com/sun/jna/platform/win32/SetupApiTest.java
Christophe
Enter codeHDEVINFO SetupDiGetClassDevs(
_In_opt_ const GUID *ClassGuid,
_In_opt_ PCTSTR Enumerator,
_In_opt_ HWND hwndParent,
_In_ DWORD Flags
);
import com.sun.jna.platform.win32.Guid;
...
Guid.GUID monitorGuid = new Guid.GUID("E6F07B5F-EE97-4a90-B076-33F57BF4EAA7");
WinNT.HANDLE hDevInfo = SetupApi.INSTANCE.SetupDiGetClassDevs(monitorGuid, null, null,
SetupApi.DIGCF_PRESENT | SetupApi.DIGCF_DEVICEINTERFACE);
... Trevor Maggs
Jul 20, 2017, 10:52:21 PM7/20/17
to Java Native Access
Thanks croudet for pointing to the SetupApi example. This is exactly what I was looking for.
But, how do you receive the correct values via ppAuditPolicy since the winapi specifications state (see below) that it is actually a pointer that contains an array of pointers? It seems to me that we need to use an array index to fetch the value correctly?
pSubCategoryGuids [in]
A pointer to an array of GUID values that specify the subcategories for which to query audit policy. For a list of defined audit-policy subcategories, see Auditing Constants.
ppAuditPolicy [out]
A pointer to a single buffer that contains both an array of pointers to AUDIT_POLICY_INFORMATION structures and the structures themselves. The AUDIT_POLICY_INFORMATION structures specify the system audit policy for the subcategories specified by the pSubCategoryGuids array.The above specs say pSubCategoryGuids is a pointer to an array of GUID values which I have made my guidArray variable an array (hopefully it is is correct). But what about ppAuditPolicy that I need to fetch the required values? What should be done?
My main program:
import com.sun.jna.platform.win32.Guid.GUID;
import com.sun.jna.platform.win32.Win32Exception;
import com.sun.jna.ptr.PointerByReference;
public class LocalAuditPolicyTest
{
public static void main(String[] args)
{
try
{
PointerByReference bufptr = new PointerByReference();
//See guid constants in https://msdn.microsoft.com/en-us/library/windows/desktop/bb648638(v=vs.85).aspx).
GUID[] guidArray = {new GUID("69979850-797a-11d9-bed3-505054503030")};
boolean retStatus = WinAuditPolicy.INSTANCE.AuditQuerySystemPolicy(guidArray, 1, bufptr);
WinAuditPolicy.AUDIT_POLICY_INFORMATION advapi32 = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(bufptr.getValue());
System.out.printf("TEST ANSWER: %d, Status = %s%n", advapi32.AuditingInformation, retStatus); <== How do you access advapi32.AuditingInformation as an array? }
catch (UnsatisfiedLinkError | NoClassDefFoundError | Win32Exception exc)
{
exc.printStackTrace();
}
}
}
JNA Interface:
import java.util.Arrays;
import java.util.List;
import com.sun.jna.Native;
import com.sun.jna.Pointer;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.Guid.GUID;
import com.sun.jna.ptr.PointerByReference;
import com.sun.jna.win32.StdCallLibrary;
import com.sun.jna.win32.W32APIOptions;
public interface WinAuditPolicy extends StdCallLibrary
{
WinAuditPolicy INSTANCE = (WinAuditPolicy) Native.loadLibrary("advapi32", WinAuditPolicy.class, W32APIOptions.UNICODE_OPTIONS);
public static class AUDIT_POLICY_INFORMATION extends Structure
{
public GUID AuditSubCategoryGuid; // GUID
public int AuditingInformation; // ULONG
public GUID AuditCategoryGuid; // GUID
public AUDIT_POLICY_INFORMATION()
{
}
public AUDIT_POLICY_INFORMATION(Pointer p)
{
super(p);
read();
}
@Override
protected List<String> getFieldOrder()
{
return Arrays.asList(new String[]{"AuditSubCategoryGuid", "AuditingInformation", "AuditCategoryGuid"});
}
}
boolean AuditQuerySystemPolicy(GUID[] guidptr, int count, PointerByReference bufptr);
void AuditFree(PointerByReference bufptr);
}
L Will Ahonen
Jul 21, 2017, 2:54:13 AM7/21/17
to Java Native Access
Hi,
WinAuditPolicy.AUDIT_POLICY_INFORMATION advapi32 = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(first.getPointer(i*Pointer.SIZE));
I would guess you enumerate like so:
int i=0;
// Read pointer to first object of array
Pointer first=bufptr.getValue();
// When we reach the data of the first object, we can stop
Pointer stopEnum=first.getPointer(0);
// Is our array read cursor at the first object i.e. end of pointer array?
while(!first.share(i*Pointer.SIZE)).equals(stopEnum))
{
i++;
}
Remember to free the array you got once you're done :)
BR,
Remember to free the array you got once you're done :)
BR,
Will
Trevor Maggs
Jul 21, 2017, 6:30:10 AM7/21/17
to Java Native Access
Hi Will,
Thanks for suggesting to enumerate the output buffer. For testing purposes, there is only one GUID element (6997984a-797a-11d9-bed3-505054503030) for Audit_ObjectAccess. I followed your suggested snippet here but there is a NullPointerException error due to the first variable caused by bufptr.getValue()?
I am not completely knowledgable in JNA yet as I am learning. Appreciate your assistance as to what went wrong with my code?
import com.sun.jna.Pointer;
import com.sun.jna.platform.win32.Guid.GUID;
import com.sun.jna.platform.win32.Win32Exception;
import com.sun.jna.ptr.PointerByReference;
public class LocalAuditPolicyTest
{
public static void main(String[] args)
{
try
{
PointerByReference bufptr = new PointerByReference();
GUID[] guidArray = new GUID[1];
guidArray[0] = new GUID("6997984a-797a-11d9-bed3-505054503030");
boolean retStatus = WinAuditPolicy.INSTANCE.AuditQuerySystemPolicy(guidArray, guidArray.length, bufptr);
int i = 0;
// Read pointer to first object of array
Pointer first = bufptr.getValue();
// When we reach the data of the first object, we can stop
Pointer stopEnum = first.getPointer(0);
// Is our array read cursor at the first object i.e. end of pointer array?
while (!first.share(i * Pointer.SIZE).equals(stopEnum))
{
WinAuditPolicy.AUDIT_POLICY_INFORMATION advapi32 = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(first.getPointer(i * Pointer.SIZE));
System.out.printf("TEST ANSWER: %d, Status = %s%n", advapi32.AuditingInformation, retStatus);
i++;
}
}
catch (UnsatisfiedLinkError | NoClassDefFoundError | Win32Exception exc)
{
exc.printStackTrace();
}
}
}I will work out the memory deallocation for bufptr once it is no longer needed after the issue above is understood and fixed. Thanks again.
croudet
Jul 21, 2017, 11:32:17 AM7/21/17
to Java Native Access
Hi,
I have come to that, not sure it is 100% correct:
import java.util.ArrayList;
I have come to that, not sure it is 100% correct:
import java.util.ArrayList;
import java.util.List;
import com.sun.jna.Native;
import com.sun.jna.Pointer;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.Advapi32;
import com.sun.jna.platform.win32.Guid.GUID;
import com.sun.jna.platform.win32.WinDef.ULONG;
import com.sun.jna.platform.win32.WinDef.ULONGByReference;
import com.sun.jna.ptr.PointerByReference;
import com.sun.jna.win32.W32APIOptions;
public class WindowsPolicyTest {
public static void main(String... args) {
WinAuditPolicy p = WinAuditPolicy.INSTANCE;
PointerByReference ppAuditCategoriesArray = new PointerByReference();
ULONGByReference pCountReturned = new ULONGByReference();
p.AuditEnumerateCategories(ppAuditCategoriesArray, pCountReturned);
System.out.println(pCountReturned.getValue());
int cnt = pCountReturned.getValue().intValue();
long offset = 0L;
Pointer ptr = ppAuditCategoriesArray.getValue();
List<GUID> categories = new ArrayList<>(cnt);
System.out.println("---------------- Categories --------------------------");
for (int i = 0; i < cnt; ++i) {
GUID guid = new GUID(ptr);
categories.add(guid);
offset += guid.size();
ptr = ppAuditCategoriesArray.getValue().share(offset);
System.out.println(guid.toGuidString());
}
System.out.println("------------------ Sub Categories ------------------------");
List<GUID> subcategories = new ArrayList<>();
for (GUID cat : categories) {
PointerByReference ppAuditSubCategoriesArray = new PointerByReference();
pCountReturned = new ULONGByReference();
if (p.AuditEnumerateSubCategories(cat, false, ppAuditSubCategoriesArray, pCountReturned)) {
cnt = pCountReturned.getValue().intValue();
offset = 0L;
ptr = ppAuditSubCategoriesArray.getValue();
for (int i = 0; i < cnt; ++i) {
GUID guid = new GUID(ptr);
subcategories.add(guid);
offset += guid.size();
ptr = ppAuditCategoriesArray.getValue().share(offset);
System.out.println(guid.toGuidString());
}
p.AuditFree(ppAuditSubCategoriesArray.getPointer());
}
}
System.out.println("==================");
for (GUID subcat : subcategories) {
WinAuditPolicy.AUDIT_POLICY_INFORMATION result = new WinAuditPolicy.AUDIT_POLICY_INFORMATION();
if (p.AuditQuerySystemPolicy(subcat, new ULONG(1), result)) {
WinAuditPolicy.AUDIT_POLICY_INFORMATION policy = result;
System.out.println(policy.AuditingInformation);
System.out.println(policy.AuditCategoryGuid.toGuidString());
System.out.println(policy.AuditSubCategoryGuid.toGuidString());
}
p.AuditFree(result.getPointer());
}
p.AuditFree(ppAuditCategoriesArray.getPointer());
}
public interface WinAuditPolicy extends Advapi32 {
WinAuditPolicy INSTANCE = Native.loadLibrary("advapi32", WinAuditPolicy.class, W32APIOptions.DEFAULT_OPTIONS);
/*
* typedef struct _AUDIT_POLICY_INFORMATION { GUID AuditSubCategoryGuid;
* ULONG AuditingInformation; GUID AuditCategoryGuid; }
* AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION;
*/
public static class AUDIT_POLICY_INFORMATION extends Structure {
public GUID AuditSubCategoryGuid;
public long AuditingInformation;
public GUID AuditCategoryGuid;
public static class ByReference extends AUDIT_POLICY_INFORMATION implements Structure.ByReference {
}
public static final List<String> FIELDS = createFieldsOrder("AuditSubCategoryGuid", "AuditingInformation",
"AuditCategoryGuid");
public AUDIT_POLICY_INFORMATION() {
super();
}
/**
* @param pointer
*/
public AUDIT_POLICY_INFORMATION(Pointer pointer) {
super(pointer);
}
@Override
protected List<String> getFieldOrder() {
return FIELDS;
}
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
builder.append("AUDIT_POLICY_INFORMATION [AuditSubCategoryGuid=").append(AuditSubCategoryGuid.toGuidString())
.append(", AuditingInformation=").append(AuditingInformation).append(", AuditCategoryGuid=")
.append(AuditCategoryGuid.toGuidString()).append("]");
return builder.toString();
}
}
boolean AuditEnumerateCategories(PointerByReference ppAuditCategoriesArray, ULONGByReference pCountReturned);
boolean AuditEnumerateSubCategories(GUID pAuditCategoryGuid, boolean bRetrieveAllSubCategories,
PointerByReference ppAuditSubCategoriesArray, ULONGByReference pCountReturned);
void AuditFree(Pointer buffer);
boolean AuditQuerySystemPolicy(GUID[] guidptr, ULONG count, AUDIT_POLICY_INFORMATION[] bufptr);
boolean AuditQuerySystemPolicy(GUID guidptr, ULONG count, AUDIT_POLICY_INFORMATION bufptr);
}
}Christophe
croudet
Jul 21, 2017, 11:33:39 AM7/21/17
to Java Native Access
Missing a part of the code:
Timothy Wall
Jul 21, 2017, 1:58:51 PM7/21/17
to jna-...@googlegroups.com
Assuming ptr = bufptr.getValue() is the start of the buffer,
ptr.getPointerArray(0, <length>) gives you the first block of pointers, which the documentation implies point into the same buffer.
For each pointer in the returned array, you can initialize the structure in question with Structure(Pointer p). It's not really relevant where the structures live unless you're the one doing the allocation.
--
You received this message because you are subscribed to the Google Groups "Java Native Access" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jna-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
Trevor Maggs
Jul 22, 2017, 3:28:02 AM7/22/17
to Java Native Access
Thanks everyone for your support. I have tried out the suggested code provided by Christophe. Both code and output attached here.
As you can see from the attached output, it seems the code is somewhat correct in trying to fetch values from the 9 known audit policy items (Categories which I have marked in the output), but the actual results are all zero which are not correct. Not sure what is missing out? Note, I run it as Administrator.
I am guessing the following snippet has some missing logic to capture the required values?
for (GUID subcat : subcategories)
{
WinAuditPolicy.AUDIT_POLICY_INFORMATION result = new WinAuditPolicy.AUDIT_POLICY_INFORMATION();
-->> if (p.AuditQuerySystemPolicy(subcat, new ULONG(1), result)) <<-- ??Timothy Wall
Jul 22, 2017, 7:51:39 AM7/22/17
to jna-...@googlegroups.com
You need a PointerByReference as the final argument to AuditQuerySystemPolicy, since the function is returning a `struct **`. You can then use PointerByReference.getValue() to initialize a new instance of the WinAuditPolicy.AUDIT_POLICY_INFORMATION structure.
Timothy Wall
Jul 22, 2017, 7:57:01 AM7/22/17
to jna-...@googlegroups.com
Here's what the code should look like:
for (GUID subcat : subcategories)
{
WinAuditPolicy.AUDIT_POLICY_INFORMATION result = new WinAuditPolicy.AUDIT_POLICY_INFORMATION();
{
WinAuditPolicy.AUDIT_POLICY_INFORMATION result = new WinAuditPolicy.AUDIT_POLICY_INFORMATION();
PointerByReference pref = new PointerByReference();
-->> if (p.AuditQuerySystemPolicy(subcat, new ULONG(COUNT), pref))
{
Pointer base = pref.getValue();
Pointer[] structPointers = base.getPointerArray(COUNT);
for (Pointer p : structPointers)
{
WinAuditPolicy.AUDIT_POLICY_INFORMATION policy = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(p);
WinAuditPolicy.AUDIT_POLICY_INFORMATION policy = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(p);
policy.read(); // Only required if the constructor doesn't do it, which it _should_
System.out.println(policy.AuditingInformation);
System.out.println(policy.AuditCategoryGuid.toGuidString());
System.out.println(policy.AuditSubCategoryGuid.toGuidString());
System.out.println(policy.AuditingInformation);
System.out.println(policy.AuditCategoryGuid.toGuidString());
System.out.println(policy.AuditSubCategoryGuid.toGuidString());
}
p.AuditFree(base);
p.AuditFree(base);
}
}
}
Timothy Wall
Jul 22, 2017, 7:57:48 AM7/22/17
to jna-...@googlegroups.com
I forgot the pointer offset.
Trevor Maggs
Jul 23, 2017, 10:07:37 PM7/23/17
to Java Native Access
I have changed the final argument to AuditQuerySystemPolicy as Tim advised and I had to update the interface to match this method which now includes PointerByReference. The result is still the same (all zero). Question, how do you work out the arraysize for COUNT?
And most importantly, what did I miss out in my final logic below?
int COUNT = 1;
for (GUID subcat : subcategories)
{
PointerByReference pref = new PointerByReference();
if (p.AuditQuerySystemPolicy(subcat, new ULONG(COUNT), pref))
{
Pointer base = pref.getValue();
Pointer[] structPointers = base.getPointerArray(0, COUNT);
for (Pointer sptr : structPointers)
{
WinAuditPolicy.AUDIT_POLICY_INFORMATION policy = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(sptr);
// policy.read(); <-- it doesnt work as it causes issues so I commented it out
System.out.println(policy.AuditingInformation);
System.out.println(policy.AuditCategoryGuid.toGuidString());
System.out.println(policy.AuditSubCategoryGuid.toGuidString());
}
p.AuditFree(base);
}
}import java.util.List;
import com.sun.jna.Native;
import com.sun.jna.Pointer;
import com.sun.jna.Structure;
import com.sun.jna.platform.win32.Advapi32;
import com.sun.jna.platform.win32.Guid.GUID;
import com.sun.jna.platform.win32.WinDef.ULONG;
import com.sun.jna.platform.win32.WinDef.ULONGByReference;
import com.sun.jna.ptr.PointerByReference;
import com.sun.jna.win32.W32APIOptions;
public interface WinAuditPolicy extends Advapi32
{
WinAuditPolicy INSTANCE = Native.loadLibrary("advapi32", WinAuditPolicy.class, W32APIOptions.DEFAULT_OPTIONS);
/*
* From
* https://msdn.microsoft.com/en-us/library/windows/desktop/aa965467(v=vs.85
* ).aspx
*
* typedef struct _AUDIT_POLICY_INFORMATION
* {
* GUID AuditSubCategoryGuid;
* ULONG AuditingInformation;
* GUID AuditCategoryGuid;
* } AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION;
*/
public static class AUDIT_POLICY_INFORMATION extends Structure
{
public GUID AuditSubCategoryGuid;
public long AuditingInformation;
public GUID AuditCategoryGuid;
public static class ByReference extends AUDIT_POLICY_INFORMATION implements Structure.ByReference
{
}
public static final List<String> FIELDS = createFieldsOrder("AuditSubCategoryGuid", "AuditingInformation", "AuditCategoryGuid");
public AUDIT_POLICY_INFORMATION()
{
super();
}
/**
* @param pointer
*/
public AUDIT_POLICY_INFORMATION(Pointer pointer)
{
super(pointer);
}
@Override
protected List<String> getFieldOrder()
{
return FIELDS;
}
@Override
public String toString()
{
StringBuilder builder = new StringBuilder();
builder.append("AUDIT_POLICY_INFORMATION [AuditSubCategoryGuid=").append(AuditSubCategoryGuid.toGuidString())
.append(", AuditingInformation=").append(AuditingInformation).append(", AuditCategoryGuid=")
.append(AuditCategoryGuid.toGuidString()).append("]");
return builder.toString();
}
}
boolean AuditEnumerateCategories(PointerByReference ppAuditCategoriesArray, ULONGByReference pCountReturned);
boolean AuditEnumerateSubCategories(GUID pAuditCategoryGuid, boolean bRetrieveAllSubCategories, PointerByReference ppAuditSubCategoriesArray, ULONGByReference pCountReturned);
void AuditFree(Pointer buffer);
--> boolean AuditQuerySystemPolicy(GUID guidptr, ULONG count, PointerByReference bufptr); <--
}Timothy Wall
Jul 24, 2017, 3:42:56 PM7/24/17
to jna-...@googlegroups.com
You need to add a `Structure.read()` call to your Pointer-based constructor.
Message has been deleted
Trevor Maggs
Jul 25, 2017, 12:50:39 AM7/25/17
to Java Native Access
Yes, Structure.read() is used in the constructor (see code below) but it still causes an exception error (see below)?
It seems my final part, which contains the line: WinAuditPolicy.AUDIT_POLICY_INFORMATION policy = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(sptr) above is not doing the job correctly or missing more logic? I have googled for this solution but none was forthcoming. Any idea?
Exception in thread "main" java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
Caused by: java.lang.Error: Invalid memory access
at com.sun.jna.Native.getInt(Native Method)
at com.sun.jna.Pointer.getInt(Pointer.java:589)
at com.sun.jna.Pointer.getValue(Pointer.java:391)
at com.sun.jna.Structure.readField(Structure.java:720)
at com.sun.jna.Structure.read(Structure.java:580)
at com.sun.jna.Pointer.getValue(Pointer.java:379)
at com.sun.jna.Structure.readField(Structure.java:720)
at com.sun.jna.Structure.read(Structure.java:580)
--> at WinAuditPolicy$AUDIT_POLICY_INFORMATION.<init>(WinAuditPolicy.java:51) <-- from my Structure.read() code
at WindowsPolicyTest.main(WindowsPolicyTest.java:84)
... 5 more public static class AUDIT_POLICY_INFORMATION extends Structure
{
public GUID AuditSubCategoryGuid;
public long AuditingInformation;
public GUID AuditCategoryGuid;
public static class ByReference extends AUDIT_POLICY_INFORMATION implements Structure.ByReference
{
}
public static final List<String> FIELDS = createFieldsOrder("AuditSubCategoryGuid", "AuditingInformation", "AuditCategoryGuid");
public AUDIT_POLICY_INFORMATION()
{
super();
}
/**
* @param pointer
*/
public AUDIT_POLICY_INFORMATION(Pointer pointer)
{
super(pointer);
--> read(); <--To unsubscribe from this group and stop receiving emails from it, send an email to jna-users+...@googlegroups.com.
croudet
Jul 25, 2017, 11:21:06 AM7/25/17
to Java Native Access
if you have only one GUID, the follwing seems to work:
If you want to query more than one GUID:
for (GUID subcat : subcategories) {
PointerByReference policyRef = new PointerByReference();
if (p.AuditQuerySystemPolicy(subcat, new ULONG(1), policyRef)) {
base = policyRef.getValue();
if (base == null) {
continue;
}
System.out.println(new WinAuditPolicy.AUDIT_POLICY_INFORMATION(base));
p.AuditFree(base);
}
}If you want to query more than one GUID:
GUID g = new GUID("{0cce923f-69ae-11d9-bed3-505054503030}");
GUID g1 = new GUID("{0cce9227-69ae-11d9-bed3-505054503030}");
GUID.ByReference guidByRef= new GUID.ByReference();
GUID[] guids = (GUID[]) guidByRef.toArray(2);
guids[0].Data1 = g.Data1;
guids[0].Data2 = g.Data2;
guids[0].Data3 = g.Data3;
guids[0].Data4 = g.Data4;
guids[1].Data1 = g1.Data1;
guids[1].Data2 = g1.Data2;
guids[1].Data3 = g1.Data3;
guids[1].Data4 = g1.Data4;
PointerByReference ptrByRef = new PointerByReference();
if (p.AuditQuerySystemPolicy(guidByRef, new ULONG(2), ptrByRef)) {
Pointer base = ptrByRef.getValue();
if (base != null) {
offset = 0;
for (int i = 0; i < guids.length; ++i) {
WinAuditPolicy.AUDIT_POLICY_INFORMATION auditPolicy = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(
base.share(offset));
System.out.println("====> " + auditPolicy);
offset += auditPolicy.size();
}
p.AuditFree(base);
}
}boolean AuditQuerySystemPolicy(GUID guidptr, ULONG count, PointerByReference bufptr);
boolean AuditQuerySystemPolicy(Pointer guidptr, ULONG count, PointerByReference bufptr);Christophe
Timothy Wall
Jul 25, 2017, 4:54:55 PM7/25/17
to jna-...@googlegroups.com
Try dumping the contents of the returned buffer in hex, that might give you a clue.
Please include the code which extracts the pointer and dereferences it after the call to AuditQuerySystemPolicy().
On Mon, Jul 24, 2017 at 9:18 PM, Trevor Maggs <tmagg...@gmail.com> wrote:
Structure.read() is used in the constructor (see code below) but it still causes an exception error. Are we sure Pointer[] structPointers = base.getPointerArray(0, COUNT) is not the reason?Sorry I am not fully knowledgeable in JNA yet and appreciate if someone please explain what is missing out in my final part (which contains the line: WinAuditPolicy.AUDIT_POLICY_INFORMATION policy = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(sptr)) above?
{
public GUID AuditSubCategoryGuid;
public long AuditingInformation;
public GUID AuditCategoryGuid;
public static class ByReference extends AUDIT_POLICY_INFORMATION implements Structure.ByReference
{
}
public static final List<String> FIELDS = createFieldsOrder("AuditSubCategoryGuid", "AuditingInformation", "AuditCategoryGuid");
public AUDIT_POLICY_INFORMATION()
{
super();
}
/**
* @param pointer
*/
public AUDIT_POLICY_INFORMATION(Pointer pointer)
{
super(pointer);
}
@Override
protected List<String> getFieldOrder()
{
return FIELDS;
}
@Override
public String toString()
{
StringBuilder builder = new StringBuilder();
builder.append("AUDIT_POLICY_INFORMATION [AuditSubCategoryGuid=").append(AuditSubCategoryGuid.toGuidString())
.append(", AuditingInformation=").append(AuditingInformation).append(", AuditCategoryGuid=")
.append(AuditCategoryGuid.toGuidString()).append("]");
return builder.toString();
}
}
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)
Caused by: java.lang.Error: Invalid memory access
at com.sun.jna.Native.getInt(Native Method)
at com.sun.jna.Pointer.getInt(Pointer.java:589)
at com.sun.jna.Pointer.getValue(Pointer.java:391)
at com.sun.jna.Structure.readField(Structure.java:720)
at com.sun.jna.Structure.read(Structure.java:580)
at com.sun.jna.Pointer.getValue(Pointer.java:379)
at com.sun.jna.Structure.readField(Structure.java:720)
at com.sun.jna.Structure.read(Structure.java:580)
--> at WinAuditPolicy$AUDIT_POLICY_INFORMATION.<init>(WinAuditPolicy.java:51) <-- from my Structure.read() code
at WindowsPolicyTest.main(WindowsPolicyTest.java:84)
... 5 more
On Tuesday, July 25, 2017 at 5:42:56 AM UTC+10, runedelve wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to jna-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Trevor Maggs
Jul 26, 2017, 5:03:02 AM7/26/17
to Java Native Access
Hi Christophe,
Thanks for your assistance. I tried your first suggested code with one GUID value. It didn't really work correctly as the returned values are not what I hoped for. I need them to be from any of the Audit Policy sub categories. Several items that returned are null.
They should be the same information as "auditpol /get /Category:*" when you run via the command prompt.
I know I am not an experienced Java programmer yet but JNA is hard. Not sure if it is my bug or is it due to the limitation of JNA doing complex computations such as my problem? Has someone been successful at this similar solution elsewhere? I wonder.
Hi Tim,
Not sure if I have done what you asked. Here is the code I tried without the loop for structPointers as I was trying to do some problem elimination. Below is the output but I don't think it is helpful. I don't know what other solution I could think of?
One thing I know that we are successful at obtaining all GUID values for subCategories which means we have correct input but the problem is in my final part which involves running AuditQuerySystemPolicy. Any idea?
byte[] HEX_CHAR = new byte[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
for (GUID subcat : subcategories)
{
PointerByReference policyRef = new PointerByReference();
if (p.AuditQuerySystemPolicy(subcat, new ULONG(1), policyRef))
{
Pointer base = policyRef.getValue();
if (base == null)
{
continue;
}
StringBuffer sb = new StringBuffer();
for (int i = 0; i < base.SIZE; i++)
{
sb.append("0x").append((char) (HEX_CHAR[(base.getChar(i) & 0x00F0) >> 4])).append((char) (HEX_CHAR[base.getChar(i) & 0x000F])).append(" ");
}
System.out.printf("HEX DUMP: %s%n", sb.toString());
WinAuditPolicy.AUDIT_POLICY_INFORMATION policy = new WinAuditPolicy.AUDIT_POLICY_INFORMATION(base);
System.out.printf("Value: %s%n", policy.AuditingInformation);
System.out.println(policy.AuditCategoryGuid.toGuidString());
System.out.println(policy.AuditSubCategoryGuid.toGuidString());
p.AuditFree(base);
}
}Length found: 9
---------------- Categories --------------------------
{69979848-797A-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{6997984C-797A-11D9-BED3-505054503030}
{6997984D-797A-11D9-BED3-505054503030}
{6997984E-797A-11D9-BED3-505054503030}
{6997984F-797A-11D9-BED3-505054503030}
{69979850-797A-11D9-BED3-505054503030}
------------------ Sub Categories ------------------------
{0CCE9210-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{6997984C-797A-11D9-BED3-505054503030}
{0CCE9215-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{6997984C-797A-11D9-BED3-505054503030}
{6997984D-797A-11D9-BED3-505054503030}
{6997984E-797A-11D9-BED3-505054503030}
{6997984F-797A-11D9-BED3-505054503030}
{69979850-797A-11D9-BED3-505054503030}
{00000000-0000-0000-A6E0-3A31F68F0000}
{00E08380-0000-0000-404C-DF0000000000}
{0CCE921D-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{6997984C-797A-11D9-BED3-505054503030}
{6997984D-797A-11D9-BED3-505054503030}
{6997984E-797A-11D9-BED3-505054503030}
{6997984F-797A-11D9-BED3-505054503030}
{69979850-797A-11D9-BED3-505054503030}
{00000000-0000-0000-A6E0-3A31F68F0000}
{00E08380-0000-0000-404C-DF0000000000}
{00380039-0034-0034-3800-2D0031003000}
{00310030-005C-0000-A4E2-3338FF8F0010}
{00E12B90-0000-0000-20AB-DF0000000000}
{0CCE9228-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{0CCE922B-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{6997984C-797A-11D9-BED3-505054503030}
{6997984D-797A-11D9-BED3-505054503030}
{0CCE922F-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{6997984C-797A-11D9-BED3-505054503030}
{6997984D-797A-11D9-BED3-505054503030}
{0CCE9235-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{6997984C-797A-11D9-BED3-505054503030}
{6997984D-797A-11D9-BED3-505054503030}
{0CCE923B-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
{0CCE923F-69AE-11D9-BED3-505054503030}
{69979849-797A-11D9-BED3-505054503030}
{6997984A-797A-11D9-BED3-505054503030}
{6997984B-797A-11D9-BED3-505054503030}
==================
HEX DUMP: 0x10 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717530470809603
{11D9797A-D3BE-5050-5450-30301192CE0C}
{0CCE9210-69AE-11D9-BED3-505054503030}
HEX DUMP: 0x15 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717534765776899
{11D9797A-D3BE-5050-5450-30301692CE0C}
{0CCE9215-69AE-11D9-BED3-505054503030}
HEX DUMP: 0x1D 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717539060744195
{11D9797A-D3BE-5050-5450-30301E92CE0C}
{0CCE921D-69AE-11D9-BED3-505054503030}
HEX DUMP: 0x2B 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717547650678787
{11D9797A-D3BE-5050-5450-30302C92CE0C}
{0CCE922B-69AE-11D9-BED3-505054503030}
HEX DUMP: 0x2F 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717551945646080
{11D9797A-D3BE-5050-5450-30303092CE0C}
{0CCE922F-69AE-11D9-BED3-505054503030}
HEX DUMP: 0x35 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717556240613376
{11D9797A-D3BE-5050-5450-30303692CE0C}
{0CCE9235-69AE-11D9-BED3-505054503030}
HEX DUMP: 0x3B 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717560535580672
{11D9797A-D3BE-5050-5450-30303C92CE0C}
{0CCE923B-69AE-11D9-BED3-505054503030}
HEX DUMP: 0x3F 0x92 0xCE 0x0C 0xAE 0x69 0xD9 0x11
Value: 7608717564830547968
{11D9797A-D3BE-5050-5450-30304092CE0C}
{0CCE923F-69AE-11D9-BED3-505054503030}Message has been deleted
Timothy Wall
Jul 26, 2017, 8:58:43 AM7/26/17
to jna-...@googlegroups.com
The bytes are in reverse order, you can see the first byte of every line changing, which indicates eight pointers to objects of apparently different sizes.
To make this more readable, you should print consecutive integer values of 4 bytes each, two per line if 64-bit, that way the byte ordering will be correct. Java has a toHex() function for printing integers somewhere.
If you print the address of your buffer, you'll probably see a similar pattern to the first one below. Presumably these are the addresses of each struct within the buffer. It's quite possible there's a variable-sized element within the struct which you'll need to adjust before reading the whole thing.
3F 92 CE 0C AE 69 D9 11
3B
35
2F
2B
1D
15
10
On Wed, Jul 26, 2017 at 5:05 AM, Trevor Maggs <tmagg...@gmail.com> wrote:
My previous dump contents were corrupted when I posted so here is the dump output file that Tim requested.
Trevor Maggs
Jul 27, 2017, 7:44:00 AM7/27/17
to Java Native Access
Thank you everyone very much for your time and patience. Yes, the code is now working perfectly. :) I have attached the files here.
In summary, the key issues that occurred in my code were due to:
- Illegal use of the "long" datatype for the AuditingInformation field. It should be ULONG to match with the WinAPI function.
- Unnecessary inner loop in my final part. The loop for the subcategories should handle one GUID per pointer in one iteration, not multiple iterations within it.
- Structure.read() is important for fetching information if there is a buffer (ie **struct) returned from the WinAPI function. It was previously not used because I thought it was causing issues but I realised it was due to the incorrect use of the "long" datatype for AuditingInformation.
Below is the output:
COUNT CATEGORY GUID CATEGORY NAME SUB CATEGORY GUID SUB CATEGORY NAME VALUE
1 {69979848-797A-11D9-BED3-505054503030} System {0CCE9210-69AE-11D9-BED3-505054503030} Security State Change 0
2 {69979848-797A-11D9-BED3-505054503030} System {0CCE9211-69AE-11D9-BED3-505054503030} Security System Extension 0
3 {69979848-797A-11D9-BED3-505054503030} System {0CCE9212-69AE-11D9-BED3-505054503030} System Integrity 0
4 {69979848-797A-11D9-BED3-505054503030} System {0CCE9213-69AE-11D9-BED3-505054503030} IPsec Driver 0
5 {69979848-797A-11D9-BED3-505054503030} System {0CCE9214-69AE-11D9-BED3-505054503030} Other System Events 0
6 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9215-69AE-11D9-BED3-505054503030} Logon 0
7 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9216-69AE-11D9-BED3-505054503030} Logoff 0
8 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9217-69AE-11D9-BED3-505054503030} Account Lockout 0
9 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9218-69AE-11D9-BED3-505054503030} IPsec Main Mode 0
10 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9219-69AE-11D9-BED3-505054503030} IPsec Quick Mode 0
11 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE921A-69AE-11D9-BED3-505054503030} IPsec Extended Mode 0
12 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE921B-69AE-11D9-BED3-505054503030} Special Logon 0
13 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE921C-69AE-11D9-BED3-505054503030} Other Logon/Logoff Events 0
14 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9243-69AE-11D9-BED3-505054503030} Network Policy Server 0
15 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9247-69AE-11D9-BED3-505054503030} User / Device Claims 0
16 {69979849-797A-11D9-BED3-505054503030} Logon/Logoff {0CCE9249-69AE-11D9-BED3-505054503030} Group Membership 0
17 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE921D-69AE-11D9-BED3-505054503030} File System 3
18 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE921E-69AE-11D9-BED3-505054503030} Registry 3
19 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE921F-69AE-11D9-BED3-505054503030} Kernel Object 3
20 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9220-69AE-11D9-BED3-505054503030} SAM 3
21 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9221-69AE-11D9-BED3-505054503030} Certification Services 3
22 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9222-69AE-11D9-BED3-505054503030} Application Generated 3
23 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9223-69AE-11D9-BED3-505054503030} Handle Manipulation 3
24 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9224-69AE-11D9-BED3-505054503030} File Share 3
25 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9225-69AE-11D9-BED3-505054503030} Filtering Platform Packet Drop 3
26 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9226-69AE-11D9-BED3-505054503030} Filtering Platform Connection 3
27 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9227-69AE-11D9-BED3-505054503030} Other Object Access Events 3
28 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9244-69AE-11D9-BED3-505054503030} Detailed File Share 3
29 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9245-69AE-11D9-BED3-505054503030} Removable Storage 3
30 {6997984A-797A-11D9-BED3-505054503030} Object Access {0CCE9246-69AE-11D9-BED3-505054503030} Central Policy Staging 3
31 {6997984B-797A-11D9-BED3-505054503030} Privilege Use {0CCE9228-69AE-11D9-BED3-505054503030} Sensitive Privilege Use 0
32 {6997984B-797A-11D9-BED3-505054503030} Privilege Use {0CCE9229-69AE-11D9-BED3-505054503030} Non Sensitive Privilege Use 0
33 {6997984B-797A-11D9-BED3-505054503030} Privilege Use {0CCE922A-69AE-11D9-BED3-505054503030} Other Privilege Use Events 0
34 {6997984C-797A-11D9-BED3-505054503030} Detailed Tracking {0CCE922B-69AE-11D9-BED3-505054503030} Process Creation 0
35 {6997984C-797A-11D9-BED3-505054503030} Detailed Tracking {0CCE922C-69AE-11D9-BED3-505054503030} Process Termination 0
36 {6997984C-797A-11D9-BED3-505054503030} Detailed Tracking {0CCE922D-69AE-11D9-BED3-505054503030} DPAPI Activity 0
37 {6997984C-797A-11D9-BED3-505054503030} Detailed Tracking {0CCE922E-69AE-11D9-BED3-505054503030} RPC Events 0
38 {6997984C-797A-11D9-BED3-505054503030} Detailed Tracking {0CCE9248-69AE-11D9-BED3-505054503030} Plug and Play Events 0
39 {6997984C-797A-11D9-BED3-505054503030} Detailed Tracking {0CCE924A-69AE-11D9-BED3-505054503030} Token Right Adjusted Events 0
40 {6997984D-797A-11D9-BED3-505054503030} Policy Change {0CCE922F-69AE-11D9-BED3-505054503030} Audit Policy Change 0
41 {6997984D-797A-11D9-BED3-505054503030} Policy Change {0CCE9230-69AE-11D9-BED3-505054503030} Authentication Policy Change 0
42 {6997984D-797A-11D9-BED3-505054503030} Policy Change {0CCE9231-69AE-11D9-BED3-505054503030} Authorization Policy Change 0
43 {6997984D-797A-11D9-BED3-505054503030} Policy Change {0CCE9232-69AE-11D9-BED3-505054503030} MPSSVC Rule-Level Policy Change 0
44 {6997984D-797A-11D9-BED3-505054503030} Policy Change {0CCE9233-69AE-11D9-BED3-505054503030} Filtering Platform Policy Change 0
45 {6997984D-797A-11D9-BED3-505054503030} Policy Change {0CCE9234-69AE-11D9-BED3-505054503030} Other Policy Change Events 0
46 {6997984E-797A-11D9-BED3-505054503030} Account Management {0CCE9235-69AE-11D9-BED3-505054503030} User Account Management 0
47 {6997984E-797A-11D9-BED3-505054503030} Account Management {0CCE9236-69AE-11D9-BED3-505054503030} Computer Account Management 0
48 {6997984E-797A-11D9-BED3-505054503030} Account Management {0CCE9237-69AE-11D9-BED3-505054503030} Security Group Management 0
49 {6997984E-797A-11D9-BED3-505054503030} Account Management {0CCE9238-69AE-11D9-BED3-505054503030} Distribution Group Management 0
50 {6997984E-797A-11D9-BED3-505054503030} Account Management {0CCE9239-69AE-11D9-BED3-505054503030} Application Group Management 0
51 {6997984E-797A-11D9-BED3-505054503030} Account Management {0CCE923A-69AE-11D9-BED3-505054503030} Other Account Management Events 0
52 {6997984F-797A-11D9-BED3-505054503030} DS Access {0CCE923B-69AE-11D9-BED3-505054503030} Directory Service Access 0
53 {6997984F-797A-11D9-BED3-505054503030} DS Access {0CCE923C-69AE-11D9-BED3-505054503030} Directory Service Changes 0
54 {6997984F-797A-11D9-BED3-505054503030} DS Access {0CCE923D-69AE-11D9-BED3-505054503030} Directory Service Replication 0
55 {6997984F-797A-11D9-BED3-505054503030} DS Access {0CCE923E-69AE-11D9-BED3-505054503030} Detailed Directory Service Replication 0
56 {69979850-797A-11D9-BED3-505054503030} Account Logon {0CCE923F-69AE-11D9-BED3-505054503030} Credential Validation 2
57 {69979850-797A-11D9-BED3-505054503030} Account Logon {0CCE9240-69AE-11D9-BED3-505054503030} Kerberos Service Ticket Operations 2
58 {69979850-797A-11D9-BED3-505054503030} Account Logon {0CCE9241-69AE-11D9-BED3-505054503030} Other Account Logon Events 2
59 {69979850-797A-11D9-BED3-505054503030} Account Logon {0CCE9242-69AE-11D9-BED3-505054503030} Kerberos Authentication Service 2A few questions before we close this:
Q1 - Why do we need to put "public static class ByReference extends AUDIT_POLICY_INFORMATION implements Structure.ByReference{}" in my interface even it is empty? Is there a reason we have to put it?
Q2 - Why cant we just extend StdCallLibrary not Advapi32 in my interface because in most cases, StdCallLibrary is the correct interface to extend in sub-interfaces?
Q3 - Why cannot Pointer.getValue().getString(0) cover full the string length? ie it only prints out the first character of the string, but Pointer.getValue().getWideString(0) covers the full length. Why is that different between these 2?
Once again, thank you for your help. Much appreciated.
Trevor
croudet
Jul 27, 2017, 10:13:05 AM7/27/17
to Java Native Access
Hi,
Glad you had it working.
I will try to answer yours questions with my limited knowledge of jna.
Glad you had it working.
I will try to answer yours questions with my limited knowledge of jna.
A few questions before we close this:Q1 - Why do we need to put "public static class ByReference extends AUDIT_POLICY_INFORMATION implements Structure.ByReference{}" in my interface even it is empty? Is there a reason we have to put it?
You can remove it. It is not used.
Q2 - Why cant we just extend StdCallLibrary not Advapi32 in my interface because in most cases, StdCallLibrary is the correct interface to extend in sub-interfaces?
Yes you can extends StdCallLibrary. I extended Advapi32 because these methods are part of this lib.
Q3 - Why cannot Pointer.getValue().getString(0) cover full the string length? ie it only prints out the first character of the string, but Pointer.getValue().getWideString(0) covers the full length. Why is that different between these 2?
https://msdn.microsoft.com/en-us/library/windows/desktop/aa375687(v=vs.85).aspx
There are two variants of the function, AuditLookupCategoryNameW (Unicode) and AuditLookupCategoryNameA (ANSI).
When you declare W32APIOptions.DEFAULT_OPTIONS in
There are two variants of the function, AuditLookupCategoryNameW (Unicode) and AuditLookupCategoryNameA (ANSI).
When you declare W32APIOptions.DEFAULT_OPTIONS in
WinAuditPolicy INSTANCE = Native.loadLibrary("advapi32", WinAuditPolicy.class, W32APIOptions.DEFAULT_OPTIONS);
The unicode version is used. You can directly map AuditLookupCategoryNameA if you want or use W32APIOptions.ASCII_OPTIONS
and then you will be able to use Pointer.getString(0).
and then you will be able to use Pointer.getString(0).
Once again, thank you for your help. Much appreciated.Trevor
Christophe
Timothy Wall
Jul 27, 2017, 3:38:42 PM7/27/17
to jna-...@googlegroups.com
On Thu, Jul 27, 2017 at 7:43 AM, Trevor Maggs <tmagg...@gmail.com> wrote:
A few questions before we close this:Q1 - Why do we need to put "public static class ByReference extends AUDIT_POLICY_INFORMATION implements Structure.ByReference{}" in my interface even it is empty? Is there a reason we have to put it?
Usually it's defined for convenience. You need to use that class if you have a `struct *` field within a structure definition, and you need the "ByValue" flavor in order to pass a `struct` (as opposed to `struct *`) as a parameter. If you don't have either of those cases, you don't need the definitions.
One benefit of Structure.ByReference is that JNA can automatically perform memory read/writes instead of having to construct a Structure yourself from a Pointer and then explicitly call read/write yourself.
Trevor Maggs
Jul 28, 2017, 8:08:59 AM7/28/17
to Java Native Access
Many thanks for the answers. I think JNA is a wonderful tool to help solve some complex problems associated with getting information from WinAPI rather than using cumbersome JNI. A few years ago, it was much more difficult without JNA. So that is a good thing.
Just one thing that is bothering me is that since JNA has been around for a couple of years already but I find it is lacking comprehensive tutorials. I bet several people are struggling learning JNA too by looking at limited tutorial resources on the Internet (JNA GitHub is okay but I find it limited) and relying on help from various discussion forums such as this one and Stack Overflow. It would be nice if it can be made available on learning sites such as JavaTutorialPoints, etc. Or perhaps improve documentation on GitHub with plenty of examples? Just a thought.
Once again thank you for your help.
Timothy Wall
Jul 28, 2017, 9:09:41 AM7/28/17
to jna-...@googlegroups.com
Contributions are welcome, or even suggestions for specific tutorials.
Most of the docs were written from the perspective of how to translate C definitions into Java definitions. MS APIs provide a particular challenge since they often have very esoteric or "creative" usage of the C language (e.g. putting a list of pointers to variable-sized structures as well as those structure contents into a single buffer and expecting you to figure it out).
--
Reply all
Reply to author
Forward
0 new messages