ReactOS Development > Doxygen
eventvwr.c
Go to the documentation of this file.
00001 /* 00002 * ReactOS Win32 Applications 00003 * Copyright (C) 2007 ReactOS Team 00004 * 00005 * This program is free software; you can redistribute it and/or modify 00006 * it under the terms of the GNU General Public License as published by 00007 * the Free Software Foundation; either version 2 of the License, or 00008 * (at your option) any later version. 00009 * 00010 * This program is distributed in the hope that it will be useful, 00011 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00012 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00013 * GNU General Public License for more details. 00014 * 00015 * You should have received a copy of the GNU General Public License along 00016 * with this program; if not, write to the Free Software Foundation, Inc., 00017 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 00018 */ 00019 /* 00020 * COPYRIGHT : See COPYING in the top level directory 00021 * PROJECT : Event Log Viewer 00022 * FILE : eventvwr.c 00023 * PROGRAMMER: Marc Piulachs (marc.piulachs at codexchange [dot] net) 00024 */ 00025 00026 #include "eventvwr.h" 00027 #include <windows.h> 00028 #include <commctrl.h> 00029 #include <stdio.h> 00030 #include <time.h> 00031 00032 #if _MSC_VER 00033 #pragma warning(disable: 4996) /* 'strdup' was declared deprecated */ 00034 #define _CRT_SECURE_NO_DEPRECATE /* all deprecated unsafe string functions */ 00035 #endif 00036 00037 static const LPWSTR EVENT_SOURCE_APPLICATION = L"Application"; 00038 static const LPWSTR EVENT_SOURCE_SECURITY = L"Security"; 00039 static const LPWSTR EVENT_SOURCE_SYSTEM = L"System"; 00040 static const WCHAR szWindowClass[] = L"EVENTVWR"; /* the main window class name*/ 00041 00042 //MessageFile message buffer size 00043 #define EVENT_MESSAGE_EVENTTEXT_BUFFER 1024*10 00044 #define EVENT_MESSAGE_FILE_BUFFER 1024*10 00045 #define EVENT_DLL_SEPARATOR L";" 00046 #define EVENT_MESSAGE_FILE L"EventMessageFile" 00047 #define EVENT_CATEGORY_MESSAGE_FILE L"CategoryMessageFile" 00048 #define EVENT_PARAMETER_MESSAGE_FILE L"ParameterMessageFile" 00049 00050 #define MAX_LOADSTRING 255 00051 00052 /* Globals */ 00053 HINSTANCE hInst; /* current instance */ 00054 WCHAR szTitle[MAX_LOADSTRING]; /* The title bar text */ 00055 HWND hwndMainWindow; /* Main window */ 00056 HWND hwndListView; /* ListView control */ 00057 HWND hwndStatus; /* Status bar */ 00058 PEVENTLOGRECORD *g_RecordPtrs = NULL; 00059 DWORD g_TotalRecords = 0; 00060 00061 LPWSTR lpSourceLogName = NULL; 00062 LPWSTR lpComputerName = NULL; 00063 00064 /* Forward declarations of functions included in this code module: */ 00065 ATOM MyRegisterClass(HINSTANCE hInstance); 00066 BOOL InitInstance(HINSTANCE, int); 00067 LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM); 00068 INT_PTR CALLBACK About(HWND, UINT, WPARAM, LPARAM); 00069 INT_PTR CALLBACK EventDetails(HWND, UINT, WPARAM, LPARAM); 00070 static INT_PTR CALLBACK StatusMessageWindowProc (HWND, UINT, WPARAM, LPARAM); 00071 00072 00073 int APIENTRY 00074 wWinMain(HINSTANCE hInstance, 00075 HINSTANCE hPrevInstance, 00076 LPWSTR lpCmdLine, 00077 int nCmdShow) 00078 { 00079 MSG msg; 00080 HACCEL hAccelTable; 00081 INITCOMMONCONTROLSEX iccx; 00082 00083 UNREFERENCED_PARAMETER(hPrevInstance); 00084 UNREFERENCED_PARAMETER(lpCmdLine); 00085 00086 /* Whenever any of the common controls are used in your app, 00087 * you must call InitCommonControlsEx() to register the classes 00088 * for those controls. */ 00089 iccx.dwSize = sizeof(INITCOMMONCONTROLSEX); 00090 iccx.dwICC = ICC_LISTVIEW_CLASSES; 00091 InitCommonControlsEx(&iccx); 00092 00093 /* Initialize global strings */ 00094 LoadStringW(hInstance, IDS_APP_TITLE, szTitle, MAX_LOADSTRING); 00095 MyRegisterClass(hInstance); 00096 00097 /* Perform application initialization: */ 00098 if (!InitInstance(hInstance, nCmdShow)) 00099 { 00100 return FALSE; 00101 } 00102 00103 hAccelTable = LoadAccelerators(hInstance, MAKEINTRESOURCE(IDC_EVENTVWR)); 00104 00105 /* Main message loop: */ 00106 while (GetMessageW(&msg, NULL, 0, 0)) 00107 { 00108 if (!TranslateAcceleratorW(msg.hwnd, hAccelTable, &msg)) 00109 { 00110 TranslateMessage(&msg); 00111 DispatchMessage(&msg); 00112 } 00113 } 00114 00115 return (int)msg.wParam; 00116 } 00117 00118 static void FreeRecords(void) 00119 { 00120 DWORD iIndex; 00121 00122 if (!g_RecordPtrs) 00123 return; 00124 00125 for (iIndex = 0; iIndex < g_TotalRecords; iIndex++) 00126 HeapFree(GetProcessHeap(), 0, g_RecordPtrs[iIndex]); 00127 HeapFree(GetProcessHeap(), 0, g_RecordPtrs); 00128 g_RecordPtrs = NULL; 00129 } 00130 00131 VOID 00132 EventTimeToSystemTime(DWORD EventTime, 00133 SYSTEMTIME *pSystemTime) 00134 { 00135 SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 }; 00136 FILETIME ftLocal; 00137 union 00138 { 00139 FILETIME ft; 00140 ULONGLONG ll; 00141 } u1970, uUCT; 00142 00143 uUCT.ft.dwHighDateTime = 0; 00144 uUCT.ft.dwLowDateTime = EventTime; 00145 SystemTimeToFileTime(&st1970, &u1970.ft); 00146 uUCT.ll = uUCT.ll * 10000000 + u1970.ll; 00147 FileTimeToLocalFileTime(&uUCT.ft, &ftLocal); 00148 FileTimeToSystemTime(&ftLocal, pSystemTime); 00149 } 00150 00151 00152 void 00153 TrimNulls(LPWSTR s) 00154 { 00155 WCHAR *c; 00156 00157 if (s != NULL) 00158 { 00159 c = s + wcslen(s) - 1; 00160 while (c >= s && iswspace(*c)) 00161 --c; 00162 *++c = L'\0'; 00163 } 00164 } 00165 00166 00167 BOOL 00168 GetEventMessageFileDLL(IN LPCWSTR lpLogName, 00169 IN LPCWSTR SourceName, 00170 IN LPCWSTR EntryName, 00171 OUT LPWSTR ExpandedName) 00172 { 00173 DWORD dwSize; 00174 BYTE szModuleName[MAX_PATH]; 00175 WCHAR szKeyName[MAX_PATH]; 00176 HKEY hAppKey = NULL; 00177 HKEY hSourceKey = NULL; 00178 BOOL bReturn = FALSE; 00179 00180 wcscpy(szKeyName, L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\"); 00181 wcscat(szKeyName, lpLogName); 00182 00183 if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, 00184 szKeyName, 00185 0, 00186 KEY_READ, 00187 &hAppKey) == ERROR_SUCCESS) 00188 { 00189 if (RegOpenKeyExW(hAppKey, 00190 SourceName, 00191 0, 00192 KEY_READ, 00193 &hSourceKey) == ERROR_SUCCESS) 00194 { 00195 dwSize = MAX_PATH; 00196 if (RegQueryValueExW(hSourceKey, 00197 EntryName, 00198 NULL, 00199 NULL, 00200 (LPBYTE)szModuleName, 00201 &dwSize) == ERROR_SUCCESS) 00202 { 00203 /* Returns a string containing the requested substituted environment variable. */ 00204 ExpandEnvironmentStringsW((LPCWSTR)szModuleName, ExpandedName, MAX_PATH); 00205 00206 /* Successful */ 00207 bReturn = TRUE; 00208 } 00209 } 00210 } 00211 else 00212 { 00213 MessageBoxW(NULL, 00214 L"Registry access failed!", 00215 L"Event Log", 00216 MB_OK | MB_ICONINFORMATION); 00217 } 00218 00219 if (hSourceKey != NULL) 00220 RegCloseKey(hSourceKey); 00221 00222 if (hAppKey != NULL) 00223 RegCloseKey(hAppKey); 00224 00225 return bReturn; 00226 } 00227 00228 00229 BOOL 00230 GetEventCategory(IN LPCWSTR KeyName, 00231 IN LPCWSTR SourceName, 00232 IN EVENTLOGRECORD *pevlr, 00233 OUT LPWSTR CategoryName) 00234 { 00235 HANDLE hLibrary = NULL; 00236 WCHAR szMessageDLL[MAX_PATH]; 00237 LPVOID lpMsgBuf = NULL; 00238 00239 if (GetEventMessageFileDLL (KeyName, SourceName, EVENT_CATEGORY_MESSAGE_FILE , szMessageDLL)) 00240 { 00241 hLibrary = LoadLibraryExW(szMessageDLL, 00242 NULL, 00243 DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE); 00244 if (hLibrary != NULL) 00245 { 00246 /* Retrieve the message string. */ 00247 if (FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, 00248 hLibrary, 00249 pevlr->EventCategory, 00250 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), 00251 (LPWSTR)&lpMsgBuf, 00252 EVENT_MESSAGE_FILE_BUFFER, 00253 NULL) != 0) 00254 { 00255 if (lpMsgBuf) 00256 { 00257 /* Trim the string */ 00258 TrimNulls((LPWSTR)lpMsgBuf); 00259 00260 /* Copy the category name */ 00261 wcscpy(CategoryName, (LPCWSTR)lpMsgBuf); 00262 } 00263 else 00264 { 00265 wcscpy(CategoryName, (LPCWSTR)lpMsgBuf); 00266 } 00267 } 00268 else 00269 { 00270 LoadStringW(hInst, IDS_NONE, CategoryName, MAX_PATH); 00271 } 00272 00273 if (hLibrary != NULL) 00274 FreeLibrary(hLibrary); 00275 00276 /* Free the buffer allocated by FormatMessage */ 00277 if (lpMsgBuf) 00278 LocalFree(lpMsgBuf); 00279 00280 return TRUE; 00281 } 00282 } 00283 00284 LoadStringW(hInst, IDS_NONE, CategoryName, MAX_PATH); 00285 00286 return FALSE; 00287 } 00288 00289 00290 BOOL 00291 GetEventMessage(IN LPCWSTR KeyName, 00292 IN LPCWSTR SourceName, 00293 IN EVENTLOGRECORD *pevlr, 00294 OUT LPWSTR EventText) 00295 { 00296 DWORD i; 00297 HANDLE hLibrary = NULL; 00298 WCHAR SourceModuleName[1000]; 00299 WCHAR ParameterModuleName[1000]; 00300 LPWSTR lpMsgBuf = NULL; 00301 WCHAR szStringIDNotFound[MAX_LOADSTRING]; 00302 LPWSTR szDll; 00303 LPWSTR szMessage; 00304 LPWSTR *szArguments; 00305 BOOL bDone = FALSE; 00306 00307 /* TODO : GetEventMessageFileDLL can return a comma separated list of DLLs */ 00308 if (GetEventMessageFileDLL (KeyName, SourceName, EVENT_MESSAGE_FILE, SourceModuleName)) 00309 { 00310 /* Get the event message */ 00311 szMessage = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset); 00312 00313 /* Allocate space for parameters */ 00314 szArguments = malloc(sizeof(LPVOID) * pevlr->NumStrings); 00315 if (!szArguments) 00316 { 00317 return FALSE; 00318 } 00319 00320 for (i = 0; i < pevlr->NumStrings ; i++) 00321 { 00322 if (wcsstr(szMessage , L"%%")) 00323 { 00324 if (GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName)) 00325 { 00326 /* Not yet support for reading messages from parameter message DLL */ 00327 } 00328 } 00329 00330 szArguments[i] = szMessage; 00331 szMessage += wcslen(szMessage) + 1; 00332 } 00333 00334 szDll = wcstok(SourceModuleName, EVENT_DLL_SEPARATOR); 00335 while ((szDll != NULL) && (!bDone)) 00336 { 00337 hLibrary = LoadLibraryExW(szDll, 00338 NULL, 00339 DONT_RESOLVE_DLL_REFERENCES | LOAD_LIBRARY_AS_DATAFILE); 00340 if (hLibrary == NULL) 00341 { 00342 /* The DLL could not be loaded try the next one (if any) */ 00343 szDll = wcstok(NULL, EVENT_DLL_SEPARATOR); 00344 } 00345 else 00346 { 00347 /* Retrieve the message string. */ 00348 if (FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM | 00349 FORMAT_MESSAGE_ALLOCATE_BUFFER | 00350 FORMAT_MESSAGE_FROM_HMODULE | 00351 FORMAT_MESSAGE_ARGUMENT_ARRAY, 00352 hLibrary, 00353 pevlr->EventID, 00354 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), 00355 (LPWSTR)&lpMsgBuf, 00356 0, 00357 (va_list*)szArguments) == 0) 00358 { 00359 /* We haven't found the string , get next DLL (if any) */ 00360 szDll = wcstok(NULL, EVENT_DLL_SEPARATOR); 00361 } 00362 else 00363 { 00364 if (lpMsgBuf) 00365 { 00366 /* The ID was found and the message was formated */ 00367 bDone = TRUE; 00368 00369 /* Trim the string */ 00370 TrimNulls((LPWSTR)lpMsgBuf); 00371 00372 /* Copy the event text */ 00373 wcscpy(EventText ,lpMsgBuf); 00374 } 00375 } 00376 00377 FreeLibrary(hLibrary); 00378 } 00379 } 00380 00381 if (!bDone) 00382 { 00383 LoadStringW(hInst, IDS_EVENTSTRINGIDNOTFOUND, szStringIDNotFound, MAX_LOADSTRING); 00384 swprintf(EventText, szStringIDNotFound, (pevlr->EventID & 0xFFFF), SourceName); 00385 } 00386 00387 free(szArguments); 00388 00389 /* No more dlls to try, return result */ 00390 return bDone; 00391 } 00392 00393 LoadStringW(hInst, IDS_EVENTSTRINGIDNOTFOUND, szStringIDNotFound, MAX_LOADSTRING); 00394 swprintf(EventText, szStringIDNotFound, (pevlr->EventID & 0xFFFF), SourceName); 00395 00396 return FALSE; 00397 } 00398 00399 00400 VOID 00401 GetEventType(IN WORD dwEventType, 00402 OUT LPWSTR eventTypeText) 00403 { 00404 switch (dwEventType) 00405 { 00406 case EVENTLOG_ERROR_TYPE: 00407 LoadStringW(hInst, IDS_EVENTLOG_ERROR_TYPE, eventTypeText, MAX_LOADSTRING); 00408 break; 00409 case EVENTLOG_WARNING_TYPE: 00410 LoadStringW(hInst, IDS_EVENTLOG_WARNING_TYPE, eventTypeText, MAX_LOADSTRING); 00411 break; 00412 case EVENTLOG_INFORMATION_TYPE: 00413 LoadStringW(hInst, IDS_EVENTLOG_INFORMATION_TYPE, eventTypeText, MAX_LOADSTRING); 00414 break; 00415 case EVENTLOG_AUDIT_SUCCESS: 00416 LoadStringW(hInst, IDS_EVENTLOG_AUDIT_SUCCESS, eventTypeText, MAX_LOADSTRING); 00417 break; 00418 case EVENTLOG_AUDIT_FAILURE: 00419 LoadStringW(hInst, IDS_EVENTLOG_AUDIT_FAILURE, eventTypeText, MAX_LOADSTRING); 00420 break; 00421 case EVENTLOG_SUCCESS: 00422 LoadStringW(hInst, IDS_EVENTLOG_SUCCESS, eventTypeText, MAX_LOADSTRING); 00423 break; 00424 default: 00425 LoadStringW(hInst, IDS_EVENTLOG_UNKNOWN_TYPE, eventTypeText, MAX_LOADSTRING); 00426 break; 00427 } 00428 } 00429 00430 BOOL 00431 GetEventUserName(EVENTLOGRECORD *pelr, 00432 OUT LPWSTR pszUser) 00433 { 00434 PSID lpSid; 00435 WCHAR szName[1024]; 00436 WCHAR szDomain[1024]; 00437 SID_NAME_USE peUse; 00438 DWORD cbName = 1024; 00439 DWORD cbDomain = 1024; 00440 00441 /* Point to the SID. */ 00442 lpSid = (PSID)((LPBYTE)pelr + pelr->UserSidOffset); 00443 00444 /* User SID */ 00445 if (pelr->UserSidLength > 0) 00446 { 00447 if (LookupAccountSidW(NULL, 00448 lpSid, 00449 szName, 00450 &cbName, 00451 szDomain, 00452 &cbDomain, 00453 &peUse)) 00454 { 00455 wcscpy(pszUser, szName); 00456 return TRUE; 00457 } 00458 } 00459 00460 return FALSE; 00461 } 00462 00463 00464 static DWORD WINAPI 00465 ShowStatusMessageThread(IN LPVOID lpParameter) 00466 { 00467 HWND *phWnd = (HWND *)lpParameter; 00468 HWND hWnd; 00469 MSG Msg; 00470 00471 hWnd = CreateDialogParam(hInst, 00472 MAKEINTRESOURCE(IDD_PROGRESSBOX), 00473 GetDesktopWindow(), 00474 StatusMessageWindowProc, 00475 (LPARAM)NULL); 00476 if (!hWnd) 00477 return 0; 00478 00479 *phWnd = hWnd; 00480 00481 ShowWindow(hWnd, SW_SHOW); 00482 00483 /* Message loop for the Status window */ 00484 while (GetMessage(&Msg, NULL, 0, 0)) 00485 { 00486 TranslateMessage(&Msg); 00487 DispatchMessage(&Msg); 00488 } 00489 00490 return 0; 00491 } 00492 00493 00494 BOOL 00495 QueryEventMessages(LPWSTR lpMachineName, 00496 LPWSTR lpLogName) 00497 { 00498 HWND hwndDlg; 00499 HANDLE hEventLog; 00500 EVENTLOGRECORD *pevlr; 00501 DWORD dwRead, dwNeeded, dwThisRecord, dwTotalRecords = 0, dwCurrentRecord = 0, dwRecordsToRead = 0, dwFlags, dwMaxLength; 00502 LPWSTR lpSourceName; 00503 LPWSTR lpComputerName; 00504 LPSTR lpData; 00505 BOOL bResult = TRUE; /* Read succeeded. */ 00506 int i; 00507 00508 WCHAR szWindowTitle[MAX_PATH]; 00509 WCHAR szStatusText[MAX_PATH]; 00510 WCHAR szLocalDate[MAX_PATH]; 00511 WCHAR szLocalTime[MAX_PATH]; 00512 WCHAR szEventID[MAX_PATH]; 00513 WCHAR szEventTypeText[MAX_PATH]; 00514 WCHAR szCategoryID[MAX_PATH]; 00515 WCHAR szUsername[MAX_PATH]; 00516 WCHAR szEventText[EVENT_MESSAGE_FILE_BUFFER]; 00517 WCHAR szCategory[MAX_PATH]; 00518 WCHAR szData[MAX_PATH]; 00519 00520 SYSTEMTIME time; 00521 LVITEMW lviEventItem; 00522 00523 dwFlags = EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ; 00524 00525 lpSourceLogName = lpLogName; 00526 lpComputerName = lpMachineName; 00527 00528 /* Open the event log. */ 00529 hEventLog = OpenEventLogW(lpMachineName, 00530 lpLogName); 00531 if (hEventLog == NULL) 00532 { 00533 MessageBoxW(NULL, 00534 L"Could not open the event log.", 00535 L"Event Log", 00536 MB_OK | MB_ICONINFORMATION); 00537 return FALSE; 00538 } 00539 00540 /* Disable listview redraw */ 00541 SendMessage(hwndListView, WM_SETREDRAW, FALSE, 0); 00542 00543 /* Clear the list view */ 00544 (void)ListView_DeleteAllItems (hwndListView); 00545 FreeRecords(); 00546 00547 GetOldestEventLogRecord(hEventLog, &dwThisRecord); 00548 00549 /* Get the total number of event log records. */ 00550 GetNumberOfEventLogRecords (hEventLog , &dwTotalRecords); 00551 g_TotalRecords = dwTotalRecords; 00552 00553 g_RecordPtrs = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(PVOID)); 00554 00555 /* If we have at least 1000 records show the waiting dialog */ 00556 if (dwTotalRecords > 1000) 00557 { 00558 CloseHandle(CreateThread(NULL, 00559 0, 00560 ShowStatusMessageThread, 00561 (LPVOID)&hwndDlg, 00562 0, 00563 NULL)); 00564 } 00565 00566 while (dwCurrentRecord < dwTotalRecords) 00567 { 00568 pevlr = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD) * dwTotalRecords); 00569 g_RecordPtrs[dwCurrentRecord] = pevlr; 00570 00571 bResult = ReadEventLog(hEventLog, // Event log handle 00572 dwFlags, // Sequential read 00573 0, // Ignored for sequential read 00574 pevlr, // Pointer to buffer 00575 sizeof(EVENTLOGRECORD), // Size of buffer 00576 &dwRead, // Number of bytes read 00577 &dwNeeded); // Bytes in the next record 00578 if((!bResult) && (GetLastError () == ERROR_INSUFFICIENT_BUFFER)) 00579 { 00580 HeapFree(GetProcessHeap(), 0, pevlr); 00581 pevlr = HeapAlloc(GetProcessHeap(), 0, dwNeeded); 00582 g_RecordPtrs[dwCurrentRecord] = pevlr; 00583 00584 ReadEventLogW(hEventLog, // event log handle 00585 dwFlags, // read flags 00586 0, // offset; default is 0 00587 pevlr, // pointer to buffer 00588 dwNeeded, // size of buffer 00589 &dwRead, // number of bytes read 00590 &dwNeeded); // bytes in next record 00591 } 00592 00593 while (dwRead > 0) 00594 { 00595 LoadStringW(hInst, IDS_NOT_AVAILABLE, szUsername, MAX_PATH); 00596 LoadStringW(hInst, IDS_NOT_AVAILABLE, szEventText, MAX_PATH); 00597 LoadStringW(hInst, IDS_NONE, szCategory, MAX_PATH); 00598 00599 // Get the event source name. 00600 lpSourceName = (LPWSTR)((LPBYTE)pevlr + sizeof(EVENTLOGRECORD)); 00601 00602 // Get the computer name 00603 lpComputerName = (LPWSTR)((LPBYTE)pevlr + sizeof(EVENTLOGRECORD) + (wcslen(lpSourceName) + 1) * sizeof(WCHAR)); 00604 00605 // This ist the data section of the current event 00606 lpData = (LPSTR)((LPBYTE)pevlr + pevlr->DataOffset); 00607 00608 // Compute the event type 00609 EventTimeToSystemTime(pevlr->TimeWritten, &time); 00610 00611 // Get the username that generated the event 00612 GetEventUserName(pevlr, szUsername); 00613 00614 GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, MAX_PATH); 00615 GetTimeFormatW(LOCALE_USER_DEFAULT, TIME_NOSECONDS, &time, NULL, szLocalTime, MAX_PATH); 00616 00617 GetEventType(pevlr->EventType, szEventTypeText); 00618 GetEventCategory(lpLogName, lpSourceName, pevlr, szCategory); 00619 00620 swprintf(szEventID, L"%u", (pevlr->EventID & 0xFFFF)); 00621 swprintf(szCategoryID, L"%u", pevlr->EventCategory); 00622 00623 lviEventItem.mask = LVIF_IMAGE | LVIF_TEXT | LVIF_PARAM; 00624 lviEventItem.iItem = 0; 00625 lviEventItem.iSubItem = 0; 00626 lviEventItem.lParam = (LPARAM)pevlr; 00627 lviEventItem.pszText = szEventTypeText; 00628 00629 switch (pevlr->EventType) 00630 { 00631 case EVENTLOG_ERROR_TYPE: 00632 lviEventItem.iImage = 2; 00633 break; 00634 00635 case EVENTLOG_AUDIT_FAILURE: 00636 lviEventItem.iImage = 2; 00637 break; 00638 00639 case EVENTLOG_WARNING_TYPE: 00640 lviEventItem.iImage = 1; 00641 break; 00642 00643 case EVENTLOG_INFORMATION_TYPE: 00644 lviEventItem.iImage = 0; 00645 break; 00646 00647 case EVENTLOG_AUDIT_SUCCESS: 00648 lviEventItem.iImage = 0; 00649 break; 00650 00651 case EVENTLOG_SUCCESS: 00652 lviEventItem.iImage = 0; 00653 break; 00654 } 00655 00656 lviEventItem.iItem = ListView_InsertItem(hwndListView, &lviEventItem); 00657 00658 ListView_SetItemText(hwndListView, lviEventItem.iItem, 1, szLocalDate); 00659 ListView_SetItemText(hwndListView, lviEventItem.iItem, 2, szLocalTime); 00660 ListView_SetItemText(hwndListView, lviEventItem.iItem, 3, lpSourceName); 00661 ListView_SetItemText(hwndListView, lviEventItem.iItem, 4, szCategory); 00662 ListView_SetItemText(hwndListView, lviEventItem.iItem, 5, szEventID); 00663 ListView_SetItemText(hwndListView, lviEventItem.iItem, 6, szUsername); //User 00664 ListView_SetItemText(hwndListView, lviEventItem.iItem, 7, lpComputerName); //Computer 00665 MultiByteToWideChar(CP_ACP, 00666 0, 00667 lpData, 00668 pevlr->DataLength, 00669 szData, 00670 MAX_PATH); 00671 ListView_SetItemText(hwndListView, lviEventItem.iItem, 8, szData); //Event Text 00672 00673 dwRead -= pevlr->Length; 00674 pevlr = (EVENTLOGRECORD *)((LPBYTE) pevlr + pevlr->Length); 00675 } 00676 00677 dwRecordsToRead--; 00678 dwCurrentRecord++; 00679 } 00680 00681 // All events loaded 00682 EndDialog(hwndDlg, 0); 00683 00684 00685 i = swprintf(szWindowTitle, L"%s - %s Log on \\\\", szTitle, lpLogName); /* i = number of characters written */ 00686 /* lpComputerName can be NULL here if no records was read */ 00687 dwMaxLength = sizeof(szWindowTitle) / sizeof(WCHAR) - i; 00688 if(!lpComputerName) 00689 GetComputerNameW(szWindowTitle+i, &dwMaxLength); 00690 else 00691 _snwprintf(szWindowTitle+i, dwMaxLength, L"%s", lpComputerName); 00692 00693 swprintf(szStatusText, L"%s has %d event(s)", lpLogName, dwTotalRecords); 00694 00695 // Update the status bar 00696 SendMessageW(hwndStatus, SB_SETTEXT, (WPARAM)0, (LPARAM)szStatusText); 00697 00698 // Set the window title 00699 SetWindowTextW(hwndMainWindow, szWindowTitle); 00700 00701 // Resume list view redraw 00702 SendMessageW(hwndListView, WM_SETREDRAW, TRUE, 0); 00703 00704 // Close the event log. 00705 CloseEventLog(hEventLog); 00706 00707 return TRUE; 00708 } 00709 00710 00711 VOID 00712 Refresh(VOID) 00713 { 00714 QueryEventMessages(lpComputerName, 00715 lpSourceLogName); 00716 } 00717 00718 00719 // 00720 // FUNCTION: MyRegisterClass() 00721 // 00722 // PURPOSE: Registers the window class. 00723 // 00724 // COMMENTS: 00725 // 00726 // This function and its usage are only necessary if you want this code 00727 // to be compatible with Win32 systems prior to the 'RegisterClassEx' 00728 // function that was added to Windows 95. It is important to call this function 00729 // so that the application will get 'well formed' small icons associated 00730 // with it. 00731 // 00732 ATOM 00733 MyRegisterClass(HINSTANCE hInstance) 00734 { 00735 WNDCLASSEXW wcex; 00736 00737 wcex.cbSize = sizeof(WNDCLASSEX); 00738 00739 wcex.style = 0; 00740 wcex.lpfnWndProc = WndProc; 00741 wcex.cbClsExtra = 0; 00742 wcex.cbWndExtra = 0; 00743 wcex.hInstance = hInstance; 00744 wcex.hIcon = LoadIcon(hInstance, MAKEINTRESOURCE(IDI_EVENTVWR)); 00745 wcex.hCursor = LoadCursor(NULL, IDC_ARROW); 00746 wcex.hbrBackground = (HBRUSH)(COLOR_WINDOW + 1); 00747 wcex.lpszMenuName = MAKEINTRESOURCE(IDC_EVENTVWR); 00748 wcex.lpszClassName = szWindowClass; 00749 wcex.hIconSm = LoadIcon(wcex.hInstance, MAKEINTRESOURCE(IDI_SMALL)); 00750 00751 return RegisterClassExW(&wcex); 00752 } 00753 00754 00755 // 00756 // FUNCTION: InitInstance(HINSTANCE, int) 00757 // 00758 // PURPOSE: Saves instance handle and creates main window 00759 // 00760 // COMMENTS: 00761 // 00762 // In this function, we save the instance handle in a global variable and 00763 // create and display the main program window. 00764 // 00765 BOOL 00766 InitInstance(HINSTANCE hInstance, 00767 int nCmdShow) 00768 { 00769 HIMAGELIST hSmall; 00770 LVCOLUMNW lvc = {0}; 00771 WCHAR szTemp[256]; 00772 00773 hInst = hInstance; // Store instance handle in our global variable 00774 00775 hwndMainWindow = CreateWindowW(szWindowClass, 00776 szTitle, 00777 WS_OVERLAPPEDWINDOW | WS_CLIPCHILDREN, 00778 CW_USEDEFAULT, 0, CW_USEDEFAULT, 0, 00779 NULL, 00780 NULL, 00781 hInstance, 00782 NULL); 00783 if (!hwndMainWindow) 00784 { 00785 return FALSE; 00786 } 00787 00788 hwndStatus = CreateWindowExW(0, // no extended styles 00789 STATUSCLASSNAMEW, // status bar 00790 L"Done.", // no text 00791 WS_CHILD | WS_BORDER | WS_VISIBLE, // styles 00792 0, 0, 0, 0, // x, y, cx, cy 00793 hwndMainWindow, // parent window 00794 (HMENU)100, // window ID 00795 hInstance, // instance 00796 NULL); // window data 00797 00798 // Create our listview child window. Note that I use WS_EX_CLIENTEDGE 00799 // and WS_BORDER to create the normal "sunken" look. Also note that 00800 // LVS_EX_ styles cannot be set in CreateWindowEx(). 00801 hwndListView = CreateWindowExW(WS_EX_CLIENTEDGE, 00802 WC_LISTVIEWW, 00803 L"", 00804 LVS_SHOWSELALWAYS | WS_CHILD | WS_VISIBLE | LVS_REPORT, 00805 0, 00806 0, 00807 243, 00808 200, 00809 hwndMainWindow, 00810 NULL, 00811 hInstance, 00812 NULL); 00813 00814 // After the ListView is created, we can add extended list view styles. 00815 (void)ListView_SetExtendedListViewStyle (hwndListView, LVS_EX_FULLROWSELECT); 00816 00817 // Create the ImageList 00818 hSmall = ImageList_Create(GetSystemMetrics(SM_CXSMICON), 00819 GetSystemMetrics(SM_CYSMICON), 00820 ILC_MASK, 00821 1, 00822 1); 00823 00824 // Add event type icons to ImageList 00825 ImageList_AddIcon (hSmall, LoadIcon(hInstance, MAKEINTRESOURCE(IDI_INFORMATIONICON))); 00826 ImageList_AddIcon (hSmall, LoadIcon(hInstance, MAKEINTRESOURCE(IDI_WARNINGICON))); 00827 ImageList_AddIcon (hSmall, LoadIcon(hInstance, MAKEINTRESOURCE(IDI_ERRORICON))); 00828 00829 // Assign ImageList to List View 00830 (void)ListView_SetImageList (hwndListView, hSmall, LVSIL_SMALL); 00831 00832 // Now set up the listview with its columns. 00833 lvc.mask = LVCF_TEXT | LVCF_WIDTH; 00834 lvc.cx = 90; 00835 LoadStringW(hInstance, 00836 IDS_COLUMNTYPE, 00837 szTemp, 00838 sizeof(szTemp) / sizeof(WCHAR)); 00839 lvc.pszText = szTemp; 00840 (void)ListView_InsertColumn(hwndListView, 0, &lvc); 00841 00842 lvc.cx = 70; 00843 LoadStringW(hInstance, 00844 IDS_COLUMNDATE, 00845 szTemp, 00846 sizeof(szTemp) / sizeof(WCHAR)); 00847 lvc.pszText = szTemp; 00848 (void)ListView_InsertColumn(hwndListView, 1, &lvc); 00849 00850 lvc.cx = 70; 00851 LoadStringW(hInstance, 00852 IDS_COLUMNTIME, 00853 szTemp, 00854 sizeof(szTemp) / sizeof(WCHAR)); 00855 lvc.pszText = szTemp; 00856 (void)ListView_InsertColumn(hwndListView, 2, &lvc); 00857 00858 lvc.cx = 150; 00859 LoadStringW(hInstance, 00860 IDS_COLUMNSOURCE, 00861 szTemp, 00862 sizeof(szTemp) / sizeof(WCHAR)); 00863 lvc.pszText = szTemp; 00864 (void)ListView_InsertColumn(hwndListView, 3, &lvc); 00865 00866 lvc.cx = 100; 00867 LoadStringW(hInstance, 00868 IDS_COLUMNCATEGORY, 00869 szTemp, 00870 sizeof(szTemp) / sizeof(WCHAR)); 00871 lvc.pszText = szTemp; 00872 (void)ListView_InsertColumn(hwndListView, 4, &lvc); 00873 00874 lvc.cx = 60; 00875 LoadStringW(hInstance, 00876 IDS_COLUMNEVENT, 00877 szTemp, 00878 sizeof(szTemp) / sizeof(WCHAR)); 00879 lvc.pszText = szTemp; 00880 (void)ListView_InsertColumn(hwndListView, 5, &lvc); 00881 00882 lvc.cx = 120; 00883 LoadStringW(hInstance, 00884 IDS_COLUMNUSER, 00885 szTemp, 00886 sizeof(szTemp) / sizeof(WCHAR)); 00887 lvc.pszText = szTemp; 00888 (void)ListView_InsertColumn(hwndListView, 6, &lvc); 00889 00890 lvc.cx = 100; 00891 LoadStringW(hInstance, 00892 IDS_COLUMNCOMPUTER, 00893 szTemp, 00894 sizeof(szTemp) / sizeof(WCHAR)); 00895 lvc.pszText = szTemp; 00896 (void)ListView_InsertColumn(hwndListView, 7, &lvc); 00897 00898 lvc.cx = 0; 00899 LoadStringW(hInstance, 00900 IDS_COLUMNEVENTDATA, 00901 szTemp, 00902 sizeof(szTemp) / sizeof(WCHAR)); 00903 lvc.pszText = szTemp; 00904 (void)ListView_InsertColumn(hwndListView, 8, &lvc); 00905 00906 ShowWindow(hwndMainWindow, nCmdShow); 00907 UpdateWindow(hwndMainWindow); 00908 00909 QueryEventMessages(lpComputerName, // Use the local computer. 00910 EVENT_SOURCE_APPLICATION); // The event log category 00911 00912 return TRUE; 00913 } 00914 00915 00916 // 00917 // FUNCTION: WndProc(HWND, UINT, WPARAM, LPARAM) 00918 // 00919 // PURPOSE: Processes messages for the main window. 00920 // 00921 // WM_COMMAND - process the application menu 00922 // WM_PAINT - Paint the main window 00923 // WM_DESTROY - post a quit message and return 00924 // 00925 // 00926 LRESULT CALLBACK 00927 WndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) 00928 { 00929 RECT rect; 00930 NMHDR *hdr; 00931 00932 switch (message) 00933 { 00934 case WM_CREATE: 00935 CheckMenuRadioItem(GetMenu(hWnd), 00936 ID_LOG_APPLICATION, 00937 ID_LOG_SYSTEM, 00938 ID_LOG_APPLICATION, 00939 MF_BYCOMMAND); 00940 break; 00941 00942 case WM_NOTIFY: 00943 switch (((LPNMHDR)lParam)->code) 00944 { 00945 case NM_DBLCLK : 00946 hdr = (NMHDR FAR*)lParam; 00947 if (hdr->hwndFrom == hwndListView) 00948 { 00949 LPNMITEMACTIVATE lpnmitem = (LPNMITEMACTIVATE)lParam; 00950 00951 if (lpnmitem->iItem != -1) 00952 { 00953 DialogBox(hInst, 00954 MAKEINTRESOURCE(IDD_EVENTDETAILDIALOG), 00955 hWnd, 00956 EventDetails); 00957 } 00958 } 00959 break; 00960 } 00961 break; 00962 00963 case WM_COMMAND: 00964 // Parse the menu selections: 00965 switch (LOWORD(wParam)) 00966 { 00967 case ID_LOG_APPLICATION: 00968 if (QueryEventMessages(lpComputerName, // Use the local computer. 00969 EVENT_SOURCE_APPLICATION)) // The event log category 00970 { 00971 CheckMenuRadioItem(GetMenu(hWnd), 00972 ID_LOG_APPLICATION, 00973 ID_LOG_SYSTEM, 00974 ID_LOG_APPLICATION, 00975 MF_BYCOMMAND); 00976 } 00977 break; 00978 00979 case ID_LOG_SECURITY: 00980 if (QueryEventMessages(lpComputerName, // Use the local computer. 00981 EVENT_SOURCE_SECURITY)) // The event log category 00982 { 00983 CheckMenuRadioItem(GetMenu(hWnd), 00984 ID_LOG_APPLICATION, 00985 ID_LOG_SYSTEM, 00986 ID_LOG_SECURITY, 00987 MF_BYCOMMAND); 00988 } 00989 break; 00990 00991 case ID_LOG_SYSTEM: 00992 if (QueryEventMessages(lpComputerName, // Use the local computer. 00993 EVENT_SOURCE_SYSTEM)) // The event log category 00994 { 00995 CheckMenuRadioItem(GetMenu(hWnd), 00996 ID_LOG_APPLICATION, 00997 ID_LOG_SYSTEM, 00998 ID_LOG_SYSTEM, 00999 MF_BYCOMMAND); 01000 } 01001 break; 01002 01003 case IDM_REFRESH: 01004 Refresh(); 01005 break; 01006 01007 case IDM_ABOUT: 01008 DialogBox(hInst, MAKEINTRESOURCE(IDD_ABOUTBOX), hWnd, About); 01009 break; 01010 01011 case IDM_HELP: 01012 MessageBoxW(NULL, 01013 L"Help not implemented yet!", 01014 L"Event Log", 01015 MB_OK | MB_ICONINFORMATION); 01016 break; 01017 01018 case IDM_EXIT: 01019 DestroyWindow(hWnd); 01020 break; 01021 01022 default: 01023 return DefWindowProc(hWnd, message, wParam, lParam); 01024 } 01025 break; 01026 01027 case WM_SIZE: 01028 { 01029 // Gets the window rectangle 01030 GetClientRect(hWnd, &rect); 01031 01032 // Relocate the listview 01033 MoveWindow(hwndListView, 01034 0, 01035 0, 01036 rect.right, 01037 rect.bottom - 20, 01038 1); 01039 01040 // Resize the statusbar; 01041 SendMessage(hwndStatus, message, wParam, lParam); 01042 } 01043 break; 01044 case WM_DESTROY: 01045 FreeRecords(); 01046 PostQuitMessage(0); 01047 break; 01048 01049 default: 01050 return DefWindowProc(hWnd, message, wParam, lParam); 01051 } 01052 01053 return 0; 01054 } 01055 01056 01057 // Message handler for about box. 01058 INT_PTR CALLBACK 01059 About(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) 01060 { 01061 UNREFERENCED_PARAMETER(lParam); 01062 switch (message) 01063 { 01064 case WM_INITDIALOG: 01065 { 01066 return (INT_PTR)TRUE; 01067 } 01068 01069 case WM_COMMAND: 01070 if (LOWORD(wParam) == IDOK || LOWORD(wParam) == IDCANCEL) 01071 { 01072 EndDialog(hDlg, LOWORD(wParam)); 01073 return (INT_PTR)TRUE; 01074 } 01075 break; 01076 } 01077 01078 return (INT_PTR)FALSE; 01079 } 01080 01081 VOID 01082 DisplayEvent(HWND hDlg) 01083 { 01084 WCHAR szEventType[MAX_PATH]; 01085 WCHAR szTime[MAX_PATH]; 01086 WCHAR szDate[MAX_PATH]; 01087 WCHAR szUser[MAX_PATH]; 01088 WCHAR szComputer[MAX_PATH]; 01089 WCHAR szSource[MAX_PATH]; 01090 WCHAR szCategory[MAX_PATH]; 01091 WCHAR szEventID[MAX_PATH]; 01092 WCHAR szEventText[EVENT_MESSAGE_EVENTTEXT_BUFFER]; 01093 WCHAR szEventData[MAX_PATH]; 01094 BOOL bEventData = FALSE; 01095 LVITEMW li; 01096 EVENTLOGRECORD* pevlr; 01097 int iIndex; 01098 01099 // Get index of selected item 01100 iIndex = (int)SendMessage (hwndListView, LVM_GETNEXTITEM, -1, LVNI_SELECTED | LVNI_FOCUSED); 01101 01102 li.mask = LVIF_PARAM; 01103 li.iItem = iIndex; 01104 li.iSubItem = 0; 01105 01106 (void)ListView_GetItem(hwndListView, &li); 01107 01108 pevlr = (EVENTLOGRECORD*)li.lParam; 01109 01110 if (iIndex != -1) 01111 { 01112 ListView_GetItemText(hwndListView, iIndex, 0, szEventType, sizeof(szEventType) * sizeof(WCHAR)); 01113 ListView_GetItemText(hwndListView, iIndex, 1, szDate, sizeof(szDate) * sizeof(WCHAR)); 01114 ListView_GetItemText(hwndListView, iIndex, 2, szTime, sizeof(szTime) * sizeof(WCHAR)); 01115 ListView_GetItemText(hwndListView, iIndex, 3, szSource, sizeof(szSource) * sizeof(WCHAR)); 01116 ListView_GetItemText(hwndListView, iIndex, 4, szCategory, sizeof(szCategory) * sizeof(WCHAR)); 01117 ListView_GetItemText(hwndListView, iIndex, 5, szEventID, sizeof(szEventID) * sizeof(WCHAR)); 01118 ListView_GetItemText(hwndListView, iIndex, 6, szUser, sizeof(szUser) * sizeof(WCHAR)); 01119 ListView_GetItemText(hwndListView, iIndex, 7, szComputer, sizeof(szComputer) * sizeof(WCHAR)); 01120 01121 bEventData = !(pevlr->DataLength == 0); 01122 01123 if (pevlr->DataLength > 0) 01124 { 01125 MultiByteToWideChar(CP_ACP, 01126 0, 01127 (LPCSTR)((LPBYTE)pevlr + pevlr->DataOffset), 01128 pevlr->DataLength, 01129 szEventData, 01130 MAX_PATH); 01131 } 01132 01133 GetEventMessage(lpSourceLogName, szSource, pevlr, szEventText); 01134 01135 EnableWindow(GetDlgItem(hDlg, IDC_BYTESRADIO), bEventData); 01136 EnableWindow(GetDlgItem(hDlg, IDC_WORDRADIO), bEventData); 01137 01138 SetDlgItemTextW(hDlg, IDC_EVENTDATESTATIC, szDate); 01139 SetDlgItemTextW(hDlg, IDC_EVENTTIMESTATIC, szTime); 01140 01141 SetDlgItemTextW(hDlg, IDC_EVENTUSERSTATIC, szUser); 01142 SetDlgItemTextW(hDlg, IDC_EVENTSOURCESTATIC, szSource); 01143 SetDlgItemTextW(hDlg, IDC_EVENTCOMPUTERSTATIC, szComputer); 01144 SetDlgItemTextW(hDlg, IDC_EVENTCATEGORYSTATIC, szCategory); 01145 SetDlgItemTextW(hDlg, IDC_EVENTIDSTATIC, szEventID); 01146 SetDlgItemTextW(hDlg, IDC_EVENTTYPESTATIC, szEventType); 01147 SetDlgItemTextW(hDlg, IDC_EVENTTEXTEDIT, szEventText); 01148 SetDlgItemTextW(hDlg, IDC_EVENTDATAEDIT, szEventData); 01149 } 01150 else 01151 { 01152 MessageBoxW(NULL, 01153 L"No Items in ListView", 01154 L"Error", 01155 MB_OK | MB_ICONINFORMATION); 01156 } 01157 } 01158 01159 01160 static 01161 INT_PTR CALLBACK 01162 StatusMessageWindowProc(IN HWND hwndDlg, 01163 IN UINT uMsg, 01164 IN WPARAM wParam, 01165 IN LPARAM lParam) 01166 { 01167 UNREFERENCED_PARAMETER(wParam); 01168 01169 switch (uMsg) 01170 { 01171 case WM_INITDIALOG: 01172 { 01173 return TRUE; 01174 } 01175 } 01176 return FALSE; 01177 } 01178 01179 01180 // Message handler for event details box. 01181 INT_PTR CALLBACK 01182 EventDetails(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) 01183 { 01184 UNREFERENCED_PARAMETER(lParam); 01185 01186 switch (message) 01187 { 01188 case WM_INITDIALOG: 01189 // Show event info on dialog box 01190 DisplayEvent(hDlg); 01191 return (INT_PTR)TRUE; 01192 01193 case WM_COMMAND: 01194 switch (LOWORD(wParam)) 01195 { 01196 case IDOK: 01197 case IDCANCEL: 01198 EndDialog(hDlg, LOWORD(wParam)); 01199 return (INT_PTR)TRUE; 01200 01201 case IDPREVIOUS: 01202 SendMessage(hwndListView, WM_KEYDOWN, VK_UP, 0); 01203 01204 // Show event info on dialog box 01205 DisplayEvent(hDlg); 01206 return (INT_PTR)TRUE; 01207 01208 case IDNEXT: 01209 SendMessage(hwndListView, WM_KEYDOWN, VK_DOWN, 0); 01210 01211 // Show event info on dialog box 01212 DisplayEvent(hDlg); 01213 return (INT_PTR)TRUE; 01214 01215 case IDC_BYTESRADIO: 01216 return (INT_PTR)TRUE; 01217 01218 case IDC_WORDRADIO: 01219 return (INT_PTR)TRUE; 01220 01221 case IDHELP: 01222 MessageBoxW(NULL, 01223 L"Help not implemented yet!", 01224 L"Event Log", 01225 MB_OK | MB_ICONINFORMATION); 01226 return (INT_PTR)TRUE; 01227 01228 default: 01229 break; 01230 } 01231 break; 01232 } 01233 01234 return (INT_PTR)FALSE; 01235 }
Generated on Sat May 26 2012 04:15:52 for ReactOS by
1.7.6.1
