ReactOS 0.4.15-dev-7961-gdcf9eb0
Macros | Functions | Variables
eventlog.c File Reference
#include "eventlog.h"
#include <stdio.h>
#include <netevent.h>
#include <debug.h>
Include dependency graph for eventlog.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

static VOID CALLBACK ServiceMain (DWORD, LPWSTR *)
 
static VOID UpdateServiceStatus (DWORD dwState)
 
static DWORD WINAPI ServiceControlHandler (DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
 
static DWORD ServiceInit (VOID)
 
static VOID ReportProductInfoEvent (VOID)
 
static PLOGFILE LoadLogFile (HKEY hKey, PWSTR LogName)
 
static BOOL LoadLogFiles (HKEY eventlogKey)
 
int wmain (int argc, WCHAR *argv[])
 
VOID PRINT_RECORD (PEVENTLOGRECORD pRec)
 

Variables

static WCHAR ServiceName [] = L"EventLog"
 
static SERVICE_TABLE_ENTRYW ServiceTable [2]
 
SERVICE_STATUS ServiceStatus
 
SERVICE_STATUS_HANDLE ServiceStatusHandle
 
BOOL onLiveCD = FALSE
 
PEVENTSOURCE EventLogSource = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 17 of file eventlog.c.

Function Documentation

◆ LoadLogFile()

static PLOGFILE LoadLogFile ( HKEY  hKey,
PWSTR  LogName 
)
static

Definition at line 281 of file eventlog.c.

282{
283 DWORD MaxValueLen, ValueLen, Type, ExpandedLen;
284 PWSTR Buf = NULL, Expanded = NULL;
285 LONG Result;
286 PLOGFILE pLogf = NULL;
287 UNICODE_STRING FileName;
288 ULONG ulMaxSize, ulRetention;
289 NTSTATUS Status;
290
291 DPRINT("LoadLogFile: `%S'\n", LogName);
292
293 Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, NULL, NULL, NULL,
294 NULL, NULL, &MaxValueLen, NULL, NULL);
295 if (Result != ERROR_SUCCESS)
296 {
297 DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
298 return NULL;
299 }
300
301 MaxValueLen = ROUND_DOWN(MaxValueLen, sizeof(WCHAR));
302 Buf = HeapAlloc(GetProcessHeap(), 0, MaxValueLen);
303 if (!Buf)
304 {
305 DPRINT1("Cannot allocate heap!\n");
306 return NULL;
307 }
308
309 ValueLen = MaxValueLen;
310 Result = RegQueryValueExW(hKey,
311 L"File",
312 NULL,
313 &Type,
314 (LPBYTE)Buf,
315 &ValueLen);
316 /*
317 * If we failed, because the registry value was inexistent
318 * or the value type was incorrect, create a new "File" value
319 * that holds the default event log path.
320 */
321 if ((Result != ERROR_SUCCESS) || (Type != REG_EXPAND_SZ && Type != REG_SZ))
322 {
323 MaxValueLen = (wcslen(L"%SystemRoot%\\System32\\Config\\") +
324 wcslen(LogName) + wcslen(L".evt") + 1) * sizeof(WCHAR);
325
326 Expanded = HeapReAlloc(GetProcessHeap(), 0, Buf, MaxValueLen);
327 if (!Expanded)
328 {
329 DPRINT1("Cannot reallocate heap!\n");
330 HeapFree(GetProcessHeap(), 0, Buf);
331 return NULL;
332 }
333 Buf = Expanded;
334
335 StringCbCopyW(Buf, MaxValueLen, L"%SystemRoot%\\System32\\Config\\");
336 StringCbCatW(Buf, MaxValueLen, LogName);
337 StringCbCatW(Buf, MaxValueLen, L".evt");
338
339 ValueLen = MaxValueLen;
340 Result = RegSetValueExW(hKey,
341 L"File",
342 0,
343 REG_EXPAND_SZ,
344 (LPBYTE)Buf,
345 ValueLen);
346 if (Result != ERROR_SUCCESS)
347 {
348 DPRINT1("RegSetValueExW failed: %lu\n", Result);
349 HeapFree(GetProcessHeap(), 0, Buf);
350 return NULL;
351 }
352 }
353
354 ExpandedLen = ExpandEnvironmentStringsW(Buf, NULL, 0);
355 Expanded = HeapAlloc(GetProcessHeap(), 0, ExpandedLen * sizeof(WCHAR));
356 if (!Expanded)
357 {
358 DPRINT1("Cannot allocate heap!\n");
359 HeapFree(GetProcessHeap(), 0, Buf);
360 return NULL;
361 }
362
363 ExpandEnvironmentStringsW(Buf, Expanded, ExpandedLen);
364
365 if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName, NULL, NULL))
366 {
367 DPRINT1("Cannot convert path!\n");
368 HeapFree(GetProcessHeap(), 0, Expanded);
369 HeapFree(GetProcessHeap(), 0, Buf);
370 return NULL;
371 }
372
373 DPRINT("%S -> %S\n", Buf, Expanded);
374
375 ValueLen = sizeof(ulMaxSize);
376 Result = RegQueryValueExW(hKey,
377 L"MaxSize",
378 NULL,
379 &Type,
380 (LPBYTE)&ulMaxSize,
381 &ValueLen);
382 if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
383 {
384 ulMaxSize = 512 * 1024; /* 512 kBytes */
385
386 Result = RegSetValueExW(hKey,
387 L"MaxSize",
388 0,
389 REG_DWORD,
390 (LPBYTE)&ulMaxSize,
391 sizeof(ulMaxSize));
392 }
393
394 ValueLen = sizeof(ulRetention);
395 Result = RegQueryValueExW(hKey,
396 L"Retention",
397 NULL,
398 &Type,
399 (LPBYTE)&ulRetention,
400 &ValueLen);
401 if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
402 {
403 /* On Windows 2003 it is 604800 (secs) == 7 days */
404 ulRetention = 0;
405
406 Result = RegSetValueExW(hKey,
407 L"Retention",
408 0,
409 REG_DWORD,
410 (LPBYTE)&ulRetention,
411 sizeof(ulRetention));
412 }
413
414 // TODO: Add, or use, default values for "AutoBackupLogFiles" (REG_DWORD)
415 // and "CustomSD" (REG_SZ).
416
417 Status = LogfCreate(&pLogf, LogName, &FileName, ulMaxSize, ulRetention, TRUE, FALSE);
418 if (!NT_SUCCESS(Status))
419 {
420 DPRINT1("Failed to create %S! (Status %08lx)\n", Expanded, Status);
421 }
422
423 HeapFree(GetProcessHeap(), 0, Expanded);
424 HeapFree(GetProcessHeap(), 0, Buf);
425 return pLogf;
426}
Type
Type
Definition: Type.h:7
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
RegSetValueExW
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4882
RegQueryInfoKeyW
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3662
RegQueryValueExW
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4103
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
HeapReAlloc
#define HeapReAlloc
Definition: compat.h:734
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
ExpandEnvironmentStringsW
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
LogfCreate
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
ROUND_DOWN
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:33
FileName
struct _FileName FileName
Definition: fatprocs.h:896
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
hKey
FxAutoRegKey hKey
Definition: fxdriverapikm.cpp:59
Status
Status
Definition: gdiplustypes.h:25
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
REG_SZ
#define REG_SZ
Definition: layer.c:22
RtlDosPathNameToNtPathName_U
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
REG_EXPAND_SZ
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
L
#define L(x)
Definition: ntvdm.h:50
LONG
long LONG
Definition: pedump.c:60
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596
DPRINT
#define DPRINT
Definition: sndvol32.h:71
StringCbCopyW
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
StringCbCatW
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
_FileName
Definition: filecomp.c:348
_LOGFILE
Definition: eventlog.h:35
_UNICODE_STRING
Definition: env_spec_w32.h:368
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LoadLogFiles().

◆ LoadLogFiles()

static BOOL LoadLogFiles ( HKEY  eventlogKey)
static

Definition at line 429 of file eventlog.c.

430{
431 LONG Result;
432 DWORD MaxLognameLen, LognameLen;
433 DWORD dwIndex;
434 PWSTR Buf = NULL;
435 PLOGFILE pLogFile;
436
437 Result = RegQueryInfoKeyW(eventlogKey, NULL, NULL, NULL, NULL, &MaxLognameLen,
438 NULL, NULL, NULL, NULL, NULL, NULL);
439 if (Result != ERROR_SUCCESS)
440 {
441 DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
442 return FALSE;
443 }
444
445 MaxLognameLen++;
446
447 Buf = HeapAlloc(GetProcessHeap(), 0, MaxLognameLen * sizeof(WCHAR));
448 if (!Buf)
449 {
450 DPRINT1("Error: cannot allocate heap!\n");
451 return FALSE;
452 }
453
454 LognameLen = MaxLognameLen;
455 dwIndex = 0;
456 while (RegEnumKeyExW(eventlogKey,
457 dwIndex,
458 Buf,
459 &LognameLen,
460 NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
461 {
462 HKEY SubKey;
463
464 DPRINT("%S\n", Buf);
465
466 Result = RegOpenKeyExW(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
467 if (Result != ERROR_SUCCESS)
468 {
469 DPRINT1("Failed to open %S key.\n", Buf);
470 HeapFree(GetProcessHeap(), 0, Buf);
471 return FALSE;
472 }
473
474 pLogFile = LoadLogFile(SubKey, Buf);
475 if (pLogFile != NULL)
476 {
477 DPRINT("Loaded %S\n", Buf);
478 LoadEventSources(SubKey, pLogFile);
479 }
480 else
481 {
482 DPRINT1("Failed to load %S\n", Buf);
483 }
484
485 RegCloseKey(SubKey);
486
487 LognameLen = MaxLognameLen;
488 dwIndex++;
489 }
490
491 HeapFree(GetProcessHeap(), 0, Buf);
492 return TRUE;
493}
LoadLogFile
static PLOGFILE LoadLogFile(HKEY hKey, PWSTR LogName)
Definition: eventlog.c:281
RegCloseKey
#define RegCloseKey(hKey)
Definition: registry.h:49
RegOpenKeyExW
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3333
RegEnumKeyExW
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2504
LoadEventSources
BOOL LoadEventSources(HKEY hKey, PLOGFILE pLogFile)
Definition: eventsource.c:82
KEY_ALL_ACCESS
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041

Referenced by wmain().

◆ PRINT_RECORD()

VOID PRINT_RECORD ( PEVENTLOGRECORD  pRec)

Definition at line 544 of file eventlog.c.

545{
546 UINT i;
547 PWSTR str;
548 LARGE_INTEGER SystemTime;
549 TIME_FIELDS Time;
550
551 DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
552
553 DbgPrint("Length = %lu\n", pRec->Length);
554 DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
555 DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
556
557 RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
558 RtlTimeToTimeFields(&SystemTime, &Time);
559 DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
560 Time.Day, Time.Month, Time.Year,
561 Time.Hour, Time.Minute, Time.Second);
562
563 RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
564 RtlTimeToTimeFields(&SystemTime, &Time);
565 DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
566 Time.Day, Time.Month, Time.Year,
567 Time.Hour, Time.Minute, Time.Second);
568
569 DbgPrint("EventID = %lu\n", pRec->EventID);
570
571 switch (pRec->EventType)
572 {
573 case EVENTLOG_ERROR_TYPE:
574 DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
575 break;
576 case EVENTLOG_WARNING_TYPE:
577 DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
578 break;
579 case EVENTLOG_INFORMATION_TYPE:
580 DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
581 break;
582 case EVENTLOG_AUDIT_SUCCESS:
583 DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
584 break;
585 case EVENTLOG_AUDIT_FAILURE:
586 DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
587 break;
588 default:
589 DbgPrint("EventType = %hu\n", pRec->EventType);
590 }
591
592 DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
593 DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
594 DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
595 DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
596 DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
597 DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
598 DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
599 DbgPrint("DataLength = %lu\n", pRec->DataLength);
600 DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
601
602 i = sizeof(EVENTLOGRECORD);
603 DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
604
605 i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
606 DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
607
608 if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
609 {
610 DbgPrint("Strings:\n");
611 str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
612 for (i = 0; i < pRec->NumStrings; i++)
613 {
614 DbgPrint("[%u] %S\n", i, str);
615 str += wcslen(str) + 1;
616 }
617 }
618
619 DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
620}
RtlTimeToTimeFields
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
Definition: env_spec_w32.cpp:895
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
DbgPrint
#define DbgPrint
Definition: hal.h:12
Time
static PLARGE_INTEGER Time
Definition: time.c:105
UINT
unsigned int UINT
Definition: ndis.h:50
RtlSecondsSince1970ToTime
NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime(_In_ ULONG SecondsSince1970, _Out_ PLARGE_INTEGER Time)
str
const WCHAR * str
Definition: rpc_transport.c:2724
_EVENTLOGRECORD::DataOffset
DWORD DataOffset
Definition: winnt_old.h:2856
_EVENTLOGRECORD::NumStrings
WORD NumStrings
Definition: winnt_old.h:2848
_EVENTLOGRECORD::EventType
WORD EventType
Definition: winnt_old.h:2847
_EVENTLOGRECORD::StringOffset
DWORD StringOffset
Definition: winnt_old.h:2852
_EVENTLOGRECORD::DataLength
DWORD DataLength
Definition: winnt_old.h:2855
_EVENTLOGRECORD::ClosingRecordNumber
DWORD ClosingRecordNumber
Definition: winnt_old.h:2851
_EVENTLOGRECORD::TimeGenerated
DWORD TimeGenerated
Definition: winnt_old.h:2844
_EVENTLOGRECORD::Reserved
DWORD Reserved
Definition: winnt_old.h:2842
_EVENTLOGRECORD::TimeWritten
DWORD TimeWritten
Definition: winnt_old.h:2845
_EVENTLOGRECORD::EventID
DWORD EventID
Definition: winnt_old.h:2846
_EVENTLOGRECORD::EventCategory
WORD EventCategory
Definition: winnt_old.h:2849
_EVENTLOGRECORD::RecordNumber
DWORD RecordNumber
Definition: winnt_old.h:2843
_EVENTLOGRECORD::UserSidOffset
DWORD UserSidOffset
Definition: winnt_old.h:2854
_EVENTLOGRECORD::ReservedFlags
WORD ReservedFlags
Definition: winnt_old.h:2850
_EVENTLOGRECORD::Length
DWORD Length
Definition: winnt_old.h:2841
_EVENTLOGRECORD::UserSidLength
DWORD UserSidLength
Definition: winnt_old.h:2853
_TIME_FIELDS
Definition: env_spec_w32.h:710
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
_LARGE_INTEGER
Definition: typedefs.h:103
EVENTLOG_ERROR_TYPE
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2834
EVENTLOG_AUDIT_FAILURE
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2838
EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2836
EVENTLOG_AUDIT_SUCCESS
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2837
EVENTLOGRECORD
struct _EVENTLOGRECORD EVENTLOGRECORD
EVENTLOG_WARNING_TYPE
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2835

Referenced by ProcessPortMessage().

◆ ReportProductInfoEvent()

static VOID ReportProductInfoEvent ( VOID  )
static

Definition at line 155 of file eventlog.c.

156{
157 OSVERSIONINFOW versionInfo;
158 WCHAR szBuffer[512];
159 PWSTR str;
160 size_t cchRemain;
161 HKEY hKey;
162 DWORD dwValueLength;
163 DWORD dwType;
164 LONG lResult = ERROR_SUCCESS;
165
166 ZeroMemory(&versionInfo, sizeof(versionInfo));
167 versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
168
169 /* Get version information */
170 if (!GetVersionExW(&versionInfo))
171 return;
172
173 ZeroMemory(szBuffer, sizeof(szBuffer));
174 str = szBuffer;
175 cchRemain = ARRAYSIZE(szBuffer);
176
177 /* Write the version number into the buffer */
178 StringCchPrintfExW(str, cchRemain,
179 &str, &cchRemain, 0,
180 L"%lu.%lu",
181 versionInfo.dwMajorVersion,
182 versionInfo.dwMinorVersion);
183 str++;
184 cchRemain++;
185
186 /* Write the build number into the buffer */
187 StringCchPrintfExW(str, cchRemain,
188 &str, &cchRemain, 0,
189 L"%lu",
190 versionInfo.dwBuildNumber);
191 str++;
192 cchRemain++;
193
194 /* Write the service pack info into the buffer */
195 StringCchCopyExW(str, cchRemain,
196 versionInfo.szCSDVersion,
197 &str, &cchRemain, 0);
198 str++;
199 cchRemain++;
200
201 /* Read 'CurrentType' from the registry and write it into the buffer */
202 lResult = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
203 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
204 0,
205 KEY_QUERY_VALUE,
206 &hKey);
207 if (lResult == ERROR_SUCCESS)
208 {
209 dwValueLength = cchRemain;
210 lResult = RegQueryValueExW(hKey,
211 L"CurrentType",
212 NULL,
213 &dwType,
214 (LPBYTE)str,
215 &dwValueLength);
216
217 RegCloseKey(hKey);
218 }
219
220 /* Log the product information */
221 LogfReportEvent(EVENTLOG_INFORMATION_TYPE,
222 0,
223 EVENT_EventLogProductInfo,
224 4,
225 szBuffer,
226 0,
227 NULL);
228}
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
GetVersionExW
BOOL WINAPI GetVersionExW(IN LPOSVERSIONINFOW lpVersionInformation)
Definition: version.c:37
LogfReportEvent
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
EVENT_EventLogProductInfo
#define EVENT_EventLogProductInfo
Definition: netevent.h:241
KEY_QUERY_VALUE
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
StringCchCopyExW
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
StringCchPrintfExW
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
_OSVERSIONINFOW
Definition: rtltypes.h:245
_OSVERSIONINFOW::dwMinorVersion
ULONG dwMinorVersion
Definition: rtltypes.h:248
_OSVERSIONINFOW::dwOSVersionInfoSize
ULONG dwOSVersionInfoSize
Definition: rtltypes.h:246
_OSVERSIONINFOW::dwMajorVersion
ULONG dwMajorVersion
Definition: rtltypes.h:247
_OSVERSIONINFOW::dwBuildNumber
ULONG dwBuildNumber
Definition: rtltypes.h:249
_OSVERSIONINFOW::szCSDVersion
WCHAR szCSDVersion[128]
Definition: rtltypes.h:251
ZeroMemory
#define ZeroMemory
Definition: winbase.h:1712
HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Referenced by ServiceMain().

◆ ServiceControlHandler()

static DWORD WINAPI ServiceControlHandler ( DWORD  dwControl,
DWORD  dwEventType,
LPVOID  lpEventData,
LPVOID  lpContext 
)
static

Definition at line 62 of file eventlog.c.

66{
67 DPRINT("ServiceControlHandler() called\n");
68
69 switch (dwControl)
70 {
71 case SERVICE_CONTROL_STOP:
72 DPRINT(" SERVICE_CONTROL_STOP received\n");
73
74 LogfReportEvent(EVENTLOG_INFORMATION_TYPE,
75 0,
76 EVENT_EventlogStopped, 0, NULL, 0, NULL);
77
78 /* Stop listening to incoming RPC messages */
79 RpcMgmtStopServerListening(NULL);
80 UpdateServiceStatus(SERVICE_STOPPED);
81 return ERROR_SUCCESS;
82
83 case SERVICE_CONTROL_PAUSE:
84 DPRINT(" SERVICE_CONTROL_PAUSE received\n");
85 UpdateServiceStatus(SERVICE_PAUSED);
86 return ERROR_SUCCESS;
87
88 case SERVICE_CONTROL_CONTINUE:
89 DPRINT(" SERVICE_CONTROL_CONTINUE received\n");
90 UpdateServiceStatus(SERVICE_RUNNING);
91 return ERROR_SUCCESS;
92
93 case SERVICE_CONTROL_INTERROGATE:
94 DPRINT(" SERVICE_CONTROL_INTERROGATE received\n");
95 SetServiceStatus(ServiceStatusHandle,
96 &ServiceStatus);
97 return ERROR_SUCCESS;
98
99 case SERVICE_CONTROL_SHUTDOWN:
100 DPRINT(" SERVICE_CONTROL_SHUTDOWN received\n");
101
102 LogfReportEvent(EVENTLOG_INFORMATION_TYPE,
103 0,
104 EVENT_EventlogStopped, 0, NULL, 0, NULL);
105
106 UpdateServiceStatus(SERVICE_STOPPED);
107 return ERROR_SUCCESS;
108
109 default:
110 DPRINT1(" Control %lu received\n", dwControl);
111 return ERROR_CALL_NOT_IMPLEMENTED;
112 }
113}
UpdateServiceStatus
static VOID UpdateServiceStatus(DWORD dwState)
Definition: eventlog.c:40
ServiceStatusHandle
SERVICE_STATUS_HANDLE ServiceStatusHandle
Definition: eventlog.c:31
ServiceStatus
SERVICE_STATUS ServiceStatus
Definition: eventlog.c:30
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
EVENT_EventlogStopped
#define EVENT_EventlogStopped
Definition: netevent.h:244
RpcMgmtStopServerListening
RPC_STATUS WINAPI RpcMgmtStopServerListening(RPC_BINDING_HANDLE Binding)
Definition: rpc_server.c:1596
SetServiceStatus
BOOL WINAPI SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
Definition: sctrl.c:997
SERVICE_STOPPED
#define SERVICE_STOPPED
Definition: winsvc.h:21
SERVICE_CONTROL_SHUTDOWN
#define SERVICE_CONTROL_SHUTDOWN
Definition: winsvc.h:40
SERVICE_PAUSED
#define SERVICE_PAUSED
Definition: winsvc.h:27
SERVICE_RUNNING
#define SERVICE_RUNNING
Definition: winsvc.h:24
SERVICE_CONTROL_CONTINUE
#define SERVICE_CONTROL_CONTINUE
Definition: winsvc.h:38
SERVICE_CONTROL_STOP
#define SERVICE_CONTROL_STOP
Definition: winsvc.h:36
SERVICE_CONTROL_PAUSE
#define SERVICE_CONTROL_PAUSE
Definition: winsvc.h:37
SERVICE_CONTROL_INTERROGATE
#define SERVICE_CONTROL_INTERROGATE
Definition: winsvc.h:39

Referenced by ServiceMain().

◆ ServiceInit()

static DWORD ServiceInit ( VOID  )
static

Definition at line 117 of file eventlog.c.

118{
119 HANDLE hThread;
120
121 hThread = CreateThread(NULL,
122 0,
123 (LPTHREAD_START_ROUTINE)PortThreadRoutine,
124 NULL,
125 0,
126 NULL);
127 if (!hThread)
128 {
129 DPRINT("Cannot create PortThread\n");
130 return GetLastError();
131 }
132 else
133 CloseHandle(hThread);
134
135 hThread = CreateThread(NULL,
136 0,
137 RpcThreadRoutine,
138 NULL,
139 0,
140 NULL);
141
142 if (!hThread)
143 {
144 DPRINT("Cannot create RpcThread\n");
145 return GetLastError();
146 }
147 else
148 CloseHandle(hThread);
149
150 return ERROR_SUCCESS;
151}
RpcThreadRoutine
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpcserver.c:20
CloseHandle
#define CloseHandle
Definition: compat.h:739
CreateThread
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:137
PortThreadRoutine
NTSTATUS WINAPI PortThreadRoutine(PVOID Param)
Definition: logport.c:27
hThread
HANDLE hThread
Definition: wizard.c:28
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
LPTHREAD_START_ROUTINE
DWORD(WINAPI * LPTHREAD_START_ROUTINE)(LPVOID)
Definition: winbase.h:729

Referenced by ServiceMain().

◆ ServiceMain()

static VOID CALLBACK ServiceMain ( DWORD  argc,
LPWSTR argv 
)
static

Definition at line 232 of file eventlog.c.

234{
235 DWORD dwError;
236
237 UNREFERENCED_PARAMETER(argc);
238 UNREFERENCED_PARAMETER(argv);
239
240 DPRINT("ServiceMain() called\n");
241
242 ServiceStatusHandle = RegisterServiceCtrlHandlerExW(ServiceName,
243 ServiceControlHandler,
244 NULL);
245 if (!ServiceStatusHandle)
246 {
247 dwError = GetLastError();
248 DPRINT1("RegisterServiceCtrlHandlerW() failed! (Error %lu)\n", dwError);
249 return;
250 }
251
252 UpdateServiceStatus(SERVICE_START_PENDING);
253
254 dwError = ServiceInit();
255 if (dwError != ERROR_SUCCESS)
256 {
257 DPRINT("Service stopped (dwError: %lu\n", dwError);
258 UpdateServiceStatus(SERVICE_START_PENDING);
259 }
260 else
261 {
262 DPRINT("Service started\n");
263 UpdateServiceStatus(SERVICE_RUNNING);
264
265 ReportProductInfoEvent();
266
267 LogfReportEvent(EVENTLOG_INFORMATION_TYPE,
268 0,
269 EVENT_EventlogStarted,
270 0,
271 NULL,
272 0,
273 NULL);
274 }
275
276 DPRINT("ServiceMain() done\n");
277}
argc
static int argc
Definition: ServiceArgs.c:12
ServiceName
static WCHAR ServiceName[]
Definition: eventlog.c:23
ServiceInit
static DWORD ServiceInit(VOID)
Definition: eventlog.c:117
ServiceControlHandler
static DWORD WINAPI ServiceControlHandler(DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
Definition: eventlog.c:62
ReportProductInfoEvent
static VOID ReportProductInfoEvent(VOID)
Definition: eventlog.c:155
argv
#define argv
Definition: mplay32.c:18
EVENT_EventlogStarted
#define EVENT_EventlogStarted
Definition: netevent.h:243
UNREFERENCED_PARAMETER
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
RegisterServiceCtrlHandlerExW
SERVICE_STATUS_HANDLE WINAPI RegisterServiceCtrlHandlerExW(LPCWSTR lpServiceName, LPHANDLER_FUNCTION_EX lpHandlerProc, LPVOID lpContext)
Definition: sctrl.c:812
SERVICE_START_PENDING
#define SERVICE_START_PENDING
Definition: winsvc.h:22

◆ UpdateServiceStatus()

static VOID UpdateServiceStatus ( DWORD  dwState)
static

Definition at line 40 of file eventlog.c.

41{
42 ServiceStatus.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
43 ServiceStatus.dwCurrentState = dwState;
44 ServiceStatus.dwControlsAccepted = 0;
45 ServiceStatus.dwWin32ExitCode = 0;
46 ServiceStatus.dwServiceSpecificExitCode = 0;
47 ServiceStatus.dwCheckPoint = 0;
48
49 if (dwState == SERVICE_START_PENDING ||
50 dwState == SERVICE_STOP_PENDING ||
51 dwState == SERVICE_PAUSE_PENDING ||
52 dwState == SERVICE_CONTINUE_PENDING)
53 ServiceStatus.dwWaitHint = 10000;
54 else
55 ServiceStatus.dwWaitHint = 0;
56
57 SetServiceStatus(ServiceStatusHandle,
58 &ServiceStatus);
59}
_SERVICE_STATUS::dwServiceType
DWORD dwServiceType
Definition: winsvc.h:99
_SERVICE_STATUS::dwWin32ExitCode
DWORD dwWin32ExitCode
Definition: winsvc.h:102
_SERVICE_STATUS::dwControlsAccepted
DWORD dwControlsAccepted
Definition: winsvc.h:101
_SERVICE_STATUS::dwWaitHint
DWORD dwWaitHint
Definition: winsvc.h:105
_SERVICE_STATUS::dwCurrentState
DWORD dwCurrentState
Definition: winsvc.h:100
_SERVICE_STATUS::dwCheckPoint
DWORD dwCheckPoint
Definition: winsvc.h:104
_SERVICE_STATUS::dwServiceSpecificExitCode
DWORD dwServiceSpecificExitCode
Definition: winsvc.h:103
SERVICE_STOP_PENDING
#define SERVICE_STOP_PENDING
Definition: winsvc.h:23
SERVICE_PAUSE_PENDING
#define SERVICE_PAUSE_PENDING
Definition: winsvc.h:26
SERVICE_CONTINUE_PENDING
#define SERVICE_CONTINUE_PENDING
Definition: winsvc.h:25
SERVICE_WIN32_OWN_PROCESS
#define SERVICE_WIN32_OWN_PROCESS
Definition: cmtypes.h:962

Referenced by ServiceControlHandler(), and ServiceMain().

◆ wmain()

int wmain ( int  argc,
WCHAR argv[] 
)

Definition at line 496 of file eventlog.c.

497{
498 INT RetCode = 0;
499 LONG Result;
500 HKEY elogKey;
501 WCHAR LogPath[MAX_PATH];
502
503 LogfListInitialize();
504 InitEventSourceList();
505
506 GetSystemWindowsDirectoryW(LogPath, ARRAYSIZE(LogPath));
507
508 if (GetDriveTypeW(LogPath) == DRIVE_CDROM)
509 {
510 DPRINT("LiveCD detected\n");
511 onLiveCD = TRUE;
512 }
513 else
514 {
515 Result = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
516 L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
517 0,
518 KEY_ALL_ACCESS,
519 &elogKey);
520 if (Result != ERROR_SUCCESS)
521 {
522 DPRINT1("Fatal error: cannot open eventlog registry key.\n");
523 RetCode = 1;
524 goto bye_bye;
525 }
526
527 LoadLogFiles(elogKey);
528 }
529
530 EventLogSource = GetEventSourceByName(L"EventLog");
531 if (!EventLogSource)
532 {
533 DPRINT1("The 'EventLog' source is unavailable. The EventLog service will not be able to log its own events.\n");
534 }
535
536 StartServiceCtrlDispatcher(ServiceTable);
537
538bye_bye:
539 LogfCloseAll();
540
541 return RetCode;
542}
EventLogSource
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
onLiveCD
BOOL onLiveCD
Definition: eventlog.c:33
LoadLogFiles
static BOOL LoadLogFiles(HKEY eventlogKey)
Definition: eventlog.c:429
ServiceTable
static SERVICE_TABLE_ENTRYW ServiceTable[2]
Definition: eventlog.c:24
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
GetDriveTypeW
UINT WINAPI GetDriveTypeW(IN LPCWSTR lpRootPathName)
Definition: disk.c:497
GetSystemWindowsDirectoryW
UINT WINAPI GetSystemWindowsDirectoryW(OUT LPWSTR lpBuffer, IN UINT uSize)
Definition: path.c:2397
InitEventSourceList
VOID InitEventSourceList(VOID)
Definition: eventsource.c:22
LogfListInitialize
VOID LogfListInitialize(VOID)
Definition: file.c:27
GetEventSourceByName
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
LogfCloseAll
VOID LogfCloseAll(VOID)
Definition: file.c:452
DRIVE_CDROM
#define DRIVE_CDROM
Definition: machpc98.h:119
INT
int32_t INT
Definition: typedefs.h:58
StartServiceCtrlDispatcher
#define StartServiceCtrlDispatcher
Definition: winsvc.h:586

Variable Documentation

◆ EventLogSource

PEVENTSOURCE EventLogSource = NULL

Definition at line 35 of file eventlog.c.

Referenced by CheckLogOrSourceExistence(), InstallEventSource(), LogfReportEvent(), and wmain().

◆ onLiveCD

BOOL onLiveCD = FALSE

Definition at line 33 of file eventlog.c.

Referenced by ProcessPortMessage(), and wmain().

◆ ServiceName

WCHAR ServiceName[] = L"EventLog"
static

Definition at line 23 of file eventlog.c.

Referenced by ServiceMain().

◆ ServiceStatus

SERVICE_STATUS ServiceStatus

Definition at line 30 of file eventlog.c.

Referenced by ServiceControlHandler(), and UpdateServiceStatus().

◆ ServiceStatusHandle

SERVICE_STATUS_HANDLE ServiceStatusHandle

Definition at line 31 of file eventlog.c.

Referenced by ServiceControlHandler(), ServiceMain(), and UpdateServiceStatus().

◆ ServiceTable

SERVICE_TABLE_ENTRYW ServiceTable[2]
static
Initial value:
=
{
{ ServiceName, ServiceMain },
{ NULL, NULL }
}
ServiceMain
static VOID CALLBACK ServiceMain(DWORD, LPWSTR *)
Definition: eventlog.c:232

Definition at line 24 of file eventlog.c.

Referenced by _tmain(), KiSystemService(), and wmain().