ReactOS  0.4.10-dev-348-gbcec1fd
eventlog.c File Reference
#include "eventlog.h"
#include <stdio.h>
#include <netevent.h>
#include <debug.h>
Include dependency graph for eventlog.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

static VOID CALLBACK ServiceMain (DWORD, LPWSTR *)
 
static VOID UpdateServiceStatus (DWORD dwState)
 
static DWORD WINAPI ServiceControlHandler (DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
 
static DWORD ServiceInit (VOID)
 
static VOID ReportProductInfoEvent (VOID)
 
static PLOGFILE LoadLogFile (HKEY hKey, PWSTR LogName)
 
static BOOL LoadLogFiles (HKEY eventlogKey)
 
int wmain (int argc, WCHAR *argv[])
 
VOID PRINT_RECORD (PEVENTLOGRECORD pRec)
 

Variables

static WCHAR ServiceName [] = L"EventLog"
 
static SERVICE_TABLE_ENTRYW ServiceTable [2]
 
SERVICE_STATUS ServiceStatus
 
SERVICE_STATUS_HANDLE ServiceStatusHandle
 
BOOL onLiveCD = FALSE
 
PEVENTSOURCE EventLogSource = NULL
 

Macro Definition Documentation

#define NDEBUG

Definition at line 17 of file eventlog.c.

Function Documentation

static PLOGFILE LoadLogFile ( HKEY  hKey,
PWSTR  LogName 
)
static

Definition at line 281 of file eventlog.c.

Referenced by LoadLogFiles().

282 {
283  DWORD MaxValueLen, ValueLen, Type, ExpandedLen;
284  PWSTR Buf = NULL, Expanded = NULL;
285  LONG Result;
286  PLOGFILE pLogf = NULL;
288  ULONG ulMaxSize, ulRetention;
290 
291  DPRINT("LoadLogFile: `%S'\n", LogName);
292 
293  Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, NULL, NULL, NULL,
294  NULL, NULL, &MaxValueLen, NULL, NULL);
295  if (Result != ERROR_SUCCESS)
296  {
297  DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
298  return NULL;
299  }
300 
301  MaxValueLen = ROUND_DOWN(MaxValueLen, sizeof(WCHAR));
302  Buf = HeapAlloc(GetProcessHeap(), 0, MaxValueLen);
303  if (!Buf)
304  {
305  DPRINT1("Cannot allocate heap!\n");
306  return NULL;
307  }
308 
309  ValueLen = MaxValueLen;
310  Result = RegQueryValueExW(hKey,
311  L"File",
312  NULL,
313  &Type,
314  (LPBYTE)Buf,
315  &ValueLen);
316  /*
317  * If we failed, because the registry value was inexistent
318  * or the value type was incorrect, create a new "File" value
319  * that holds the default event log path.
320  */
321  if ((Result != ERROR_SUCCESS) || (Type != REG_EXPAND_SZ && Type != REG_SZ))
322  {
323  MaxValueLen = (wcslen(L"%SystemRoot%\\System32\\Config\\") +
324  wcslen(LogName) + wcslen(L".evt") + 1) * sizeof(WCHAR);
325 
326  Expanded = HeapReAlloc(GetProcessHeap(), 0, Buf, MaxValueLen);
327  if (!Expanded)
328  {
329  DPRINT1("Cannot reallocate heap!\n");
330  HeapFree(GetProcessHeap(), 0, Buf);
331  return NULL;
332  }
333  Buf = Expanded;
334 
335  StringCbCopyW(Buf, MaxValueLen, L"%SystemRoot%\\System32\\Config\\");
336  StringCbCatW(Buf, MaxValueLen, LogName);
337  StringCbCatW(Buf, MaxValueLen, L".evt");
338 
339  ValueLen = MaxValueLen;
340  Result = RegSetValueExW(hKey,
341  L"File",
342  0,
344  (LPBYTE)Buf,
345  ValueLen);
346  if (Result != ERROR_SUCCESS)
347  {
348  DPRINT1("RegSetValueExW failed: %lu\n", Result);
349  HeapFree(GetProcessHeap(), 0, Buf);
350  return NULL;
351  }
352  }
353 
354  ExpandedLen = ExpandEnvironmentStringsW(Buf, NULL, 0);
355  Expanded = HeapAlloc(GetProcessHeap(), 0, ExpandedLen * sizeof(WCHAR));
356  if (!Expanded)
357  {
358  DPRINT1("Cannot allocate heap!\n");
359  HeapFree(GetProcessHeap(), 0, Buf);
360  return NULL;
361  }
362 
363  ExpandEnvironmentStringsW(Buf, Expanded, ExpandedLen);
364 
365  if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName, NULL, NULL))
366  {
367  DPRINT1("Cannot convert path!\n");
368  HeapFree(GetProcessHeap(), 0, Expanded);
369  HeapFree(GetProcessHeap(), 0, Buf);
370  return NULL;
371  }
372 
373  DPRINT("%S -> %S\n", Buf, Expanded);
374 
375  ValueLen = sizeof(ulMaxSize);
376  Result = RegQueryValueExW(hKey,
377  L"MaxSize",
378  NULL,
379  &Type,
380  (LPBYTE)&ulMaxSize,
381  &ValueLen);
382  if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
383  {
384  ulMaxSize = 512 * 1024; /* 512 kBytes */
385 
386  Result = RegSetValueExW(hKey,
387  L"MaxSize",
388  0,
389  REG_DWORD,
390  (LPBYTE)&ulMaxSize,
391  sizeof(ulMaxSize));
392  }
393 
394  ValueLen = sizeof(ulRetention);
395  Result = RegQueryValueExW(hKey,
396  L"Retention",
397  NULL,
398  &Type,
399  (LPBYTE)&ulRetention,
400  &ValueLen);
401  if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
402  {
403  /* On Windows 2003 it is 604800 (secs) == 7 days */
404  ulRetention = 0;
405 
406  Result = RegSetValueExW(hKey,
407  L"Retention",
408  0,
409  REG_DWORD,
410  (LPBYTE)&ulRetention,
411  sizeof(ulRetention));
412  }
413 
414  // TODO: Add, or use, default values for "AutoBackupLogFiles" (REG_DWORD)
415  // and "CustomSD" (REG_SZ).
416 
417  Status = LogfCreate(&pLogf, LogName, &FileName, ulMaxSize, ulRetention, TRUE, FALSE);
418  if (!NT_SUCCESS(Status))
419  {
420  DPRINT1("Failed to create %S! (Status %08lx)\n", Expanded, Status);
421  }
422 
423  HeapFree(GetProcessHeap(), 0, Expanded);
424  HeapFree(GetProcessHeap(), 0, Buf);
425  return pLogf;
426 }
#define TRUE
Definition: types.h:120
Type
Definition: Type.h:6
#define ERROR_SUCCESS
Definition: deptool.c:10
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned char * LPBYTE
Definition: typedefs.h:52
PVOID *typedef PWSTR
Definition: winlogon.h:57
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD DWORD
Definition: winlogon.h:75
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
#define FALSE
Definition: types.h:117
long LONG
Definition: pedump.c:60
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4917
LONG NTSTATUS
Definition: precomp.h:26
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4134
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3704
static const WCHAR L[]
Definition: oid.c:1087
Status
Definition: gdiplustypes.h:24
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:30
struct _FileName FileName
Definition: fatprocs.h:884
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define HeapReAlloc
Definition: compat.h:393
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
#define DPRINT1
Definition: precomp.h:8
unsigned int ULONG
Definition: retypes.h:1
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
#define REG_DWORD
Definition: sdbapi.c:539
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
#define REG_SZ
Definition: layer.c:22
static BOOL LoadLogFiles ( HKEY  eventlogKey)
static

Definition at line 429 of file eventlog.c.

Referenced by wmain().

430 {
431  LONG Result;
432  DWORD MaxLognameLen, LognameLen;
433  DWORD dwIndex;
434  PWSTR Buf = NULL;
435  PLOGFILE pLogFile;
436 
437  Result = RegQueryInfoKeyW(eventlogKey, NULL, NULL, NULL, NULL, &MaxLognameLen,
438  NULL, NULL, NULL, NULL, NULL, NULL);
439  if (Result != ERROR_SUCCESS)
440  {
441  DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
442  return FALSE;
443  }
444 
445  MaxLognameLen++;
446 
447  Buf = HeapAlloc(GetProcessHeap(), 0, MaxLognameLen * sizeof(WCHAR));
448  if (!Buf)
449  {
450  DPRINT1("Error: cannot allocate heap!\n");
451  return FALSE;
452  }
453 
454  LognameLen = MaxLognameLen;
455  dwIndex = 0;
456  while (RegEnumKeyExW(eventlogKey,
457  dwIndex,
458  Buf,
459  &LognameLen,
461  {
462  HKEY SubKey;
463 
464  DPRINT("%S\n", Buf);
465 
466  Result = RegOpenKeyExW(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
467  if (Result != ERROR_SUCCESS)
468  {
469  DPRINT1("Failed to open %S key.\n", Buf);
470  HeapFree(GetProcessHeap(), 0, Buf);
471  return FALSE;
472  }
473 
474  pLogFile = LoadLogFile(SubKey, Buf);
475  if (pLogFile != NULL)
476  {
477  DPRINT("Loaded %S\n", Buf);
478  LoadEventSources(SubKey, pLogFile);
479  }
480  else
481  {
482  DPRINT1("Failed to load %S\n", Buf);
483  }
484 
485  RegCloseKey(SubKey);
486 
487  LognameLen = MaxLognameLen;
488  dwIndex++;
489  }
490 
491  HeapFree(GetProcessHeap(), 0, Buf);
492  return TRUE;
493 }
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
__wchar_t WCHAR
Definition: xmlstorage.h:180
PVOID *typedef PWSTR
Definition: winlogon.h:57
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
static PLOGFILE LoadLogFile(HKEY hKey, PWSTR LogName)
Definition: eventlog.c:281
DWORD DWORD
Definition: winlogon.h:75
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
#define FALSE
Definition: types.h:117
long LONG
Definition: pedump.c:60
BOOL LoadEventSources(HKEY hKey, PLOGFILE pLogFile)
Definition: eventsource.c:82
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
HANDLE HKEY
Definition: registry.h:24
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3704
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define DPRINT1
Definition: precomp.h:8
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3381
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2541
#define HeapFree(x, y, z)
Definition: compat.h:394
VOID PRINT_RECORD ( PEVENTLOGRECORD  pRec)

Definition at line 544 of file eventlog.c.

Referenced by ProcessPortMessage().

545 {
546  UINT i;
547  PWSTR str;
548  LARGE_INTEGER SystemTime;
550 
551  DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
552 
553  DbgPrint("Length = %lu\n", pRec->Length);
554  DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
555  DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
556 
557  RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
558  RtlTimeToTimeFields(&SystemTime, &Time);
559  DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
560  Time.Day, Time.Month, Time.Year,
561  Time.Hour, Time.Minute, Time.Second);
562 
563  RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
564  RtlTimeToTimeFields(&SystemTime, &Time);
565  DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
566  Time.Day, Time.Month, Time.Year,
567  Time.Hour, Time.Minute, Time.Second);
568 
569  DbgPrint("EventID = %lu\n", pRec->EventID);
570 
571  switch (pRec->EventType)
572  {
573  case EVENTLOG_ERROR_TYPE:
574  DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
575  break;
577  DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
578  break;
580  DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
581  break;
583  DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
584  break;
586  DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
587  break;
588  default:
589  DbgPrint("EventType = %hu\n", pRec->EventType);
590  }
591 
592  DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
593  DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
594  DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
595  DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
596  DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
597  DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
598  DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
599  DbgPrint("DataLength = %lu\n", pRec->DataLength);
600  DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
601 
602  i = sizeof(EVENTLOGRECORD);
603  DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
604 
605  i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
606  DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
607 
608  if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
609  {
610  DbgPrint("Strings:\n");
611  str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
612  for (i = 0; i < pRec->NumStrings; i++)
613  {
614  DbgPrint("[%u] %S\n", i, str);
615  str += wcslen(str) + 1;
616  }
617  }
618 
619  DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
620 }
#define DbgPrint
Definition: loader.c:25
__wchar_t WCHAR
Definition: xmlstorage.h:180
NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime(_In_ ULONG SecondsSince1970, _Out_ PLARGE_INTEGER Time)
PVOID *typedef PWSTR
Definition: winlogon.h:57
DWORD StringOffset
Definition: winnt_old.h:2648
uint32_t ULONG_PTR
Definition: typedefs.h:63
struct _EVENTLOGRECORD EVENTLOGRECORD
GLenum GLclampf GLint i
Definition: glfuncs.h:14
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
const WCHAR * str
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
DWORD UserSidOffset
Definition: winnt_old.h:2650
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
DWORD RecordNumber
Definition: winnt_old.h:2639
DWORD TimeGenerated
Definition: winnt_old.h:2640
unsigned int * PULONG
Definition: retypes.h:1
unsigned int UINT
Definition: ndis.h:50
#define DPRINT1
Definition: precomp.h:8
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
DWORD UserSidLength
Definition: winnt_old.h:2649
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
static PLARGE_INTEGER Time
Definition: time.c:105
DWORD ClosingRecordNumber
Definition: winnt_old.h:2647
static VOID ReportProductInfoEvent ( VOID  )
static

Definition at line 155 of file eventlog.c.

Referenced by ServiceMain().

156 {
157  OSVERSIONINFOW versionInfo;
158  WCHAR szBuffer[512];
159  PWSTR str;
160  size_t cchRemain;
161  HKEY hKey;
162  DWORD dwValueLength;
163  DWORD dwType;
165 
166  ZeroMemory(&versionInfo, sizeof(versionInfo));
167  versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
168 
169  /* Get version information */
170  if (!GetVersionExW(&versionInfo))
171  return;
172 
173  ZeroMemory(szBuffer, sizeof(szBuffer));
174  str = szBuffer;
175  cchRemain = ARRAYSIZE(szBuffer);
176 
177  /* Write the version number into the buffer */
178  StringCchPrintfExW(str, cchRemain,
179  &str, &cchRemain, 0,
180  L"%lu.%lu",
181  versionInfo.dwMajorVersion,
182  versionInfo.dwMinorVersion);
183  str++;
184  cchRemain++;
185 
186  /* Write the build number into the buffer */
187  StringCchPrintfExW(str, cchRemain,
188  &str, &cchRemain, 0,
189  L"%lu",
190  versionInfo.dwBuildNumber);
191  str++;
192  cchRemain++;
193 
194  /* Write the service pack info into the buffer */
195  StringCchCopyExW(str, cchRemain,
196  versionInfo.szCSDVersion,
197  &str, &cchRemain, 0);
198  str++;
199  cchRemain++;
200 
201  /* Read 'CurrentType' from the registry and write it into the buffer */
203  L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
204  0,
206  &hKey);
207  if (lResult == ERROR_SUCCESS)
208  {
209  dwValueLength = cchRemain;
210  lResult = RegQueryValueExW(hKey,
211  L"CurrentType",
212  NULL,
213  &dwType,
214  (LPBYTE)str,
215  &dwValueLength);
216 
217  RegCloseKey(hKey);
218  }
219 
220  /* Log the product information */
222  0,
224  4,
225  szBuffer,
226  0,
227  NULL);
228 }
#define ERROR_SUCCESS
Definition: deptool.c:10
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned char * LPBYTE
Definition: typedefs.h:52
WCHAR szCSDVersion[128]
Definition: rtltypes.h:247
PVOID *typedef PWSTR
Definition: winlogon.h:57
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define ZeroMemory
Definition: winbase.h:1635
BOOL WINAPI GetVersionExW(IN LPOSVERSIONINFOW lpVersionInformation)
Definition: version.c:37
DWORD DWORD
Definition: winlogon.h:75
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
long LONG
Definition: pedump.c:60
const WCHAR * str
smooth NULL
Definition: ftsmooth.c:416
ULONG dwMajorVersion
Definition: rtltypes.h:243
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4134
HANDLE HKEY
Definition: registry.h:24
ULONG dwOSVersionInfoSize
Definition: rtltypes.h:242
ULONG dwBuildNumber
Definition: rtltypes.h:245
static const WCHAR L[]
Definition: oid.c:1087
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
#define EVENT_EventLogProductInfo
Definition: netevent.h:241
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
ULONG dwMinorVersion
Definition: rtltypes.h:244
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3381
UINT WPARAM LPARAM LRESULT & lResult
Definition: precomp.h:45
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
static DWORD WINAPI ServiceControlHandler ( DWORD  dwControl,
DWORD  dwEventType,
LPVOID  lpEventData,
LPVOID  lpContext 
)
static

Definition at line 62 of file eventlog.c.

Referenced by ServiceMain().

66 {
67  DPRINT("ServiceControlHandler() called\n");
68 
69  switch (dwControl)
70  {
72  DPRINT(" SERVICE_CONTROL_STOP received\n");
73 
75  0,
77 
78  /* Stop listening to incoming RPC messages */
81  return ERROR_SUCCESS;
82 
84  DPRINT(" SERVICE_CONTROL_PAUSE received\n");
86  return ERROR_SUCCESS;
87 
89  DPRINT(" SERVICE_CONTROL_CONTINUE received\n");
91  return ERROR_SUCCESS;
92 
94  DPRINT(" SERVICE_CONTROL_INTERROGATE received\n");
96  &ServiceStatus);
97  return ERROR_SUCCESS;
98 
100  DPRINT(" SERVICE_CONTROL_SHUTDOWN received\n");
101 
103  0,
105 
107  return ERROR_SUCCESS;
108 
109  default:
110  DPRINT1(" Control %lu received\n", dwControl);
112  }
113 }
SERVICE_STATUS ServiceStatus
Definition: eventlog.c:30
RPC_STATUS WINAPI RpcMgmtStopServerListening(RPC_BINDING_HANDLE Binding)
Definition: rpc_server.c:1599
#define ERROR_SUCCESS
Definition: deptool.c:10
#define SERVICE_PAUSED
Definition: winsvc.h:27
static VOID UpdateServiceStatus(DWORD dwState)
Definition: eventlog.c:40
BOOL WINAPI SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
Definition: sctrl.c:956
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
#define SERVICE_STOPPED
Definition: winsvc.h:21
#define SERVICE_RUNNING
Definition: winsvc.h:24
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
#define SERVICE_CONTROL_INTERROGATE
Definition: winsvc.h:39
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
#define SERVICE_CONTROL_PAUSE
Definition: winsvc.h:37
#define EVENT_EventlogStopped
Definition: netevent.h:244
#define SERVICE_CONTROL_CONTINUE
Definition: winsvc.h:38
#define DPRINT1
Definition: precomp.h:8
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:92
#define SERVICE_CONTROL_STOP
Definition: winsvc.h:36
SERVICE_STATUS_HANDLE ServiceStatusHandle
Definition: eventlog.c:31
#define SERVICE_CONTROL_SHUTDOWN
Definition: winsvc.h:40
static DWORD ServiceInit ( VOID  )
static

Definition at line 117 of file eventlog.c.

Referenced by ServiceMain(), and wWinMain().

118 {
119  HANDLE hThread;
120 
121  hThread = CreateThread(NULL,
122  0,
124  NULL,
125  0,
126  NULL);
127  if (!hThread)
128  {
129  DPRINT("Cannot create PortThread\n");
130  return GetLastError();
131  }
132  else
133  CloseHandle(hThread);
134 
135  hThread = CreateThread(NULL,
136  0,
138  NULL,
139  0,
140  NULL);
141 
142  if (!hThread)
143  {
144  DPRINT("Cannot create RpcThread\n");
145  return GetLastError();
146  }
147  else
148  CloseHandle(hThread);
149 
150  return ERROR_SUCCESS;
151 }
#define CloseHandle
Definition: compat.h:398
#define ERROR_SUCCESS
Definition: deptool.c:10
NTSTATUS WINAPI PortThreadRoutine(PVOID Param)
Definition: logport.c:27
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1056
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpc.c:26
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:135
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
DWORD(WINAPI * LPTHREAD_START_ROUTINE)(LPVOID)
Definition: winbase.h:707
DWORD *typedef HANDLE
Definition: winlogon.h:52
HANDLE hThread
Definition: wizard.c:27
static VOID CALLBACK ServiceMain ( DWORD  argc,
LPWSTR argv 
)
static

Definition at line 232 of file eventlog.c.

234 {
235  DWORD dwError;
236 
239 
240  DPRINT("ServiceMain() called\n");
241 
244  NULL);
245  if (!ServiceStatusHandle)
246  {
247  dwError = GetLastError();
248  DPRINT1("RegisterServiceCtrlHandlerW() failed! (Error %lu)\n", dwError);
249  return;
250  }
251 
253 
254  dwError = ServiceInit();
255  if (dwError != ERROR_SUCCESS)
256  {
257  DPRINT("Service stopped (dwError: %lu\n", dwError);
259  }
260  else
261  {
262  DPRINT("Service started\n");
264 
266 
268  0,
270  0,
271  NULL,
272  0,
273  NULL);
274  }
275 
276  DPRINT("ServiceMain() done\n");
277 }
static int argc
Definition: ServiceArgs.c:12
static DWORD WINAPI ServiceControlHandler(DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
Definition: eventlog.c:62
#define ERROR_SUCCESS
Definition: deptool.c:10
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:323
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1056
#define SERVICE_START_PENDING
Definition: winsvc.h:22
static VOID UpdateServiceStatus(DWORD dwState)
Definition: eventlog.c:40
DWORD DWORD
Definition: winlogon.h:75
static char ** argv
Definition: ServiceArgs.c:11
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
#define SERVICE_RUNNING
Definition: winsvc.h:24
smooth NULL
Definition: ftsmooth.c:416
void DPRINT(...)
Definition: polytest.cpp:61
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
static DWORD ServiceInit(VOID)
Definition: eventlog.c:117
SERVICE_STATUS_HANDLE WINAPI RegisterServiceCtrlHandlerExW(LPCWSTR lpServiceName, LPHANDLER_FUNCTION_EX lpHandlerProc, LPVOID lpContext)
Definition: sctrl.c:772
static WCHAR ServiceName[]
Definition: eventlog.c:23
#define DPRINT1
Definition: precomp.h:8
#define EVENT_EventlogStarted
Definition: netevent.h:243
SERVICE_STATUS_HANDLE ServiceStatusHandle
Definition: eventlog.c:31
static VOID ReportProductInfoEvent(VOID)
Definition: eventlog.c:155
static VOID UpdateServiceStatus ( DWORD  dwState)
static

Definition at line 40 of file eventlog.c.

Referenced by ServiceControlHandler(), and ServiceMain().

41 {
43  ServiceStatus.dwCurrentState = dwState;
48 
49  if (dwState == SERVICE_START_PENDING ||
50  dwState == SERVICE_STOP_PENDING ||
51  dwState == SERVICE_PAUSE_PENDING ||
52  dwState == SERVICE_CONTINUE_PENDING)
53  ServiceStatus.dwWaitHint = 10000;
54  else
56 
58  &ServiceStatus);
59 }
SERVICE_STATUS ServiceStatus
Definition: eventlog.c:30
DWORD dwCurrentState
Definition: winsvc.h:100
#define SERVICE_PAUSE_PENDING
Definition: winsvc.h:26
#define SERVICE_START_PENDING
Definition: winsvc.h:22
DWORD dwServiceSpecificExitCode
Definition: winsvc.h:103
BOOL WINAPI SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
Definition: sctrl.c:956
DWORD dwCheckPoint
Definition: winsvc.h:104
#define SERVICE_WIN32_OWN_PROCESS
Definition: cmtypes.h:960
DWORD dwWaitHint
Definition: winsvc.h:105
DWORD dwWin32ExitCode
Definition: winsvc.h:102
DWORD dwServiceType
Definition: winsvc.h:99
DWORD dwControlsAccepted
Definition: winsvc.h:101
#define SERVICE_CONTINUE_PENDING
Definition: winsvc.h:25
SERVICE_STATUS_HANDLE ServiceStatusHandle
Definition: eventlog.c:31
#define SERVICE_STOP_PENDING
Definition: winsvc.h:23
int wmain ( int  argc,
WCHAR argv[] 
)

Definition at line 496 of file eventlog.c.

497 {
498  INT RetCode = 0;
499  LONG Result;
500  HKEY elogKey;
501  WCHAR LogPath[MAX_PATH];
502 
505 
506  GetSystemWindowsDirectoryW(LogPath, ARRAYSIZE(LogPath));
507 
508  if (GetDriveTypeW(LogPath) == DRIVE_CDROM)
509  {
510  DPRINT("LiveCD detected\n");
511  onLiveCD = TRUE;
512  }
513  else
514  {
516  L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
517  0,
519  &elogKey);
520  if (Result != ERROR_SUCCESS)
521  {
522  DPRINT1("Fatal error: cannot open eventlog registry key.\n");
523  RetCode = 1;
524  goto bye_bye;
525  }
526 
527  LoadLogFiles(elogKey);
528  }
529 
531  if (!EventLogSource)
532  {
533  DPRINT1("The 'EventLog' source is unavailable. The EventLog service will not be able to log its own events.\n");
534  }
535 
537 
538 bye_bye:
539  LogfCloseAll();
540 
541  return RetCode;
542 }
UINT WINAPI GetSystemWindowsDirectoryW(OUT LPWSTR lpBuffer, IN UINT uSize)
Definition: path.c:2397
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
VOID LogfCloseAll(VOID)
Definition: file.c:452
VOID InitEventSourceList(VOID)
Definition: eventsource.c:22
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
int32_t INT
Definition: typedefs.h:56
VOID LogfListInitialize(VOID)
Definition: file.c:27
long LONG
Definition: pedump.c:60
#define StartServiceCtrlDispatcher
Definition: winsvc.h:586
static BOOL LoadLogFiles(HKEY eventlogKey)
Definition: eventlog.c:429
void DPRINT(...)
Definition: polytest.cpp:61
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
HANDLE HKEY
Definition: registry.h:24
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
#define MAX_PATH
Definition: compat.h:26
static const WCHAR L[]
Definition: oid.c:1087
UINT WINAPI GetDriveTypeW(IN LPCWSTR lpRootPathName)
Definition: disk.c:498
static SERVICE_TABLE_ENTRYW ServiceTable[2]
Definition: eventlog.c:24
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define DRIVE_CDROM
Definition: winbase.h:251
#define DPRINT1
Definition: precomp.h:8
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3381
BOOL onLiveCD
Definition: eventlog.c:33
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Variable Documentation

PEVENTSOURCE EventLogSource = NULL

Definition at line 35 of file eventlog.c.

Referenced by CheckLogOrSourceExistence(), and LogfReportEvent().

BOOL onLiveCD = FALSE

Definition at line 33 of file eventlog.c.

Referenced by ProcessPortMessage(), and wmain().

WCHAR ServiceName[] = L"EventLog"
static

Definition at line 23 of file eventlog.c.

Referenced by ServiceMain().

SERVICE_STATUS ServiceStatus

Definition at line 30 of file eventlog.c.

SERVICE_STATUS_HANDLE ServiceStatusHandle

Definition at line 31 of file eventlog.c.

Referenced by ServiceControlHandler(), ServiceMain(), and UpdateServiceStatus().

SERVICE_TABLE_ENTRYW ServiceTable[2]
static
Initial value:
=
{
{ NULL, NULL }
}
smooth NULL
Definition: ftsmooth.c:416
static WCHAR ServiceName[]
Definition: eventlog.c:23
static VOID CALLBACK ServiceMain(DWORD, LPWSTR *)
Definition: eventlog.c:232

Definition at line 24 of file eventlog.c.

Referenced by _tmain(), KiSystemService(), START_TEST(), and wmain().