ReactOS 0.4.15-dev-7928-g68a8619
eventlog.c File Reference
#include "eventlog.h"
#include <stdio.h>
#include <netevent.h>
#include <debug.h>
Include dependency graph for eventlog.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

static VOID CALLBACK ServiceMain (DWORD, LPWSTR *)
 
static VOID UpdateServiceStatus (DWORD dwState)
 
static DWORD WINAPI ServiceControlHandler (DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
 
static DWORD ServiceInit (VOID)
 
static VOID ReportProductInfoEvent (VOID)
 
static PLOGFILE LoadLogFile (HKEY hKey, PWSTR LogName)
 
static BOOL LoadLogFiles (HKEY eventlogKey)
 
int wmain (int argc, WCHAR *argv[])
 
VOID PRINT_RECORD (PEVENTLOGRECORD pRec)
 

Variables

static WCHAR ServiceName [] = L"EventLog"
 
static SERVICE_TABLE_ENTRYW ServiceTable [2]
 
SERVICE_STATUS ServiceStatus
 
SERVICE_STATUS_HANDLE ServiceStatusHandle
 
BOOL onLiveCD = FALSE
 
PEVENTSOURCE EventLogSource = NULL
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 17 of file eventlog.c.

Function Documentation

◆ LoadLogFile()

static PLOGFILE LoadLogFile ( HKEY  hKey,
PWSTR  LogName 
)
static

Definition at line 281 of file eventlog.c.

282{
283 DWORD MaxValueLen, ValueLen, Type, ExpandedLen;
284 PWSTR Buf = NULL, Expanded = NULL;
285 LONG Result;
286 PLOGFILE pLogf = NULL;
288 ULONG ulMaxSize, ulRetention;
290
291 DPRINT("LoadLogFile: `%S'\n", LogName);
292
294 NULL, NULL, &MaxValueLen, NULL, NULL);
295 if (Result != ERROR_SUCCESS)
296 {
297 DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
298 return NULL;
299 }
300
301 MaxValueLen = ROUND_DOWN(MaxValueLen, sizeof(WCHAR));
302 Buf = HeapAlloc(GetProcessHeap(), 0, MaxValueLen);
303 if (!Buf)
304 {
305 DPRINT1("Cannot allocate heap!\n");
306 return NULL;
307 }
308
309 ValueLen = MaxValueLen;
311 L"File",
312 NULL,
313 &Type,
314 (LPBYTE)Buf,
315 &ValueLen);
316 /*
317 * If we failed, because the registry value was inexistent
318 * or the value type was incorrect, create a new "File" value
319 * that holds the default event log path.
320 */
321 if ((Result != ERROR_SUCCESS) || (Type != REG_EXPAND_SZ && Type != REG_SZ))
322 {
323 MaxValueLen = (wcslen(L"%SystemRoot%\\System32\\Config\\") +
324 wcslen(LogName) + wcslen(L".evt") + 1) * sizeof(WCHAR);
325
326 Expanded = HeapReAlloc(GetProcessHeap(), 0, Buf, MaxValueLen);
327 if (!Expanded)
328 {
329 DPRINT1("Cannot reallocate heap!\n");
330 HeapFree(GetProcessHeap(), 0, Buf);
331 return NULL;
332 }
333 Buf = Expanded;
334
335 StringCbCopyW(Buf, MaxValueLen, L"%SystemRoot%\\System32\\Config\\");
336 StringCbCatW(Buf, MaxValueLen, LogName);
337 StringCbCatW(Buf, MaxValueLen, L".evt");
338
339 ValueLen = MaxValueLen;
341 L"File",
342 0,
344 (LPBYTE)Buf,
345 ValueLen);
346 if (Result != ERROR_SUCCESS)
347 {
348 DPRINT1("RegSetValueExW failed: %lu\n", Result);
349 HeapFree(GetProcessHeap(), 0, Buf);
350 return NULL;
351 }
352 }
353
354 ExpandedLen = ExpandEnvironmentStringsW(Buf, NULL, 0);
355 Expanded = HeapAlloc(GetProcessHeap(), 0, ExpandedLen * sizeof(WCHAR));
356 if (!Expanded)
357 {
358 DPRINT1("Cannot allocate heap!\n");
359 HeapFree(GetProcessHeap(), 0, Buf);
360 return NULL;
361 }
362
363 ExpandEnvironmentStringsW(Buf, Expanded, ExpandedLen);
364
366 {
367 DPRINT1("Cannot convert path!\n");
368 HeapFree(GetProcessHeap(), 0, Expanded);
369 HeapFree(GetProcessHeap(), 0, Buf);
370 return NULL;
371 }
372
373 DPRINT("%S -> %S\n", Buf, Expanded);
374
375 ValueLen = sizeof(ulMaxSize);
377 L"MaxSize",
378 NULL,
379 &Type,
380 (LPBYTE)&ulMaxSize,
381 &ValueLen);
382 if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
383 {
384 ulMaxSize = 512 * 1024; /* 512 kBytes */
385
387 L"MaxSize",
388 0,
389 REG_DWORD,
390 (LPBYTE)&ulMaxSize,
391 sizeof(ulMaxSize));
392 }
393
394 ValueLen = sizeof(ulRetention);
396 L"Retention",
397 NULL,
398 &Type,
399 (LPBYTE)&ulRetention,
400 &ValueLen);
401 if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
402 {
403 /* On Windows 2003 it is 604800 (secs) == 7 days */
404 ulRetention = 0;
405
407 L"Retention",
408 0,
409 REG_DWORD,
410 (LPBYTE)&ulRetention,
411 sizeof(ulRetention));
412 }
413
414 // TODO: Add, or use, default values for "AutoBackupLogFiles" (REG_DWORD)
415 // and "CustomSD" (REG_SZ).
416
417 Status = LogfCreate(&pLogf, LogName, &FileName, ulMaxSize, ulRetention, TRUE, FALSE);
418 if (!NT_SUCCESS(Status))
419 {
420 DPRINT1("Failed to create %S! (Status %08lx)\n", Expanded, Status);
421 }
422
423 HeapFree(GetProcessHeap(), 0, Expanded);
424 HeapFree(GetProcessHeap(), 0, Buf);
425 return pLogf;
426}
Type
Definition: Type.h:7
LONG NTSTATUS
Definition: precomp.h:26
#define DPRINT1
Definition: precomp.h:8
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4882
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3662
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4103
#define GetProcessHeap()
Definition: compat.h:736
#define HeapAlloc
Definition: compat.h:733
#define HeapReAlloc
Definition: compat.h:734
#define HeapFree(x, y, z)
Definition: compat.h:735
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:33
struct _FileName FileName
Definition: fatprocs.h:896
unsigned long DWORD
Definition: ntddk_ex.h:95
FxAutoRegKey hKey
Status
Definition: gdiplustypes.h:25
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define REG_SZ
Definition: layer.c:22
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define L(x)
Definition: ntvdm.h:50
long LONG
Definition: pedump.c:60
#define REG_DWORD
Definition: sdbapi.c:596
#define DPRINT
Definition: sndvol32.h:71
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
uint16_t * PWSTR
Definition: typedefs.h:56
unsigned char * LPBYTE
Definition: typedefs.h:53
uint32_t ULONG
Definition: typedefs.h:59
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LoadLogFiles().

◆ LoadLogFiles()

static BOOL LoadLogFiles ( HKEY  eventlogKey)
static

Definition at line 429 of file eventlog.c.

430{
431 LONG Result;
432 DWORD MaxLognameLen, LognameLen;
433 DWORD dwIndex;
434 PWSTR Buf = NULL;
435 PLOGFILE pLogFile;
436
437 Result = RegQueryInfoKeyW(eventlogKey, NULL, NULL, NULL, NULL, &MaxLognameLen,
438 NULL, NULL, NULL, NULL, NULL, NULL);
439 if (Result != ERROR_SUCCESS)
440 {
441 DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
442 return FALSE;
443 }
444
445 MaxLognameLen++;
446
447 Buf = HeapAlloc(GetProcessHeap(), 0, MaxLognameLen * sizeof(WCHAR));
448 if (!Buf)
449 {
450 DPRINT1("Error: cannot allocate heap!\n");
451 return FALSE;
452 }
453
454 LognameLen = MaxLognameLen;
455 dwIndex = 0;
456 while (RegEnumKeyExW(eventlogKey,
457 dwIndex,
458 Buf,
459 &LognameLen,
461 {
462 HKEY SubKey;
463
464 DPRINT("%S\n", Buf);
465
466 Result = RegOpenKeyExW(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
467 if (Result != ERROR_SUCCESS)
468 {
469 DPRINT1("Failed to open %S key.\n", Buf);
470 HeapFree(GetProcessHeap(), 0, Buf);
471 return FALSE;
472 }
473
474 pLogFile = LoadLogFile(SubKey, Buf);
475 if (pLogFile != NULL)
476 {
477 DPRINT("Loaded %S\n", Buf);
478 LoadEventSources(SubKey, pLogFile);
479 }
480 else
481 {
482 DPRINT1("Failed to load %S\n", Buf);
483 }
484
485 RegCloseKey(SubKey);
486
487 LognameLen = MaxLognameLen;
488 dwIndex++;
489 }
490
491 HeapFree(GetProcessHeap(), 0, Buf);
492 return TRUE;
493}
static PLOGFILE LoadLogFile(HKEY hKey, PWSTR LogName)
Definition: eventlog.c:281
#define RegCloseKey(hKey)
Definition: registry.h:49
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3333
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2504
BOOL LoadEventSources(HKEY hKey, PLOGFILE pLogFile)
Definition: eventsource.c:82
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041

Referenced by wmain().

◆ PRINT_RECORD()

VOID PRINT_RECORD ( PEVENTLOGRECORD  pRec)

Definition at line 544 of file eventlog.c.

545{
546 UINT i;
547 PWSTR str;
548 LARGE_INTEGER SystemTime;
550
551 DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
552
553 DbgPrint("Length = %lu\n", pRec->Length);
554 DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
555 DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
556
557 RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
558 RtlTimeToTimeFields(&SystemTime, &Time);
559 DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
560 Time.Day, Time.Month, Time.Year,
561 Time.Hour, Time.Minute, Time.Second);
562
563 RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
564 RtlTimeToTimeFields(&SystemTime, &Time);
565 DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
566 Time.Day, Time.Month, Time.Year,
567 Time.Hour, Time.Minute, Time.Second);
568
569 DbgPrint("EventID = %lu\n", pRec->EventID);
570
571 switch (pRec->EventType)
572 {
574 DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
575 break;
577 DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
578 break;
580 DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
581 break;
583 DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
584 break;
586 DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
587 break;
588 default:
589 DbgPrint("EventType = %hu\n", pRec->EventType);
590 }
591
592 DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
593 DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
594 DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
595 DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
596 DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
597 DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
598 DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
599 DbgPrint("DataLength = %lu\n", pRec->DataLength);
600 DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
601
602 i = sizeof(EVENTLOGRECORD);
603 DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
604
605 i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
606 DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
607
608 if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
609 {
610 DbgPrint("Strings:\n");
611 str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
612 for (i = 0; i < pRec->NumStrings; i++)
613 {
614 DbgPrint("[%u] %S\n", i, str);
615 str += wcslen(str) + 1;
616 }
617 }
618
619 DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
620}
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define DbgPrint
Definition: hal.h:12
static PLARGE_INTEGER Time
Definition: time.c:105
unsigned int UINT
Definition: ndis.h:50
NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime(_In_ ULONG SecondsSince1970, _Out_ PLARGE_INTEGER Time)
const WCHAR * str
DWORD StringOffset
Definition: winnt_old.h:2852
DWORD ClosingRecordNumber
Definition: winnt_old.h:2851
DWORD TimeGenerated
Definition: winnt_old.h:2844
DWORD RecordNumber
Definition: winnt_old.h:2843
DWORD UserSidOffset
Definition: winnt_old.h:2854
DWORD UserSidLength
Definition: winnt_old.h:2853
uint32_t * PULONG
Definition: typedefs.h:59
uint32_t ULONG_PTR
Definition: typedefs.h:65
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2834
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2838
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2836
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2837
struct _EVENTLOGRECORD EVENTLOGRECORD
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2835

Referenced by ProcessPortMessage().

◆ ReportProductInfoEvent()

static VOID ReportProductInfoEvent ( VOID  )
static

Definition at line 155 of file eventlog.c.

156{
157 OSVERSIONINFOW versionInfo;
158 WCHAR szBuffer[512];
159 PWSTR str;
160 size_t cchRemain;
161 HKEY hKey;
162 DWORD dwValueLength;
163 DWORD dwType;
164 LONG lResult = ERROR_SUCCESS;
165
166 ZeroMemory(&versionInfo, sizeof(versionInfo));
167 versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
168
169 /* Get version information */
170 if (!GetVersionExW(&versionInfo))
171 return;
172
173 ZeroMemory(szBuffer, sizeof(szBuffer));
174 str = szBuffer;
175 cchRemain = ARRAYSIZE(szBuffer);
176
177 /* Write the version number into the buffer */
178 StringCchPrintfExW(str, cchRemain,
179 &str, &cchRemain, 0,
180 L"%lu.%lu",
181 versionInfo.dwMajorVersion,
182 versionInfo.dwMinorVersion);
183 str++;
184 cchRemain++;
185
186 /* Write the build number into the buffer */
187 StringCchPrintfExW(str, cchRemain,
188 &str, &cchRemain, 0,
189 L"%lu",
190 versionInfo.dwBuildNumber);
191 str++;
192 cchRemain++;
193
194 /* Write the service pack info into the buffer */
195 StringCchCopyExW(str, cchRemain,
196 versionInfo.szCSDVersion,
197 &str, &cchRemain, 0);
198 str++;
199 cchRemain++;
200
201 /* Read 'CurrentType' from the registry and write it into the buffer */
203 L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
204 0,
206 &hKey);
207 if (lResult == ERROR_SUCCESS)
208 {
209 dwValueLength = cchRemain;
210 lResult = RegQueryValueExW(hKey,
211 L"CurrentType",
212 NULL,
213 &dwType,
214 (LPBYTE)str,
215 &dwValueLength);
216
218 }
219
220 /* Log the product information */
222 0,
224 4,
225 szBuffer,
226 0,
227 NULL);
228}
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
BOOL WINAPI GetVersionExW(IN LPOSVERSIONINFOW lpVersionInformation)
Definition: version.c:37
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
#define EVENT_EventLogProductInfo
Definition: netevent.h:241
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
ULONG dwMinorVersion
Definition: rtltypes.h:248
ULONG dwOSVersionInfoSize
Definition: rtltypes.h:246
ULONG dwMajorVersion
Definition: rtltypes.h:247
ULONG dwBuildNumber
Definition: rtltypes.h:249
WCHAR szCSDVersion[128]
Definition: rtltypes.h:251
#define ZeroMemory
Definition: winbase.h:1712
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Referenced by ServiceMain().

◆ ServiceControlHandler()

static DWORD WINAPI ServiceControlHandler ( DWORD  dwControl,
DWORD  dwEventType,
LPVOID  lpEventData,
LPVOID  lpContext 
)
static

Definition at line 62 of file eventlog.c.

66{
67 DPRINT("ServiceControlHandler() called\n");
68
69 switch (dwControl)
70 {
72 DPRINT(" SERVICE_CONTROL_STOP received\n");
73
75 0,
77
78 /* Stop listening to incoming RPC messages */
81 return ERROR_SUCCESS;
82
84 DPRINT(" SERVICE_CONTROL_PAUSE received\n");
86 return ERROR_SUCCESS;
87
89 DPRINT(" SERVICE_CONTROL_CONTINUE received\n");
91 return ERROR_SUCCESS;
92
94 DPRINT(" SERVICE_CONTROL_INTERROGATE received\n");
97 return ERROR_SUCCESS;
98
100 DPRINT(" SERVICE_CONTROL_SHUTDOWN received\n");
101
103 0,
105
107 return ERROR_SUCCESS;
108
109 default:
110 DPRINT1(" Control %lu received\n", dwControl);
112 }
113}
static VOID UpdateServiceStatus(DWORD dwState)
Definition: eventlog.c:40
SERVICE_STATUS_HANDLE ServiceStatusHandle
Definition: eventlog.c:31
SERVICE_STATUS ServiceStatus
Definition: eventlog.c:30
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define EVENT_EventlogStopped
Definition: netevent.h:244
RPC_STATUS WINAPI RpcMgmtStopServerListening(RPC_BINDING_HANDLE Binding)
Definition: rpc_server.c:1596
BOOL WINAPI SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
Definition: sctrl.c:997
#define SERVICE_STOPPED
Definition: winsvc.h:21
#define SERVICE_CONTROL_SHUTDOWN
Definition: winsvc.h:40
#define SERVICE_PAUSED
Definition: winsvc.h:27
#define SERVICE_RUNNING
Definition: winsvc.h:24
#define SERVICE_CONTROL_CONTINUE
Definition: winsvc.h:38
#define SERVICE_CONTROL_STOP
Definition: winsvc.h:36
#define SERVICE_CONTROL_PAUSE
Definition: winsvc.h:37
#define SERVICE_CONTROL_INTERROGATE
Definition: winsvc.h:39

Referenced by ServiceMain().

◆ ServiceInit()

static DWORD ServiceInit ( VOID  )
static

Definition at line 117 of file eventlog.c.

118{
120
122 0,
124 NULL,
125 0,
126 NULL);
127 if (!hThread)
128 {
129 DPRINT("Cannot create PortThread\n");
130 return GetLastError();
131 }
132 else
134
136 0,
138 NULL,
139 0,
140 NULL);
141
142 if (!hThread)
143 {
144 DPRINT("Cannot create RpcThread\n");
145 return GetLastError();
146 }
147 else
149
150 return ERROR_SUCCESS;
151}
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpcserver.c:20
#define CloseHandle
Definition: compat.h:739
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:137
NTSTATUS WINAPI PortThreadRoutine(PVOID Param)
Definition: logport.c:27
HANDLE hThread
Definition: wizard.c:28
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
DWORD(WINAPI * LPTHREAD_START_ROUTINE)(LPVOID)
Definition: winbase.h:729

Referenced by ServiceMain().

◆ ServiceMain()

static VOID CALLBACK ServiceMain ( DWORD  argc,
LPWSTR argv 
)
static

Definition at line 232 of file eventlog.c.

234{
235 DWORD dwError;
236
239
240 DPRINT("ServiceMain() called\n");
241
244 NULL);
246 {
247 dwError = GetLastError();
248 DPRINT1("RegisterServiceCtrlHandlerW() failed! (Error %lu)\n", dwError);
249 return;
250 }
251
253
254 dwError = ServiceInit();
255 if (dwError != ERROR_SUCCESS)
256 {
257 DPRINT("Service stopped (dwError: %lu\n", dwError);
259 }
260 else
261 {
262 DPRINT("Service started\n");
264
266
268 0,
270 0,
271 NULL,
272 0,
273 NULL);
274 }
275
276 DPRINT("ServiceMain() done\n");
277}
static int argc
Definition: ServiceArgs.c:12
static WCHAR ServiceName[]
Definition: eventlog.c:23
static DWORD ServiceInit(VOID)
Definition: eventlog.c:117
static DWORD WINAPI ServiceControlHandler(DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
Definition: eventlog.c:62
static VOID ReportProductInfoEvent(VOID)
Definition: eventlog.c:155
#define argv
Definition: mplay32.c:18
#define EVENT_EventlogStarted
Definition: netevent.h:243
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
SERVICE_STATUS_HANDLE WINAPI RegisterServiceCtrlHandlerExW(LPCWSTR lpServiceName, LPHANDLER_FUNCTION_EX lpHandlerProc, LPVOID lpContext)
Definition: sctrl.c:812
#define SERVICE_START_PENDING
Definition: winsvc.h:22

◆ UpdateServiceStatus()

static VOID UpdateServiceStatus ( DWORD  dwState)
static

Definition at line 40 of file eventlog.c.

41{
48
49 if (dwState == SERVICE_START_PENDING ||
50 dwState == SERVICE_STOP_PENDING ||
51 dwState == SERVICE_PAUSE_PENDING ||
52 dwState == SERVICE_CONTINUE_PENDING)
54 else
56
59}
DWORD dwServiceType
Definition: winsvc.h:99
DWORD dwWin32ExitCode
Definition: winsvc.h:102
DWORD dwControlsAccepted
Definition: winsvc.h:101
DWORD dwWaitHint
Definition: winsvc.h:105
DWORD dwCurrentState
Definition: winsvc.h:100
DWORD dwCheckPoint
Definition: winsvc.h:104
DWORD dwServiceSpecificExitCode
Definition: winsvc.h:103
#define SERVICE_STOP_PENDING
Definition: winsvc.h:23
#define SERVICE_PAUSE_PENDING
Definition: winsvc.h:26
#define SERVICE_CONTINUE_PENDING
Definition: winsvc.h:25
#define SERVICE_WIN32_OWN_PROCESS
Definition: cmtypes.h:962

Referenced by ServiceControlHandler(), and ServiceMain().

◆ wmain()

int wmain ( int  argc,
WCHAR argv[] 
)

Definition at line 496 of file eventlog.c.

497{
498 INT RetCode = 0;
499 LONG Result;
500 HKEY elogKey;
501 WCHAR LogPath[MAX_PATH];
502
505
506 GetSystemWindowsDirectoryW(LogPath, ARRAYSIZE(LogPath));
507
508 if (GetDriveTypeW(LogPath) == DRIVE_CDROM)
509 {
510 DPRINT("LiveCD detected\n");
511 onLiveCD = TRUE;
512 }
513 else
514 {
516 L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
517 0,
519 &elogKey);
520 if (Result != ERROR_SUCCESS)
521 {
522 DPRINT1("Fatal error: cannot open eventlog registry key.\n");
523 RetCode = 1;
524 goto bye_bye;
525 }
526
527 LoadLogFiles(elogKey);
528 }
529
531 if (!EventLogSource)
532 {
533 DPRINT1("The 'EventLog' source is unavailable. The EventLog service will not be able to log its own events.\n");
534 }
535
537
538bye_bye:
539 LogfCloseAll();
540
541 return RetCode;
542}
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
BOOL onLiveCD
Definition: eventlog.c:33
static BOOL LoadLogFiles(HKEY eventlogKey)
Definition: eventlog.c:429
static SERVICE_TABLE_ENTRYW ServiceTable[2]
Definition: eventlog.c:24
#define MAX_PATH
Definition: compat.h:34
UINT WINAPI GetDriveTypeW(IN LPCWSTR lpRootPathName)
Definition: disk.c:497
UINT WINAPI GetSystemWindowsDirectoryW(OUT LPWSTR lpBuffer, IN UINT uSize)
Definition: path.c:2397
VOID InitEventSourceList(VOID)
Definition: eventsource.c:22
VOID LogfListInitialize(VOID)
Definition: file.c:27
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
VOID LogfCloseAll(VOID)
Definition: file.c:452
#define DRIVE_CDROM
Definition: machpc98.h:119
int32_t INT
Definition: typedefs.h:58
#define StartServiceCtrlDispatcher
Definition: winsvc.h:586

Variable Documentation

◆ EventLogSource

PEVENTSOURCE EventLogSource = NULL

Definition at line 35 of file eventlog.c.

Referenced by CheckLogOrSourceExistence(), InstallEventSource(), LogfReportEvent(), and wmain().

◆ onLiveCD

BOOL onLiveCD = FALSE

Definition at line 33 of file eventlog.c.

Referenced by ProcessPortMessage(), and wmain().

◆ ServiceName

WCHAR ServiceName[] = L"EventLog"
static

Definition at line 23 of file eventlog.c.

Referenced by ServiceMain().

◆ ServiceStatus

SERVICE_STATUS ServiceStatus

Definition at line 30 of file eventlog.c.

Referenced by ServiceControlHandler(), and UpdateServiceStatus().

◆ ServiceStatusHandle

SERVICE_STATUS_HANDLE ServiceStatusHandle

Definition at line 31 of file eventlog.c.

Referenced by ServiceControlHandler(), ServiceMain(), and UpdateServiceStatus().

◆ ServiceTable

SERVICE_TABLE_ENTRYW ServiceTable[2]
static
Initial value:
=
{
{ NULL, NULL }
}
static VOID CALLBACK ServiceMain(DWORD, LPWSTR *)
Definition: eventlog.c:232

Definition at line 24 of file eventlog.c.

Referenced by _tmain(), KiSystemService(), and wmain().