ReactOS  0.4.12-dev-57-g7050ac4
eventlog.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS EventLog Service
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: base/services/eventlog/eventlog.c
5  * PURPOSE: Event logging service
6  * COPYRIGHT: Copyright 2002 Eric Kohl
7  * Copyright 2005 Saveliy Tretiakov
8  * Hermes Belusca-Maito
9  */
10 
11 /* INCLUDES *****************************************************************/
12 
13 #include "eventlog.h"
14 #include <stdio.h>
15 #include <netevent.h>
16 
17 #define NDEBUG
18 #include <debug.h>
19 
20 /* GLOBALS ******************************************************************/
21 
23 static WCHAR ServiceName[] = L"EventLog";
25 {
27  { NULL, NULL }
28 };
29 
32 
33 BOOL onLiveCD = FALSE; // On LiveCD events will go to debug output only
34 
36 
37 /* FUNCTIONS ****************************************************************/
38 
39 static VOID
41 {
43  ServiceStatus.dwCurrentState = dwState;
44  ServiceStatus.dwControlsAccepted = 0;
45  ServiceStatus.dwWin32ExitCode = 0;
46  ServiceStatus.dwServiceSpecificExitCode = 0;
47  ServiceStatus.dwCheckPoint = 0;
48 
49  if (dwState == SERVICE_START_PENDING ||
50  dwState == SERVICE_STOP_PENDING ||
51  dwState == SERVICE_PAUSE_PENDING ||
52  dwState == SERVICE_CONTINUE_PENDING)
53  ServiceStatus.dwWaitHint = 10000;
54  else
55  ServiceStatus.dwWaitHint = 0;
56 
58  &ServiceStatus);
59 }
60 
61 static DWORD WINAPI
63  DWORD dwEventType,
64  LPVOID lpEventData,
65  LPVOID lpContext)
66 {
67  DPRINT("ServiceControlHandler() called\n");
68 
69  switch (dwControl)
70  {
72  DPRINT(" SERVICE_CONTROL_STOP received\n");
73 
75  0,
77 
78  /* Stop listening to incoming RPC messages */
81  return ERROR_SUCCESS;
82 
84  DPRINT(" SERVICE_CONTROL_PAUSE received\n");
86  return ERROR_SUCCESS;
87 
89  DPRINT(" SERVICE_CONTROL_CONTINUE received\n");
91  return ERROR_SUCCESS;
92 
94  DPRINT(" SERVICE_CONTROL_INTERROGATE received\n");
96  &ServiceStatus);
97  return ERROR_SUCCESS;
98 
100  DPRINT(" SERVICE_CONTROL_SHUTDOWN received\n");
101 
103  0,
105 
107  return ERROR_SUCCESS;
108 
109  default:
110  DPRINT1(" Control %lu received\n", dwControl);
112  }
113 }
114 
115 
116 static DWORD
118 {
119  HANDLE hThread;
120 
121  hThread = CreateThread(NULL,
122  0,
124  NULL,
125  0,
126  NULL);
127  if (!hThread)
128  {
129  DPRINT("Cannot create PortThread\n");
130  return GetLastError();
131  }
132  else
133  CloseHandle(hThread);
134 
135  hThread = CreateThread(NULL,
136  0,
138  NULL,
139  0,
140  NULL);
141 
142  if (!hThread)
143  {
144  DPRINT("Cannot create RpcThread\n");
145  return GetLastError();
146  }
147  else
148  CloseHandle(hThread);
149 
150  return ERROR_SUCCESS;
151 }
152 
153 
154 static VOID
156 {
157  OSVERSIONINFOW versionInfo;
158  WCHAR szBuffer[512];
159  PWSTR str;
160  size_t cchRemain;
161  HKEY hKey;
162  DWORD dwValueLength;
163  DWORD dwType;
164  LONG lResult = ERROR_SUCCESS;
165 
166  ZeroMemory(&versionInfo, sizeof(versionInfo));
167  versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
168 
169  /* Get version information */
170  if (!GetVersionExW(&versionInfo))
171  return;
172 
173  ZeroMemory(szBuffer, sizeof(szBuffer));
174  str = szBuffer;
175  cchRemain = ARRAYSIZE(szBuffer);
176 
177  /* Write the version number into the buffer */
178  StringCchPrintfExW(str, cchRemain,
179  &str, &cchRemain, 0,
180  L"%lu.%lu",
181  versionInfo.dwMajorVersion,
182  versionInfo.dwMinorVersion);
183  str++;
184  cchRemain++;
185 
186  /* Write the build number into the buffer */
187  StringCchPrintfExW(str, cchRemain,
188  &str, &cchRemain, 0,
189  L"%lu",
190  versionInfo.dwBuildNumber);
191  str++;
192  cchRemain++;
193 
194  /* Write the service pack info into the buffer */
195  StringCchCopyExW(str, cchRemain,
196  versionInfo.szCSDVersion,
197  &str, &cchRemain, 0);
198  str++;
199  cchRemain++;
200 
201  /* Read 'CurrentType' from the registry and write it into the buffer */
203  L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
204  0,
206  &hKey);
207  if (lResult == ERROR_SUCCESS)
208  {
209  dwValueLength = cchRemain;
210  lResult = RegQueryValueExW(hKey,
211  L"CurrentType",
212  NULL,
213  &dwType,
214  (LPBYTE)str,
215  &dwValueLength);
216 
217  RegCloseKey(hKey);
218  }
219 
220  /* Log the product information */
222  0,
224  4,
225  szBuffer,
226  0,
227  NULL);
228 }
229 
230 
231 static VOID CALLBACK
233  LPWSTR* argv)
234 {
235  DWORD dwError;
236 
239 
240  DPRINT("ServiceMain() called\n");
241 
244  NULL);
245  if (!ServiceStatusHandle)
246  {
247  dwError = GetLastError();
248  DPRINT1("RegisterServiceCtrlHandlerW() failed! (Error %lu)\n", dwError);
249  return;
250  }
251 
253 
254  dwError = ServiceInit();
255  if (dwError != ERROR_SUCCESS)
256  {
257  DPRINT("Service stopped (dwError: %lu\n", dwError);
259  }
260  else
261  {
262  DPRINT("Service started\n");
264 
266 
268  0,
270  0,
271  NULL,
272  0,
273  NULL);
274  }
275 
276  DPRINT("ServiceMain() done\n");
277 }
278 
279 
280 static PLOGFILE
281 LoadLogFile(HKEY hKey, PWSTR LogName)
282 {
283  DWORD MaxValueLen, ValueLen, Type, ExpandedLen;
284  PWSTR Buf = NULL, Expanded = NULL;
285  LONG Result;
286  PLOGFILE pLogf = NULL;
288  ULONG ulMaxSize, ulRetention;
290 
291  DPRINT("LoadLogFile: `%S'\n", LogName);
292 
293  Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, NULL, NULL, NULL,
294  NULL, NULL, &MaxValueLen, NULL, NULL);
295  if (Result != ERROR_SUCCESS)
296  {
297  DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
298  return NULL;
299  }
300 
301  MaxValueLen = ROUND_DOWN(MaxValueLen, sizeof(WCHAR));
302  Buf = HeapAlloc(GetProcessHeap(), 0, MaxValueLen);
303  if (!Buf)
304  {
305  DPRINT1("Cannot allocate heap!\n");
306  return NULL;
307  }
308 
309  ValueLen = MaxValueLen;
310  Result = RegQueryValueExW(hKey,
311  L"File",
312  NULL,
313  &Type,
314  (LPBYTE)Buf,
315  &ValueLen);
316  /*
317  * If we failed, because the registry value was inexistent
318  * or the value type was incorrect, create a new "File" value
319  * that holds the default event log path.
320  */
321  if ((Result != ERROR_SUCCESS) || (Type != REG_EXPAND_SZ && Type != REG_SZ))
322  {
323  MaxValueLen = (wcslen(L"%SystemRoot%\\System32\\Config\\") +
324  wcslen(LogName) + wcslen(L".evt") + 1) * sizeof(WCHAR);
325 
326  Expanded = HeapReAlloc(GetProcessHeap(), 0, Buf, MaxValueLen);
327  if (!Expanded)
328  {
329  DPRINT1("Cannot reallocate heap!\n");
330  HeapFree(GetProcessHeap(), 0, Buf);
331  return NULL;
332  }
333  Buf = Expanded;
334 
335  StringCbCopyW(Buf, MaxValueLen, L"%SystemRoot%\\System32\\Config\\");
336  StringCbCatW(Buf, MaxValueLen, LogName);
337  StringCbCatW(Buf, MaxValueLen, L".evt");
338 
339  ValueLen = MaxValueLen;
340  Result = RegSetValueExW(hKey,
341  L"File",
342  0,
344  (LPBYTE)Buf,
345  ValueLen);
346  if (Result != ERROR_SUCCESS)
347  {
348  DPRINT1("RegSetValueExW failed: %lu\n", Result);
349  HeapFree(GetProcessHeap(), 0, Buf);
350  return NULL;
351  }
352  }
353 
354  ExpandedLen = ExpandEnvironmentStringsW(Buf, NULL, 0);
355  Expanded = HeapAlloc(GetProcessHeap(), 0, ExpandedLen * sizeof(WCHAR));
356  if (!Expanded)
357  {
358  DPRINT1("Cannot allocate heap!\n");
359  HeapFree(GetProcessHeap(), 0, Buf);
360  return NULL;
361  }
362 
363  ExpandEnvironmentStringsW(Buf, Expanded, ExpandedLen);
364 
365  if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName, NULL, NULL))
366  {
367  DPRINT1("Cannot convert path!\n");
368  HeapFree(GetProcessHeap(), 0, Expanded);
369  HeapFree(GetProcessHeap(), 0, Buf);
370  return NULL;
371  }
372 
373  DPRINT("%S -> %S\n", Buf, Expanded);
374 
375  ValueLen = sizeof(ulMaxSize);
376  Result = RegQueryValueExW(hKey,
377  L"MaxSize",
378  NULL,
379  &Type,
380  (LPBYTE)&ulMaxSize,
381  &ValueLen);
382  if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
383  {
384  ulMaxSize = 512 * 1024; /* 512 kBytes */
385 
386  Result = RegSetValueExW(hKey,
387  L"MaxSize",
388  0,
389  REG_DWORD,
390  (LPBYTE)&ulMaxSize,
391  sizeof(ulMaxSize));
392  }
393 
394  ValueLen = sizeof(ulRetention);
395  Result = RegQueryValueExW(hKey,
396  L"Retention",
397  NULL,
398  &Type,
399  (LPBYTE)&ulRetention,
400  &ValueLen);
401  if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
402  {
403  /* On Windows 2003 it is 604800 (secs) == 7 days */
404  ulRetention = 0;
405 
406  Result = RegSetValueExW(hKey,
407  L"Retention",
408  0,
409  REG_DWORD,
410  (LPBYTE)&ulRetention,
411  sizeof(ulRetention));
412  }
413 
414  // TODO: Add, or use, default values for "AutoBackupLogFiles" (REG_DWORD)
415  // and "CustomSD" (REG_SZ).
416 
417  Status = LogfCreate(&pLogf, LogName, &FileName, ulMaxSize, ulRetention, TRUE, FALSE);
418  if (!NT_SUCCESS(Status))
419  {
420  DPRINT1("Failed to create %S! (Status %08lx)\n", Expanded, Status);
421  }
422 
423  HeapFree(GetProcessHeap(), 0, Expanded);
424  HeapFree(GetProcessHeap(), 0, Buf);
425  return pLogf;
426 }
427 
428 static BOOL
429 LoadLogFiles(HKEY eventlogKey)
430 {
431  LONG Result;
432  DWORD MaxLognameLen, LognameLen;
433  DWORD dwIndex;
434  PWSTR Buf = NULL;
435  PLOGFILE pLogFile;
436 
437  Result = RegQueryInfoKeyW(eventlogKey, NULL, NULL, NULL, NULL, &MaxLognameLen,
438  NULL, NULL, NULL, NULL, NULL, NULL);
439  if (Result != ERROR_SUCCESS)
440  {
441  DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
442  return FALSE;
443  }
444 
445  MaxLognameLen++;
446 
447  Buf = HeapAlloc(GetProcessHeap(), 0, MaxLognameLen * sizeof(WCHAR));
448  if (!Buf)
449  {
450  DPRINT1("Error: cannot allocate heap!\n");
451  return FALSE;
452  }
453 
454  LognameLen = MaxLognameLen;
455  dwIndex = 0;
456  while (RegEnumKeyExW(eventlogKey,
457  dwIndex,
458  Buf,
459  &LognameLen,
461  {
462  HKEY SubKey;
463 
464  DPRINT("%S\n", Buf);
465 
466  Result = RegOpenKeyExW(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
467  if (Result != ERROR_SUCCESS)
468  {
469  DPRINT1("Failed to open %S key.\n", Buf);
470  HeapFree(GetProcessHeap(), 0, Buf);
471  return FALSE;
472  }
473 
474  pLogFile = LoadLogFile(SubKey, Buf);
475  if (pLogFile != NULL)
476  {
477  DPRINT("Loaded %S\n", Buf);
478  LoadEventSources(SubKey, pLogFile);
479  }
480  else
481  {
482  DPRINT1("Failed to load %S\n", Buf);
483  }
484 
485  RegCloseKey(SubKey);
486 
487  LognameLen = MaxLognameLen;
488  dwIndex++;
489  }
490 
491  HeapFree(GetProcessHeap(), 0, Buf);
492  return TRUE;
493 }
494 
495 
496 int wmain(int argc, WCHAR* argv[])
497 {
498  INT RetCode = 0;
499  LONG Result;
500  HKEY elogKey;
501  WCHAR LogPath[MAX_PATH];
502 
505 
506  GetSystemWindowsDirectoryW(LogPath, ARRAYSIZE(LogPath));
507 
508  if (GetDriveTypeW(LogPath) == DRIVE_CDROM)
509  {
510  DPRINT("LiveCD detected\n");
511  onLiveCD = TRUE;
512  }
513  else
514  {
516  L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
517  0,
519  &elogKey);
520  if (Result != ERROR_SUCCESS)
521  {
522  DPRINT1("Fatal error: cannot open eventlog registry key.\n");
523  RetCode = 1;
524  goto bye_bye;
525  }
526 
527  LoadLogFiles(elogKey);
528  }
529 
530  EventLogSource = GetEventSourceByName(L"EventLog");
531  if (!EventLogSource)
532  {
533  DPRINT1("The 'EventLog' source is unavailable. The EventLog service will not be able to log its own events.\n");
534  }
535 
536  StartServiceCtrlDispatcher(ServiceTable);
537 
538 bye_bye:
539  LogfCloseAll();
540 
541  return RetCode;
542 }
543 
545 {
546  UINT i;
547  PWSTR str;
548  LARGE_INTEGER SystemTime;
550 
551  DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
552 
553  DbgPrint("Length = %lu\n", pRec->Length);
554  DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
555  DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
556 
557  RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
558  RtlTimeToTimeFields(&SystemTime, &Time);
559  DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
560  Time.Day, Time.Month, Time.Year,
561  Time.Hour, Time.Minute, Time.Second);
562 
563  RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
564  RtlTimeToTimeFields(&SystemTime, &Time);
565  DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
566  Time.Day, Time.Month, Time.Year,
567  Time.Hour, Time.Minute, Time.Second);
568 
569  DbgPrint("EventID = %lu\n", pRec->EventID);
570 
571  switch (pRec->EventType)
572  {
573  case EVENTLOG_ERROR_TYPE:
574  DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
575  break;
577  DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
578  break;
580  DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
581  break;
583  DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
584  break;
586  DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
587  break;
588  default:
589  DbgPrint("EventType = %hu\n", pRec->EventType);
590  }
591 
592  DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
593  DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
594  DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
595  DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
596  DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
597  DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
598  DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
599  DbgPrint("DataLength = %lu\n", pRec->DataLength);
600  DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
601 
602  i = sizeof(EVENTLOGRECORD);
603  DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
604 
605  i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
606  DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
607 
608  if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
609  {
610  DbgPrint("Strings:\n");
611  str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
612  for (i = 0; i < pRec->NumStrings; i++)
613  {
614  DbgPrint("[%u] %S\n", i, str);
615  str += wcslen(str) + 1;
616  }
617  }
618 
619  DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
620 }
SERVICE_STATUS ServiceStatus
Definition: eventlog.c:30
static int argc
Definition: ServiceArgs.c:12
UINT WINAPI GetSystemWindowsDirectoryW(OUT LPWSTR lpBuffer, IN UINT uSize)
Definition: path.c:2396
static DWORD WINAPI ServiceControlHandler(DWORD dwControl, DWORD dwEventType, LPVOID lpEventData, LPVOID lpContext)
Definition: eventlog.c:62
DWORD(WINAPI * LPTHREAD_START_ROUTINE)(LPVOID)
Definition: winbase.h:707
#define TRUE
Definition: types.h:120
#define CloseHandle
Definition: compat.h:398
RPC_STATUS WINAPI RpcMgmtStopServerListening(RPC_BINDING_HANDLE Binding)
Definition: rpc_server.c:1599
VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
Definition: eventlog.c:544
Type
Definition: Type.h:6
#define ERROR_SUCCESS
Definition: deptool.c:10
DWORD dwCurrentState
Definition: winsvc.h:100
#define SERVICE_PAUSE_PENDING
Definition: winsvc.h:26
#define DbgPrint
Definition: loader.c:25
VOID LogfCloseAll(VOID)
Definition: file.c:452
VOID InitEventSourceList(VOID)
Definition: eventsource.c:22
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:323
__wchar_t WCHAR
Definition: xmlstorage.h:180
NTSTATUS WINAPI PortThreadRoutine(PVOID Param)
Definition: logport.c:27
NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime(_In_ ULONG SecondsSince1970, _Out_ PLARGE_INTEGER Time)
uint16_t * PWSTR
Definition: typedefs.h:54
#define SERVICE_PAUSED
Definition: winsvc.h:27
LONG NTSTATUS
Definition: precomp.h:26
#define CALLBACK
Definition: compat.h:27
WCHAR szCSDVersion[128]
Definition: rtltypes.h:247
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define ZeroMemory
Definition: winbase.h:1635
DWORD StringOffset
Definition: winnt_old.h:2648
#define SERVICE_START_PENDING
Definition: winsvc.h:22
DWORD dwServiceSpecificExitCode
Definition: winsvc.h:103
static VOID UpdateServiceStatus(DWORD dwState)
Definition: eventlog.c:40
BOOL WINAPI GetVersionExW(IN LPOSVERSIONINFOW lpVersionInformation)
Definition: version.c:37
static PLOGFILE LoadLogFile(HKEY hKey, PWSTR LogName)
Definition: eventlog.c:281
int32_t INT
Definition: typedefs.h:56
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
static char ** argv
Definition: ServiceArgs.c:11
uint32_t ULONG_PTR
Definition: typedefs.h:63
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
BOOL WINAPI SetServiceStatus(SERVICE_STATUS_HANDLE hServiceStatus, LPSERVICE_STATUS lpServiceStatus)
Definition: sctrl.c:957
struct _EVENTLOGRECORD EVENTLOGRECORD
VOID LogfListInitialize(VOID)
Definition: file.c:27
GLenum GLclampf GLint i
Definition: glfuncs.h:14
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
DWORD dwCheckPoint
Definition: winsvc.h:104
#define SERVICE_STOPPED
Definition: winsvc.h:21
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:52
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
long LONG
Definition: pedump.c:60
BOOL LoadEventSources(HKEY hKey, PLOGFILE pLogFile)
Definition: eventsource.c:82
#define StartServiceCtrlDispatcher
Definition: winsvc.h:586
#define SERVICE_RUNNING
Definition: winsvc.h:24
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpc.c:26
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
const WCHAR * str
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:112
smooth NULL
Definition: ftsmooth.c:416
static BOOL LoadLogFiles(HKEY eventlogKey)
Definition: eventlog.c:429
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
void DPRINT(...)
Definition: polytest.cpp:61
#define SERVICE_CONTROL_INTERROGATE
Definition: winsvc.h:39
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
#define SERVICE_WIN32_OWN_PROCESS
Definition: cmtypes.h:960
static SERVICE_STATUS_HANDLE(WINAPI *pRegisterServiceCtrlHandlerExA)(LPCSTR
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4917
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
unsigned int BOOL
Definition: ntddk_ex.h:94
ULONG dwMajorVersion
Definition: rtltypes.h:243
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
DWORD UserSidOffset
Definition: winnt_old.h:2650
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4134
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
DWORD dwWaitHint
Definition: winsvc.h:105
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
ULONG dwOSVersionInfoSize
Definition: rtltypes.h:242
#define MAX_PATH
Definition: compat.h:26
unsigned int UINT
Definition: ndis.h:50
DWORD dwWin32ExitCode
Definition: winsvc.h:102
unsigned long DWORD
Definition: ntddk_ex.h:95
DWORD dwServiceType
Definition: winsvc.h:99
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3704
ULONG dwBuildNumber
Definition: rtltypes.h:245
#define SERVICE_CONTROL_PAUSE
Definition: winsvc.h:37
static const WCHAR L[]
Definition: oid.c:1087
static DWORD ServiceInit(VOID)
Definition: eventlog.c:117
#define EVENT_EventlogStopped
Definition: netevent.h:244
DWORD RecordNumber
Definition: winnt_old.h:2639
SERVICE_STATUS_HANDLE WINAPI RegisterServiceCtrlHandlerExW(LPCWSTR lpServiceName, LPHANDLER_FUNCTION_EX lpHandlerProc, LPVOID lpContext)
Definition: sctrl.c:773
UINT WINAPI GetDriveTypeW(IN LPCWSTR lpRootPathName)
Definition: disk.c:497
#define WINAPI
Definition: msvc.h:20
static WCHAR ServiceName[]
Definition: eventlog.c:23
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
Status
Definition: gdiplustypes.h:24
static VOID CALLBACK ServiceMain(DWORD, LPWSTR *)
Definition: eventlog.c:232
static SERVICE_TABLE_ENTRYW ServiceTable[2]
Definition: eventlog.c:24
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:30
DWORD dwControlsAccepted
Definition: winsvc.h:101
struct _FileName FileName
Definition: fatprocs.h:884
#define SERVICE_CONTINUE_PENDING
Definition: winsvc.h:25
#define EVENT_EventLogProductInfo
Definition: netevent.h:241
DWORD TimeGenerated
Definition: winnt_old.h:2640
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define SERVICE_CONTROL_CONTINUE
Definition: winsvc.h:38
#define HeapReAlloc
Definition: compat.h:393
#define DRIVE_CDROM
Definition: winbase.h:251
unsigned int * PULONG
Definition: retypes.h:1
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
HANDLE hThread
Definition: wizard.c:27
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
#define DPRINT1
Definition: precomp.h:8
ULONG dwMinorVersion
Definition: rtltypes.h:244
#define EVENT_EventlogStarted
Definition: netevent.h:243
unsigned int ULONG
Definition: retypes.h:1
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3381
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:92
#define SERVICE_CONTROL_STOP
Definition: winsvc.h:36
SERVICE_STATUS_HANDLE ServiceStatusHandle
Definition: eventlog.c:31
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2541
DWORD UserSidLength
Definition: winnt_old.h:2649
WCHAR * LPWSTR
Definition: xmlstorage.h:184
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
#define REG_DWORD
Definition: sdbapi.c:539
#define SERVICE_STOP_PENDING
Definition: winsvc.h:23
static VOID ReportProductInfoEvent(VOID)
Definition: eventlog.c:155
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
BOOL onLiveCD
Definition: eventlog.c:33
static PLARGE_INTEGER Time
Definition: time.c:105
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
int wmain(int argc, WCHAR *argv[])
Definition: eventlog.c:496
#define SERVICE_CONTROL_SHUTDOWN
Definition: winsvc.h:40
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
DWORD ClosingRecordNumber
Definition: winnt_old.h:2647
#define REG_SZ
Definition: layer.c:22