ReactOS 0.4.16-dev-927-g467dec4
Functions
undocelfapi.h File Reference
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Functions

NTSTATUS NTAPI ElfBackupEventLogFileA (IN HANDLE hEventLog, IN PANSI_STRING BackupFileNameA)
 
NTSTATUS NTAPI ElfBackupEventLogFileW (IN HANDLE hEventLog, IN PUNICODE_STRING BackupFileNameU)
 
NTSTATUS NTAPI ElfClearEventLogFileA (IN HANDLE hEventLog, IN PANSI_STRING BackupFileNameA)
 
NTSTATUS NTAPI ElfClearEventLogFileW (IN HANDLE hEventLog, IN PUNICODE_STRING BackupFileNameU)
 
NTSTATUS NTAPI ElfCloseEventLog (IN HANDLE hEventLog)
 
NTSTATUS NTAPI ElfDeregisterEventSource (IN HANDLE hEventLog)
 
NTSTATUS NTAPI ElfNumberOfRecords (IN HANDLE hEventLog, OUT PULONG NumberOfRecords)
 
NTSTATUS NTAPI ElfOldestRecord (IN HANDLE hEventLog, OUT PULONG OldestRecordNumber)
 
NTSTATUS NTAPI ElfChangeNotify (IN HANDLE hEventLog, IN HANDLE hEvent)
 
NTSTATUS NTAPI ElfOpenBackupEventLogA (IN PANSI_STRING UNCServerNameA, IN PANSI_STRING BackupFileNameA, OUT PHANDLE phEventLog)
 
NTSTATUS NTAPI ElfOpenBackupEventLogW (IN PUNICODE_STRING UNCServerNameU, IN PUNICODE_STRING BackupFileNameU, OUT PHANDLE phEventLog)
 
NTSTATUS NTAPI ElfOpenEventLogA (IN PANSI_STRING UNCServerNameA, IN PANSI_STRING SourceNameA, OUT PHANDLE phEventLog)
 
NTSTATUS NTAPI ElfOpenEventLogW (IN PUNICODE_STRING UNCServerNameU, IN PUNICODE_STRING SourceNameU, OUT PHANDLE phEventLog)
 
NTSTATUS NTAPI ElfReadEventLogA (IN HANDLE hEventLog, IN ULONG ReadFlags, IN ULONG RecordOffset, OUT LPVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesRead, OUT PULONG MinNumberOfBytesNeeded)
 
NTSTATUS NTAPI ElfReadEventLogW (IN HANDLE hEventLog, IN ULONG ReadFlags, IN ULONG RecordOffset, OUT LPVOID Buffer, IN ULONG NumberOfBytesToRead, OUT PULONG NumberOfBytesRead, OUT PULONG MinNumberOfBytesNeeded)
 
NTSTATUS NTAPI ElfRegisterEventSourceA (IN PANSI_STRING UNCServerNameA, IN PANSI_STRING SourceNameA, OUT PHANDLE phEventLog)
 
NTSTATUS NTAPI ElfRegisterEventSourceW (IN PUNICODE_STRING UNCServerNameU, IN PUNICODE_STRING SourceNameU, OUT PHANDLE phEventLog)
 
NTSTATUS NTAPI ElfReportEventA (IN HANDLE hEventLog, IN USHORT EventType, IN USHORT EventCategory, IN ULONG EventID, IN PSID UserSID, IN USHORT NumStrings, IN ULONG DataSize, IN PANSI_STRING *Strings, IN PVOID Data, IN USHORT Flags, IN OUT PULONG RecordNumber, IN OUT PULONG TimeWritten)
 
NTSTATUS NTAPI ElfReportEventW (IN HANDLE hEventLog, IN USHORT EventType, IN USHORT EventCategory, IN ULONG EventID, IN PSID UserSID, IN USHORT NumStrings, IN ULONG DataSize, IN PUNICODE_STRING *Strings, IN PVOID Data, IN USHORT Flags, IN OUT PULONG RecordNumber, IN OUT PULONG TimeWritten)
 
NTSTATUS NTAPI ElfReportEventAndSourceW (IN HANDLE hEventLog, IN ULONG Time, IN PUNICODE_STRING ComputerName, IN USHORT EventType, IN USHORT EventCategory, IN ULONG EventID, IN PSID UserSID, IN PUNICODE_STRING SourceName, IN USHORT NumStrings, IN ULONG DataSize, IN PUNICODE_STRING *Strings, IN PVOID Data, IN USHORT Flags, IN OUT PULONG RecordNumber, IN OUT PULONG TimeWritten)
 
NTSTATUS NTAPI ElfFlushEventLog (IN HANDLE hEventLog)
 

Function Documentation

◆ ElfBackupEventLogFileA()

NTSTATUS NTAPI ElfBackupEventLogFileA ( IN HANDLE  hEventLog,
IN PANSI_STRING  BackupFileNameA 
)

Definition at line 154 of file eventlog.c.

156{
157 NTSTATUS Status;
158
159 if (!BackupFileNameA || (BackupFileNameA->Length == 0))
160 return STATUS_INVALID_PARAMETER;
161
162 RpcTryExcept
163 {
164 Status = ElfrBackupELFA(hEventLog,
165 (PRPC_STRING)BackupFileNameA);
166 }
167 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
168 {
169 Status = I_RpcMapWin32Status(RpcExceptionCode());
170 }
171 RpcEndExcept;
172
173 return Status;
174}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ElfrBackupELFA
NTSTATUS WINAPI ElfrBackupELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:787
Status
Status
Definition: gdiplustypes.h:25
EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:90
I_RpcMapWin32Status
LONG WINAPI I_RpcMapWin32Status(RPC_STATUS status)
Definition: rpcrt4_main.c:740
RpcEndExcept
#define RpcEndExcept
Definition: rpc.h:123
RpcTryExcept
#define RpcTryExcept
Definition: rpc.h:121
RpcExcept
#define RpcExcept(expr)
Definition: rpc.h:122
RpcExceptionCode
#define RpcExceptionCode()
Definition: rpc.h:127
_RPC_STRING
Definition: eventlogrpc.idl:16
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135

◆ ElfBackupEventLogFileW()

NTSTATUS NTAPI ElfBackupEventLogFileW ( IN HANDLE  hEventLog,
IN PUNICODE_STRING  BackupFileNameU 
)

Definition at line 222 of file eventlog.c.

224{
225 NTSTATUS Status;
226
227 if (!BackupFileNameU || (BackupFileNameU->Length == 0))
228 return STATUS_INVALID_PARAMETER;
229
230 RpcTryExcept
231 {
232 Status = ElfrBackupELFW(hEventLog,
233 (PRPC_UNICODE_STRING)BackupFileNameU);
234 }
235 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
236 {
237 Status = I_RpcMapWin32Status(RpcExceptionCode());
238 }
239 RpcEndExcept;
240
241 return Status;
242}
ElfrBackupELFW
NTSTATUS WINAPI ElfrBackupELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:313
_RPC_UNICODE_STRING
Definition: msv1_0.h:21

Referenced by BackupEventLogW().

◆ ElfChangeNotify()

NTSTATUS NTAPI ElfChangeNotify ( IN HANDLE  hEventLog,
IN HANDLE  hEvent 
)

Definition at line 646 of file eventlog.c.

648{
649 NTSTATUS Status;
650 CLIENT_ID ClientId = NtCurrentTeb()->ClientId;
651 RPC_CLIENT_ID RpcClientId;
652
653 RpcClientId.UniqueProcess = HandleToUlong(ClientId.UniqueProcess);
654 RpcClientId.UniqueThread = HandleToUlong(ClientId.UniqueThread);
655
656 RpcTryExcept
657 {
658 Status = ElfrChangeNotify(hEventLog, RpcClientId, HandleToUlong(hEvent));
659 }
660 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
661 {
662 Status = I_RpcMapWin32Status(RpcExceptionCode());
663 }
664 RpcEndExcept;
665
666 return Status;
667}
ElfrChangeNotify
NTSTATUS WINAPI ElfrChangeNotify(IELF_HANDLE LogHandle, RPC_CLIENT_ID ClientId, ULONG Event)
Definition: rpc.c:433
HandleToUlong
#define HandleToUlong(h)
Definition: basetsd.h:79
NtCurrentTeb
#define NtCurrentTeb
Definition: iphlpapi_private.h:4
hEvent
static HANDLE hEvent
Definition: comm.c:54
_CLIENT_ID
Definition: compat.h:824
_CLIENT_ID::UniqueThread
HANDLE UniqueThread
Definition: compat.h:826
_CLIENT_ID::UniqueProcess
HANDLE UniqueProcess
Definition: compat.h:825
_RPC_CLIENT_ID
Definition: eventlogrpc.idl:27
_RPC_CLIENT_ID::UniqueProcess
ULONG UniqueProcess
Definition: eventlogrpc.idl:28
_RPC_CLIENT_ID::UniqueThread
ULONG UniqueThread
Definition: eventlogrpc.idl:29
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1151

Referenced by NotifyChangeEventLog().

◆ ElfClearEventLogFileA()

NTSTATUS NTAPI ElfClearEventLogFileA ( IN HANDLE  hEventLog,
IN PANSI_STRING  BackupFileNameA 
)

Definition at line 285 of file eventlog.c.

287{
288 NTSTATUS Status;
289
290 RpcTryExcept
291 {
292 Status = ElfrClearELFA(hEventLog,
293 (PRPC_STRING)BackupFileNameA);
294 }
295 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
296 {
297 Status = I_RpcMapWin32Status(RpcExceptionCode());
298 }
299 RpcEndExcept;
300
301 return Status;
302}
ElfrClearELFA
NTSTATUS WINAPI ElfrClearELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:762

◆ ElfClearEventLogFileW()

NTSTATUS NTAPI ElfClearEventLogFileW ( IN HANDLE  hEventLog,
IN PUNICODE_STRING  BackupFileNameU 
)

Definition at line 347 of file eventlog.c.

349{
350 NTSTATUS Status;
351
352 RpcTryExcept
353 {
354 Status = ElfrClearELFW(hEventLog,
355 (PRPC_UNICODE_STRING)BackupFileNameU);
356 }
357 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
358 {
359 Status = I_RpcMapWin32Status(RpcExceptionCode());
360 }
361 RpcEndExcept;
362
363 return Status;
364}
ElfrClearELFW
NTSTATUS WINAPI ElfrClearELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:289

Referenced by ClearEventLogW().

◆ ElfCloseEventLog()

NTSTATUS NTAPI ElfCloseEventLog ( IN HANDLE  hEventLog)

Definition at line 409 of file eventlog.c.

410{
411 NTSTATUS Status;
412
413 RpcTryExcept
414 {
415 Status = ElfrCloseEL(&hEventLog);
416 }
417 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
418 {
419 Status = I_RpcMapWin32Status(RpcExceptionCode());
420 }
421 RpcEndExcept;
422
423 return Status;
424}
ElfrCloseEL
NTSTATUS WINAPI ElfrCloseEL(PIELF_HANDLE LogHandle)
Definition: rpc.c:333

Referenced by CloseEventLog().

◆ ElfDeregisterEventSource()

NTSTATUS NTAPI ElfDeregisterEventSource ( IN HANDLE  hEventLog)

Definition at line 455 of file eventlog.c.

456{
457 NTSTATUS Status;
458
459 RpcTryExcept
460 {
461 Status = ElfrDeregisterEventSource(&hEventLog);
462 }
463 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
464 {
465 Status = I_RpcMapWin32Status(RpcExceptionCode());
466 }
467 RpcEndExcept;
468
469 return Status;
470}
ElfrDeregisterEventSource
NTSTATUS WINAPI ElfrDeregisterEventSource(PIELF_HANDLE LogHandle)
Definition: rpc.c:343

Referenced by DeregisterEventSource(), and UserpLogHardError().

◆ ElfFlushEventLog()

NTSTATUS NTAPI ElfFlushEventLog ( IN HANDLE  hEventLog)

Definition at line 1633 of file eventlog.c.

1634{
1635 NTSTATUS Status;
1636
1637 RpcTryExcept
1638 {
1639 Status = ElfrFlushEL(hEventLog);
1640 }
1641 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1642 {
1643 Status = I_RpcMapWin32Status(RpcExceptionCode());
1644 }
1645 RpcEndExcept;
1646
1647 return Status;
1648}
ElfrFlushEL
NTSTATUS WINAPI ElfrFlushEL(IELF_HANDLE LogHandle)
Definition: rpc.c:1196

◆ ElfNumberOfRecords()

NTSTATUS NTAPI ElfNumberOfRecords ( IN HANDLE  hEventLog,
OUT PULONG  NumberOfRecords 
)

Definition at line 548 of file eventlog.c.

550{
551 NTSTATUS Status;
552
553 if (!NumberOfRecords)
554 return STATUS_INVALID_PARAMETER;
555
556 RpcTryExcept
557 {
558 Status = ElfrNumberOfRecords(hEventLog, NumberOfRecords);
559 }
560 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
561 {
562 Status = I_RpcMapWin32Status(RpcExceptionCode());
563 }
564 RpcEndExcept;
565
566 return Status;
567}
ElfrNumberOfRecords
NTSTATUS WINAPI ElfrNumberOfRecords(IELF_HANDLE LogHandle, PULONG NumberOfRecords)
Definition: rpc.c:353

Referenced by GetNumberOfEventLogRecords().

◆ ElfOldestRecord()

NTSTATUS NTAPI ElfOldestRecord ( IN HANDLE  hEventLog,
OUT PULONG  OldestRecordNumber 
)

Definition at line 597 of file eventlog.c.

599{
600 NTSTATUS Status;
601
602 if (!OldestRecordNumber)
603 return STATUS_INVALID_PARAMETER;
604
605 RpcTryExcept
606 {
607 Status = ElfrOldestRecord(hEventLog, OldestRecordNumber);
608 }
609 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
610 {
611 Status = I_RpcMapWin32Status(RpcExceptionCode());
612 }
613 RpcEndExcept;
614
615 return Status;
616}
ElfrOldestRecord
NTSTATUS WINAPI ElfrOldestRecord(IELF_HANDLE LogHandle, PULONG OldestRecordNumber)
Definition: rpc.c:402

Referenced by GetOldestEventLogRecord().

◆ ElfOpenBackupEventLogA()

NTSTATUS NTAPI ElfOpenBackupEventLogA ( IN PANSI_STRING  UNCServerNameA,
IN PANSI_STRING  BackupFileNameA,
OUT PHANDLE  phEventLog 
)

Definition at line 693 of file eventlog.c.

696{
697 NTSTATUS Status;
698 PSTR pUNCServerName = NULL;
699
700 if (!phEventLog || !BackupFileNameA || (BackupFileNameA->Length == 0))
701 return STATUS_INVALID_PARAMETER;
702
703 if (UNCServerNameA && (UNCServerNameA->Length != 0))
704 pUNCServerName = UNCServerNameA->Buffer;
705
706 *phEventLog = NULL;
707
708 RpcTryExcept
709 {
710 Status = ElfrOpenBELA(pUNCServerName,
711 (PRPC_STRING)BackupFileNameA,
712 1, 1,
713 (IELF_HANDLE*)phEventLog);
714 }
715 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
716 {
717 Status = I_RpcMapWin32Status(RpcExceptionCode());
718 }
719 RpcEndExcept;
720
721 return Status;
722}
ElfrOpenBELA
NTSTATUS WINAPI ElfrOpenBELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:897
NULL
#define NULL
Definition: types.h:112
PSTR
char * PSTR
Definition: typedefs.h:51

◆ ElfOpenBackupEventLogW()

NTSTATUS NTAPI ElfOpenBackupEventLogW ( IN PUNICODE_STRING  UNCServerNameU,
IN PUNICODE_STRING  BackupFileNameU,
OUT PHANDLE  phEventLog 
)

Definition at line 797 of file eventlog.c.

800{
801 NTSTATUS Status;
802 PWSTR pUNCServerName = NULL;
803
804 if (!phEventLog || !BackupFileNameU || (BackupFileNameU->Length == 0))
805 return STATUS_INVALID_PARAMETER;
806
807 if (UNCServerNameU && (UNCServerNameU->Length != 0))
808 pUNCServerName = UNCServerNameU->Buffer;
809
810 *phEventLog = NULL;
811
812 RpcTryExcept
813 {
814 Status = ElfrOpenBELW(pUNCServerName,
815 (PRPC_UNICODE_STRING)BackupFileNameU,
816 1,
817 1,
818 (IELF_HANDLE*)phEventLog);
819 }
820 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
821 {
822 Status = I_RpcMapWin32Status(RpcExceptionCode());
823 }
824 RpcEndExcept;
825
826 return Status;
827}
ElfrOpenBELW
NTSTATUS WINAPI ElfrOpenBELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:506
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56

Referenced by OpenBackupEventLogW().

◆ ElfOpenEventLogA()

NTSTATUS NTAPI ElfOpenEventLogA ( IN PANSI_STRING  UNCServerNameA,
IN PANSI_STRING  SourceNameA,
OUT PHANDLE  phEventLog 
)

Definition at line 885 of file eventlog.c.

888{
889 NTSTATUS Status;
890 PSTR pUNCServerName = NULL;
891
892 if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
893 return STATUS_INVALID_PARAMETER;
894
895 if (UNCServerNameA && (UNCServerNameA->Length != 0))
896 pUNCServerName = UNCServerNameA->Buffer;
897
898 *phEventLog = NULL;
899
900 RpcTryExcept
901 {
902 Status = ElfrOpenELA(pUNCServerName,
903 (PRPC_STRING)SourceNameA,
904 &EmptyStringA,
905 1,
906 1,
907 (IELF_HANDLE*)phEventLog);
908 }
909 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
910 {
911 Status = I_RpcMapWin32Status(RpcExceptionCode());
912 }
913 RpcEndExcept;
914
915 return Status;
916}
ElfrOpenELA
NTSTATUS WINAPI ElfrOpenELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:812
EmptyStringA
static RPC_STRING EmptyStringA
Definition: eventlog.c:34

Referenced by OpenEventLogA().

◆ ElfOpenEventLogW()

NTSTATUS NTAPI ElfOpenEventLogW ( IN PUNICODE_STRING  UNCServerNameU,
IN PUNICODE_STRING  SourceNameU,
OUT PHANDLE  phEventLog 
)

Definition at line 951 of file eventlog.c.

954{
955 NTSTATUS Status;
956 PWSTR pUNCServerName = NULL;
957
958 if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
959 return STATUS_INVALID_PARAMETER;
960
961 if (UNCServerNameU && (UNCServerNameU->Length != 0))
962 pUNCServerName = UNCServerNameU->Buffer;
963
964 *phEventLog = NULL;
965
966 RpcTryExcept
967 {
968 Status = ElfrOpenELW(pUNCServerName,
969 (PRPC_UNICODE_STRING)SourceNameU,
970 &EmptyStringU,
971 1,
972 1,
973 (IELF_HANDLE*)phEventLog);
974 }
975 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
976 {
977 Status = I_RpcMapWin32Status(RpcExceptionCode());
978 }
979 RpcEndExcept;
980
981 return Status;
982}
ElfrOpenELW
NTSTATUS WINAPI ElfrOpenELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:446
EmptyStringU
static RPC_UNICODE_STRING EmptyStringU
Definition: eventlog.c:33

Referenced by OpenEventLogW().

◆ ElfReadEventLogA()

NTSTATUS NTAPI ElfReadEventLogA ( IN HANDLE  hEventLog,
IN ULONG  ReadFlags,
IN ULONG  RecordOffset,
OUT LPVOID  Buffer,
IN ULONG  NumberOfBytesToRead,
OUT PULONG  NumberOfBytesRead,
OUT PULONG  MinNumberOfBytesNeeded 
)

Definition at line 1013 of file eventlog.c.

1020{
1021 NTSTATUS Status;
1022 ULONG Flags;
1023
1024 if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1025 {
1026 return STATUS_INVALID_PARAMETER;
1027 }
1028
1029 Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1030 if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1031 {
1032 return STATUS_INVALID_PARAMETER;
1033 }
1034
1035 Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1036 if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1037 {
1038 return STATUS_INVALID_PARAMETER;
1039 }
1040
1041 RpcTryExcept
1042 {
1043 Status = ElfrReadELA(hEventLog,
1044 ReadFlags,
1045 RecordOffset,
1046 NumberOfBytesToRead,
1047 Buffer,
1048 NumberOfBytesRead,
1049 MinNumberOfBytesNeeded);
1050 }
1051 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1052 {
1053 Status = I_RpcMapWin32Status(RpcExceptionCode());
1054 }
1055 RpcEndExcept;
1056
1057 return Status;
1058}
ElfrReadELA
NTSTATUS WINAPI ElfrReadELA(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:940
Buffer
Definition: bufpool.h:45
ULONG
uint32_t ULONG
Definition: typedefs.h:59
EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2863
EVENTLOG_BACKWARDS_READ
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2866
EVENTLOG_FORWARDS_READ
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2865
EVENTLOG_SEEK_READ
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:2864
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170

Referenced by ReadEventLogA().

◆ ElfReadEventLogW()

NTSTATUS NTAPI ElfReadEventLogW ( IN HANDLE  hEventLog,
IN ULONG  ReadFlags,
IN ULONG  RecordOffset,
OUT LPVOID  Buffer,
IN ULONG  NumberOfBytesToRead,
OUT PULONG  NumberOfBytesRead,
OUT PULONG  MinNumberOfBytesNeeded 
)

Definition at line 1106 of file eventlog.c.

1113{
1114 NTSTATUS Status;
1115 ULONG Flags;
1116
1117 if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1118 {
1119 return STATUS_INVALID_PARAMETER;
1120 }
1121
1122 Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1123 if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1124 {
1125 return STATUS_INVALID_PARAMETER;
1126 }
1127
1128 Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1129 if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1130 {
1131 return STATUS_INVALID_PARAMETER;
1132 }
1133
1134 RpcTryExcept
1135 {
1136 Status = ElfrReadELW(hEventLog,
1137 ReadFlags,
1138 RecordOffset,
1139 NumberOfBytesToRead,
1140 Buffer,
1141 NumberOfBytesRead,
1142 MinNumberOfBytesNeeded);
1143 }
1144 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1145 {
1146 Status = I_RpcMapWin32Status(RpcExceptionCode());
1147 }
1148 RpcEndExcept;
1149
1150 return Status;
1151}
ElfrReadELW
NTSTATUS WINAPI ElfrReadELW(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:530

Referenced by ReadEventLogW().

◆ ElfRegisterEventSourceA()

NTSTATUS NTAPI ElfRegisterEventSourceA ( IN PANSI_STRING  UNCServerNameA,
IN PANSI_STRING  SourceNameA,
OUT PHANDLE  phEventLog 
)

Definition at line 1190 of file eventlog.c.

1193{
1194 NTSTATUS Status;
1195 PSTR pUNCServerName = NULL;
1196
1197 if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
1198 return STATUS_INVALID_PARAMETER;
1199
1200 if (UNCServerNameA && (UNCServerNameA->Length != 0))
1201 pUNCServerName = UNCServerNameA->Buffer;
1202
1203 *phEventLog = NULL;
1204
1205 RpcTryExcept
1206 {
1207 Status = ElfrRegisterEventSourceA(pUNCServerName,
1208 (PRPC_STRING)SourceNameA,
1209 &EmptyStringA,
1210 1,
1211 1,
1212 (IELF_HANDLE*)phEventLog);
1213 }
1214 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1215 {
1216 Status = I_RpcMapWin32Status(RpcExceptionCode());
1217 }
1218 RpcEndExcept;
1219
1220 return Status;
1221}
ElfrRegisterEventSourceA
NTSTATUS WINAPI ElfrRegisterEventSourceA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:849

Referenced by RegisterEventSourceA().

◆ ElfRegisterEventSourceW()

NTSTATUS NTAPI ElfRegisterEventSourceW ( IN PUNICODE_STRING  UNCServerNameU,
IN PUNICODE_STRING  SourceNameU,
OUT PHANDLE  phEventLog 
)

Definition at line 1261 of file eventlog.c.

1264{
1265 NTSTATUS Status;
1266 PWSTR pUNCServerName = NULL;
1267
1268 if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
1269 return STATUS_INVALID_PARAMETER;
1270
1271 if (UNCServerNameU && (UNCServerNameU->Length != 0))
1272 pUNCServerName = UNCServerNameU->Buffer;
1273
1274 *phEventLog = NULL;
1275
1276 RpcTryExcept
1277 {
1278 Status = ElfrRegisterEventSourceW(pUNCServerName,
1279 (PRPC_UNICODE_STRING)SourceNameU,
1280 &EmptyStringU,
1281 1,
1282 1,
1283 (IELF_HANDLE*)phEventLog);
1284 }
1285 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1286 {
1287 Status = I_RpcMapWin32Status(RpcExceptionCode());
1288 }
1289 RpcEndExcept;
1290
1291 return Status;
1292}
ElfrRegisterEventSourceW
NTSTATUS WINAPI ElfrRegisterEventSourceW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:474

Referenced by RegisterEventSourceW(), and UserpLogHardError().

◆ ElfReportEventA()

NTSTATUS NTAPI ElfReportEventA ( IN HANDLE  hEventLog,
IN USHORT  EventType,
IN USHORT  EventCategory,
IN ULONG  EventID,
IN PSID  UserSID,
IN USHORT  NumStrings,
IN ULONG  DataSize,
IN PANSI_STRING Strings,
IN PVOID  Data,
IN USHORT  Flags,
IN OUT PULONG  RecordNumber,
IN OUT PULONG  TimeWritten 
)

Definition at line 1323 of file eventlog.c.

1335{
1336 NTSTATUS Status;
1337 LARGE_INTEGER SystemTime;
1338 ULONG Time;
1339 ULONG dwSize;
1340 ANSI_STRING ComputerName;
1341 CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1342
1343 dwSize = ARRAYSIZE(szComputerName);
1344 GetComputerNameA(szComputerName, &dwSize);
1345 RtlInitAnsiString(&ComputerName, szComputerName);
1346
1347 NtQuerySystemTime(&SystemTime);
1348 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1349
1350 RpcTryExcept
1351 {
1352 Status = ElfrReportEventA(hEventLog,
1353 Time,
1354 EventType,
1355 EventCategory,
1356 EventID,
1357 NumStrings,
1358 DataSize,
1359 (PRPC_STRING)&ComputerName,
1360 (PRPC_SID)UserSID,
1361 (PRPC_STRING*)Strings,
1362 Data,
1363 Flags,
1364 RecordNumber,
1365 TimeWritten);
1366 }
1367 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1368 {
1369 Status = I_RpcMapWin32Status(RpcExceptionCode());
1370 }
1371 RpcEndExcept;
1372
1373 return Status;
1374}
ElfrReportEventA
NTSTATUS WINAPI ElfrReportEventA(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:992
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
Strings
static const WCHAR Strings[]
Definition: reg.c:35
RtlTimeToSecondsSince1970
BOOLEAN NTAPI RtlTimeToSecondsSince1970(PLARGE_INTEGER Time, PULONG ElapsedSeconds)
dwSize
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
Time
static PLARGE_INTEGER Time
Definition: time.c:105
DataSize
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4755
NumStrings
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT NumStrings
Definition: ndis.h:4753
EventType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
Definition: exfuncs.h:167
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
NtQuerySystemTime
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:569
GetComputerNameA
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
Definition: shimtest.c:21
_ANSI_STRING
Definition: env_spec_w32.h:375
_RPC_SID
Definition: msv1_0.h:13
_LARGE_INTEGER
Definition: typedefs.h:103
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:269
CHAR
char CHAR
Definition: xmlstorage.h:175

Referenced by ReportEventA().

◆ ElfReportEventAndSourceW()

NTSTATUS NTAPI ElfReportEventAndSourceW ( IN HANDLE  hEventLog,
IN ULONG  Time,
IN PUNICODE_STRING  ComputerName,
IN USHORT  EventType,
IN USHORT  EventCategory,
IN ULONG  EventID,
IN PSID  UserSID,
IN PUNICODE_STRING  SourceName,
IN USHORT  NumStrings,
IN ULONG  DataSize,
IN PUNICODE_STRING Strings,
IN PVOID  Data,
IN USHORT  Flags,
IN OUT PULONG  RecordNumber,
IN OUT PULONG  TimeWritten 
)

Definition at line 1586 of file eventlog.c.

1601{
1602 NTSTATUS Status;
1603
1604 RpcTryExcept
1605 {
1606 Status = ElfrReportEventAndSourceW(hEventLog,
1607 Time,
1608 EventType,
1609 EventCategory,
1610 EventID,
1611 (PRPC_UNICODE_STRING)SourceName,
1612 NumStrings,
1613 DataSize,
1614 (PRPC_UNICODE_STRING)ComputerName,
1615 (PRPC_SID)UserSID,
1616 (PRPC_UNICODE_STRING*)Strings,
1617 (PBYTE)Data,
1618 Flags,
1619 RecordNumber,
1620 TimeWritten);
1621 }
1622 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1623 {
1624 Status = I_RpcMapWin32Status(RpcExceptionCode());
1625 }
1626 RpcEndExcept;
1627
1628 return Status;
1629}
SourceName
WCHAR SourceName[256]
Definition: arping.c:28
ElfrReportEventAndSourceW
NTSTATUS WINAPI ElfrReportEventAndSourceW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:1224
PBYTE
BYTE * PBYTE
Definition: pedump.c:66

◆ ElfReportEventW()

NTSTATUS NTAPI ElfReportEventW ( IN HANDLE  hEventLog,
IN USHORT  EventType,
IN USHORT  EventCategory,
IN ULONG  EventID,
IN PSID  UserSID,
IN USHORT  NumStrings,
IN ULONG  DataSize,
IN PUNICODE_STRING Strings,
IN PVOID  Data,
IN USHORT  Flags,
IN OUT PULONG  RecordNumber,
IN OUT PULONG  TimeWritten 
)

Definition at line 1462 of file eventlog.c.

1474{
1475 NTSTATUS Status;
1476 LARGE_INTEGER SystemTime;
1477 ULONG Time;
1478 ULONG dwSize;
1479 UNICODE_STRING ComputerName;
1480 WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1481
1482 dwSize = ARRAYSIZE(szComputerName);
1483 GetComputerNameW(szComputerName, &dwSize);
1484 RtlInitUnicodeString(&ComputerName, szComputerName);
1485
1486 NtQuerySystemTime(&SystemTime);
1487 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1488
1489 RpcTryExcept
1490 {
1491 Status = ElfrReportEventW(hEventLog,
1492 Time,
1493 EventType,
1494 EventCategory,
1495 EventID,
1496 NumStrings,
1497 DataSize,
1498 (PRPC_UNICODE_STRING)&ComputerName,
1499 (PRPC_SID)UserSID,
1500 (PRPC_UNICODE_STRING*)Strings,
1501 Data,
1502 Flags,
1503 RecordNumber,
1504 TimeWritten);
1505 }
1506 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1507 {
1508 Status = I_RpcMapWin32Status(RpcExceptionCode());
1509 }
1510 RpcEndExcept;
1511
1512 return Status;
1513}
ElfrReportEventW
NTSTATUS WINAPI ElfrReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:724
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
_UNICODE_STRING
Definition: env_spec_w32.h:368
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by ReportEventW(), and UserpLogHardError().