ReactOS 0.4.16-dev-1521-gb8f1da6
rpc.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS EventLog Service
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: base/services/eventlog/rpc.c
5 * PURPOSE: RPC Port Interface support
6 * COPYRIGHT: Copyright 2005 Saveliy Tretiakov
7 * Copyright 2008 Michael Martin
8 * Copyright 2010-2011 Eric Kohl
9 */
10
11/* INCLUDES *****************************************************************/
12
13#include "eventlog.h"
14
15#define NDEBUG
16#include <debug.h>
17
18static LIST_ENTRY LogHandleListHead;
19static CRITICAL_SECTION LogHandleListCs;
20
21/* FUNCTIONS ****************************************************************/
22
23static NTSTATUS
24ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle);
25
26DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
27{
28 RPC_STATUS Status;
29
30 InitializeCriticalSection(&LogHandleListCs);
31 InitializeListHead(&LogHandleListHead);
32
33 Status = RpcServerUseProtseqEpW(L"ncacn_np", 20, L"\\pipe\\EventLog", NULL);
34 if (Status != RPC_S_OK)
35 {
36 DPRINT("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
37 goto Quit;
38 }
39
40 Status = RpcServerRegisterIf(eventlog_v0_0_s_ifspec, NULL, NULL);
41 if (Status != RPC_S_OK)
42 {
43 DPRINT("RpcServerRegisterIf() failed (Status %lx)\n", Status);
44 goto Quit;
45 }
46
47 Status = RpcServerListen(1, RPC_C_LISTEN_MAX_CALLS_DEFAULT, FALSE);
48 if (Status != RPC_S_OK)
49 {
50 DPRINT("RpcServerListen() failed (Status %lx)\n", Status);
51 }
52
53 EnterCriticalSection(&LogHandleListCs);
54 while (!IsListEmpty(&LogHandleListHead))
55 {
56 IELF_HANDLE LogHandle = (IELF_HANDLE)CONTAINING_RECORD(LogHandleListHead.Flink, LOGHANDLE, LogHandleListEntry);
57 ElfDeleteEventLogHandle(&LogHandle);
58 }
59 LeaveCriticalSection(&LogHandleListCs);
60
61Quit:
62 DeleteCriticalSection(&LogHandleListCs);
63
64 return 0;
65}
66
67
68static NTSTATUS
69ElfCreateEventLogHandle(PLOGHANDLE* LogHandle,
70 PUNICODE_STRING LogName,
71 BOOLEAN Create)
72{
73 NTSTATUS Status = STATUS_SUCCESS;
74 PLOGHANDLE pLogHandle;
75 PLOGFILE currentLogFile = NULL;
76 DWORD i, LogsActive;
77 PEVENTSOURCE pEventSource;
78
79 DPRINT("ElfCreateEventLogHandle(%wZ)\n", LogName);
80
81 *LogHandle = NULL;
82
83 i = (LogName->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR);
84 pLogHandle = HeapAlloc(GetProcessHeap(),
85 HEAP_ZERO_MEMORY,
86 FIELD_OFFSET(LOGHANDLE, szName[i]));
87 if (!pLogHandle)
88 {
89 DPRINT1("Failed to allocate Heap!\n");
90 return STATUS_NO_MEMORY;
91 }
92
93 StringCchCopyW(pLogHandle->szName, i, LogName->Buffer);
94
95 /* Get the number of Log Files the EventLog service found */
96 // NOTE: We could just as well loop only once within the list of logs
97 // and retrieve what the code below that calls LogfListItemByIndex, does!!
98 LogsActive = LogfListItemCount();
99 if (LogsActive == 0)
100 {
101 DPRINT1("EventLog service reports no log files!\n");
102 Status = STATUS_UNSUCCESSFUL;
103 goto Done;
104 }
105
106 /* If Creating, default to the Application Log in case we fail, as documented on MSDN */
107 if (Create)
108 {
109 pEventSource = GetEventSourceByName(LogName->Buffer);
110 DPRINT("EventSource: %p\n", pEventSource);
111 if (pEventSource)
112 {
113 DPRINT("EventSource LogFile: %p\n", pEventSource->LogFile);
114 pLogHandle->LogFile = pEventSource->LogFile;
115 }
116 else
117 {
118 DPRINT("EventSource LogFile: Application log file\n");
119 pLogHandle->LogFile = LogfListItemByName(L"Application");
120 }
121
122 DPRINT("LogHandle LogFile: %p\n", pLogHandle->LogFile);
123 }
124 else
125 {
126 pLogHandle->LogFile = NULL;
127
128 for (i = 1; i <= LogsActive; i++)
129 {
130 currentLogFile = LogfListItemByIndex(i);
131
132 if (_wcsicmp(LogName->Buffer, currentLogFile->LogName) == 0)
133 {
134 pLogHandle->LogFile = currentLogFile;
135 break;
136 }
137 }
138
139 /* Use the application log if the desired log does not exist */
140 if (pLogHandle->LogFile == NULL)
141 {
142 pLogHandle->LogFile = LogfListItemByName(L"Application");
143 if (pLogHandle->LogFile == NULL)
144 {
145 DPRINT1("Application log is missing!\n");
146 Status = STATUS_UNSUCCESSFUL;
147 goto Done;
148 }
149 }
150
151 /* Reset the current record */
152 pLogHandle->CurrentRecord = 0;
153 }
154
155 if (!pLogHandle->LogFile)
156 Status = STATUS_UNSUCCESSFUL;
157
158Done:
159 if (NT_SUCCESS(Status))
160 {
161 /* Append log handle */
162 EnterCriticalSection(&LogHandleListCs);
163 InsertTailList(&LogHandleListHead, &pLogHandle->LogHandleListEntry);
164 LeaveCriticalSection(&LogHandleListCs);
165 *LogHandle = pLogHandle;
166 }
167 else
168 {
169 HeapFree(GetProcessHeap(), 0, pLogHandle);
170 }
171
172 return Status;
173}
174
175
176static NTSTATUS
177ElfCreateBackupLogHandle(PLOGHANDLE* LogHandle,
178 PUNICODE_STRING FileName)
179{
180 NTSTATUS Status = STATUS_SUCCESS;
181 PLOGHANDLE pLogHandle;
182
183 DPRINT("ElfCreateBackupLogHandle(%wZ)\n", FileName);
184
185 *LogHandle = NULL;
186
187 pLogHandle = HeapAlloc(GetProcessHeap(),
188 HEAP_ZERO_MEMORY,
189 sizeof(LOGHANDLE));
190 if (pLogHandle == NULL)
191 {
192 DPRINT1("Failed to allocate Heap!\n");
193 return STATUS_NO_MEMORY;
194 }
195
196 /* Create the log file */
197 Status = LogfCreate(&pLogHandle->LogFile,
198 NULL,
199 FileName,
200 0,
201 0,
202 FALSE,
203 TRUE);
204 if (!NT_SUCCESS(Status))
205 {
206 DPRINT1("Failed to create the log file! (Status 0x%08lx)\n", Status);
207 goto Done;
208 }
209
210 /* Set the backup flag */
211 pLogHandle->Flags |= LOG_HANDLE_BACKUP_FILE;
212
213 /* Reset the current record */
214 pLogHandle->CurrentRecord = 0;
215
216Done:
217 if (NT_SUCCESS(Status))
218 {
219 /* Append log handle */
220 EnterCriticalSection(&LogHandleListCs);
221 InsertTailList(&LogHandleListHead, &pLogHandle->LogHandleListEntry);
222 LeaveCriticalSection(&LogHandleListCs);
223 *LogHandle = pLogHandle;
224 }
225 else
226 {
227 HeapFree(GetProcessHeap(), 0, pLogHandle);
228 }
229
230 return Status;
231}
232
233
234static PLOGHANDLE
235ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
236{
237 PLIST_ENTRY CurrentEntry;
238 PLOGHANDLE Handle, pLogHandle = NULL;
239
240 EnterCriticalSection(&LogHandleListCs);
241
242 CurrentEntry = LogHandleListHead.Flink;
243 while (CurrentEntry != &LogHandleListHead)
244 {
245 Handle = CONTAINING_RECORD(CurrentEntry,
246 LOGHANDLE,
247 LogHandleListEntry);
248 CurrentEntry = CurrentEntry->Flink;
249
250 if (Handle == EventLogHandle)
251 {
252 pLogHandle = Handle;
253 break;
254 }
255 }
256
257 LeaveCriticalSection(&LogHandleListCs);
258
259 return pLogHandle;
260}
261
262
263static NTSTATUS
264ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
265{
266 PLOGHANDLE pLogHandle;
267
268 pLogHandle = ElfGetLogHandleEntryByHandle(*LogHandle);
269 if (!pLogHandle)
270 return STATUS_INVALID_HANDLE;
271
272 EnterCriticalSection(&LogHandleListCs);
273 RemoveEntryList(&pLogHandle->LogHandleListEntry);
274 LeaveCriticalSection(&LogHandleListCs);
275
276 LogfClose(pLogHandle->LogFile, FALSE);
277
278 HeapFree(GetProcessHeap(), 0, pLogHandle);
279
280 *LogHandle = NULL;
281
282 return STATUS_SUCCESS;
283}
284
285
286/* Function 0 */
287NTSTATUS
288WINAPI
289ElfrClearELFW(
290 IELF_HANDLE LogHandle,
291 PRPC_UNICODE_STRING BackupFileName)
292{
293 PLOGHANDLE pLogHandle;
294
295 DPRINT("ElfrClearELFW()\n");
296
297 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
298 if (!pLogHandle)
299 return STATUS_INVALID_HANDLE;
300
301 /* Fail, if the log file is a backup file */
302 if (pLogHandle->Flags & LOG_HANDLE_BACKUP_FILE)
303 return STATUS_INVALID_HANDLE;
304
305 return LogfClearFile(pLogHandle->LogFile,
306 (PUNICODE_STRING)BackupFileName);
307}
308
309
310/* Function 1 */
311NTSTATUS
312WINAPI
313ElfrBackupELFW(
314 IELF_HANDLE LogHandle,
315 PRPC_UNICODE_STRING BackupFileName)
316{
317 PLOGHANDLE pLogHandle;
318
319 DPRINT("ElfrBackupELFW()\n");
320
321 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
322 if (!pLogHandle)
323 return STATUS_INVALID_HANDLE;
324
325 return LogfBackupFile(pLogHandle->LogFile,
326 (PUNICODE_STRING)BackupFileName);
327}
328
329
330/* Function 2 */
331NTSTATUS
332WINAPI
333ElfrCloseEL(
334 PIELF_HANDLE LogHandle)
335{
336 return ElfDeleteEventLogHandle(LogHandle);
337}
338
339
340/* Function 3 */
341NTSTATUS
342WINAPI
343ElfrDeregisterEventSource(
344 PIELF_HANDLE LogHandle)
345{
346 return ElfDeleteEventLogHandle(LogHandle);
347}
348
349
350/* Function 4 */
351NTSTATUS
352WINAPI
353ElfrNumberOfRecords(
354 IELF_HANDLE LogHandle,
355 PULONG NumberOfRecords)
356{
357 PLOGHANDLE pLogHandle;
358 PLOGFILE pLogFile;
359 ULONG OldestRecordNumber, CurrentRecordNumber;
360
361 DPRINT("ElfrNumberOfRecords()\n");
362
363 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
364 if (!pLogHandle)
365 return STATUS_INVALID_HANDLE;
366
367 if (!NumberOfRecords)
368 return STATUS_INVALID_PARAMETER;
369
370 pLogFile = pLogHandle->LogFile;
371
372 /* Lock the log file shared */
373 RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
374
375 OldestRecordNumber = ElfGetOldestRecord(&pLogFile->LogFile);
376 CurrentRecordNumber = ElfGetCurrentRecord(&pLogFile->LogFile);
377
378 /* Unlock the log file */
379 RtlReleaseResource(&pLogFile->Lock);
380
381 DPRINT("Oldest: %lu Current: %lu\n",
382 OldestRecordNumber, CurrentRecordNumber);
383
384 if (OldestRecordNumber == 0)
385 {
386 /* OldestRecordNumber == 0 when the log is empty */
387 *NumberOfRecords = 0;
388 }
389 else
390 {
391 /* The log contains events */
392 *NumberOfRecords = CurrentRecordNumber - OldestRecordNumber;
393 }
394
395 return STATUS_SUCCESS;
396}
397
398
399/* Function 5 */
400NTSTATUS
401WINAPI
402ElfrOldestRecord(
403 IELF_HANDLE LogHandle,
404 PULONG OldestRecordNumber)
405{
406 PLOGHANDLE pLogHandle;
407 PLOGFILE pLogFile;
408
409 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
410 if (!pLogHandle)
411 return STATUS_INVALID_HANDLE;
412
413 if (!OldestRecordNumber)
414 return STATUS_INVALID_PARAMETER;
415
416 pLogFile = pLogHandle->LogFile;
417
418 /* Lock the log file shared */
419 RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
420
421 *OldestRecordNumber = ElfGetOldestRecord(&pLogFile->LogFile);
422
423 /* Unlock the log file */
424 RtlReleaseResource(&pLogFile->Lock);
425
426 return STATUS_SUCCESS;
427}
428
429
430/* Function 6 */
431NTSTATUS
432WINAPI
433ElfrChangeNotify(
434 IELF_HANDLE LogHandle,
435 RPC_CLIENT_ID ClientId,
436 ULONG Event)
437{
438 UNIMPLEMENTED;
439 return STATUS_NOT_IMPLEMENTED;
440}
441
442
443/* Function 7 */
444NTSTATUS
445WINAPI
446ElfrOpenELW(
447 EVENTLOG_HANDLE_W UNCServerName,
448 PRPC_UNICODE_STRING ModuleName,
449 PRPC_UNICODE_STRING RegModuleName,
450 ULONG MajorVersion,
451 ULONG MinorVersion,
452 PIELF_HANDLE LogHandle)
453{
454 if ((MajorVersion != 1) || (MinorVersion != 1))
455 return STATUS_INVALID_PARAMETER;
456
457 /* RegModuleName must be an empty string */
458 if (RegModuleName->Length > 0)
459 return STATUS_INVALID_PARAMETER;
460
461 /* FIXME: UNCServerName must specify the server */
462
463 /* FIXME: Must verify that caller has read access */
464
465 return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
466 (PUNICODE_STRING)ModuleName,
467 FALSE);
468}
469
470
471/* Function 8 */
472NTSTATUS
473WINAPI
474ElfrRegisterEventSourceW(
475 EVENTLOG_HANDLE_W UNCServerName,
476 PRPC_UNICODE_STRING ModuleName,
477 PRPC_UNICODE_STRING RegModuleName,
478 ULONG MajorVersion,
479 ULONG MinorVersion,
480 PIELF_HANDLE LogHandle)
481{
482 DPRINT("ElfrRegisterEventSourceW()\n");
483
484 if ((MajorVersion != 1) || (MinorVersion != 1))
485 return STATUS_INVALID_PARAMETER;
486
487 /* RegModuleName must be an empty string */
488 if (RegModuleName->Length > 0)
489 return STATUS_INVALID_PARAMETER;
490
491 DPRINT("ModuleName: %wZ\n", ModuleName);
492
493 /* FIXME: UNCServerName must specify the server or empty for local */
494
495 /* FIXME: Must verify that caller has write access */
496
497 return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
498 (PUNICODE_STRING)ModuleName,
499 TRUE);
500}
501
502
503/* Function 9 */
504NTSTATUS
505WINAPI
506ElfrOpenBELW(
507 EVENTLOG_HANDLE_W UNCServerName,
508 PRPC_UNICODE_STRING BackupFileName,
509 ULONG MajorVersion,
510 ULONG MinorVersion,
511 PIELF_HANDLE LogHandle)
512{
513 DPRINT("ElfrOpenBELW(%wZ)\n", BackupFileName);
514
515 if ((MajorVersion != 1) || (MinorVersion != 1))
516 return STATUS_INVALID_PARAMETER;
517
518 /* FIXME: UNCServerName must specify the server */
519
520 /* FIXME: Must verify that caller has read access */
521
522 return ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
523 (PUNICODE_STRING)BackupFileName);
524}
525
526
527/* Function 10 */
528NTSTATUS
529WINAPI
530ElfrReadELW(
531 IELF_HANDLE LogHandle,
532 ULONG ReadFlags,
533 ULONG RecordOffset,
534 RULONG NumberOfBytesToRead,
535 PBYTE Buffer,
536 PULONG NumberOfBytesRead,
537 PULONG MinNumberOfBytesNeeded)
538{
539 NTSTATUS Status;
540 PLOGHANDLE pLogHandle;
541 ULONG RecordNumber;
542
543 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
544 if (!pLogHandle)
545 return STATUS_INVALID_HANDLE;
546
547 if (!Buffer)
548 return STATUS_INVALID_PARAMETER;
549
550 /* If sequential read, retrieve the CurrentRecord from this log handle */
551 if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
552 {
553 RecordNumber = pLogHandle->CurrentRecord;
554 }
555 else // (ReadFlags & EVENTLOG_SEEK_READ)
556 {
557 RecordNumber = RecordOffset;
558 }
559
560 Status = LogfReadEvents(pLogHandle->LogFile,
561 ReadFlags,
562 &RecordNumber,
563 NumberOfBytesToRead,
564 Buffer,
565 NumberOfBytesRead,
566 MinNumberOfBytesNeeded,
567 FALSE);
568
569 /* Update the handle's CurrentRecord if success */
570 if (NT_SUCCESS(Status))
571 {
572 pLogHandle->CurrentRecord = RecordNumber;
573 }
574
575 return Status;
576}
577
578
579/* Helper function for ElfrReportEventW/A and ElfrReportEventAndSourceW */
580NTSTATUS
581ElfrIntReportEventW(
582 IELF_HANDLE LogHandle,
583 ULONG Time,
584 USHORT EventType,
585 USHORT EventCategory,
586 ULONG EventID,
587 PRPC_UNICODE_STRING SourceName OPTIONAL,
588 USHORT NumStrings,
589 ULONG DataSize,
590 PRPC_UNICODE_STRING ComputerName,
591 PRPC_SID UserSID,
592 PRPC_UNICODE_STRING Strings[],
593 PBYTE Data,
594 USHORT Flags,
595 PULONG RecordNumber,
596 PULONG TimeWritten)
597{
598 NTSTATUS Status;
599 PLOGHANDLE pLogHandle;
600 UNICODE_STRING LocalSourceName, LocalComputerName;
601 PEVENTLOGRECORD LogBuffer;
602 USHORT i;
603 SIZE_T RecSize;
604 ULONG dwStringsSize = 0;
605 ULONG dwUserSidLength = 0;
606 PWSTR lpStrings, str;
607
608 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
609 if (!pLogHandle)
610 return STATUS_INVALID_HANDLE;
611
612 /* Flags must be 0 */
613 if (Flags)
614 return STATUS_INVALID_PARAMETER;
615
616 for (i = 0; i < NumStrings; i++)
617 {
618 switch (EventType)
619 {
620 case EVENTLOG_SUCCESS:
621 DPRINT("Success: %wZ\n", Strings[i]);
622 break;
623
624 case EVENTLOG_ERROR_TYPE:
625 DPRINT("Error: %wZ\n", Strings[i]);
626 break;
627
628 case EVENTLOG_WARNING_TYPE:
629 DPRINT("Warning: %wZ\n", Strings[i]);
630 break;
631
632 case EVENTLOG_INFORMATION_TYPE:
633 DPRINT("Info: %wZ\n", Strings[i]);
634 break;
635
636 case EVENTLOG_AUDIT_SUCCESS:
637 DPRINT("Audit Success: %wZ\n", Strings[i]);
638 break;
639
640 case EVENTLOG_AUDIT_FAILURE:
641 DPRINT("Audit Failure: %wZ\n", Strings[i]);
642 break;
643
644 default:
645 DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
646 break;
647 }
648 dwStringsSize += Strings[i]->Length + sizeof(UNICODE_NULL);
649 }
650
651 lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
652 if (!lpStrings)
653 {
654 DPRINT1("Failed to allocate heap\n");
655 return STATUS_NO_MEMORY;
656 }
657
658 str = lpStrings;
659 for (i = 0; i < NumStrings; i++)
660 {
661 RtlCopyMemory(str, Strings[i]->Buffer, Strings[i]->Length);
662 str += Strings[i]->Length / sizeof(WCHAR);
663 *str = UNICODE_NULL;
664 str++;
665 }
666
667 if (UserSID)
668 dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
669
670 if (SourceName && SourceName->Buffer)
671 LocalSourceName = *(PUNICODE_STRING)SourceName;
672 else
673 RtlInitUnicodeString(&LocalSourceName, pLogHandle->szName);
674
675 LocalComputerName = *(PUNICODE_STRING)ComputerName;
676
677 LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
678 Time,
679 EventType,
680 EventCategory,
681 EventID,
682 &LocalSourceName,
683 &LocalComputerName,
684 dwUserSidLength,
685 UserSID,
686 NumStrings,
687 lpStrings,
688 DataSize,
689 Data);
690 if (LogBuffer == NULL)
691 {
692 DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
693 HeapFree(GetProcessHeap(), 0, lpStrings);
694 return STATUS_NO_MEMORY;
695 }
696
697 Status = LogfWriteRecord(pLogHandle->LogFile, LogBuffer, RecSize);
698 if (!NT_SUCCESS(Status))
699 {
700 DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
701 pLogHandle->LogFile->LogName, Status);
702 }
703
704 if (NT_SUCCESS(Status))
705 {
706 /* Retrieve the two fields that were set by LogfWriteRecord into the record */
707 if (RecordNumber)
708 *RecordNumber = LogBuffer->RecordNumber;
709 if (TimeWritten)
710 *TimeWritten = LogBuffer->TimeWritten;
711 }
712
713 LogfFreeRecord(LogBuffer);
714
715 HeapFree(GetProcessHeap(), 0, lpStrings);
716
717 return Status;
718}
719
720
721/* Function 11 */
722NTSTATUS
723WINAPI
724ElfrReportEventW(
725 IELF_HANDLE LogHandle,
726 ULONG Time,
727 USHORT EventType,
728 USHORT EventCategory,
729 ULONG EventID,
730 USHORT NumStrings,
731 ULONG DataSize,
732 PRPC_UNICODE_STRING ComputerName,
733 PRPC_SID UserSID,
734 PRPC_UNICODE_STRING Strings[],
735 PBYTE Data,
736 USHORT Flags,
737 PULONG RecordNumber,
738 PULONG TimeWritten)
739{
740 /* Call the helper function. The event source is provided via the log handle. */
741 return ElfrIntReportEventW(LogHandle,
742 Time,
743 EventType,
744 EventCategory,
745 EventID,
746 NULL,
747 NumStrings,
748 DataSize,
749 ComputerName,
750 UserSID,
751 Strings,
752 Data,
753 Flags,
754 RecordNumber,
755 TimeWritten);
756}
757
758
759/* Function 12 */
760NTSTATUS
761WINAPI
762ElfrClearELFA(
763 IELF_HANDLE LogHandle,
764 PRPC_STRING BackupFileName)
765{
766 NTSTATUS Status;
767 UNICODE_STRING BackupFileNameW;
768
769 Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
770 (PANSI_STRING)BackupFileName,
771 TRUE);
772 if (!NT_SUCCESS(Status))
773 return Status;
774
775 Status = ElfrClearELFW(LogHandle,
776 (PRPC_UNICODE_STRING)&BackupFileNameW);
777
778 RtlFreeUnicodeString(&BackupFileNameW);
779
780 return Status;
781}
782
783
784/* Function 13 */
785NTSTATUS
786WINAPI
787ElfrBackupELFA(
788 IELF_HANDLE LogHandle,
789 PRPC_STRING BackupFileName)
790{
791 NTSTATUS Status;
792 UNICODE_STRING BackupFileNameW;
793
794 Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
795 (PANSI_STRING)BackupFileName,
796 TRUE);
797 if (!NT_SUCCESS(Status))
798 return Status;
799
800 Status = ElfrBackupELFW(LogHandle,
801 (PRPC_UNICODE_STRING)&BackupFileNameW);
802
803 RtlFreeUnicodeString(&BackupFileNameW);
804
805 return Status;
806}
807
808
809/* Function 14 */
810NTSTATUS
811WINAPI
812ElfrOpenELA(
813 EVENTLOG_HANDLE_A UNCServerName,
814 PRPC_STRING ModuleName,
815 PRPC_STRING RegModuleName,
816 ULONG MajorVersion,
817 ULONG MinorVersion,
818 PIELF_HANDLE LogHandle)
819{
820 NTSTATUS Status;
821 UNICODE_STRING ModuleNameW;
822
823 if ((MajorVersion != 1) || (MinorVersion != 1))
824 return STATUS_INVALID_PARAMETER;
825
826 /* RegModuleName must be an empty string */
827 if (RegModuleName->Length > 0)
828 return STATUS_INVALID_PARAMETER;
829
830 Status = RtlAnsiStringToUnicodeString(&ModuleNameW, (PANSI_STRING)ModuleName, TRUE);
831 if (!NT_SUCCESS(Status))
832 return Status;
833
834 /* FIXME: Must verify that caller has read access */
835
836 Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
837 &ModuleNameW,
838 FALSE);
839
840 RtlFreeUnicodeString(&ModuleNameW);
841
842 return Status;
843}
844
845
846/* Function 15 */
847NTSTATUS
848WINAPI
849ElfrRegisterEventSourceA(
850 EVENTLOG_HANDLE_A UNCServerName,
851 PRPC_STRING ModuleName,
852 PRPC_STRING RegModuleName,
853 ULONG MajorVersion,
854 ULONG MinorVersion,
855 PIELF_HANDLE LogHandle)
856{
857 NTSTATUS Status;
858 UNICODE_STRING ModuleNameW;
859
860 Status = RtlAnsiStringToUnicodeString(&ModuleNameW,
861 (PANSI_STRING)ModuleName,
862 TRUE);
863 if (!NT_SUCCESS(Status))
864 {
865 DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
866 return Status;
867 }
868
869 /* RegModuleName must be an empty string */
870 if (RegModuleName->Length > 0)
871 {
872 RtlFreeUnicodeString(&ModuleNameW);
873 return STATUS_INVALID_PARAMETER;
874 }
875
876 if ((MajorVersion != 1) || (MinorVersion != 1))
877 {
878 RtlFreeUnicodeString(&ModuleNameW);
879 return STATUS_INVALID_PARAMETER;
880 }
881
882 /* FIXME: Must verify that caller has write access */
883
884 Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
885 &ModuleNameW,
886 TRUE);
887
888 RtlFreeUnicodeString(&ModuleNameW);
889
890 return Status;
891}
892
893
894/* Function 16 */
895NTSTATUS
896WINAPI
897ElfrOpenBELA(
898 EVENTLOG_HANDLE_A UNCServerName,
899 PRPC_STRING BackupFileName,
900 ULONG MajorVersion,
901 ULONG MinorVersion,
902 PIELF_HANDLE LogHandle)
903{
904 NTSTATUS Status;
905 UNICODE_STRING BackupFileNameW;
906
907 DPRINT("ElfrOpenBELA(%Z)\n", BackupFileName);
908
909 Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
910 (PANSI_STRING)BackupFileName,
911 TRUE);
912 if (!NT_SUCCESS(Status))
913 {
914 DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
915 return Status;
916 }
917
918 if ((MajorVersion != 1) || (MinorVersion != 1))
919 {
920 RtlFreeUnicodeString(&BackupFileNameW);
921 return STATUS_INVALID_PARAMETER;
922 }
923
924 /* FIXME: UNCServerName must specify the server */
925
926 /* FIXME: Must verify that caller has read access */
927
928 Status = ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
929 &BackupFileNameW);
930
931 RtlFreeUnicodeString(&BackupFileNameW);
932
933 return Status;
934}
935
936
937/* Function 17 */
938NTSTATUS
939WINAPI
940ElfrReadELA(
941 IELF_HANDLE LogHandle,
942 ULONG ReadFlags,
943 ULONG RecordOffset,
944 RULONG NumberOfBytesToRead,
945 PBYTE Buffer,
946 PULONG NumberOfBytesRead,
947 PULONG MinNumberOfBytesNeeded)
948{
949 NTSTATUS Status;
950 PLOGHANDLE pLogHandle;
951 ULONG RecordNumber;
952
953 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
954 if (!pLogHandle)
955 return STATUS_INVALID_HANDLE;
956
957 if (!Buffer)
958 return STATUS_INVALID_PARAMETER;
959
960 /* If sequential read, retrieve the CurrentRecord from this log handle */
961 if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
962 {
963 RecordNumber = pLogHandle->CurrentRecord;
964 }
965 else // (ReadFlags & EVENTLOG_SEEK_READ)
966 {
967 RecordNumber = RecordOffset;
968 }
969
970 Status = LogfReadEvents(pLogHandle->LogFile,
971 ReadFlags,
972 &RecordNumber,
973 NumberOfBytesToRead,
974 Buffer,
975 NumberOfBytesRead,
976 MinNumberOfBytesNeeded,
977 TRUE);
978
979 /* Update the handle's CurrentRecord if success */
980 if (NT_SUCCESS(Status))
981 {
982 pLogHandle->CurrentRecord = RecordNumber;
983 }
984
985 return Status;
986}
987
988
989/* Function 18 */
990NTSTATUS
991WINAPI
992ElfrReportEventA(
993 IELF_HANDLE LogHandle,
994 ULONG Time,
995 USHORT EventType,
996 USHORT EventCategory,
997 ULONG EventID,
998 USHORT NumStrings,
999 ULONG DataSize,
1000 PRPC_STRING ComputerName,
1001 PRPC_SID UserSID,
1002 PRPC_STRING Strings[],
1003 PBYTE Data,
1004 USHORT Flags,
1005 PULONG RecordNumber,
1006 PULONG TimeWritten)
1007{
1008 NTSTATUS Status = STATUS_SUCCESS;
1009 UNICODE_STRING ComputerNameW;
1010 PUNICODE_STRING *StringsArrayW = NULL;
1011 USHORT i;
1012
1013 DPRINT("ElfrReportEventA(%hu)\n", NumStrings);
1014
1015#if 0
1016 for (i = 0; i < NumStrings; i++)
1017 {
1018 if (Strings[i] == NULL)
1019 {
1020 DPRINT1("String %hu is null\n", i);
1021 }
1022 else
1023 {
1024 DPRINT1("String %hu: %Z\n", i, Strings[i]);
1025 }
1026 }
1027#endif
1028
1029 Status = RtlAnsiStringToUnicodeString((PUNICODE_STRING)&ComputerNameW,
1030 (PANSI_STRING)ComputerName,
1031 TRUE);
1032 if (!NT_SUCCESS(Status))
1033 return Status;
1034
1035 if (NumStrings != 0)
1036 {
1037 StringsArrayW = HeapAlloc(GetProcessHeap(),
1038 HEAP_ZERO_MEMORY,
1039 NumStrings * sizeof(PUNICODE_STRING));
1040 if (StringsArrayW == NULL)
1041 {
1042 Status = STATUS_NO_MEMORY;
1043 goto Done;
1044 }
1045
1046 for (i = 0; i < NumStrings; i++)
1047 {
1048 if (Strings[i] != NULL)
1049 {
1050 StringsArrayW[i] = HeapAlloc(GetProcessHeap(),
1051 HEAP_ZERO_MEMORY,
1052 sizeof(UNICODE_STRING));
1053 if (StringsArrayW[i] == NULL)
1054 {
1055 Status = STATUS_NO_MEMORY;
1056 break;
1057 }
1058
1059 Status = RtlAnsiStringToUnicodeString(StringsArrayW[i],
1060 (PANSI_STRING)Strings[i],
1061 TRUE);
1062 }
1063
1064 if (!NT_SUCCESS(Status))
1065 break;
1066 }
1067 }
1068
1069 if (NT_SUCCESS(Status))
1070 {
1071 Status = ElfrReportEventW(LogHandle,
1072 Time,
1073 EventType,
1074 EventCategory,
1075 EventID,
1076 NumStrings,
1077 DataSize,
1078 (PRPC_UNICODE_STRING)&ComputerNameW,
1079 UserSID,
1080 (PRPC_UNICODE_STRING*)StringsArrayW,
1081 Data,
1082 Flags,
1083 RecordNumber,
1084 TimeWritten);
1085 }
1086
1087Done:
1088 if (StringsArrayW != NULL)
1089 {
1090 for (i = 0; i < NumStrings; i++)
1091 {
1092 if ((StringsArrayW[i] != NULL) && (StringsArrayW[i]->Buffer))
1093 {
1094 RtlFreeUnicodeString(StringsArrayW[i]);
1095 HeapFree(GetProcessHeap(), 0, StringsArrayW[i]);
1096 }
1097 }
1098
1099 HeapFree(GetProcessHeap(), 0, StringsArrayW);
1100 }
1101
1102 RtlFreeUnicodeString(&ComputerNameW);
1103
1104 return Status;
1105}
1106
1107
1108/* Function 19 */
1109NTSTATUS
1110WINAPI
1111ElfrRegisterClusterSvc(
1112 handle_t BindingHandle)
1113{
1114 UNIMPLEMENTED;
1115 return STATUS_NOT_IMPLEMENTED;
1116}
1117
1118
1119/* Function 20 */
1120NTSTATUS
1121WINAPI
1122ElfrDeregisterClusterSvc(
1123 handle_t BindingHandle)
1124{
1125 UNIMPLEMENTED;
1126 return STATUS_NOT_IMPLEMENTED;
1127}
1128
1129
1130/* Function 21 */
1131NTSTATUS
1132WINAPI
1133ElfrWriteClusterEvents(
1134 handle_t BindingHandle)
1135{
1136 UNIMPLEMENTED;
1137 return STATUS_NOT_IMPLEMENTED;
1138}
1139
1140
1141/* Function 22 */
1142NTSTATUS
1143WINAPI
1144ElfrGetLogInformation(
1145 IELF_HANDLE LogHandle,
1146 ULONG InfoLevel,
1147 PBYTE Buffer,
1148 ULONG cbBufSize,
1149 PULONG pcbBytesNeeded)
1150{
1151 NTSTATUS Status = STATUS_SUCCESS;
1152 PLOGHANDLE pLogHandle;
1153 PLOGFILE pLogFile;
1154
1155 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
1156 if (!pLogHandle)
1157 return STATUS_INVALID_HANDLE;
1158
1159 pLogFile = pLogHandle->LogFile;
1160
1161 /* Lock the log file shared */
1162 RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
1163
1164 switch (InfoLevel)
1165 {
1166 case EVENTLOG_FULL_INFO:
1167 {
1168 LPEVENTLOG_FULL_INFORMATION efi = (LPEVENTLOG_FULL_INFORMATION)Buffer;
1169
1170 *pcbBytesNeeded = sizeof(EVENTLOG_FULL_INFORMATION);
1171 if (cbBufSize < sizeof(EVENTLOG_FULL_INFORMATION))
1172 {
1173 Status = STATUS_BUFFER_TOO_SMALL;
1174 break;
1175 }
1176
1177 efi->dwFull = !!(ElfGetFlags(&pLogFile->LogFile) & ELF_LOGFILE_LOGFULL_WRITTEN);
1178 break;
1179 }
1180
1181 default:
1182 Status = STATUS_INVALID_LEVEL;
1183 break;
1184 }
1185
1186 /* Unlock the log file */
1187 RtlReleaseResource(&pLogFile->Lock);
1188
1189 return Status;
1190}
1191
1192
1193/* Function 23 */
1194NTSTATUS
1195WINAPI
1196ElfrFlushEL(
1197 IELF_HANDLE LogHandle)
1198{
1199 NTSTATUS Status;
1200 PLOGHANDLE pLogHandle;
1201 PLOGFILE pLogFile;
1202
1203 pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
1204 if (!pLogHandle)
1205 return STATUS_INVALID_HANDLE;
1206
1207 pLogFile = pLogHandle->LogFile;
1208
1209 /* Lock the log file exclusive */
1210 RtlAcquireResourceExclusive(&pLogFile->Lock, TRUE);
1211
1212 Status = ElfFlushFile(&pLogFile->LogFile);
1213
1214 /* Unlock the log file */
1215 RtlReleaseResource(&pLogFile->Lock);
1216
1217 return Status;
1218}
1219
1220
1221/* Function 24 */
1222NTSTATUS
1223WINAPI
1224ElfrReportEventAndSourceW(
1225 IELF_HANDLE LogHandle,
1226 ULONG Time,
1227 USHORT EventType,
1228 USHORT EventCategory,
1229 ULONG EventID,
1230 PRPC_UNICODE_STRING SourceName,
1231 USHORT NumStrings,
1232 ULONG DataSize,
1233 PRPC_UNICODE_STRING ComputerName,
1234 PRPC_SID UserSID,
1235 PRPC_UNICODE_STRING Strings[],
1236 PBYTE Data,
1237 USHORT Flags,
1238 PULONG RecordNumber,
1239 PULONG TimeWritten)
1240{
1241 /* Call the helper function. The event source is specified by the caller. */
1242 return ElfrIntReportEventW(LogHandle,
1243 Time,
1244 EventType,
1245 EventCategory,
1246 EventID,
1247 SourceName,
1248 NumStrings,
1249 DataSize,
1250 ComputerName,
1251 UserSID,
1252 Strings,
1253 Data,
1254 Flags,
1255 RecordNumber,
1256 TimeWritten);
1257}
1258
1259
1260void __RPC_FAR *__RPC_USER midl_user_allocate(SIZE_T len)
1261{
1262 return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
1263}
1264
1265
1266void __RPC_USER midl_user_free(void __RPC_FAR * ptr)
1267{
1268 HeapFree(GetProcessHeap(), 0, ptr);
1269}
1270
1271
1272void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
1273{
1274 /* Close the handle */
1275 ElfDeleteEventLogHandle(&LogHandle); // ElfrCloseEL(&LogHandle);
1276}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
ModuleName
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
Definition: acpixf.h:1280
SourceName
WCHAR SourceName[256]
Definition: arping.c:28
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ElfrReportEventA
NTSTATUS WINAPI ElfrReportEventA(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:992
ElfrBackupELFA
NTSTATUS WINAPI ElfrBackupELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:787
ElfrChangeNotify
NTSTATUS WINAPI ElfrChangeNotify(IELF_HANDLE LogHandle, RPC_CLIENT_ID ClientId, ULONG Event)
Definition: rpc.c:433
ElfCreateBackupLogHandle
static NTSTATUS ElfCreateBackupLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING FileName)
Definition: rpc.c:177
ElfDeleteEventLogHandle
static NTSTATUS ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
Definition: rpc.c:264
ElfrCloseEL
NTSTATUS WINAPI ElfrCloseEL(PIELF_HANDLE LogHandle)
Definition: rpc.c:333
ElfrWriteClusterEvents
NTSTATUS WINAPI ElfrWriteClusterEvents(handle_t BindingHandle)
Definition: rpc.c:1133
ElfrNumberOfRecords
NTSTATUS WINAPI ElfrNumberOfRecords(IELF_HANDLE LogHandle, PULONG NumberOfRecords)
Definition: rpc.c:353
ElfrDeregisterClusterSvc
NTSTATUS WINAPI ElfrDeregisterClusterSvc(handle_t BindingHandle)
Definition: rpc.c:1122
ElfrReportEventW
NTSTATUS WINAPI ElfrReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:724
ElfrRegisterEventSourceA
NTSTATUS WINAPI ElfrRegisterEventSourceA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:849
ElfGetLogHandleEntryByHandle
static PLOGHANDLE ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
Definition: rpc.c:235
ElfrIntReportEventW
NTSTATUS ElfrIntReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName OPTIONAL, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:581
ElfrClearELFW
NTSTATUS WINAPI ElfrClearELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:289
IELF_HANDLE_rundown
void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
Definition: rpc.c:1272
ElfrOpenBELW
NTSTATUS WINAPI ElfrOpenBELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:506
ElfrRegisterEventSourceW
NTSTATUS WINAPI ElfrRegisterEventSourceW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:474
ElfrOpenELW
NTSTATUS WINAPI ElfrOpenELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:446
ElfrOpenELA
NTSTATUS WINAPI ElfrOpenELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:812
ElfrDeregisterEventSource
NTSTATUS WINAPI ElfrDeregisterEventSource(PIELF_HANDLE LogHandle)
Definition: rpc.c:343
ElfrFlushEL
NTSTATUS WINAPI ElfrFlushEL(IELF_HANDLE LogHandle)
Definition: rpc.c:1196
ElfrReadELW
NTSTATUS WINAPI ElfrReadELW(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:530
ElfrClearELFA
NTSTATUS WINAPI ElfrClearELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:762
ElfrGetLogInformation
NTSTATUS WINAPI ElfrGetLogInformation(IELF_HANDLE LogHandle, ULONG InfoLevel, PBYTE Buffer, ULONG cbBufSize, PULONG pcbBytesNeeded)
Definition: rpc.c:1144
ElfrReadELA
NTSTATUS WINAPI ElfrReadELA(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:940
ElfrReportEventAndSourceW
NTSTATUS WINAPI ElfrReportEventAndSourceW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:1224
ElfrOpenBELA
NTSTATUS WINAPI ElfrOpenBELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:897
ElfCreateEventLogHandle
static NTSTATUS ElfCreateEventLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING LogName, BOOLEAN Create)
Definition: rpc.c:69
RpcThreadRoutine
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpc.c:26
LogHandleListHead
static LIST_ENTRY LogHandleListHead
Definition: rpc.c:18
ElfrRegisterClusterSvc
NTSTATUS WINAPI ElfrRegisterClusterSvc(handle_t BindingHandle)
Definition: rpc.c:1111
ElfrBackupELFW
NTSTATUS WINAPI ElfrBackupELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:313
LogHandleListCs
static CRITICAL_SECTION LogHandleListCs
Definition: rpc.c:19
ElfrOldestRecord
NTSTATUS WINAPI ElfrOldestRecord(IELF_HANDLE LogHandle, PULONG OldestRecordNumber)
Definition: rpc.c:402
Create
@ Create
Definition: registry.c:563
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: ntoskrnl.c:15
Buffer
Definition: bufpool.h:45
STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: d3dkmdt.h:40
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: d3dkmdt.h:51
STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: d3dkmdt.h:42
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
Strings
static const WCHAR Strings[]
Definition: reg.c:35
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
L
#define L(x)
Definition: resources.c:13
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
PUNICODE_STRING
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
IsListEmpty
#define IsListEmpty(ListHead)
Definition: env_spec_w32.h:954
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
LogfClearFile
NTSTATUS LogfClearFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:467
LogfCreate
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
LogfReadEvents
NTSTATUS LogfReadEvents(PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
Definition: file.c:721
LogfListItemByName
PLOGFILE LogfListItemByName(LPCWSTR Name)
Definition: file.c:33
LogfWriteRecord
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
LogfClose
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
Definition: file.c:428
LogfListItemByIndex
PLOGFILE LogfListItemByIndex(DWORD Index)
Definition: file.c:93
LogfAllocAndBuildNewRecord
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
GetEventSourceByName
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
LOG_HANDLE_BACKUP_FILE
#define LOG_HANDLE_BACKUP_FILE
Definition: eventlog.h:53
LogfBackupFile
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:499
LogfListItemCount
DWORD LogfListItemCount(VOID)
Definition: file.c:118
LogfFreeRecord
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
IELF_HANDLE
PVOID IELF_HANDLE
Definition: eventlogrpc.idl:22
RULONG
unsigned long RULONG
Definition: eventlogrpc.idl:15
EVENTLOG_HANDLE_W
LPWSTR EVENTLOG_HANDLE_W
Definition: eventlogrpc.idl:24
EVENTLOG_HANDLE_A
LPSTR EVENTLOG_HANDLE_A
Definition: eventlogrpc.idl:25
ElfGetOldestRecord
ULONG NTAPI ElfGetOldestRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1589
ElfFlushFile
NTSTATUS NTAPI ElfFlushFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1134
ElfGetCurrentRecord
ULONG NTAPI ElfGetCurrentRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1598
ElfGetFlags
ULONG NTAPI ElfGetFlags(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1607
ELF_LOGFILE_LOGFULL_WRITTEN
#define ELF_LOGFILE_LOGFULL_WRITTEN
Definition: evtlib.h:50
MajorVersion
ULONG MajorVersion
Definition: ros_glue.cpp:4
MinorVersion
ULONG MinorVersion
Definition: ros_glue.cpp:5
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
Handle
ULONG Handle
Definition: gdb_input.c:15
Status
Status
Definition: gdiplustypes.h:25
len
GLenum GLsizei len
Definition: glext.h:6722
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
ptr
static PVOID ptr
Definition: dispmode.c:27
Time
static PLARGE_INTEGER Time
Definition: time.c:105
DataSize
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4755
LogHandle
_In_ UINT _Out_ PNDIS_HANDLE LogHandle
Definition: ndis.h:5382
NumStrings
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT NumStrings
Definition: ndis.h:4753
EventType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
Definition: exfuncs.h:167
RtlAcquireResourceShared
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
RtlAcquireResourceExclusive
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
RtlReleaseResource
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
RtlAnsiStringToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
UNICODE_NULL
#define UNICODE_NULL
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
STATUS_INVALID_LEVEL
#define STATUS_INVALID_LEVEL
Definition: ntstatus.h:564
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
USHORT
unsigned short USHORT
Definition: pedump.c:61
szName
static const WCHAR szName[]
Definition: powrprof.c:45
RpcServerListen
RPC_STATUS WINAPI RpcServerListen(UINT MinimumCallThreads, UINT MaxCalls, UINT DontWait)
Definition: rpc_server.c:1520
RpcServerRegisterIf
RPC_STATUS WINAPI RpcServerRegisterIf(RPC_IF_HANDLE IfSpec, UUID *MgrTypeUuid, RPC_MGR_EPV *MgrEpv)
Definition: rpc_server.c:1116
RpcServerUseProtseqEpW
RPC_STATUS WINAPI RpcServerUseProtseqEpW(RPC_WSTR Protseq, UINT MaxCalls, RPC_WSTR Endpoint, LPVOID SecurityDescriptor)
Definition: rpc_server.c:927
str
const WCHAR * str
Definition: rpc_transport.c:2724
RPC_C_LISTEN_MAX_CALLS_DEFAULT
#define RPC_C_LISTEN_MAX_CALLS_DEFAULT
Definition: rpcdce.h:122
RPC_S_OK
#define RPC_S_OK
Definition: rpcnterr.h:22
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
midl_user_free
#define midl_user_free
Definition: rpc.h:41
__RPC_FAR
#define __RPC_FAR
Definition: rpc.h:52
RPC_STATUS
long RPC_STATUS
Definition: rpc.h:48
__RPC_USER
#define __RPC_USER
Definition: rpc.h:61
midl_user_allocate
#define midl_user_allocate
Definition: rpc.h:40
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
DPRINT
#define DPRINT
Definition: sndvol32.h:73
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
StringCchCopyW
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
_ANSI_STRING
Definition: env_spec_w32.h:375
_CRITICAL_SECTION
Definition: winbase.h:934
_EVENTLOGRECORD
Definition: winnt_old.h:3025
_EVENTLOGRECORD::TimeWritten
DWORD TimeWritten
Definition: winnt_old.h:3030
_EVENTLOGRECORD::RecordNumber
DWORD RecordNumber
Definition: winnt_old.h:3028
_EVENTLOG_FULL_INFORMATION
Definition: winbase.h:1197
_EVENTLOG_FULL_INFORMATION::dwFull
DWORD dwFull
Definition: winbase.h:1198
_EVENTSOURCE
Definition: eventlog.h:45
_EVENTSOURCE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:47
_FileName
Definition: filecomp.c:348
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_LOGFILE
Definition: eventlog.h:35
_LOGFILE::Lock
RTL_RESOURCE Lock
Definition: eventlog.h:39
_LOGFILE::LogFile
EVTLOGFILE LogFile
Definition: eventlog.h:36
_LOGFILE::LogName
WCHAR * LogName
Definition: eventlog.h:38
_LOGHANDLE
Definition: eventlog.h:56
_LOGHANDLE::CurrentRecord
ULONG CurrentRecord
Definition: eventlog.h:60
_LOGHANDLE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:59
_LOGHANDLE::LogHandleListEntry
LIST_ENTRY LogHandleListEntry
Definition: eventlog.h:57
_LOGHANDLE::Flags
ULONG Flags
Definition: eventlog.h:61
_LOGHANDLE::szName
WCHAR szName[1]
Definition: eventlog.h:62
_RPC_CLIENT_ID
Definition: eventlogrpc.idl:27
_RPC_SID
Definition: msv1_0.h:13
_RPC_SID::SubAuthorityCount
UCHAR SubAuthorityCount
Definition: msv1_0.h:15
_RPC_STRING
Definition: eventlogrpc.idl:16
_RPC_STRING::Length
USHORT Length
Definition: eventlogrpc.idl:17
_RPC_UNICODE_STRING
Definition: msv1_0.h:21
_RPC_UNICODE_STRING::Length
unsigned short Length
Definition: msv1_0.h:22
_SID
Definition: ms-dtyp.idl:198
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
InitializeCriticalSection
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:751
BindingHandle
_In_ ULONG _Out_ HANDLE * BindingHandle
Definition: tdikrnl.h:1147
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
ULONG
uint32_t ULONG
Definition: typedefs.h:59
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
LeaveCriticalSection
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
EVENTLOG_FULL_INFO
#define EVENTLOG_FULL_INFO
Definition: winbase.h:1195
EnterCriticalSection
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
DeleteCriticalSection
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
LPEVENTLOG_FULL_INFORMATION
struct _EVENTLOG_FULL_INFORMATION * LPEVENTLOG_FULL_INFORMATION
EVENTLOG_FULL_INFORMATION
struct _EVENTLOG_FULL_INFORMATION EVENTLOG_FULL_INFORMATION
WINAPI
#define WINAPI
Definition: msvc.h:6
EVENTLOG_ERROR_TYPE
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:3019
EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:3013
EVENTLOG_AUDIT_FAILURE
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:3023
EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:3021
EVENTLOG_AUDIT_SUCCESS
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:3022
EVENTLOG_SUCCESS
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:3018
EVENTLOG_WARNING_TYPE
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:3020
pcbBytesNeeded
_In_ DWORD _In_ DWORD _Out_ LPDWORD pcbBytesNeeded
Definition: winsvc.h:425
cbBufSize
_In_ DWORD _In_ DWORD cbBufSize
Definition: winsvc.h:424
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1151
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180