ReactOS  0.4.14-dev-608-gd495a4f
rpc.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS EventLog Service
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: base/services/eventlog/rpc.c
5  * PURPOSE: RPC Port Interface support
6  * COPYRIGHT: Copyright 2005 Saveliy Tretiakov
7  * Copyright 2008 Michael Martin
8  * Copyright 2010-2011 Eric Kohl
9  */
10 
11 /* INCLUDES *****************************************************************/
12 
13 #include "eventlog.h"
14 
15 #define NDEBUG
16 #include <debug.h>
17 
18 static LIST_ENTRY LogHandleListHead;
19 static CRITICAL_SECTION LogHandleListCs;
20 
21 /* FUNCTIONS ****************************************************************/
22 
23 static NTSTATUS
24 ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle);
25 
26 DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
27 {
28  RPC_STATUS Status;
29 
30  InitializeCriticalSection(&LogHandleListCs);
31  InitializeListHead(&LogHandleListHead);
32 
33  Status = RpcServerUseProtseqEpW(L"ncacn_np", 20, L"\\pipe\\EventLog", NULL);
34  if (Status != RPC_S_OK)
35  {
36  DPRINT("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
37  goto Quit;
38  }
39 
40  Status = RpcServerRegisterIf(eventlog_v0_0_s_ifspec, NULL, NULL);
41  if (Status != RPC_S_OK)
42  {
43  DPRINT("RpcServerRegisterIf() failed (Status %lx)\n", Status);
44  goto Quit;
45  }
46 
47  Status = RpcServerListen(1, RPC_C_LISTEN_MAX_CALLS_DEFAULT, FALSE);
48  if (Status != RPC_S_OK)
49  {
50  DPRINT("RpcServerListen() failed (Status %lx)\n", Status);
51  }
52 
53  EnterCriticalSection(&LogHandleListCs);
54  while (!IsListEmpty(&LogHandleListHead))
55  {
56  IELF_HANDLE LogHandle = (IELF_HANDLE)CONTAINING_RECORD(LogHandleListHead.Flink, LOGHANDLE, LogHandleListEntry);
57  ElfDeleteEventLogHandle(&LogHandle);
58  }
59  LeaveCriticalSection(&LogHandleListCs);
60 
61 Quit:
62  DeleteCriticalSection(&LogHandleListCs);
63 
64  return 0;
65 }
66 
67 
68 static NTSTATUS
69 ElfCreateEventLogHandle(PLOGHANDLE* LogHandle,
70  PUNICODE_STRING LogName,
71  BOOLEAN Create)
72 {
73  NTSTATUS Status = STATUS_SUCCESS;
74  PLOGHANDLE pLogHandle;
75  PLOGFILE currentLogFile = NULL;
76  DWORD i, LogsActive;
77  PEVENTSOURCE pEventSource;
78 
79  DPRINT("ElfCreateEventLogHandle(%wZ)\n", LogName);
80 
81  *LogHandle = NULL;
82 
83  i = (LogName->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR);
84  pLogHandle = HeapAlloc(GetProcessHeap(),
85  HEAP_ZERO_MEMORY,
86  FIELD_OFFSET(LOGHANDLE, szName[i]));
87  if (!pLogHandle)
88  {
89  DPRINT1("Failed to allocate Heap!\n");
90  return STATUS_NO_MEMORY;
91  }
92 
93  StringCchCopyW(pLogHandle->szName, i, LogName->Buffer);
94 
95  /* Get the number of Log Files the EventLog service found */
96  // NOTE: We could just as well loop only once within the list of logs
97  // and retrieve what the code below that calls LogfListItemByIndex, does!!
98  LogsActive = LogfListItemCount();
99  if (LogsActive == 0)
100  {
101  DPRINT1("EventLog service reports no log files!\n");
102  Status = STATUS_UNSUCCESSFUL;
103  goto Done;
104  }
105 
106  /* If Creating, default to the Application Log in case we fail, as documented on MSDN */
107  if (Create)
108  {
109  pEventSource = GetEventSourceByName(LogName->Buffer);
110  DPRINT("EventSource: %p\n", pEventSource);
111  if (pEventSource)
112  {
113  DPRINT("EventSource LogFile: %p\n", pEventSource->LogFile);
114  pLogHandle->LogFile = pEventSource->LogFile;
115  }
116  else
117  {
118  DPRINT("EventSource LogFile: Application log file\n");
119  pLogHandle->LogFile = LogfListItemByName(L"Application");
120  }
121 
122  DPRINT("LogHandle LogFile: %p\n", pLogHandle->LogFile);
123  }
124  else
125  {
126  pLogHandle->LogFile = NULL;
127 
128  for (i = 1; i <= LogsActive; i++)
129  {
130  currentLogFile = LogfListItemByIndex(i);
131 
132  if (_wcsicmp(LogName->Buffer, currentLogFile->LogName) == 0)
133  {
134  pLogHandle->LogFile = currentLogFile;
135  break;
136  }
137  }
138 
139  /* Use the application log if the desired log does not exist */
140  if (pLogHandle->LogFile == NULL)
141  {
142  pLogHandle->LogFile = LogfListItemByName(L"Application");
143  if (pLogHandle->LogFile == NULL)
144  {
145  DPRINT1("Application log is missing!\n");
146  Status = STATUS_UNSUCCESSFUL;
147  goto Done;
148  }
149  }
150 
151  /* Reset the current record */
152  pLogHandle->CurrentRecord = 0;
153  }
154 
155  if (!pLogHandle->LogFile)
156  Status = STATUS_UNSUCCESSFUL;
157 
158 Done:
159  if (NT_SUCCESS(Status))
160  {
161  /* Append log handle */
162  EnterCriticalSection(&LogHandleListCs);
163  InsertTailList(&LogHandleListHead, &pLogHandle->LogHandleListEntry);
164  LeaveCriticalSection(&LogHandleListCs);
165  *LogHandle = pLogHandle;
166  }
167  else
168  {
169  HeapFree(GetProcessHeap(), 0, pLogHandle);
170  }
171 
172  return Status;
173 }
174 
175 
176 static NTSTATUS
177 ElfCreateBackupLogHandle(PLOGHANDLE* LogHandle,
178  PUNICODE_STRING FileName)
179 {
180  NTSTATUS Status = STATUS_SUCCESS;
181  PLOGHANDLE pLogHandle;
182 
183  DPRINT("ElfCreateBackupLogHandle(%wZ)\n", FileName);
184 
185  *LogHandle = NULL;
186 
187  pLogHandle = HeapAlloc(GetProcessHeap(),
188  HEAP_ZERO_MEMORY,
189  sizeof(LOGHANDLE));
190  if (pLogHandle == NULL)
191  {
192  DPRINT1("Failed to allocate Heap!\n");
193  return STATUS_NO_MEMORY;
194  }
195 
196  /* Create the log file */
197  Status = LogfCreate(&pLogHandle->LogFile,
198  NULL,
199  FileName,
200  0,
201  0,
202  FALSE,
203  TRUE);
204  if (!NT_SUCCESS(Status))
205  {
206  DPRINT1("Failed to create the log file! (Status 0x%08lx)\n", Status);
207  goto Done;
208  }
209 
210  /* Set the backup flag */
211  pLogHandle->Flags |= LOG_HANDLE_BACKUP_FILE;
212 
213  /* Reset the current record */
214  pLogHandle->CurrentRecord = 0;
215 
216 Done:
217  if (NT_SUCCESS(Status))
218  {
219  /* Append log handle */
220  EnterCriticalSection(&LogHandleListCs);
221  InsertTailList(&LogHandleListHead, &pLogHandle->LogHandleListEntry);
222  LeaveCriticalSection(&LogHandleListCs);
223  *LogHandle = pLogHandle;
224  }
225  else
226  {
227  HeapFree(GetProcessHeap(), 0, pLogHandle);
228  }
229 
230  return Status;
231 }
232 
233 
234 static PLOGHANDLE
235 ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
236 {
237  PLIST_ENTRY CurrentEntry;
238  PLOGHANDLE Handle, pLogHandle = NULL;
239 
240  EnterCriticalSection(&LogHandleListCs);
241 
242  CurrentEntry = LogHandleListHead.Flink;
243  while (CurrentEntry != &LogHandleListHead)
244  {
245  Handle = CONTAINING_RECORD(CurrentEntry,
246  LOGHANDLE,
247  LogHandleListEntry);
248  CurrentEntry = CurrentEntry->Flink;
249 
250  if (Handle == EventLogHandle)
251  {
252  pLogHandle = Handle;
253  break;
254  }
255  }
256 
257  LeaveCriticalSection(&LogHandleListCs);
258 
259  return pLogHandle;
260 }
261 
262 
263 static NTSTATUS
264 ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
265 {
266  PLOGHANDLE pLogHandle;
267 
268  pLogHandle = ElfGetLogHandleEntryByHandle(*LogHandle);
269  if (!pLogHandle)
270  return STATUS_INVALID_HANDLE;
271 
272  EnterCriticalSection(&LogHandleListCs);
273  RemoveEntryList(&pLogHandle->LogHandleListEntry);
274  LeaveCriticalSection(&LogHandleListCs);
275 
276  LogfClose(pLogHandle->LogFile, FALSE);
277 
278  HeapFree(GetProcessHeap(), 0, pLogHandle);
279 
280  *LogHandle = NULL;
281 
282  return STATUS_SUCCESS;
283 }
284 
285 
286 /* Function 0 */
287 NTSTATUS
288 WINAPI
289 ElfrClearELFW(
290  IELF_HANDLE LogHandle,
291  PRPC_UNICODE_STRING BackupFileName)
292 {
293  PLOGHANDLE pLogHandle;
294 
295  DPRINT("ElfrClearELFW()\n");
296 
297  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
298  if (!pLogHandle)
299  return STATUS_INVALID_HANDLE;
300 
301  /* Fail, if the log file is a backup file */
302  if (pLogHandle->Flags & LOG_HANDLE_BACKUP_FILE)
303  return STATUS_INVALID_HANDLE;
304 
305  return LogfClearFile(pLogHandle->LogFile,
306  (PUNICODE_STRING)BackupFileName);
307 }
308 
309 
310 /* Function 1 */
311 NTSTATUS
312 WINAPI
313 ElfrBackupELFW(
314  IELF_HANDLE LogHandle,
315  PRPC_UNICODE_STRING BackupFileName)
316 {
317  PLOGHANDLE pLogHandle;
318 
319  DPRINT("ElfrBackupELFW()\n");
320 
321  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
322  if (!pLogHandle)
323  return STATUS_INVALID_HANDLE;
324 
325  return LogfBackupFile(pLogHandle->LogFile,
326  (PUNICODE_STRING)BackupFileName);
327 }
328 
329 
330 /* Function 2 */
331 NTSTATUS
332 WINAPI
333 ElfrCloseEL(
334  PIELF_HANDLE LogHandle)
335 {
336  return ElfDeleteEventLogHandle(LogHandle);
337 }
338 
339 
340 /* Function 3 */
341 NTSTATUS
342 WINAPI
343 ElfrDeregisterEventSource(
344  PIELF_HANDLE LogHandle)
345 {
346  return ElfDeleteEventLogHandle(LogHandle);
347 }
348 
349 
350 /* Function 4 */
351 NTSTATUS
352 WINAPI
353 ElfrNumberOfRecords(
354  IELF_HANDLE LogHandle,
355  PULONG NumberOfRecords)
356 {
357  PLOGHANDLE pLogHandle;
358  PLOGFILE pLogFile;
359  ULONG OldestRecordNumber, CurrentRecordNumber;
360 
361  DPRINT("ElfrNumberOfRecords()\n");
362 
363  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
364  if (!pLogHandle)
365  return STATUS_INVALID_HANDLE;
366 
367  if (!NumberOfRecords)
368  return STATUS_INVALID_PARAMETER;
369 
370  pLogFile = pLogHandle->LogFile;
371 
372  /* Lock the log file shared */
373  RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
374 
375  OldestRecordNumber = ElfGetOldestRecord(&pLogFile->LogFile);
376  CurrentRecordNumber = ElfGetCurrentRecord(&pLogFile->LogFile);
377 
378  /* Unlock the log file */
379  RtlReleaseResource(&pLogFile->Lock);
380 
381  DPRINT("Oldest: %lu Current: %lu\n",
382  OldestRecordNumber, CurrentRecordNumber);
383 
384  if (OldestRecordNumber == 0)
385  {
386  /* OldestRecordNumber == 0 when the log is empty */
387  *NumberOfRecords = 0;
388  }
389  else
390  {
391  /* The log contains events */
392  *NumberOfRecords = CurrentRecordNumber - OldestRecordNumber;
393  }
394 
395  return STATUS_SUCCESS;
396 }
397 
398 
399 /* Function 5 */
400 NTSTATUS
401 WINAPI
402 ElfrOldestRecord(
403  IELF_HANDLE LogHandle,
404  PULONG OldestRecordNumber)
405 {
406  PLOGHANDLE pLogHandle;
407  PLOGFILE pLogFile;
408 
409  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
410  if (!pLogHandle)
411  return STATUS_INVALID_HANDLE;
412 
413  if (!OldestRecordNumber)
414  return STATUS_INVALID_PARAMETER;
415 
416  pLogFile = pLogHandle->LogFile;
417 
418  /* Lock the log file shared */
419  RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
420 
421  *OldestRecordNumber = ElfGetOldestRecord(&pLogFile->LogFile);
422 
423  /* Unlock the log file */
424  RtlReleaseResource(&pLogFile->Lock);
425 
426  return STATUS_SUCCESS;
427 }
428 
429 
430 /* Function 6 */
431 NTSTATUS
432 WINAPI
433 ElfrChangeNotify(
434  IELF_HANDLE LogHandle,
435  RPC_CLIENT_ID ClientId,
436  ULONG Event)
437 {
438  UNIMPLEMENTED;
439  return STATUS_NOT_IMPLEMENTED;
440 }
441 
442 
443 /* Function 7 */
444 NTSTATUS
445 WINAPI
446 ElfrOpenELW(
447  EVENTLOG_HANDLE_W UNCServerName,
448  PRPC_UNICODE_STRING ModuleName,
449  PRPC_UNICODE_STRING RegModuleName,
450  ULONG MajorVersion,
451  ULONG MinorVersion,
452  PIELF_HANDLE LogHandle)
453 {
454  if ((MajorVersion != 1) || (MinorVersion != 1))
455  return STATUS_INVALID_PARAMETER;
456 
457  /* RegModuleName must be an empty string */
458  if (RegModuleName->Length > 0)
459  return STATUS_INVALID_PARAMETER;
460 
461  /* FIXME: UNCServerName must specify the server */
462 
463  /* FIXME: Must verify that caller has read access */
464 
465  return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
466  (PUNICODE_STRING)ModuleName,
467  FALSE);
468 }
469 
470 
471 /* Function 8 */
472 NTSTATUS
473 WINAPI
474 ElfrRegisterEventSourceW(
475  EVENTLOG_HANDLE_W UNCServerName,
476  PRPC_UNICODE_STRING ModuleName,
477  PRPC_UNICODE_STRING RegModuleName,
478  ULONG MajorVersion,
479  ULONG MinorVersion,
480  PIELF_HANDLE LogHandle)
481 {
482  DPRINT("ElfrRegisterEventSourceW()\n");
483 
484  if ((MajorVersion != 1) || (MinorVersion != 1))
485  return STATUS_INVALID_PARAMETER;
486 
487  /* RegModuleName must be an empty string */
488  if (RegModuleName->Length > 0)
489  return STATUS_INVALID_PARAMETER;
490 
491  DPRINT("ModuleName: %wZ\n", ModuleName);
492 
493  /* FIXME: UNCServerName must specify the server or empty for local */
494 
495  /* FIXME: Must verify that caller has write access */
496 
497  return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
498  (PUNICODE_STRING)ModuleName,
499  TRUE);
500 }
501 
502 
503 /* Function 9 */
504 NTSTATUS
505 WINAPI
506 ElfrOpenBELW(
507  EVENTLOG_HANDLE_W UNCServerName,
508  PRPC_UNICODE_STRING BackupFileName,
509  ULONG MajorVersion,
510  ULONG MinorVersion,
511  PIELF_HANDLE LogHandle)
512 {
513  DPRINT("ElfrOpenBELW(%wZ)\n", BackupFileName);
514 
515  if ((MajorVersion != 1) || (MinorVersion != 1))
516  return STATUS_INVALID_PARAMETER;
517 
518  /* FIXME: UNCServerName must specify the server */
519 
520  /* FIXME: Must verify that caller has read access */
521 
522  return ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
523  (PUNICODE_STRING)BackupFileName);
524 }
525 
526 
527 /* Function 10 */
528 NTSTATUS
529 WINAPI
530 ElfrReadELW(
531  IELF_HANDLE LogHandle,
532  ULONG ReadFlags,
533  ULONG RecordOffset,
534  RULONG NumberOfBytesToRead,
535  PBYTE Buffer,
536  PULONG NumberOfBytesRead,
537  PULONG MinNumberOfBytesNeeded)
538 {
539  NTSTATUS Status;
540  PLOGHANDLE pLogHandle;
541  ULONG RecordNumber;
542 
543  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
544  if (!pLogHandle)
545  return STATUS_INVALID_HANDLE;
546 
547  if (!Buffer)
548  return STATUS_INVALID_PARAMETER;
549 
550  /* If sequential read, retrieve the CurrentRecord from this log handle */
551  if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
552  {
553  RecordNumber = pLogHandle->CurrentRecord;
554  }
555  else // (ReadFlags & EVENTLOG_SEEK_READ)
556  {
557  RecordNumber = RecordOffset;
558  }
559 
560  Status = LogfReadEvents(pLogHandle->LogFile,
561  ReadFlags,
562  &RecordNumber,
563  NumberOfBytesToRead,
564  Buffer,
565  NumberOfBytesRead,
566  MinNumberOfBytesNeeded,
567  FALSE);
568 
569  /* Update the handle's CurrentRecord if success */
570  if (NT_SUCCESS(Status))
571  {
572  pLogHandle->CurrentRecord = RecordNumber;
573  }
574 
575  return Status;
576 }
577 
578 
579 /* Helper function for ElfrReportEventW/A and ElfrReportEventAndSourceW */
580 NTSTATUS
581 ElfrIntReportEventW(
582  IELF_HANDLE LogHandle,
583  ULONG Time,
584  USHORT EventType,
585  USHORT EventCategory,
586  ULONG EventID,
587  PRPC_UNICODE_STRING SourceName OPTIONAL,
588  USHORT NumStrings,
589  ULONG DataSize,
590  PRPC_UNICODE_STRING ComputerName,
591  PRPC_SID UserSID,
592  PRPC_UNICODE_STRING Strings[],
593  PBYTE Data,
594  USHORT Flags,
595  PULONG RecordNumber,
596  PULONG TimeWritten)
597 {
598  NTSTATUS Status;
599  PLOGHANDLE pLogHandle;
600  UNICODE_STRING LocalSourceName, LocalComputerName;
601  PEVENTLOGRECORD LogBuffer;
602  USHORT i;
603  SIZE_T RecSize;
604  ULONG dwStringsSize = 0;
605  ULONG dwUserSidLength = 0;
606  PWSTR lpStrings, str;
607 
608  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
609  if (!pLogHandle)
610  return STATUS_INVALID_HANDLE;
611 
612  /* Flags must be 0 */
613  if (Flags)
614  return STATUS_INVALID_PARAMETER;
615 
616  for (i = 0; i < NumStrings; i++)
617  {
618  switch (EventType)
619  {
620  case EVENTLOG_SUCCESS:
621  DPRINT("Success: %wZ\n", Strings[i]);
622  break;
623 
624  case EVENTLOG_ERROR_TYPE:
625  DPRINT("Error: %wZ\n", Strings[i]);
626  break;
627 
628  case EVENTLOG_WARNING_TYPE:
629  DPRINT("Warning: %wZ\n", Strings[i]);
630  break;
631 
632  case EVENTLOG_INFORMATION_TYPE:
633  DPRINT("Info: %wZ\n", Strings[i]);
634  break;
635 
636  case EVENTLOG_AUDIT_SUCCESS:
637  DPRINT("Audit Success: %wZ\n", Strings[i]);
638  break;
639 
640  case EVENTLOG_AUDIT_FAILURE:
641  DPRINT("Audit Failure: %wZ\n", Strings[i]);
642  break;
643 
644  default:
645  DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
646  break;
647  }
648  dwStringsSize += Strings[i]->Length + sizeof(UNICODE_NULL);
649  }
650 
651  lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
652  if (!lpStrings)
653  {
654  DPRINT1("Failed to allocate heap\n");
655  return STATUS_NO_MEMORY;
656  }
657 
658  str = lpStrings;
659  for (i = 0; i < NumStrings; i++)
660  {
661  RtlCopyMemory(str, Strings[i]->Buffer, Strings[i]->Length);
662  str += Strings[i]->Length / sizeof(WCHAR);
663  *str = UNICODE_NULL;
664  str++;
665  }
666 
667  if (UserSID)
668  dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
669 
670  if (SourceName && SourceName->Buffer)
671  LocalSourceName = *(PUNICODE_STRING)SourceName;
672  else
673  RtlInitUnicodeString(&LocalSourceName, pLogHandle->szName);
674 
675  LocalComputerName = *(PUNICODE_STRING)ComputerName;
676 
677  LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
678  Time,
679  EventType,
680  EventCategory,
681  EventID,
682  &LocalSourceName,
683  &LocalComputerName,
684  dwUserSidLength,
685  UserSID,
686  NumStrings,
687  lpStrings,
688  DataSize,
689  Data);
690  if (LogBuffer == NULL)
691  {
692  DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
693  HeapFree(GetProcessHeap(), 0, lpStrings);
694  return STATUS_NO_MEMORY;
695  }
696 
697  Status = LogfWriteRecord(pLogHandle->LogFile, LogBuffer, RecSize);
698  if (!NT_SUCCESS(Status))
699  {
700  DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
701  pLogHandle->LogFile->LogName, Status);
702  }
703 
704  if (NT_SUCCESS(Status))
705  {
706  /* Retrieve the two fields that were set by LogfWriteRecord into the record */
707  if (RecordNumber)
708  *RecordNumber = LogBuffer->RecordNumber;
709  if (TimeWritten)
710  *TimeWritten = LogBuffer->TimeWritten;
711  }
712 
713  LogfFreeRecord(LogBuffer);
714 
715  HeapFree(GetProcessHeap(), 0, lpStrings);
716 
717  return Status;
718 }
719 
720 
721 /* Function 11 */
722 NTSTATUS
723 WINAPI
724 ElfrReportEventW(
725  IELF_HANDLE LogHandle,
726  ULONG Time,
727  USHORT EventType,
728  USHORT EventCategory,
729  ULONG EventID,
730  USHORT NumStrings,
731  ULONG DataSize,
732  PRPC_UNICODE_STRING ComputerName,
733  PRPC_SID UserSID,
734  PRPC_UNICODE_STRING Strings[],
735  PBYTE Data,
736  USHORT Flags,
737  PULONG RecordNumber,
738  PULONG TimeWritten)
739 {
740  /* Call the helper function. The event source is provided via the log handle. */
741  return ElfrIntReportEventW(LogHandle,
742  Time,
743  EventType,
744  EventCategory,
745  EventID,
746  NULL,
747  NumStrings,
748  DataSize,
749  ComputerName,
750  UserSID,
751  Strings,
752  Data,
753  Flags,
754  RecordNumber,
755  TimeWritten);
756 }
757 
758 
759 /* Function 12 */
760 NTSTATUS
761 WINAPI
762 ElfrClearELFA(
763  IELF_HANDLE LogHandle,
764  PRPC_STRING BackupFileName)
765 {
766  NTSTATUS Status;
767  UNICODE_STRING BackupFileNameW;
768 
769  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
770  (PANSI_STRING)BackupFileName,
771  TRUE);
772  if (!NT_SUCCESS(Status))
773  return Status;
774 
775  Status = ElfrClearELFW(LogHandle,
776  (PRPC_UNICODE_STRING)&BackupFileNameW);
777 
778  RtlFreeUnicodeString(&BackupFileNameW);
779 
780  return Status;
781 }
782 
783 
784 /* Function 13 */
785 NTSTATUS
786 WINAPI
787 ElfrBackupELFA(
788  IELF_HANDLE LogHandle,
789  PRPC_STRING BackupFileName)
790 {
791  NTSTATUS Status;
792  UNICODE_STRING BackupFileNameW;
793 
794  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
795  (PANSI_STRING)BackupFileName,
796  TRUE);
797  if (!NT_SUCCESS(Status))
798  return Status;
799 
800  Status = ElfrBackupELFW(LogHandle,
801  (PRPC_UNICODE_STRING)&BackupFileNameW);
802 
803  RtlFreeUnicodeString(&BackupFileNameW);
804 
805  return Status;
806 }
807 
808 
809 /* Function 14 */
810 NTSTATUS
811 WINAPI
812 ElfrOpenELA(
813  EVENTLOG_HANDLE_A UNCServerName,
814  PRPC_STRING ModuleName,
815  PRPC_STRING RegModuleName,
816  ULONG MajorVersion,
817  ULONG MinorVersion,
818  PIELF_HANDLE LogHandle)
819 {
820  NTSTATUS Status;
821  UNICODE_STRING ModuleNameW;
822 
823  if ((MajorVersion != 1) || (MinorVersion != 1))
824  return STATUS_INVALID_PARAMETER;
825 
826  /* RegModuleName must be an empty string */
827  if (RegModuleName->Length > 0)
828  return STATUS_INVALID_PARAMETER;
829 
830  Status = RtlAnsiStringToUnicodeString(&ModuleNameW, (PANSI_STRING)ModuleName, TRUE);
831  if (!NT_SUCCESS(Status))
832  return Status;
833 
834  /* FIXME: Must verify that caller has read access */
835 
836  Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
837  &ModuleNameW,
838  FALSE);
839 
840  RtlFreeUnicodeString(&ModuleNameW);
841 
842  return Status;
843 }
844 
845 
846 /* Function 15 */
847 NTSTATUS
848 WINAPI
849 ElfrRegisterEventSourceA(
850  EVENTLOG_HANDLE_A UNCServerName,
851  PRPC_STRING ModuleName,
852  PRPC_STRING RegModuleName,
853  ULONG MajorVersion,
854  ULONG MinorVersion,
855  PIELF_HANDLE LogHandle)
856 {
857  NTSTATUS Status;
858  UNICODE_STRING ModuleNameW;
859 
860  Status = RtlAnsiStringToUnicodeString(&ModuleNameW,
861  (PANSI_STRING)ModuleName,
862  TRUE);
863  if (!NT_SUCCESS(Status))
864  {
865  DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
866  return Status;
867  }
868 
869  /* RegModuleName must be an empty string */
870  if (RegModuleName->Length > 0)
871  {
872  RtlFreeUnicodeString(&ModuleNameW);
873  return STATUS_INVALID_PARAMETER;
874  }
875 
876  if ((MajorVersion != 1) || (MinorVersion != 1))
877  {
878  RtlFreeUnicodeString(&ModuleNameW);
879  return STATUS_INVALID_PARAMETER;
880  }
881 
882  /* FIXME: Must verify that caller has write access */
883 
884  Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
885  &ModuleNameW,
886  TRUE);
887 
888  RtlFreeUnicodeString(&ModuleNameW);
889 
890  return Status;
891 }
892 
893 
894 /* Function 16 */
895 NTSTATUS
896 WINAPI
897 ElfrOpenBELA(
898  EVENTLOG_HANDLE_A UNCServerName,
899  PRPC_STRING BackupFileName,
900  ULONG MajorVersion,
901  ULONG MinorVersion,
902  PIELF_HANDLE LogHandle)
903 {
904  NTSTATUS Status;
905  UNICODE_STRING BackupFileNameW;
906 
907  DPRINT("ElfrOpenBELA(%Z)\n", BackupFileName);
908 
909  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
910  (PANSI_STRING)BackupFileName,
911  TRUE);
912  if (!NT_SUCCESS(Status))
913  {
914  DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
915  return Status;
916  }
917 
918  if ((MajorVersion != 1) || (MinorVersion != 1))
919  {
920  RtlFreeUnicodeString(&BackupFileNameW);
921  return STATUS_INVALID_PARAMETER;
922  }
923 
924  /* FIXME: UNCServerName must specify the server */
925 
926  /* FIXME: Must verify that caller has read access */
927 
928  Status = ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
929  &BackupFileNameW);
930 
931  RtlFreeUnicodeString(&BackupFileNameW);
932 
933  return Status;
934 }
935 
936 
937 /* Function 17 */
938 NTSTATUS
939 WINAPI
940 ElfrReadELA(
941  IELF_HANDLE LogHandle,
942  ULONG ReadFlags,
943  ULONG RecordOffset,
944  RULONG NumberOfBytesToRead,
945  PBYTE Buffer,
946  PULONG NumberOfBytesRead,
947  PULONG MinNumberOfBytesNeeded)
948 {
949  NTSTATUS Status;
950  PLOGHANDLE pLogHandle;
951  ULONG RecordNumber;
952 
953  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
954  if (!pLogHandle)
955  return STATUS_INVALID_HANDLE;
956 
957  if (!Buffer)
958  return STATUS_INVALID_PARAMETER;
959 
960  /* If sequential read, retrieve the CurrentRecord from this log handle */
961  if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
962  {
963  RecordNumber = pLogHandle->CurrentRecord;
964  }
965  else // (ReadFlags & EVENTLOG_SEEK_READ)
966  {
967  RecordNumber = RecordOffset;
968  }
969 
970  Status = LogfReadEvents(pLogHandle->LogFile,
971  ReadFlags,
972  &RecordNumber,
973  NumberOfBytesToRead,
974  Buffer,
975  NumberOfBytesRead,
976  MinNumberOfBytesNeeded,
977  TRUE);
978 
979  /* Update the handle's CurrentRecord if success */
980  if (NT_SUCCESS(Status))
981  {
982  pLogHandle->CurrentRecord = RecordNumber;
983  }
984 
985  return Status;
986 }
987 
988 
989 /* Function 18 */
990 NTSTATUS
991 WINAPI
992 ElfrReportEventA(
993  IELF_HANDLE LogHandle,
994  ULONG Time,
995  USHORT EventType,
996  USHORT EventCategory,
997  ULONG EventID,
998  USHORT NumStrings,
999  ULONG DataSize,
1000  PRPC_STRING ComputerName,
1001  PRPC_SID UserSID,
1002  PRPC_STRING Strings[],
1003  PBYTE Data,
1004  USHORT Flags,
1005  PULONG RecordNumber,
1006  PULONG TimeWritten)
1007 {
1008  NTSTATUS Status = STATUS_SUCCESS;
1009  UNICODE_STRING ComputerNameW;
1010  PUNICODE_STRING *StringsArrayW = NULL;
1011  USHORT i;
1012 
1013  DPRINT("ElfrReportEventA(%hu)\n", NumStrings);
1014 
1015 #if 0
1016  for (i = 0; i < NumStrings; i++)
1017  {
1018  if (Strings[i] == NULL)
1019  {
1020  DPRINT1("String %hu is null\n", i);
1021  }
1022  else
1023  {
1024  DPRINT1("String %hu: %Z\n", i, Strings[i]);
1025  }
1026  }
1027 #endif
1028 
1029  Status = RtlAnsiStringToUnicodeString((PUNICODE_STRING)&ComputerNameW,
1030  (PANSI_STRING)ComputerName,
1031  TRUE);
1032  if (!NT_SUCCESS(Status))
1033  return Status;
1034 
1035  if (NumStrings != 0)
1036  {
1037  StringsArrayW = HeapAlloc(GetProcessHeap(),
1038  HEAP_ZERO_MEMORY,
1039  NumStrings * sizeof(PUNICODE_STRING));
1040  if (StringsArrayW == NULL)
1041  {
1042  Status = STATUS_NO_MEMORY;
1043  goto Done;
1044  }
1045 
1046  for (i = 0; i < NumStrings; i++)
1047  {
1048  if (Strings[i] != NULL)
1049  {
1050  StringsArrayW[i] = HeapAlloc(GetProcessHeap(),
1051  HEAP_ZERO_MEMORY,
1052  sizeof(UNICODE_STRING));
1053  if (StringsArrayW[i] == NULL)
1054  {
1055  Status = STATUS_NO_MEMORY;
1056  break;
1057  }
1058 
1059  Status = RtlAnsiStringToUnicodeString(StringsArrayW[i],
1060  (PANSI_STRING)Strings[i],
1061  TRUE);
1062  }
1063 
1064  if (!NT_SUCCESS(Status))
1065  break;
1066  }
1067  }
1068 
1069  if (NT_SUCCESS(Status))
1070  {
1071  Status = ElfrReportEventW(LogHandle,
1072  Time,
1073  EventType,
1074  EventCategory,
1075  EventID,
1076  NumStrings,
1077  DataSize,
1078  (PRPC_UNICODE_STRING)&ComputerNameW,
1079  UserSID,
1080  (PRPC_UNICODE_STRING*)StringsArrayW,
1081  Data,
1082  Flags,
1083  RecordNumber,
1084  TimeWritten);
1085  }
1086 
1087 Done:
1088  if (StringsArrayW != NULL)
1089  {
1090  for (i = 0; i < NumStrings; i++)
1091  {
1092  if ((StringsArrayW[i] != NULL) && (StringsArrayW[i]->Buffer))
1093  {
1094  RtlFreeUnicodeString(StringsArrayW[i]);
1095  HeapFree(GetProcessHeap(), 0, StringsArrayW[i]);
1096  }
1097  }
1098 
1099  HeapFree(GetProcessHeap(), 0, StringsArrayW);
1100  }
1101 
1102  RtlFreeUnicodeString(&ComputerNameW);
1103 
1104  return Status;
1105 }
1106 
1107 
1108 /* Function 19 */
1109 NTSTATUS
1110 WINAPI
1111 ElfrRegisterClusterSvc(
1112  handle_t BindingHandle)
1113 {
1114  UNIMPLEMENTED;
1115  return STATUS_NOT_IMPLEMENTED;
1116 }
1117 
1118 
1119 /* Function 20 */
1120 NTSTATUS
1121 WINAPI
1122 ElfrDeregisterClusterSvc(
1123  handle_t BindingHandle)
1124 {
1125  UNIMPLEMENTED;
1126  return STATUS_NOT_IMPLEMENTED;
1127 }
1128 
1129 
1130 /* Function 21 */
1131 NTSTATUS
1132 WINAPI
1133 ElfrWriteClusterEvents(
1134  handle_t BindingHandle)
1135 {
1136  UNIMPLEMENTED;
1137  return STATUS_NOT_IMPLEMENTED;
1138 }
1139 
1140 
1141 /* Function 22 */
1142 NTSTATUS
1143 WINAPI
1144 ElfrGetLogInformation(
1145  IELF_HANDLE LogHandle,
1146  ULONG InfoLevel,
1147  PBYTE Buffer,
1148  ULONG cbBufSize,
1149  PULONG pcbBytesNeeded)
1150 {
1151  NTSTATUS Status = STATUS_SUCCESS;
1152  PLOGHANDLE pLogHandle;
1153  PLOGFILE pLogFile;
1154 
1155  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
1156  if (!pLogHandle)
1157  return STATUS_INVALID_HANDLE;
1158 
1159  pLogFile = pLogHandle->LogFile;
1160 
1161  /* Lock the log file shared */
1162  RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
1163 
1164  switch (InfoLevel)
1165  {
1166  case EVENTLOG_FULL_INFO:
1167  {
1168  LPEVENTLOG_FULL_INFORMATION efi = (LPEVENTLOG_FULL_INFORMATION)Buffer;
1169 
1170  *pcbBytesNeeded = sizeof(EVENTLOG_FULL_INFORMATION);
1171  if (cbBufSize < sizeof(EVENTLOG_FULL_INFORMATION))
1172  {
1173  Status = STATUS_BUFFER_TOO_SMALL;
1174  break;
1175  }
1176 
1177  efi->dwFull = !!(ElfGetFlags(&pLogFile->LogFile) & ELF_LOGFILE_LOGFULL_WRITTEN);
1178  break;
1179  }
1180 
1181  default:
1182  Status = STATUS_INVALID_LEVEL;
1183  break;
1184  }
1185 
1186  /* Unlock the log file */
1187  RtlReleaseResource(&pLogFile->Lock);
1188 
1189  return Status;
1190 }
1191 
1192 
1193 /* Function 23 */
1194 NTSTATUS
1195 WINAPI
1196 ElfrFlushEL(
1197  IELF_HANDLE LogHandle)
1198 {
1199  NTSTATUS Status;
1200  PLOGHANDLE pLogHandle;
1201  PLOGFILE pLogFile;
1202 
1203  pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
1204  if (!pLogHandle)
1205  return STATUS_INVALID_HANDLE;
1206 
1207  pLogFile = pLogHandle->LogFile;
1208 
1209  /* Lock the log file exclusive */
1210  RtlAcquireResourceExclusive(&pLogFile->Lock, TRUE);
1211 
1212  Status = ElfFlushFile(&pLogFile->LogFile);
1213 
1214  /* Unlock the log file */
1215  RtlReleaseResource(&pLogFile->Lock);
1216 
1217  return Status;
1218 }
1219 
1220 
1221 /* Function 24 */
1222 NTSTATUS
1223 WINAPI
1224 ElfrReportEventAndSourceW(
1225  IELF_HANDLE LogHandle,
1226  ULONG Time,
1227  USHORT EventType,
1228  USHORT EventCategory,
1229  ULONG EventID,
1230  PRPC_UNICODE_STRING SourceName,
1231  USHORT NumStrings,
1232  ULONG DataSize,
1233  PRPC_UNICODE_STRING ComputerName,
1234  PRPC_SID UserSID,
1235  PRPC_UNICODE_STRING Strings[],
1236  PBYTE Data,
1237  USHORT Flags,
1238  PULONG RecordNumber,
1239  PULONG TimeWritten)
1240 {
1241  /* Call the helper function. The event source is specified by the caller. */
1242  return ElfrIntReportEventW(LogHandle,
1243  Time,
1244  EventType,
1245  EventCategory,
1246  EventID,
1247  SourceName,
1248  NumStrings,
1249  DataSize,
1250  ComputerName,
1251  UserSID,
1252  Strings,
1253  Data,
1254  Flags,
1255  RecordNumber,
1256  TimeWritten);
1257 }
1258 
1259 
1260 void __RPC_FAR *__RPC_USER midl_user_allocate(SIZE_T len)
1261 {
1262  return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
1263 }
1264 
1265 
1266 void __RPC_USER midl_user_free(void __RPC_FAR * ptr)
1267 {
1268  HeapFree(GetProcessHeap(), 0, ptr);
1269 }
1270 
1271 
1272 void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
1273 {
1274  /* Close the handle */
1275  ElfDeleteEventLogHandle(&LogHandle); // ElfrCloseEL(&LogHandle);
1276 }
EVENTLOG_HANDLE_W
LPWSTR EVENTLOG_HANDLE_W
Definition: eventlogrpc.idl:24
ElfrGetLogInformation
NTSTATUS WINAPI ElfrGetLogInformation(IELF_HANDLE LogHandle, ULONG InfoLevel, PBYTE Buffer, ULONG cbBufSize, PULONG pcbBytesNeeded)
Definition: rpc.c:1144
ElfGetOldestRecord
ULONG NTAPI ElfGetOldestRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1589
_EVENTLOG_FULL_INFORMATION::dwFull
DWORD dwFull
Definition: winbase.h:1117
_EVENTLOGRECORD
Definition: winnt_old.h:2636
pcbBytesNeeded
_In_ DWORD _In_ DWORD _Out_ LPDWORD pcbBytesNeeded
Definition: winsvc.h:424
TRUE
#define TRUE
Definition: types.h:120
RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
ElfrBackupELFA
NTSTATUS WINAPI ElfrBackupELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:787
MinorVersion
ULONG MinorVersion
Definition: ros_glue.cpp:5
MajorVersion
ULONG MajorVersion
Definition: ros_glue.cpp:4
_EVENTSOURCE
Definition: eventlog.h:44
ElfrReadELW
NTSTATUS WINAPI ElfrReadELW(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:530
_SID
Definition: ms-dtyp.idl:198
STATUS_NOT_IMPLEMENTED
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
_RPC_STRING::Length
USHORT Length
Definition: eventlogrpc.idl:17
ElfrWriteClusterEvents
NTSTATUS WINAPI ElfrWriteClusterEvents(handle_t BindingHandle)
Definition: rpc.c:1133
ElfCreateEventLogHandle
static NTSTATUS ElfCreateEventLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING LogName, BOOLEAN Create)
Definition: rpc.c:69
ElfrClearELFA
NTSTATUS WINAPI ElfrClearELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:762
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LogfClose
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
Definition: file.c:428
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:54
Create
_In_ BOOLEAN Create
Definition: pstypes.h:511
RtlAcquireResourceShared
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
ElfrReportEventW
NTSTATUS WINAPI ElfrReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:724
_RPC_UNICODE_STRING
Definition: msv1_0.h:51
LogfClearFile
NTSTATUS LogfClearFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:467
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
EVENTLOG_FULL_INFORMATION
struct _EVENTLOG_FULL_INFORMATION EVENTLOG_FULL_INFORMATION
LogfFreeRecord
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
ElfrOpenBELW
NTSTATUS WINAPI ElfrOpenBELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:506
_LOGHANDLE::LogHandleListEntry
LIST_ENTRY LogHandleListEntry
Definition: eventlog.h:57
BindingHandle
_In_ ULONG _Out_ HANDLE * BindingHandle
Definition: tdikrnl.h:1146
RULONG
unsigned long RULONG
Definition: eventlogrpc.idl:15
ModuleName
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
Definition: acpixf.h:1270
ElfrDeregisterEventSource
NTSTATUS WINAPI ElfrDeregisterEventSource(PIELF_HANDLE LogHandle)
Definition: rpc.c:343
ElfrClearELFW
NTSTATUS WINAPI ElfrClearELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:289
LogfReadEvents
NTSTATUS LogfReadEvents(PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
Definition: file.c:721
EnterCriticalSection
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
ElfGetLogHandleEntryByHandle
static PLOGHANDLE ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
Definition: rpc.c:235
LogfListItemCount
DWORD LogfListItemCount(VOID)
Definition: file.c:118
RtlReleaseResource
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
ElfrIntReportEventW
NTSTATUS ElfrIntReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName OPTIONAL, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:581
IsListEmpty
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
_LOGFILE::LogFile
EVTLOGFILE LogFile
Definition: eventlog.h:36
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
ElfrOpenBELA
NTSTATUS WINAPI ElfrOpenBELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:897
RemoveEntryList
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
ElfrBackupELFW
NTSTATUS WINAPI ElfrBackupELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:313
RPC_STATUS
long RPC_STATUS
Definition: rpc.h:52
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
midl_user_free
void __RPC_USER midl_user_free(void __RPC_FAR *ptr)
Definition: rpc.c:1266
EVENTLOG_ERROR_TYPE
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
UNICODE_NULL
#define UNICODE_NULL
NumStrings
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT NumStrings
Definition: ndis.h:4751
ElfrCloseEL
NTSTATUS WINAPI ElfrCloseEL(PIELF_HANDLE LogHandle)
Definition: rpc.c:333
LogHandleListHead
static LIST_ENTRY LogHandleListHead
Definition: rpc.c:18
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
LogfBackupFile
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:499
_ANSI_STRING
Definition: env_spec_w32.h:375
RpcServerListen
RPC_STATUS WINAPI RpcServerListen(UINT MinimumCallThreads, UINT MaxCalls, UINT DontWait)
Definition: rpc_server.c:1520
StringCchCopyW
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
ElfCreateBackupLogHandle
static NTSTATUS ElfCreateBackupLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING FileName)
Definition: rpc.c:177
ptr
static PVOID ptr
Definition: dispmode.c:27
ElfrRegisterEventSourceW
NTSTATUS WINAPI ElfrRegisterEventSourceW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:474
_EVENTSOURCE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:47
RPC_C_LISTEN_MAX_CALLS_DEFAULT
#define RPC_C_LISTEN_MAX_CALLS_DEFAULT
Definition: rpcdce.h:122
EVENTLOG_AUDIT_FAILURE
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
ElfrOpenELA
NTSTATUS WINAPI ElfrOpenELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:812
str
const WCHAR * str
Definition: rpc_transport.c:2454
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
ElfrChangeNotify
NTSTATUS WINAPI ElfrChangeNotify(IELF_HANDLE LogHandle, RPC_CLIENT_ID ClientId, ULONG Event)
Definition: rpc.c:433
InitializeCriticalSection
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:751
NULL
smooth NULL
Definition: ftsmooth.c:416
ElfDeleteEventLogHandle
static NTSTATUS ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
Definition: rpc.c:264
LogHandleListCs
static CRITICAL_SECTION LogHandleListCs
Definition: rpc.c:19
DPRINT
void DPRINT(...)
Definition: polytest.cpp:61
_FileName
Definition: filecomp.c:347
Buffer
Definition: bufpool.h:45
GetEventSourceByName
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
ELF_LOGFILE_LOGFULL_WRITTEN
#define ELF_LOGFILE_LOGFULL_WRITTEN
Definition: evtlib.h:50
_RPC_STRING
Definition: eventlogrpc.idl:16
__RPC_FAR
#define __RPC_FAR
Definition: rpc.h:56
_LOGHANDLE::CurrentRecord
ULONG CurrentRecord
Definition: eventlog.h:60
__RPC_USER
#define __RPC_USER
Definition: rpc.h:65
CONTAINING_RECORD
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
ElfrRegisterClusterSvc
NTSTATUS WINAPI ElfrRegisterClusterSvc(handle_t BindingHandle)
Definition: rpc.c:1111
_LOGHANDLE::Flags
ULONG Flags
Definition: eventlog.h:61
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
Handle
_In_ HANDLE Handle
Definition: extypes.h:390
_LOGHANDLE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:59
EVENTLOG_SUCCESS
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
LogfListItemByIndex
PLOGFILE LogfListItemByIndex(DWORD Index)
Definition: file.c:93
ClientId
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1176
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:403
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
STATUS_INVALID_LEVEL
#define STATUS_INVALID_LEVEL
Definition: ntstatus.h:550
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
DeleteCriticalSection
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
EVENTLOG_WARNING_TYPE
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ElfGetCurrentRecord
ULONG NTAPI ElfGetCurrentRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1598
ElfrOpenELW
NTSTATUS WINAPI ElfrOpenELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:446
EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2624
_LOGFILE::Lock
RTL_RESOURCE Lock
Definition: eventlog.h:39
WINAPI
#define WINAPI
Definition: msvc.h:6
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
cbBufSize
_In_ DWORD _In_ DWORD cbBufSize
Definition: winsvc.h:424
LOG_HANDLE_BACKUP_FILE
#define LOG_HANDLE_BACKUP_FILE
Definition: eventlog.h:53
RpcServerRegisterIf
RPC_STATUS WINAPI RpcServerRegisterIf(RPC_IF_HANDLE IfSpec, UUID *MgrTypeUuid, RPC_MGR_EPV *MgrEpv)
Definition: rpc_server.c:1116
RtlFreeUnicodeString
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
Strings
static const WCHAR Strings[]
Definition: reg.c:35
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
ElfrDeregisterClusterSvc
NTSTATUS WINAPI ElfrDeregisterClusterSvc(handle_t BindingHandle)
Definition: rpc.c:1122
LPEVENTLOG_FULL_INFORMATION
struct _EVENTLOG_FULL_INFORMATION * LPEVENTLOG_FULL_INFORMATION
RpcThreadRoutine
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpc.c:26
L
static const WCHAR L[]
Definition: oid.c:1250
EVENTLOG_FULL_INFO
#define EVENTLOG_FULL_INFO
Definition: winbase.h:1114
_LOGFILE::LogName
WCHAR * LogName
Definition: eventlog.h:38
lpParameter
LPVOID lpParameter
Definition: kernel32.h:241
LogfAllocAndBuildNewRecord
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
_EVENTLOG_FULL_INFORMATION
Definition: winbase.h:1116
_EVENTLOGRECORD::RecordNumber
DWORD RecordNumber
Definition: winnt_old.h:2639
IELF_HANDLE
PVOID IELF_HANDLE
Definition: eventlogrpc.idl:22
len
GLenum GLsizei len
Definition: glext.h:6722
_LIST_ENTRY
Definition: typedefs.h:117
_RPC_UNICODE_STRING::Length
unsigned short Length
Definition: msv1_0.h:53
midl_user_allocate
void __RPC_FAR *__RPC_USER midl_user_allocate(SIZE_T len)
Definition: rpc.c:1260
Status
Status
Definition: gdiplustypes.h:24
RpcServerUseProtseqEpW
RPC_STATUS WINAPI RpcServerUseProtseqEpW(RPC_WSTR Protseq, UINT MaxCalls, RPC_WSTR Endpoint, LPVOID SecurityDescriptor)
Definition: rpc_server.c:927
_LOGHANDLE::szName
WCHAR szName[1]
Definition: eventlog.h:62
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:78
_UNICODE_STRING
Definition: env_spec_w32.h:368
_RPC_SID
Definition: msv1_0.h:43
ElfGetFlags
ULONG NTAPI ElfGetFlags(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1607
IELF_HANDLE_rundown
void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
Definition: rpc.c:1272
USHORT
unsigned short USHORT
Definition: pedump.c:61
RtlAnsiStringToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
ElfrReadELA
NTSTATUS WINAPI ElfrReadELA(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:940
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
_RPC_SID::SubAuthorityCount
UCHAR SubAuthorityCount
Definition: msv1_0.h:46
_LOGHANDLE
Definition: eventlog.h:55
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
PULONG
unsigned int * PULONG
Definition: retypes.h:1
LogfWriteRecord
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
SourceName
WCHAR SourceName[256]
Definition: arping.c:28
ElfrFlushEL
NTSTATUS WINAPI ElfrFlushEL(IELF_HANDLE LogHandle)
Definition: rpc.c:1196
_EVENTLOGRECORD::TimeWritten
DWORD TimeWritten
Definition: winnt_old.h:2641
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
PUNICODE_STRING
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
ElfrReportEventA
NTSTATUS WINAPI ElfrReportEventA(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:992
LogfCreate
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
DPRINT1
#define DPRINT1
Definition: precomp.h:8
ElfrRegisterEventSourceA
NTSTATUS WINAPI ElfrRegisterEventSourceA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:849
szName
static const WCHAR szName[]
Definition: msipriv.h:1194
ElfFlushFile
NTSTATUS NTAPI ElfFlushFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1134
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:114
EventType
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
Definition: exfuncs.h:165
EVENTLOG_AUDIT_SUCCESS
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
_RPC_CLIENT_ID
Definition: eventlogrpc.idl:27
LeaveCriticalSection
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
LogHandle
_In_ UINT _Out_ PNDIS_HANDLE LogHandle
Definition: ndis.h:5381
ElfrNumberOfRecords
NTSTATUS WINAPI ElfrNumberOfRecords(IELF_HANDLE LogHandle, PULONG NumberOfRecords)
Definition: rpc.c:353
LogfListItemByName
PLOGFILE LogfListItemByName(LPCWSTR Name)
Definition: file.c:33
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:2938
_CRITICAL_SECTION
Definition: winbase.h:865
EVENTLOG_HANDLE_A
LPSTR EVENTLOG_HANDLE_A
Definition: eventlogrpc.idl:25
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:402
DataSize
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4751
Time
static PLARGE_INTEGER Time
Definition: time.c:105
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
ElfrReportEventAndSourceW
NTSTATUS WINAPI ElfrReportEventAndSourceW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:1224
RPC_S_OK
#define RPC_S_OK
Definition: rpcnterr.h:22
ElfrOldestRecord
NTSTATUS WINAPI ElfrOldestRecord(IELF_HANDLE LogHandle, PULONG OldestRecordNumber)
Definition: rpc.c:402
_LOGFILE
Definition: eventlog.h:34
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
RtlAcquireResourceExclusive
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)