ReactOS  0.4.14-dev-608-gd495a4f
rpc.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS EventLog Service
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: base/services/eventlog/rpc.c
5  * PURPOSE: RPC Port Interface support
6  * COPYRIGHT: Copyright 2005 Saveliy Tretiakov
7  * Copyright 2008 Michael Martin
8  * Copyright 2010-2011 Eric Kohl
9  */
10 
11 /* INCLUDES *****************************************************************/
12 
13 #include "eventlog.h"
14 
15 #define NDEBUG
16 #include <debug.h>
17 
20 
21 /* FUNCTIONS ****************************************************************/
22 
23 static NTSTATUS
25 
27 {
29 
32 
33  Status = RpcServerUseProtseqEpW(L"ncacn_np", 20, L"\\pipe\\EventLog", NULL);
34  if (Status != RPC_S_OK)
35  {
36  DPRINT("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
37  goto Quit;
38  }
39 
40  Status = RpcServerRegisterIf(eventlog_v0_0_s_ifspec, NULL, NULL);
41  if (Status != RPC_S_OK)
42  {
43  DPRINT("RpcServerRegisterIf() failed (Status %lx)\n", Status);
44  goto Quit;
45  }
46 
48  if (Status != RPC_S_OK)
49  {
50  DPRINT("RpcServerListen() failed (Status %lx)\n", Status);
51  }
52 
55  {
58  }
60 
61 Quit:
63 
64  return 0;
65 }
66 
67 
68 static NTSTATUS
70  PUNICODE_STRING LogName,
72 {
74  PLOGHANDLE pLogHandle;
75  PLOGFILE currentLogFile = NULL;
76  DWORD i, LogsActive;
77  PEVENTSOURCE pEventSource;
78 
79  DPRINT("ElfCreateEventLogHandle(%wZ)\n", LogName);
80 
81  *LogHandle = NULL;
82 
83  i = (LogName->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR);
84  pLogHandle = HeapAlloc(GetProcessHeap(),
87  if (!pLogHandle)
88  {
89  DPRINT1("Failed to allocate Heap!\n");
90  return STATUS_NO_MEMORY;
91  }
92 
93  StringCchCopyW(pLogHandle->szName, i, LogName->Buffer);
94 
95  /* Get the number of Log Files the EventLog service found */
96  // NOTE: We could just as well loop only once within the list of logs
97  // and retrieve what the code below that calls LogfListItemByIndex, does!!
98  LogsActive = LogfListItemCount();
99  if (LogsActive == 0)
100  {
101  DPRINT1("EventLog service reports no log files!\n");
103  goto Done;
104  }
105 
106  /* If Creating, default to the Application Log in case we fail, as documented on MSDN */
107  if (Create)
108  {
109  pEventSource = GetEventSourceByName(LogName->Buffer);
110  DPRINT("EventSource: %p\n", pEventSource);
111  if (pEventSource)
112  {
113  DPRINT("EventSource LogFile: %p\n", pEventSource->LogFile);
114  pLogHandle->LogFile = pEventSource->LogFile;
115  }
116  else
117  {
118  DPRINT("EventSource LogFile: Application log file\n");
119  pLogHandle->LogFile = LogfListItemByName(L"Application");
120  }
121 
122  DPRINT("LogHandle LogFile: %p\n", pLogHandle->LogFile);
123  }
124  else
125  {
126  pLogHandle->LogFile = NULL;
127 
128  for (i = 1; i <= LogsActive; i++)
129  {
130  currentLogFile = LogfListItemByIndex(i);
131 
132  if (_wcsicmp(LogName->Buffer, currentLogFile->LogName) == 0)
133  {
134  pLogHandle->LogFile = currentLogFile;
135  break;
136  }
137  }
138 
139  /* Use the application log if the desired log does not exist */
140  if (pLogHandle->LogFile == NULL)
141  {
142  pLogHandle->LogFile = LogfListItemByName(L"Application");
143  if (pLogHandle->LogFile == NULL)
144  {
145  DPRINT1("Application log is missing!\n");
147  goto Done;
148  }
149  }
150 
151  /* Reset the current record */
152  pLogHandle->CurrentRecord = 0;
153  }
154 
155  if (!pLogHandle->LogFile)
157 
158 Done:
159  if (NT_SUCCESS(Status))
160  {
161  /* Append log handle */
165  *LogHandle = pLogHandle;
166  }
167  else
168  {
169  HeapFree(GetProcessHeap(), 0, pLogHandle);
170  }
171 
172  return Status;
173 }
174 
175 
176 static NTSTATUS
179 {
181  PLOGHANDLE pLogHandle;
182 
183  DPRINT("ElfCreateBackupLogHandle(%wZ)\n", FileName);
184 
185  *LogHandle = NULL;
186 
187  pLogHandle = HeapAlloc(GetProcessHeap(),
189  sizeof(LOGHANDLE));
190  if (pLogHandle == NULL)
191  {
192  DPRINT1("Failed to allocate Heap!\n");
193  return STATUS_NO_MEMORY;
194  }
195 
196  /* Create the log file */
197  Status = LogfCreate(&pLogHandle->LogFile,
198  NULL,
199  FileName,
200  0,
201  0,
202  FALSE,
203  TRUE);
204  if (!NT_SUCCESS(Status))
205  {
206  DPRINT1("Failed to create the log file! (Status 0x%08lx)\n", Status);
207  goto Done;
208  }
209 
210  /* Set the backup flag */
211  pLogHandle->Flags |= LOG_HANDLE_BACKUP_FILE;
212 
213  /* Reset the current record */
214  pLogHandle->CurrentRecord = 0;
215 
216 Done:
217  if (NT_SUCCESS(Status))
218  {
219  /* Append log handle */
223  *LogHandle = pLogHandle;
224  }
225  else
226  {
227  HeapFree(GetProcessHeap(), 0, pLogHandle);
228  }
229 
230  return Status;
231 }
232 
233 
234 static PLOGHANDLE
236 {
237  PLIST_ENTRY CurrentEntry;
238  PLOGHANDLE Handle, pLogHandle = NULL;
239 
241 
242  CurrentEntry = LogHandleListHead.Flink;
243  while (CurrentEntry != &LogHandleListHead)
244  {
245  Handle = CONTAINING_RECORD(CurrentEntry,
246  LOGHANDLE,
247  LogHandleListEntry);
248  CurrentEntry = CurrentEntry->Flink;
249 
250  if (Handle == EventLogHandle)
251  {
252  pLogHandle = Handle;
253  break;
254  }
255  }
256 
258 
259  return pLogHandle;
260 }
261 
262 
263 static NTSTATUS
265 {
266  PLOGHANDLE pLogHandle;
267 
269  if (!pLogHandle)
270  return STATUS_INVALID_HANDLE;
271 
273  RemoveEntryList(&pLogHandle->LogHandleListEntry);
275 
276  LogfClose(pLogHandle->LogFile, FALSE);
277 
278  HeapFree(GetProcessHeap(), 0, pLogHandle);
279 
280  *LogHandle = NULL;
281 
282  return STATUS_SUCCESS;
283 }
284 
285 
286 /* Function 0 */
287 NTSTATUS
288 WINAPI
291  PRPC_UNICODE_STRING BackupFileName)
292 {
293  PLOGHANDLE pLogHandle;
294 
295  DPRINT("ElfrClearELFW()\n");
296 
298  if (!pLogHandle)
299  return STATUS_INVALID_HANDLE;
300 
301  /* Fail, if the log file is a backup file */
302  if (pLogHandle->Flags & LOG_HANDLE_BACKUP_FILE)
303  return STATUS_INVALID_HANDLE;
304 
305  return LogfClearFile(pLogHandle->LogFile,
306  (PUNICODE_STRING)BackupFileName);
307 }
308 
309 
310 /* Function 1 */
311 NTSTATUS
312 WINAPI
315  PRPC_UNICODE_STRING BackupFileName)
316 {
317  PLOGHANDLE pLogHandle;
318 
319  DPRINT("ElfrBackupELFW()\n");
320 
322  if (!pLogHandle)
323  return STATUS_INVALID_HANDLE;
324 
325  return LogfBackupFile(pLogHandle->LogFile,
326  (PUNICODE_STRING)BackupFileName);
327 }
328 
329 
330 /* Function 2 */
331 NTSTATUS
332 WINAPI
335 {
337 }
338 
339 
340 /* Function 3 */
341 NTSTATUS
342 WINAPI
345 {
347 }
348 
349 
350 /* Function 4 */
351 NTSTATUS
352 WINAPI
355  PULONG NumberOfRecords)
356 {
357  PLOGHANDLE pLogHandle;
358  PLOGFILE pLogFile;
359  ULONG OldestRecordNumber, CurrentRecordNumber;
360 
361  DPRINT("ElfrNumberOfRecords()\n");
362 
364  if (!pLogHandle)
365  return STATUS_INVALID_HANDLE;
366 
367  if (!NumberOfRecords)
369 
370  pLogFile = pLogHandle->LogFile;
371 
372  /* Lock the log file shared */
373  RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
374 
375  OldestRecordNumber = ElfGetOldestRecord(&pLogFile->LogFile);
376  CurrentRecordNumber = ElfGetCurrentRecord(&pLogFile->LogFile);
377 
378  /* Unlock the log file */
379  RtlReleaseResource(&pLogFile->Lock);
380 
381  DPRINT("Oldest: %lu Current: %lu\n",
382  OldestRecordNumber, CurrentRecordNumber);
383 
384  if (OldestRecordNumber == 0)
385  {
386  /* OldestRecordNumber == 0 when the log is empty */
387  *NumberOfRecords = 0;
388  }
389  else
390  {
391  /* The log contains events */
392  *NumberOfRecords = CurrentRecordNumber - OldestRecordNumber;
393  }
394 
395  return STATUS_SUCCESS;
396 }
397 
398 
399 /* Function 5 */
400 NTSTATUS
401 WINAPI
404  PULONG OldestRecordNumber)
405 {
406  PLOGHANDLE pLogHandle;
407  PLOGFILE pLogFile;
408 
410  if (!pLogHandle)
411  return STATUS_INVALID_HANDLE;
412 
413  if (!OldestRecordNumber)
415 
416  pLogFile = pLogHandle->LogFile;
417 
418  /* Lock the log file shared */
419  RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
420 
421  *OldestRecordNumber = ElfGetOldestRecord(&pLogFile->LogFile);
422 
423  /* Unlock the log file */
424  RtlReleaseResource(&pLogFile->Lock);
425 
426  return STATUS_SUCCESS;
427 }
428 
429 
430 /* Function 6 */
431 NTSTATUS
432 WINAPI
436  ULONG Event)
437 {
439  return STATUS_NOT_IMPLEMENTED;
440 }
441 
442 
443 /* Function 7 */
444 NTSTATUS
445 WINAPI
447  EVENTLOG_HANDLE_W UNCServerName,
449  PRPC_UNICODE_STRING RegModuleName,
453 {
454  if ((MajorVersion != 1) || (MinorVersion != 1))
456 
457  /* RegModuleName must be an empty string */
458  if (RegModuleName->Length > 0)
460 
461  /* FIXME: UNCServerName must specify the server */
462 
463  /* FIXME: Must verify that caller has read access */
464 
467  FALSE);
468 }
469 
470 
471 /* Function 8 */
472 NTSTATUS
473 WINAPI
475  EVENTLOG_HANDLE_W UNCServerName,
477  PRPC_UNICODE_STRING RegModuleName,
481 {
482  DPRINT("ElfrRegisterEventSourceW()\n");
483 
484  if ((MajorVersion != 1) || (MinorVersion != 1))
486 
487  /* RegModuleName must be an empty string */
488  if (RegModuleName->Length > 0)
490 
491  DPRINT("ModuleName: %wZ\n", ModuleName);
492 
493  /* FIXME: UNCServerName must specify the server or empty for local */
494 
495  /* FIXME: Must verify that caller has write access */
496 
499  TRUE);
500 }
501 
502 
503 /* Function 9 */
504 NTSTATUS
505 WINAPI
507  EVENTLOG_HANDLE_W UNCServerName,
508  PRPC_UNICODE_STRING BackupFileName,
512 {
513  DPRINT("ElfrOpenBELW(%wZ)\n", BackupFileName);
514 
515  if ((MajorVersion != 1) || (MinorVersion != 1))
517 
518  /* FIXME: UNCServerName must specify the server */
519 
520  /* FIXME: Must verify that caller has read access */
521 
523  (PUNICODE_STRING)BackupFileName);
524 }
525 
526 
527 /* Function 10 */
528 NTSTATUS
529 WINAPI
532  ULONG ReadFlags,
533  ULONG RecordOffset,
534  RULONG NumberOfBytesToRead,
535  PBYTE Buffer,
536  PULONG NumberOfBytesRead,
537  PULONG MinNumberOfBytesNeeded)
538 {
540  PLOGHANDLE pLogHandle;
541  ULONG RecordNumber;
542 
544  if (!pLogHandle)
545  return STATUS_INVALID_HANDLE;
546 
547  if (!Buffer)
549 
550  /* If sequential read, retrieve the CurrentRecord from this log handle */
551  if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
552  {
553  RecordNumber = pLogHandle->CurrentRecord;
554  }
555  else // (ReadFlags & EVENTLOG_SEEK_READ)
556  {
557  RecordNumber = RecordOffset;
558  }
559 
560  Status = LogfReadEvents(pLogHandle->LogFile,
561  ReadFlags,
562  &RecordNumber,
563  NumberOfBytesToRead,
564  Buffer,
565  NumberOfBytesRead,
566  MinNumberOfBytesNeeded,
567  FALSE);
568 
569  /* Update the handle's CurrentRecord if success */
570  if (NT_SUCCESS(Status))
571  {
572  pLogHandle->CurrentRecord = RecordNumber;
573  }
574 
575  return Status;
576 }
577 
578 
579 /* Helper function for ElfrReportEventW/A and ElfrReportEventAndSourceW */
580 NTSTATUS
583  ULONG Time,
585  USHORT EventCategory,
586  ULONG EventID,
589  ULONG DataSize,
590  PRPC_UNICODE_STRING ComputerName,
591  PRPC_SID UserSID,
593  PBYTE Data,
594  USHORT Flags,
595  PULONG RecordNumber,
596  PULONG TimeWritten)
597 {
599  PLOGHANDLE pLogHandle;
600  UNICODE_STRING LocalSourceName, LocalComputerName;
601  PEVENTLOGRECORD LogBuffer;
602  USHORT i;
603  SIZE_T RecSize;
604  ULONG dwStringsSize = 0;
605  ULONG dwUserSidLength = 0;
606  PWSTR lpStrings, str;
607 
609  if (!pLogHandle)
610  return STATUS_INVALID_HANDLE;
611 
612  /* Flags must be 0 */
613  if (Flags)
615 
616  for (i = 0; i < NumStrings; i++)
617  {
618  switch (EventType)
619  {
620  case EVENTLOG_SUCCESS:
621  DPRINT("Success: %wZ\n", Strings[i]);
622  break;
623 
624  case EVENTLOG_ERROR_TYPE:
625  DPRINT("Error: %wZ\n", Strings[i]);
626  break;
627 
629  DPRINT("Warning: %wZ\n", Strings[i]);
630  break;
631 
633  DPRINT("Info: %wZ\n", Strings[i]);
634  break;
635 
637  DPRINT("Audit Success: %wZ\n", Strings[i]);
638  break;
639 
641  DPRINT("Audit Failure: %wZ\n", Strings[i]);
642  break;
643 
644  default:
645  DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
646  break;
647  }
648  dwStringsSize += Strings[i]->Length + sizeof(UNICODE_NULL);
649  }
650 
651  lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
652  if (!lpStrings)
653  {
654  DPRINT1("Failed to allocate heap\n");
655  return STATUS_NO_MEMORY;
656  }
657 
658  str = lpStrings;
659  for (i = 0; i < NumStrings; i++)
660  {
662  str += Strings[i]->Length / sizeof(WCHAR);
663  *str = UNICODE_NULL;
664  str++;
665  }
666 
667  if (UserSID)
668  dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
669 
670  if (SourceName && SourceName->Buffer)
671  LocalSourceName = *(PUNICODE_STRING)SourceName;
672  else
673  RtlInitUnicodeString(&LocalSourceName, pLogHandle->szName);
674 
675  LocalComputerName = *(PUNICODE_STRING)ComputerName;
676 
677  LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
678  Time,
679  EventType,
680  EventCategory,
681  EventID,
682  &LocalSourceName,
683  &LocalComputerName,
684  dwUserSidLength,
685  UserSID,
686  NumStrings,
687  lpStrings,
688  DataSize,
689  Data);
690  if (LogBuffer == NULL)
691  {
692  DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
693  HeapFree(GetProcessHeap(), 0, lpStrings);
694  return STATUS_NO_MEMORY;
695  }
696 
697  Status = LogfWriteRecord(pLogHandle->LogFile, LogBuffer, RecSize);
698  if (!NT_SUCCESS(Status))
699  {
700  DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
701  pLogHandle->LogFile->LogName, Status);
702  }
703 
704  if (NT_SUCCESS(Status))
705  {
706  /* Retrieve the two fields that were set by LogfWriteRecord into the record */
707  if (RecordNumber)
708  *RecordNumber = LogBuffer->RecordNumber;
709  if (TimeWritten)
710  *TimeWritten = LogBuffer->TimeWritten;
711  }
712 
713  LogfFreeRecord(LogBuffer);
714 
715  HeapFree(GetProcessHeap(), 0, lpStrings);
716 
717  return Status;
718 }
719 
720 
721 /* Function 11 */
722 NTSTATUS
723 WINAPI
726  ULONG Time,
728  USHORT EventCategory,
729  ULONG EventID,
731  ULONG DataSize,
732  PRPC_UNICODE_STRING ComputerName,
733  PRPC_SID UserSID,
735  PBYTE Data,
736  USHORT Flags,
737  PULONG RecordNumber,
738  PULONG TimeWritten)
739 {
740  /* Call the helper function. The event source is provided via the log handle. */
742  Time,
743  EventType,
744  EventCategory,
745  EventID,
746  NULL,
747  NumStrings,
748  DataSize,
749  ComputerName,
750  UserSID,
751  Strings,
752  Data,
753  Flags,
754  RecordNumber,
755  TimeWritten);
756 }
757 
758 
759 /* Function 12 */
760 NTSTATUS
761 WINAPI
764  PRPC_STRING BackupFileName)
765 {
767  UNICODE_STRING BackupFileNameW;
768 
769  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
770  (PANSI_STRING)BackupFileName,
771  TRUE);
772  if (!NT_SUCCESS(Status))
773  return Status;
774 
776  (PRPC_UNICODE_STRING)&BackupFileNameW);
777 
778  RtlFreeUnicodeString(&BackupFileNameW);
779 
780  return Status;
781 }
782 
783 
784 /* Function 13 */
785 NTSTATUS
786 WINAPI
789  PRPC_STRING BackupFileName)
790 {
792  UNICODE_STRING BackupFileNameW;
793 
794  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
795  (PANSI_STRING)BackupFileName,
796  TRUE);
797  if (!NT_SUCCESS(Status))
798  return Status;
799 
801  (PRPC_UNICODE_STRING)&BackupFileNameW);
802 
803  RtlFreeUnicodeString(&BackupFileNameW);
804 
805  return Status;
806 }
807 
808 
809 /* Function 14 */
810 NTSTATUS
811 WINAPI
813  EVENTLOG_HANDLE_A UNCServerName,
815  PRPC_STRING RegModuleName,
819 {
821  UNICODE_STRING ModuleNameW;
822 
823  if ((MajorVersion != 1) || (MinorVersion != 1))
825 
826  /* RegModuleName must be an empty string */
827  if (RegModuleName->Length > 0)
829 
831  if (!NT_SUCCESS(Status))
832  return Status;
833 
834  /* FIXME: Must verify that caller has read access */
835 
837  &ModuleNameW,
838  FALSE);
839 
840  RtlFreeUnicodeString(&ModuleNameW);
841 
842  return Status;
843 }
844 
845 
846 /* Function 15 */
847 NTSTATUS
848 WINAPI
850  EVENTLOG_HANDLE_A UNCServerName,
852  PRPC_STRING RegModuleName,
856 {
858  UNICODE_STRING ModuleNameW;
859 
860  Status = RtlAnsiStringToUnicodeString(&ModuleNameW,
862  TRUE);
863  if (!NT_SUCCESS(Status))
864  {
865  DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
866  return Status;
867  }
868 
869  /* RegModuleName must be an empty string */
870  if (RegModuleName->Length > 0)
871  {
872  RtlFreeUnicodeString(&ModuleNameW);
874  }
875 
876  if ((MajorVersion != 1) || (MinorVersion != 1))
877  {
878  RtlFreeUnicodeString(&ModuleNameW);
880  }
881 
882  /* FIXME: Must verify that caller has write access */
883 
885  &ModuleNameW,
886  TRUE);
887 
888  RtlFreeUnicodeString(&ModuleNameW);
889 
890  return Status;
891 }
892 
893 
894 /* Function 16 */
895 NTSTATUS
896 WINAPI
898  EVENTLOG_HANDLE_A UNCServerName,
899  PRPC_STRING BackupFileName,
903 {
905  UNICODE_STRING BackupFileNameW;
906 
907  DPRINT("ElfrOpenBELA(%Z)\n", BackupFileName);
908 
909  Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
910  (PANSI_STRING)BackupFileName,
911  TRUE);
912  if (!NT_SUCCESS(Status))
913  {
914  DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
915  return Status;
916  }
917 
918  if ((MajorVersion != 1) || (MinorVersion != 1))
919  {
920  RtlFreeUnicodeString(&BackupFileNameW);
922  }
923 
924  /* FIXME: UNCServerName must specify the server */
925 
926  /* FIXME: Must verify that caller has read access */
927 
929  &BackupFileNameW);
930 
931  RtlFreeUnicodeString(&BackupFileNameW);
932 
933  return Status;
934 }
935 
936 
937 /* Function 17 */
938 NTSTATUS
939 WINAPI
942  ULONG ReadFlags,
943  ULONG RecordOffset,
944  RULONG NumberOfBytesToRead,
945  PBYTE Buffer,
946  PULONG NumberOfBytesRead,
947  PULONG MinNumberOfBytesNeeded)
948 {
950  PLOGHANDLE pLogHandle;
951  ULONG RecordNumber;
952 
954  if (!pLogHandle)
955  return STATUS_INVALID_HANDLE;
956 
957  if (!Buffer)
959 
960  /* If sequential read, retrieve the CurrentRecord from this log handle */
961  if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
962  {
963  RecordNumber = pLogHandle->CurrentRecord;
964  }
965  else // (ReadFlags & EVENTLOG_SEEK_READ)
966  {
967  RecordNumber = RecordOffset;
968  }
969 
970  Status = LogfReadEvents(pLogHandle->LogFile,
971  ReadFlags,
972  &RecordNumber,
973  NumberOfBytesToRead,
974  Buffer,
975  NumberOfBytesRead,
976  MinNumberOfBytesNeeded,
977  TRUE);
978 
979  /* Update the handle's CurrentRecord if success */
980  if (NT_SUCCESS(Status))
981  {
982  pLogHandle->CurrentRecord = RecordNumber;
983  }
984 
985  return Status;
986 }
987 
988 
989 /* Function 18 */
990 NTSTATUS
991 WINAPI
994  ULONG Time,
996  USHORT EventCategory,
997  ULONG EventID,
999  ULONG DataSize,
1000  PRPC_STRING ComputerName,
1001  PRPC_SID UserSID,
1002  PRPC_STRING Strings[],
1003  PBYTE Data,
1004  USHORT Flags,
1005  PULONG RecordNumber,
1006  PULONG TimeWritten)
1007 {
1009  UNICODE_STRING ComputerNameW;
1010  PUNICODE_STRING *StringsArrayW = NULL;
1011  USHORT i;
1012 
1013  DPRINT("ElfrReportEventA(%hu)\n", NumStrings);
1014 
1015 #if 0
1016  for (i = 0; i < NumStrings; i++)
1017  {
1018  if (Strings[i] == NULL)
1019  {
1020  DPRINT1("String %hu is null\n", i);
1021  }
1022  else
1023  {
1024  DPRINT1("String %hu: %Z\n", i, Strings[i]);
1025  }
1026  }
1027 #endif
1028 
1030  (PANSI_STRING)ComputerName,
1031  TRUE);
1032  if (!NT_SUCCESS(Status))
1033  return Status;
1034 
1035  if (NumStrings != 0)
1036  {
1037  StringsArrayW = HeapAlloc(GetProcessHeap(),
1039  NumStrings * sizeof(PUNICODE_STRING));
1040  if (StringsArrayW == NULL)
1041  {
1043  goto Done;
1044  }
1045 
1046  for (i = 0; i < NumStrings; i++)
1047  {
1048  if (Strings[i] != NULL)
1049  {
1050  StringsArrayW[i] = HeapAlloc(GetProcessHeap(),
1052  sizeof(UNICODE_STRING));
1053  if (StringsArrayW[i] == NULL)
1054  {
1056  break;
1057  }
1058 
1059  Status = RtlAnsiStringToUnicodeString(StringsArrayW[i],
1061  TRUE);
1062  }
1063 
1064  if (!NT_SUCCESS(Status))
1065  break;
1066  }
1067  }
1068 
1069  if (NT_SUCCESS(Status))
1070  {
1072  Time,
1073  EventType,
1074  EventCategory,
1075  EventID,
1076  NumStrings,
1077  DataSize,
1078  (PRPC_UNICODE_STRING)&ComputerNameW,
1079  UserSID,
1080  (PRPC_UNICODE_STRING*)StringsArrayW,
1081  Data,
1082  Flags,
1083  RecordNumber,
1084  TimeWritten);
1085  }
1086 
1087 Done:
1088  if (StringsArrayW != NULL)
1089  {
1090  for (i = 0; i < NumStrings; i++)
1091  {
1092  if ((StringsArrayW[i] != NULL) && (StringsArrayW[i]->Buffer))
1093  {
1094  RtlFreeUnicodeString(StringsArrayW[i]);
1095  HeapFree(GetProcessHeap(), 0, StringsArrayW[i]);
1096  }
1097  }
1098 
1099  HeapFree(GetProcessHeap(), 0, StringsArrayW);
1100  }
1101 
1102  RtlFreeUnicodeString(&ComputerNameW);
1103 
1104  return Status;
1105 }
1106 
1107 
1108 /* Function 19 */
1109 NTSTATUS
1110 WINAPI
1113 {
1114  UNIMPLEMENTED;
1115  return STATUS_NOT_IMPLEMENTED;
1116 }
1117 
1118 
1119 /* Function 20 */
1120 NTSTATUS
1121 WINAPI
1124 {
1125  UNIMPLEMENTED;
1126  return STATUS_NOT_IMPLEMENTED;
1127 }
1128 
1129 
1130 /* Function 21 */
1131 NTSTATUS
1132 WINAPI
1135 {
1136  UNIMPLEMENTED;
1137  return STATUS_NOT_IMPLEMENTED;
1138 }
1139 
1140 
1141 /* Function 22 */
1142 NTSTATUS
1143 WINAPI
1146  ULONG InfoLevel,
1147  PBYTE Buffer,
1148  ULONG cbBufSize,
1150 {
1152  PLOGHANDLE pLogHandle;
1153  PLOGFILE pLogFile;
1154 
1156  if (!pLogHandle)
1157  return STATUS_INVALID_HANDLE;
1158 
1159  pLogFile = pLogHandle->LogFile;
1160 
1161  /* Lock the log file shared */
1162  RtlAcquireResourceShared(&pLogFile->Lock, TRUE);
1163 
1164  switch (InfoLevel)
1165  {
1166  case EVENTLOG_FULL_INFO:
1167  {
1169 
1171  if (cbBufSize < sizeof(EVENTLOG_FULL_INFORMATION))
1172  {
1174  break;
1175  }
1176 
1177  efi->dwFull = !!(ElfGetFlags(&pLogFile->LogFile) & ELF_LOGFILE_LOGFULL_WRITTEN);
1178  break;
1179  }
1180 
1181  default:
1183  break;
1184  }
1185 
1186  /* Unlock the log file */
1187  RtlReleaseResource(&pLogFile->Lock);
1188 
1189  return Status;
1190 }
1191 
1192 
1193 /* Function 23 */
1194 NTSTATUS
1195 WINAPI
1198 {
1199  NTSTATUS Status;
1200  PLOGHANDLE pLogHandle;
1201  PLOGFILE pLogFile;
1202 
1204  if (!pLogHandle)
1205  return STATUS_INVALID_HANDLE;
1206 
1207  pLogFile = pLogHandle->LogFile;
1208 
1209  /* Lock the log file exclusive */
1210  RtlAcquireResourceExclusive(&pLogFile->Lock, TRUE);
1211 
1212  Status = ElfFlushFile(&pLogFile->LogFile);
1213 
1214  /* Unlock the log file */
1215  RtlReleaseResource(&pLogFile->Lock);
1216 
1217  return Status;
1218 }
1219 
1220 
1221 /* Function 24 */
1222 NTSTATUS
1223 WINAPI
1226  ULONG Time,
1227  USHORT EventType,
1228  USHORT EventCategory,
1229  ULONG EventID,
1232  ULONG DataSize,
1233  PRPC_UNICODE_STRING ComputerName,
1234  PRPC_SID UserSID,
1236  PBYTE Data,
1237  USHORT Flags,
1238  PULONG RecordNumber,
1239  PULONG TimeWritten)
1240 {
1241  /* Call the helper function. The event source is specified by the caller. */
1243  Time,
1244  EventType,
1245  EventCategory,
1246  EventID,
1247  SourceName,
1248  NumStrings,
1249  DataSize,
1250  ComputerName,
1251  UserSID,
1252  Strings,
1253  Data,
1254  Flags,
1255  RecordNumber,
1256  TimeWritten);
1257 }
1258 
1259 
1261 {
1263 }
1264 
1265 
1267 {
1268  HeapFree(GetProcessHeap(), 0, ptr);
1269 }
1270 
1271 
1273 {
1274  /* Close the handle */
1275  ElfDeleteEventLogHandle(&LogHandle); // ElfrCloseEL(&LogHandle);
1276 }
LPWSTR EVENTLOG_HANDLE_W
Definition: eventlogrpc.idl:24
NTSTATUS WINAPI ElfrGetLogInformation(IELF_HANDLE LogHandle, ULONG InfoLevel, PBYTE Buffer, ULONG cbBufSize, PULONG pcbBytesNeeded)
Definition: rpc.c:1144
ULONG NTAPI ElfGetOldestRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1589
_In_ DWORD _In_ DWORD _Out_ LPDWORD pcbBytesNeeded
Definition: winsvc.h:424
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
NTSTATUS WINAPI ElfrBackupELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:787
ULONG MinorVersion
Definition: ros_glue.cpp:5
ULONG MajorVersion
Definition: ros_glue.cpp:4
NTSTATUS WINAPI ElfrReadELW(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:530
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
USHORT Length
Definition: eventlogrpc.idl:17
NTSTATUS WINAPI ElfrWriteClusterEvents(handle_t BindingHandle)
Definition: rpc.c:1133
static NTSTATUS ElfCreateEventLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING LogName, BOOLEAN Create)
Definition: rpc.c:69
NTSTATUS WINAPI ElfrClearELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
Definition: rpc.c:762
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
Definition: file.c:428
uint16_t * PWSTR
Definition: typedefs.h:54
_In_ BOOLEAN Create
Definition: pstypes.h:511
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
NTSTATUS WINAPI ElfrReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:724
NTSTATUS LogfClearFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:467
LONG NTSTATUS
Definition: precomp.h:26
struct _EVENTLOG_FULL_INFORMATION EVENTLOG_FULL_INFORMATION
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
NTSTATUS WINAPI ElfrOpenBELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:506
LIST_ENTRY LogHandleListEntry
Definition: eventlog.h:57
_In_ ULONG _Out_ HANDLE * BindingHandle
Definition: tdikrnl.h:1146
unsigned long RULONG
Definition: eventlogrpc.idl:15
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
Definition: acpixf.h:1270
NTSTATUS WINAPI ElfrDeregisterEventSource(PIELF_HANDLE LogHandle)
Definition: rpc.c:343
NTSTATUS WINAPI ElfrClearELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:289
NTSTATUS LogfReadEvents(PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
Definition: file.c:721
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
#define InsertTailList(ListHead, Entry)
static PLOGHANDLE ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
Definition: rpc.c:235
DWORD LogfListItemCount(VOID)
Definition: file.c:118
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
NTSTATUS ElfrIntReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName OPTIONAL, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:581
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
EVTLOGFILE LogFile
Definition: eventlog.h:36
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSTATUS WINAPI ElfrOpenBELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:897
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
NTSTATUS WINAPI ElfrBackupELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
Definition: rpc.c:313
long RPC_STATUS
Definition: rpc.h:52
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
void __RPC_USER midl_user_free(void __RPC_FAR *ptr)
Definition: rpc.c:1266
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define UNICODE_NULL
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT NumStrings
Definition: ndis.h:4751
NTSTATUS WINAPI ElfrCloseEL(PIELF_HANDLE LogHandle)
Definition: rpc.c:333
static LIST_ENTRY LogHandleListHead
Definition: rpc.c:18
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:499
RPC_STATUS WINAPI RpcServerListen(UINT MinimumCallThreads, UINT MaxCalls, UINT DontWait)
Definition: rpc_server.c:1520
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
static NTSTATUS ElfCreateBackupLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING FileName)
Definition: rpc.c:177
static PVOID ptr
Definition: dispmode.c:27
NTSTATUS WINAPI ElfrRegisterEventSourceW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:474
PLOGFILE LogFile
Definition: eventlog.h:47
#define RPC_C_LISTEN_MAX_CALLS_DEFAULT
Definition: rpcdce.h:122
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
NTSTATUS WINAPI ElfrOpenELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:812
const WCHAR * str
unsigned char BOOLEAN
NTSTATUS WINAPI ElfrChangeNotify(IELF_HANDLE LogHandle, RPC_CLIENT_ID ClientId, ULONG Event)
Definition: rpc.c:433
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:751
smooth NULL
Definition: ftsmooth.c:416
static NTSTATUS ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
Definition: rpc.c:264
static CRITICAL_SECTION LogHandleListCs
Definition: rpc.c:19
void DPRINT(...)
Definition: polytest.cpp:61
Definition: bufpool.h:45
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
#define ELF_LOGFILE_LOGFULL_WRITTEN
Definition: evtlib.h:50
#define __RPC_FAR
Definition: rpc.h:56
ULONG CurrentRecord
Definition: eventlog.h:60
#define __RPC_USER
Definition: rpc.h:65
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
NTSTATUS WINAPI ElfrRegisterClusterSvc(handle_t BindingHandle)
Definition: rpc.c:1111
ULONG Flags
Definition: eventlog.h:61
struct _LIST_ENTRY * Flink
Definition: typedefs.h:119
_In_ HANDLE Handle
Definition: extypes.h:390
PLOGFILE LogFile
Definition: eventlog.h:59
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
PLOGFILE LogfListItemByIndex(DWORD Index)
Definition: file.c:93
_Out_ PCLIENT_ID ClientId
Definition: kefuncs.h:1176
#define GetProcessHeap()
Definition: compat.h:403
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
#define STATUS_INVALID_LEVEL
Definition: ntstatus.h:550
__wchar_t WCHAR
Definition: xmlstorage.h:180
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ULONG NTAPI ElfGetCurrentRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1598
NTSTATUS WINAPI ElfrOpenELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:446
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2624
RTL_RESOURCE Lock
Definition: eventlog.h:39
#define WINAPI
Definition: msvc.h:6
unsigned long DWORD
Definition: ntddk_ex.h:95
_In_ DWORD _In_ DWORD cbBufSize
Definition: winsvc.h:424
#define LOG_HANDLE_BACKUP_FILE
Definition: eventlog.h:53
RPC_STATUS WINAPI RpcServerRegisterIf(RPC_IF_HANDLE IfSpec, UUID *MgrTypeUuid, RPC_MGR_EPV *MgrEpv)
Definition: rpc_server.c:1116
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
static const WCHAR Strings[]
Definition: reg.c:35
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
NTSTATUS WINAPI ElfrDeregisterClusterSvc(handle_t BindingHandle)
Definition: rpc.c:1122
struct _EVENTLOG_FULL_INFORMATION * LPEVENTLOG_FULL_INFORMATION
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpc.c:26
static const WCHAR L[]
Definition: oid.c:1250
#define EVENTLOG_FULL_INFO
Definition: winbase.h:1114
WCHAR * LogName
Definition: eventlog.h:38
LPVOID lpParameter
Definition: kernel32.h:241
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
DWORD RecordNumber
Definition: winnt_old.h:2639
PVOID IELF_HANDLE
Definition: eventlogrpc.idl:22
GLenum GLsizei len
Definition: glext.h:6722
Definition: typedefs.h:117
unsigned short Length
Definition: msv1_0.h:53
void __RPC_FAR *__RPC_USER midl_user_allocate(SIZE_T len)
Definition: rpc.c:1260
Status
Definition: gdiplustypes.h:24
RPC_STATUS WINAPI RpcServerUseProtseqEpW(RPC_WSTR Protseq, UINT MaxCalls, RPC_WSTR Endpoint, LPVOID SecurityDescriptor)
Definition: rpc_server.c:927
WCHAR szName[1]
Definition: eventlog.h:62
ULONG_PTR SIZE_T
Definition: typedefs.h:78
ULONG NTAPI ElfGetFlags(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1607
void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
Definition: rpc.c:1272
unsigned short USHORT
Definition: pedump.c:61
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
NTSTATUS WINAPI ElfrReadELA(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
Definition: rpc.c:940
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
UCHAR SubAuthorityCount
Definition: msv1_0.h:46
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
unsigned int * PULONG
Definition: retypes.h:1
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
WCHAR SourceName[256]
Definition: arping.c:28
NTSTATUS WINAPI ElfrFlushEL(IELF_HANDLE LogHandle)
Definition: rpc.c:1196
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
UNICODE_STRING * PUNICODE_STRING
Definition: env_spec_w32.h:373
NTSTATUS WINAPI ElfrReportEventA(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:992
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
#define DPRINT1
Definition: precomp.h:8
NTSTATUS WINAPI ElfrRegisterEventSourceA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
Definition: rpc.c:849
static const WCHAR szName[]
Definition: msipriv.h:1194
NTSTATUS NTAPI ElfFlushFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1134
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define UNIMPLEMENTED
Definition: debug.h:114
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
Definition: exfuncs.h:165
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
_In_ UINT _Out_ PNDIS_HANDLE LogHandle
Definition: ndis.h:5381
NTSTATUS WINAPI ElfrNumberOfRecords(IELF_HANDLE LogHandle, PULONG NumberOfRecords)
Definition: rpc.c:353
PLOGFILE LogfListItemByName(LPCWSTR Name)
Definition: file.c:33
return STATUS_SUCCESS
Definition: btrfs.c:2938
LPSTR EVENTLOG_HANDLE_A
Definition: eventlogrpc.idl:25
BYTE * PBYTE
Definition: pedump.c:66
#define HeapFree(x, y, z)
Definition: compat.h:402
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
Definition: ndis.h:4751
static PLARGE_INTEGER Time
Definition: time.c:105
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
NTSTATUS WINAPI ElfrReportEventAndSourceW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
Definition: rpc.c:1224
#define RPC_S_OK
Definition: rpcnterr.h:22
NTSTATUS WINAPI ElfrOldestRecord(IELF_HANDLE LogHandle, PULONG OldestRecordNumber)
Definition: rpc.c:402
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)