36 DPRINT(
"RpcServerUseProtseqEpW() failed (Status %lx)\n",
Status);
43 DPRINT(
"RpcServerRegisterIf() failed (Status %lx)\n",
Status);
50 DPRINT(
"RpcServerListen() failed (Status %lx)\n",
Status);
79 DPRINT(
"ElfCreateEventLogHandle(%wZ)\n", LogName);
89 DPRINT1(
"Failed to allocate Heap!\n");
101 DPRINT1(
"EventLog service reports no log files!\n");
110 DPRINT(
"EventSource: %p\n", pEventSource);
118 DPRINT(
"EventSource LogFile: Application log file\n");
128 for (
i = 1;
i <= LogsActive;
i++)
134 pLogHandle->
LogFile = currentLogFile;
145 DPRINT1(
"Application log is missing!\n");
190 if (pLogHandle ==
NULL)
192 DPRINT1(
"Failed to allocate Heap!\n");
206 DPRINT1(
"Failed to create the log file! (Status 0x%08lx)\n",
Status);
248 CurrentEntry = CurrentEntry->
Flink;
250 if (
Handle == EventLogHandle)
295 DPRINT(
"ElfrClearELFW()\n");
319 DPRINT(
"ElfrBackupELFW()\n");
359 ULONG OldestRecordNumber, CurrentRecordNumber;
361 DPRINT(
"ElfrNumberOfRecords()\n");
367 if (!NumberOfRecords)
370 pLogFile = pLogHandle->
LogFile;
381 DPRINT(
"Oldest: %lu Current: %lu\n",
382 OldestRecordNumber, CurrentRecordNumber);
384 if (OldestRecordNumber == 0)
387 *NumberOfRecords = 0;
392 *NumberOfRecords = CurrentRecordNumber - OldestRecordNumber;
404 PULONG OldestRecordNumber)
413 if (!OldestRecordNumber)
416 pLogFile = pLogHandle->
LogFile;
458 if (RegModuleName->
Length > 0)
482 DPRINT(
"ElfrRegisterEventSourceW()\n");
488 if (RegModuleName->
Length > 0)
513 DPRINT(
"ElfrOpenBELW(%wZ)\n", BackupFileName);
534 RULONG NumberOfBytesToRead,
537 PULONG MinNumberOfBytesNeeded)
557 RecordNumber = RecordOffset;
566 MinNumberOfBytesNeeded,
604 ULONG dwStringsSize = 0;
605 ULONG dwUserSidLength = 0;
654 DPRINT1(
"Failed to allocate heap\n");
690 if (LogBuffer ==
NULL)
692 DPRINT1(
"LogfAllocAndBuildNewRecord failed!\n");
700 DPRINT1(
"ERROR writing to event log `%S' (Status 0x%08lx)\n",
827 if (RegModuleName->
Length > 0)
865 DPRINT1(
"RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n",
Status);
870 if (RegModuleName->
Length > 0)
907 DPRINT(
"ElfrOpenBELA(%Z)\n", BackupFileName);
914 DPRINT1(
"RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n",
Status);
944 RULONG NumberOfBytesToRead,
947 PULONG MinNumberOfBytesNeeded)
967 RecordNumber = RecordOffset;
976 MinNumberOfBytesNeeded,
1020 DPRINT1(
"String %hu is null\n",
i);
1040 if (StringsArrayW ==
NULL)
1053 if (StringsArrayW[
i] ==
NULL)
1088 if (StringsArrayW !=
NULL)
1092 if ((StringsArrayW[
i] !=
NULL) && (StringsArrayW[
i]->
Buffer))
1159 pLogFile = pLogHandle->
LogFile;
1207 pLogFile = pLogHandle->
LogFile;
ACPI_BUFFER *RetBuffer ACPI_BUFFER *RetBuffer char ACPI_WALK_RESOURCE_CALLBACK void *Context ACPI_BUFFER *RetBuffer UINT16 ACPI_RESOURCE **ResourcePtr ACPI_GENERIC_ADDRESS *Reg UINT32 *ReturnValue UINT8 UINT8 *Slp_TypB ACPI_PHYSICAL_ADDRESS PhysicalAddress64 UINT32 UINT32 *TimeElapsed UINT32 ACPI_STATUS const char UINT32 ACPI_STATUS const char UINT32 const char const char * ModuleName
NTSTATUS WINAPI ElfrReportEventA(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
NTSTATUS WINAPI ElfrBackupELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
NTSTATUS WINAPI ElfrChangeNotify(IELF_HANDLE LogHandle, RPC_CLIENT_ID ClientId, ULONG Event)
static NTSTATUS ElfCreateBackupLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING FileName)
static NTSTATUS ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrCloseEL(PIELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrWriteClusterEvents(handle_t BindingHandle)
NTSTATUS WINAPI ElfrNumberOfRecords(IELF_HANDLE LogHandle, PULONG NumberOfRecords)
NTSTATUS WINAPI ElfrDeregisterClusterSvc(handle_t BindingHandle)
NTSTATUS WINAPI ElfrReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
NTSTATUS WINAPI ElfrRegisterEventSourceA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
static PLOGHANDLE ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
NTSTATUS ElfrIntReportEventW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName OPTIONAL, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
NTSTATUS WINAPI ElfrClearELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrOpenBELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrRegisterEventSourceW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrOpenELW(EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrOpenELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrDeregisterEventSource(PIELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrFlushEL(IELF_HANDLE LogHandle)
NTSTATUS WINAPI ElfrReadELW(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
NTSTATUS WINAPI ElfrClearELFA(IELF_HANDLE LogHandle, PRPC_STRING BackupFileName)
NTSTATUS WINAPI ElfrGetLogInformation(IELF_HANDLE LogHandle, ULONG InfoLevel, PBYTE Buffer, ULONG cbBufSize, PULONG pcbBytesNeeded)
NTSTATUS WINAPI ElfrReadELA(IELF_HANDLE LogHandle, ULONG ReadFlags, ULONG RecordOffset, RULONG NumberOfBytesToRead, PBYTE Buffer, PULONG NumberOfBytesRead, PULONG MinNumberOfBytesNeeded)
NTSTATUS WINAPI ElfrReportEventAndSourceW(IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName, USHORT NumStrings, ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten)
NTSTATUS WINAPI ElfrOpenBELA(EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING BackupFileName, ULONG MajorVersion, ULONG MinorVersion, PIELF_HANDLE LogHandle)
static NTSTATUS ElfCreateEventLogHandle(PLOGHANDLE *LogHandle, PUNICODE_STRING LogName, BOOLEAN Create)
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
static LIST_ENTRY LogHandleListHead
NTSTATUS WINAPI ElfrRegisterClusterSvc(handle_t BindingHandle)
NTSTATUS WINAPI ElfrBackupELFW(IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName)
static CRITICAL_SECTION LogHandleListCs
NTSTATUS WINAPI ElfrOldestRecord(IELF_HANDLE LogHandle, PULONG OldestRecordNumber)
#define STATUS_INVALID_HANDLE
#define STATUS_NOT_IMPLEMENTED
#define NT_SUCCESS(StatCode)
static const WCHAR Strings[]
#define HeapFree(x, y, z)
#define RemoveEntryList(Entry)
#define InsertTailList(ListHead, Entry)
UNICODE_STRING * PUNICODE_STRING
#define IsListEmpty(ListHead)
#define InitializeListHead(ListHead)
NTSTATUS LogfClearFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
NTSTATUS LogfReadEvents(PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
PLOGFILE LogfListItemByName(LPCWSTR Name)
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
PLOGFILE LogfListItemByIndex(DWORD Index)
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
#define LOG_HANDLE_BACKUP_FILE
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
DWORD LogfListItemCount(VOID)
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
ULONG NTAPI ElfGetOldestRecord(IN PEVTLOGFILE LogFile)
NTSTATUS NTAPI ElfFlushFile(IN PEVTLOGFILE LogFile)
ULONG NTAPI ElfGetCurrentRecord(IN PEVTLOGFILE LogFile)
ULONG NTAPI ElfGetFlags(IN PEVTLOGFILE LogFile)
#define ELF_LOGFILE_LOGFULL_WRITTEN
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
static PLARGE_INTEGER Time
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT _In_opt_ PVOID _In_ ULONG DataSize
_In_ UINT _Out_ PNDIS_HANDLE LogHandle
_In_ NDIS_STATUS _In_ ULONG _In_ USHORT NumStrings
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ EVENT_TYPE EventType
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
_In_ ULONG _In_ ULONG _In_ ULONG Length
#define STATUS_INVALID_LEVEL
static const WCHAR szName[]
RPC_STATUS WINAPI RpcServerListen(UINT MinimumCallThreads, UINT MaxCalls, UINT DontWait)
RPC_STATUS WINAPI RpcServerRegisterIf(RPC_IF_HANDLE IfSpec, UUID *MgrTypeUuid, RPC_MGR_EPV *MgrEpv)
RPC_STATUS WINAPI RpcServerUseProtseqEpW(RPC_WSTR Protseq, UINT MaxCalls, RPC_WSTR Endpoint, LPVOID SecurityDescriptor)
#define RPC_C_LISTEN_MAX_CALLS_DEFAULT
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
#define midl_user_allocate
#define STATUS_BUFFER_TOO_SMALL
PULONG MinorVersion OPTIONAL
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
struct _LIST_ENTRY * Flink
LIST_ENTRY LogHandleListEntry
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
_In_ ULONG _Out_ HANDLE * BindingHandle
#define FIELD_OFFSET(t, f)
#define RtlCopyMemory(Destination, Source, Length)
#define CONTAINING_RECORD(address, type, field)
#define STATUS_INVALID_PARAMETER
#define STATUS_UNSUCCESSFUL
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
#define EVENTLOG_FULL_INFO
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
struct _EVENTLOG_FULL_INFORMATION * LPEVENTLOG_FULL_INFORMATION
struct _EVENTLOG_FULL_INFORMATION EVENTLOG_FULL_INFORMATION
#define EVENTLOG_ERROR_TYPE
#define EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_AUDIT_FAILURE
#define EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_AUDIT_SUCCESS
#define EVENTLOG_WARNING_TYPE
_In_ DWORD _In_ DWORD _Out_ LPDWORD pcbBytesNeeded
_In_ DWORD _In_ DWORD cbBufSize
_Must_inspect_result_ _In_ ULONG Flags
_Out_ PCLIENT_ID ClientId