ReactOS 0.4.15-dev-6042-g2eb6700
file.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS EventLog Service
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: base/services/eventlog/file.c
5 * PURPOSE: Event log file support wrappers
6 * COPYRIGHT: Copyright 2005 Saveliy Tretiakov
7 * Michael Martin
8 * Hermes Belusca-Maito
9 */
10
11/* INCLUDES ******************************************************************/
12
13#include "eventlog.h"
14#include <ndk/iofuncs.h>
15#include <ndk/kefuncs.h>
16
17#define NDEBUG
18#include <debug.h>
19
20/* LOG FILE LIST - GLOBALS ***************************************************/
21
22static LIST_ENTRY LogFileListHead;
23static CRITICAL_SECTION LogFileListCs;
24
25/* LOG FILE LIST - FUNCTIONS *************************************************/
26
27VOID LogfListInitialize(VOID)
28{
29 InitializeCriticalSection(&LogFileListCs);
30 InitializeListHead(&LogFileListHead);
31}
32
33PLOGFILE LogfListItemByName(LPCWSTR Name)
34{
35 PLIST_ENTRY CurrentEntry;
36 PLOGFILE Item, Result = NULL;
37
38 ASSERT(Name);
39
40 EnterCriticalSection(&LogFileListCs);
41
42 CurrentEntry = LogFileListHead.Flink;
43 while (CurrentEntry != &LogFileListHead)
44 {
45 Item = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry);
46
47 if (Item->LogName && !_wcsicmp(Item->LogName, Name))
48 {
49 Result = Item;
50 break;
51 }
52
53 CurrentEntry = CurrentEntry->Flink;
54 }
55
56 LeaveCriticalSection(&LogFileListCs);
57 return Result;
58}
59
60#if 0
61/* Index starting from 1 */
62DWORD LogfListItemIndexByName(LPCWSTR Name)
63{
64 PLIST_ENTRY CurrentEntry;
65 DWORD Result = 0;
66 DWORD i = 1;
67
68 ASSERT(Name);
69
70 EnterCriticalSection(&LogFileListCs);
71
72 CurrentEntry = LogFileListHead.Flink;
73 while (CurrentEntry != &LogFileListHead)
74 {
75 PLOGFILE Item = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry);
76
77 if (Item->LogName && !_wcsicmp(Item->LogName, Name))
78 {
79 Result = i;
80 break;
81 }
82
83 CurrentEntry = CurrentEntry->Flink;
84 i++;
85 }
86
87 LeaveCriticalSection(&LogFileListCs);
88 return Result;
89}
90#endif
91
92/* Index starting from 1 */
93PLOGFILE LogfListItemByIndex(DWORD Index)
94{
95 PLIST_ENTRY CurrentEntry;
96 PLOGFILE Result = NULL;
97 DWORD i = 1;
98
99 EnterCriticalSection(&LogFileListCs);
100
101 CurrentEntry = LogFileListHead.Flink;
102 while (CurrentEntry != &LogFileListHead)
103 {
104 if (i == Index)
105 {
106 Result = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry);
107 break;
108 }
109
110 CurrentEntry = CurrentEntry->Flink;
111 i++;
112 }
113
114 LeaveCriticalSection(&LogFileListCs);
115 return Result;
116}
117
118DWORD LogfListItemCount(VOID)
119{
120 PLIST_ENTRY CurrentEntry;
121 DWORD i = 0;
122
123 EnterCriticalSection(&LogFileListCs);
124
125 CurrentEntry = LogFileListHead.Flink;
126 while (CurrentEntry != &LogFileListHead)
127 {
128 CurrentEntry = CurrentEntry->Flink;
129 i++;
130 }
131
132 LeaveCriticalSection(&LogFileListCs);
133 return i;
134}
135
136static VOID
137LogfListAddItem(PLOGFILE Item)
138{
139 EnterCriticalSection(&LogFileListCs);
140 InsertTailList(&LogFileListHead, &Item->ListEntry);
141 LeaveCriticalSection(&LogFileListCs);
142}
143
144static VOID
145LogfListRemoveItem(PLOGFILE Item)
146{
147 EnterCriticalSection(&LogFileListCs);
148 RemoveEntryList(&Item->ListEntry);
149 LeaveCriticalSection(&LogFileListCs);
150}
151
152
153/* FUNCTIONS *****************************************************************/
154
155// PELF_ALLOCATE_ROUTINE
156static
157PVOID NTAPI
158LogfpAlloc(IN SIZE_T Size,
159 IN ULONG Flags,
160 IN ULONG Tag)
161{
162 UNREFERENCED_PARAMETER(Tag);
163 return RtlAllocateHeap(GetProcessHeap(), Flags, Size);
164}
165
166// PELF_FREE_ROUTINE
167static
168VOID NTAPI
169LogfpFree(IN PVOID Ptr,
170 IN ULONG Flags,
171 IN ULONG Tag)
172{
173 UNREFERENCED_PARAMETER(Tag);
174 RtlFreeHeap(GetProcessHeap(), Flags, Ptr);
175}
176
177// PELF_FILE_READ_ROUTINE
178static
179NTSTATUS NTAPI
180LogfpReadFile(IN PEVTLOGFILE LogFile,
181 IN PLARGE_INTEGER FileOffset,
182 OUT PVOID Buffer,
183 IN SIZE_T Length,
184 OUT PSIZE_T ReadLength OPTIONAL)
185{
186 NTSTATUS Status;
187 PLOGFILE pLogFile = (PLOGFILE)LogFile;
188 IO_STATUS_BLOCK IoStatusBlock;
189
190 if (ReadLength)
191 *ReadLength = 0;
192
193 Status = NtReadFile(pLogFile->FileHandle,
194 NULL,
195 NULL,
196 NULL,
197 &IoStatusBlock,
198 Buffer,
199 Length,
200 FileOffset,
201 NULL);
202
203 if (ReadLength)
204 *ReadLength = IoStatusBlock.Information;
205
206 return Status;
207}
208
209// PELF_FILE_WRITE_ROUTINE
210static
211NTSTATUS NTAPI
212LogfpWriteFile(IN PEVTLOGFILE LogFile,
213 IN PLARGE_INTEGER FileOffset,
214 IN PVOID Buffer,
215 IN SIZE_T Length,
216 OUT PSIZE_T WrittenLength OPTIONAL)
217{
218 NTSTATUS Status;
219 PLOGFILE pLogFile = (PLOGFILE)LogFile;
220 IO_STATUS_BLOCK IoStatusBlock;
221
222 if (WrittenLength)
223 *WrittenLength = 0;
224
225 Status = NtWriteFile(pLogFile->FileHandle,
226 NULL,
227 NULL,
228 NULL,
229 &IoStatusBlock,
230 Buffer,
231 Length,
232 FileOffset,
233 NULL);
234
235 if (WrittenLength)
236 *WrittenLength = IoStatusBlock.Information;
237
238 return Status;
239}
240
241// PELF_FILE_SET_SIZE_ROUTINE
242static
243NTSTATUS NTAPI
244LogfpSetFileSize(IN PEVTLOGFILE LogFile,
245 IN ULONG FileSize, // SIZE_T
246 IN ULONG OldFileSize) // SIZE_T
247{
248 NTSTATUS Status;
249 PLOGFILE pLogFile = (PLOGFILE)LogFile;
250 IO_STATUS_BLOCK IoStatusBlock;
251 FILE_END_OF_FILE_INFORMATION FileEofInfo;
252 FILE_ALLOCATION_INFORMATION FileAllocInfo;
253
254 UNREFERENCED_PARAMETER(OldFileSize);
255
256 // FIXME: Should we round up FileSize ??
257
258 FileEofInfo.EndOfFile.QuadPart = FileSize;
259 Status = NtSetInformationFile(pLogFile->FileHandle,
260 &IoStatusBlock,
261 &FileEofInfo,
262 sizeof(FileEofInfo),
263 FileEndOfFileInformation);
264 if (!NT_SUCCESS(Status))
265 return Status;
266
267 FileAllocInfo.AllocationSize.QuadPart = FileSize;
268 Status = NtSetInformationFile(pLogFile->FileHandle,
269 &IoStatusBlock,
270 &FileAllocInfo,
271 sizeof(FileAllocInfo),
272 FileAllocationInformation);
273
274 return Status;
275}
276
277// PELF_FILE_FLUSH_ROUTINE
278static
279NTSTATUS NTAPI
280LogfpFlushFile(IN PEVTLOGFILE LogFile,
281 IN PLARGE_INTEGER FileOffset,
282 IN ULONG Length)
283{
284 PLOGFILE pLogFile = (PLOGFILE)LogFile;
285 IO_STATUS_BLOCK IoStatusBlock;
286
287 UNREFERENCED_PARAMETER(FileOffset);
288 UNREFERENCED_PARAMETER(Length);
289
290 return NtFlushBuffersFile(pLogFile->FileHandle, &IoStatusBlock);
291}
292
293NTSTATUS
294LogfCreate(PLOGFILE* LogFile,
295 PCWSTR LogName,
296 PUNICODE_STRING FileName,
297 ULONG MaxSize,
298 ULONG Retention,
299 BOOLEAN Permanent,
300 BOOLEAN Backup)
301{
302 NTSTATUS Status;
303 OBJECT_ATTRIBUTES ObjectAttributes;
304 IO_STATUS_BLOCK IoStatusBlock;
305 FILE_STANDARD_INFORMATION FileStdInfo;
306 PLOGFILE pLogFile;
307 SIZE_T LogNameLen;
308 BOOLEAN CreateNew;
309
310 pLogFile = LogfpAlloc(sizeof(*pLogFile), HEAP_ZERO_MEMORY, TAG_ELF);
311 if (!pLogFile)
312 {
313 DPRINT1("Cannot allocate heap!\n");
314 return STATUS_NO_MEMORY;
315 }
316
317 LogNameLen = (LogName ? wcslen(LogName) : 0) + 1;
318 pLogFile->LogName = LogfpAlloc(LogNameLen * sizeof(WCHAR), HEAP_ZERO_MEMORY, 0);
319 if (pLogFile->LogName == NULL)
320 {
321 DPRINT1("Cannot allocate heap\n");
322 Status = STATUS_NO_MEMORY;
323 goto Quit;
324 }
325
326 if (LogName)
327 StringCchCopyW(pLogFile->LogName, LogNameLen, LogName);
328
329 InitializeObjectAttributes(&ObjectAttributes,
330 FileName,
331 OBJ_CASE_INSENSITIVE,
332 NULL,
333 NULL);
334
335 DPRINT("Going to create or open %wZ\n", FileName);
336 Status = NtCreateFile(&pLogFile->FileHandle,
337 Backup ? (GENERIC_READ | SYNCHRONIZE)
338 : (GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE),
339 &ObjectAttributes,
340 &IoStatusBlock,
341 NULL,
342 FILE_ATTRIBUTE_NORMAL,
343 FILE_SHARE_READ,
344 Backup ? FILE_OPEN : FILE_OPEN_IF,
345 FILE_SYNCHRONOUS_IO_NONALERT,
346 NULL,
347 0);
348 if (!NT_SUCCESS(Status))
349 {
350 DPRINT1("Cannot create file `%wZ' (Status 0x%08lx)\n", FileName, Status);
351 goto Quit;
352 }
353
354 CreateNew = (IoStatusBlock.Information == FILE_CREATED);
355 DPRINT("%wZ %s successfully\n", FileName, CreateNew ? "created" : "opened");
356
357 /*
358 * Retrieve the log file size and check whether the file is not too large;
359 * this log format only supports files of theoretical size < 0xFFFFFFFF .
360 *
361 * As it happens that, on Windows (and ReactOS), retrieving the End-Of-File
362 * information using NtQueryInformationFile with the FileEndOfFileInformation
363 * class is invalid (who knows why...), use instead the FileStandardInformation
364 * class, and the EndOfFile member of the returned FILE_STANDARD_INFORMATION
365 * structure will give the desired information.
366 */
367 Status = NtQueryInformationFile(pLogFile->FileHandle,
368 &IoStatusBlock,
369 &FileStdInfo,
370 sizeof(FileStdInfo),
371 FileStandardInformation);
372 if (!NT_SUCCESS(Status))
373 {
374 DPRINT1("EventLog: NtQueryInformationFile failed (Status 0x%08lx)\n", Status);
375 goto Quit;
376 }
377 if (FileStdInfo.EndOfFile.HighPart != 0)
378 {
379 DPRINT1("EventLog: Log `%wZ' is too large.\n", FileName);
380 Status = STATUS_EVENTLOG_FILE_CORRUPT; // STATUS_FILE_TOO_LARGE;
381 goto Quit;
382 }
383
384 DPRINT("Initializing LogFile `%S'\n", pLogFile->LogName);
385
386 Status = ElfCreateFile(&pLogFile->LogFile,
387 FileName,
388 FileStdInfo.EndOfFile.LowPart,
389 MaxSize,
390 Retention,
391 CreateNew,
392 Backup,
393 LogfpAlloc,
394 LogfpFree,
395 LogfpSetFileSize,
396 LogfpWriteFile,
397 LogfpReadFile,
398 LogfpFlushFile);
399 if (!NT_SUCCESS(Status))
400 goto Quit;
401
402 pLogFile->Permanent = Permanent;
403
404 RtlInitializeResource(&pLogFile->Lock);
405
406 LogfListAddItem(pLogFile);
407
408Quit:
409 if (!NT_SUCCESS(Status))
410 {
411 if (pLogFile->FileHandle != NULL)
412 NtClose(pLogFile->FileHandle);
413
414 if (pLogFile->LogName)
415 LogfpFree(pLogFile->LogName, 0, 0);
416
417 LogfpFree(pLogFile, 0, TAG_ELF);
418 }
419 else
420 {
421 *LogFile = pLogFile;
422 }
423
424 return Status;
425}
426
427VOID
428LogfClose(PLOGFILE LogFile,
429 BOOLEAN ForceClose)
430{
431 if (LogFile == NULL)
432 return;
433
434 if (!ForceClose && LogFile->Permanent)
435 return;
436
437 RtlAcquireResourceExclusive(&LogFile->Lock, TRUE);
438
439 LogfListRemoveItem(LogFile);
440
441 ElfCloseFile(&LogFile->LogFile);
442 NtClose(LogFile->FileHandle);
443 LogfpFree(LogFile->LogName, 0, 0);
444
445 RtlDeleteResource(&LogFile->Lock);
446
447 LogfpFree(LogFile, 0, TAG_ELF);
448
449 return;
450}
451
452VOID LogfCloseAll(VOID)
453{
454 EnterCriticalSection(&LogFileListCs);
455
456 while (!IsListEmpty(&LogFileListHead))
457 {
458 LogfClose(CONTAINING_RECORD(LogFileListHead.Flink, LOGFILE, ListEntry), TRUE);
459 }
460
461 LeaveCriticalSection(&LogFileListCs);
462
463 DeleteCriticalSection(&LogFileListCs);
464}
465
466NTSTATUS
467LogfClearFile(PLOGFILE LogFile,
468 PUNICODE_STRING BackupFileName)
469{
470 NTSTATUS Status;
471
472 /* Lock the log file exclusive */
473 RtlAcquireResourceExclusive(&LogFile->Lock, TRUE);
474
475 if (BackupFileName->Length > 0)
476 {
477 /* Write a backup file */
478 Status = LogfBackupFile(LogFile, BackupFileName);
479 if (!NT_SUCCESS(Status))
480 {
481 DPRINT1("LogfBackupFile failed (Status 0x%08lx)\n", Status);
482 goto Quit;
483 }
484 }
485
486 Status = ElfReCreateFile(&LogFile->LogFile);
487 if (!NT_SUCCESS(Status))
488 {
489 DPRINT1("LogfInitializeNew failed (Status 0x%08lx)\n", Status);
490 }
491
492Quit:
493 /* Unlock the log file */
494 RtlReleaseResource(&LogFile->Lock);
495 return Status;
496}
497
498NTSTATUS
499LogfBackupFile(PLOGFILE LogFile,
500 PUNICODE_STRING BackupFileName)
501{
502 NTSTATUS Status;
503 LOGFILE BackupLogFile;
504 OBJECT_ATTRIBUTES ObjectAttributes;
505 IO_STATUS_BLOCK IoStatusBlock;
506
507 DPRINT("LogfBackupFile(%p, %wZ)\n", LogFile, BackupFileName);
508
509 /* Lock the log file shared */
510 RtlAcquireResourceShared(&LogFile->Lock, TRUE);
511
512 InitializeObjectAttributes(&ObjectAttributes,
513 BackupFileName,
514 OBJ_CASE_INSENSITIVE,
515 NULL,
516 NULL);
517
518 Status = NtCreateFile(&BackupLogFile.FileHandle,
519 GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
520 &ObjectAttributes,
521 &IoStatusBlock,
522 NULL,
523 FILE_ATTRIBUTE_NORMAL,
524 FILE_SHARE_READ,
525 FILE_CREATE,
526 FILE_WRITE_THROUGH | FILE_SYNCHRONOUS_IO_NONALERT,
527 NULL,
528 0);
529 if (!NT_SUCCESS(Status))
530 {
531 DPRINT("Cannot create backup file `%wZ' (Status 0x%08lx)\n", BackupFileName, Status);
532 goto Quit;
533 }
534
535 Status = ElfBackupFile(&LogFile->LogFile,
536 &BackupLogFile.LogFile);
537
538Quit:
539 /* Close the backup file */
540 if (BackupLogFile.FileHandle != NULL)
541 NtClose(BackupLogFile.FileHandle);
542
543 /* Unlock the log file */
544 RtlReleaseResource(&LogFile->Lock);
545
546 return Status;
547}
548
549
550static NTSTATUS
551ReadRecord(IN PEVTLOGFILE LogFile,
552 IN ULONG RecordNumber,
553 OUT PEVENTLOGRECORD Record,
554 IN SIZE_T BufSize, // Length
555 OUT PSIZE_T BytesRead OPTIONAL,
556 OUT PSIZE_T BytesNeeded OPTIONAL,
557 IN BOOLEAN Ansi)
558{
559 NTSTATUS Status;
560 PEVENTLOGRECORD UnicodeBuffer = NULL;
561 PEVENTLOGRECORD Src, Dst;
562 ANSI_STRING StringA;
563 UNICODE_STRING StringW;
564 PVOID SrcPtr, DstPtr;
565 DWORD i;
566 DWORD dwPadding;
567 DWORD dwRecordLength;
568 PDWORD pLength;
569
570 if (!Ansi)
571 {
572 return ElfReadRecord(LogFile,
573 RecordNumber,
574 Record,
575 BufSize,
576 BytesRead,
577 BytesNeeded);
578 }
579
580 if (BytesRead)
581 *BytesRead = 0;
582
583 if (BytesNeeded)
584 *BytesNeeded = 0;
585
586 UnicodeBuffer = LogfpAlloc(BufSize, HEAP_ZERO_MEMORY, TAG_ELF_BUF);
587 if (UnicodeBuffer == NULL)
588 {
589 DPRINT1("Alloc failed!\n");
590 return STATUS_NO_MEMORY;
591 }
592
593 Status = ElfReadRecord(LogFile,
594 RecordNumber,
595 UnicodeBuffer,
596 BufSize,
597 BytesRead,
598 BytesNeeded);
599 if (!NT_SUCCESS(Status))
600 goto Quit;
601
602 Src = UnicodeBuffer;
603 Dst = Record;
604
605 Dst->Reserved = Src->Reserved;
606 Dst->RecordNumber = Src->RecordNumber;
607 Dst->TimeGenerated = Src->TimeGenerated;
608 Dst->TimeWritten = Src->TimeWritten;
609 Dst->EventID = Src->EventID;
610 Dst->EventType = Src->EventType;
611 Dst->EventCategory = Src->EventCategory;
612 Dst->NumStrings = Src->NumStrings;
613 Dst->UserSidLength = Src->UserSidLength;
614 Dst->DataLength = Src->DataLength;
615
616 SrcPtr = (PVOID)((ULONG_PTR)Src + sizeof(EVENTLOGRECORD));
617 DstPtr = (PVOID)((ULONG_PTR)Dst + sizeof(EVENTLOGRECORD));
618
619 /* Convert the module name */
620 RtlInitUnicodeString(&StringW, SrcPtr);
621 Status = RtlUnicodeStringToAnsiString(&StringA, &StringW, TRUE);
622 if (NT_SUCCESS(Status))
623 {
624 RtlCopyMemory(DstPtr, StringA.Buffer, StringA.MaximumLength);
625 DstPtr = (PVOID)((ULONG_PTR)DstPtr + StringA.MaximumLength);
626
627 RtlFreeAnsiString(&StringA);
628 }
629 else
630 {
631 RtlZeroMemory(DstPtr, StringW.MaximumLength / sizeof(WCHAR));
632 DstPtr = (PVOID)((ULONG_PTR)DstPtr + StringW.MaximumLength / sizeof(WCHAR));
633 }
634 SrcPtr = (PVOID)((ULONG_PTR)SrcPtr + StringW.MaximumLength);
635
636 /* Convert the computer name */
637 RtlInitUnicodeString(&StringW, SrcPtr);
638 Status = RtlUnicodeStringToAnsiString(&StringA, &StringW, TRUE);
639 if (NT_SUCCESS(Status))
640 {
641 RtlCopyMemory(DstPtr, StringA.Buffer, StringA.MaximumLength);
642 DstPtr = (PVOID)((ULONG_PTR)DstPtr + StringA.MaximumLength);
643
644 RtlFreeAnsiString(&StringA);
645 }
646 else
647 {
648 RtlZeroMemory(DstPtr, StringW.MaximumLength / sizeof(WCHAR));
649 DstPtr = (PVOID)((ULONG_PTR)DstPtr + StringW.MaximumLength / sizeof(WCHAR));
650 }
651
652 /* Add the padding and the User SID */
653 dwPadding = sizeof(ULONG) - (((ULONG_PTR)DstPtr - (ULONG_PTR)Dst) % sizeof(ULONG));
654 RtlZeroMemory(DstPtr, dwPadding);
655
656 SrcPtr = (PVOID)((ULONG_PTR)Src + Src->UserSidOffset);
657 DstPtr = (PVOID)((ULONG_PTR)DstPtr + dwPadding);
658
659 Dst->UserSidOffset = (DWORD)((ULONG_PTR)DstPtr - (ULONG_PTR)Dst);
660 RtlCopyMemory(DstPtr, SrcPtr, Src->UserSidLength);
661
662 /* Convert the strings */
663 SrcPtr = (PVOID)((ULONG_PTR)Src + Src->StringOffset);
664 DstPtr = (PVOID)((ULONG_PTR)DstPtr + Src->UserSidLength);
665 Dst->StringOffset = (DWORD)((ULONG_PTR)DstPtr - (ULONG_PTR)Dst);
666
667 for (i = 0; i < Dst->NumStrings; i++)
668 {
669 RtlInitUnicodeString(&StringW, SrcPtr);
670 Status = RtlUnicodeStringToAnsiString(&StringA, &StringW, TRUE);
671 if (NT_SUCCESS(Status))
672 {
673 RtlCopyMemory(DstPtr, StringA.Buffer, StringA.MaximumLength);
674 DstPtr = (PVOID)((ULONG_PTR)DstPtr + StringA.MaximumLength);
675
676 RtlFreeAnsiString(&StringA);
677 }
678 else
679 {
680 RtlZeroMemory(DstPtr, StringW.MaximumLength / sizeof(WCHAR));
681 DstPtr = (PVOID)((ULONG_PTR)DstPtr + StringW.MaximumLength / sizeof(WCHAR));
682 }
683 SrcPtr = (PVOID)((ULONG_PTR)SrcPtr + StringW.MaximumLength);
684 }
685
686 /* Copy the binary data */
687 SrcPtr = (PVOID)((ULONG_PTR)Src + Src->DataOffset);
688 Dst->DataOffset = (ULONG_PTR)DstPtr - (ULONG_PTR)Dst;
689 RtlCopyMemory(DstPtr, SrcPtr, Src->DataLength);
690 DstPtr = (PVOID)((ULONG_PTR)DstPtr + Src->DataLength);
691
692 /* Add the padding */
693 dwPadding = sizeof(ULONG) - (((ULONG_PTR)DstPtr - (ULONG_PTR)Dst) % sizeof(ULONG));
694 RtlZeroMemory(DstPtr, dwPadding);
695
696 /* Set the record length at the beginning and the end of the record */
697 dwRecordLength = (DWORD)((ULONG_PTR)DstPtr + dwPadding + sizeof(ULONG) - (ULONG_PTR)Dst);
698 Dst->Length = dwRecordLength;
699 pLength = (PDWORD)((ULONG_PTR)DstPtr + dwPadding);
700 *pLength = dwRecordLength;
701
702 if (BytesRead)
703 *BytesRead = dwRecordLength;
704
705 Status = STATUS_SUCCESS;
706
707Quit:
708 LogfpFree(UnicodeBuffer, 0, TAG_ELF_BUF);
709
710 return Status;
711}
712
713/*
714 * NOTE:
715 * 'RecordNumber' is a pointer to the record number at which the read operation
716 * should start. If the record number is 0 and the flags given in the 'Flags'
717 * parameter contain EVENTLOG_SEQUENTIAL_READ, an adequate record number is
718 * computed.
719 */
720NTSTATUS
721LogfReadEvents(PLOGFILE LogFile,
722 ULONG Flags,
723 PULONG RecordNumber,
724 ULONG BufSize,
725 PBYTE Buffer,
726 PULONG BytesRead,
727 PULONG BytesNeeded,
728 BOOLEAN Ansi)
729{
730 NTSTATUS Status;
731 ULONG RecNum;
732 SIZE_T ReadLength, NeededSize;
733 ULONG BufferUsage;
734
735 /* Parameters validation */
736
737 /* EVENTLOG_SEQUENTIAL_READ and EVENTLOG_SEEK_READ are mutually exclusive */
738 if ((Flags & EVENTLOG_SEQUENTIAL_READ) && (Flags & EVENTLOG_SEEK_READ))
739 return STATUS_INVALID_PARAMETER;
740
741 if (!(Flags & EVENTLOG_SEQUENTIAL_READ) && !(Flags & EVENTLOG_SEEK_READ))
742 return STATUS_INVALID_PARAMETER;
743
744 /* EVENTLOG_FORWARDS_READ and EVENTLOG_BACKWARDS_READ are mutually exclusive */
745 if ((Flags & EVENTLOG_FORWARDS_READ) && (Flags & EVENTLOG_BACKWARDS_READ))
746 return STATUS_INVALID_PARAMETER;
747
748 if (!(Flags & EVENTLOG_FORWARDS_READ) && !(Flags & EVENTLOG_BACKWARDS_READ))
749 return STATUS_INVALID_PARAMETER;
750
751 if (!Buffer || !BytesRead || !BytesNeeded)
752 return STATUS_INVALID_PARAMETER;
753
754 /* In seek read mode, a record number of 0 is invalid */
755 if (!(Flags & EVENTLOG_SEQUENTIAL_READ) && (*RecordNumber == 0))
756 return STATUS_INVALID_PARAMETER;
757
758 /* Lock the log file shared */
759 RtlAcquireResourceShared(&LogFile->Lock, TRUE);
760
761 /*
762 * In sequential read mode, a record number of 0 means we need
763 * to determine where to start the read operation. Otherwise
764 * we just use the provided record number.
765 */
766 if ((Flags & EVENTLOG_SEQUENTIAL_READ) && (*RecordNumber == 0))
767 {
768 if (Flags & EVENTLOG_FORWARDS_READ)
769 {
770 *RecordNumber = ElfGetOldestRecord(&LogFile->LogFile);
771 }
772 else // if (Flags & EVENTLOG_BACKWARDS_READ)
773 {
774 *RecordNumber = ElfGetCurrentRecord(&LogFile->LogFile) - 1;
775 }
776 }
777
778 RecNum = *RecordNumber;
779
780 *BytesRead = 0;
781 *BytesNeeded = 0;
782
783 BufferUsage = 0;
784 do
785 {
786 Status = ReadRecord(&LogFile->LogFile,
787 RecNum,
788 (PEVENTLOGRECORD)(Buffer + BufferUsage),
789 BufSize - BufferUsage,
790 &ReadLength,
791 &NeededSize,
792 Ansi);
793 if (Status == STATUS_NOT_FOUND)
794 {
795 if (BufferUsage == 0)
796 {
797 Status = STATUS_END_OF_FILE;
798 goto Quit;
799 }
800 else
801 {
802 break;
803 }
804 }
805 else
806 if (Status == STATUS_BUFFER_TOO_SMALL)
807 {
808 if (BufferUsage == 0)
809 {
810 *BytesNeeded = NeededSize;
811 // Status = STATUS_BUFFER_TOO_SMALL;
812 goto Quit;
813 }
814 else
815 {
816 break;
817 }
818 }
819 else
820 if (!NT_SUCCESS(Status))
821 {
822 DPRINT1("ElfReadRecord failed (Status 0x%08lx)\n", Status);
823 goto Quit;
824 }
825
826 /* Go to the next event record */
827 /*
828 * NOTE: This implicitly supposes that all the other record numbers
829 * are consecutive (and do not jump than more than one unit); but if
830 * it is not the case, then we would prefer here to call some
831 * "get_next_record_number" function.
832 */
833 if (Flags & EVENTLOG_FORWARDS_READ)
834 RecNum++;
835 else // if (Flags & EVENTLOG_BACKWARDS_READ)
836 RecNum--;
837
838 BufferUsage += ReadLength;
839 }
840 while (BufferUsage <= BufSize);
841
842 *BytesRead = BufferUsage;
843 *RecordNumber = RecNum;
844
845 Status = STATUS_SUCCESS;
846
847Quit:
848 /* Unlock the log file */
849 RtlReleaseResource(&LogFile->Lock);
850
851 if (!NT_SUCCESS(Status))
852 DPRINT1("LogfReadEvents failed (Status 0x%08lx)\n", Status);
853
854 return Status;
855}
856
857NTSTATUS
858LogfWriteRecord(PLOGFILE LogFile,
859 PEVENTLOGRECORD Record,
860 SIZE_T BufSize)
861{
862 NTSTATUS Status;
863 LARGE_INTEGER SystemTime;
864
865 // ASSERT(sizeof(*Record) == sizeof(RecBuf));
866
867 if (!Record || BufSize < sizeof(*Record))
868 return STATUS_INVALID_PARAMETER;
869
870 /* Lock the log file exclusive */
871 RtlAcquireResourceExclusive(&LogFile->Lock, TRUE);
872
873 /*
874 * Retrieve the record written time now, that will also be compared
875 * with the existing events timestamps in case the log is wrapping.
876 */
877 NtQuerySystemTime(&SystemTime);
878 RtlTimeToSecondsSince1970(&SystemTime, &Record->TimeWritten);
879
880 Status = ElfWriteRecord(&LogFile->LogFile, Record, BufSize);
881 if (Status == STATUS_LOG_FILE_FULL)
882 {
883 /* The event log file is full, queue a message box for the user and exit */
884 // TODO!
885 DPRINT1("Log file `%S' is full!\n", LogFile->LogName);
886 }
887
888 /* Unlock the log file */
889 RtlReleaseResource(&LogFile->Lock);
890
891 return Status;
892}
893
894
895PEVENTLOGRECORD
896LogfAllocAndBuildNewRecord(PSIZE_T pRecSize,
897 ULONG Time,
898 USHORT wType,
899 USHORT wCategory,
900 ULONG dwEventId,
901 PUNICODE_STRING SourceName,
902 PUNICODE_STRING ComputerName,
903 ULONG dwSidLength,
904 PSID pUserSid,
905 USHORT wNumStrings,
906 PWSTR pStrings,
907 ULONG dwDataSize,
908 PVOID pRawData)
909{
910 SIZE_T RecSize;
911 SIZE_T SourceNameSize, ComputerNameSize, StringLen;
912 PBYTE Buffer;
913 PEVENTLOGRECORD pRec;
914 PWSTR str;
915 UINT i, pos;
916
917 SourceNameSize = (SourceName && SourceName->Buffer) ? SourceName->Length : 0;
918 ComputerNameSize = (ComputerName && ComputerName->Buffer) ? ComputerName->Length : 0;
919
920 RecSize = sizeof(EVENTLOGRECORD) + /* Add the sizes of the strings, NULL-terminated */
921 SourceNameSize + ComputerNameSize + 2*sizeof(UNICODE_NULL);
922
923 /* Align on DWORD boundary for the SID */
924 RecSize = ROUND_UP(RecSize, sizeof(ULONG));
925
926 RecSize += dwSidLength;
927
928 /* Add the sizes for the strings array */
929 ASSERT((pStrings == NULL && wNumStrings == 0) ||
930 (pStrings != NULL && wNumStrings >= 0));
931 for (i = 0, str = pStrings; i < wNumStrings; i++)
932 {
933 StringLen = wcslen(str) + 1; // str must be != NULL
934 RecSize += StringLen * sizeof(WCHAR);
935 str += StringLen;
936 }
937
938 /* Add the data size */
939 RecSize += dwDataSize;
940
941 /* Align on DWORD boundary for the full structure */
942 RecSize = ROUND_UP(RecSize, sizeof(ULONG));
943
944 /* Size of the trailing 'Length' member */
945 RecSize += sizeof(ULONG);
946
947 Buffer = RtlAllocateHeap(GetProcessHeap(), HEAP_ZERO_MEMORY, RecSize);
948 if (!Buffer)
949 {
950 DPRINT1("Cannot allocate heap!\n");
951 return NULL;
952 }
953
954 pRec = (PEVENTLOGRECORD)Buffer;
955 pRec->Length = RecSize;
956 pRec->Reserved = LOGFILE_SIGNATURE;
957
958 /*
959 * Do not assign here any precomputed record number to the event record.
960 * The true record number will be assigned atomically and sequentially in
961 * LogfWriteRecord, so that all the event records will have consistent and
962 * unique record numbers.
963 */
964 pRec->RecordNumber = 0;
965
966 /*
967 * Set the generated time, and temporarily set the written time
968 * with the generated time.
969 */
970 pRec->TimeGenerated = Time;
971 pRec->TimeWritten = Time;
972
973 pRec->EventID = dwEventId;
974 pRec->EventType = wType;
975 pRec->EventCategory = wCategory;
976
977 pos = sizeof(EVENTLOGRECORD);
978
979 /* NOTE: Equivalents of RtlStringCbCopyUnicodeString calls */
980 if (SourceNameSize)
981 {
982 StringCbCopyNW((PWSTR)(Buffer + pos), SourceNameSize + sizeof(UNICODE_NULL),
983 SourceName->Buffer, SourceNameSize);
984 }
985 pos += SourceNameSize + sizeof(UNICODE_NULL);
986 if (ComputerNameSize)
987 {
988 StringCbCopyNW((PWSTR)(Buffer + pos), ComputerNameSize + sizeof(UNICODE_NULL),
989 ComputerName->Buffer, ComputerNameSize);
990 }
991 pos += ComputerNameSize + sizeof(UNICODE_NULL);
992
993 /* Align on DWORD boundary for the SID */
994 pos = ROUND_UP(pos, sizeof(ULONG));
995
996 pRec->UserSidLength = 0;
997 pRec->UserSidOffset = 0;
998 if (dwSidLength)
999 {
1000 RtlCopyMemory(Buffer + pos, pUserSid, dwSidLength);
1001 pRec->UserSidLength = dwSidLength;
1002 pRec->UserSidOffset = pos;
1003 pos += dwSidLength;
1004 }
1005
1006 pRec->StringOffset = pos;
1007 for (i = 0, str = pStrings; i < wNumStrings; i++)
1008 {
1009 StringLen = wcslen(str) + 1; // str must be != NULL
1010 StringCchCopyW((PWSTR)(Buffer + pos), StringLen, str);
1011 str += StringLen;
1012 pos += StringLen * sizeof(WCHAR);
1013 }
1014 pRec->NumStrings = wNumStrings;
1015
1016 pRec->DataLength = 0;
1017 pRec->DataOffset = 0;
1018 if (dwDataSize)
1019 {
1020 RtlCopyMemory(Buffer + pos, pRawData, dwDataSize);
1021 pRec->DataLength = dwDataSize;
1022 pRec->DataOffset = pos;
1023 pos += dwDataSize;
1024 }
1025
1026 /* Align on DWORD boundary for the full structure */
1027 pos = ROUND_UP(pos, sizeof(ULONG));
1028
1029 /* Initialize the trailing 'Length' member */
1030 *((PDWORD)(Buffer + pos)) = RecSize;
1031
1032 *pRecSize = RecSize;
1033 return pRec;
1034}
1035
1036VOID
1037LogfReportEvent(USHORT wType,
1038 USHORT wCategory,
1039 ULONG dwEventId,
1040 USHORT wNumStrings,
1041 PWSTR pStrings,
1042 ULONG dwDataSize,
1043 PVOID pRawData)
1044{
1045 NTSTATUS Status;
1046 UNICODE_STRING SourceName, ComputerName;
1047 PEVENTLOGRECORD LogBuffer;
1048 LARGE_INTEGER SystemTime;
1049 ULONG Time;
1050 SIZE_T RecSize;
1051 DWORD dwComputerNameLength;
1052 WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1053
1054 if (!EventLogSource)
1055 return;
1056
1057 RtlInitUnicodeString(&SourceName, EventLogSource->szName);
1058
1059 dwComputerNameLength = ARRAYSIZE(szComputerName);
1060 if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
1061 szComputerName[0] = L'\0';
1062
1063 RtlInitUnicodeString(&ComputerName, szComputerName);
1064
1065 NtQuerySystemTime(&SystemTime);
1066 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1067
1068 LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
1069 Time,
1070 wType,
1071 wCategory,
1072 dwEventId,
1073 &SourceName,
1074 &ComputerName,
1075 0,
1076 NULL,
1077 wNumStrings,
1078 pStrings,
1079 dwDataSize,
1080 pRawData);
1081 if (LogBuffer == NULL)
1082 {
1083 DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
1084 return;
1085 }
1086
1087 Status = LogfWriteRecord(EventLogSource->LogFile, LogBuffer, RecSize);
1088 if (!NT_SUCCESS(Status))
1089 {
1090 DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
1091 EventLogSource->LogFile->LogName, Status);
1092 }
1093
1094 LogfFreeRecord(LogBuffer);
1095}
ReadLength
ULONG ReadLength
Definition: CcCopyRead_drv.c:29
BufSize
#define BufSize
Definition: FsRtlTunnel.c:28
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
SourceName
WCHAR SourceName[256]
Definition: arping.c:28
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
DPRINT1
#define DPRINT1
Definition: precomp.h:8
EventLogSource
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
LogfReportEvent
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
LogfpSetFileSize
static NTSTATUS NTAPI LogfpSetFileSize(IN PEVTLOGFILE LogFile, IN ULONG FileSize, IN ULONG OldFileSize)
Definition: file.c:244
LogfClearFile
NTSTATUS LogfClearFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:467
LogfCreate
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
LogfpAlloc
static PVOID NTAPI LogfpAlloc(IN SIZE_T Size, IN ULONG Flags, IN ULONG Tag)
Definition: file.c:158
LogfReadEvents
NTSTATUS LogfReadEvents(PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
Definition: file.c:721
LogfpFlushFile
static NTSTATUS NTAPI LogfpFlushFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, IN ULONG Length)
Definition: file.c:280
LogfListItemByName
PLOGFILE LogfListItemByName(LPCWSTR Name)
Definition: file.c:33
LogfListRemoveItem
static VOID LogfListRemoveItem(PLOGFILE Item)
Definition: file.c:145
LogfWriteRecord
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
LogfListInitialize
VOID LogfListInitialize(VOID)
Definition: file.c:27
LogfClose
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
Definition: file.c:428
LogfpWriteFile
static NTSTATUS NTAPI LogfpWriteFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, IN PVOID Buffer, IN SIZE_T Length, OUT PSIZE_T WrittenLength OPTIONAL)
Definition: file.c:212
LogfpFree
static VOID NTAPI LogfpFree(IN PVOID Ptr, IN ULONG Flags, IN ULONG Tag)
Definition: file.c:169
ReadRecord
static NTSTATUS ReadRecord(IN PEVTLOGFILE LogFile, IN ULONG RecordNumber, OUT PEVENTLOGRECORD Record, IN SIZE_T BufSize, OUT PSIZE_T BytesRead OPTIONAL, OUT PSIZE_T BytesNeeded OPTIONAL, IN BOOLEAN Ansi)
Definition: file.c:551
LogfListItemByIndex
PLOGFILE LogfListItemByIndex(DWORD Index)
Definition: file.c:93
LogfAllocAndBuildNewRecord
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
LogFileListHead
static LIST_ENTRY LogFileListHead
Definition: file.c:22
LogfBackupFile
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:499
LogfCloseAll
VOID LogfCloseAll(VOID)
Definition: file.c:452
LogfListItemCount
DWORD LogfListItemCount(VOID)
Definition: file.c:118
LogfListAddItem
static VOID LogfListAddItem(PLOGFILE Item)
Definition: file.c:137
LogfpReadFile
static NTSTATUS NTAPI LogfpReadFile(IN PEVTLOGFILE LogFile, IN PLARGE_INTEGER FileOffset, OUT PVOID Buffer, IN SIZE_T Length, OUT PSIZE_T ReadLength OPTIONAL)
Definition: file.c:180
LogFileListCs
static CRITICAL_SECTION LogFileListCs
Definition: file.c:23
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
FileOffset
_In_ PFCB _In_ LONGLONG FileOffset
Definition: cdprocs.h:160
Buffer
Definition: bufpool.h:45
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135
FILE_ATTRIBUTE_NORMAL
#define FILE_ATTRIBUTE_NORMAL
Definition: compat.h:137
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
RemoveEntryList
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
IsListEmpty
#define IsListEmpty(ListHead)
Definition: env_spec_w32.h:954
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
PLOGFILE
struct _LOGFILE * PLOGFILE
LogfFreeRecord
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
ROUND_UP
#define ROUND_UP(n, align)
Definition: eventvwr.h:34
ElfReCreateFile
NTSTATUS NTAPI ElfReCreateFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:966
ElfCloseFile
VOID NTAPI ElfCloseFile(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1179
ElfWriteRecord
NTSTATUS NTAPI ElfWriteRecord(IN PEVTLOGFILE LogFile, IN PEVENTLOGRECORD Record, IN SIZE_T BufSize)
Definition: evtlib.c:1269
ElfGetOldestRecord
ULONG NTAPI ElfGetOldestRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1589
ElfCreateFile
NTSTATUS NTAPI ElfCreateFile(IN OUT PEVTLOGFILE LogFile, IN PUNICODE_STRING FileName OPTIONAL, IN ULONG FileSize, IN ULONG MaxSize, IN ULONG Retention, IN BOOLEAN CreateNew, IN BOOLEAN ReadOnly, IN PELF_ALLOCATE_ROUTINE Allocate, IN PELF_FREE_ROUTINE Free, IN PELF_FILE_SET_SIZE_ROUTINE FileSetSize, IN PELF_FILE_WRITE_ROUTINE FileWrite, IN PELF_FILE_READ_ROUTINE FileRead, IN PELF_FILE_FLUSH_ROUTINE FileFlush)
Definition: evtlib.c:876
ElfBackupFile
NTSTATUS NTAPI ElfBackupFile(IN PEVTLOGFILE LogFile, IN PEVTLOGFILE BackupLogFile)
Definition: evtlib.c:979
ElfGetCurrentRecord
ULONG NTAPI ElfGetCurrentRecord(IN PEVTLOGFILE LogFile)
Definition: evtlib.c:1598
ElfReadRecord
NTSTATUS NTAPI ElfReadRecord(IN PEVTLOGFILE LogFile, IN ULONG RecordNumber, OUT PEVENTLOGRECORD Record, IN SIZE_T BufSize, OUT PSIZE_T BytesRead OPTIONAL, OUT PSIZE_T BytesNeeded OPTIONAL)
Definition: evtlib.c:1197
LOGFILE_SIGNATURE
#define LOGFILE_SIGNATURE
Definition: evtlib.h:43
TAG_ELF_BUF
#define TAG_ELF_BUF
Definition: evtlib.h:152
TAG_ELF
#define TAG_ELF
Definition: evtlib.h:151
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
FileEndOfFileInformation
@ FileEndOfFileInformation
Definition: from_kernel.h:81
FileAllocationInformation
@ FileAllocationInformation
Definition: from_kernel.h:80
FILE_OPEN
#define FILE_OPEN
Definition: from_kernel.h:54
FILE_CREATE
#define FILE_CREATE
Definition: from_kernel.h:55
FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
FILE_WRITE_THROUGH
#define FILE_WRITE_THROUGH
Definition: from_kernel.h:26
FILE_OPEN_IF
#define FILE_OPEN_IF
Definition: from_kernel.h:56
FileSize
_Must_inspect_result_ _Out_ PLARGE_INTEGER FileSize
Definition: fsrtlfuncs.h:108
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
Status
Status
Definition: gdiplustypes.h:25
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
RtlTimeToSecondsSince1970
BOOLEAN NTAPI RtlTimeToSecondsSince1970(PLARGE_INTEGER Time, PULONG ElapsedSeconds)
NtFlushBuffersFile
NTSTATUS NTAPI NtFlushBuffersFile(IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock)
Definition: iofunc.c:1487
StringW
static const WCHAR StringW[]
Definition: global.c:49
Dst
#define Dst
Definition: mesh.h:153
ASSERT
#define ASSERT(a)
Definition: mode.c:44
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
Time
static PLARGE_INTEGER Time
Definition: time.c:105
UINT
unsigned int UINT
Definition: ndis.h:50
RtlAcquireResourceShared
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
RtlInitializeResource
NTSYSAPI VOID NTAPI RtlInitializeResource(_In_ PRTL_RESOURCE Resource)
RtlAcquireResourceExclusive
NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive(_In_ PRTL_RESOURCE Resource, _In_ BOOLEAN Wait)
RtlDeleteResource
NTSYSAPI VOID NTAPI RtlDeleteResource(_In_ PRTL_RESOURCE Resource)
RtlReleaseResource
NTSYSAPI VOID NTAPI RtlReleaseResource(_In_ PRTL_RESOURCE Resource)
RtlUnicodeStringToAnsiString
NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString(PANSI_STRING DestinationString, PUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61
RtlFreeAnsiString
NTSYSAPI VOID NTAPI RtlFreeAnsiString(PANSI_STRING AnsiString)
NtWriteFile
NTSYSAPI NTSTATUS NTAPI NtWriteFile(IN HANDLE hFile, IN HANDLE hEvent OPTIONAL, IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL, IN PVOID IoApcContext OPTIONAL, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN PVOID WriteBuffer, IN ULONG WriteBufferLength, IN PLARGE_INTEGER FileOffset OPTIONAL, IN PULONG LockOperationKey OPTIONAL)
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
FILE_CREATED
#define FILE_CREATED
Definition: nt_native.h:770
NtSetInformationFile
NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
Definition: iofunc.c:3096
NtQueryInformationFile
NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(IN HANDLE hFile, OUT PIO_STATUS_BLOCK pIoStatusBlock, OUT PVOID FileInformationBuffer, IN ULONG FileInformationBufferLength, IN FILE_INFORMATION_CLASS FileInfoClass)
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
DWORD
#define DWORD
Definition: nt_native.h:44
NtCreateFile
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90
UNICODE_NULL
#define UNICODE_NULL
UNREFERENCED_PARAMETER
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
NtQuerySystemTime
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:472
STATUS_LOG_FILE_FULL
#define STATUS_LOG_FILE_FULL
Definition: ntstatus.h:625
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
STATUS_EVENTLOG_FILE_CORRUPT
#define STATUS_EVENTLOG_FILE_CORRUPT
Definition: ntstatus.h:631
L
#define L(x)
Definition: ntvdm.h:50
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
PDWORD
DWORD * PDWORD
Definition: pedump.c:68
USHORT
unsigned short USHORT
Definition: pedump.c:61
FileStandardInformation
#define FileStandardInformation
Definition: propsheet.cpp:61
str
const WCHAR * str
Definition: rpc_transport.c:2724
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
STATUS_END_OF_FILE
#define STATUS_END_OF_FILE
Definition: shellext.h:67
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
STATUS_NOT_FOUND
#define STATUS_NOT_FOUND
Definition: shellext.h:72
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NtReadFile
NTSTATUS NTAPI NtReadFile(HANDLE FileHandle, HANDLE Event, PIO_APC_ROUTINE ApcRoutine, PVOID ApcContext, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG Length, PLARGE_INTEGER ByteOffset, PULONG Key)
DPRINT
#define DPRINT
Definition: sndvol32.h:71
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
StringCbCopyNW
STRSAFEAPI StringCbCopyNW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc, size_t cbToCopy)
Definition: strsafe.h:255
StringCchCopyW
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
NameRec_
Definition: apinames.c:49
_ANSI_STRING
Definition: env_spec_w32.h:375
_ANSI_STRING::Buffer
PSTR Buffer
Definition: env_spec_w32.h:378
_ANSI_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:377
_CRITICAL_SECTION
Definition: winbase.h:893
_EVENTLOGRECORD
Definition: winnt_old.h:2887
_EVENTLOGRECORD::DataOffset
DWORD DataOffset
Definition: winnt_old.h:2903
_EVENTLOGRECORD::NumStrings
WORD NumStrings
Definition: winnt_old.h:2895
_EVENTLOGRECORD::EventType
WORD EventType
Definition: winnt_old.h:2894
_EVENTLOGRECORD::StringOffset
DWORD StringOffset
Definition: winnt_old.h:2899
_EVENTLOGRECORD::DataLength
DWORD DataLength
Definition: winnt_old.h:2902
_EVENTLOGRECORD::TimeGenerated
DWORD TimeGenerated
Definition: winnt_old.h:2891
_EVENTLOGRECORD::Reserved
DWORD Reserved
Definition: winnt_old.h:2889
_EVENTLOGRECORD::TimeWritten
DWORD TimeWritten
Definition: winnt_old.h:2892
_EVENTLOGRECORD::EventID
DWORD EventID
Definition: winnt_old.h:2893
_EVENTLOGRECORD::EventCategory
WORD EventCategory
Definition: winnt_old.h:2896
_EVENTLOGRECORD::RecordNumber
DWORD RecordNumber
Definition: winnt_old.h:2890
_EVENTLOGRECORD::UserSidOffset
DWORD UserSidOffset
Definition: winnt_old.h:2901
_EVENTLOGRECORD::Length
DWORD Length
Definition: winnt_old.h:2888
_EVENTLOGRECORD::UserSidLength
DWORD UserSidLength
Definition: winnt_old.h:2900
_EVENTSOURCE::szName
WCHAR szName[1]
Definition: eventlog.h:48
_EVENTSOURCE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:47
_EVTLOGFILE
Definition: evtlib.h:203
_FILE_ALLOCATION_INFORMATION
Definition: winternl.h:687
_FILE_ALLOCATION_INFORMATION::AllocationSize
LARGE_INTEGER AllocationSize
Definition: winternl.h:688
_FILE_END_OF_FILE_INFORMATION
Definition: nt_native.h:976
_FILE_END_OF_FILE_INFORMATION::EndOfFile
LARGE_INTEGER EndOfFile
Definition: nt_native.h:977
_FILE_STANDARD_INFORMATION
Definition: propsheet.cpp:53
_FILE_STANDARD_INFORMATION::EndOfFile
LARGE_INTEGER EndOfFile
Definition: propsheet.cpp:55
_FileName
Definition: filecomp.c:348
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
_IO_STATUS_BLOCK::Information
ULONG Information
Definition: env_spec_w32.h:872
_LIST_ENTRY
Definition: typedefs.h:120
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
_LOGFILE
Definition: eventlog.h:35
_LOGFILE::Lock
RTL_RESOURCE Lock
Definition: eventlog.h:39
_LOGFILE::LogFile
EVTLOGFILE LogFile
Definition: eventlog.h:36
_LOGFILE::Permanent
BOOL Permanent
Definition: eventlog.h:40
_LOGFILE::FileHandle
HANDLE FileHandle
Definition: eventlog.h:37
_LOGFILE::LogName
WCHAR * LogName
Definition: eventlog.h:38
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_SID
Definition: ms-dtyp.idl:198
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
InitializeCriticalSection
VOID WINAPI InitializeCriticalSection(OUT LPCRITICAL_SECTION lpCriticalSection)
Definition: synch.c:751
PSIZE_T
ULONG_PTR * PSIZE_T
Definition: typedefs.h:80
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
PULONG
uint32_t * PULONG
Definition: typedefs.h:59
PCWSTR
const uint16_t * PCWSTR
Definition: typedefs.h:57
NTAPI
#define NTAPI
Definition: typedefs.h:36
PVOID
void * PVOID
Definition: typedefs.h:50
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
IN
#define IN
Definition: typedefs.h:39
CONTAINING_RECORD
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260
ULONG
uint32_t ULONG
Definition: typedefs.h:59
OUT
#define OUT
Definition: typedefs.h:40
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_LARGE_INTEGER
Definition: typedefs.h:103
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
_LARGE_INTEGER::LowPart
ULONG LowPart
Definition: typedefs.h:106
_LARGE_INTEGER::HighPart
LONG HighPart
Definition: typedefs.h:107
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:182
Item
_In_ WDFCOLLECTION _In_ WDFOBJECT Item
Definition: wdfcollection.h:153
Tag
_Must_inspect_result_ _In_ WDFDEVICE _In_ BOOLEAN _In_opt_ PVOID Tag
Definition: wdfdevice.h:4065
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
BytesRead
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesRead
Definition: wdfiotarget.h:870
LeaveCriticalSection
void WINAPI LeaveCriticalSection(LPCRITICAL_SECTION)
EnterCriticalSection
void WINAPI EnterCriticalSection(LPCRITICAL_SECTION)
DeleteCriticalSection
void WINAPI DeleteCriticalSection(PCRITICAL_SECTION)
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:243
EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2875
EVENTLOG_BACKWARDS_READ
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2878
EVENTLOG_FORWARDS_READ
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2877
EVENTLOGRECORD
struct _EVENTLOGRECORD EVENTLOGRECORD
PEVENTLOGRECORD
struct _EVENTLOGRECORD * PEVENTLOGRECORD
EVENTLOG_SEEK_READ
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:2876
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
Record
_In_ struct _KBUGCHECK_REASON_CALLBACK_RECORD * Record
Definition: ketypes.h:256
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185