ReactOS  0.4.15-dev-3453-gff89651
eventlog.h
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS EventLog Service
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: base/services/eventlog/eventlog.h
5  * PURPOSE: Precompiled Header for the Event logging service
6  * COPYRIGHT: Copyright 2005 Saveliy Tretiakov
7  */
8 
9 #ifndef __EVENTLOG_H__
10 #define __EVENTLOG_H__
11 
12 #include <stdarg.h>
13 
14 /* PSDK/NDK Headers */
15 #define WIN32_NO_STATUS
16 #include <windef.h>
17 #include <winbase.h>
18 
19 #define NTOS_MODE_USER
20 #include <ndk/rtlfuncs.h>
21 #include <ndk/obfuncs.h>
22 
23 #define ROUND_DOWN(n, align) (((ULONG)n) & ~((align) - 1l))
24 #define ROUND_UP(n, align) ROUND_DOWN(((ULONG)n) + (align) - 1, (align))
25 
26 #include <evtlib.h>
27 
28 #include <eventlogrpc_s.h>
29 #include <strsafe.h>
30 
31 /* Defined in evtlib.h */
32 // #define LOGFILE_SIGNATURE 0x654c664c // "LfLe"
33 
34 typedef struct _LOGFILE
35 {
36  EVTLOGFILE LogFile;
37  HANDLE FileHandle;
38  WCHAR *LogName;
39  RTL_RESOURCE Lock;
40  BOOL Permanent;
41  LIST_ENTRY ListEntry;
42 } LOGFILE, *PLOGFILE;
43 
44 typedef struct _EVENTSOURCE
45 {
46  LIST_ENTRY EventSourceListEntry;
47  PLOGFILE LogFile;
48  WCHAR szName[1];
49 } EVENTSOURCE, *PEVENTSOURCE;
50 
51 
52 /* Log Handle Flags */
53 #define LOG_HANDLE_BACKUP_FILE 1
54 
55 typedef struct _LOGHANDLE
56 {
57  LIST_ENTRY LogHandleListEntry;
58  PEVENTSOURCE EventSource;
59  PLOGFILE LogFile;
60  ULONG CurrentRecord;
61  ULONG Flags;
62  WCHAR szName[1];
63 } LOGHANDLE, *PLOGHANDLE;
64 
65 
66 /* eventlog.c */
67 extern PEVENTSOURCE EventLogSource;
68 
69 VOID PRINT_RECORD(PEVENTLOGRECORD pRec);
70 
71 
72 /* eventsource.c */
73 VOID InitEventSourceList(VOID);
74 
75 BOOL
76 LoadEventSources(HKEY hKey,
77  PLOGFILE pLogFile);
78 
79 PEVENTSOURCE
80 GetEventSourceByName(LPCWSTR Name);
81 
82 
83 /* file.c */
84 VOID LogfListInitialize(VOID);
85 DWORD LogfListItemCount(VOID);
86 PLOGFILE LogfListItemByIndex(DWORD Index);
87 PLOGFILE LogfListItemByName(LPCWSTR Name);
88 // DWORD LogfListItemIndexByName(WCHAR * Name);
89 
90 NTSTATUS
91 LogfCreate(PLOGFILE* LogFile,
92  PCWSTR LogName,
93  PUNICODE_STRING FileName,
94  ULONG MaxSize,
95  ULONG Retention,
96  BOOLEAN Permanent,
97  BOOLEAN Backup);
98 
99 VOID
100 LogfClose(PLOGFILE LogFile,
101  BOOLEAN ForceClose);
102 
103 VOID LogfCloseAll(VOID);
104 
105 NTSTATUS
106 LogfClearFile(PLOGFILE LogFile,
107  PUNICODE_STRING BackupFileName);
108 
109 NTSTATUS
110 LogfBackupFile(PLOGFILE LogFile,
111  PUNICODE_STRING BackupFileName);
112 
113 NTSTATUS
114 LogfReadEvents(PLOGFILE LogFile,
115  ULONG Flags,
116  PULONG RecordNumber,
117  ULONG BufSize,
118  PBYTE Buffer,
119  PULONG BytesRead,
120  PULONG BytesNeeded,
121  BOOLEAN Ansi);
122 
123 NTSTATUS
124 LogfWriteRecord(PLOGFILE LogFile,
125  PEVENTLOGRECORD Record,
126  SIZE_T BufSize);
127 
128 PEVENTLOGRECORD
129 LogfAllocAndBuildNewRecord(PSIZE_T pRecSize,
130  ULONG Time,
131  USHORT wType,
132  USHORT wCategory,
133  ULONG dwEventId,
134  PUNICODE_STRING SourceName,
135  PUNICODE_STRING ComputerName,
136  ULONG dwSidLength,
137  PSID pUserSid,
138  USHORT wNumStrings,
139  PWSTR pStrings,
140  ULONG dwDataSize,
141  PVOID pRawData);
142 
143 static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
144 {
145  RtlFreeHeap(GetProcessHeap(), 0, Record);
146 }
147 
148 VOID
149 LogfReportEvent(USHORT wType,
150  USHORT wCategory,
151  ULONG dwEventId,
152  USHORT wNumStrings,
153  PWSTR pStrings,
154  ULONG dwDataSize,
155  PVOID pRawData);
156 
157 
158 /* logport.c */
159 NTSTATUS WINAPI PortThreadRoutine(PVOID Param);
160 
161 NTSTATUS InitLogPort(VOID);
162 
163 NTSTATUS ProcessPortMessage(VOID);
164 
165 /* rpc.c */
166 DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter);
167 
168 #endif /* __EVENTLOG_H__ */
PEVENTSOURCE
struct _EVENTSOURCE * PEVENTSOURCE
PCWSTR
const uint16_t * PCWSTR
Definition: typedefs.h:57
_EVENTLOGRECORD
Definition: winnt_old.h:2760
ProcessPortMessage
NTSTATUS ProcessPortMessage(VOID)
Definition: logport.c:104
_EVENTSOURCE
Definition: eventlog.h:44
_SID
Definition: ms-dtyp.idl:198
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
LogfCloseAll
VOID LogfCloseAll(VOID)
Definition: file.c:452
InitEventSourceList
VOID InitEventSourceList(VOID)
Definition: eventsource.c:22
PLOGFILE
struct _LOGFILE * PLOGFILE
LogfClose
VOID LogfClose(PLOGFILE LogFile, BOOLEAN ForceClose)
Definition: file.c:428
PortThreadRoutine
NTSTATUS WINAPI PortThreadRoutine(PVOID Param)
Definition: logport.c:27
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
LogfClearFile
NTSTATUS LogfClearFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:467
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
LogfFreeRecord
static __inline void LogfFreeRecord(PEVENTLOGRECORD Record)
Definition: eventlog.h:143
_LOGHANDLE::LogHandleListEntry
LIST_ENTRY LogHandleListEntry
Definition: eventlog.h:57
_RTL_RESOURCE
Definition: rtltypes.h:1511
LogfReadEvents
NTSTATUS LogfReadEvents(PLOGFILE LogFile, ULONG Flags, PULONG RecordNumber, ULONG BufSize, PBYTE Buffer, PULONG BytesRead, PULONG BytesNeeded, BOOLEAN Ansi)
Definition: file.c:721
_LOGHANDLE::EventSource
PEVENTSOURCE EventSource
Definition: eventlog.h:58
LogfListItemCount
DWORD LogfListItemCount(VOID)
Definition: file.c:118
PLOGHANDLE
struct _LOGHANDLE * PLOGHANDLE
BytesRead
_Must_inspect_result_ _In_ WDFIOTARGET _In_opt_ WDFREQUEST _In_opt_ PWDF_MEMORY_DESCRIPTOR _In_opt_ PLONGLONG _In_opt_ PWDF_REQUEST_SEND_OPTIONS _Out_opt_ PULONG_PTR BytesRead
Definition: wdfiotarget.h:859
_LOGFILE::LogFile
EVTLOGFILE LogFile
Definition: eventlog.h:36
Record
_In_ struct _KBUGCHECK_REASON_CALLBACK_RECORD * Record
Definition: ketypes.h:256
LogfListInitialize
VOID LogfListInitialize(VOID)
Definition: file.c:27
LogfReportEvent
VOID LogfReportEvent(USHORT wType, USHORT wCategory, ULONG dwEventId, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:1037
PSIZE_T
ULONG_PTR * PSIZE_T
Definition: typedefs.h:80
_EVENTSOURCE::EventSourceListEntry
LIST_ENTRY EventSourceListEntry
Definition: eventlog.h:46
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
LoadEventSources
BOOL LoadEventSources(HKEY hKey, PLOGFILE pLogFile)
Definition: eventsource.c:82
LogfBackupFile
NTSTATUS LogfBackupFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName)
Definition: file.c:499
_EVENTSOURCE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:47
_EVENTSOURCE::szName
WCHAR szName[1]
Definition: eventlog.h:48
RpcThreadRoutine
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
Definition: rpcserver.c:20
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
NameRec_
Definition: apinames.c:48
_FileName
Definition: filecomp.c:347
Buffer
Definition: bufpool.h:45
GetEventSourceByName
PEVENTSOURCE GetEventSourceByName(LPCWSTR Name)
Definition: eventsource.c:202
BufSize
#define BufSize
Definition: FsRtlTunnel.c:28
_LOGHANDLE::CurrentRecord
ULONG CurrentRecord
Definition: eventlog.h:60
_LOGHANDLE::Flags
ULONG Flags
Definition: eventlog.h:61
_LOGHANDLE::LogFile
PLOGFILE LogFile
Definition: eventlog.h:59
_LOGFILE::ListEntry
LIST_ENTRY ListEntry
Definition: eventlog.h:41
PRINT_RECORD
VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
Definition: eventlog.c:544
_LOGFILE::FileHandle
HANDLE FileHandle
Definition: eventlog.h:37
LogfListItemByIndex
PLOGFILE LogfListItemByIndex(DWORD Index)
Definition: file.c:93
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:595
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
_LOGFILE::Permanent
BOOL Permanent
Definition: eventlog.h:40
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:179
LOGHANDLE
struct _LOGHANDLE LOGHANDLE
_LOGFILE::Lock
RTL_RESOURCE Lock
Definition: eventlog.h:39
WINAPI
#define WINAPI
Definition: msvc.h:6
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
_LOGFILE::LogName
WCHAR * LogName
Definition: eventlog.h:38
lpParameter
LPVOID lpParameter
Definition: kernel32.h:241
LogfAllocAndBuildNewRecord
PEVENTLOGRECORD LogfAllocAndBuildNewRecord(PSIZE_T pRecSize, ULONG Time, USHORT wType, USHORT wCategory, ULONG dwEventId, PUNICODE_STRING SourceName, PUNICODE_STRING ComputerName, ULONG dwSidLength, PSID pUserSid, USHORT wNumStrings, PWSTR pStrings, ULONG dwDataSize, PVOID pRawData)
Definition: file.c:896
EVENTSOURCE
struct _EVENTSOURCE EVENTSOURCE
_LIST_ENTRY
Definition: typedefs.h:119
EventLogSource
PEVENTSOURCE EventLogSource
Definition: eventlog.c:35
_LOGHANDLE::szName
WCHAR szName[1]
Definition: eventlog.h:62
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_UNICODE_STRING
Definition: env_spec_w32.h:368
USHORT
unsigned short USHORT
Definition: pedump.c:61
hKey
FxAutoRegKey hKey
Definition: fxdriverapikm.cpp:59
_LOGHANDLE
Definition: eventlog.h:55
PULONG
unsigned int * PULONG
Definition: retypes.h:1
_EVTLOGFILE
Definition: evtlib.h:202
LogfWriteRecord
NTSTATUS LogfWriteRecord(PLOGFILE LogFile, PEVENTLOGRECORD Record, SIZE_T BufSize)
Definition: file.c:858
SourceName
WCHAR SourceName[256]
Definition: arping.c:28
InitLogPort
NTSTATUS InitLogPort(VOID)
Definition: logport.c:47
LogfCreate
NTSTATUS LogfCreate(PLOGFILE *LogFile, PCWSTR LogName, PUNICODE_STRING FileName, ULONG MaxSize, ULONG Retention, BOOLEAN Permanent, BOOLEAN Backup)
Definition: file.c:294
ULONG
unsigned int ULONG
Definition: retypes.h:1
LOGFILE
struct _LOGFILE LOGFILE
LogfListItemByName
PLOGFILE LogfListItemByName(LPCWSTR Name)
Definition: file.c:33
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
Time
static PLARGE_INTEGER Time
Definition: time.c:105
_LOGFILE
Definition: eventlog.h:34