ReactOS  0.4.15-dev-5499-g1341c38
eventvwr.c File Reference
#include "eventvwr.h"
#include "evtdetctl.h"
#include <sddl.h>
#include <shellapi.h>
#include <shlwapi.h>
#include <pseh/pseh2.h>
Include dependency graph for eventvwr.c:

Go to the source code of this file.

Classes

struct  _SETTINGS
 
struct  param_strings_format_data
 

Macros

#define LVM_PROGRESS   (WM_APP + 1)
 
#define EVENT_MESSAGE_EVENTTEXT_BUFFER   (1024*10)
 
#define EVENT_MESSAGE_FILE_BUFFER   (1024*10)
 
#define EVENT_DLL_SEPARATOR   L";"
 
#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"
 
#define EVENT_MESSAGE_FILE   L"EventMessageFile"
 
#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"
 
#define MAX_LOADSTRING   255
 
#define SPLIT_WIDTH   4
 

Typedefs

typedef struct _SETTINGS SETTINGS
 
typedef struct _SETTINGSPSETTINGS
 

Functions

static DWORD WINAPI StartStopEnumEventsThread (IN LPVOID lpParameter)
 
VOID OpenUserEventLogFile (IN LPCWSTR lpszFileName)
 
VOID BuildLogListAndFilterList (IN LPCWSTR lpComputerName)
 
VOID FreeLogList (VOID)
 
VOID FreeLogFilterList (VOID)
 
ATOM MyRegisterClass (HINSTANCE)
 
BOOL InitInstance (HINSTANCE)
 
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM)
 
INT_PTR EventLogProperties (HINSTANCE, HWND, PEVENTLOGFILTER)
 
INT_PTR CALLBACK EventDetails (HWND, UINT, WPARAM, LPARAM)
 
VOID ShowWin32Error (IN DWORD dwError)
 
VOID DisplayUsage (VOID)
 
BOOL ProcessCmdLine (IN LPWSTR lpCmdLine)
 
BOOL LoadSettings (int nDefCmdShow)
 
BOOL SaveSettings (VOID)
 
int APIENTRY wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
 
VOID EventTimeToSystemTime (IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
 
LPWSTR GetMessageStringFromDll (IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
LPWSTR GetMessageStringFromDllList (IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
DWORD ApplyParameterStringsToMessage (IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
 
UINT FormatInteger (LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
 
UINT FormatByteSize (LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
 
LPWSTR FormatFileSizeWithBytes (const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
 
BOOL GetFileTimeString (LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
 
HTREEITEM TreeViewAddItem (IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
 
PEVENTLOG AllocEventLog (IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
 
VOID EventLog_Free (IN PEVENTLOG EventLog)
 
PWSTR AllocAndCopyMultiStr (IN PCWSTR MultiStr OPTIONAL)
 
PEVENTLOGFILTER AllocEventLogFilter (IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
 
VOID EventLogFilter_Free (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_AddRef (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_Release (IN PEVENTLOGFILTER EventLogFilter)
 
void TrimNulls (LPWSTR s)
 
DWORD GetExpandedFilePathName (IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
 
BOOL GetEventMessageFileDLL (IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
 
BOOL GetEventCategory (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
 
BOOL GetEventMessage (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR EventText)
 
VOID GetEventType (IN WORD dwEventType, OUT PWCHAR eventTypeText)
 
BOOL GetEventUserName (IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
 
static VOID FreeRecords (VOID)
 
BOOL FilterByType (IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
 
BOOL FilterByString (IN PCWSTR FilterString, IN PWSTR String)
 
static DWORD WINAPI EnumEventsThread (IN LPVOID lpParameter)
 
VOID EnumEvents (IN PEVENTLOGFILTER EventLogFilter)
 
PEVENTLOGFILTER GetSelectedFilter (OUT HTREEITEM *phti OPTIONAL)
 
VOID OpenUserEventLog (VOID)
 
VOID SaveEventLog (IN PEVENTLOGFILTER EventLogFilter)
 
VOID CloseUserEventLog (IN PEVENTLOGFILTER EventLogFilter, IN HTREEITEM hti)
 
BOOL ClearEvents (IN PEVENTLOGFILTER EventLogFilter)
 
VOID Refresh (IN PEVENTLOGFILTER EventLogFilter)
 
BOOL GetDisplayNameFileAndID (IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
 
VOID ResizeWnd (INT cx, INT cy)
 
static VOID InitPropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
static VOID SavePropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
INT_PTR CALLBACK EventLogPropProc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 

Variables

static const LPCWSTR EVENTVWR_WNDCLASS = L"EVENTVWR"
 
static const LPCWSTR EVENTLOG_BASE_KEY = L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
 
static const LPCWSTR EVNTVWR_PARAM_KEY = L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Event Viewer"
 
static const LPCWSTR SystemLogs []
 
HINSTANCE hInst
 
WCHAR szTitle [MAX_LOADSTRING]
 
WCHAR szTitleTemplate [MAX_LOADSTRING]
 
WCHAR szStatusBarTemplate [MAX_LOADSTRING]
 
WCHAR szLoadingWait [MAX_LOADSTRING]
 
WCHAR szEmptyList [MAX_LOADSTRING]
 
WCHAR szSaveFilter [MAX_LOADSTRING]
 
INT nVSplitPos
 
INT nHSplitPos
 
BYTE bSplit = 0
 
HWND hwndMainWindow = NULL
 
HWND hwndTreeView
 
HWND hwndListView
 
HWND hwndEventDetails
 
HWND hwndStatus
 
HWND hwndStatusProgress
 
HMENU hMainMenu
 
HTREEITEM htiSystemLogs = NULL
 
HTREEITEM htiAppLogs = NULL
 
HTREEITEM htiUserLogs = NULL
 
LPWSTR lpComputerName = NULL
 
LPWSTR lpszzUserLogsToLoad = NULL
 
SIZE_T cbUserLogsSize = 0
 
HKEY hkMachine = NULL
 
DWORD g_TotalRecords = 0
 
PEVENTLOGRECORDg_RecordPtrs = NULL
 
LIST_ENTRY EventLogList
 
LIST_ENTRY EventLogFilterList
 
PEVENTLOGFILTER ActiveFilter = NULL
 
HANDLE hEnumEventsThread = NULL
 
HANDLE hStopEnumEvent = NULL
 
PEVENTLOGFILTER EnumFilter = NULL
 
HANDLE hStartStopEnumEvent = NULL
 
HANDLE hStartEnumEvent = NULL
 
OPENFILENAMEW sfn
 
SETTINGS Settings
 
static HWND hWndDetailsCtrl = NULL
 
static HWND hWndGrip = NULL
 
static INT cxMin
 
static INT cyMin
 
static INT cxOld
 
static INT cyOld
 

Macro Definition Documentation

◆ EVENT_CATEGORY_MESSAGE_FILE

#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"

Definition at line 39 of file eventvwr.c.

◆ EVENT_DLL_SEPARATOR

#define EVENT_DLL_SEPARATOR   L";"

Definition at line 38 of file eventvwr.c.

◆ EVENT_MESSAGE_EVENTTEXT_BUFFER

#define EVENT_MESSAGE_EVENTTEXT_BUFFER   (1024*10)

Definition at line 36 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE

#define EVENT_MESSAGE_FILE   L"EventMessageFile"

Definition at line 40 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE_BUFFER

#define EVENT_MESSAGE_FILE_BUFFER   (1024*10)

Definition at line 37 of file eventvwr.c.

◆ EVENT_PARAMETER_MESSAGE_FILE

#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"

Definition at line 41 of file eventvwr.c.

◆ LVM_PROGRESS

#define LVM_PROGRESS   (WM_APP + 1)

Definition at line 21 of file eventvwr.c.

◆ MAX_LOADSTRING

#define MAX_LOADSTRING   255

Definition at line 43 of file eventvwr.c.

◆ SPLIT_WIDTH

#define SPLIT_WIDTH   4

Definition at line 45 of file eventvwr.c.

Typedef Documentation

◆ PSETTINGS

◆ SETTINGS

Function Documentation

◆ AllocAndCopyMultiStr()

PWSTR AllocAndCopyMultiStr ( IN PCWSTR MultiStr  OPTIONAL)

Definition at line 1338 of file eventvwr.c.

1339 {
1340  PWSTR pStr;
1341  ULONG Length;
1342 
1343  if (!MultiStr)
1344  return NULL;
1345 
1346  pStr = (PWSTR)MultiStr;
1347  while (*pStr) pStr += (wcslen(pStr) + 1);
1348  Length = MultiStr - pStr + 2;
1349 
1350  pStr = HeapAlloc(GetProcessHeap(), 0, Length * sizeof(WCHAR));
1351  // NOTE: If we failed allocating the string, then fall back into no filter!
1352  if (pStr)
1353  CopyMemory(pStr, MultiStr, Length * sizeof(WCHAR));
1354 
1355  return pStr;
1356 }
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
uint16_t * PWSTR
Definition: typedefs.h:56
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define CopyMemory
Definition: winbase.h:1668
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
unsigned int ULONG
Definition: retypes.h:1

Referenced by AllocEventLogFilter().

◆ AllocEventLog()

PEVENTLOG AllocEventLog ( IN PCWSTR ComputerName  OPTIONAL,
IN PCWSTR  LogName,
IN BOOL  Permanent 
)

Definition at line 1283 of file eventvwr.c.

1286 {
1287  PEVENTLOG EventLog;
1288  SIZE_T cchName;
1289 
1290  /* Allocate a new event log entry */
1291  EventLog = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*EventLog));
1292  if (!EventLog)
1293  return NULL;
1294 
1295  /* Allocate the computer name string (optional) and copy it */
1296  if (ComputerName)
1297  {
1298  cchName = wcslen(ComputerName) + 1;
1299  EventLog->ComputerName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1300  if (EventLog->ComputerName)
1301  StringCchCopyW(EventLog->ComputerName, cchName, ComputerName);
1302  }
1303 
1304  /* Allocate the event log name string and copy it */
1305  cchName = wcslen(LogName) + 1;
1306  EventLog->LogName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1307  if (!EventLog->LogName)
1308  {
1309  if (EventLog->ComputerName)
1310  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1311  HeapFree(GetProcessHeap(), 0, EventLog);
1312  return NULL;
1313  }
1314  StringCchCopyW(EventLog->LogName, cchName, LogName);
1315 
1316  EventLog->Permanent = Permanent;
1317 
1318  return EventLog;
1319 }
PWSTR LogName
Definition: eventvwr.h:93
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2753
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
PWSTR ComputerName
Definition: eventvwr.h:90
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
BOOL Permanent
Definition: eventvwr.h:97
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:735

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ AllocEventLogFilter()

PEVENTLOGFILTER AllocEventLogFilter ( IN BOOL  Information,
IN BOOL  Warning,
IN BOOL  Error,
IN BOOL  AuditSuccess,
IN BOOL  AuditFailure,
IN PCWSTR Sources  OPTIONAL,
IN PCWSTR Users  OPTIONAL,
IN PCWSTR ComputerNames  OPTIONAL,
IN ULONG  NumOfEventLogs,
IN PEVENTLOG EventLogs 
)

Definition at line 1359 of file eventvwr.c.

1370 {
1371  PEVENTLOGFILTER EventLogFilter;
1372 
1373  /* Allocate a new event log filter entry, big enough to accommodate the list of logs */
1374  EventLogFilter = HeapAlloc(GetProcessHeap(),
1376  FIELD_OFFSET(EVENTLOGFILTER, EventLogs[NumOfEventLogs]));
1377  if (!EventLogFilter)
1378  return NULL;
1379 
1380  EventLogFilter->Information = Information;
1381  EventLogFilter->Warning = Warning;
1382  EventLogFilter->Error = Error;
1383  EventLogFilter->AuditSuccess = AuditSuccess;
1384  EventLogFilter->AuditFailure = AuditFailure;
1385 
1386  /* Allocate and copy the sources, users, and computers multi-strings */
1387  EventLogFilter->Sources = AllocAndCopyMultiStr(Sources);
1388  EventLogFilter->Users = AllocAndCopyMultiStr(Users);
1389  EventLogFilter->ComputerNames = AllocAndCopyMultiStr(ComputerNames);
1390 
1391  /* Copy the list of event logs */
1392  EventLogFilter->NumOfEventLogs = NumOfEventLogs;
1393  CopyMemory(EventLogFilter->EventLogs, EventLogs, NumOfEventLogs * sizeof(PEVENTLOG));
1394 
1395  /* Initialize the filter reference count */
1396  EventLogFilter->ReferenceCount = 1;
1397 
1398  return EventLogFilter;
1399 }
BOOL AuditSuccess
Definition: eventvwr.h:120
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:138
BOOL Information
Definition: eventvwr.h:117
ULONG NumOfEventLogs
Definition: eventvwr.h:137
BOOL AuditFailure
Definition: eventvwr.h:121
PWSTR ComputerNames
Definition: eventvwr.h:134
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1044
PWSTR AllocAndCopyMultiStr(IN PCWSTR MultiStr OPTIONAL)
Definition: eventvwr.c:1338
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define CopyMemory
Definition: winbase.h:1668
BOOL Error
Definition: chkdsk.c:66
LONG ReferenceCount
Definition: eventvwr.h:109
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ ApplyParameterStringsToMessage()

DWORD ApplyParameterStringsToMessage ( IN LPCWSTR  lpMessageDllList,
IN BOOL  bMessagePreFormatted,
IN CONST LPCWSTR  pMessage,
OUT LPWSTR pFinalMessage 
)

Definition at line 903 of file eventvwr.c.

908 {
909  /*
910  * This code is heavily adapted from the MSDN example:
911  * https://msdn.microsoft.com/en-us/library/windows/desktop/bb427356.aspx
912  * with bugs removed.
913  */
914 
916  DWORD dwParamCount = 0; // Number of insertion strings found in pMessage
917  size_t cchBuffer = 0; // Size of the buffer in characters
918  size_t cchParams = 0; // Number of characters in all the parameter strings
919  size_t cch = 0;
920  DWORD i = 0;
921  param_strings_format_data* pParamData = NULL; // Array of pointers holding information about each parameter string in pMessage
922  LPWSTR pTempMessage = (LPWSTR)pMessage;
923  LPWSTR pTempFinalMessage = NULL;
924 
925  *pFinalMessage = NULL;
926 
927  /* Determine the number of parameter insertion strings in pMessage */
928  if (bMessagePreFormatted)
929  {
930  while ((pTempMessage = wcschr(pTempMessage, L'%')))
931  {
932  pTempMessage++;
933  if (iswdigit(*pTempMessage))
934  {
935  dwParamCount++;
936  while (iswdigit(*++pTempMessage)) ;
937  }
938  }
939  }
940  else
941  {
942  while ((pTempMessage = wcsstr(pTempMessage, L"%%")))
943  {
944  pTempMessage += 2;
945  if (iswdigit(*pTempMessage))
946  {
947  dwParamCount++;
948  while (iswdigit(*++pTempMessage)) ;
949  }
950  }
951  }
952 
953  /* If there are no parameter insertion strings in pMessage, just return */
954  if (dwParamCount == 0)
955  {
956  // *pFinalMessage = NULL;
957  goto Cleanup;
958  }
959 
960  /* Allocate the array of parameter string format data */
961  pParamData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwParamCount * sizeof(param_strings_format_data));
962  if (!pParamData)
963  {
965  goto Cleanup;
966  }
967 
968  /*
969  * Retrieve each parameter in pMessage and the beginning and end of the
970  * insertion string, as well as the message identifier of the parameter.
971  */
972  pTempMessage = (LPWSTR)pMessage;
973  if (bMessagePreFormatted)
974  {
975  while ((pTempMessage = wcschr(pTempMessage, L'%')) && (i < dwParamCount))
976  {
977  pTempMessage++;
978  if (iswdigit(*pTempMessage))
979  {
980  pParamData[i].pStartingAddress = pTempMessage-1;
981  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
982 
983  while (iswdigit(*++pTempMessage)) ;
984 
985  pParamData[i].pEndingAddress = pTempMessage;
986  i++;
987  }
988  }
989  }
990  else
991  {
992  while ((pTempMessage = wcsstr(pTempMessage, L"%%")) && (i < dwParamCount))
993  {
994  pTempMessage += 2;
995  if (iswdigit(*pTempMessage))
996  {
997  pParamData[i].pStartingAddress = pTempMessage-2;
998  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
999 
1000  while (iswdigit(*++pTempMessage)) ;
1001 
1002  pParamData[i].pEndingAddress = pTempMessage;
1003  i++;
1004  }
1005  }
1006  }
1007 
1008  /* Retrieve each parameter string */
1009  for (i = 0; i < dwParamCount; i++)
1010  {
1011  // pParamData[i].pParameter = GetMessageString(pParamData[i].pParameterID, 0, NULL);
1012  pParamData[i].pParameter =
1013  GetMessageStringFromDllList(lpMessageDllList,
1016  pParamData[i].pParameterID,
1017  0, NULL);
1018  if (!pParamData[i].pParameter)
1019  {
1020  /* Skip the insertion string */
1021  continue;
1022  }
1023 
1024  cchParams += wcslen(pParamData[i].pParameter);
1025  }
1026 
1027  /*
1028  * Allocate the final message buffer, the size of which is based on the
1029  * length of the original message and the length of each parameter string.
1030  */
1031  cchBuffer = wcslen(pMessage) + cchParams + 1;
1032  *pFinalMessage = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cchBuffer * sizeof(WCHAR));
1033  if (!*pFinalMessage)
1034  {
1036  goto Cleanup;
1037  }
1038 
1039  pTempFinalMessage = *pFinalMessage;
1040 
1041  /* Build the final message string */
1042  pTempMessage = (LPWSTR)pMessage;
1043  for (i = 0; i < dwParamCount; i++)
1044  {
1045  /* Append the segment from pMessage */
1046  cch = pParamData[i].pStartingAddress - pTempMessage;
1047  StringCchCopyNW(pTempFinalMessage, cchBuffer, pTempMessage, cch);
1048  pTempMessage = pParamData[i].pEndingAddress;
1049  cchBuffer -= cch;
1050  pTempFinalMessage += cch;
1051 
1052  /* Append the parameter string */
1053  if (pParamData[i].pParameter)
1054  {
1055  StringCchCopyW(pTempFinalMessage, cchBuffer, pParamData[i].pParameter);
1056  cch = wcslen(pParamData[i].pParameter); // pTempFinalMessage
1057  }
1058  else
1059  {
1060  /*
1061  * We failed to retrieve the parameter string before, so just
1062  * place back the original string placeholder.
1063  */
1064  cch = pParamData[i].pEndingAddress /* == pTempMessage */ - pParamData[i].pStartingAddress;
1065  StringCchCopyNW(pTempFinalMessage, cchBuffer, pParamData[i].pStartingAddress, cch);
1066  // cch = wcslen(pTempFinalMessage);
1067  }
1068  cchBuffer -= cch;
1069  pTempFinalMessage += cch;
1070  }
1071 
1072  /* Append the last segment from pMessage */
1073  StringCchCopyW(pTempFinalMessage, cchBuffer, pTempMessage);
1074 
1075 Cleanup:
1076 
1077  // if (Status != ERROR_SUCCESS)
1078  // *pFinalMessage = NULL;
1079 
1080  if (pParamData)
1081  {
1082  for (i = 0; i < dwParamCount; i++)
1083  {
1084  if (pParamData[i].pParameter)
1085  LocalFree(pParamData[i].pParameter);
1086  }
1087 
1088  HeapFree(GetProcessHeap(), 0, pParamData);
1089  }
1090 
1091  return Status;
1092 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:425
#define ERROR_SUCCESS
Definition: deptool.c:10
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define iswdigit(_c)
Definition: ctype.h:667
#define DWORD
Definition: nt_native.h:44
#define L(x)
Definition: ntvdm.h:50
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
static DWORD cchBuffer
Definition: fusion.c:85
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:419
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:422
Status
Definition: gdiplustypes.h:24
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR Cleanup[]
Definition: register.c:80
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:420
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
_Check_return_ _CRTIMP long __cdecl _wtol(_In_z_ const wchar_t *_Str)
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:842
IN PCTCH IN DWORD cch
Definition: pager.h:36
#define HeapFree(x, y, z)
Definition: compat.h:735
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

Referenced by GetEventMessage().

◆ BuildLogListAndFilterList()

VOID BuildLogListAndFilterList ( IN LPCWSTR  lpComputerName)

Definition at line 2789 of file eventvwr.c.

2790 {
2791  LONG Result;
2792  HKEY hEventLogKey, hLogKey;
2793  DWORD dwNumLogs = 0;
2794  DWORD dwIndex, dwMaxKeyLength;
2795  DWORD dwType;
2796  PEVENTLOG EventLog;
2797  PEVENTLOGFILTER EventLogFilter;
2798  LPWSTR LogName = NULL;
2800  DWORD lpcName;
2801  DWORD dwMessageID;
2803  HTREEITEM hRootNode = NULL, hItem = NULL, hItemDefault = NULL;
2804 
2806  {
2807  /* We are connected to some other computer, close the old connection */
2809  hkMachine = NULL;
2810  }
2811  if (!lpComputerName || !*lpComputerName)
2812  {
2813  /* Use the local computer registry */
2815  }
2816  else
2817  {
2818  /* Connect to the remote computer registry */
2820  if (Result != ERROR_SUCCESS)
2821  {
2822  /* Connection failed, display a message and bail out */
2823  hkMachine = NULL;
2825  return;
2826  }
2827  }
2828 
2829  /* Open the EventLog key */
2830  Result = RegOpenKeyExW(hkMachine, EVENTLOG_BASE_KEY, 0, KEY_READ, &hEventLogKey);
2831  if (Result != ERROR_SUCCESS)
2832  {
2833  return;
2834  }
2835 
2836  /* Retrieve the number of event logs enumerated as registry keys */
2837  Result = RegQueryInfoKeyW(hEventLogKey, NULL, NULL, NULL, &dwNumLogs, &dwMaxKeyLength,
2838  NULL, NULL, NULL, NULL, NULL, NULL);
2839  if (Result != ERROR_SUCCESS)
2840  {
2841  goto Quit;
2842  }
2843  if (!dwNumLogs)
2844  goto Quit;
2845 
2846  /* Take the NULL terminator into account */
2847  ++dwMaxKeyLength;
2848 
2849  /* Allocate the temporary buffer */
2850  LogName = HeapAlloc(GetProcessHeap(), 0, dwMaxKeyLength * sizeof(WCHAR));
2851  if (!LogName)
2852  goto Quit;
2853 
2854  /* Enumerate and retrieve each event log name */
2855  for (dwIndex = 0; dwIndex < dwNumLogs; dwIndex++)
2856  {
2857  lpcName = dwMaxKeyLength;
2858  Result = RegEnumKeyExW(hEventLogKey, dwIndex, LogName, &lpcName, NULL, NULL, NULL, NULL);
2859  if (Result != ERROR_SUCCESS)
2860  continue;
2861 
2862  /* Take the NULL terminator into account */
2863  ++lpcName;
2864 
2865  /* Allocate a new event log entry */
2866  EventLog = AllocEventLog(lpComputerName, LogName, TRUE);
2867  if (EventLog == NULL)
2868  continue;
2869 
2870  /* Allocate a new event log filter entry for this event log */
2871  EventLogFilter = AllocEventLogFilter(// LogName,
2872  TRUE, TRUE, TRUE, TRUE, TRUE,
2873  NULL, NULL, NULL,
2874  1, &EventLog);
2875  if (EventLogFilter == NULL)
2876  {
2877  EventLog_Free(EventLog);
2878  continue;
2879  }
2880 
2881  /* Add the event log and the filter into their lists */
2882  InsertTailList(&EventLogList, &EventLog->ListEntry);
2883  InsertTailList(&EventLogFilterList, &EventLogFilter->ListEntry);
2884 
2885  EventLog->FileName = NULL;
2886 
2887  /* Retrieve and cache the event log file */
2888  Result = RegOpenKeyExW(hEventLogKey,
2889  LogName,
2890  0,
2892  &hLogKey);
2893  if (Result == ERROR_SUCCESS)
2894  {
2895  lpcName = 0;
2896  Result = RegQueryValueExW(hLogKey,
2897  L"File",
2898  NULL,
2899  &dwType,
2900  NULL,
2901  &lpcName);
2902  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2903  {
2904  // Windows' EventLog uses some kind of default value, we do not.
2905  EventLog->FileName = NULL;
2906  }
2907  else
2908  {
2909  lpcName = ROUND_DOWN(lpcName, sizeof(WCHAR));
2910  EventLog->FileName = HeapAlloc(GetProcessHeap(), 0, lpcName);
2911  if (EventLog->FileName)
2912  {
2913  Result = RegQueryValueExW(hLogKey,
2914  L"File",
2915  NULL,
2916  &dwType,
2917  (LPBYTE)EventLog->FileName,
2918  &lpcName);
2919  if (Result != ERROR_SUCCESS)
2920  {
2921  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
2922  EventLog->FileName = NULL;
2923  }
2924  else
2925  {
2926  EventLog->FileName[lpcName / sizeof(WCHAR) - 1] = UNICODE_NULL;
2927  }
2928  }
2929  }
2930 
2931  RegCloseKey(hLogKey);
2932  }
2933 
2934  /* Get the display name for the event log */
2935  lpDisplayName = NULL;
2936 
2938  if (GetDisplayNameFileAndID(LogName, szModuleName, &dwMessageID))
2939  {
2940  /* Retrieve the message string without appending extra newlines */
2941  lpDisplayName =
2945  dwMessageID,
2946  0,
2947  NULL);
2948  }
2949 
2950  /*
2951  * Select the correct tree root node, whether the log is a System
2952  * or an Application log. Default to Application log otherwise.
2953  */
2954  hRootNode = htiAppLogs;
2955  for (lpcName = 0; lpcName < ARRAYSIZE(SystemLogs); ++lpcName)
2956  {
2957  /* Check whether the log name is part of the system logs */
2958  if (wcsicmp(LogName, SystemLogs[lpcName]) == 0)
2959  {
2960  hRootNode = htiSystemLogs;
2961  break;
2962  }
2963  }
2964 
2965  hItem = TreeViewAddItem(hwndTreeView, hRootNode,
2966  (lpDisplayName ? lpDisplayName : LogName),
2967  2, 3, (LPARAM)EventLogFilter);
2968 
2969  /* Try to get the default event log: "Application" */
2970  if ((hItemDefault == NULL) && (wcsicmp(LogName, SystemLogs[0]) == 0))
2971  {
2972  hItemDefault = hItem;
2973  }
2974 
2975  /* Free the buffer allocated by FormatMessage */
2976  if (lpDisplayName)
2978  }
2979 
2980  HeapFree(GetProcessHeap(), 0, LogName);
2981 
2982 Quit:
2983  RegCloseKey(hEventLogKey);
2984 
2985  /* Select the default event log */
2986  if (hItemDefault)
2987  {
2988  // TreeView_Expand(hwndTreeView, hRootNode, TVE_EXPAND);
2989  TreeView_SelectItem(hwndTreeView, hItemDefault);
2990  TreeView_EnsureVisible(hwndTreeView, hItemDefault);
2991  }
2994 
2995  return;
2996 }
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:425
#define ERROR_SUCCESS
Definition: deptool.c:10
LIST_ENTRY ListEntry
Definition: eventvwr.h:107
#define KEY_READ
Definition: nt_native.h:1023
#define TRUE
Definition: types.h:120
HTREEITEM htiSystemLogs
Definition: eventvwr.c:72
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
#define ZeroMemory
Definition: winbase.h:1670
HWND WINAPI SetFocus(_In_opt_ HWND)
#define InsertTailList(ListHead, Entry)
HKEY hkMachine
Definition: eventvwr.c:78
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:86
static const LPCWSTR SystemLogs[]
Definition: eventvwr.c:28
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:738
#define L(x)
Definition: ntvdm.h:50
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
#define UNICODE_NULL
long LONG
Definition: pedump.c:60
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:419
HTREEITEM hItem
Definition: treelist.h:37
PEVENTLOG AllocEventLog(IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
Definition: eventvwr.c:1283
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
LONG_PTR LPARAM
Definition: windef.h:208
BOOL GetDisplayNameFileAndID(IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
Definition: eventvwr.c:2709
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:422
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4120
__wchar_t WCHAR
Definition: xmlstorage.h:180
LIST_ENTRY ListEntry
Definition: eventvwr.h:86
#define MAX_PATH
Definition: compat.h:34
#define RegConnectRegistry
Definition: winreg.h:495
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
unsigned long DWORD
Definition: ntddk_ex.h:95
HTREEITEM TreeViewAddItem(IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
Definition: eventvwr.c:1253
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:24
HTREEITEM htiAppLogs
Definition: eventvwr.c:72
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3690
#define wcsicmp
Definition: compat.h:15
HWND hwndTreeView
Definition: eventvwr.c:65
PWSTR FileName
Definition: eventvwr.h:94
LPWSTR lpComputerName
Definition: eventvwr.c:74
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:33
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:420
#define TreeView_EnsureVisible(hwnd, hitem)
Definition: commctrl.h:3545
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define TreeView_SelectItem(hwnd, hitem)
Definition: commctrl.h:3481
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
LIST_ENTRY EventLogList
Definition: eventvwr.c:85
#define NULL
Definition: types.h:112
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1322
PEVENTLOGFILTER AllocEventLogFilter(IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
Definition: eventvwr.c:1359
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3356
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:140
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2527
LPCWSTR LPCWSTR szModuleName
Definition: env.c:37
WCHAR * LPWSTR
Definition: xmlstorage.h:184
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2777
#define HeapFree(x, y, z)
Definition: compat.h:735
#define RegCloseKey(hKey)
Definition: registry.h:47
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define REG_SZ
Definition: layer.c:22

Referenced by wWinMain().

◆ ClearEvents()

BOOL ClearEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2612 of file eventvwr.c.

2613 {
2614  BOOL Success;
2615  PEVENTLOG EventLog;
2616  HANDLE hEventLog;
2617  WCHAR szFileName[MAX_PATH];
2618  WCHAR szMessage[MAX_LOADSTRING];
2619 
2620  /* Bail out if there is no available filter */
2621  if (!EventLogFilter)
2622  return FALSE;
2623 
2624  ZeroMemory(szFileName, sizeof(szFileName));
2625  ZeroMemory(szMessage, sizeof(szMessage));
2626 
2627  LoadStringW(hInst, IDS_CLEAREVENTS_MSG, szMessage, ARRAYSIZE(szMessage));
2628 
2629  sfn.lpstrFile = szFileName;
2630  sfn.nMaxFile = ARRAYSIZE(szFileName);
2631 
2633  {
2634  case IDCANCEL:
2635  return FALSE;
2636 
2637  case IDNO:
2638  sfn.lpstrFile = NULL;
2639  break;
2640 
2641  case IDYES:
2642  if (!GetSaveFileNameW(&sfn))
2643  return FALSE;
2644  break;
2645  }
2646 
2647  EventLogFilter_AddRef(EventLogFilter);
2648 
2649  EventLog = EventLogFilter->EventLogs[0];
2650  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2651 
2652  EventLogFilter_Release(EventLogFilter);
2653 
2654  if (!hEventLog)
2655  {
2657  return FALSE;
2658  }
2659 
2660  Success = ClearEventLogW(hEventLog, sfn.lpstrFile);
2661  if (!Success)
2663 
2664  CloseEventLog(hEventLog);
2665  return Success;
2666 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:43
#define IDYES
Definition: winuser.h:829
#define IDS_CLEAREVENTS_MSG
Definition: resource.h:105
PWSTR LogName
Definition: eventvwr.h:93
LPWSTR lpstrFile
Definition: commdlg.h:367
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
#define ZeroMemory
Definition: winbase.h:1670
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:48
BOOL WINAPI GetSaveFileNameW(LPOPENFILENAMEW ofn)
Definition: filedlg.c:4742
HWND hwndMainWindow
Definition: eventvwr.c:64
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1416
#define MB_YESNOCANCEL
Definition: winuser.h:812
PWSTR ComputerName
Definition: eventvwr.h:90
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1422
OPENFILENAMEW sfn
Definition: eventvwr.c:101
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
DWORD nMaxFile
Definition: commdlg.h:368
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
#define NULL
Definition: types.h:112
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:49
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:140
#define IDNO
Definition: winuser.h:830
#define IDCANCEL
Definition: winuser.h:825

Referenced by EventLogPropProc(), and WndProc().

◆ CloseUserEventLog()

VOID CloseUserEventLog ( IN PEVENTLOGFILTER  EventLogFilter,
IN HTREEITEM  hti 
)

Definition at line 2577 of file eventvwr.c.

2578 {
2579  /* Bail out if there is no available filter */
2580  if (!EventLogFilter)
2581  return;
2582 
2583  if (InterlockedCompareExchangePointer((PVOID*)&ActiveFilter, NULL, NULL) == EventLogFilter)
2584  {
2585  /* Signal the enumerator thread we want to stop enumerating events */
2586  // EnumEvents(NULL);
2589  }
2590 
2591  /*
2592  * The deletion of the item automatically triggers a TVN_SELCHANGED
2593  * notification, that will reset the ActiveFilter (in case the item
2594  * selected is a filter). Otherwise we reset it there.
2595  */
2597 
2598  /* Remove the filter from the list */
2599  RemoveEntryList(&EventLogFilter->ListEntry);
2600  EventLogFilter_Release(EventLogFilter);
2601 
2602  // /* Select the default event log */
2603  // // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2604  // TreeView_SelectItem(hwndTreeView, hItem);
2605  // TreeView_EnsureVisible(hwndTreeView, hItem);
2608 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:733
HWND WINAPI SetFocus(_In_opt_ HWND)
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:87
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:96
#define FALSE
Definition: types.h:117
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1422
HANDLE hStartEnumEvent
Definition: eventvwr.c:98
#define TreeView_DeleteItem(hwnd, hitem)
Definition: commctrl.h:3415
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
HWND hwndTreeView
Definition: eventvwr.c:65
#define NULL
Definition: types.h:112

Referenced by WndProc().

◆ DisplayUsage()

VOID DisplayUsage ( VOID  )

Definition at line 164 of file eventvwr.c.

165 {
167  LPCWSTR lpUsage;
168  INT iUsageLen = LoadStringW(hInst, IDS_USAGE, (LPWSTR)&lpUsage, 0);
169 
170  if (iUsageLen == 0)
171  return;
172 
173  lpBuffer = HeapAlloc(GetProcessHeap(), 0, (iUsageLen + 1) * sizeof(WCHAR));
174  if (!lpBuffer)
175  return;
176 
177  StringCchCopyNW(lpBuffer, iUsageLen + 1, lpUsage, iUsageLen);
179 
181 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
#define IDS_USAGE
Definition: resource.h:3
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int32_t INT
Definition: typedefs.h:58
HINSTANCE hInst
Definition: eventvwr.c:48
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:175
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MB_ICONINFORMATION
Definition: winuser.h:796
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:49
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define HeapFree(x, y, z)
Definition: compat.h:735

Referenced by ProcessCmdLine().

◆ EnumEvents()

VOID EnumEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2422 of file eventvwr.c.

2423 {
2424  /* Signal the enumerator thread we want to enumerate events */
2425  InterlockedExchangePointer((PVOID*)&EnumFilter, EventLogFilter);
2427  return;
2428 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:733
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:96
HANDLE hStartEnumEvent
Definition: eventvwr.c:98
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45

Referenced by Refresh(), and WndProc().

◆ EnumEventsThread()

static DWORD WINAPI EnumEventsThread ( IN LPVOID  lpParameter)
static

HACK!!

Definition at line 1962 of file eventvwr.c.

1963 {
1964  PEVENTLOGFILTER EventLogFilter = (PEVENTLOGFILTER)lpParameter;
1965  PEVENTLOG EventLog;
1966 
1967  ULONG LogIndex;
1968  HANDLE hEventLog;
1969  PEVENTLOGRECORD pEvlr = NULL;
1970  PBYTE pEvlrEnd;
1971  PBYTE pEvlrBuffer;
1972  DWORD dwWanted, dwRead, dwNeeded, dwStatus = ERROR_SUCCESS;
1973  DWORD dwTotalRecords = 0, dwCurrentRecord = 0;
1974  DWORD dwFlags, dwMaxLength;
1975  size_t cchRemaining;
1976  LPWSTR lpszSourceName;
1977  LPWSTR lpszComputerName;
1978  BOOL bResult = TRUE; /* Read succeeded */
1980  PSID pLastSid = NULL;
1981 
1982  UINT uStep = 0, uStepAt = 0, uPos = 0;
1983 
1984  WCHAR szWindowTitle[MAX_PATH];
1985  WCHAR szStatusText[MAX_PATH];
1986  WCHAR szLocalDate[MAX_PATH];
1987  WCHAR szLocalTime[MAX_PATH];
1988  WCHAR szEventID[MAX_PATH];
1989  WCHAR szEventTypeText[MAX_LOADSTRING];
1990  WCHAR szCategoryID[MAX_PATH];
1991  WCHAR szUsername[MAX_PATH];
1992  WCHAR szNoUsername[MAX_PATH];
1993  WCHAR szCategory[MAX_PATH];
1994  WCHAR szNoCategory[MAX_PATH];
1995  PWCHAR lpTitleTemplateEnd;
1996 
1997  SYSTEMTIME time;
1998  LVITEMW lviEventItem;
1999 
2000  /* Save the current event log filter globally */
2001  EventLogFilter_AddRef(EventLogFilter);
2002  ActiveFilter = EventLogFilter;
2003 
2004 
2006  EventLog = EventLogFilter->EventLogs[0];
2007 
2008  // FIXME: Use something else instead of EventLog->LogName !!
2009 
2010  /*
2011  * Use a different formatting, whether the event log filter holds
2012  * only one log, or many logs (the latter case is WIP TODO!)
2013  */
2014  if (EventLogFilter->NumOfEventLogs <= 1)
2015  {
2016  StringCchPrintfExW(szWindowTitle,
2017  ARRAYSIZE(szWindowTitle),
2018  &lpTitleTemplateEnd,
2019  &cchRemaining,
2020  0,
2021  szTitleTemplate, szTitle, EventLog->LogName); /* i = number of characters written */
2022  dwMaxLength = (DWORD)cchRemaining;
2023  if (!EventLog->ComputerName)
2024  GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
2025  else
2026  StringCchCopyW(lpTitleTemplateEnd, dwMaxLength, EventLog->ComputerName);
2027 
2028  StringCbPrintfW(szStatusText,
2029  sizeof(szStatusText),
2031  EventLog->LogName,
2032  0,
2033  0);
2034  }
2035  else
2036  {
2037  // TODO: Use a different title & implement filtering for multi-log filters !!
2038  // (EventLogFilter->NumOfEventLogs > 1)
2040  L"Many-logs filtering is not implemented yet!!",
2041  szTitle,
2043  }
2044 
2045  /* Set the window title */
2046  SetWindowTextW(hwndMainWindow, szWindowTitle);
2047 
2048  /* Update the status bar */
2049  StatusBar_SetText(hwndStatus, 0, szStatusText);
2050 
2051 
2052  /* Disable list view redraw */
2054 
2055  /* Clear the list view and free the cached records */
2057  FreeRecords();
2058 
2063 
2064  /* Do a loop over the logs enumerated in the filter */
2065  // FIXME: For now we only support 1 event log per filter!
2066  LogIndex = 0;
2067  // for (LogIndex = 0; LogIndex < EventLogFilter->NumOfEventLogs; ++LogIndex)
2068  {
2069 
2070  EventLog = EventLogFilter->EventLogs[LogIndex];
2071 
2072  /* Open the event log */
2073  if (EventLog->Permanent)
2074  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2075  else
2076  hEventLog = OpenBackupEventLogW(EventLog->ComputerName, EventLog->LogName); // FileName
2077 
2078  if (hEventLog == NULL)
2079  {
2081  goto Cleanup;
2082  }
2083 
2084  // GetOldestEventLogRecord(hEventLog, &dwThisRecord);
2085 
2086  /* Get the total number of event log records */
2087  GetNumberOfEventLogRecords(hEventLog, &dwTotalRecords);
2088 
2089  if (dwTotalRecords > 0)
2090  {
2093  }
2094  else
2095  {
2098  }
2099 
2100  /* Set up the event records cache */
2101  g_RecordPtrs = HeapAlloc(hProcessHeap, HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(*g_RecordPtrs));
2102  if (!g_RecordPtrs)
2103  {
2104  // ShowWin32Error(GetLastError());
2105  goto Quit;
2106  }
2107  g_TotalRecords = dwTotalRecords;
2108 
2110  goto Quit;
2111 
2112  LoadStringW(hInst, IDS_NOT_AVAILABLE, szNoUsername, ARRAYSIZE(szNoUsername));
2113  LoadStringW(hInst, IDS_NONE, szNoCategory, ARRAYSIZE(szNoCategory));
2114 
2116  uStepAt = (dwTotalRecords / 100) + 1;
2117 
2119 
2120  /* 0x7ffff is the maximum buffer size ReadEventLog will accept */
2121  dwWanted = 0x7ffff;
2122  pEvlr = HeapAlloc(hProcessHeap, 0, dwWanted);
2123 
2124  if (!pEvlr)
2125  goto Quit;
2126 
2127  while (dwStatus == ERROR_SUCCESS)
2128  {
2129  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwWanted, &dwRead, &dwNeeded);
2130  dwStatus = GetLastError();
2131 
2132  if (!bResult && dwStatus == ERROR_INSUFFICIENT_BUFFER)
2133  {
2134  pEvlr = HeapReAlloc(hProcessHeap, 0, pEvlr, dwNeeded);
2135  dwWanted = dwNeeded;
2136 
2137  if (!pEvlr)
2138  break;
2139 
2140  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwNeeded, &dwRead, &dwNeeded);
2141 
2142  if (!bResult)
2143  break;
2144  }
2145  else if (!bResult)
2146  {
2147  /* Exit on other errors (ERROR_HANDLE_EOF) */
2148  break;
2149  }
2150 
2151  pEvlrBuffer = (LPBYTE)pEvlr;
2152  pEvlrEnd = pEvlrBuffer + dwRead;
2153 
2154  while (pEvlrBuffer < pEvlrEnd)
2155  {
2156  PEVENTLOGRECORD pEvlrTmp = (PEVENTLOGRECORD)pEvlrBuffer;
2157  PWSTR lpszUsername, lpszCategoryName;
2158  g_RecordPtrs[dwCurrentRecord] = NULL;
2159 
2160  // ProgressBar_StepIt(hwndStatusProgress);
2161  uStep++;
2162  if (uStep % uStepAt == 0)
2163  {
2164  ++uPos;
2166  }
2167 
2169  goto Quit;
2170 
2171  /* Filter by event type */
2172  if (!FilterByType(EventLogFilter, pEvlrTmp))
2173  goto SkipEvent;
2174 
2175  /* Get the event source name and filter it */
2176  lpszSourceName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD));
2177  if (!FilterByString(EventLogFilter->Sources, lpszSourceName))
2178  goto SkipEvent;
2179 
2180  /* Get the computer name and filter it */
2181  lpszComputerName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD) + (wcslen(lpszSourceName) + 1) * sizeof(WCHAR));
2182  if (!FilterByString(EventLogFilter->ComputerNames, lpszComputerName))
2183  goto SkipEvent;
2184 
2185  /* Compute the event time */
2186  EventTimeToSystemTime(pEvlrTmp->TimeWritten, &time);
2187  GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, ARRAYSIZE(szLocalDate));
2188  GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &time, NULL, szLocalTime, ARRAYSIZE(szLocalTime));
2189 
2190  /* Get the username that generated the event, and filter it */
2191  lpszUsername = GetEventUserName(pEvlrTmp, &pLastSid, szUsername) ? szUsername : szNoUsername;
2192 
2193  if (!FilterByString(EventLogFilter->Users, lpszUsername))
2194  goto SkipEvent;
2195 
2196  // TODO: Filter by event ID and category
2197  GetEventType(pEvlrTmp->EventType, szEventTypeText);
2198 
2199  lpszCategoryName = GetEventCategory(EventLog->LogName, lpszSourceName, pEvlrTmp, szCategory) ? szCategory : szNoCategory;
2200 
2201  StringCbPrintfW(szEventID, sizeof(szEventID), L"%u", (pEvlrTmp->EventID & 0xFFFF));
2202  StringCbPrintfW(szCategoryID, sizeof(szCategoryID), L"%u", pEvlrTmp->EventCategory);
2203 
2204  g_RecordPtrs[dwCurrentRecord] = HeapAlloc(hProcessHeap, 0, pEvlrTmp->Length);
2205  CopyMemory(g_RecordPtrs[dwCurrentRecord], pEvlrTmp, pEvlrTmp->Length);
2206 
2207  lviEventItem.mask = LVIF_IMAGE | LVIF_TEXT | LVIF_PARAM;
2208  lviEventItem.iItem = 0;
2209  lviEventItem.iSubItem = 0;
2210  lviEventItem.lParam = (LPARAM)g_RecordPtrs[dwCurrentRecord];
2211  lviEventItem.pszText = szEventTypeText;
2212 
2213  switch (pEvlrTmp->EventType)
2214  {
2215  case EVENTLOG_SUCCESS:
2217  lviEventItem.iImage = 0;
2218  break;
2219 
2220  case EVENTLOG_WARNING_TYPE:
2221  lviEventItem.iImage = 1;
2222  break;
2223 
2224  case EVENTLOG_ERROR_TYPE:
2225  lviEventItem.iImage = 2;
2226  break;
2227 
2229  lviEventItem.iImage = 3;
2230  break;
2231 
2233  lviEventItem.iImage = 4;
2234  break;
2235  }
2236 
2237  lviEventItem.iItem = ListView_InsertItem(hwndListView, &lviEventItem);
2238 
2239  ListView_SetItemText(hwndListView, lviEventItem.iItem, 1, szLocalDate);
2240  ListView_SetItemText(hwndListView, lviEventItem.iItem, 2, szLocalTime);
2241  ListView_SetItemText(hwndListView, lviEventItem.iItem, 3, lpszSourceName);
2242  ListView_SetItemText(hwndListView, lviEventItem.iItem, 4, lpszCategoryName);
2243  ListView_SetItemText(hwndListView, lviEventItem.iItem, 5, szEventID);
2244  ListView_SetItemText(hwndListView, lviEventItem.iItem, 6, lpszUsername);
2245  ListView_SetItemText(hwndListView, lviEventItem.iItem, 7, lpszComputerName);
2246 
2247 SkipEvent:
2248  pEvlrBuffer += pEvlrTmp->Length;
2249  dwCurrentRecord++;
2250  }
2251  }
2252 
2253 Quit:
2254 
2255  if (pEvlr)
2256  HeapFree(hProcessHeap, 0, pEvlr);
2257 
2258  /* Close the event log */
2259  CloseEventLog(hEventLog);
2260 
2261  } // end-for (LogIndex)
2262 
2263  /* All events loaded */
2264 
2265 Cleanup:
2266 
2269 
2270  // FIXME: Use something else instead of EventLog->LogName !!
2271 
2272  /*
2273  * Use a different formatting, whether the event log filter holds
2274  * only one log, or many logs (the latter case is WIP TODO!)
2275  */
2276  if (EventLogFilter->NumOfEventLogs <= 1)
2277  {
2278  StringCbPrintfW(szStatusText,
2279  sizeof(szStatusText),
2281  EventLog->LogName,
2282  dwTotalRecords,
2284  }
2285  else
2286  {
2287  // TODO: Use a different title & implement filtering for multi-log filters !!
2288  // (EventLogFilter->NumOfEventLogs > 1)
2289  }
2290 
2291  /* Update the status bar */
2292  StatusBar_SetText(hwndStatus, 0, szStatusText);
2293 
2294  /* Resume list view redraw */
2296 
2297  EventLogFilter_Release(EventLogFilter);
2298 
2301 
2302  return 0;
2303 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:43
int iImage
Definition: commctrl.h:2367
#define CloseHandle
Definition: compat.h:739
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:82
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:138
#define MF_BYCOMMAND
Definition: winuser.h:202
#define ERROR_SUCCESS
Definition: deptool.c:10
PWSTR LogName
Definition: eventvwr.h:93
BOOL GetEventCategory(IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
Definition: eventvwr.c:1589
#define TRUE
Definition: types.h:120
#define SW_HIDE
Definition: winuser.h:762
VOID GetEventType(IN WORD dwEventType, OUT PWCHAR eventTypeText)
Definition: eventvwr.c:1770
uint16_t * PWSTR
Definition: typedefs.h:56
#define LOCALE_USER_DEFAULT
#define DATE_SHORTDATE
Definition: winnls.h:196
#define IDS_NONE
Definition: resource.h:133
#define MAKELPARAM(l, h)
Definition: winuser.h:3998
#define WM_SETREDRAW
Definition: winuser.h:1606
DWORD g_TotalRecords
Definition: eventvwr.c:81
HMENU hMainMenu
Definition: eventvwr.c:70
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:137
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
BOOL WINAPI SetWindowTextW(_In_ HWND, _In_opt_ LPCWSTR)
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
uint16_t * PWCHAR
Definition: typedefs.h:56
#define ListView_InsertItem(hwnd, pitem)
Definition: commctrl.h:2408
__u16 time
Definition: mkdosfs.c:366
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
HWND hwndStatus
Definition: eventvwr.c:68
PWSTR ComputerNames
Definition: eventvwr.h:134
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define DWORD
Definition: nt_native.h:44
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:87
HINSTANCE hInst
Definition: eventvwr.c:48
HWND hwndMainWindow
Definition: eventvwr.c:64
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2878
#define LVIF_TEXT
Definition: commctrl.h:2309
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_POWER_POLICY_IDLE_SETTINGS Settings
Definition: wdfdevice.h:2592
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
BOOL FilterByType(IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
Definition: eventvwr.c:1889
#define L(x)
Definition: ntvdm.h:50
BOOL WINAPI EnableMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
unsigned char * LPBYTE
Definition: typedefs.h:53
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2881
HANDLE hStopEnumEvent
Definition: eventvwr.c:90
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1416
int iSubItem
Definition: commctrl.h:2362
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
LPARAM lParam
Definition: commctrl.h:2368
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2885
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
VOID EventTimeToSystemTime(IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
Definition: eventvwr.c:713
HWND hwndListView
Definition: eventvwr.c:66
STRSAFEAPI StringCbPrintfW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:557
PWSTR ComputerName
Definition: eventvwr.h:90
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1422
LONG_PTR LPARAM
Definition: windef.h:208
#define ListView_GetItemCount(hwnd)
Definition: commctrl.h:2307
#define SW_SHOW
Definition: winuser.h:769
BOOL FilterByString(IN PCWSTR FilterString, IN PWSTR String)
Definition: eventvwr.c:1905
#define ListView_SetItemText(hwndLV, i, iSubItem_, pszText_)
Definition: commctrl.h:2691
struct _EVENTLOGFILTER * PEVENTLOGFILTER
HWND hwndStatusProgress
Definition: eventvwr.c:69
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2880
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
#define WAIT_OBJECT_0
Definition: winbase.h:406
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2883
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2882
LPWSTR pszText
Definition: commctrl.h:2365
#define MF_ENABLED
Definition: winuser.h:128
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2875
#define MAX_PATH
Definition: compat.h:34
#define LVIF_IMAGE
Definition: commctrl.h:2310
#define CopyMemory
Definition: winbase.h:1668
unsigned long DWORD
Definition: ntddk_ex.h:95
#define ProgressBar_SetPos(hwndCtl, pos)
Definition: eventvwr.h:58
#define IDM_CLEAR_EVENTS
Definition: resource.h:78
UINT mask
Definition: commctrl.h:2360
WCHAR szStatusBarTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:51
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
static VOID FreeRecords(VOID)
Definition: eventvwr.c:1871
struct _EVENTLOGRECORD * PEVENTLOGRECORD
#define StatusBar_SetText(hwndCtl, index, data)
Definition: eventvwr.h:69
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
#define ProgressBar_SetRange(hwndCtl, range)
Definition: eventvwr.h:60
static const WCHAR Cleanup[]
Definition: register.c:80
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:979
BOOL Permanent
Definition: eventvwr.h:97
DWORD dwStatus
Definition: mediaobj.idl:95
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
#define HeapReAlloc
Definition: compat.h:734
unsigned int UINT
Definition: ndis.h:50
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2877
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define IDS_NOT_AVAILABLE
Definition: resource.h:134
#define LVIF_PARAM
Definition: commctrl.h:2311
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:49
unsigned int ULONG
Definition: retypes.h:1
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:140
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2884
#define IDM_SAVE_EVENTLOG
Definition: resource.h:76
#define MF_GRAYED
Definition: winuser.h:129
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LVM_PROGRESS
Definition: eventvwr.c:21
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1079
BYTE * PBYTE
Definition: pedump.c:66
BOOL GetEventUserName(IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
Definition: eventvwr.c:1800
#define HeapFree(x, y, z)
Definition: compat.h:735
WCHAR szTitleTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:50
#define ListView_DeleteAllItems(hwnd)
Definition: commctrl.h:2414
HANDLE hProcessHeap
Definition: kbswitch.c:34
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by StartStopEnumEventsThread().

◆ EventDetails()

INT_PTR CALLBACK EventDetails ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4318 of file eventvwr.c.

4319 {
4320  switch (uMsg)
4321  {
4322  case WM_INITDIALOG:
4323  {
4324  LONG_PTR dwStyle;
4325  RECT rcWnd, rect;
4326  INT iEventItem;
4327 
4329  if (!hWndDetailsCtrl)
4330  {
4331  EndDialog(hDlg, 0);
4332  return (INT_PTR)TRUE;
4333  }
4334 
4335  /* Create a size grip if the dialog has a sizing border */
4336  GetClientRect(hDlg, &rcWnd);
4337  dwStyle = GetWindowLongPtrW(hDlg, GWL_STYLE);
4338  if (dwStyle & WS_THICKFRAME /* == WS_SIZEBOX */)
4339  {
4340  INT sbVXSize = GetSystemMetrics(SM_CXVSCROLL);
4341  INT sbHYSize = GetSystemMetrics(SM_CYHSCROLL);
4342 
4344  NULL,
4346  rcWnd.right - sbVXSize,
4347  rcWnd.bottom - sbHYSize,
4348  sbVXSize, sbHYSize,
4349  hDlg,
4350  NULL,
4351  hInst,
4352  NULL);
4353  }
4354 
4355  // SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)hWndDetailsCtrl);
4356 
4357  /*
4358  * Compute the minimum window size (in window coordinates) by
4359  * adding the widths/heights of the "Help" and "Close" buttons,
4360  * together with the margins, and add some minimal spacing
4361  * between the buttons.
4362  */
4363  GetWindowRect(hDlg, &rcWnd);
4364  cxMin = cyMin = 0;
4365 
4366  GetWindowRect(GetDlgItem(hDlg, IDHELP), &rect);
4367  cxMin += (rect.right - rect.left) + (rect.left - rcWnd.left); // == (rect.right - rcWnd.left);
4368  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4369 
4370  GetWindowRect(GetDlgItem(hDlg, IDOK), &rect);
4371  cxMin += (rect.right - rect.left) + (rcWnd.right - rect.right); // == (rcWnd.right - rect.left);
4372  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4373 
4374  /*
4375  * Convert the window rect from window to client coordinates
4376  * in order to retrieve the sizes of the left and top margins,
4377  * and add some extra space.
4378  */
4379  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rcWnd, sizeof(RECT)/sizeof(POINT));
4380 
4381  cxMin += -2*rcWnd.left; // Minimal spacing between the buttons == 2 * left margin
4382  cyMin += -rcWnd.top + 12; // Add some space on top
4383 
4384  GetClientRect(hDlg, &rcWnd);
4385  cxOld = rcWnd.right - rcWnd.left;
4386  cyOld = rcWnd.bottom - rcWnd.top;
4387 
4388  /* Show event info in dialog control */
4389  iEventItem = (lParam != 0 ? ((PEVENTDETAIL_INFO)lParam)->iEventItem : 0);
4390  SendMessageW(hWndDetailsCtrl, EVT_DISPLAY, 0, (LPARAM)iEventItem);
4391 
4392  // SetWindowPos(hWndDetailsCtrl, NULL,
4393  // 0, 0,
4394  // (rcWnd.right - rcWnd.left),
4395  // (rcWnd.bottom - rcWnd.top),
4396  // SWP_NOZORDER | SWP_NOACTIVATE | SWP_SHOWWINDOW);
4397 
4398  /*
4399  * Hide the placeholder static control and show the event details
4400  * control instead. Note that the placeholder is here so far just
4401  * to get the dimensions right in the dialog resource editor.
4402  * I plan to remove it and use a custom control with a suitable
4403  * window class for it, that would create the event details control
4404  * instead.
4405  */
4408  return (INT_PTR)TRUE;
4409  }
4410 
4411  case WM_DESTROY:
4415  return (INT_PTR)TRUE;
4416 
4417  case WM_COMMAND:
4418  switch (LOWORD(wParam))
4419  {
4420  case IDOK:
4421  case IDCANCEL:
4422  EndDialog(hDlg, LOWORD(wParam));
4423  return (INT_PTR)TRUE;
4424 
4425  case IDHELP:
4426  MessageBoxW(hDlg,
4427  L"Help not implemented yet!",
4428  szTitle,
4430  return (INT_PTR)TRUE;
4431 
4432  default:
4433  break;
4434  }
4435  break;
4436 
4437  case WM_SETCURSOR:
4438  if (((HWND)wParam == hWndGrip) && (LOWORD(lParam) == HTCLIENT))
4439  {
4442  return (INT_PTR)TRUE;
4443  }
4444  break;
4445 
4446  case WM_SIZING:
4447  {
4448  /* Forbid resizing the dialog smaller than its minimal size */
4449  PRECT dragRect = (PRECT)lParam;
4450 
4451  if ((wParam == WMSZ_LEFT) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_BOTTOMLEFT))
4452  {
4453  if (dragRect->right - dragRect->left < cxMin)
4454  dragRect->left = dragRect->right - cxMin;
4455  }
4456 
4457  if ((wParam == WMSZ_RIGHT) || (wParam == WMSZ_TOPRIGHT) || (wParam == WMSZ_BOTTOMRIGHT))
4458  {
4459  if (dragRect->right - dragRect->left < cxMin)
4460  dragRect->right = dragRect->left + cxMin;
4461  }
4462 
4463  if ((wParam == WMSZ_TOP) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_TOPRIGHT))
4464  {
4465  if (dragRect->bottom - dragRect->top < cyMin)
4466  dragRect->top = dragRect->bottom - cyMin;
4467  }
4468 
4470  {
4471  if (dragRect->bottom - dragRect->top < cyMin)
4472  dragRect->bottom = dragRect->top + cyMin;
4473  }
4474 
4476  return (INT_PTR)TRUE;
4477  }
4478 
4479  case WM_SIZE:
4480  {
4481  INT cx = LOWORD(lParam);
4482  INT cy = HIWORD(lParam);
4483 
4484  HDWP hdwp;
4485  HWND hItemWnd;
4486  RECT rect;
4487 
4488  hdwp = BeginDeferWindowPos(4);
4489 
4490  /* Resize the event details control window */
4491 
4492  hItemWnd = hWndDetailsCtrl;
4493  GetWindowRect(hItemWnd, &rect);
4494  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4495 
4496  if (hdwp)
4497  hdwp = DeferWindowPos(hdwp,
4498  hItemWnd,
4499  HWND_TOP,
4500  0, 0,
4501  (rect.right - rect.left) + (cx - cxOld),
4502  (rect.bottom - rect.top) + (cy - cyOld),
4504 
4505  /* Move the buttons */
4506 
4507  hItemWnd = GetDlgItem(hDlg, IDHELP);
4508  GetWindowRect(hItemWnd, &rect);
4509  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4510 
4511  if (hdwp)
4512  hdwp = DeferWindowPos(hdwp,
4513  hItemWnd,
4514  HWND_TOP,
4515  rect.left,
4516  rect.top + (cy - cyOld),
4517  0, 0,
4519 
4520  hItemWnd = GetDlgItem(hDlg, IDOK);
4521  GetWindowRect(hItemWnd, &rect);
4522  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4523 
4524  if (hdwp)
4525  hdwp = DeferWindowPos(hdwp,
4526  hItemWnd,
4527  HWND_TOP,
4528  rect.left + (cx - cxOld),
4529  rect.top + (cy - cyOld),
4530  0, 0,
4532 
4533  /* Move the size grip */
4534  if (hWndGrip && hdwp)
4535  {
4537  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4538 
4539  hdwp = DeferWindowPos(hdwp,
4540  hWndGrip,
4541  HWND_TOP,
4542  rect.left + (cx - cxOld),
4543  rect.top + (cy - cyOld),
4544  0, 0,
4546  }
4547 
4548  if (hdwp)
4549  EndDeferWindowPos(hdwp);
4550 
4551  /* Hide the size grip if we are in maximized mode */
4552  if (hWndGrip)
4554 
4555  cxOld = cx;
4556  cyOld = cy;
4557 
4559  return (INT_PTR)TRUE;
4560  }
4561  }
4562 
4563  return (INT_PTR)FALSE;
4564 }
#define WS_CLIPSIBLINGS
Definition: pedump.c:618
#define WS_THICKFRAME
Definition: pedump.c:630
#define WMSZ_BOTTOMRIGHT
Definition: winuser.h:2461
HDWP WINAPI BeginDeferWindowPos(_In_ int)
#define SM_CYHSCROLL
Definition: winuser.h:956
#define IDOK
Definition: winuser.h:824
static INT cyMin
Definition: eventvwr.c:4314
int WINAPI MapWindowPoints(_In_opt_ HWND hWndFrom, _In_opt_ HWND hWndTo, _Inout_updates_(cPoints) LPPOINT lpPoints, _In_ UINT cPoints)
BOOL WINAPI IsWindow(_In_opt_ HWND)
#define SIZE_MAXIMIZED
Definition: winuser.h:2497
#define TRUE
Definition: types.h:120
#define SW_HIDE
Definition: winuser.h:762
static INT cxMin
Definition: eventvwr.c:4314
LONG top
Definition: windef.h:307
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:954
static HWND hWndGrip
Definition: eventvwr.c:4313
#define HWND_TOP
Definition: winuser.h:1197
#define WMSZ_TOP
Definition: winuser.h:2456
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
#define WS_CHILD
Definition: pedump.c:617
#define GetWindowLongPtrW
Definition: winuser.h:4819
LONG left
Definition: windef.h:306
#define SWP_NOZORDER
Definition: winuser.h:1237
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
int32_t INT_PTR
Definition: typedefs.h:64
LONG right
Definition: windef.h:308
BOOL WINAPI DestroyWindow(_In_ HWND)
#define CreateWindowW(a, b, c, d, e, f, g, h, i, j, k)
Definition: winuser.h:4306
int32_t INT
Definition: typedefs.h:58
& rect
Definition: startmenu.cpp:1413
WPARAM wParam
Definition: combotst.c:138
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
HINSTANCE hInst
Definition: eventvwr.c:48
#define DWLP_MSGRESULT
Definition: winuser.h:864
#define WMSZ_TOPLEFT
Definition: winuser.h:2457
#define IDHELP
Definition: resource_2.h:8
#define EVT_DISPLAY
Definition: evtdetctl.h:22
#define L(x)
Definition: ntvdm.h:50
#define IDC_SIZENWSE
Definition: winuser.h:687
#define FALSE
Definition: types.h:117
#define WM_SETCURSOR
Definition: winuser.h:1626
BOOL WINAPI EndDeferWindowPos(_In_ HDWP)
_Out_opt_ int _Out_opt_ int * cy
Definition: commctrl.h:585
#define WM_SIZING
Definition: winuser.h:1797
LONG_PTR LPARAM
Definition: windef.h:208
#define SW_SHOW
Definition: winuser.h:769
#define WM_DESTROY
Definition: winuser.h:1599
static INT cxOld
Definition: eventvwr.c:4315
#define SBS_SIZEGRIP
Definition: winuser.h:332
HDWP WINAPI DeferWindowPos(_In_ HDWP, _In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
HWND WINAPI GetDlgItem(_In_opt_ HWND, _In_ int)
#define WM_SIZE
Definition: winuser.h:1601
struct _EVENTDETAIL_INFO * PEVENTDETAIL_INFO
#define SWP_NOACTIVATE
Definition: winuser.h:1232
#define SBS_SIZEBOXBOTTOMRIGHTALIGN
Definition: winuser.h:330
#define WMSZ_RIGHT
Definition: winuser.h:2455
int WINAPI GetSystemMetrics(_In_ int)
#define IDC_STATIC
Definition: resource.h:4
HCURSOR WINAPI LoadCursorW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
Definition: cursoricon.c:2074
#define MB_ICONINFORMATION
Definition: winuser.h:796
#define WM_COMMAND
Definition: winuser.h:1730
#define WMSZ_BOTTOM
Definition: winuser.h:2459
static HWND hWndDetailsCtrl
Definition: eventvwr.c:4312
#define SWP_NOSIZE
Definition: winuser.h:1235
#define GWL_STYLE
Definition: winuser.h:846
BOOL WINAPI GetClientRect(_In_ HWND, _Out_ LPRECT)
HCURSOR WINAPI SetCursor(_In_opt_ HCURSOR)
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define HWND_DESKTOP
Definition: winuser.h:1199
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
#define SM_CXVSCROLL
Definition: winuser.h:955
#define WC_SCROLLBARW
Definition: commctrl.h:4729
_Out_opt_ int * cx
Definition: commctrl.h:585
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:49
#define HIWORD(l)
Definition: typedefs.h:247
LONG bottom
Definition: windef.h:309
#define SWP_NOMOVE
Definition: winuser.h:1234
BOOL WINAPI GetWindowRect(_In_ HWND, _Out_ LPRECT)
#define SetWindowLongPtrW
Definition: winuser.h:5336
struct tagRECT * PRECT
#define HTCLIENT
Definition: winuser.h:2465
#define IDCANCEL
Definition: winuser.h:825
#define WS_VISIBLE
Definition: pedump.c:620
#define WM_INITDIALOG
Definition: winuser.h:1729
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define WMSZ_LEFT
Definition: winuser.h:2454
#define WMSZ_TOPRIGHT
Definition: winuser.h:2458
#define WMSZ_BOTTOMLEFT
Definition: winuser.h:2460
static INT cyOld
Definition: eventvwr.c:4315

Referenced by WndProc().

◆ EventLog_Free()

VOID EventLog_Free ( IN PEVENTLOG  EventLog)

Definition at line 1322 of file eventvwr.c.

1323 {
1324  if (EventLog->LogName)
1325  HeapFree(GetProcessHeap(), 0, EventLog->LogName);
1326 
1327  if (EventLog->ComputerName)
1328  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1329 
1330  if (EventLog->FileName)
1331  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
1332 
1333  HeapFree(GetProcessHeap(), 0, EventLog);
1334 }
#define GetProcessHeap()
Definition: compat.h:736
#define HeapFree(x, y, z)
Definition: compat.h:735

Referenced by BuildLogListAndFilterList(), FreeLogList(), and OpenUserEventLogFile().

◆ EventLogFilter_AddRef()

LONG EventLogFilter_AddRef ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1416 of file eventvwr.c.

1417 {
1418  ASSERT(EventLogFilter);
1419  return InterlockedIncrement(&EventLogFilter->ReferenceCount);
1420 }
#define ASSERT(a)
Definition: mode.c:44
#define InterlockedIncrement
Definition: armddk.h:53

Referenced by ClearEvents(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogFilter_Free()

VOID EventLogFilter_Free ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1402 of file eventvwr.c.

1403 {
1404  if (EventLogFilter->Sources)
1405  HeapFree(GetProcessHeap(), 0, EventLogFilter->Sources);
1406 
1407  if (EventLogFilter->Users)
1408  HeapFree(GetProcessHeap(), 0, EventLogFilter->Users);
1409 
1410  if (EventLogFilter->ComputerNames)
1411  HeapFree(GetProcessHeap(), 0, EventLogFilter->ComputerNames);
1412 
1413  HeapFree(GetProcessHeap(), 0, EventLogFilter);
1414 }
#define GetProcessHeap()
Definition: compat.h:736
#define HeapFree(x, y, z)
Definition: compat.h:735

Referenced by EventLogFilter_Release(), and FreeLogFilterList().

◆ EventLogFilter_Release()

LONG EventLogFilter_Release ( IN PEVENTLOGFILTER  EventLogFilter)

RemoveEntryList(&EventLogFilter->ListEntry);

Definition at line 1422 of file eventvwr.c.

1423 {
1424  LONG RefCount;
1425 
1426  ASSERT(EventLogFilter);
1427 
1428  /* When the reference count reaches zero, delete the filter */
1429  RefCount = InterlockedDecrement(&EventLogFilter->ReferenceCount);
1430  if (RefCount <= 0)
1431  {
1432  /* Remove the filter from the list */
1434  EventLogFilter_Free(EventLogFilter);
1435  }
1436 
1437  return RefCount;
1438 }
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1402
long LONG
Definition: pedump.c:60
#define ASSERT(a)
Definition: mode.c:44
#define InterlockedDecrement
Definition: armddk.h:52

Referenced by ClearEvents(), CloseUserEventLog(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogProperties()

INT_PTR EventLogProperties ( HINSTANCE  hInstance,
HWND  hWndParent,
PEVENTLOGFILTER  EventLogFilter 
)

Definition at line 4252 of file eventvwr.c.

4253 {
4254  INT_PTR ret = 0;
4255  PROPSHEETHEADERW psh;
4256  PROPSHEETPAGEW psp[1]; // 2
4257 
4258  /*
4259  * Bail out if there is no available filter, or if the filter
4260  * contains more than one log.
4261  */
4262  if (!EventLogFilter)
4263  return 0;
4264 
4265  EventLogFilter_AddRef(EventLogFilter);
4266 
4267  if (EventLogFilter->NumOfEventLogs > 1 ||
4268  EventLogFilter->EventLogs[0] == NULL)
4269  {
4270  goto Quit;
4271  }
4272 
4273  /* Header */
4274  psh.dwSize = sizeof(psh);
4275  psh.dwFlags = PSH_PROPSHEETPAGE /*| PSH_USEICONID */ | PSH_PROPTITLE | PSH_HASHELP /*| PSH_NOCONTEXTHELP */ /*| PSH_USECALLBACK */;
4276  psh.hInstance = hInstance;
4277  psh.hwndParent = hWndParent;
4278  // psh.pszIcon = MAKEINTRESOURCEW(IDI_APPICON); // Disabled because it only sets the small icon; the big icon is a stretched version of the small one.
4279  psh.pszCaption = EventLogFilter->EventLogs[0]->LogName;
4280  psh.nStartPage = 0;
4281  psh.ppsp = psp;
4282  psh.nPages = ARRAYSIZE(psp);
4283  // psh.pfnCallback = PropSheetCallback;
4284 
4285  /* Log properties page */
4286  psp[0].dwSize = sizeof(psp[0]);
4287  psp[0].dwFlags = PSP_HASHELP;
4288  psp[0].hInstance = hInstance;
4290  psp[0].pfnDlgProc = EventLogPropProc;
4291  psp[0].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4292 
4293 #if 0
4294  /* TODO: Log sources page */
4295  psp[1].dwSize = sizeof(psp[1]);
4296  psp[1].dwFlags = PSP_HASHELP;
4297  psp[1].hInstance = hInstance;
4299  psp[1].pfnDlgProc = GeneralPageWndProc;
4300  psp[1].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4301 #endif
4302 
4303  /* Create the property sheet */
4304  ret = PropertySheetW(&psh);
4305 
4306 Quit:
4307  EventLogFilter_Release(EventLogFilter);
4308  return ret;
4309 }
HWND hwndParent
Definition: prsht.h:295
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:138
LPCPROPSHEETPAGEW ppsp
Definition: prsht.h:308
LPCWSTR pszTemplate
Definition: prsht.h:218
PWSTR LogName
Definition: eventvwr.h:93
INT_PTR CALLBACK EventLogPropProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
Definition: eventvwr.c:4131
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:137
int32_t INT_PTR
Definition: typedefs.h:64
HINSTANCE hInstance
Definition: charmap.c:19
DWORD dwSize
Definition: prsht.h:214
LPCWSTR pszCaption
Definition: prsht.h:301
DLGPROC pfnDlgProc
Definition: prsht.h:226
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1422
LONG_PTR LPARAM
Definition: windef.h:208
INT_PTR WINAPI PropertySheetW(LPCPROPSHEETHEADERW lppsh)
Definition: propsheet.c:2905
#define PSH_PROPTITLE
Definition: prsht.h:40
HINSTANCE hInstance
Definition: prsht.h:296
#define PSH_HASHELP
Definition: prsht.h:49
DWORD dwSize
Definition: prsht.h:293
DWORD dwFlags
Definition: prsht.h:294
int ret
LPARAM lParam
Definition: prsht.h:227
HINSTANCE hInstance
Definition: prsht.h:216
#define IDD_GENERAL_PAGE
Definition: resource.h:6
#define IDD_LOGPROPERTIES_GENERAL
Definition: resource.h:34
#define PSH_PROPSHEETPAGE
Definition: prsht.h:43
#define NULL
Definition: types.h:112
#define PSP_HASHELP
Definition: prsht.h:28
#define MAKEINTRESOURCEW(i)
Definition: winuser.h:582
INT_PTR CALLBACK GeneralPageWndProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
Definition: generalpage.c:25
DWORD dwFlags
Definition: prsht.h:215
UINT nStartPage
Definition: prsht.h:304

Referenced by WndProc().

◆ EventLogPropProc()

INT_PTR CALLBACK EventLogPropProc ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4131 of file eventvwr.c.

4132 {
4133  PEVENTLOG EventLog;
4134  WCHAR szText[MAX_LOADSTRING];
4135 
4136  EventLog = (PEVENTLOG)GetWindowLongPtrW(hDlg, DWLP_USER);
4137 
4138  switch (uMsg)
4139  {
4140  case WM_INITDIALOG:
4141  {
4142  EventLog = (PEVENTLOG)((LPPROPSHEETPAGE)lParam)->lParam;
4143  SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)EventLog);
4144 
4145  InitPropertiesDlg(hDlg, EventLog);
4146 
4147  PropSheet_UnChanged(GetParent(hDlg), hDlg);
4148  return (INT_PTR)TRUE;
4149  }
4150 
4151  case WM_DESTROY:
4152  return (INT_PTR)TRUE;
4153 
4154  case WM_NOTIFY:
4155  switch (((LPNMHDR)lParam)->code)
4156  {
4157  case PSN_APPLY:
4158  PropSheet_UnChanged(GetParent(hDlg), hDlg);
4159  SavePropertiesDlg(hDlg, EventLog);
4160  return (INT_PTR)TRUE;
4161  }
4162  break;
4163 
4164  case WM_COMMAND:
4165  switch (LOWORD(wParam))
4166  {
4167  case IDOK:
4168  case IDCANCEL:
4169  EndDialog(hDlg, LOWORD(wParam));
4170  return (INT_PTR)TRUE;
4171 
4172  case ID_CLEARLOG:
4173  {
4174  PEVENTLOGFILTER EventLogFilter = GetSelectedFilter(NULL);
4175  if (EventLogFilter && ClearEvents(EventLogFilter))
4176  {
4177  Refresh(EventLogFilter);
4178  InitPropertiesDlg(hDlg, EventLog);
4179  }
4180  return (INT_PTR)TRUE;
4181  }
4182 
4183  case IDC_EDIT_EVENTS_AGE:
4184  case IDC_EDIT_MAXLOGSIZE:
4185  if (HIWORD(wParam) == EN_CHANGE)
4186  {
4187  PropSheet_Changed(GetParent(hDlg), hDlg);
4188  }
4189  return (INT_PTR)TRUE;
4190 
4192  {
4196  PropSheet_Changed(GetParent(hDlg), hDlg);
4197  return (INT_PTR)TRUE;
4198  }
4199 
4201  {
4205  PropSheet_Changed(GetParent(hDlg), hDlg);
4206  return (INT_PTR)TRUE;
4207  }
4208 
4209  case IDC_NO_OVERWRITE:
4210  {
4214  PropSheet_Changed(GetParent(hDlg), hDlg);
4215  return (INT_PTR)TRUE;
4216  }
4217 
4218  case IDC_RESTOREDEFAULTS:
4219  {
4220  LoadStringW(hInst, IDS_RESTOREDEFAULTS, szText, _countof(szText));
4221 
4222  if (MessageBoxW(hDlg, szText, szTitle, MB_YESNO | MB_ICONQUESTION) == IDYES)
4223  {
4225  /* Workstation: 512 KB; Server: 16384 KB */
4226  SetDlgItemInt(hDlg, IDC_EDIT_MAXLOGSIZE, 5120, FALSE);
4230  PropSheet_Changed(GetParent(hDlg), hDlg);
4231  }
4232  return (INT_PTR)TRUE;
4233  }
4234 
4235  case IDHELP:
4236  MessageBoxW(hDlg,
4237  L"Help not implemented yet!",
4238  szTitle,
4240  return (INT_PTR)TRUE;
4241 
4242  default:
4243  break;
4244  }
4245  break;
4246  }
4247 
4248  return (INT_PTR)FALSE;
4249 }
#define MAX_LOADSTRING
Definition: eventvwr.c:43
#define IDOK
Definition: winuser.h:824
#define IDYES
Definition: winuser.h:829
#define TRUE
Definition: types.h:120
#define IDC_RESTOREDEFAULTS
Definition: resource.h:69
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
#define GetWindowLongPtrW
Definition: winuser.h:4819
#define PSN_APPLY
Definition: prsht.h:117
int32_t INT_PTR
Definition: typedefs.h:64
#define IDC_NO_OVERWRITE
Definition: resource.h:68
#define IDC_OVERWRITE_AS_NEEDED
Definition: resource.h:64
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
WPARAM wParam
Definition: combotst.c:138
HINSTANCE hInst
Definition: eventvwr.c:48
#define IDHELP
Definition: resource_2.h:8
static VOID SavePropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:4072
VOID Refresh(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:2670
#define L(x)
Definition: ntvdm.h:50
#define FALSE
Definition: types.h:117
#define MB_YESNO
Definition: winuser.h:811
#define LPPROPSHEETPAGE
Definition: prsht.h:390
#define MB_ICONQUESTION
Definition: winuser.h:783
#define WM_DESTROY
Definition: winuser.h:1599
#define PropSheet_UnChanged(d, w)
Definition: prsht.h:358
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define PropSheet_Changed(d, w)
Definition: prsht.h:344
#define IDC_OVERWRITE_OLDER_THAN
Definition: resource.h:65
#define _countof(array)
Definition: sndvol32.h:68
PEVENTLOGFILTER GetSelectedFilter(OUT HTREEITEM *phti OPTIONAL)
Definition: eventvwr.c:2432
struct _EVENTLOG * PEVENTLOG
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI SetDlgItemInt(_In_ HWND, _In_ int, _In_ UINT, _In_ BOOL)
#define DWLP_USER
Definition: winuser.h:866
static VOID InitPropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:3882
#define WM_COMMAND
Definition: winuser.h:1730
Definition: inflate.c:139
HWND WINAPI GetParent(_In_ HWND)
#define EnableDlgItem(hDlg, nID, bEnable)
Definition: eventvwr.h:55
#define IDC_EDIT_MAXLOGSIZE
Definition: resource.h:62
#define IDC_EDIT_EVENTS_AGE
Definition: resource.h:66
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
#define IDS_RESTOREDEFAULTS
Definition: resource.h:107
#define ID_CLEARLOG
Definition: resource.h:71
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:49
#define HIWORD(l)
Definition: typedefs.h:247
BOOL WINAPI CheckRadioButton(_In_ HWND, _In_ int, _In_ int, _In_ int)
#define SetWindowLongPtrW
Definition: winuser.h:5336
#define IDCANCEL
Definition: winuser.h:825
#define WM_INITDIALOG
Definition: winuser.h:1729
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define WM_NOTIFY
Definition: richedit.h:61
BOOL ClearEvents(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:2612
#define IDC_UPDOWN_EVENTS_AGE
Definition: resource.h:67
#define EN_CHANGE
Definition: winuser.h:2012

Referenced by EventLogProperties().

◆ EventTimeToSystemTime()

VOID EventTimeToSystemTime ( IN DWORD  EventTime,
OUT PSYSTEMTIME  pSystemTime 
)

Definition at line 713 of file eventvwr.c.

715 {
716  SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
717  FILETIME ftLocal;
718  union
719  {
720  FILETIME ft;
721  ULONGLONG ll;
722  } u1970, uUCT;
723 
724  uUCT.ft.dwHighDateTime = 0;
725  uUCT.ft.dwLowDateTime = EventTime;
726  SystemTimeToFileTime(&st1970, &u1970.ft);
727  uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
728  FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
729  FileTimeToSystemTime(&ftLocal, pSystemTime);
730 }
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:221
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:188
uint64_t ULONGLONG
Definition: typedefs.h:67
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:158
w ll
Definition: byte_order.h:166

Referenced by EnumEventsThread().

◆ FilterByString()

BOOL FilterByString ( IN PCWSTR  FilterString,
IN PWSTR  String 
)

Definition at line 1905 of file eventvwr.c.

1907 {
1908  PCWSTR pStr;
1909 
1910  /* The filter string is NULL so it does not filter anything */
1911  if (!FilterString)
1912  return TRUE;
1913 
1914  /*
1915  * If the filter string filters for an empty string AND the source string
1916  * is an empty string, we have a match (particular case of the last one).
1917  */
1918  if (!*FilterString && !*String)
1919  return TRUE;
1920 
1921  // if (*FilterString || *String)
1922 
1923  /*
1924  * If the filter string is empty BUT the source string is not empty,
1925  * OR vice-versa, we cannot have a match.
1926  */
1927  if ( (!*FilterString && *String) || (*FilterString && !*String) )
1928  return FALSE;
1929 
1930  /*
1931  * If the filter string filters for at least a non-empty string,
1932  * browse it and search for a string that matches the source string.
1933  */
1934  // else if (*FilterString && *String)
1935  {
1936  pStr = FilterString;
1937  while (*pStr)
1938  {
1939  if (wcsicmp(pStr, String) == 0)
1940  {
1941  /* We have a match, break the loop */
1942  break;
1943  }
1944 
1945  pStr += (wcslen(pStr) + 1);
1946  }
1947  if (!*pStr) // && *String
1948  {
1949  /* We do not have a match */
1950  return FALSE;
1951  }
1952  }
1953 
1954  /* We have a match */
1955  return TRUE;
1956 }
const uint16_t * PCWSTR
Definition: typedefs.h:57
#define TRUE
Definition: types.h:120
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2430
#define FALSE
Definition: types.h:117
#define wcsicmp
Definition: compat.h:15
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by EnumEventsThread().

◆ FilterByType()

BOOL FilterByType ( IN PEVENTLOGFILTER  EventLogFilter,
IN PEVENTLOGRECORD  pevlr 
)

Definition at line 1889 of file eventvwr.c.

1891 {
1892  if ((pevlr->EventType == EVENTLOG_SUCCESS && !EventLogFilter->Information ) ||
1893  (pevlr->EventType == EVENTLOG_INFORMATION_TYPE && !EventLogFilter->Information ) ||
1894  (pevlr->EventType == EVENTLOG_WARNING_TYPE && !EventLogFilter->Warning ) ||
1895  (pevlr->EventType == EVENTLOG_ERROR_TYPE && !EventLogFilter->Error ) ||
1896  (pevlr->EventType == EVENTLOG_AUDIT_SUCCESS && !EventLogFilter->AuditSuccess) ||
1897  (pevlr->EventType == EVENTLOG_AUDIT_FAILURE && !EventLogFilter->AuditFailure))
1898  {
1899  return FALSE;
1900  }
1901  return TRUE;
1902 }
#define TRUE
Definition: types.h:120
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2881
#define FALSE
Definition: types.h:117
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2885
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2880
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2883
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2882
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2884

Referenced by EnumEventsThread().

◆ FormatByteSize()

UINT FormatByteSize ( LONGLONG  cbSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1161 of file eventvwr.c.

1162 {
1163  UINT cchWritten, cchRemaining;
1164  LPWSTR pwszEnd;
1165  size_t cchStringRemaining;
1166 
1167  /* Write formated bytes count */
1168  cchWritten = FormatInteger(cbSize, pwszResult, cchResultMax);
1169  if (!cchWritten)
1170  return 0;
1171 
1172  /* Copy " bytes" to buffer */
1173  pwszEnd = pwszResult + cchWritten;
1174  cchRemaining = cchResultMax - cchWritten;
1175  StringCchCopyExW(pwszEnd, cchRemaining, L" ", &pwszEnd, &cchStringRemaining, 0);
1176  cchRemaining = (UINT)cchStringRemaining;
1177  cchWritten = LoadStringW(hInst, IDS_BYTES_FORMAT, pwszEnd, cchRemaining);
1178  cchRemaining -= cchWritten;
1179 
1180  return cchResultMax - cchRemaining;
1181 }
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:48
#define L(x)
Definition: ntvdm.h:50
#define IDS_BYTES_FORMAT
Definition: resource.h:120
UINT FormatInteger(LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1101
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
unsigned int UINT
Definition: ndis.h:50
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by FormatFileSizeWithBytes().

◆ FormatFileSizeWithBytes()

LPWSTR FormatFileSizeWithBytes ( const PULARGE_INTEGER  lpQwSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1184 of file eventvwr.c.

1185 {
1186  UINT cchWritten, cchRemaining;
1187  LPWSTR pwszEnd;
1188  size_t cchCopyRemaining;
1189 
1190  /* Format bytes in KBs, MBs etc */
1191  if (StrFormatByteSizeW(lpQwSize->QuadPart, pwszResult, cchResultMax) == NULL)
1192  return NULL;
1193 
1194  /* If there is less bytes than 1KB, we have nothing to do */
1195  if (lpQwSize->QuadPart < 1024)
1196  return pwszResult;
1197 
1198  /* Concatenate " (" */
1199  cchWritten = (UINT)wcslen(pwszResult);
1200  pwszEnd = pwszResult + cchWritten;
1201  cchRemaining = cchResultMax - cchWritten;
1202  StringCchCopyExW(pwszEnd, cchRemaining, L" (", &pwszEnd, &cchCopyRemaining, 0);
1203  cchRemaining = (UINT)cchCopyRemaining;
1204 
1205  /* Write formated bytes count */
1206  cchWritten = FormatByteSize(lpQwSize->QuadPart, pwszEnd, cchRemaining);
1207  pwszEnd += cchWritten;
1208  cchRemaining -= cchWritten;
1209 
1210  /* Copy ")" to the buffer */
1211  StringCchCopyW(pwszEnd, cchRemaining, L")");
1212 
1213  return pwszResult;
1214 }
LPWSTR WINAPI StrFormatByteSizeW(LONGLONG llBytes, LPWSTR lpszDest, UINT cchMax)
Definition: string.c:2380
#define L(x)
Definition: ntvdm.h:50
ULONGLONG QuadPart
Definition: ms-dtyp.idl:185
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
UINT FormatByteSize(LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1161
unsigned int UINT
Definition: ndis.h:50
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by InitPropertiesDlg().

◆ FormatInteger()

UINT FormatInteger ( LONGLONG  Num,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1101 of file eventvwr.c.

1102 {
1103  WCHAR wszNumber[24];
1104  WCHAR wszDecimalSep[8], wszThousandSep[8];
1105  NUMBERFMTW nf;
1106  WCHAR wszGrouping[12];
1107  INT cchGrouping;
1108  INT cchResult;
1109  INT i;
1110 
1111  // Print the number in uniform mode
1112  swprintf(wszNumber, L"%I64u", Num);
1113 
1114  // Get system strings for decimal and thousand separators.
1115  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_SDECIMAL, wszDecimalSep, _countof(wszDecimalSep));
1116  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_STHOUSAND, wszThousandSep, _countof(wszThousandSep));
1117 
1118  // Initialize format for printing the number in bytes
1119  ZeroMemory(&nf, sizeof(nf));
1120  nf.lpDecimalSep = wszDecimalSep;
1121  nf.lpThousandSep = wszThousandSep;
1122 
1123  // Get system string for groups separator
1124  cchGrouping = GetLocaleInfoW(LOCALE_USER_DEFAULT,
1126  wszGrouping,
1127  _countof(wszGrouping));
1128 
1129  // Convert grouping specs from string to integer
1130  for (i = 0; i < cchGrouping; i++)
1131  {
1132  WCHAR wch = wszGrouping[i];
1133 
1134  if (wch >= L'0' && wch <= L'9')
1135  nf.Grouping = nf.Grouping * 10 + (wch - L'0');
1136  else if (wch != L';')
1137  break;
1138  }
1139 
1140  if ((nf.Grouping % 10) == 0)
1141  nf.Grouping /= 10;
1142  else
1143  nf.Grouping *= 10;
1144 
1145  // Format the number
1147  0,
1148  wszNumber,
1149  &nf,
1150  pwszResult,
1151  cchResultMax);
1152 
1153  if (!cchResult)
1154  return 0;
1155 
1156  // GetNumberFormatW returns number of characters including UNICODE_NULL
1157  return cchResult - 1;
1158 }
LPWSTR lpThousandSep
Definition: winnls.h:646
#define LOCALE_SGROUPING
Definition: winnls.h:44
LPWSTR lpDecimalSep
Definition: winnls.h:645
#define LOCALE_USER_DEFAULT
UINT Grouping
Definition: winnls.h:644
#define ZeroMemory
Definition: winbase.h:1670
int32_t INT
Definition: typedefs.h:58
INT WINAPI GetLocaleInfoW(LCID lcid, LCTYPE lctype, LPWSTR buffer, INT len)
Definition: lang.c:1102
#define L(x)
Definition: ntvdm.h:50
#define LOCALE_STHOUSAND
Definition: winnls.h:43
#define LOCALE_SDECIMAL
Definition: winnls.h:42
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define _countof(array)
Definition: sndvol32.h:68
int _cdecl swprintf(const WCHAR *,...)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
INT WINAPI GetNumberFormatW(LCID lcid, DWORD dwFlags, LPCWSTR lpszValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchOut)
Definition: lcformat.c:1198

Referenced by FormatByteSize().

◆ FreeLogFilterList()

VOID FreeLogFilterList ( VOID  )

Definition at line 3015 of file eventvwr.c.

3016 {
3018  PEVENTLOGFILTER EventLogFilter;
3019 
3020  while (!IsListEmpty(&EventLogFilterList))
3021  {
3023  EventLogFilter = (PEVENTLOGFILTER)CONTAINING_RECORD(Entry, EVENTLOGFILTER, ListEntry);
3024  EventLogFilter_Free(EventLogFilter);
3025  }
3026 
3027  ActiveFilter = NULL;
3028 
3029  return;
3030 }
struct _Entry Entry
Definition: kefuncs.h:629
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1402
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:87
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:86
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOGFILTER * PEVENTLOGFILTER
Definition: typedefs.h:119
#define NULL
Definition: types.h:112
base of all file and directory entries
Definition: entries.h:82

Referenced by wWinMain().

◆ FreeLogList()

VOID FreeLogList ( VOID  )

Definition at line 2999 of file eventvwr.c.

3000 {
3002  PEVENTLOG EventLog;
3003 
3004  while (!IsListEmpty(&EventLogList))
3005  {
3007  EventLog = (PEVENTLOG)CONTAINING_RECORD(Entry, EVENTLOG, ListEntry);
3008  EventLog_Free(EventLog);
3009  }
3010 
3011  return;
3012 }
struct _Entry Entry
Definition: kefuncs.h:629
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOG * PEVENTLOG
Definition: typedefs.h:119
LIST_ENTRY EventLogList
Definition: eventvwr.c:85
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1322
base of all file and directory entries
Definition: entries.h:82

Referenced by wWinMain().

◆ FreeRecords()

static VOID FreeRecords ( VOID  )
static

Definition at line 1871 of file eventvwr.c.

1872 {
1873  DWORD iIndex;
1874 
1875  if (!g_RecordPtrs)
1876  return;
1877 
1878  for (iIndex = 0; iIndex < g_TotalRecords; iIndex++)
1879  {
1880  if (g_RecordPtrs[iIndex])
1881  HeapFree(GetProcessHeap(), 0, g_RecordPtrs[iIndex]);
1882  }
1884  g_RecordPtrs = NULL;
1885  g_TotalRecords = 0;
1886 }
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:82
DWORD g_TotalRecords
Definition: eventvwr.c:81
#define GetProcessHeap()
Definition: compat.h:736
unsigned long DWORD
Definition: ntddk_ex.h:95
#define NULL
Definition: types.h:112
#define HeapFree(x, y, z)
Definition: compat.h:735

Referenced by EnumEventsThread(), and StartStopEnumEventsThread().

◆ GetDisplayNameFileAndID()

BOOL GetDisplayNameFileAndID ( IN LPCWSTR  lpLogName,
OUT PWCHAR  lpModuleName,
OUT PDWORD  pdwMessageID 
)

Definition at line 2709 of file eventvwr.c.

2712 {
2713  BOOL Success = FALSE;
2714  LONG Result;
2715  HKEY hLogKey;
2716  WCHAR *KeyPath;
2717  SIZE_T cbKeyPath;
2718  DWORD dwType, cbData;
2719  DWORD dwMessageID = 0;
2721 
2722  /* Use a default value for the message ID */
2723  *pdwMessageID = 0;
2724 
2725  cbKeyPath = (wcslen(EVENTLOG_BASE_KEY) + wcslen(lpLogName) + 1) * sizeof(WCHAR);
2726  KeyPath = HeapAlloc(GetProcessHeap(), 0, cbKeyPath);
2727  if (!KeyPath)
2728  {
2730  return FALSE;
2731  }
2732 
2733  StringCbCopyW(KeyPath, cbKeyPath, EVENTLOG_BASE_KEY);
2734  StringCbCatW(KeyPath, cbKeyPath, lpLogName);
2735 
2736  Result = RegOpenKeyExW(hkMachine, KeyPath, 0, KEY_QUERY_VALUE, &hLogKey);
2737  HeapFree(GetProcessHeap(), 0, KeyPath);
2738  if (Result != ERROR_SUCCESS)
2739  {
2741  return FALSE;
2742  }
2743 
2744  cbData = sizeof(szModuleName);
2745  Result = RegQueryValueExW(hLogKey,
2746  L"DisplayNameFile",
2747  NULL,
2748  &dwType,
2750  &cbData);
2751  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2752  {
2754  }
2755  else
2756  {
2757  /* NULL-terminate the string and expand it */
2758  szModuleName[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
2760  Success = TRUE;
2761  }
2762 
2763  /*
2764  * If we have a 'DisplayNameFile', query for 'DisplayNameID';
2765  * otherwise it's not really useful. 'DisplayNameID' is optional.
2766  */
2767  if (Success)
2768  {
2769  cbData = sizeof(dwMessageID);
2770  Result = RegQueryValueExW(hLogKey,
2771  L"DisplayNameID",
2772  NULL,
2773  &dwType,
2774  (LPBYTE)&dwMessageID,
2775  &cbData);
2776  if ((Result != ERROR_SUCCESS) || (dwType != REG_DWORD))
2777  dwMessageID = 0;
2778 
2779  *pdwMessageID = dwMessageID;
2780  }
2781 
2782  RegCloseKey(hLogKey);
2783 
2784  return Success;
2785 }
#define ERROR_SUCCESS
Definition: deptool.c:10
#define TRUE
Definition: types.h:120
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:78
#define L(x)
Definition: ntvdm.h:50
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
long LONG
Definition: pedump.c:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1455
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4120
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:24
LPWSTR lpComputerName
Definition: eventvwr.c:74
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3356
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:140
LPCWSTR LPCWSTR szModuleName
Definition: env.c:37
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
#define REG_DWORD
Definition: sdbapi.c:596
#define HeapFree(x, y, z)
Definition: compat.h:735
#define RegCloseKey(hKey)
Definition: registry.h:47
#define REG_SZ
Definition: layer.c:22

Referenced by BuildLogListAndFilterList().

◆ GetEventCategory()

BOOL GetEventCategory ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  CategoryName 
)

Definition at line 1589 of file eventvwr.c.

1593 {
1594  BOOL Success = FALSE;
1595  WCHAR szMessageDLL[MAX_PATH];
1596  LPWSTR lpMsgBuf = NULL;
1597 
1599  goto Quit;
1600 
1601  /* Retrieve the message string without appending extra newlines */
1602  lpMsgBuf =
1603  GetMessageStringFromDllList(szMessageDLL,
1606  pevlr->EventCategory,
1608  NULL);
1609  if (lpMsgBuf)
1610  {
1611  /* Trim the string */
1612  TrimNulls(lpMsgBuf);
1613 
1614  /* Copy the category name */
1615  StringCchCopyW(CategoryName, MAX_PATH, lpMsgBuf);
1616 
1617  /* Free the buffer allocated by FormatMessage */
1618  LocalFree(lpMsgBuf);
1619 
1620  /* The ID was found and the message was formatted */
1621  Success = TRUE;
1622  }
1623 
1624 Quit:
1625  if (!Success)
1626  {
1627  if (pevlr->EventCategory != 0)
1628  {
1629  StringCchPrintfW(CategoryName, MAX_PATH, L"(%lu)", pevlr->EventCategory);
1630  Success = TRUE;
1631  }
1632  }
1633 
1634  return Success;
1635 }
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1441
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:425
#define TRUE
Definition: types.h:120
#define L(x)
Definition: ntvdm.h:50
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:419
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:422
#define EVENT_CATEGORY_MESSAGE_FILE
Definition: eventvwr.c:39
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:420
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1528
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:842
#define EVENT_MESSAGE_FILE_BUFFER
Definition: eventvwr.c:37

Referenced by EnumEventsThread().

◆ GetEventMessage()

BOOL GetEventMessage ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  EventText 
)

Definition at line 1639 of file eventvwr.c.

1643 {
1644  BOOL Success = FALSE;
1645  DWORD i;
1646  size_t cch;
1647  WCHAR SourceModuleName[1024];
1648  WCHAR ParameterModuleName[1024];
1649  BOOL IsParamModNameCached = FALSE;
1650  LPWSTR lpMsgBuf = NULL;
1651  LPWSTR szStringArray, szMessage;
1652  LPWSTR *szArguments;
1653 
1654  /* Get the event string array */
1655  szStringArray = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset);
1656 
1657  /* NOTE: GetEventMessageFileDLL can return a comma-separated list of DLLs */
1658  if (!GetEventMessageFileDLL(KeyName, SourceName, EVENT_MESSAGE_FILE, SourceModuleName))
1659  goto Quit;
1660 
1661  /* Allocate space for insertion strings */
1662  szArguments = HeapAlloc(GetProcessHeap(), 0, pevlr->NumStrings * sizeof(LPVOID));
1663  if (!szArguments)
1664  goto Quit;
1665 
1666  if (!IsParamModNameCached)
1667  {
1668  /* Now that the parameter file list is loaded, no need to reload it at the next run! */
1669  IsParamModNameCached = GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName);
1670  // FIXME: If the string loading failed the first time, no need to retry it just after???
1671  }
1672 
1673  if (IsParamModNameCached)
1674  {
1675  /* Not yet support for reading messages from parameter message DLL */
1676  }
1677 
1678  szMessage = szStringArray;
1679  /*
1680  * HACK:
1681  * We do some hackish preformatting of the cached event strings...
1682  * That's because after we pass the string to FormatMessage
1683  * (via GetMessageStringFromDllList) with the FORMAT_MESSAGE_ARGUMENT_ARRAY
1684  * flag, instead of ignoring the insertion parameters and do the formatting
1685  * by ourselves. Therefore, the resulting string should have the parameter
1686  * string placeholders starting with a single '%' instead of a mix of one
1687  * and two '%'.
1688  */
1689  /* HACK part 1: Compute the full length of the string array */
1690  cch = 0;
1691  for (i = 0; i < pevlr->NumStrings; i++)
1692  {
1693  szMessage += wcslen(szMessage) + 1;
1694  }
1695  cch = szMessage - szStringArray;
1696 
1697  /* HACK part 2: Now do the HACK proper! */
1698  szMessage = szStringArray;
1699  for (i = 0; i < pevlr->NumStrings; i++)
1700  {
1701  lpMsgBuf = szMessage;
1702  while ((lpMsgBuf = wcsstr(lpMsgBuf, L"%%")))
1703  {
1704  if (iswdigit(lpMsgBuf[2]))
1705  {
1706  MoveMemory(lpMsgBuf, lpMsgBuf+1, ((szStringArray + cch) - lpMsgBuf - 1) * sizeof(WCHAR));
1707  }
1708  }
1709 
1710  szArguments[i] = szMessage;
1711  szMessage += wcslen(szMessage) + 1;
1712  }
1713 
1714  /* Retrieve the message string without appending extra newlines */
1715  lpMsgBuf =
1716  GetMessageStringFromDllList(SourceModuleName,
1719  pevlr->EventID,
1720  0,
1721  (va_list*)szArguments);
1722  if (lpMsgBuf)
1723  {
1724  /* Trim the string */
1725  TrimNulls(lpMsgBuf);
1726 
1727  szMessage = NULL;
1728  Success = (ApplyParameterStringsToMessage(ParameterModuleName,
1729  TRUE,
1730  lpMsgBuf,
1731  &szMessage) == ERROR_SUCCESS);
1732  if (Success && szMessage)
1733  {
1734  /* Free the buffer allocated by FormatMessage */
1735  LocalFree(lpMsgBuf);
1736  lpMsgBuf = szMessage;
1737  }
1738 
1739  /* Copy the event text */
1740  StringCchCopyW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf);
1741 
1742  /* Free the buffer allocated by FormatMessage */
1743  LocalFree(lpMsgBuf);
1744  }
1745 
1746  HeapFree(GetProcessHeap(), 0, szArguments);
1747 
1748 Quit:
1749  if (!Success)
1750  {
1751  /* Get a read-only pointer to the "event-not-found" string */
1752  lpMsgBuf = HeapAlloc(GetProcessHeap(), 0, EVENT_MESSAGE_EVENTTEXT_BUFFER * sizeof(WCHAR));
1754  StringCchPrintfW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf, (pevlr->EventID & 0xFFFF), SourceName);
1755 
1756  /* Append the strings */
1757  szMessage = szStringArray;
1758  for (i = 0; i < pevlr->NumStrings; i++)
1759  {
1760  StringCchCatW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, szMessage);
1762  szMessage += wcslen(szMessage) + 1;
1763  }
1764  }
1765 
1766  return Success;
1767 }
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1441
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:425
#define ERROR_SUCCESS
Definition: deptool.c:10
#define TRUE
Definition: types.h:120
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:424
#define iswdigit(_c)
Definition: ctype.h:667
#define EVENT_PARAMETER_MESSAGE_FILE
Definition: eventvwr.c:41
#define MoveMemory
Definition: winbase.h:1667
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:48
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:325
#define L(x)
Definition: ntvdm.h:50
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
DWORD ApplyParameterStringsToMessage(IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
Definition: eventvwr.c:903
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:419
char * va_list
Definition: acmsvcex.h:78
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:422
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned long DWORD
Definition: ntddk_ex.h:95
#define EVENT_MESSAGE_EVENTTEXT_BUFFER
Definition: eventvwr.c:36
#define IDS_EVENTSTRINGIDNOTFOUND
Definition: resource.h:106
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define EVENT_MESSAGE_FILE
Definition: eventvwr.c:40
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1528
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:842
IN PCTCH IN DWORD cch
Definition: pager.h:36
#define HeapFree(x, y, z)
Definition: compat.h:735

Referenced by DisplayEvent().

◆ GetEventMessageFileDLL()

BOOL GetEventMessageFileDLL ( IN LPCWSTR  lpLogName,
IN LPCWSTR  SourceName,
IN LPCWSTR  EntryName,
OUT PWCHAR  lpModuleName 
)

Definition at line 1528 of file eventvwr.c.

1532 {
1533  BOOL Success = FALSE;
1534  LONG Result;
1535  DWORD dwType, dwSize;
1537  WCHAR szKeyName[MAX_PATH];
1538  HKEY hLogKey = NULL;
1539  HKEY hSourceKey = NULL;
1540 
1541  StringCbCopyW(szKeyName, sizeof(szKeyName), EVENTLOG_BASE_KEY);
1542  StringCbCatW(szKeyName, sizeof(szKeyName), lpLogName);
1543 
1545  szKeyName,
1546  0,
1547  KEY_READ,
1548  &hLogKey);
1549  if (Result != ERROR_SUCCESS)
1550  return FALSE;
1551 
1552  Result = RegOpenKeyExW(hLogKey,
1553  SourceName,
1554  0,
1556  &hSourceKey);
1557  if (Result != ERROR_SUCCESS)
1558  {
1559  RegCloseKey(hLogKey);
1560  return FALSE;
1561  }
1562 
1563  dwSize = sizeof(szModuleName);
1564  Result = RegQueryValueExW(hSourceKey,
1565  EntryName,
1566  NULL,
1567  &dwType,
1569  &dwSize);
1570  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
1571  {
1573  }
1574  else
1575  {
1576  /* NULL-terminate the string and expand it */
1577  szModuleName[dwSize / sizeof(WCHAR) - 1] = UNICODE_NULL;
1579  Success = TRUE;
1580  }
1581 
1582  RegCloseKey(hSourceKey);
1583  RegCloseKey(hLogKey);
1584 
1585  return Success;
1586 }
#define ERROR_SUCCESS
Definition: deptool.c:10
#define KEY_READ
Definition: nt_native.h:1023
#define TRUE
Definition: types.h:120
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:78
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
long LONG
Definition: pedump.c:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1455
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4120
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:24
LPWSTR lpComputerName
Definition: eventvwr.c:74
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3356
LPCWSTR LPCWSTR szModuleName
Definition: env.c:37
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
#define RegCloseKey(hKey)
Definition: registry.h:47
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
#define REG_SZ
Definition: layer.c:22

Referenced by GetEventCategory(), and GetEventMessage().

◆ GetEventType()

VOID GetEventType ( IN WORD  dwEventType,
OUT PWCHAR  eventTypeText 
)

Definition at line 1770 of file eventvwr.c.

1772 {
1773  switch (dwEventType)
1774  {
1775  case EVENTLOG_ERROR_TYPE:
1777  break;
1778  case EVENTLOG_WARNING_TYPE:
1780  break;
1783  break;
1784  case EVENTLOG_SUCCESS:
1786  break;
1789  break;
1792  break;
1793  default:
1795  break;
1796  }
1797 }
#define MAX_LOADSTRING
Definition: eventvwr.c:43
#define IDS_EVENTLOG_ERROR_TYPE
Definition: resource.h:112
#define IDS_EVENTLOG_INFORMATION_TYPE
Definition: resource.h:114
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define IDS_EVENTLOG_UNKNOWN_TYPE
Definition: resource.h:118
HINSTANCE hInst
Definition: eventvwr.c:48
#define IDS_EVENTLOG_SUCCESS
Definition: resource.h:117
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2881
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2885
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2880
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2883
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2882
#define IDS_EVENTLOG_AUDIT_FAILURE
Definition: resource.h:116
#define IDS_EVENTLOG_WARNING_TYPE
Definition: resource.h:113
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2884
#define IDS_EVENTLOG_AUDIT_SUCCESS
Definition: resource.h:115

Referenced by EnumEventsThread().

◆ GetEventUserName()

BOOL GetEventUserName ( IN PEVENTLOGRECORD  pelr,
IN OUT PSID pLastSid,
OUT PWCHAR  pszUser 
)

Definition at line 1800 of file eventvwr.c.

1803 {
1804  PSID pCurrentSid;
1805  PWSTR StringSid;
1806  WCHAR szName[1024];
1807  WCHAR szDomain[1024];
1810  DWORD cchDomain = ARRAYSIZE(szDomain);
1811  BOOL Success = FALSE;
1812 
1813  /* Point to the SID */
1814  pCurrentSid = (PSID)((LPBYTE)pelr + pelr->UserSidOffset);
1815 
1816  if (!IsValidSid(pCurrentSid))
1817  {
1818  *pLastSid = NULL;
1819  return FALSE;
1820  }
1821  else if (*pLastSid && EqualSid(*pLastSid, pCurrentSid))
1822  {
1823  return TRUE;
1824  }
1825 
1826  /* User SID */
1827  if (pelr->UserSidLength > 0)
1828  {
1829  /*
1830  * Try to retrieve the user account name and domain name corresponding
1831  * to the SID. If it cannot be retrieved, try to convert the SID to a
1832  * string-form. It should not be bigger than the user-provided buffer
1833  * 'pszUser', otherwise we return an error.
1834  */
1836  pCurrentSid,
1837  szName,
1838  &cchName,
1839  szDomain,
1840  &cchDomain,
1841  &peUse))
1842  {
1843  StringCchCopyW(pszUser, MAX_PATH, szName);
1844  Success = TRUE;
1845  }
1846  else if (ConvertSidToStringSidW(pCurrentSid, &StringSid))
1847  {
1848  /* Copy the string only if the user-provided buffer is big enough */
1849  if (wcslen(StringSid) + 1 <= MAX_PATH) // + 1 for NULL-terminator
1850  {
1851  StringCchCopyW(pszUser, MAX_PATH, StringSid);
1852  Success = TRUE;
1853  }
1854  else
1855  {
1857  Success = FALSE;
1858  }
1859 
1860  /* Free the allocated buffer */
1861  LocalFree(StringSid);
1862  }
1863  }
1864 
1865  *pLastSid = Success ? pCurrentSid : NULL;
1866 
1867  return Success;
1868 }
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2731
static const WCHAR szName[]
Definition: powrprof.c:45
enum _SID_NAME_USE SID_NAME_USE
#define TRUE
Definition: types.h:120
uint16_t * PWSTR
Definition: typedefs.h:56
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:831
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3382
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2753
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:752
struct _SID * PSID
Definition: eventlog.c:35
LPWSTR lpComputerName
Definition: eventvwr.c:74
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:821

Referenced by EnumEventsThread().

◆ GetExpandedFilePathName()

DWORD GetExpandedFilePathName ( IN LPCWSTR ComputerName  OPTIONAL,
IN LPCWSTR  lpFileName,
OUT LPWSTR lpFullFileName  OPTIONAL,
IN DWORD  nSize 
)

Definition at line 1455 of file eventvwr.c.

1460 {
1461  SIZE_T dwLength;
1462 
1463  /* Determine the needed size after expansion of any environment strings */
1465  if (dwLength == 0)
1466  {
1467  /* We failed, bail out */
1468  return 0;
1469  }
1470 
1471  /* If the file path is on a remote computer, estimate its length */
1472  // FIXME: Use WNetGetUniversalName instead?
1473  if (ComputerName && *ComputerName)
1474  {
1475  /* Skip any leading backslashes */
1476  while (*ComputerName == L'\\')
1477  ++ComputerName;
1478 
1479  if (*ComputerName)
1480  {
1481  /* Count 2 backslashes plus the computer name and one backslash separator */
1482  dwLength += 2 + wcslen(ComputerName) + 1;
1483  }
1484  }
1485 
1486  /* Check whether we have enough space */
1487  if (dwLength > nSize)
1488  {
1489  /* No, return the needed size in characters (includes NULL-terminator) */
1490  return dwLength;
1491  }
1492 
1493 
1494  /* Now expand the file path */
1495  ASSERT(dwLength <= nSize);
1496 
1497  /* Expand any existing environment strings */
1498  if (ExpandEnvironmentStringsW(lpFileName, lpFullFileName, dwLength) == 0)
1499  {
1500  /* We failed, bail out */
1501  return 0;
1502  }
1503 
1504  /* If the file path is on a remote computer, retrieve the network share form of the file name */
1505  // FIXME: Use WNetGetUniversalName instead?
1506  if (ComputerName && *ComputerName)
1507  {
1508  /* Note that we previously skipped any potential leading backslashes */
1509 
1510  /* Replace ':' by '$' in the drive letter */
1511  if (*lpFullFileName && lpFullFileName[1] == L':')
1512  lpFullFileName[1] = L'$';
1513 
1514  /* Prepend the computer name */
1515  MoveMemory(lpFullFileName + 2 + wcslen(ComputerName) + 1,
1516  lpFullFileName, dwLength * sizeof(WCHAR) - (2 + wcslen(ComputerName) + 1) * sizeof(WCHAR));
1517  lpFullFileName[0] = L'\\';
1518  lpFullFileName[1] = L'\\';
1519  wcsncpy(lpFullFileName + 2, ComputerName, wcslen(ComputerName));
1520  lpFullFileName[2 + wcslen(ComputerName)] = L'\\';
1521  }
1522 
1523  /* Return the number of stored characters (includes NULL-terminator) */
1524  return dwLength;
1525 }
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2061
#define MoveMemory
Definition: winbase.h:1667
#define L(x)
Definition: ntvdm.h:50
#define ASSERT(a)
Definition: mode.c:44
__wchar_t WCHAR
Definition: xmlstorage.h:180
static DWORD DWORD * dwLength
Definition: fusion.c:85
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
#define NULL
Definition: types.h:112
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
_In_ LPCSTR lpFileName
Definition: winbase.h:3058

Referenced by GetDisplayNameFileAndID(), GetEventMessageFileDLL(), and InitPropertiesDlg().

◆ GetFileTimeString()

BOOL GetFileTimeString ( LPFILETIME  lpFileTime,
LPWSTR  pwszResult,
UINT  cchResult 
)

Definition at line 1218 of file eventvwr.c.

1219 {
1220  FILETIME ft;
1221  SYSTEMTIME st;
1222  int cchWritten;
1223  UINT cchRemaining = cchResult;
1224  size_t cchCopyRemaining;
1225  LPWSTR pwszEnd = pwszResult;
1226 
1227  if (!FileTimeToLocalFileTime(lpFileTime, &ft) || !FileTimeToSystemTime(&ft, &st))
1228  return FALSE;
1229 
1230  cchWritten = GetDateFormatW(LOCALE_USER_DEFAULT, DATE_LONGDATE, &st, NULL, pwszEnd, cchRemaining);
1231  if (cchWritten)
1232  --cchWritten; // GetDateFormatW returns count with terminating zero
1233  // else
1234  // ERR("GetDateFormatW failed\n");
1235 
1236  cchRemaining -= cchWritten;
1237  pwszEnd += cchWritten;
1238 
1239  StringCchCopyExW(pwszEnd, cchRemaining, L", ", &pwszEnd, &cchCopyRemaining, 0);
1240  cchRemaining = (UINT)cchCopyRemaining;
1241 
1242  cchWritten = GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &st, NULL, pwszEnd, cchRemaining);
1243  if (cchWritten)
1244  --cchWritten; // GetTimeFormatW returns count with terminating zero
1245  // else
1246  // ERR("GetTimeFormatW failed\n");
1247 
1248  return TRUE;
1249 }
#define TRUE
Definition: types.h:120
#define LOCALE_USER_DEFAULT
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:221
#define L(x)
Definition: ntvdm.h:50
#define FALSE
Definition: types.h:117
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:188
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:979
#define DATE_LONGDATE
Definition: winnls.h:197
unsigned int UINT
Definition: ndis.h:50
#define NULL
Definition: types.h:112
WCHAR * LPWSTR
Definition: xmlstorage.h:184
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1079

Referenced by InitPropertiesDlg().

◆ GetMessageStringFromDll()

LPWSTR GetMessageStringFromDll ( IN LPCWSTR  lpMessageDll,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 738 of file eventvwr.c.

744 {
746  DWORD dwLength;
747  LPWSTR lpMsgBuf = NULL;
748 
749  hLibrary = LoadLibraryExW(lpMessageDll, NULL,
750  /* LOAD_LIBRARY_AS_IMAGE_RESOURCE | */ LOAD_LIBRARY_AS_DATAFILE);
751  if (hLibrary == NULL)
752  return NULL;
753 
754  /* Sanitize dwFlags */
757 
758  _SEH2_TRY
759  {
760  /*
761  * Retrieve the message string without appending extra newlines.
762  * Wrap in SEH to protect from invalid string parameters.
763  */
764  _SEH2_TRY
765  {
767  /* FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE |
768  FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, */
769  hLibrary,
770  dwMessageId,
772  (LPWSTR)&lpMsgBuf,
773  nSize,
774  Arguments);
775  }
777  {
778  dwLength = 0;
779 
780  /*
781  * An exception occurred while calling FormatMessage, this is usually
782  * the sign that a parameter was invalid, either 'lpMsgBuf' was NULL
783  * but we did not pass the flag FORMAT_MESSAGE_ALLOCATE_BUFFER, or the
784  * array pointer 'Arguments' was NULL or did not contain enough elements,
785  * and we did not pass the flag FORMAT_MESSAGE_IGNORE_INSERTS, and the
786  * message string expected too many inserts.
787  * In this last case only, we can call again FormatMessage but ignore
788  * explicitly the inserts. The string that we will return to the user
789  * will not be pre-formatted.
790  */
791  if (((dwFlags & FORMAT_MESSAGE_ALLOCATE_BUFFER) || lpMsgBuf) &&
793  {
794  /* Remove any possible harmful flags and always ignore inserts */
797 
798  /* If this call also throws an exception, we are really dead */
800  hLibrary,
801  dwMessageId,
803  (LPWSTR)&lpMsgBuf,
804  nSize,
805  NULL /* Arguments */);
806  }
807  }
808  _SEH2_END;
809  }
811  {
813  }
814  _SEH2_END;
815 
816  if (dwLength == 0)
817  {
818  ASSERT(lpMsgBuf == NULL);
819  lpMsgBuf = NULL;
820  }
821  else
822  {
823  LPWSTR ptr;
824 
825  ASSERT(lpMsgBuf);
826 
827  /* Trim any trailing whitespace */
828  ptr = lpMsgBuf + dwLength - 1;
829  while (iswspace(*ptr))
830  *ptr-- = UNICODE_NULL;
831  }
832 
833  return lpMsgBuf;
834 }
_SEH2_TRY
Definition: create.c:4226
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:424
#define FORMAT_MESSAGE_FROM_STRING
Definition: winbase.h:421
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
Definition: loader.c:288
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2061
_SEH2_END
Definition: create.c:4400
DWORD WINAPI FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, __ms_va_list *args)
Definition: format_msg.c:583
#define UNICODE_NULL
static PVOID ptr
Definition: dispmode.c:27
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:419
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:422
#define FreeLibrary(x)
Definition: compat.h:748
#define ASSERT(a)
Definition: mode.c:44
static DWORD DWORD * dwLength
Definition: fusion.c:85
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned long DWORD
Definition: ntddk_ex.h:95
#define iswspace(_c)
Definition: ctype.h:669
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
HMODULE hLibrary
Definition: odbccp32.c:12
_SEH2_FINALLY
Definition: create.c:4371
#define LOAD_LIBRARY_AS_DATAFILE
Definition: winbase.h:342
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:420
#define NULL
Definition: types.h:112
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LANG_USER_DEFAULT
Definition: tnerror.cpp:50

Referenced by BuildLogListAndFilterList(), and GetMessageStringFromDllList().

◆ GetMessageStringFromDllList()

LPWSTR GetMessageStringFromDllList ( IN LPCWSTR  lpMessageDllList,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 842 of file eventvwr.c.

848 {
849  BOOL Success = FALSE;
850  SIZE_T cbLength;
851  LPWSTR szMessageDllList;
852  LPWSTR szDll;
853  LPWSTR lpMsgBuf = NULL;
854 
855  /* Allocate a local buffer for the DLL list that can be tokenized */
856  // TODO: Optimize that!! Maybe we can cleverly use lpMessageDllList in read/write mode
857  // and cleverly temporarily replace the ';' by UNICODE_NULL, do our job, then reverse the change.
858  cbLength = (wcslen(lpMessageDllList) + 1) * sizeof(WCHAR);
859  szMessageDllList = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbLength);
860  if (!szMessageDllList)
861  return NULL;
862  CopyMemory(szMessageDllList, lpMessageDllList, cbLength);
863 
864  /* Loop through the list of message DLLs */
865  szDll = wcstok(szMessageDllList, EVENT_DLL_SEPARATOR);
866  while ((szDll != NULL) && !Success)
867  {
868  // Uses LANG_USER_DEFAULT
869  lpMsgBuf = GetMessageStringFromDll(szDll,
870  dwFlags,
871  dwMessageId,
872  nSize,
873  Arguments);
874  if (lpMsgBuf)
875  {
876  /* The ID was found and the message was formatted */
877  Success = TRUE;
878  break;
879  }
880 
881  /*
882  * The DLL could not be loaded, or the message could not be found,
883  * try the next DLL, if any.
884  */
885  szDll = wcstok(NULL, EVENT_DLL_SEPARATOR);
886  }
887 
888  HeapFree(GetProcessHeap(), 0, szMessageDllList);
889 
890  return lpMsgBuf;
891 }
#define TRUE
Definition: types.h:120
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2061
_Check_return_ _CRTIMP wchar_t *__cdecl wcstok(_Inout_opt_z_ wchar_t *_Str, _In_z_ const wchar_t *_Delim)
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:738
#define EVENT_DLL_SEPARATOR
Definition: eventvwr.c:38
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GetProcessHeap()
Definition: compat.h:736
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define CopyMemory
Definition: winbase.h:1668
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define HeapFree(x, y, z)
Definition: compat.h:735

Referenced by ApplyParameterStringsToMessage(), GetEventCategory(), and GetEventMessage().

◆ GetSelectedFilter()

PEVENTLOGFILTER GetSelectedFilter ( OUT HTREEITEM *phti  OPTIONAL)

Definition at line 2432 of file eventvwr.c.

2433 {
2434  TVITEMEXW tvItemEx;
2435  HTREEITEM hti;
2436 
2437  if (phti)
2438  *phti = NULL;
2439 
2440  /* Get index of selected item */
2442  if (hti == NULL)
2443  return NULL; // No filter
2444 
2445  tvItemEx.mask = TVIF_PARAM;
2446  tvItemEx.hItem = hti;
2447 
2448  TreeView_GetItem(hwndTreeView, &tvItemEx);
2449 
2450  if (phti)
2451  *phti = tvItemEx.hItem;
2452 
2453  return (PEVENTLOGFILTER)tvItemEx.lParam;
2454 }
LPARAM lParam
Definition: commctrl.h:3355
#define TreeView_GetSelection(hwnd)
Definition: commctrl.h:3473
HWND hwndTreeView
Definition: eventvwr.c:65
HTREEITEM hItem
Definition: commctrl.h:3347
#define NULL
Definition: types.h:112
#define TVIF_PARAM
Definition: commctrl.h:3268
#define TreeView_GetItem(hwnd, pitem)
Definition: commctrl.h:3490

Referenced by EventLogPropProc(), and WndProc().

◆ InitInstance()

BOOL InitInstance ( HINSTANCE  hInstance)

Definition at line 3033 of file eventvwr.c.

3034 {
3035  RECT rcClient, rs;
3036  LONG StatusHeight;
3037  HIMAGELIST hSmall;
3038  LVCOLUMNW lvc = {0};
3039  WCHAR szTemp[256];
3040 
3041  /* Create the main window */
3042  rs = Settings.wpPos.rcNormalPosition;
3044  szTitle,
3046  rs.left, rs.top,
3047  (rs.right != CW_USEDEFAULT && rs.left != CW_USEDEFAULT) ? rs.right - rs.left : CW_USEDEFAULT,
3048  (rs.bottom != CW_USEDEFAULT && rs.top != CW_USEDEFAULT) ? rs.bottom - rs.top : CW_USEDEFAULT,
3049  NULL,
3050  NULL,
3051  hInstance,
3052  NULL);
3053  if (!hwndMainWindow)
3054  return FALSE;
3055 
3056  /* Create the status bar */
3057  hwndStatus = CreateWindowExW(0, // no extended styles
3058  STATUSCLASSNAMEW, // status bar
3059  L"", // no text
3060  WS_CHILD | WS_VISIBLE | CCS_BOTTOM | SBARS_SIZEGRIP, // styles
3061  0, 0, 0, 0, // x, y, cx, cy
3062  hwndMainWindow, // parent window
3063  (HMENU)100, // window ID
3064  hInstance, // instance
3065  NULL); // window data
3066 
3067  GetClientRect(hwndMainWindow, &rcClient);
3068  GetWindowRect(hwndStatus, &rs);
3069  StatusHeight = rs.bottom - rs.top;
3070 
3071  /* Create a progress bar in the status bar (hidden by default) */
3073  hwndStatusProgress = CreateWindowExW(0, // no extended styles
3074  PROGRESS_CLASSW, // status bar
3075  NULL, // no text
3076  WS_CHILD | PBS_SMOOTH, // styles
3077  rs.left, rs.top, // x, y
3078  rs.right - rs.left, rs.bottom - rs.top, // cx, cy
3079  hwndStatus, // parent window
3080  NULL, // window ID
3081  hInstance, // instance
3082  NULL); // window data
3083  /* Remove its static edge */
3087 
3088  /* Initialize the splitter default positions */
3089  nVSplitPos = Settings.nVSplitPos;
3090  nHSplitPos = Settings.nHSplitPos;
3091 
3092  /* Create the TreeView */
3094  WC_TREEVIEWW,
3095  NULL,
3096  // WS_CHILD | WS_VISIBLE | TVS_HASLINES | TVS_SHOWSELALWAYS,
3098  0, 0,
3099  nVSplitPos - SPLIT_WIDTH/2,
3100  (rcClient.bottom - rcClient.top) - StatusHeight,
3102  NULL,
3103  hInstance,
3104  NULL);
3105 
3106  /* Create the ImageList */
3109  ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3110  1, 1);
3111 
3112  /* Add event type icons to the ImageList: closed/opened folder, event log (normal/viewed) */
3117 
3118  /* Assign the ImageList to the Tree View */
3120 
3121  /* Add the event logs nodes */
3122  // "System Logs"
3125  // "Application Logs"
3126  LoadStringW(hInstance, IDS_EVENTLOG_APP, szTemp, ARRAYSIZE(szTemp));
3127  htiAppLogs = TreeViewAddItem(hwndTreeView, NULL, szTemp, 0, 1, (LPARAM)NULL);
3128  // "User Logs"
3129  LoadStringW(hInstance, IDS_EVENTLOG_USER, szTemp, ARRAYSIZE(szTemp));
3131 
3132  /* Create the Event details pane (optional) */
3134  if (hwndEventDetails)
3135  {
3139  nVSplitPos + SPLIT_WIDTH/2,
3140  nHSplitPos + SPLIT_WIDTH/2,
3141  (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3142  (rcClient.bottom - rcClient.top) - nHSplitPos - SPLIT_WIDTH/2 - StatusHeight,
3144  }
3145 
3146  /* Create the ListView */
3148  WC_LISTVIEWW,
3149  NULL,
3151  nVSplitPos + SPLIT_WIDTH/2,
3152  0,
3153  (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3154