ReactOS  0.4.12-dev-51-ge94618b
eventvwr.c File Reference
#include "eventvwr.h"
#include "evtdetctl.h"
#include <sddl.h>
#include <shellapi.h>
#include <shlwapi.h>
Include dependency graph for eventvwr.c:

Go to the source code of this file.

Classes

struct  _SETTINGS
 
struct  param_strings_format_data
 

Macros

#define LVM_PROGRESS   (WM_APP + 1)
 
#define EVENT_MESSAGE_EVENTTEXT_BUFFER   1024*10
 
#define EVENT_MESSAGE_FILE_BUFFER   1024*10
 
#define EVENT_DLL_SEPARATOR   L";"
 
#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"
 
#define EVENT_MESSAGE_FILE   L"EventMessageFile"
 
#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"
 
#define MAX_LOADSTRING   255
 
#define SPLIT_WIDTH   4
 

Typedefs

typedef struct _SETTINGS SETTINGS
 
typedef struct _SETTINGSPSETTINGS
 

Functions

static DWORD WINAPI StartStopEnumEventsThread (IN LPVOID lpParameter)
 
VOID OpenUserEventLogFile (IN LPCWSTR lpszFileName)
 
VOID BuildLogListAndFilterList (IN LPCWSTR lpComputerName)
 
VOID FreeLogList (VOID)
 
VOID FreeLogFilterList (VOID)
 
ATOM MyRegisterClass (HINSTANCE)
 
BOOL InitInstance (HINSTANCE)
 
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM)
 
INT_PTR EventLogProperties (HINSTANCE, HWND, PEVENTLOGFILTER)
 
INT_PTR CALLBACK EventDetails (HWND, UINT, WPARAM, LPARAM)
 
VOID ShowWin32Error (IN DWORD dwError)
 
VOID DisplayUsage (VOID)
 
BOOL ProcessCmdLine (IN LPWSTR lpCmdLine)
 
BOOL LoadSettings (int nDefCmdShow)
 
BOOL SaveSettings (VOID)
 
int APIENTRY wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
 
VOID EventTimeToSystemTime (IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
 
LPWSTR GetMessageStringFromDll (IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
LPWSTR GetMessageStringFromDllList (IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
DWORD ApplyParameterStringsToMessage (IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
 
UINT FormatInteger (LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
 
UINT FormatByteSize (LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
 
LPWSTR FormatFileSizeWithBytes (const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
 
BOOL GetFileTimeString (LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
 
HTREEITEM TreeViewAddItem (IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
 
PEVENTLOG AllocEventLog (IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
 
VOID EventLog_Free (IN PEVENTLOG EventLog)
 
PWSTR AllocAndCopyMultiStr (IN PCWSTR MultiStr OPTIONAL)
 
PEVENTLOGFILTER AllocEventLogFilter (IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
 
VOID EventLogFilter_Free (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_AddRef (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_Release (IN PEVENTLOGFILTER EventLogFilter)
 
void TrimNulls (LPWSTR s)
 
DWORD GetExpandedFilePathName (IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
 
BOOL GetEventMessageFileDLL (IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
 
BOOL GetEventCategory (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
 
BOOL GetEventMessage (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR EventText)
 
VOID GetEventType (IN WORD dwEventType, OUT PWCHAR eventTypeText)
 
BOOL GetEventUserName (IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
 
static VOID FreeRecords (VOID)
 
BOOL FilterByType (IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
 
BOOL FilterByString (IN PCWSTR FilterString, IN PWSTR String)
 
static DWORD WINAPI EnumEventsThread (IN LPVOID lpParameter)
 
VOID EnumEvents (IN PEVENTLOGFILTER EventLogFilter)
 
PEVENTLOGFILTER GetSelectedFilter (OUT HTREEITEM *phti OPTIONAL)
 
VOID OpenUserEventLog (VOID)
 
VOID SaveEventLog (IN PEVENTLOGFILTER EventLogFilter)
 
VOID CloseUserEventLog (IN PEVENTLOGFILTER EventLogFilter, IN HTREEITEM hti)
 
BOOL ClearEvents (IN PEVENTLOGFILTER EventLogFilter)
 
VOID Refresh (IN PEVENTLOGFILTER EventLogFilter)
 
BOOL GetDisplayNameFileAndID (IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
 
VOID ResizeWnd (INT cx, INT cy)
 
static VOID InitPropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
INT_PTR CALLBACK EventLogPropProc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 

Variables

static const LPCWSTR EVENTVWR_WNDCLASS = L"EVENTVWR"
 
static const LPCWSTR EVENTLOG_BASE_KEY = L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
 
static const LPCWSTR EVNTVWR_PARAM_KEY = L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Event Viewer"
 
static const LPCWSTR SystemLogs []
 
HINSTANCE hInst
 
WCHAR szTitle [MAX_LOADSTRING]
 
WCHAR szTitleTemplate [MAX_LOADSTRING]
 
WCHAR szStatusBarTemplate [MAX_LOADSTRING]
 
WCHAR szLoadingWait [MAX_LOADSTRING]
 
WCHAR szEmptyList [MAX_LOADSTRING]
 
WCHAR szSaveFilter [MAX_LOADSTRING]
 
INT nVSplitPos
 
INT nHSplitPos
 
BYTE bSplit = 0
 
HWND hwndMainWindow = NULL
 
HWND hwndTreeView
 
HWND hwndListView
 
HWND hwndEventDetails
 
HWND hwndStatus
 
HWND hwndStatusProgress
 
HMENU hMainMenu
 
HTREEITEM htiSystemLogs = NULL
 
HTREEITEM htiAppLogs = NULL
 
HTREEITEM htiUserLogs = NULL
 
LPWSTR lpComputerName = NULL
 
LPWSTR lpszzUserLogsToLoad = NULL
 
SIZE_T cbUserLogsSize = 0
 
HKEY hkMachine = NULL
 
DWORD g_TotalRecords = 0
 
PEVENTLOGRECORDg_RecordPtrs = NULL
 
LIST_ENTRY EventLogList
 
LIST_ENTRY EventLogFilterList
 
PEVENTLOGFILTER ActiveFilter = NULL
 
HANDLE hEnumEventsThread = NULL
 
HANDLE hStopEnumEvent = NULL
 
PEVENTLOGFILTER EnumFilter = NULL
 
HANDLE hStartStopEnumEvent = NULL
 
HANDLE hStartEnumEvent = NULL
 
OPENFILENAMEW sfn
 
SETTINGS Settings
 
static HWND hWndDetailsCtrl = NULL
 
static HWND hWndGrip = NULL
 
static INT cxMin
 
static INT cyMin
 
static INT cxOld
 
static INT cyOld
 

Macro Definition Documentation

◆ EVENT_CATEGORY_MESSAGE_FILE

#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"

Definition at line 56 of file eventvwr.c.

Referenced by GetEventCategory().

◆ EVENT_DLL_SEPARATOR

#define EVENT_DLL_SEPARATOR   L";"

Definition at line 55 of file eventvwr.c.

Referenced by GetMessageStringFromDllList().

◆ EVENT_MESSAGE_EVENTTEXT_BUFFER

#define EVENT_MESSAGE_EVENTTEXT_BUFFER   1024*10

Definition at line 53 of file eventvwr.c.

Referenced by GetEventMessage().

◆ EVENT_MESSAGE_FILE

#define EVENT_MESSAGE_FILE   L"EventMessageFile"

Definition at line 57 of file eventvwr.c.

Referenced by GetEventMessage().

◆ EVENT_MESSAGE_FILE_BUFFER

#define EVENT_MESSAGE_FILE_BUFFER   1024*10

Definition at line 54 of file eventvwr.c.

Referenced by GetEventCategory().

◆ EVENT_PARAMETER_MESSAGE_FILE

#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"

Definition at line 58 of file eventvwr.c.

Referenced by GetEventMessage().

◆ LVM_PROGRESS

#define LVM_PROGRESS   (WM_APP + 1)

Definition at line 38 of file eventvwr.c.

Referenced by EnumEventsThread().

◆ MAX_LOADSTRING

#define MAX_LOADSTRING   255

Definition at line 60 of file eventvwr.c.

Referenced by ClearEvents(), EnumEventsThread(), GetEventType(), InitPropertiesDlg(), and WndProc().

◆ SPLIT_WIDTH

Typedef Documentation

◆ PSETTINGS

◆ SETTINGS

Function Documentation

◆ AllocAndCopyMultiStr()

PWSTR AllocAndCopyMultiStr ( IN PCWSTR MultiStr  OPTIONAL)

Definition at line 1347 of file eventvwr.c.

Referenced by AllocEventLogFilter().

1348 {
1349  PWSTR pStr;
1350  ULONG Length;
1351 
1352  if (!MultiStr)
1353  return NULL;
1354 
1355  pStr = (PWSTR)MultiStr;
1356  while (*pStr) pStr += (wcslen(pStr) + 1);
1357  Length = MultiStr - pStr + 2;
1358 
1359  pStr = HeapAlloc(GetProcessHeap(), 0, Length * sizeof(WCHAR));
1360  // NOTE: If we failed allocating the string, then fall back into no filter!
1361  if (pStr)
1362  RtlCopyMemory(pStr, MultiStr, Length * sizeof(WCHAR));
1363 
1364  return pStr;
1365 }
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
__wchar_t WCHAR
Definition: xmlstorage.h:180
uint16_t * PWSTR
Definition: typedefs.h:54
smooth NULL
Definition: ftsmooth.c:416
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
unsigned int ULONG
Definition: retypes.h:1
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

◆ AllocEventLog()

PEVENTLOG AllocEventLog ( IN PCWSTR ComputerName  OPTIONAL,
IN PCWSTR  LogName,
IN BOOL  Permanent 
)

Definition at line 1292 of file eventvwr.c.

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

1295 {
1296  PEVENTLOG EventLog;
1297  UINT cchName;
1298 
1299  /* Allocate a new event log entry */
1300  EventLog = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*EventLog));
1301  if (!EventLog)
1302  return NULL;
1303 
1304  /* Allocate the computer name string (optional) and copy it */
1305  if (ComputerName)
1306  {
1307  cchName = wcslen(ComputerName) + 1;
1308  EventLog->ComputerName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1309  if (EventLog->ComputerName)
1310  StringCchCopyW(EventLog->ComputerName, cchName, ComputerName);
1311  }
1312 
1313  /* Allocate the event log name string and copy it */
1314  cchName = wcslen(LogName) + 1;
1315  EventLog->LogName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1316  if (!EventLog->LogName)
1317  {
1318  if (EventLog->ComputerName)
1319  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1320  HeapFree(GetProcessHeap(), 0, EventLog);
1321  return NULL;
1322  }
1323  StringCchCopyW(EventLog->LogName, cchName, LogName);
1324 
1325  EventLog->Permanent = Permanent;
1326 
1327  return EventLog;
1328 }
PWSTR LogName
Definition: eventvwr.h:90
__wchar_t WCHAR
Definition: xmlstorage.h:180
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2706
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
smooth NULL
Definition: ftsmooth.c:416
PWSTR ComputerName
Definition: eventvwr.h:87
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
unsigned int UINT
Definition: ndis.h:50
BOOL Permanent
Definition: eventvwr.h:94
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394

◆ AllocEventLogFilter()

PEVENTLOGFILTER AllocEventLogFilter ( IN BOOL  Information,
IN BOOL  Warning,
IN BOOL  Error,
IN BOOL  AuditSuccess,
IN BOOL  AuditFailure,
IN PCWSTR Sources  OPTIONAL,
IN PCWSTR Users  OPTIONAL,
IN PCWSTR ComputerNames  OPTIONAL,
IN ULONG  NumOfEventLogs,
IN PEVENTLOG EventLogs 
)

Definition at line 1368 of file eventvwr.c.

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

1379 {
1380  PEVENTLOGFILTER EventLogFilter;
1381 
1382  /* Allocate a new event log filter entry, big enough to accommodate the list of logs */
1383  EventLogFilter = HeapAlloc(GetProcessHeap(),
1385  FIELD_OFFSET(EVENTLOGFILTER, EventLogs[NumOfEventLogs]));
1386  if (!EventLogFilter)
1387  return NULL;
1388 
1389  EventLogFilter->Information = Information;
1390  EventLogFilter->Warning = Warning;
1391  EventLogFilter->Error = Error;
1392  EventLogFilter->AuditSuccess = AuditSuccess;
1393  EventLogFilter->AuditFailure = AuditFailure;
1394 
1395  /* Allocate and copy the sources, users, and computers multi-strings */
1396  EventLogFilter->Sources = AllocAndCopyMultiStr(Sources);
1397  EventLogFilter->Users = AllocAndCopyMultiStr(Users);
1398  EventLogFilter->ComputerNames = AllocAndCopyMultiStr(ComputerNames);
1399 
1400  /* Copy the list of event logs */
1401  EventLogFilter->NumOfEventLogs = NumOfEventLogs;
1402  RtlCopyMemory(EventLogFilter->EventLogs, EventLogs, NumOfEventLogs * sizeof(PEVENTLOG));
1403 
1404  /* Initialize the filter reference count */
1405  EventLogFilter->ReferenceCount = 1;
1406 
1407  return EventLogFilter;
1408 }
BOOL AuditSuccess
Definition: eventvwr.h:117
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
BOOL Information
Definition: eventvwr.h:114
ULONG NumOfEventLogs
Definition: eventvwr.h:134
BOOL AuditFailure
Definition: eventvwr.h:118
PWSTR ComputerNames
Definition: eventvwr.h:131
smooth NULL
Definition: ftsmooth.c:416
PWSTR AllocAndCopyMultiStr(IN PCWSTR MultiStr OPTIONAL)
Definition: eventvwr.c:1347
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
BOOL Error
Definition: chkdsk.c:66
LONG ReferenceCount
Definition: eventvwr.h:106
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
Iosb Information
Definition: create.c:4377

◆ ApplyParameterStringsToMessage()

DWORD ApplyParameterStringsToMessage ( IN LPCWSTR  lpMessageDllList,
IN BOOL  bMessagePreFormatted,
IN CONST LPCWSTR  pMessage,
OUT LPWSTR pFinalMessage 
)

Definition at line 916 of file eventvwr.c.

Referenced by GetEventMessage().

921 {
922  /*
923  * This code is heavily adapted from the MSDN example:
924  * https://msdn.microsoft.com/en-us/library/windows/desktop/bb427356.aspx
925  * with bugs removed.
926  */
927 
929  DWORD dwParamCount = 0; // Number of insertion strings found in pMessage
930  size_t cchBuffer = 0; // Size of the buffer in characters
931  size_t cchParams = 0; // Number of characters in all the parameter strings
932  size_t cch = 0;
933  DWORD i = 0;
934  param_strings_format_data* pParamData = NULL; // Array of pointers holding information about each parameter string in pMessage
935  LPWSTR pTempMessage = (LPWSTR)pMessage;
936  LPWSTR pTempFinalMessage = NULL;
937 
938  *pFinalMessage = NULL;
939 
940  /* Determine the number of parameter insertion strings in pMessage */
941  if (bMessagePreFormatted)
942  {
943  while ((pTempMessage = wcschr(pTempMessage, L'%')))
944  {
945  pTempMessage++;
946  if (iswdigit(*pTempMessage))
947  {
948  dwParamCount++;
949  while (iswdigit(*++pTempMessage)) ;
950  }
951  }
952  }
953  else
954  {
955  while ((pTempMessage = wcsstr(pTempMessage, L"%%")))
956  {
957  pTempMessage += 2;
958  if (iswdigit(*pTempMessage))
959  {
960  dwParamCount++;
961  while (iswdigit(*++pTempMessage)) ;
962  }
963  }
964  }
965 
966  /* If there are no parameter insertion strings in pMessage, just return */
967  if (dwParamCount == 0)
968  {
969  // *pFinalMessage = NULL;
970  goto Cleanup;
971  }
972 
973  /* Allocate the array of parameter string format data */
974  pParamData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwParamCount * sizeof(param_strings_format_data));
975  if (!pParamData)
976  {
977  Status = ERROR_OUTOFMEMORY;
978  goto Cleanup;
979  }
980 
981  /*
982  * Retrieve each parameter in pMessage and the beginning and end of the
983  * insertion string, as well as the message identifier of the parameter.
984  */
985  pTempMessage = (LPWSTR)pMessage;
986  if (bMessagePreFormatted)
987  {
988  while ((pTempMessage = wcschr(pTempMessage, L'%')) && (i < dwParamCount))
989  {
990  pTempMessage++;
991  if (iswdigit(*pTempMessage))
992  {
993  pParamData[i].pStartingAddress = pTempMessage-1;
994  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
995 
996  while (iswdigit(*++pTempMessage)) ;
997 
998  pParamData[i].pEndingAddress = pTempMessage;
999  i++;
1000  }
1001  }
1002  }
1003  else
1004  {
1005  while ((pTempMessage = wcsstr(pTempMessage, L"%%")) && (i < dwParamCount))
1006  {
1007  pTempMessage += 2;
1008  if (iswdigit(*pTempMessage))
1009  {
1010  pParamData[i].pStartingAddress = pTempMessage-2;
1011  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
1012 
1013  while (iswdigit(*++pTempMessage)) ;
1014 
1015  pParamData[i].pEndingAddress = pTempMessage;
1016  i++;
1017  }
1018  }
1019  }
1020 
1021  /* Retrieve each parameter string */
1022  for (i = 0; i < dwParamCount; i++)
1023  {
1024  // pParamData[i].pParameter = GetMessageString(pParamData[i].pParameterID, 0, NULL);
1025  pParamData[i].pParameter =
1026  GetMessageStringFromDllList(lpMessageDllList,
1029  pParamData[i].pParameterID,
1030  0, NULL);
1031  if (!pParamData[i].pParameter)
1032  {
1033  /* Skip the insertion string */
1034  continue;
1035  }
1036 
1037  cchParams += wcslen(pParamData[i].pParameter);
1038  }
1039 
1040  /*
1041  * Allocate the final message buffer, the size of which is based on the
1042  * length of the original message and the length of each parameter string.
1043  */
1044  cchBuffer = wcslen(pMessage) + cchParams + 1;
1045  *pFinalMessage = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cchBuffer * sizeof(WCHAR));
1046  if (!*pFinalMessage)
1047  {
1048  Status = ERROR_OUTOFMEMORY;
1049  goto Cleanup;
1050  }
1051 
1052  pTempFinalMessage = *pFinalMessage;
1053 
1054  /* Build the final message string */
1055  pTempMessage = (LPWSTR)pMessage;
1056  for (i = 0; i < dwParamCount; i++)
1057  {
1058  /* Append the segment from pMessage */
1059  cch = pParamData[i].pStartingAddress - pTempMessage;
1060  StringCchCopyNW(pTempFinalMessage, cchBuffer, pTempMessage, cch);
1061  pTempMessage = pParamData[i].pEndingAddress;
1062  cchBuffer -= cch;
1063  pTempFinalMessage += cch;
1064 
1065  /* Append the parameter string */
1066  if (pParamData[i].pParameter)
1067  {
1068  StringCchCopyW(pTempFinalMessage, cchBuffer, pParamData[i].pParameter);
1069  cch = wcslen(pParamData[i].pParameter); // pTempFinalMessage
1070  }
1071  else
1072  {
1073  /*
1074  * We failed to retrieve the parameter string before, so just
1075  * place back the original string placeholder.
1076  */
1077  cch = pParamData[i].pEndingAddress /* == pTempMessage */ - pParamData[i].pStartingAddress;
1078  StringCchCopyNW(pTempFinalMessage, cchBuffer, pParamData[i].pStartingAddress, cch);
1079  // cch = wcslen(pTempFinalMessage);
1080  }
1081  cchBuffer -= cch;
1082  pTempFinalMessage += cch;
1083  }
1084 
1085  /* Append the last segment from pMessage */
1086  StringCchCopyW(pTempFinalMessage, cchBuffer, pTempMessage);
1087 
1088 Cleanup:
1089 
1090  // if (Status != ERROR_SUCCESS)
1091  // *pFinalMessage = NULL;
1092 
1093  if (pParamData)
1094  {
1095  for (i = 0; i < dwParamCount; i++)
1096  {
1097  if (pParamData[i].pParameter)
1098  LocalFree(pParamData[i].pParameter);
1099  }
1100 
1101  HeapFree(GetProcessHeap(), 0, pParamData);
1102  }
1103 
1104  return Status;
1105 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
#define ERROR_SUCCESS
Definition: deptool.c:10
__wchar_t WCHAR
Definition: xmlstorage.h:180
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define DWORD
Definition: msvc.h:34
#define iswdigit(_c)
Definition: ctype.h:667
GLenum GLclampf GLint i
Definition: glfuncs.h:14
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
static DWORD cchBuffer
Definition: fusion.c:83
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:201
smooth NULL
Definition: ftsmooth.c:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR L[]
Definition: oid.c:1087
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
_Check_return_ _CRTIMP long __cdecl _wtol(_In_z_ const wchar_t *_Str)
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:855
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

◆ BuildLogListAndFilterList()

VOID BuildLogListAndFilterList ( IN LPCWSTR  lpComputerName)

Definition at line 2792 of file eventvwr.c.

Referenced by wWinMain().

2793 {
2794  LONG Result;
2795  HKEY hEventLogKey, hLogKey;
2796  DWORD dwNumLogs = 0;
2797  DWORD dwIndex, dwMaxKeyLength;
2798  DWORD dwType;
2799  PEVENTLOG EventLog;
2800  PEVENTLOGFILTER EventLogFilter;
2801  LPWSTR LogName = NULL;
2803  DWORD lpcName;
2804  DWORD dwMessageID;
2806  HTREEITEM hRootNode = NULL, hItem = NULL, hItemDefault = NULL;
2807 
2809  {
2810  /* We are connected to some other computer, close the old connection */
2812  hkMachine = NULL;
2813  }
2814  if (!lpComputerName || !*lpComputerName)
2815  {
2816  /* Use the local computer registry */
2818  }
2819  else
2820  {
2821  /* Connect to the remote computer registry */
2823  if (Result != ERROR_SUCCESS)
2824  {
2825  /* Connection failed, display a message and bail out */
2826  hkMachine = NULL;
2828  return;
2829  }
2830  }
2831 
2832  /* Open the EventLog key */
2833  Result = RegOpenKeyExW(hkMachine, EVENTLOG_BASE_KEY, 0, KEY_READ, &hEventLogKey);
2834  if (Result != ERROR_SUCCESS)
2835  {
2836  return;
2837  }
2838 
2839  /* Retrieve the number of event logs enumerated as registry keys */
2840  Result = RegQueryInfoKeyW(hEventLogKey, NULL, NULL, NULL, &dwNumLogs, &dwMaxKeyLength,
2841  NULL, NULL, NULL, NULL, NULL, NULL);
2842  if (Result != ERROR_SUCCESS)
2843  {
2844  goto Quit;
2845  }
2846  if (!dwNumLogs)
2847  goto Quit;
2848 
2849  /* Take the NULL terminator into account */
2850  ++dwMaxKeyLength;
2851 
2852  /* Allocate the temporary buffer */
2853  LogName = HeapAlloc(GetProcessHeap(), 0, dwMaxKeyLength * sizeof(WCHAR));
2854  if (!LogName)
2855  goto Quit;
2856 
2857  /* Enumerate and retrieve each event log name */
2858  for (dwIndex = 0; dwIndex < dwNumLogs; dwIndex++)
2859  {
2860  lpcName = dwMaxKeyLength;
2861  Result = RegEnumKeyExW(hEventLogKey, dwIndex, LogName, &lpcName, NULL, NULL, NULL, NULL);
2862  if (Result != ERROR_SUCCESS)
2863  continue;
2864 
2865  /* Take the NULL terminator into account */
2866  ++lpcName;
2867 
2868  /* Allocate a new event log entry */
2869  EventLog = AllocEventLog(lpComputerName, LogName, TRUE);
2870  if (EventLog == NULL)
2871  continue;
2872 
2873  /* Allocate a new event log filter entry for this event log */
2874  EventLogFilter = AllocEventLogFilter(// LogName,
2875  TRUE, TRUE, TRUE, TRUE, TRUE,
2876  NULL, NULL, NULL,
2877  1, &EventLog);
2878  if (EventLogFilter == NULL)
2879  {
2880  EventLog_Free(EventLog);
2881  continue;
2882  }
2883 
2884  /* Add the event log and the filter into their lists */
2885  InsertTailList(&EventLogList, &EventLog->ListEntry);
2886  InsertTailList(&EventLogFilterList, &EventLogFilter->ListEntry);
2887 
2888  EventLog->FileName = NULL;
2889 
2890  /* Retrieve and cache the event log file */
2891  Result = RegOpenKeyExW(hEventLogKey,
2892  LogName,
2893  0,
2895  &hLogKey);
2896  if (Result == ERROR_SUCCESS)
2897  {
2898  lpcName = 0;
2899  Result = RegQueryValueExW(hLogKey,
2900  L"File",
2901  NULL,
2902  &dwType,
2903  NULL,
2904  &lpcName);
2905  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2906  {
2907  // Windows' EventLog uses some kind of default value, we do not.
2908  EventLog->FileName = NULL;
2909  }
2910  else
2911  {
2912  lpcName = ROUND_DOWN(lpcName, sizeof(WCHAR));
2913  EventLog->FileName = HeapAlloc(GetProcessHeap(), 0, lpcName);
2914  if (EventLog->FileName)
2915  {
2916  Result = RegQueryValueExW(hLogKey,
2917  L"File",
2918  NULL,
2919  &dwType,
2920  (LPBYTE)EventLog->FileName,
2921  &lpcName);
2922  if (Result != ERROR_SUCCESS)
2923  {
2924  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
2925  EventLog->FileName = NULL;
2926  }
2927  else
2928  {
2929  EventLog->FileName[lpcName / sizeof(WCHAR) - 1] = UNICODE_NULL;
2930  }
2931  }
2932  }
2933 
2934  RegCloseKey(hLogKey);
2935  }
2936 
2937  /* Get the display name for the event log */
2938  lpDisplayName = NULL;
2939 
2940  ZeroMemory(szModuleName, sizeof(szModuleName));
2941  if (GetDisplayNameFileAndID(LogName, szModuleName, &dwMessageID))
2942  {
2943  /* Retrieve the message string without appending extra newlines */
2944  lpDisplayName =
2945  GetMessageStringFromDll(szModuleName,
2948  dwMessageID,
2949  0,
2950  NULL);
2951  }
2952 
2953  /*
2954  * Select the correct tree root node, whether the log is a System
2955  * or an Application log. Default to Application log otherwise.
2956  */
2957  hRootNode = htiAppLogs;
2958  for (lpcName = 0; lpcName < ARRAYSIZE(SystemLogs); ++lpcName)
2959  {
2960  /* Check whether the log name is part of the system logs */
2961  if (wcsicmp(LogName, SystemLogs[lpcName]) == 0)
2962  {
2963  hRootNode = htiSystemLogs;
2964  break;
2965  }
2966  }
2967 
2968  hItem = TreeViewAddItem(hwndTreeView, hRootNode,
2969  (lpDisplayName ? lpDisplayName : LogName),
2970  2, 3, (LPARAM)EventLogFilter);
2971 
2972  /* Try to get the default event log: "Application" */
2973  if ((hItemDefault == NULL) && (wcsicmp(LogName, SystemLogs[0]) == 0))
2974  {
2975  hItemDefault = hItem;
2976  }
2977 
2978  /* Free the buffer allocated by FormatMessage */
2979  if (lpDisplayName)
2980  LocalFree(lpDisplayName);
2981  }
2982 
2983  HeapFree(GetProcessHeap(), 0, LogName);
2984 
2985 Quit:
2986  RegCloseKey(hEventLogKey);
2987 
2988  /* Select the default event log */
2989  if (hItemDefault)
2990  {
2991  // TreeView_Expand(hwndTreeView, hRootNode, TVE_EXPAND);
2992  TreeView_SelectItem(hwndTreeView, hItemDefault);
2993  TreeView_EnsureVisible(hwndTreeView, hItemDefault);
2994  }
2997 
2998  return;
2999 }
#define TRUE
Definition: types.h:120
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
#define ERROR_SUCCESS
Definition: deptool.c:10
LIST_ENTRY ListEntry
Definition: eventvwr.h:104
#define KEY_READ
Definition: nt_native.h:1023
__wchar_t WCHAR
Definition: xmlstorage.h:180
HTREEITEM htiSystemLogs
Definition: eventvwr.c:89
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define ZeroMemory
Definition: winbase.h:1635
HWND WINAPI SetFocus(_In_opt_ HWND)
#define InsertTailList(ListHead, Entry)
#define WCHAR
Definition: msvc.h:43
HKEY hkMachine
Definition: eventvwr.c:95
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:103
static const LPCWSTR SystemLogs[]
Definition: eventvwr.c:45
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:751
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:52
#define UNICODE_NULL
long LONG
Definition: pedump.c:60
LONG_PTR LPARAM
Definition: windef.h:208
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
HTREEITEM hItem
Definition: treelist.h:37
PEVENTLOG AllocEventLog(IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
Definition: eventvwr.c:1292
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
BOOL GetDisplayNameFileAndID(IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
Definition: eventvwr.c:2718
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4134
LIST_ENTRY ListEntry
Definition: eventvwr.h:83
#define MAX_PATH
Definition: compat.h:26
#define RegConnectRegistry
Definition: winreg.h:495
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
unsigned long DWORD
Definition: ntddk_ex.h:95
HTREEITEM TreeViewAddItem(IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
Definition: eventvwr.c:1262
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:41
HTREEITEM htiAppLogs
Definition: eventvwr.c:89
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3704
HWND hwndTreeView
Definition: eventvwr.c:82
static const WCHAR L[]
Definition: oid.c:1087
PWSTR FileName
Definition: eventvwr.h:91
#define wcsicmp
Definition: string.h:1152
LPWSTR lpComputerName
Definition: eventvwr.c:91
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:30
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
#define TreeView_EnsureVisible(hwnd, hitem)
Definition: commctrl.h:3512
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define TreeView_SelectItem(hwnd, hitem)
Definition: commctrl.h:3448
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
LIST_ENTRY EventLogList
Definition: eventvwr.c:102
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1331
PEVENTLOGFILTER AllocEventLogFilter(IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
Definition: eventvwr.c:1368
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3381
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:157
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2541
LPCWSTR LPCWSTR szModuleName
Definition: env.c:35
WCHAR * LPWSTR
Definition: xmlstorage.h:184
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2730
#define HeapFree(x, y, z)
Definition: compat.h:394
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define REG_SZ
Definition: layer.c:22

◆ ClearEvents()

BOOL ClearEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2621 of file eventvwr.c.

Referenced by WndProc().

2622 {
2623  BOOL Success;
2624  PEVENTLOG EventLog;
2625  HANDLE hEventLog;
2626  WCHAR szFileName[MAX_PATH];
2627  WCHAR szMessage[MAX_LOADSTRING];
2628 
2629  /* Bail out if there is no available filter */
2630  if (!EventLogFilter)
2631  return FALSE;
2632 
2633  ZeroMemory(szFileName, sizeof(szFileName));
2634  ZeroMemory(szMessage, sizeof(szMessage));
2635 
2636  LoadStringW(hInst, IDS_CLEAREVENTS_MSG, szMessage, ARRAYSIZE(szMessage));
2637 
2638  sfn.lpstrFile = szFileName;
2639  sfn.nMaxFile = ARRAYSIZE(szFileName);
2640 
2642  {
2643  case IDCANCEL:
2644  return FALSE;
2645 
2646  case IDNO:
2647  sfn.lpstrFile = NULL;
2648  break;
2649 
2650  case IDYES:
2651  if (!GetSaveFileNameW(&sfn))
2652  return FALSE;
2653  break;
2654  }
2655 
2656  EventLogFilter_AddRef(EventLogFilter);
2657 
2658  EventLog = EventLogFilter->EventLogs[0];
2659  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2660 
2661  EventLogFilter_Release(EventLogFilter);
2662 
2663  if (!hEventLog)
2664  {
2666  return FALSE;
2667  }
2668 
2669  Success = ClearEventLogW(hEventLog, sfn.lpstrFile);
2670  if (!Success)
2672 
2673  CloseEventLog(hEventLog);
2674  return Success;
2675 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:60
#define IDYES
Definition: winuser.h:829
#define IDS_CLEAREVENTS_MSG
Definition: resource.h:95
PWSTR LogName
Definition: eventvwr.h:90
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR lpstrFile
Definition: commdlg.h:367
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define ZeroMemory
Definition: winbase.h:1635
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:65
BOOL WINAPI GetSaveFileNameW(LPOPENFILENAMEW ofn)
Definition: filedlg.c:4286
HWND hwndMainWindow
Definition: eventvwr.c:81
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1425
smooth NULL
Definition: ftsmooth.c:416
#define MB_YESNOCANCEL
Definition: winuser.h:812
PWSTR ComputerName
Definition: eventvwr.h:87
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1431
unsigned int BOOL
Definition: ntddk_ex.h:94
OPENFILENAMEW sfn
Definition: eventvwr.c:118
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
#define MAX_PATH
Definition: compat.h:26
DWORD nMaxFile
Definition: commdlg.h:368
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:66
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:157
#define IDNO
Definition: winuser.h:830
#define IDCANCEL
Definition: winuser.h:825

◆ CloseUserEventLog()

VOID CloseUserEventLog ( IN PEVENTLOGFILTER  EventLogFilter,
IN HTREEITEM  hti 
)

Definition at line 2586 of file eventvwr.c.

Referenced by WndProc().

2587 {
2588  /* Bail out if there is no available filter */
2589  if (!EventLogFilter)
2590  return;
2591 
2592  if (InterlockedCompareExchangePointer((PVOID*)&ActiveFilter, NULL, NULL) == EventLogFilter)
2593  {
2594  /* Signal the enumerator thread we want to stop enumerating events */
2595  // EnumEvents(NULL);
2598  }
2599 
2600  /*
2601  * The deletion of the item automatically triggers a TVN_SELCHANGED
2602  * notification, that will reset the ActiveFilter (in case the item
2603  * selected is a filter). Otherwise we reset it there.
2604  */
2606 
2607  /* Remove the filter from the list */
2608  RemoveEntryList(&EventLogFilter->ListEntry);
2609  EventLogFilter_Release(EventLogFilter);
2610 
2611  // /* Select the default event log */
2612  // // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2613  // TreeView_SelectItem(hwndTreeView, hItem);
2614  // TreeView_EnsureVisible(hwndTreeView, hItem);
2617 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:679
HWND WINAPI SetFocus(_In_opt_ HWND)
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:104
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:113
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
smooth NULL
Definition: ftsmooth.c:416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1431
HANDLE hStartEnumEvent
Definition: eventvwr.c:115
#define TreeView_DeleteItem(hwnd, hitem)
Definition: commctrl.h:3382
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
HWND hwndTreeView
Definition: eventvwr.c:82

◆ DisplayUsage()

VOID DisplayUsage ( VOID  )

Definition at line 181 of file eventvwr.c.

Referenced by ProcessCmdLine().

182 {
184  LPCWSTR lpUsage;
185  INT iUsageLen = LoadStringW(hInst, IDS_USAGE, (LPWSTR)&lpUsage, 0);
186 
187  if (iUsageLen == 0)
188  return;
189 
190  lpBuffer = HeapAlloc(GetProcessHeap(), 0, (iUsageLen + 1) * sizeof(WCHAR));
191  if (!lpBuffer)
192  return;
193 
194  StringCchCopyNW(lpBuffer, iUsageLen + 1, lpUsage, iUsageLen);
196 
197  HeapFree(GetProcessHeap(), 0, lpBuffer);
198 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
__wchar_t WCHAR
Definition: xmlstorage.h:180
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
#define IDS_USAGE
Definition: resource.h:3
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int32_t INT
Definition: typedefs.h:56
HINSTANCE hInst
Definition: eventvwr.c:65
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:163
smooth NULL
Definition: ftsmooth.c:416
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
#define MB_ICONINFORMATION
Definition: winuser.h:796
#define MB_OK
Definition: winuser.h:784
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:66
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define HeapFree(x, y, z)
Definition: compat.h:394

◆ EnumEvents()

VOID EnumEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2431 of file eventvwr.c.

Referenced by Refresh(), and WndProc().

2432 {
2433  /* Signal the enumerator thread we want to enumerate events */
2434  InterlockedExchangePointer((PVOID*)&EnumFilter, EventLogFilter);
2436  return;
2437 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:679
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:113
HANDLE hStartEnumEvent
Definition: eventvwr.c:115
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45

◆ EnumEventsThread()

static DWORD WINAPI EnumEventsThread ( IN LPVOID  lpParameter)
static

HACK!!

Definition at line 1971 of file eventvwr.c.

Referenced by StartStopEnumEventsThread().

1972 {
1973  PEVENTLOGFILTER EventLogFilter = (PEVENTLOGFILTER)lpParameter;
1974  PEVENTLOG EventLog;
1975 
1976  ULONG LogIndex;
1977  HANDLE hEventLog;
1978  PEVENTLOGRECORD pEvlr = NULL;
1979  PBYTE pEvlrEnd;
1980  PBYTE pEvlrBuffer;
1981  DWORD dwWanted, dwRead, dwNeeded, dwStatus = ERROR_SUCCESS;
1982  DWORD dwTotalRecords = 0, dwCurrentRecord = 0;
1983  DWORD dwFlags, dwMaxLength;
1984  size_t cchRemaining;
1985  LPWSTR lpszSourceName;
1986  LPWSTR lpszComputerName;
1987  BOOL bResult = TRUE; /* Read succeeded */
1989  PSID pLastSid = NULL;
1990 
1991  UINT uStep = 0, uStepAt = 0, uPos = 0;
1992 
1993  WCHAR szWindowTitle[MAX_PATH];
1994  WCHAR szStatusText[MAX_PATH];
1995  WCHAR szLocalDate[MAX_PATH];
1996  WCHAR szLocalTime[MAX_PATH];
1997  WCHAR szEventID[MAX_PATH];
1998  WCHAR szEventTypeText[MAX_LOADSTRING];
1999  WCHAR szCategoryID[MAX_PATH];
2000  WCHAR szUsername[MAX_PATH];
2001  WCHAR szNoUsername[MAX_PATH];
2002  WCHAR szCategory[MAX_PATH];
2003  WCHAR szNoCategory[MAX_PATH];
2004  PWCHAR lpTitleTemplateEnd;
2005 
2006  SYSTEMTIME time;
2007  LVITEMW lviEventItem;
2008 
2009  /* Save the current event log filter globally */
2010  EventLogFilter_AddRef(EventLogFilter);
2011  ActiveFilter = EventLogFilter;
2012 
2013 
2015  EventLog = EventLogFilter->EventLogs[0];
2016 
2017  // FIXME: Use something else instead of EventLog->LogName !!
2018 
2019  /*
2020  * Use a different formatting, whether the event log filter holds
2021  * only one log, or many logs (the latter case is WIP TODO!)
2022  */
2023  if (EventLogFilter->NumOfEventLogs <= 1)
2024  {
2025  StringCchPrintfExW(szWindowTitle,
2026  ARRAYSIZE(szWindowTitle),
2027  &lpTitleTemplateEnd,
2028  &cchRemaining,
2029  0,
2030  szTitleTemplate, szTitle, EventLog->LogName); /* i = number of characters written */
2031  dwMaxLength = (DWORD)cchRemaining;
2032  if (!EventLog->ComputerName)
2033  GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
2034  else
2035  StringCchCopyW(lpTitleTemplateEnd, dwMaxLength, EventLog->ComputerName);
2036 
2037  StringCbPrintfW(szStatusText,
2038  sizeof(szStatusText),
2040  EventLog->LogName,
2041  0,
2042  0);
2043  }
2044  else
2045  {
2046  // TODO: Use a different title & implement filtering for multi-log filters !!
2047  // (EventLogFilter->NumOfEventLogs > 1)
2049  L"Many-logs filtering is not implemented yet!!",
2050  L"Event Log",
2052  }
2053 
2054  /* Set the window title */
2055  SetWindowTextW(hwndMainWindow, szWindowTitle);
2056 
2057  /* Update the status bar */
2058  StatusBar_SetText(hwndStatus, 0, szStatusText);
2059 
2060 
2061  /* Disable list view redraw */
2063 
2064  /* Clear the list view and free the cached records */
2066  FreeRecords();
2067 
2072 
2073  /* Do a loop over the logs enumerated in the filter */
2074  // FIXME: For now we only support 1 event log per filter!
2075  LogIndex = 0;
2076  // for (LogIndex = 0; LogIndex < EventLogFilter->NumOfEventLogs; ++LogIndex)
2077  {
2078 
2079  EventLog = EventLogFilter->EventLogs[LogIndex];
2080 
2081  /* Open the event log */
2082  if (EventLog->Permanent)
2083  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2084  else
2085  hEventLog = OpenBackupEventLogW(EventLog->ComputerName, EventLog->LogName); // FileName
2086 
2087  if (hEventLog == NULL)
2088  {
2090  goto Cleanup;
2091  }
2092 
2093  // GetOldestEventLogRecord(hEventLog, &dwThisRecord);
2094 
2095  /* Get the total number of event log records */
2096  GetNumberOfEventLogRecords(hEventLog, &dwTotalRecords);
2097 
2098  if (dwTotalRecords > 0)
2099  {
2102  }
2103  else
2104  {
2107  }
2108 
2109  /* Set up the event records cache */
2110  g_RecordPtrs = HeapAlloc(hProcessHeap, HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(*g_RecordPtrs));
2111  if (!g_RecordPtrs)
2112  {
2113  // ShowWin32Error(GetLastError());
2114  goto Quit;
2115  }
2116  g_TotalRecords = dwTotalRecords;
2117 
2119  goto Quit;
2120 
2121  LoadStringW(hInst, IDS_NOT_AVAILABLE, szNoUsername, ARRAYSIZE(szNoUsername));
2122  LoadStringW(hInst, IDS_NONE, szNoCategory, ARRAYSIZE(szNoCategory));
2123 
2125  uStepAt = (dwTotalRecords / 100) + 1;
2126 
2128 
2129  /* 0x7ffff is the maximum buffer size ReadEventLog will accept */
2130  dwWanted = 0x7ffff;
2131  pEvlr = HeapAlloc(hProcessHeap, 0, dwWanted);
2132 
2133  if (!pEvlr)
2134  goto Quit;
2135 
2136  while (dwStatus == ERROR_SUCCESS)
2137  {
2138  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwWanted, &dwRead, &dwNeeded);
2139  dwStatus = GetLastError();
2140 
2141  if (!bResult && dwStatus == ERROR_INSUFFICIENT_BUFFER)
2142  {
2143  pEvlr = HeapReAlloc(hProcessHeap, 0, pEvlr, dwNeeded);
2144  dwWanted = dwNeeded;
2145 
2146  if (!pEvlr)
2147  break;
2148 
2149  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwNeeded, &dwRead, &dwNeeded);
2150 
2151  if (!bResult)
2152  break;
2153  }
2154  else if (!bResult)
2155  {
2156  /* Exit on other errors (ERROR_HANDLE_EOF) */
2157  break;
2158  }
2159 
2160  pEvlrBuffer = (LPBYTE)pEvlr;
2161  pEvlrEnd = pEvlrBuffer + dwRead;
2162 
2163  while (pEvlrBuffer < pEvlrEnd)
2164  {
2165  PEVENTLOGRECORD pEvlrTmp = (PEVENTLOGRECORD)pEvlrBuffer;
2166  PWSTR lpszUsername, lpszCategoryName;
2167  g_RecordPtrs[dwCurrentRecord] = NULL;
2168 
2169  // ProgressBar_StepIt(hwndStatusProgress);
2170  uStep++;
2171  if (uStep % uStepAt == 0)
2172  {
2173  ++uPos;
2175  }
2176 
2178  goto Quit;
2179 
2180  /* Filter by event type */
2181  if (!FilterByType(EventLogFilter, pEvlrTmp))
2182  goto SkipEvent;
2183 
2184  /* Get the event source name and filter it */
2185  lpszSourceName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD));
2186  if (!FilterByString(EventLogFilter->Sources, lpszSourceName))
2187  goto SkipEvent;
2188 
2189  /* Get the computer name and filter it */
2190  lpszComputerName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD) + (wcslen(lpszSourceName) + 1) * sizeof(WCHAR));
2191  if (!FilterByString(EventLogFilter->ComputerNames, lpszComputerName))
2192  goto SkipEvent;
2193 
2194  /* Compute the event time */
2195  EventTimeToSystemTime(pEvlrTmp->TimeWritten, &time);
2196  GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, ARRAYSIZE(szLocalDate));
2197  GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &time, NULL, szLocalTime, ARRAYSIZE(szLocalTime));
2198 
2199  /* Get the username that generated the event, and filter it */
2200  lpszUsername = GetEventUserName(pEvlrTmp, &pLastSid, szUsername) ? szUsername : szNoUsername;
2201 
2202  if (!FilterByString(EventLogFilter->Users, lpszUsername))
2203  goto SkipEvent;
2204 
2205  // TODO: Filter by event ID and category
2206  GetEventType(pEvlrTmp->EventType, szEventTypeText);
2207 
2208  lpszCategoryName = GetEventCategory(EventLog->LogName, lpszSourceName, pEvlrTmp, szCategory) ? szCategory : szNoCategory;
2209 
2210  StringCbPrintfW(szEventID, sizeof(szEventID), L"%u", (pEvlrTmp->EventID & 0xFFFF));
2211  StringCbPrintfW(szCategoryID, sizeof(szCategoryID), L"%u", pEvlrTmp->EventCategory);
2212 
2213  g_RecordPtrs[dwCurrentRecord] = HeapAlloc(hProcessHeap, 0, pEvlrTmp->Length);
2214  RtlCopyMemory(g_RecordPtrs[dwCurrentRecord], pEvlrTmp, pEvlrTmp->Length);
2215 
2216  lviEventItem.mask = LVIF_IMAGE | LVIF_TEXT | LVIF_PARAM;
2217  lviEventItem.iItem = 0;
2218  lviEventItem.iSubItem = 0;
2219  lviEventItem.lParam = (LPARAM)g_RecordPtrs[dwCurrentRecord];
2220  lviEventItem.pszText = szEventTypeText;
2221 
2222  switch (pEvlrTmp->EventType)
2223  {
2224  case EVENTLOG_SUCCESS:
2226  lviEventItem.iImage = 0;
2227  break;
2228 
2229  case EVENTLOG_WARNING_TYPE:
2230  lviEventItem.iImage = 1;
2231  break;
2232 
2233  case EVENTLOG_ERROR_TYPE:
2234  lviEventItem.iImage = 2;
2235  break;
2236 
2238  lviEventItem.iImage = 3;
2239  break;
2240 
2242  lviEventItem.iImage = 4;
2243  break;
2244  }
2245 
2246  lviEventItem.iItem = ListView_InsertItem(hwndListView, &lviEventItem);
2247 
2248  ListView_SetItemText(hwndListView, lviEventItem.iItem, 1, szLocalDate);
2249  ListView_SetItemText(hwndListView, lviEventItem.iItem, 2, szLocalTime);
2250  ListView_SetItemText(hwndListView, lviEventItem.iItem, 3, lpszSourceName);
2251  ListView_SetItemText(hwndListView, lviEventItem.iItem, 4, lpszCategoryName);
2252  ListView_SetItemText(hwndListView, lviEventItem.iItem, 5, szEventID);
2253  ListView_SetItemText(hwndListView, lviEventItem.iItem, 6, lpszUsername);
2254  ListView_SetItemText(hwndListView, lviEventItem.iItem, 7, lpszComputerName);
2255 
2256 SkipEvent:
2257  pEvlrBuffer += pEvlrTmp->Length;
2258  dwCurrentRecord++;
2259  }
2260  }
2261 
2262 Quit:
2263 
2264  if (pEvlr)
2265  HeapFree(hProcessHeap, 0, pEvlr);
2266 
2267  /* Close the event log */
2268  CloseEventLog(hEventLog);
2269 
2270  } // end-for (LogIndex)
2271 
2272  /* All events loaded */
2273 
2274 Cleanup:
2275 
2278 
2279  // FIXME: Use something else instead of EventLog->LogName !!
2280 
2281  /*
2282  * Use a different formatting, whether the event log filter holds
2283  * only one log, or many logs (the latter case is WIP TODO!)
2284  */
2285  if (EventLogFilter->NumOfEventLogs <= 1)
2286  {
2287  StringCbPrintfW(szStatusText,
2288  sizeof(szStatusText),
2290  EventLog->LogName,
2291  dwTotalRecords,
2293  }
2294  else
2295  {
2296  // TODO: Use a different title & implement filtering for multi-log filters !!
2297  // (EventLogFilter->NumOfEventLogs > 1)
2298  }
2299 
2300  /* Update the status bar */
2301  StatusBar_SetText(hwndStatus, 0, szStatusText);
2302 
2303  /* Resume list view redraw */
2305 
2306  EventLogFilter_Release(EventLogFilter);
2307 
2310 
2311  return 0;
2312 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:60
int iImage
Definition: commctrl.h:2337
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define CloseHandle
Definition: compat.h:398
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:99
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
#define MF_BYCOMMAND
Definition: winuser.h:202
#define ERROR_SUCCESS
Definition: deptool.c:10
PWSTR LogName
Definition: eventvwr.h:90
BOOL GetEventCategory(IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
Definition: eventvwr.c:1598
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define SW_HIDE
Definition: winuser.h:762
VOID GetEventType(IN WORD dwEventType, OUT PWCHAR eventTypeText)
Definition: eventvwr.c:1779
#define DWORD
Definition: msvc.h:34
uint16_t * PWSTR
Definition: typedefs.h:54
#define LOCALE_USER_DEFAULT
#define DATE_SHORTDATE
Definition: winnls.h:193
#define IDS_NONE
Definition: resource.h:122
#define MAKELPARAM(l, h)
Definition: winuser.h:3915
#define WM_SETREDRAW
Definition: winuser.h:1598
DWORD g_TotalRecords
Definition: eventvwr.c:98
HMENU hMainMenu
Definition: eventvwr.c:87
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:134
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
BOOL WINAPI SetWindowTextW(_In_ HWND, _In_opt_ LPCWSTR)
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
uint16_t * PWCHAR
Definition: typedefs.h:54
#define ListView_InsertItem(hwnd, pitem)
Definition: commctrl.h:2378
__u16 time
Definition: mkdosfs.c:366
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:339
HWND hwndStatus
Definition: eventvwr.c:85
PWSTR ComputerNames
Definition: eventvwr.h:131
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:104
HINSTANCE hInst
Definition: eventvwr.c:65
HWND hwndMainWindow
Definition: eventvwr.c:81
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2627
#define LVIF_TEXT
Definition: commctrl.h:2279
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
BOOL FilterByType(IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
Definition: eventvwr.c:1898
BOOL WINAPI EnableMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
unsigned char * LPBYTE
Definition: typedefs.h:52
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
HANDLE hStopEnumEvent
Definition: eventvwr.c:107
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1425
int iSubItem
Definition: commctrl.h:2332
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
LPARAM lParam
Definition: commctrl.h:2338
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
VOID EventTimeToSystemTime(IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
Definition: eventvwr.c:726
HWND hwndListView
Definition: eventvwr.c:83
smooth NULL
Definition: ftsmooth.c:416
STRSAFEAPI StringCbPrintfW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:557
PWSTR ComputerName
Definition: eventvwr.h:87
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1431
#define ListView_GetItemCount(hwnd)
Definition: commctrl.h:2277
#define SW_SHOW
Definition: winuser.h:769
BOOL FilterByString(IN PCWSTR FilterString, IN PWSTR String)
Definition: eventvwr.c:1914
#define ListView_SetItemText(hwndLV, i, iSubItem_, pszText_)
Definition: commctrl.h:2661
struct _EVENTLOGFILTER * PEVENTLOGFILTER
HWND hwndStatusProgress
Definition: eventvwr.c:86
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
unsigned int BOOL
Definition: ntddk_ex.h:94
#define WAIT_OBJECT_0
Definition: winbase.h:387
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
LPWSTR pszText
Definition: commctrl.h:2335
#define MF_ENABLED
Definition: winuser.h:128
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2624
#define MAX_PATH
Definition: compat.h:26
#define LVIF_IMAGE
Definition: commctrl.h:2280
unsigned int UINT
Definition: ndis.h:50
unsigned long DWORD
Definition: ntddk_ex.h:95
#define ProgressBar_SetPos(hwndCtl, pos)
Definition: eventvwr.h:55
SETTINGS Settings
Definition: eventvwr.c:133
#define IDM_CLEAR_EVENTS
Definition: resource.h:69
UINT mask
Definition: commctrl.h:2330
WCHAR szStatusBarTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:68
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
static VOID FreeRecords(VOID)
Definition: eventvwr.c:1880
struct _EVENTLOGRECORD * PEVENTLOGRECORD
static const WCHAR L[]
Definition: oid.c:1087
#define StatusBar_SetText(hwndCtl, index, data)
Definition: eventvwr.h:66
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
LPVOID lpParameter
Definition: kernel32.h:232
#define ProgressBar_SetRange(hwndCtl, range)
Definition: eventvwr.h:57
static const WCHAR Cleanup[]
Definition: register.c:80
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:916
BOOL Permanent
Definition: eventvwr.h:94
DWORD dwStatus
Definition: mediaobj.idl:95
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
#define HeapReAlloc
Definition: compat.h:393
#define MB_OK
Definition: winuser.h:784
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2626
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define IDS_NOT_AVAILABLE
Definition: resource.h:123
#define LVIF_PARAM
Definition: commctrl.h:2281
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:66
unsigned int ULONG
Definition: retypes.h:1
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:157
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
#define IDM_SAVE_EVENTLOG
Definition: resource.h:67
#define MF_GRAYED
Definition: winuser.h:129
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LVM_PROGRESS
Definition: eventvwr.c:38
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1016
BYTE * PBYTE
Definition: pedump.c:66
BOOL GetEventUserName(IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
Definition: eventvwr.c:1809
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
WCHAR szTitleTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:67
#define LPARAM
Definition: msvc.h:38
#define ListView_DeleteAllItems(hwnd)
Definition: commctrl.h:2384
HANDLE hProcessHeap
Definition: kbswitch.c:25
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

◆ EventDetails()

INT_PTR CALLBACK EventDetails ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4145 of file eventvwr.c.

Referenced by WndProc().

4146 {
4147  switch (uMsg)
4148  {
4149  case WM_INITDIALOG:
4150  {
4151  LONG_PTR dwStyle;
4152  INT sbVXSize, sbHYSize;
4153  RECT rcWnd, rect;
4154 
4156  if (!hWndDetailsCtrl)
4157  {
4158  EndDialog(hDlg, 0);
4159  return (INT_PTR)TRUE;
4160  }
4161 
4162  /* Create a size grip if the dialog has a sizing border */
4163  GetClientRect(hDlg, &rcWnd);
4164  dwStyle = GetWindowLongPtrW(hDlg, GWL_STYLE);
4165  sbVXSize = GetSystemMetrics(SM_CXVSCROLL);
4166  sbHYSize = GetSystemMetrics(SM_CYHSCROLL);
4167  if (dwStyle & WS_THICKFRAME /* == WS_SIZEBOX */)
4168  {
4170  NULL,
4172  rcWnd.right - sbVXSize,
4173  rcWnd.bottom - sbHYSize,
4174  sbVXSize, sbHYSize,
4175  hDlg,
4176  NULL,
4177  hInst,
4178  NULL);
4179  }
4180 
4181  // SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)hWndDetailsCtrl);
4182 
4183  /*
4184  * Compute the minimum window size (in window coordinates) by
4185  * adding the widths/heights of the "Help" and "Close" buttons,
4186  * together with the margins, and add some minimal spacing
4187  * between the buttons.
4188  */
4189  GetWindowRect(hDlg, &rcWnd);
4190  cxMin = cyMin = 0;
4191 
4192  GetWindowRect(GetDlgItem(hDlg, IDHELP), &rect);
4193  cxMin += (rect.right - rect.left) + (rect.left - rcWnd.left); // == (rect.right - rcWnd.left);
4194  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4195 
4196  GetWindowRect(GetDlgItem(hDlg, IDOK), &rect);
4197  cxMin += (rect.right - rect.left) + (rcWnd.right - rect.right); // == (rcWnd.right - rect.left);
4198  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4199 
4200  /*
4201  * Convert the window rect from window to client coordinates
4202  * in order to retrieve the sizes of the left and top margins,
4203  * and add some extra space.
4204  */
4205  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rcWnd, sizeof(RECT)/sizeof(POINT));
4206 
4207  cxMin += -2*rcWnd.left; // Minimal spacing between the buttons == 2 * left margin
4208  cyMin += -rcWnd.top + 12; // Add some space on top
4209 
4210  GetClientRect(hDlg, &rcWnd);
4211  cxOld = rcWnd.right - rcWnd.left;
4212  cyOld = rcWnd.bottom - rcWnd.top;
4213 
4214  /* Show event info on dialog control */
4216 
4217  // SetWindowPos(hWndDetailsCtrl, NULL,
4218  // 0, 0,
4219  // (rcWnd.right - rcWnd.left),
4220  // (rcWnd.bottom - rcWnd.top),
4221  // SWP_NOZORDER | SWP_NOACTIVATE | SWP_SHOWWINDOW);
4222 
4223  /*
4224  * Hide the placeholder static control and show the event details
4225  * control instead. Note that the placeholder is here so far just
4226  * to get the dimensions right in the dialog resource editor.
4227  * I plan to remove it and use a custom control with a suitable
4228  * window class for it, that would create the event details control
4229  * instead.
4230  */
4233  return (INT_PTR)TRUE;
4234  }
4235 
4236  case WM_DESTROY:
4240  return (INT_PTR)TRUE;
4241 
4242  case WM_COMMAND:
4243  switch (LOWORD(wParam))
4244  {
4245  case IDOK:
4246  case IDCANCEL:
4247  EndDialog(hDlg, LOWORD(wParam));
4248  return (INT_PTR)TRUE;
4249 
4250  case IDHELP:
4251  MessageBoxW(hDlg,
4252  L"Help not implemented yet!",
4253  L"Event Log",
4255  return (INT_PTR)TRUE;
4256 
4257  default:
4258  break;
4259  }
4260  break;
4261 
4262  case WM_SETCURSOR:
4263  if (((HWND)wParam == hWndGrip) && (LOWORD(lParam) == HTCLIENT))
4264  {
4267  return (INT_PTR)TRUE;
4268  }
4269  break;
4270 
4271  case WM_SIZING:
4272  {
4273  /* Forbid resizing the dialog smaller than its minimal size */
4274  PRECT dragRect = (PRECT)lParam;
4275 
4276  if ((wParam == WMSZ_LEFT) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_BOTTOMLEFT))
4277  {
4278  if (dragRect->right - dragRect->left < cxMin)
4279  dragRect->left = dragRect->right - cxMin;
4280  }
4281 
4282  if ((wParam == WMSZ_RIGHT) || (wParam == WMSZ_TOPRIGHT) || (wParam == WMSZ_BOTTOMRIGHT))
4283  {
4284  if (dragRect->right - dragRect->left < cxMin)
4285  dragRect->right = dragRect->left + cxMin;
4286  }
4287 
4288  if ((wParam == WMSZ_TOP) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_TOPRIGHT))
4289  {
4290  if (dragRect->bottom - dragRect->top < cyMin)
4291  dragRect->top = dragRect->bottom - cyMin;
4292  }
4293 
4295  {
4296  if (dragRect->bottom - dragRect->top < cyMin)
4297  dragRect->bottom = dragRect->top + cyMin;
4298  }
4299 
4301  return (INT_PTR)TRUE;
4302  }
4303 
4304  case WM_SIZE:
4305  {
4306  INT cx = LOWORD(lParam);
4307  INT cy = HIWORD(lParam);
4308 
4309  HDWP hdwp;
4310  HWND hItemWnd;
4311  RECT rect;
4312 
4313  hdwp = BeginDeferWindowPos(4);
4314 
4315  /* Resize the event details control window */
4316 
4317  hItemWnd = hWndDetailsCtrl;
4318  GetWindowRect(hItemWnd, &rect);
4319  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4320 
4321  if (hdwp)
4322  hdwp = DeferWindowPos(hdwp,
4323  hItemWnd,
4324  HWND_TOP,
4325  0, 0,
4326  (rect.right - rect.left) + (cx - cxOld),
4327  (rect.bottom - rect.top) + (cy - cyOld),
4329 
4330  /* Move the buttons */
4331 
4332  hItemWnd = GetDlgItem(hDlg, IDHELP);
4333  GetWindowRect(hItemWnd, &rect);
4334  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4335 
4336  if (hdwp)
4337  hdwp = DeferWindowPos(hdwp,
4338  hItemWnd,
4339  HWND_TOP,
4340  rect.left,
4341  rect.top + (cy - cyOld),
4342  0, 0,
4344 
4345  hItemWnd = GetDlgItem(hDlg, IDOK);
4346  GetWindowRect(hItemWnd, &rect);
4347  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4348 
4349  if (hdwp)
4350  hdwp = DeferWindowPos(hdwp,
4351  hItemWnd,
4352  HWND_TOP,
4353  rect.left + (cx - cxOld),
4354  rect.top + (cy - cyOld),
4355  0, 0,
4357 
4358  /* Move the size grip */
4359  if (hWndGrip && hdwp)
4360  {
4361  GetWindowRect(hWndGrip, &rect);
4362  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4363 
4364  hdwp = DeferWindowPos(hdwp,
4365  hWndGrip,
4366  HWND_TOP,
4367  rect.left + (cx - cxOld),
4368  rect.top + (cy - cyOld),
4369  0, 0,
4371  }
4372 
4373  if (hdwp)
4374  EndDeferWindowPos(hdwp);
4375 
4376  /* Hide the size grip if we are in maximized mode */
4377  if (hWndGrip)
4379 
4380  cxOld = cx;
4381  cyOld = cy;
4382 
4384  return (INT_PTR)TRUE;
4385  }
4386  }
4387 
4388  return (INT_PTR)FALSE;
4389 }
#define WS_CLIPSIBLINGS
Definition: pedump.c:618
#define WS_THICKFRAME
Definition: pedump.c:630
#define WMSZ_BOTTOMRIGHT
Definition: winuser.h:2425
HDWP WINAPI BeginDeferWindowPos(_In_ int)
#define SM_CYHSCROLL
Definition: winuser.h:952
#define TRUE
Definition: types.h:120
#define IDOK
Definition: winuser.h:824
static INT cyMin
Definition: eventvwr.c:4141
int WINAPI MapWindowPoints(_In_opt_ HWND hWndFrom, _In_opt_ HWND hWndTo, _Inout_updates_(cPoints) LPPOINT lpPoints, _In_ UINT cPoints)
BOOL WINAPI IsWindow(_In_opt_ HWND)
#define SIZE_MAXIMIZED
Definition: winuser.h:2461
#define SW_HIDE
Definition: winuser.h:762
static INT cxMin
Definition: eventvwr.c:4141
#define IDC_STATIC
Definition: calc.h:41
LONG top
Definition: windef.h:297
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:937
static HWND hWndGrip
Definition: eventvwr.c:4140
#define HWND_TOP
Definition: winuser.h:1193
#define WMSZ_TOP
Definition: winuser.h:2420
#define WS_CHILD
Definition: pedump.c:617
#define GetWindowLongPtrW
Definition: winuser.h:4698
LONG left
Definition: windef.h:296
#define SWP_NOZORDER
Definition: winuser.h:1232
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
int32_t INT_PTR
Definition: typedefs.h:62
LONG right
Definition: windef.h:298
BOOL WINAPI DestroyWindow(_In_ HWND)
#define CreateWindowW(a, b, c, d, e, f, g, h, i, j, k)
Definition: winuser.h:4185
int32_t INT
Definition: typedefs.h:56
& rect
Definition: startmenu.cpp:1413
WPARAM wParam
Definition: combotst.c:138
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
HINSTANCE hInst
Definition: eventvwr.c:65
#define DWLP_MSGRESULT
Definition: winuser.h:864
#define WMSZ_TOPLEFT
Definition: winuser.h:2421
#define IDHELP
Definition: resource_2.h:8
#define EVT_DISPLAY
Definition: evtdetctl.h:15
#define IDC_SIZENWSE
Definition: winuser.h:687
#define WM_SETCURSOR
Definition: winuser.h:1618
BOOL WINAPI EndDeferWindowPos(_In_ HDWP)
_Out_opt_ int _Out_opt_ int * cy
Definition: commctrl.h:570
#define WM_SIZING
Definition: winuser.h:1783
smooth NULL
Definition: ftsmooth.c:416
#define SW_SHOW
Definition: winuser.h:769
#define WM_DESTROY
Definition: winuser.h:1591
static INT cxOld
Definition: eventvwr.c:4142
#define SBS_SIZEGRIP
Definition: winuser.h:332
HDWP WINAPI DeferWindowPos(_In_ HDWP, _In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
HWND WINAPI GetDlgItem(_In_opt_ HWND, _In_ int)
#define WM_SIZE
Definition: winuser.h:1593
#define SWP_NOACTIVATE
Definition: winuser.h:1227
#define SBS_SIZEBOXBOTTOMRIGHTALIGN
Definition: winuser.h:330
#define WMSZ_RIGHT
Definition: winuser.h:2419
int WINAPI GetSystemMetrics(_In_ int)
HCURSOR WINAPI LoadCursorW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
Definition: cursoricon.c:2074
#define MB_ICONINFORMATION
Definition: winuser.h:796
static const WCHAR L[]
Definition: oid.c:1087
#define WM_COMMAND
Definition: winuser.h:1716
#define WMSZ_BOTTOM
Definition: winuser.h:2423
static HWND hWndDetailsCtrl
Definition: eventvwr.c:4139
#define SWP_NOSIZE
Definition: winuser.h:1230
#define GWL_STYLE
Definition: winuser.h:846
BOOL WINAPI GetClientRect(_In_ HWND, _Out_ LPRECT)
HCURSOR WINAPI SetCursor(_In_opt_ HCURSOR)
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define HWND_DESKTOP
Definition: winuser.h:1195
#define MB_OK
Definition: winuser.h:784
#define SM_CXVSCROLL
Definition: winuser.h:951
#define WC_SCROLLBARW
Definition: commctrl.h:4689
_Out_opt_ int * cx
Definition: commctrl.h:570
#define HIWORD(l)
Definition: typedefs.h:246
LONG bottom
Definition: windef.h:299
#define SWP_NOMOVE
Definition: winuser.h:1229
BOOL WINAPI GetWindowRect(_In_ HWND, _Out_ LPRECT)
#define SetWindowLongPtrW
Definition: winuser.h:5215
struct tagRECT * PRECT
#define HTCLIENT
Definition: winuser.h:2429
#define IDCANCEL
Definition: winuser.h:825
#define WS_VISIBLE
Definition: pedump.c:620
#define WM_INITDIALOG
Definition: winuser.h:1715
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define WMSZ_LEFT
Definition: winuser.h:2418
#define WMSZ_TOPRIGHT
Definition: winuser.h:2422
#define WMSZ_BOTTOMLEFT
Definition: winuser.h:2424
static INT cyOld
Definition: eventvwr.c:4142

◆ EventLog_Free()

VOID EventLog_Free ( IN PEVENTLOG  EventLog)

Definition at line 1331 of file eventvwr.c.

Referenced by BuildLogListAndFilterList(), FreeLogList(), and OpenUserEventLogFile().

1332 {
1333  if (EventLog->LogName)
1334  HeapFree(GetProcessHeap(), 0, EventLog->LogName);
1335 
1336  if (EventLog->ComputerName)
1337  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1338 
1339  if (EventLog->FileName)
1340  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
1341 
1342  HeapFree(GetProcessHeap(), 0, EventLog);
1343 }
#define GetProcessHeap()
Definition: compat.h:395
#define HeapFree(x, y, z)
Definition: compat.h:394

◆ EventLogFilter_AddRef()

LONG EventLogFilter_AddRef ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1425 of file eventvwr.c.

Referenced by ClearEvents(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

1426 {
1427  ASSERT(EventLogFilter);
1428  return InterlockedIncrement(&EventLogFilter->ReferenceCount);
1429 }
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define InterlockedIncrement
Definition: armddk.h:53

◆ EventLogFilter_Free()

VOID EventLogFilter_Free ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1411 of file eventvwr.c.

Referenced by EventLogFilter_Release(), and FreeLogFilterList().

1412 {
1413  if (EventLogFilter->Sources)
1414  HeapFree(GetProcessHeap(), 0, EventLogFilter->Sources);
1415 
1416  if (EventLogFilter->Users)
1417  HeapFree(GetProcessHeap(), 0, EventLogFilter->Users);
1418 
1419  if (EventLogFilter->ComputerNames)
1420  HeapFree(GetProcessHeap(), 0, EventLogFilter->ComputerNames);
1421 
1422  HeapFree(GetProcessHeap(), 0, EventLogFilter);
1423 }
#define GetProcessHeap()
Definition: compat.h:395
#define HeapFree(x, y, z)
Definition: compat.h:394

◆ EventLogFilter_Release()

LONG EventLogFilter_Release ( IN PEVENTLOGFILTER  EventLogFilter)

RemoveEntryList(&EventLogFilter->ListEntry);

Definition at line 1431 of file eventvwr.c.

Referenced by ClearEvents(), CloseUserEventLog(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

1432 {
1433  LONG RefCount;
1434 
1435  ASSERT(EventLogFilter);
1436 
1437  /* When the reference count reaches zero, delete the filter */
1438  RefCount = InterlockedDecrement(&EventLogFilter->ReferenceCount);
1439  if (RefCount <= 0)
1440  {
1441  /* Remove the filter from the list */
1443  EventLogFilter_Free(EventLogFilter);
1444  }
1445 
1446  return RefCount;
1447 }
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1411
long LONG
Definition: pedump.c:60
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define InterlockedDecrement
Definition: armddk.h:52

◆ EventLogProperties()

INT_PTR EventLogProperties ( HINSTANCE  hInstance,
HWND  hWndParent,
PEVENTLOGFILTER  EventLogFilter 
)

Definition at line 4079 of file eventvwr.c.

Referenced by WndProc().

4080 {
4081  INT_PTR ret = 0;
4082  PROPSHEETHEADERW psh;
4083  PROPSHEETPAGEW psp[1]; // 2
4084 
4085  /*
4086  * Bail out if there is no available filter, or if the filter
4087  * contains more than one log.
4088  */
4089  if (!EventLogFilter)
4090  return 0;
4091 
4092  EventLogFilter_AddRef(EventLogFilter);
4093 
4094  if (EventLogFilter->NumOfEventLogs > 1 ||
4095  EventLogFilter->EventLogs[0] == NULL)
4096  {
4097  goto Quit;
4098  }
4099 
4100  /* Header */
4101  psh.dwSize = sizeof(psh);
4102  psh.dwFlags = PSH_PROPSHEETPAGE /*| PSH_USEICONID */ | PSH_PROPTITLE | PSH_HASHELP /*| PSH_NOCONTEXTHELP */ /*| PSH_USECALLBACK */;
4103  psh.hInstance = hInstance;
4104  psh.hwndParent = hWndParent;
4105  // psh.pszIcon = MAKEINTRESOURCEW(IDI_APPICON); // Disabled because it only sets the small icon; the big icon is a stretched version of the small one.
4106  psh.pszCaption = EventLogFilter->EventLogs[0]->LogName;
4107  psh.nStartPage = 0;
4108  psh.ppsp = psp;
4109  psh.nPages = ARRAYSIZE(psp);
4110  // psh.pfnCallback = PropSheetCallback;
4111 
4112  /* Log properties page */
4113  psp[0].dwSize = sizeof(psp[0]);
4114  psp[0].dwFlags = PSP_HASHELP;
4115  psp[0].hInstance = hInstance;
4117  psp[0].pfnDlgProc = EventLogPropProc;
4118  psp[0].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4119 
4120 #if 0
4121  /* TODO: Log sources page */
4122  psp[1].dwSize = sizeof(psp[1]);
4123  psp[1].dwFlags = PSP_HASHELP;
4124  psp[1].hInstance = hInstance;
4126  psp[1].pfnDlgProc = GeneralPageWndProc;
4127  psp[0].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4128 #endif
4129 
4130  /* Create the property sheet */
4131  ret = PropertySheetW(&psh);
4132 
4133 Quit:
4134  EventLogFilter_Release(EventLogFilter);
4135  return ret;
4136 }
HWND hwndParent
Definition: prsht.h:277
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
LPCPROPSHEETPAGEW ppsp
Definition: prsht.h:290
LPCWSTR pszTemplate
Definition: prsht.h:209
PWSTR LogName
Definition: eventvwr.h:90
INT_PTR CALLBACK EventLogPropProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
Definition: eventvwr.c:4008
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:134
int32_t INT_PTR
Definition: typedefs.h:62
HINSTANCE hInstance
Definition: charmap.c:20
DWORD dwSize
Definition: prsht.h:205
LPCWSTR pszCaption
Definition: prsht.h:283
DLGPROC pfnDlgProc
Definition: prsht.h:217
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1425
smooth NULL
Definition: ftsmooth.c:416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1431
INT_PTR WINAPI PropertySheetW(LPCPROPSHEETHEADERW lppsh)
Definition: propsheet.c:2896
#define PSH_PROPTITLE
Definition: prsht.h:40
HINSTANCE hInstance
Definition: prsht.h:278
#define PSH_HASHELP
Definition: prsht.h:49
DWORD dwSize
Definition: prsht.h:275
DWORD dwFlags
Definition: prsht.h:276
int ret
LPARAM lParam
Definition: prsht.h:218
HINSTANCE hInstance
Definition: prsht.h:207
#define IDD_GENERAL_PAGE
Definition: resource.h:6
#define IDD_LOGPROPERTIES_GENERAL
Definition: resource.h:25
#define PSH_PROPSHEETPAGE
Definition: prsht.h:43
#define PSP_HASHELP
Definition: prsht.h:28
#define MAKEINTRESOURCEW(i)
Definition: winuser.h:582
INT_PTR CALLBACK GeneralPageWndProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
Definition: generalpage.c:25
DWORD dwFlags
Definition: prsht.h:206
#define LPARAM
Definition: msvc.h:38
UINT nStartPage
Definition: prsht.h:286

◆ EventLogPropProc()

INT_PTR CALLBACK EventLogPropProc ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4008 of file eventvwr.c.

Referenced by EventLogProperties().

4009 {
4010  PEVENTLOG EventLog;
4011 
4012  EventLog = (PEVENTLOG)GetWindowLongPtrW(hDlg, DWLP_USER);
4013 
4014  switch (uMsg)
4015  {
4016  case WM_INITDIALOG:
4017  {
4018  EventLog = (PEVENTLOG)((LPPROPSHEETPAGE)lParam)->lParam;
4019  SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)EventLog);
4020 
4021  InitPropertiesDlg(hDlg, EventLog);
4022 
4023  PropSheet_UnChanged(GetParent(hDlg), hDlg);
4024  return (INT_PTR)TRUE;
4025  }
4026 
4027  case WM_DESTROY:
4028  return (INT_PTR)TRUE;
4029 
4030  case WM_COMMAND:
4031  switch (LOWORD(wParam))
4032  {
4033  case IDOK:
4034  case IDCANCEL:
4035  EndDialog(hDlg, LOWORD(wParam));
4036  return (INT_PTR)TRUE;
4037 
4039  {
4043  break;
4044  }
4045 
4047  {
4051  break;
4052  }
4053 
4054  case IDC_NO_OVERWRITE:
4055  {
4059  break;
4060  }
4061 
4062  case IDHELP:
4063  MessageBoxW(hDlg,
4064  L"Help not implemented yet!",
4065  L"Event Log",
4067  return (INT_PTR)TRUE;
4068 
4069  default:
4070  break;
4071  }
4072  break;
4073  }
4074 
4075  return (INT_PTR)FALSE;
4076 }
#define TRUE
Definition: types.h:120
#define IDOK
Definition: winuser.h:824
#define GetWindowLongPtrW
Definition: winuser.h:4698
int32_t INT_PTR
Definition: typedefs.h:62
#define IDC_NO_OVERWRITE
Definition: resource.h:59
#define IDC_OVERWRITE_AS_NEEDED
Definition: resource.h:55
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
WPARAM wParam
Definition: combotst.c:138
#define IDHELP
Definition: resource_2.h:8
#define LPPROPSHEETPAGE
Definition: prsht.h:372
#define WM_DESTROY
Definition: winuser.h:1591
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
#define PropSheet_UnChanged(d, w)
Definition: prsht.h:340
#define IDC_OVERWRITE_OLDER_THAN
Definition: resource.h:56
struct _EVENTLOG * PEVENTLOG
#define MB_ICONINFORMATION
Definition: winuser.h:796
static const WCHAR L[]
Definition: oid.c:1087
#define DWLP_USER
Definition: winuser.h:866
static VOID InitPropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:3819
#define WM_COMMAND
Definition: winuser.h:1716
HWND WINAPI GetParent(_In_ HWND)
#define EnableDlgItem(hDlg, nID, bEnable)
Definition: eventvwr.h:52
#define IDC_EDIT_EVENTS_AGE
Definition: resource.h:57
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define MB_OK
Definition: winuser.h:784
BOOL WINAPI CheckRadioButton(_In_ HWND, _In_ int, _In_ int, _In_ int)
#define SetWindowLongPtrW
Definition: winuser.h:5215
#define IDCANCEL
Definition: winuser.h:825
#define WM_INITDIALOG
Definition: winuser.h:1715
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define IDC_UPDOWN_EVENTS_AGE
Definition: resource.h:58

◆ EventTimeToSystemTime()

VOID EventTimeToSystemTime ( IN DWORD  EventTime,
OUT PSYSTEMTIME  pSystemTime 
)

Definition at line 726 of file eventvwr.c.

Referenced by EnumEventsThread().

728 {
729  SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
730  FILETIME ftLocal;
731  union
732  {
733  FILETIME ft;
734  ULONGLONG ll;
735  } u1970, uUCT;
736 
737  uUCT.ft.dwHighDateTime = 0;
738  uUCT.ft.dwLowDateTime = EventTime;
739  SystemTimeToFileTime(&st1970, &u1970.ft);
740  uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
741  FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
742  FileTimeToSystemTime(&ftLocal, pSystemTime);
743 }
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:211
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:178
uint64_t ULONGLONG
Definition: typedefs.h:65
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:148
w ll
Definition: byte_order.h:166

◆ FilterByString()

BOOL FilterByString ( IN PCWSTR  FilterString,
IN PWSTR  String 
)

Definition at line 1914 of file eventvwr.c.

Referenced by EnumEventsThread().

1916 {
1917  PCWSTR pStr;
1918 
1919  /* The filter string is NULL so it does not filter anything */
1920  if (!FilterString)
1921  return TRUE;
1922 
1923  /*
1924  * If the filter string filters for an empty string AND the source string
1925  * is an empty string, we have a match (particular case of the last one).
1926  */
1927  if (!*FilterString && !*String)
1928  return TRUE;
1929 
1930  // if (*FilterString || *String)
1931 
1932  /*
1933  * If the filter string is empty BUT the source string is not empty,
1934  * OR vice-versa, we cannot have a match.
1935  */
1936  if ( (!*FilterString && *String) || (*FilterString && !*String) )
1937  return FALSE;
1938 
1939  /*
1940  * If the filter string filters for at least a non-empty string,
1941  * browse it and search for a string that matches the source string.
1942  */
1943  // else if (*FilterString && *String)
1944  {
1945  pStr = FilterString;
1946  while (*pStr)
1947  {
1948  if (wcsicmp(pStr, String) == 0)
1949  {
1950  /* We have a match, break the loop */
1951  break;
1952  }
1953 
1954  pStr += (wcslen(pStr) + 1);
1955  }
1956  if (!*pStr) // && *String
1957  {
1958  /* We do not have a match */
1959  return FALSE;
1960  }
1961  }
1962 
1963  /* We have a match */
1964  return TRUE;
1965 }
#define TRUE
Definition: types.h:120
static WCHAR String[]
Definition: stringtable.c:55
#define wcsicmp
Definition: string.h:1152
const uint16_t * PCWSTR
Definition: typedefs.h:55
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

◆ FilterByType()

BOOL FilterByType ( IN PEVENTLOGFILTER  EventLogFilter,
IN PEVENTLOGRECORD  pevlr 
)

Definition at line 1898 of file eventvwr.c.

Referenced by EnumEventsThread().

1900 {
1901  if ((pevlr->EventType == EVENTLOG_SUCCESS && !EventLogFilter->Information ) ||
1902  (pevlr->EventType == EVENTLOG_INFORMATION_TYPE && !EventLogFilter->Information ) ||
1903  (pevlr->EventType == EVENTLOG_WARNING_TYPE && !EventLogFilter->Warning ) ||
1904  (pevlr->EventType == EVENTLOG_ERROR_TYPE && !EventLogFilter->Error ) ||
1905  (pevlr->EventType == EVENTLOG_AUDIT_SUCCESS && !EventLogFilter->AuditSuccess) ||
1906  (pevlr->EventType == EVENTLOG_AUDIT_FAILURE && !EventLogFilter->AuditFailure))
1907  {
1908  return FALSE;
1909  }
1910  return TRUE;
1911 }
#define TRUE
Definition: types.h:120
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633

◆ FormatByteSize()

UINT FormatByteSize ( LONGLONG  cbSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1174 of file eventvwr.c.

Referenced by FormatFileSizeWithBytes().

1175 {
1176  INT cchWritten;
1177  LPWSTR pwszEnd;
1178  size_t cchRemaining;
1179 
1180  /* Write formated bytes count */
1181  cchWritten = FormatInteger(cbSize, pwszResult, cchResultMax);
1182  if (!cchWritten)
1183  return 0;
1184 
1185  /* Copy " bytes" to buffer */
1186  pwszEnd = pwszResult + cchWritten;
1187  cchRemaining = cchResultMax - cchWritten;
1188  StringCchCopyExW(pwszEnd, cchRemaining, L" ", &pwszEnd, &cchRemaining, 0);
1189  cchWritten = LoadStringW(hInst, IDS_BYTES_FORMAT, pwszEnd, cchRemaining);
1190  cchRemaining -= cchWritten;
1191 
1192  return cchResultMax - cchRemaining;
1193 }
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int32_t INT
Definition: typedefs.h:56
HINSTANCE hInst
Definition: eventvwr.c:65
#define IDS_BYTES_FORMAT
Definition: resource.h:109
static const WCHAR L[]
Definition: oid.c:1087
UINT FormatInteger(LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1114
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
WCHAR * LPWSTR
Definition: xmlstorage.h:184

◆ FormatFileSizeWithBytes()

LPWSTR FormatFileSizeWithBytes ( const PULARGE_INTEGER  lpQwSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1196 of file eventvwr.c.

Referenced by InitPropertiesDlg().

1197 {
1198  UINT cchWritten;
1199  LPWSTR pwszEnd;
1200  size_t cchRemaining;
1201 
1202  /* Format bytes in KBs, MBs etc */
1203  if (StrFormatByteSizeW(lpQwSize->QuadPart, pwszResult, cchResultMax) == NULL)
1204  return NULL;
1205 
1206  /* If there is less bytes than 1KB, we have nothing to do */
1207  if (lpQwSize->QuadPart < 1024)
1208  return pwszResult;
1209 
1210  /* Concatenate " (" */
1211  cchWritten = wcslen(pwszResult);
1212  pwszEnd = pwszResult + cchWritten;
1213  cchRemaining = cchResultMax - cchWritten;
1214  StringCchCopyExW(pwszEnd, cchRemaining, L" (", &pwszEnd, &cchRemaining, 0);
1215 
1216  /* Write formated bytes count */
1217  cchWritten = FormatByteSize(lpQwSize->QuadPart, pwszEnd, cchRemaining);
1218  pwszEnd += cchWritten;
1219  cchRemaining -= cchWritten;
1220 
1221  /* Copy ")" to the buffer */
1222  StringCchCopyW(pwszEnd, cchRemaining, L")");
1223 
1224  return pwszResult;
1225 }
LPWSTR WINAPI StrFormatByteSizeW(LONGLONG llBytes, LPWSTR lpszDest, UINT cchMax)
Definition: string.c:2376
ULONGLONG QuadPart
Definition: ms-dtyp.idl:185
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
smooth NULL
Definition: ftsmooth.c:416
unsigned int UINT
Definition: ndis.h:50
static const WCHAR L[]
Definition: oid.c:1087
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
UINT FormatByteSize(LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1174
WCHAR * LPWSTR
Definition: xmlstorage.h:184
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

◆ FormatInteger()

UINT FormatInteger ( LONGLONG  Num,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1114 of file eventvwr.c.

Referenced by FormatByteSize().

1115 {
1116  WCHAR wszNumber[24];
1117  WCHAR wszDecimalSep[8], wszThousandSep[8];
1118  NUMBERFMTW nf;
1119  WCHAR wszGrouping[12];
1120  INT cchGrouping;
1121  INT cchResult;
1122  INT i;
1123 
1124  // Print the number in uniform mode
1125  swprintf(wszNumber, L"%I64u", Num);
1126 
1127  // Get system strings for decimal and thousand separators.
1128  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_SDECIMAL, wszDecimalSep, _countof(wszDecimalSep));
1129  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_STHOUSAND, wszThousandSep, _countof(wszThousandSep));
1130 
1131  // Initialize format for printing the number in bytes
1132  ZeroMemory(&nf, sizeof(nf));
1133  nf.lpDecimalSep = wszDecimalSep;
1134  nf.lpThousandSep = wszThousandSep;
1135 
1136  // Get system string for groups separator
1137  cchGrouping = GetLocaleInfoW(LOCALE_USER_DEFAULT,
1139  wszGrouping,
1140  _countof(wszGrouping));
1141 
1142  // Convert grouping specs from string to integer
1143  for (i = 0; i < cchGrouping; i++)
1144  {
1145  WCHAR wch = wszGrouping[i];
1146 
1147  if (wch >= L'0' && wch <= L'9')
1148  nf.Grouping = nf.Grouping * 10 + (wch - L'0');
1149  else if (wch != L';')
1150  break;
1151  }
1152 
1153  if ((nf.Grouping % 10) == 0)
1154  nf.Grouping /= 10;
1155  else
1156  nf.Grouping *= 10;
1157 
1158  // Format the number
1160  0,
1161  wszNumber,
1162  &nf,
1163  pwszResult,
1164  cchResultMax);
1165 
1166  if (!cchResult)
1167  return 0;
1168 
1169  // GetNumberFormatW returns number of characters including UNICODE_NULL
1170  return cchResult - 1;
1171 }
LPWSTR lpThousandSep
Definition: winnls.h:627
#define LOCALE_SGROUPING
Definition: winnls.h:44
LPWSTR lpDecimalSep
Definition: winnls.h:626
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define _countof(array)
Definition: fontsub.cpp:30
#define LOCALE_USER_DEFAULT
UINT Grouping
Definition: winnls.h:625
#define ZeroMemory
Definition: winbase.h:1635
int32_t INT
Definition: typedefs.h:56
INT WINAPI GetLocaleInfoW(LCID lcid, LCTYPE lctype, LPWSTR buffer, INT len)
Definition: lang.c:807
GLenum GLclampf GLint i
Definition: glfuncs.h:14
#define LOCALE_STHOUSAND
Definition: winnls.h:43
#define LOCALE_SDECIMAL
Definition: winnls.h:42
#define swprintf(buf, format,...)
Definition: sprintf.c:56
static const WCHAR L[]
Definition: oid.c:1087
INT WINAPI GetNumberFormatW(LCID lcid, DWORD dwFlags, LPCWSTR lpszValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchOut)
Definition: lcformat.c:1135

◆ FreeLogFilterList()

VOID FreeLogFilterList ( VOID  )

Definition at line 3018 of file eventvwr.c.

Referenced by wWinMain().

3019 {
3021  PEVENTLOGFILTER EventLogFilter;
3022 
3023  while (!IsListEmpty(&EventLogFilterList))
3024  {
3026  EventLogFilter = (PEVENTLOGFILTER)CONTAINING_RECORD(Entry, EVENTLOGFILTER, ListEntry);
3027  EventLogFilter_Free(EventLogFilter);
3028  }
3029 
3030  ActiveFilter = NULL;
3031 
3032  return;
3033 }
struct _Entry Entry
Definition: kefuncs.h:640
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1411
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:104
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:103
smooth NULL
Definition: ftsmooth.c:416
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOGFILTER * PEVENTLOGFILTER
Definition: typedefs.h:117

◆ FreeLogList()

VOID FreeLogList ( VOID  )

Definition at line 3002 of file eventvwr.c.

Referenced by wWinMain().

3003 {
3005  PEVENTLOG EventLog;
3006 
3007  while (!IsListEmpty(&EventLogList))
3008  {
3009  Entry = RemoveHeadList(&EventLogList);
3010  EventLog = (PEVENTLOG)CONTAINING_RECORD(Entry, EVENTLOG, ListEntry);
3011  EventLog_Free(EventLog);
3012  }
3013 
3014  return;
3015 }
struct _Entry Entry
Definition: kefuncs.h:640
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOG * PEVENTLOG
Definition: typedefs.h:117
LIST_ENTRY EventLogList
Definition: eventvwr.c:102
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1331

◆ FreeRecords()

static VOID FreeRecords ( VOID  )
static

Definition at line 1880 of file eventvwr.c.

Referenced by EnumEventsThread(), and StartStopEnumEventsThread().

1881 {
1882  DWORD iIndex;
1883 
1884  if (!g_RecordPtrs)
1885  return;
1886 
1887  for (iIndex = 0; iIndex < g_TotalRecords; iIndex++)
1888  {
1889  if (g_RecordPtrs[iIndex])
1890  HeapFree(GetProcessHeap(), 0, g_RecordPtrs[iIndex]);
1891  }
1893  g_RecordPtrs = NULL;
1894  g_TotalRecords = 0;
1895 }
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:99
DWORD g_TotalRecords
Definition: eventvwr.c:98
smooth NULL
Definition: ftsmooth.c:416
#define GetProcessHeap()
Definition: compat.h:395
unsigned long DWORD
Definition: ntddk_ex.h:95
#define HeapFree(x, y, z)
Definition: compat.h:394

◆ GetDisplayNameFileAndID()

BOOL GetDisplayNameFileAndID ( IN LPCWSTR  lpLogName,
OUT PWCHAR  lpModuleName,
OUT PDWORD  pdwMessageID 
)

Definition at line 2718 of file eventvwr.c.

Referenced by BuildLogListAndFilterList().

2721 {
2722  BOOL Success = FALSE;
2723  LONG Result;
2724  HKEY hLogKey;
2725  WCHAR *KeyPath;
2726  SIZE_T cbKeyPath;
2727  DWORD dwType, cbData;
2728  DWORD dwMessageID = 0;
2730 
2731  /* Use a default value for the message ID */
2732  *pdwMessageID = 0;
2733 
2734  cbKeyPath = (wcslen(EVENTLOG_BASE_KEY) + wcslen(lpLogName) + 1) * sizeof(WCHAR);
2735  KeyPath = HeapAlloc(GetProcessHeap(), 0, cbKeyPath);
2736  if (!KeyPath)
2737  return FALSE;
2738 
2739  StringCbCopyW(KeyPath, cbKeyPath, EVENTLOG_BASE_KEY);
2740  StringCbCatW(KeyPath, cbKeyPath, lpLogName);
2741 
2742  Result = RegOpenKeyExW(hkMachine, KeyPath, 0, KEY_QUERY_VALUE, &hLogKey);
2743  HeapFree(GetProcessHeap(), 0, KeyPath);
2744  if (Result != ERROR_SUCCESS)
2745  return FALSE;
2746 
2747  cbData = sizeof(szModuleName);
2748  Result = RegQueryValueExW(hLogKey,
2749  L"DisplayNameFile",
2750  NULL,
2751  &dwType,
2752  (LPBYTE)szModuleName,
2753  &cbData);
2754  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2755  {
2756  szModuleName[0] = UNICODE_NULL;
2757  }
2758  else
2759  {
2760  /* NULL-terminate the string and expand it */
2761  szModuleName[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
2762  GetExpandedFilePathName(lpComputerName, szModuleName, lpModuleName, ARRAYSIZE(szModuleName));
2763  Success = TRUE;
2764  }
2765 
2766  /*
2767  * If we have a 'DisplayNameFile', query for 'DisplayNameID';
2768  * otherwise it's not really useful. 'DisplayNameID' is optional.
2769  */
2770  if (Success)
2771  {
2772  cbData = sizeof(dwMessageID);
2773  Result = RegQueryValueExW(hLogKey,
2774  L"DisplayNameID",
2775  NULL,
2776  &dwType,
2777  (LPBYTE)&dwMessageID,
2778  &cbData);
2779  if ((Result != ERROR_SUCCESS) || (dwType != REG_DWORD))
2780  dwMessageID = 0;
2781 
2782  *pdwMessageID = dwMessageID;
2783  }
2784 
2785  RegCloseKey(hLogKey);
2786 
2787  return Success;
2788 }
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define WCHAR
Definition: msvc.h:43
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:95
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:52
#define UNICODE_NULL
long LONG
Definition: pedump.c:60
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1464
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4134
#define MAX_PATH
Definition: compat.h:26
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:41
static const WCHAR L[]
Definition: oid.c:1087
LPWSTR lpComputerName
Definition: eventvwr.c:91
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3381
LPCWSTR LPCWSTR szModuleName
Definition: env.c:35
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
#define REG_DWORD
Definition: sdbapi.c:539
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
#define REG_SZ
Definition: layer.c:22

◆ GetEventCategory()

BOOL GetEventCategory ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  CategoryName 
)

Definition at line 1598 of file eventvwr.c.

Referenced by EnumEventsThread().

1602 {
1603  BOOL Success = FALSE;
1604  WCHAR szMessageDLL[MAX_PATH];
1605  LPWSTR lpMsgBuf = NULL;
1606 
1608  goto Quit;
1609 
1610  /* Retrieve the message string without appending extra newlines */
1611  lpMsgBuf =
1612  GetMessageStringFromDllList(szMessageDLL,
1615  pevlr->EventCategory,
1617  NULL);
1618  if (lpMsgBuf)
1619  {
1620  /* Trim the string */
1621  TrimNulls(lpMsgBuf);
1622 
1623  /* Copy the category name */
1624  StringCchCopyW(CategoryName, MAX_PATH, lpMsgBuf);
1625 
1626  /* Free the buffer allocated by FormatMessage */
1627  LocalFree(lpMsgBuf);
1628 
1629  /* The ID was found and the message was formatted */
1630  Success = TRUE;
1631  }
1632 
1633 Quit:
1634  if (!Success)
1635  {
1636  if (pevlr->EventCategory != 0)
1637  {
1638  StringCchPrintfW(CategoryName, MAX_PATH, L"(%lu)", pevlr->EventCategory);
1639  Success = TRUE;
1640  }
1641  }
1642 
1643  return Success;
1644 }
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4693
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1450
#define TRUE
Definition: types.h:120
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
__wchar_t WCHAR
Definition: xmlstorage.h:180
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
smooth NULL
Definition: ftsmooth.c:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define EVENT_CATEGORY_MESSAGE_FILE
Definition: eventvwr.c:56
unsigned int BOOL
Definition: ntddk_ex.h:94
#define MAX_PATH
Definition: compat.h:26
static const WCHAR L[]
Definition: oid.c:1087
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
WCHAR SourceName[256]
Definition: arping.c:28
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1537
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:855
#define EVENT_MESSAGE_FILE_BUFFER
Definition: eventvwr.c:54

◆ GetEventMessage()

BOOL GetEventMessage ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  EventText 
)

Definition at line 1648 of file eventvwr.c.

Referenced by DisplayEvent().

1652 {
1653  BOOL Success = FALSE;
1654  DWORD i;
1655  size_t cch;
1656  WCHAR SourceModuleName[1024];
1657  WCHAR ParameterModuleName[1024];
1658  BOOL IsParamModNameCached = FALSE;
1659  LPWSTR lpMsgBuf = NULL;
1660  LPWSTR szStringArray, szMessage;
1661  LPWSTR *szArguments;
1662 
1663  /* Get the event string array */
1664  szStringArray = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset);
1665 
1666  /* NOTE: GetEventMessageFileDLL can return a comma-separated list of DLLs */
1667  if (!GetEventMessageFileDLL(KeyName, SourceName, EVENT_MESSAGE_FILE, SourceModuleName))
1668  goto Quit;
1669 
1670  /* Allocate space for insertion strings */
1671  szArguments = HeapAlloc(GetProcessHeap(), 0, pevlr->NumStrings * sizeof(LPVOID));
1672  if (!szArguments)
1673  goto Quit;
1674 
1675  if (!IsParamModNameCached)
1676  {
1677  /* Now that the parameter file list is loaded, no need to reload it at the next run! */
1678  IsParamModNameCached = GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName);
1679  // FIXME: If the string loading failed the first time, no need to retry it just after???
1680  }
1681 
1682  if (IsParamModNameCached)
1683  {
1684  /* Not yet support for reading messages from parameter message DLL */
1685  }
1686 
1687  szMessage = szStringArray;
1688  /*
1689  * HACK:
1690  * We do some hackish preformatting of the cached event strings...
1691  * That's because after we pass the string to FormatMessage
1692  * (via GetMessageStringFromDllList) with the FORMAT_MESSAGE_ARGUMENT_ARRAY
1693  * flag, instead of ignoring the insertion parameters and do the formatting
1694  * by ourselves. Therefore, the resulting string should have the parameter
1695  * string placeholders starting with a single '%' instead of a mix of one
1696  * and two '%'.
1697  */
1698  /* HACK part 1: Compute the full length of the string array */
1699  cch = 0;
1700  for (i = 0; i < pevlr->NumStrings; i++)
1701  {
1702  szMessage += wcslen(szMessage) + 1;
1703  }
1704  cch = szMessage - szStringArray;
1705 
1706  /* HACK part 2: Now do the HACK proper! */
1707  szMessage = szStringArray;
1708  for (i = 0; i < pevlr->NumStrings; i++)
1709  {
1710  lpMsgBuf = szMessage;
1711  while ((lpMsgBuf = wcsstr(lpMsgBuf, L"%%")))
1712  {
1713  if (iswdigit(lpMsgBuf[2]))
1714  {
1715  RtlMoveMemory(lpMsgBuf, lpMsgBuf+1, ((szStringArray + cch) - lpMsgBuf - 1) * sizeof(WCHAR));
1716  }
1717  }
1718 
1719  szArguments[i] = szMessage;
1720  szMessage += wcslen(szMessage) + 1;
1721  }
1722 
1723  /* Retrieve the message string without appending extra newlines */
1724  lpMsgBuf =
1725  GetMessageStringFromDllList(SourceModuleName,
1728  pevlr->EventID,
1729  0,
1730  (va_list*)szArguments);
1731  if (lpMsgBuf)
1732  {
1733  /* Trim the string */
1734  TrimNulls(lpMsgBuf);
1735 
1736  szMessage = NULL;
1737  Success = (ApplyParameterStringsToMessage(ParameterModuleName,
1738  TRUE,
1739  lpMsgBuf,
1740  &szMessage) == ERROR_SUCCESS);
1741  if (Success && szMessage)
1742  {
1743  /* Free the buffer allocated by FormatMessage */
1744  LocalFree(lpMsgBuf);
1745  lpMsgBuf = szMessage;
1746  }
1747 
1748  /* Copy the event text */
1749  StringCchCopyW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf);
1750 
1751  /* Free the buffer allocated by FormatMessage */
1752  LocalFree(lpMsgBuf);
1753  }
1754 
1755  HeapFree(GetProcessHeap(), 0, szArguments);
1756 
1757 Quit:
1758  if (!Success)
1759  {
1760  /* Get a read-only pointer to the "event-not-found" string */
1761  lpMsgBuf = HeapAlloc(GetProcessHeap(), 0, EVENT_MESSAGE_EVENTTEXT_BUFFER * sizeof(WCHAR));
1763  StringCchPrintfW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf, (pevlr->EventID & 0xFFFF), SourceName);
1764 
1765  /* Append the strings */
1766  szMessage = szStringArray;
1767  for (i = 0; i < pevlr->NumStrings; i++)
1768  {
1769  StringCchCatW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, szMessage);
1771  szMessage += wcslen(szMessage) + 1;
1772  }
1773  }
1774 
1775  return Success;
1776 }
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4693
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1450
#define TRUE
Definition: types.h:120
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
#define ERROR_SUCCESS
Definition: deptool.c:10
__wchar_t WCHAR
Definition: xmlstorage.h:180
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:405
#define iswdigit(_c)
Definition: ctype.h:667
#define EVENT_PARAMETER_MESSAGE_FILE
Definition: eventvwr.c:58
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:65
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:263
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:325
GLenum GLclampf GLint i
Definition: glfuncs.h:14
unsigned char * LPBYTE
Definition: typedefs.h:52
DWORD ApplyParameterStringsToMessage(IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
Definition: eventvwr.c:916
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:201
smooth NULL
Definition: ftsmooth.c:416
char * va_list
Definition: acmsvcex.h:78
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR L[]
Definition: oid.c:1087
#define EVENT_MESSAGE_EVENTTEXT_BUFFER
Definition: eventvwr.c:53
#define IDS_EVENTSTRINGIDNOTFOUND
Definition: resource.h:96
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define EVENT_MESSAGE_FILE
Definition: eventvwr.c:57
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
WCHAR SourceName[256]
Definition: arping.c:28
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1537
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:855
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394

◆ GetEventMessageFileDLL()

BOOL GetEventMessageFileDLL ( IN LPCWSTR  lpLogName,
IN LPCWSTR  SourceName,
IN LPCWSTR  EntryName,
OUT PWCHAR  lpModuleName 
)

Definition at line 1537 of file eventvwr.c.

Referenced by GetEventCategory(), and GetEventMessage().

1541 {
1542  BOOL Success = FALSE;
1543  LONG Result;
1544  DWORD dwType, dwSize;
1546  WCHAR szKeyName[MAX_PATH];
1547  HKEY hLogKey = NULL;
1548  HKEY hSourceKey = NULL;
1549 
1550  StringCbCopyW(szKeyName, sizeof(szKeyName), EVENTLOG_BASE_KEY);
1551  StringCbCatW(szKeyName, sizeof(szKeyName), lpLogName);
1552 
1553  Result = RegOpenKeyExW(hkMachine,
1554  szKeyName,
1555  0,
1556  KEY_READ,
1557  &hLogKey);
1558  if (Result != ERROR_SUCCESS)
1559  return FALSE;
1560 
1561  Result = RegOpenKeyExW(hLogKey,
1562  SourceName,
1563  0,
1565  &hSourceKey);
1566  if (Result != ERROR_SUCCESS)
1567  {
1568  RegCloseKey(hLogKey);
1569  return FALSE;
1570  }
1571 
1572  dwSize = sizeof(szModuleName);
1573  Result = RegQueryValueExW(hSourceKey,
1574  EntryName,
1575  NULL,
1576  &dwType,
1577  (LPBYTE)szModuleName,
1578  &dwSize);
1579  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
1580  {
1581  szModuleName[0] = UNICODE_NULL;
1582  }
1583  else
1584  {
1585  /* NULL-terminate the string and expand it */
1586  szModuleName[dwSize / sizeof(WCHAR) - 1] = UNICODE_NULL;
1587  GetExpandedFilePathName(lpComputerName, szModuleName, lpModuleName, ARRAYSIZE(szModuleName));
1588  Success = TRUE;
1589  }
1590 
1591  RegCloseKey(hSourceKey);
1592  RegCloseKey(hLogKey);
1593 
1594  return Success;
1595 }
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
#define KEY_READ
Definition: nt_native.h:1023
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define WCHAR
Definition: msvc.h:43
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:95
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:52
#define UNICODE_NULL
long LONG
Definition: pedump.c:60
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1464
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4134
#define MAX_PATH
Definition: compat.h:26
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:41
LPWSTR lpComputerName
Definition: eventvwr.c:91
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
WCHAR SourceName[256]
Definition: arping.c:28
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3381
LPCWSTR LPCWSTR szModuleName
Definition: env.c:35
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:54
#define REG_SZ
Definition: layer.c:22

◆ GetEventType()

VOID GetEventType ( IN WORD  dwEventType,
OUT PWCHAR  eventTypeText 
)

Definition at line 1779 of file eventvwr.c.

Referenced by EnumEventsThread().

1781 {
1782  switch (dwEventType)
1783  {
1784  case EVENTLOG_ERROR_TYPE:
1786  break;
1787  case EVENTLOG_WARNING_TYPE:
1789  break;
1792  break;
1793  case EVENTLOG_SUCCESS:
1795  break;
1798  break;
1801  break;
1802  default:
1804  break;
1805  }
1806 }
#define MAX_LOADSTRING
Definition: eventvwr.c:60
#define IDS_EVENTLOG_ERROR_TYPE
Definition: resource.h:101
#define IDS_EVENTLOG_INFORMATION_TYPE
Definition: resource.h:103
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define IDS_EVENTLOG_UNKNOWN_TYPE
Definition: resource.h:107
HINSTANCE hInst
Definition: eventvwr.c:65
#define IDS_EVENTLOG_SUCCESS
Definition: resource.h:106
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
#define IDS_EVENTLOG_AUDIT_FAILURE
Definition: resource.h:105
#define IDS_EVENTLOG_WARNING_TYPE
Definition: resource.h:102
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
#define IDS_EVENTLOG_AUDIT_SUCCESS
Definition: resource.h:104

◆ GetEventUserName()

BOOL GetEventUserName ( IN PEVENTLOGRECORD  pelr,
IN OUT PSID pLastSid,
OUT PWCHAR  pszUser 
)

Definition at line 1809 of file eventvwr.c.

Referenced by EnumEventsThread().

1812 {
1813  PSID pCurrentSid;
1814  PWSTR StringSid;
1815  WCHAR szName[1024];
1816  WCHAR szDomain[1024];
1818  DWORD cchName = ARRAYSIZE(szName);
1819  DWORD cchDomain = ARRAYSIZE(szDomain);
1820  BOOL Success = FALSE;
1821 
1822  /* Point to the SID */
1823  pCurrentSid = (PSID)((LPBYTE)pelr + pelr->UserSidOffset);
1824 
1825  if (!IsValidSid(pCurrentSid))
1826  {
1827  *pLastSid = NULL;
1828  return FALSE;
1829  }
1830  else if (*pLastSid && EqualSid(*pLastSid, pCurrentSid))
1831  {
1832  return TRUE;
1833  }
1834 
1835  /* User SID */
1836  if (pelr->UserSidLength > 0)
1837  {
1838  /*
1839  * Try to retrieve the user account name and domain name corresponding
1840  * to the SID. If it cannot be retrieved, try to convert the SID to a
1841  * string-form. It should not be bigger than the user-provided buffer
1842  * 'pszUser', otherwise we return an error.
1843  */
1845  pCurrentSid,
1846  szName,
1847  &cchName,
1848  szDomain,
1849  &cchDomain,
1850  &peUse))
1851  {
1852  StringCchCopyW(pszUser, MAX_PATH, szName);
1853  Success = TRUE;
1854  }
1855  else if (ConvertSidToStringSidW(pCurrentSid, &StringSid))
1856  {
1857  /* Copy the string only if the user-provided buffer is big enough */
1858  if (wcslen(StringSid) + 1 <= MAX_PATH) // + 1 for NULL-terminator
1859  {
1860  StringCchCopyW(pszUser, MAX_PATH, StringSid);
1861  Success = TRUE;
1862  }
1863  else
1864  {
1866  Success = FALSE;
1867  }
1868 
1869  /* Free the allocated buffer */
1870  LocalFree(StringSid);
1871  }
1872  }
1873 
1874  *pLastSid = Success ? pCurrentSid : NULL;
1875 
1876  return Success;
1877 }
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2684
#define TRUE
Definition: types.h:120
enum _SID_NAME_USE SID_NAME_USE
__wchar_t WCHAR
Definition: xmlstorage.h:180
uint16_t * PWSTR
Definition: typedefs.h:54
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:704
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3255
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2706
unsigned char * LPBYTE
Definition: typedefs.h:52
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
unsigned int BOOL
Definition: ntddk_ex.h:94
#define MAX_PATH
Definition: compat.h:26
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:409
struct _SID * PSID
Definition: eventlog.c:35
LPWSTR lpComputerName
Definition: eventvwr.c:91
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
static const WCHAR szName[]
Definition: msipriv.h:1194
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:694
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

◆ GetExpandedFilePathName()

DWORD GetExpandedFilePathName ( IN LPCWSTR ComputerName  OPTIONAL,
IN LPCWSTR  lpFileName,
OUT LPWSTR lpFullFileName  OPTIONAL,
IN DWORD  nSize 
)

Definition at line 1464 of file eventvwr.c.

Referenced by GetDisplayNameFileAndID(), GetEventMessageFileDLL(), and InitPropertiesDlg().

1469 {
1470  DWORD dwLength;
1471 
1472  /* Determine the needed size after expansion of any environment strings */
1473  dwLength = ExpandEnvironmentStringsW(lpFileName, NULL, 0);
1474  if (dwLength == 0)
1475  {
1476  /* We failed, bail out */
1477  return 0;
1478  }
1479 
1480  /* If the file path is on a remote computer, estimate its length */
1481  // FIXME: Use WNetGetUniversalName instead?
1482  if (ComputerName && *ComputerName)
1483  {
1484  /* Skip any leading backslashes */
1485  while (*ComputerName == L'\\')
1486  ++ComputerName;
1487 
1488  if (*ComputerName)
1489  {
1490  /* Count 2 backslashes plus the computer name and one backslash separator */
1491  dwLength += 2 + wcslen(ComputerName) + 1;
1492  }
1493  }
1494 
1495  /* Check whether we have enough space */
1496  if (dwLength > nSize)
1497  {
1498  /* No, return the needed size in characters (includes NULL-terminator) */
1499  return dwLength;
1500  }
1501 
1502 
1503  /* Now expand the file path */
1504  ASSERT(dwLength <= nSize);
1505 
1506  /* Expand any existing environment strings */
1507  if (ExpandEnvironmentStringsW(lpFileName, lpFullFileName, dwLength) == 0)
1508  {
1509  /* We failed, bail out */
1510  return 0;
1511  }
1512 
1513  /* If the file path is on a remote computer, retrieve the network share form of the file name */
1514  // FIXME: Use WNetGetUniversalName instead?
1515  if (ComputerName && *ComputerName)
1516  {
1517  /* Note that we previously skipped any potential leading backslashes */
1518 
1519  /* Replace ':' by '$' in the drive letter */
1520  if (*lpFullFileName && lpFullFileName[1] == L':')
1521  lpFullFileName[1] = L'$';
1522 
1523  /* Prepend the computer name */
1524  RtlMoveMemory(lpFullFileName + 2 + wcslen(ComputerName) + 1,
1525  lpFullFileName, dwLength * sizeof(WCHAR) - (2 + wcslen(ComputerName) + 1) * sizeof(WCHAR));
1526  lpFullFileName[0] = L'\\';
1527  lpFullFileName[1] = L'\\';
1528  wcsncpy(lpFullFileName + 2, ComputerName, wcslen(ComputerName));
1529  lpFullFileName[2 + wcslen(ComputerName)] = L'\\';
1530  }
1531 
1532  /* Return the number of stored characters (includes NULL-terminator) */
1533  return dwLength;
1534 }
__wchar_t WCHAR
Definition: xmlstorage.h:180
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2024
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:263
smooth NULL
Definition: ftsmooth.c:416
static DWORD DWORD * dwLength
Definition: fusion.c:83
unsigned long DWORD
Definition: ntddk_ex.h:95
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
static const WCHAR L[]
Definition: oid.c:1087
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
_In_ LPCSTR lpFileName
Definition: winbase.h:3011

◆ GetFileTimeString()

BOOL GetFileTimeString ( LPFILETIME  lpFileTime,
LPWSTR  pwszResult,
UINT  cchResult 
)

Definition at line 1229 of file eventvwr.c.

Referenced by CFileDefExt::InitFileAttr(), and InitPropertiesDlg().

1230 {
1231  FILETIME ft;
1232  SYSTEMTIME st;
1233  int cchWritten;
1234  size_t cchRemaining = cchResult;
1235  LPWSTR pwszEnd = pwszResult;
1236 
1237  if (!FileTimeToLocalFileTime(lpFileTime, &ft) || !FileTimeToSystemTime(&ft, &st))
1238  return FALSE;
1239 
1240  cchWritten = GetDateFormatW(LOCALE_USER_DEFAULT, DATE_LONGDATE, &st, NULL, pwszEnd, cchRemaining);
1241  if (cchWritten)
1242  --cchWritten; // GetDateFormatW returns count with terminating zero
1243  // else
1244  // ERR("GetDateFormatW failed\n");
1245 
1246  cchRemaining -= cchWritten;
1247  pwszEnd += cchWritten;
1248 
1249  StringCchCopyExW(pwszEnd, cchRemaining, L", ", &pwszEnd, &cchRemaining, 0);
1250 
1251  cchWritten = GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &st, NULL, pwszEnd, cchRemaining);
1252  if (cchWritten)
1253  --cchWritten; // GetTimeFormatW returns count with terminating zero
1254  // else
1255  // ERR("GetTimeFormatW failed\n");
1256 
1257  return TRUE;
1258 }
#define TRUE
Definition: types.h:120
#define LOCALE_USER_DEFAULT
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:211
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:178
static const WCHAR L[]
Definition: oid.c:1087
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:916
#define DATE_LONGDATE
Definition: winnls.h:194
WCHAR * LPWSTR
Definition: xmlstorage.h:184
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1016

◆ GetMessageStringFromDll()

LPWSTR GetMessageStringFromDll ( IN LPCWSTR  lpMessageDll,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 751 of file eventvwr.c.

Referenced by BuildLogListAndFilterList(), and GetMessageStringFromDllList().

757 {
759  DWORD dwLength;
760  LPWSTR lpMsgBuf = NULL;
761 
762  hLibrary = LoadLibraryExW(lpMessageDll, NULL,
763  /* LOAD_LIBRARY_AS_IMAGE_RESOURCE | */ LOAD_LIBRARY_AS_DATAFILE);
764  if (hLibrary == NULL)
765  return NULL;
766 
767  /* Sanitize dwFlags */
770 
771  _SEH2_TRY
772  {
773  /*
774  * Retrieve the message string without appending extra newlines.
775  * Wrap in SEH to protect from invalid string parameters.
776  */
777  _SEH2_TRY
778  {
779  dwLength = FormatMessageW(dwFlags,
780  /* FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE |
781  FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, */
782  hLibrary,
783  dwMessageId,
785  (LPWSTR)&lpMsgBuf,
786  nSize,
787  Arguments);
788  }
790  {
791  dwLength = 0;
792 
793  /*
794  * An exception occurred while calling FormatMessage, this is usually
795  * the sign that a parameter was invalid, either 'lpMsgBuf' was NULL
796  * but we did not pass the flag FORMAT_MESSAGE_ALLOCATE_BUFFER, or the
797  * array pointer 'Arguments' was NULL or did not contain enough elements,
798  * and we did not pass the flag FORMAT_MESSAGE_IGNORE_INSERTS, and the
799  * message string expected too many inserts.
800  * In this last case only, we can call again FormatMessage but ignore
801  * explicitly the inserts. The string that we will return to the user
802  * will not be pre-formatted.
803  */
804  if (((dwFlags & FORMAT_MESSAGE_ALLOCATE_BUFFER) || lpMsgBuf) &&
806  {
807  /* Remove any possible harmful flags and always ignore inserts */
810 
811  /* If this call also throws an exception, we are really dead */
812  dwLength = FormatMessageW(dwFlags,
813  hLibrary,
814  dwMessageId,
816  (LPWSTR)&lpMsgBuf,
817  nSize,
818  NULL /* Arguments */);
819  }
820  }
821  _SEH2_END;
822  }
824  {
825  FreeLibrary(hLibrary);
826  }
827  _SEH2_END;
828 
829  if (dwLength == 0)
830  {
831  ASSERT(lpMsgBuf == NULL);
832  lpMsgBuf = NULL;
833  }
834  else
835  {
836  LPWSTR ptr;
837 
838  ASSERT(lpMsgBuf);
839 
840  /* Trim any trailing whitespace */
841  ptr = lpMsgBuf + dwLength - 1;
842  while (iswspace(*ptr))
843  *ptr-- = UNICODE_NULL;
844  }
845 
846  return lpMsgBuf;
847 }
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:405
#define FORMAT_MESSAGE_FROM_STRING
Definition: winbase.h:402
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
Definition: loader.c:286
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2024
DWORD WINAPI FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, __ms_va_list *args)
Definition: format_msg.c:583
_SEH2_TRY
Definition: create.c:4250
#define UNICODE_NULL
static PVOID ptr
Definition: dispmode.c:27
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define FreeLibrary(x)
Definition: compat.h:405
static DWORD DWORD * dwLength
Definition: fusion.c:83
unsigned long DWORD
Definition: ntddk_ex.h:95
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define iswspace(_c)
Definition: ctype.h:669
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
HMODULE hLibrary
Definition: odbccp32.c:12
#define LOAD_LIBRARY_AS_DATAFILE
Definition: winbase.h:338
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
_SEH2_END
Definition: create.c:4424
_SEH2_FINALLY
Definition: create.c:4395
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LANG_USER_DEFAULT
Definition: tnerror.cpp:50

◆ GetMessageStringFromDllList()

LPWSTR GetMessageStringFromDllList ( IN LPCWSTR  lpMessageDllList,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 855 of file eventvwr.c.

Referenced by ApplyParameterStringsToMessage(), GetEventCategory(), and GetEventMessage().

861 {
862  BOOL Success = FALSE;
863  SIZE_T cbLength;
864  LPWSTR szMessageDllList;
865  LPWSTR szDll;
866  LPWSTR lpMsgBuf = NULL;
867 
868  /* Allocate a local buffer for the DLL list that can be tokenized */
869  // TODO: Optimize that!! Maybe we can cleverly use lpMessageDllList in read/write mode
870  // and cleverly temporarily replace the ';' by UNICODE_NULL, do our job, then reverse the change.
871  cbLength = (wcslen(lpMessageDllList) + 1) * sizeof(WCHAR);
872  szMessageDllList = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbLength);
873  if (!szMessageDllList)
874  return NULL;
875  RtlCopyMemory(szMessageDllList, lpMessageDllList, cbLength);
876 
877  /* Loop through the list of message DLLs */
878  szDll = wcstok(szMessageDllList, EVENT_DLL_SEPARATOR);
879  while ((szDll != NULL) && !Success)
880  {
881  // Uses LANG_USER_DEFAULT
882  lpMsgBuf = GetMessageStringFromDll(szDll,
883  dwFlags,
884  dwMessageId,
885  nSize,
886  Arguments);
887  if (lpMsgBuf)
888  {
889  /* The ID was found and the message was formatted */
890  Success = TRUE;
891  break;
892  }
893 
894  /*
895  * The DLL could not be loaded, or the message could not be found,
896  * try the next DLL, if any.
897  */
898  szDll = wcstok(NULL, EVENT_DLL_SEPARATOR);
899  }
900 
901  HeapFree(GetProcessHeap(), 0, szMessageDllList);
902 
903  return lpMsgBuf;
904 }
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
__wchar_t WCHAR
Definition: xmlstorage.h:180
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2024
_Check_return_ _CRTIMP wchar_t *__cdecl wcstok(_Inout_opt_z_ wchar_t *_Str, _In_z_ const wchar_t *_Delim)
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:751
#define EVENT_DLL_SEPARATOR
Definition: eventvwr.c:55
smooth NULL
Definition: ftsmooth.c:416
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
WCHAR * LPWSTR
Definition: xmlstorage.h:184
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394

◆ GetSelectedFilter()

PEVENTLOGFILTER GetSelectedFilter ( OUT HTREEITEM *phti  OPTIONAL)

Definition at line 2441 of file eventvwr.c.

Referenced by WndProc().

2442 {
2443  TVITEMEXW tvItemEx;
2444  HTREEITEM hti;
2445 
2446  if (phti)
2447  *phti = NULL;
2448 
2449  /* Get index of selected item */
2451  if (hti == NULL)
2452  return NULL; // No filter
2453 
2454  tvItemEx.mask = TVIF_PARAM;
2455  tvItemEx.hItem = hti;
2456 
2457  TreeView_GetItem(hwndTreeView, &tvItemEx);
2458 
2459  if (phti)
2460  *phti = tvItemEx.hItem;
2461 
2462  return (PEVENTLOGFILTER)tvItemEx.lParam;
2463 }
LPARAM lParam
Definition: commctrl.h:3322
smooth NULL
Definition: ftsmooth.c:416
#define TreeView_GetSelection(hwnd)
Definition: commctrl.h:3440
HWND hwndTreeView
Definition: eventvwr.c:82
HTREEITEM hItem
Definition: commctrl.h:3314
#define TVIF_PARAM
Definition: commctrl.h:3235
#define TreeView_GetItem(hwnd, pitem)
Definition: commctrl.h:3457

◆ InitInstance()

BOOL InitInstance ( HINSTANCE  hInstance)

Definition at line 3036 of file eventvwr.c.

Referenced by wWinMain().

3037 {
3038  RECT rcClient, rs;
3039  LONG StatusHeight;
3040  HIMAGELIST hSmall;
3041  LVCOLUMNW lvc = {0};
3042  WCHAR szTemp[256];
3043 
3044  /* Create the main window */
3045  rs = Settings.wpPos.rcNormalPosition;
3047  szTitle,
3049  rs.left, rs.top,
3050  (rs.right != CW_USEDEFAULT && rs.left != CW_USEDEFAULT) ? rs.right - rs.left : CW_USEDEFAULT,
3051  (rs.bottom != CW_USEDEFAULT && rs.top != CW_USEDEFAULT) ? rs.bottom - rs.top : CW_USEDEFAULT,
3052  NULL,
3053  NULL,
3054  hInstance,
3055  NULL);
3056  if (!hwndMainWindow)
3057  return FALSE;
3058 
3059  /* Create the status bar */
3060  hwndStatus = CreateWindowExW(0, // no extended styles
3061  STATUSCLASSNAMEW, // status bar
3062  L"", // no text
3063  WS_CHILD | WS_VISIBLE | CCS_BOTTOM | SBARS_SIZEGRIP, // styles
3064  0, 0, 0, 0, // x, y, cx, cy
3065  hwndMainWindow, // parent window
3066  (HMENU)100, // window ID
3067  hInstance, // instance
3068  NULL); // window data
3069 
3070  GetClientRect(hwndMainWindow, &rcClient);
3071  GetWindowRect(hwndStatus, &rs);
3072  StatusHeight = rs.bottom - rs.top;
3073 
3074  /* Create a progress bar in the status bar (hidden by default) */
3076  hwndStatusProgress = CreateWindowExW(0, // no extended styles
3077  PROGRESS_CLASSW, // status bar
3078  NULL, // no text
3079  WS_CHILD | PBS_SMOOTH, // styles
3080  rs.left, rs.top, // x, y
3081  rs.right - rs.left, rs.bottom - rs.top, // cx, cy
3082  hwndStatus, // parent window
3083  NULL, // window ID
3084  hInstance, // instance
3085  NULL); // window data
3086  /* Remove its static edge */
3090 
3091  /* Initialize the splitter default positions */
3092  nVSplitPos = Settings.nVSplitPos;
3093  nHSplitPos = Settings.nHSplitPos;
3094 
3095  /* Create the TreeView */
3097  WC_TREEVIEWW,
3098  NULL,
3099  // WS_CHILD | WS_VISIBLE | TVS_HASLINES | TVS_SHOWSELALWAYS,
3101  0, 0,
3102  nVSplitPos - SPLIT_WIDTH/2,
3103  (rcClient.bottom - rcClient.top) - StatusHeight,
3105  NULL,
3106  hInstance,
3107  NULL);
3108 
3109  /* Create the ImageList */
3112  ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3113  1, 1);
3114 
3115  /* Add event type icons to the ImageList: closed/opened folder, event log (normal/viewed) */
3120 
3121  /* Assign the ImageList to the Tree View */
3123 
3124  /* Add the event logs nodes */
3125  // "System Logs"
3126  LoadStringW(hInstance, IDS_EVENTLOG_SYSTEM, szTemp, ARRAYSIZE(szTemp));
3128  // "Application Logs"
3129  LoadStringW(hInstance, IDS_EVENTLOG_APP, szTemp, ARRAYSIZE(szTemp));
3130  htiAppLogs = TreeViewAddItem(hwndTreeView, NULL, szTemp, 0, 1, (LPARAM)NULL);
3131  // "User Logs"
3132  LoadStringW(hInstance, IDS_EVENTLOG_USER, szTemp, ARRAYSIZE(szTemp));
3134 
3135  /* Create the Event details pane (optional) */
3137  if (hwndEventDetails)
3138  {
3142  nVSplitPos + SPLIT_WIDTH/2,
3143  nHSplitPos + SPLIT_WIDTH/2,
3144  (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3145  (rcClient.bottom - rcClient.top) - nHSplitPos - SPLIT_WIDTH/2 - StatusHeight,
3147  }
3148 
3149  /* Create the ListView */
3151  WC_LISTVIEWW,
3152  NULL,
3154  nVSplitPos + SPLIT_WIDTH/2,
3155  0,
3156  (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3157  hwndEventDetails && Settings.bShowDetailsPane
3158  ? nHSplitPos - SPLIT_WIDTH/2
3159  : (rcClient.bottom - rcClient.top) - StatusHeight,
3161  NULL,
3162  hInstance,
3163  NULL);
3164 
3165  /* Add the extended ListView styles */
3167 
3168  /* Create the ImageList */
3171  ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3172  1, 1);
3173 
3174  /* Add event type icons to the ImageList */
3180 
3181  /* Assign the ImageList to the List View */
3183 
3184  /* Now set up the listview with its columns */
3185  lvc.mask = LVCF_TEXT | LVCF_WIDTH;
3186  lvc.cx = 90;
3187  LoadStringW(hInstance,
3189  szTemp,
3190  ARRAYSIZE(szTemp));
3191  lvc.pszText = szTemp;
3193 
3194  lvc.cx = 70;
3195  LoadStringW(hInstance,
3197  szTemp,
3198  ARRAYSIZE(szTemp));
3199  lvc.pszText = szTemp;
3201 
3202  lvc.cx = 70;
3203  LoadStringW(hInstance,
3205  szTemp,
3206  ARRAYSIZE(szTemp));
3207  lvc.pszText = szTemp;
3209 
3210  lvc.cx = 150;
3211  LoadStringW(hInstance,
3213  szTemp,
3214  ARRAYSIZE(szTemp));
3215  lvc.pszText = szTemp;
3217 
3218  lvc.cx = 100;
3219  LoadStringW(hInstance,
3221  szTemp,
3222  ARRAYSIZE(szTemp));
3223  lvc.pszText = szTemp;
3225 
3226  lvc.cx = 60;
3227  LoadStringW(hInstance,
3229  szTemp,
3230  ARRAYSIZE(szTemp));
3231  lvc.pszText = szTemp;
3233 
3234  lvc.cx = 120;
3235  LoadStringW(hInstance,
3237  szTemp,
3238  ARRAYSIZE(szTemp));
3239  lvc.pszText = szTemp;
3241 
3242  lvc.cx = 100;
3243  LoadStringW(hInstance,
3245  szTemp,
3246  ARRAYSIZE(szTemp));
3247  lvc.pszText = szTemp;
3249 
3250  /* Initialize the save Dialog */
3251  ZeroMemory(&sfn, sizeof(sfn));
3253 
3255 
3256  sfn.lStructSize = sizeof(sfn);
3262  sfn.lpstrDefExt = NULL;
3263 
3264  ShowWindow(hwndMainWindow, Settings.wpPos.showCmd);
3266 
3267  return TRUE;
3268 }
#define STATUSCLASSNAMEW
Definition: commctrl.h:1906
HINSTANCE hInstance
Definition: commdlg.h:362
DWORD Flags
Definition: commdlg.h:373
#define TRUE
Definition: types.h:120
#define WC_TREEVIEWW
Definition: commctrl.h:3210
#define PBS_SMOOTH
Definition: commctrl.h:2150
LPCWSTR lpstrFilter
Definition: commdlg.h:363
#define LVCF_WIDTH
Definition: commctrl.h:2557
#define LVSIL_SMALL
Definition: commctrl.h:2269
#define LVCF_TEXT
Definition: commctrl.h:2558
LPCWSTR lpstrInitialDir
Definition: commdlg.h:371
INT nHSplitPos
Definition: eventvwr.c:74
#define LVS_SHOWSELALWAYS
Definition: commctrl.h:2237
#define IDI_EVENTVWR
Definition: resource.h:4
static const LPCWSTR EVENTVWR_WNDCLASS
Definition: eventvwr.c:40
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define LVS_REPORT
Definition: commctrl.h:2232
#define TVS_LINESATROOT
Definition: commctrl.h:3216
#define WC_LISTVIEWW
Definition: commctrl.h:2227
BOOL WINAPI UpdateWindow(_In_ HWND)
HTREEITEM htiSystemLogs
Definition: eventvwr.c:89
#define LVS_EX_FULLROWSELECT
Definition: commctrl.h:2704
LONG top
Definition: windef.h:297
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:937
#define ZeroMemory
Definition: winbase.h:1635
#define GWL_EXSTYLE
Definition: winuser.h:845
#define SM_CYSMICON
Definition: winuser.h:1003
#define WS_CHILD
Definition: pedump.c:617
#define GetWindowLongPtrW
Definition: winuser.h:4698
LONG left
Definition: windef.h:296
#define SWP_NOZORDER
Definition: winuser.h:1232
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
#define WS_CLIPCHILDREN
Definition: pedump.c:619
LONG right
Definition: windef.h:298
#define IDI_INFORMATIONICON
Definition: resource.h:8
HWND hwndStatus
Definition: eventvwr.c:85
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define CreateWindowW(a, b, c, d, e, f, g, h, i, j, k)
Definition: winuser.h:4185
#define IDS_COLUMNCATEGORY
Definition: resource.h:115
HINSTANCE hInst
Definition: eventvwr.c:65
#define SPLIT_WIDTH
Definition: eventvwr.c:62
HWND hwndEventDetails
Definition: eventvwr.c:84
DWORD lStructSize
Definition: commdlg.h:360
#define SWP_HIDEWINDOW
Definition: winuser.h:1226
HWND hwndMainWindow
Definition: eventvwr.c:81
#define StatusBar_GetItemRect(hwndCtl, index, lprc)
Definition: eventvwr.h:64
#define ILC_COLOR32
Definition: commctrl.h:343
#define IDS_COLUMNSOURCE
Definition: resource.h:114
HINSTANCE hInstance
Definition: charmap.c:20
LPCWSTR lpstrDefExt
Definition: commdlg.h:376
#define ListView_InsertColumn(hwnd, iCol, pcol)
Definition: commctrl.h:2606
HIMAGELIST WINAPI ImageList_Create(INT cx, INT cy, UINT flags, INT cInitial, INT cGrow)
Definition: imagelist.c:769
#define IDS_COLUMNUSER
Definition: resource.h:117
#define IDI_AUDITFAILUREICON
Definition: resource.h:12
long LONG
Definition: pedump.c:60
#define IDS_SAVE_FILTER
Definition: resource.h:94
LONG_PTR LPARAM
Definition: windef.h:208
#define TVS_HASBUTTONS
Definition: commctrl.h:3214
#define CW_USEDEFAULT
Definition: winuser.h:225
HWND hwndListView
Definition: eventvwr.c:83
#define ListView_SetImageList(hwnd, himl, iImageList)
Definition: commctrl.h:2274
#define LVS_EX_HEADERDRAGDROP
Definition: commctrl.h:2703
smooth NULL
Definition: ftsmooth.c:416
HTREEITEM htiUserLogs
Definition: eventvwr.c:89
#define IDS_EVENTLOG_USER
Definition: resource.h:93
#define TreeView_SetImageList(hwnd, himl, iImage)
Definition: commctrl.h:3414
#define PROGRESS_CLASSW
Definition: commctrl.h:2146
#define IDS_COLUMNTIME
Definition: resource.h:113
#define IDS_EVENTLOG_SYSTEM
Definition: resource.h:91
#define CCS_BOTTOM
Definition: commctrl.h:2214
HWND hwndStatusProgress
Definition: eventvwr.c:86
#define IDI_AUDITSUCCESSICON
Definition: resource.h:11
OPENFILENAMEW sfn
Definition: eventvwr.c:118
#define SBARS_SIZEGRIP
Definition: commctrl.h:1893