ReactOS  0.4.14-dev-77-gd9e7c48
eventvwr.c File Reference
#include "eventvwr.h"
#include "evtdetctl.h"
#include <sddl.h>
#include <shellapi.h>
#include <shlwapi.h>
Include dependency graph for eventvwr.c:

Go to the source code of this file.

Classes

struct  _SETTINGS
 
struct  param_strings_format_data
 

Macros

#define LVM_PROGRESS   (WM_APP + 1)
 
#define EVENT_MESSAGE_EVENTTEXT_BUFFER   1024*10
 
#define EVENT_MESSAGE_FILE_BUFFER   1024*10
 
#define EVENT_DLL_SEPARATOR   L";"
 
#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"
 
#define EVENT_MESSAGE_FILE   L"EventMessageFile"
 
#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"
 
#define MAX_LOADSTRING   255
 
#define SPLIT_WIDTH   4
 

Typedefs

typedef struct _SETTINGS SETTINGS
 
typedef struct _SETTINGSPSETTINGS
 

Functions

static DWORD WINAPI StartStopEnumEventsThread (IN LPVOID lpParameter)
 
VOID OpenUserEventLogFile (IN LPCWSTR lpszFileName)
 
VOID BuildLogListAndFilterList (IN LPCWSTR lpComputerName)
 
VOID FreeLogList (VOID)
 
VOID FreeLogFilterList (VOID)
 
ATOM MyRegisterClass (HINSTANCE)
 
BOOL InitInstance (HINSTANCE)
 
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM)
 
INT_PTR EventLogProperties (HINSTANCE, HWND, PEVENTLOGFILTER)
 
INT_PTR CALLBACK EventDetails (HWND, UINT, WPARAM, LPARAM)
 
VOID ShowWin32Error (IN DWORD dwError)
 
VOID DisplayUsage (VOID)
 
BOOL ProcessCmdLine (IN LPWSTR lpCmdLine)
 
BOOL LoadSettings (int nDefCmdShow)
 
BOOL SaveSettings (VOID)
 
int APIENTRY wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
 
VOID EventTimeToSystemTime (IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
 
LPWSTR GetMessageStringFromDll (IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
LPWSTR GetMessageStringFromDllList (IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
DWORD ApplyParameterStringsToMessage (IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
 
UINT FormatInteger (LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
 
UINT FormatByteSize (LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
 
LPWSTR FormatFileSizeWithBytes (const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
 
BOOL GetFileTimeString (LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
 
HTREEITEM TreeViewAddItem (IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
 
PEVENTLOG AllocEventLog (IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
 
VOID EventLog_Free (IN PEVENTLOG EventLog)
 
PWSTR AllocAndCopyMultiStr (IN PCWSTR MultiStr OPTIONAL)
 
PEVENTLOGFILTER AllocEventLogFilter (IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
 
VOID EventLogFilter_Free (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_AddRef (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_Release (IN PEVENTLOGFILTER EventLogFilter)
 
void TrimNulls (LPWSTR s)
 
DWORD GetExpandedFilePathName (IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
 
BOOL GetEventMessageFileDLL (IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
 
BOOL GetEventCategory (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
 
BOOL GetEventMessage (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR EventText)
 
VOID GetEventType (IN WORD dwEventType, OUT PWCHAR eventTypeText)
 
BOOL GetEventUserName (IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
 
static VOID FreeRecords (VOID)
 
BOOL FilterByType (IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
 
BOOL FilterByString (IN PCWSTR FilterString, IN PWSTR String)
 
static DWORD WINAPI EnumEventsThread (IN LPVOID lpParameter)
 
VOID EnumEvents (IN PEVENTLOGFILTER EventLogFilter)
 
PEVENTLOGFILTER GetSelectedFilter (OUT HTREEITEM *phti OPTIONAL)
 
VOID OpenUserEventLog (VOID)
 
VOID SaveEventLog (IN PEVENTLOGFILTER EventLogFilter)
 
VOID CloseUserEventLog (IN PEVENTLOGFILTER EventLogFilter, IN HTREEITEM hti)
 
BOOL ClearEvents (IN PEVENTLOGFILTER EventLogFilter)
 
VOID Refresh (IN PEVENTLOGFILTER EventLogFilter)
 
BOOL GetDisplayNameFileAndID (IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
 
VOID ResizeWnd (INT cx, INT cy)
 
static VOID InitPropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
INT_PTR CALLBACK EventLogPropProc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 

Variables

static const LPCWSTR EVENTVWR_WNDCLASS = L"EVENTVWR"
 
static const LPCWSTR EVENTLOG_BASE_KEY = L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
 
static const LPCWSTR EVNTVWR_PARAM_KEY = L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Event Viewer"
 
static const LPCWSTR SystemLogs []
 
HINSTANCE hInst
 
WCHAR szTitle [MAX_LOADSTRING]
 
WCHAR szTitleTemplate [MAX_LOADSTRING]
 
WCHAR szStatusBarTemplate [MAX_LOADSTRING]
 
WCHAR szLoadingWait [MAX_LOADSTRING]
 
WCHAR szEmptyList [MAX_LOADSTRING]
 
WCHAR szSaveFilter [MAX_LOADSTRING]
 
INT nVSplitPos
 
INT nHSplitPos
 
BYTE bSplit = 0
 
HWND hwndMainWindow = NULL
 
HWND hwndTreeView
 
HWND hwndListView
 
HWND hwndEventDetails
 
HWND hwndStatus
 
HWND hwndStatusProgress
 
HMENU hMainMenu
 
HTREEITEM htiSystemLogs = NULL
 
HTREEITEM htiAppLogs = NULL
 
HTREEITEM htiUserLogs = NULL
 
LPWSTR lpComputerName = NULL
 
LPWSTR lpszzUserLogsToLoad = NULL
 
SIZE_T cbUserLogsSize = 0
 
HKEY hkMachine = NULL
 
DWORD g_TotalRecords = 0
 
PEVENTLOGRECORDg_RecordPtrs = NULL
 
LIST_ENTRY EventLogList
 
LIST_ENTRY EventLogFilterList
 
PEVENTLOGFILTER ActiveFilter = NULL
 
HANDLE hEnumEventsThread = NULL
 
HANDLE hStopEnumEvent = NULL
 
PEVENTLOGFILTER EnumFilter = NULL
 
HANDLE hStartStopEnumEvent = NULL
 
HANDLE hStartEnumEvent = NULL
 
OPENFILENAMEW sfn
 
SETTINGS Settings
 
static HWND hWndDetailsCtrl = NULL
 
static HWND hWndGrip = NULL
 
static INT cxMin
 
static INT cyMin
 
static INT cxOld
 
static INT cyOld
 

Macro Definition Documentation

◆ EVENT_CATEGORY_MESSAGE_FILE

#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"

Definition at line 56 of file eventvwr.c.

◆ EVENT_DLL_SEPARATOR

#define EVENT_DLL_SEPARATOR   L";"

Definition at line 55 of file eventvwr.c.

◆ EVENT_MESSAGE_EVENTTEXT_BUFFER

#define EVENT_MESSAGE_EVENTTEXT_BUFFER   1024*10

Definition at line 53 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE

#define EVENT_MESSAGE_FILE   L"EventMessageFile"

Definition at line 57 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE_BUFFER

#define EVENT_MESSAGE_FILE_BUFFER   1024*10

Definition at line 54 of file eventvwr.c.

◆ EVENT_PARAMETER_MESSAGE_FILE

#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"

Definition at line 58 of file eventvwr.c.

◆ LVM_PROGRESS

#define LVM_PROGRESS   (WM_APP + 1)

Definition at line 38 of file eventvwr.c.

◆ MAX_LOADSTRING

#define MAX_LOADSTRING   255

Definition at line 60 of file eventvwr.c.

◆ SPLIT_WIDTH

#define SPLIT_WIDTH   4

Definition at line 62 of file eventvwr.c.

Typedef Documentation

◆ PSETTINGS

◆ SETTINGS

Function Documentation

◆ AllocAndCopyMultiStr()

PWSTR AllocAndCopyMultiStr ( IN PCWSTR MultiStr  OPTIONAL)

Definition at line 1351 of file eventvwr.c.

1352 {
1353  PWSTR pStr;
1354  ULONG Length;
1355 
1356  if (!MultiStr)
1357  return NULL;
1358 
1359  pStr = (PWSTR)MultiStr;
1360  while (*pStr) pStr += (wcslen(pStr) + 1);
1361  Length = MultiStr - pStr + 2;
1362 
1363  pStr = HeapAlloc(GetProcessHeap(), 0, Length * sizeof(WCHAR));
1364  // NOTE: If we failed allocating the string, then fall back into no filter!
1365  if (pStr)
1366  RtlCopyMemory(pStr, MultiStr, Length * sizeof(WCHAR));
1367 
1368  return pStr;
1369 }
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
uint16_t * PWSTR
Definition: typedefs.h:54
smooth NULL
Definition: ftsmooth.c:416
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
unsigned int ULONG
Definition: retypes.h:1
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by AllocEventLogFilter().

◆ AllocEventLog()

PEVENTLOG AllocEventLog ( IN PCWSTR ComputerName  OPTIONAL,
IN PCWSTR  LogName,
IN BOOL  Permanent 
)

Definition at line 1296 of file eventvwr.c.

1299 {
1300  PEVENTLOG EventLog;
1301  SIZE_T cchName;
1302 
1303  /* Allocate a new event log entry */
1304  EventLog = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*EventLog));
1305  if (!EventLog)
1306  return NULL;
1307 
1308  /* Allocate the computer name string (optional) and copy it */
1309  if (ComputerName)
1310  {
1311  cchName = wcslen(ComputerName) + 1;
1312  EventLog->ComputerName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1313  if (EventLog->ComputerName)
1314  StringCchCopyW(EventLog->ComputerName, cchName, ComputerName);
1315  }
1316 
1317  /* Allocate the event log name string and copy it */
1318  cchName = wcslen(LogName) + 1;
1319  EventLog->LogName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1320  if (!EventLog->LogName)
1321  {
1322  if (EventLog->ComputerName)
1323  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1324  HeapFree(GetProcessHeap(), 0, EventLog);
1325  return NULL;
1326  }
1327  StringCchCopyW(EventLog->LogName, cchName, LogName);
1328 
1329  EventLog->Permanent = Permanent;
1330 
1331  return EventLog;
1332 }
PWSTR LogName
Definition: eventvwr.h:90
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2706
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
smooth NULL
Definition: ftsmooth.c:416
PWSTR ComputerName
Definition: eventvwr.h:87
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
BOOL Permanent
Definition: eventvwr.h:94
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ AllocEventLogFilter()

PEVENTLOGFILTER AllocEventLogFilter ( IN BOOL  Information,
IN BOOL  Warning,
IN BOOL  Error,
IN BOOL  AuditSuccess,
IN BOOL  AuditFailure,
IN PCWSTR Sources  OPTIONAL,
IN PCWSTR Users  OPTIONAL,
IN PCWSTR ComputerNames  OPTIONAL,
IN ULONG  NumOfEventLogs,
IN PEVENTLOG EventLogs 
)

Definition at line 1372 of file eventvwr.c.

1383 {
1384  PEVENTLOGFILTER EventLogFilter;
1385 
1386  /* Allocate a new event log filter entry, big enough to accommodate the list of logs */
1387  EventLogFilter = HeapAlloc(GetProcessHeap(),
1389  FIELD_OFFSET(EVENTLOGFILTER, EventLogs[NumOfEventLogs]));
1390  if (!EventLogFilter)
1391  return NULL;
1392 
1393  EventLogFilter->Information = Information;
1394  EventLogFilter->Warning = Warning;
1395  EventLogFilter->Error = Error;
1396  EventLogFilter->AuditSuccess = AuditSuccess;
1397  EventLogFilter->AuditFailure = AuditFailure;
1398 
1399  /* Allocate and copy the sources, users, and computers multi-strings */
1400  EventLogFilter->Sources = AllocAndCopyMultiStr(Sources);
1401  EventLogFilter->Users = AllocAndCopyMultiStr(Users);
1402  EventLogFilter->ComputerNames = AllocAndCopyMultiStr(ComputerNames);
1403 
1404  /* Copy the list of event logs */
1405  EventLogFilter->NumOfEventLogs = NumOfEventLogs;
1406  RtlCopyMemory(EventLogFilter->EventLogs, EventLogs, NumOfEventLogs * sizeof(PEVENTLOG));
1407 
1408  /* Initialize the filter reference count */
1409  EventLogFilter->ReferenceCount = 1;
1410 
1411  return EventLogFilter;
1412 }
BOOL AuditSuccess
Definition: eventvwr.h:117
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
BOOL Information
Definition: eventvwr.h:114
ULONG NumOfEventLogs
Definition: eventvwr.h:134
BOOL AuditFailure
Definition: eventvwr.h:118
PWSTR ComputerNames
Definition: eventvwr.h:131
smooth NULL
Definition: ftsmooth.c:416
PWSTR AllocAndCopyMultiStr(IN PCWSTR MultiStr OPTIONAL)
Definition: eventvwr.c:1351
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
BOOL Error
Definition: chkdsk.c:66
LONG ReferenceCount
Definition: eventvwr.h:106
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
Iosb Information
Definition: create.c:4377

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ ApplyParameterStringsToMessage()

DWORD ApplyParameterStringsToMessage ( IN LPCWSTR  lpMessageDllList,
IN BOOL  bMessagePreFormatted,
IN CONST LPCWSTR  pMessage,
OUT LPWSTR pFinalMessage 
)

Definition at line 916 of file eventvwr.c.

921 {
922  /*
923  * This code is heavily adapted from the MSDN example:
924  * https://msdn.microsoft.com/en-us/library/windows/desktop/bb427356.aspx
925  * with bugs removed.
926  */
927 
929  DWORD dwParamCount = 0; // Number of insertion strings found in pMessage
930  size_t cchBuffer = 0; // Size of the buffer in characters
931  size_t cchParams = 0; // Number of characters in all the parameter strings
932  size_t cch = 0;
933  DWORD i = 0;
934  param_strings_format_data* pParamData = NULL; // Array of pointers holding information about each parameter string in pMessage
935  LPWSTR pTempMessage = (LPWSTR)pMessage;
936  LPWSTR pTempFinalMessage = NULL;
937 
938  *pFinalMessage = NULL;
939 
940  /* Determine the number of parameter insertion strings in pMessage */
941  if (bMessagePreFormatted)
942  {
943  while ((pTempMessage = wcschr(pTempMessage, L'%')))
944  {
945  pTempMessage++;
946  if (iswdigit(*pTempMessage))
947  {
948  dwParamCount++;
949  while (iswdigit(*++pTempMessage)) ;
950  }
951  }
952  }
953  else
954  {
955  while ((pTempMessage = wcsstr(pTempMessage, L"%%")))
956  {
957  pTempMessage += 2;
958  if (iswdigit(*pTempMessage))
959  {
960  dwParamCount++;
961  while (iswdigit(*++pTempMessage)) ;
962  }
963  }
964  }
965 
966  /* If there are no parameter insertion strings in pMessage, just return */
967  if (dwParamCount == 0)
968  {
969  // *pFinalMessage = NULL;
970  goto Cleanup;
971  }
972 
973  /* Allocate the array of parameter string format data */
974  pParamData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwParamCount * sizeof(param_strings_format_data));
975  if (!pParamData)
976  {
978  goto Cleanup;
979  }
980 
981  /*
982  * Retrieve each parameter in pMessage and the beginning and end of the
983  * insertion string, as well as the message identifier of the parameter.
984  */
985  pTempMessage = (LPWSTR)pMessage;
986  if (bMessagePreFormatted)
987  {
988  while ((pTempMessage = wcschr(pTempMessage, L'%')) && (i < dwParamCount))
989  {
990  pTempMessage++;
991  if (iswdigit(*pTempMessage))
992  {
993  pParamData[i].pStartingAddress = pTempMessage-1;
994  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
995 
996  while (iswdigit(*++pTempMessage)) ;
997 
998  pParamData[i].pEndingAddress = pTempMessage;
999  i++;
1000  }
1001  }
1002  }
1003  else
1004  {
1005  while ((pTempMessage = wcsstr(pTempMessage, L"%%")) && (i < dwParamCount))
1006  {
1007  pTempMessage += 2;
1008  if (iswdigit(*pTempMessage))
1009  {
1010  pParamData[i].pStartingAddress = pTempMessage-2;
1011  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
1012 
1013  while (iswdigit(*++pTempMessage)) ;
1014 
1015  pParamData[i].pEndingAddress = pTempMessage;
1016  i++;
1017  }
1018  }
1019  }
1020 
1021  /* Retrieve each parameter string */
1022  for (i = 0; i < dwParamCount; i++)
1023  {
1024  // pParamData[i].pParameter = GetMessageString(pParamData[i].pParameterID, 0, NULL);
1025  pParamData[i].pParameter =
1026  GetMessageStringFromDllList(lpMessageDllList,
1029  pParamData[i].pParameterID,
1030  0, NULL);
1031  if (!pParamData[i].pParameter)
1032  {
1033  /* Skip the insertion string */
1034  continue;
1035  }
1036 
1037  cchParams += wcslen(pParamData[i].pParameter);
1038  }
1039 
1040  /*
1041  * Allocate the final message buffer, the size of which is based on the
1042  * length of the original message and the length of each parameter string.
1043  */
1044  cchBuffer = wcslen(pMessage) + cchParams + 1;
1045  *pFinalMessage = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cchBuffer * sizeof(WCHAR));
1046  if (!*pFinalMessage)
1047  {
1049  goto Cleanup;
1050  }
1051 
1052  pTempFinalMessage = *pFinalMessage;
1053 
1054  /* Build the final message string */
1055  pTempMessage = (LPWSTR)pMessage;
1056  for (i = 0; i < dwParamCount; i++)
1057  {
1058  /* Append the segment from pMessage */
1059  cch = pParamData[i].pStartingAddress - pTempMessage;
1060  StringCchCopyNW(pTempFinalMessage, cchBuffer, pTempMessage, cch);
1061  pTempMessage = pParamData[i].pEndingAddress;
1062  cchBuffer -= cch;
1063  pTempFinalMessage += cch;
1064 
1065  /* Append the parameter string */
1066  if (pParamData[i].pParameter)
1067  {
1068  StringCchCopyW(pTempFinalMessage, cchBuffer, pParamData[i].pParameter);
1069  cch = wcslen(pParamData[i].pParameter); // pTempFinalMessage
1070  }
1071  else
1072  {
1073  /*
1074  * We failed to retrieve the parameter string before, so just
1075  * place back the original string placeholder.
1076  */
1077  cch = pParamData[i].pEndingAddress /* == pTempMessage */ - pParamData[i].pStartingAddress;
1078  StringCchCopyNW(pTempFinalMessage, cchBuffer, pParamData[i].pStartingAddress, cch);
1079  // cch = wcslen(pTempFinalMessage);
1080  }
1081  cchBuffer -= cch;
1082  pTempFinalMessage += cch;
1083  }
1084 
1085  /* Append the last segment from pMessage */
1086  StringCchCopyW(pTempFinalMessage, cchBuffer, pTempMessage);
1087 
1088 Cleanup:
1089 
1090  // if (Status != ERROR_SUCCESS)
1091  // *pFinalMessage = NULL;
1092 
1093  if (pParamData)
1094  {
1095  for (i = 0; i < dwParamCount; i++)
1096  {
1097  if (pParamData[i].pParameter)
1098  LocalFree(pParamData[i].pParameter);
1099  }
1100 
1101  HeapFree(GetProcessHeap(), 0, pParamData);
1102  }
1103 
1104  return Status;
1105 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
#define ERROR_SUCCESS
Definition: deptool.c:10
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define iswdigit(_c)
Definition: ctype.h:667
#define DWORD
Definition: nt_native.h:44
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
static DWORD cchBuffer
Definition: fusion.c:83
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:201
smooth NULL
Definition: ftsmooth.c:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR L[]
Definition: oid.c:1250
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Definition: gdiplustypes.h:24
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
_Check_return_ _CRTIMP long __cdecl _wtol(_In_z_ const wchar_t *_Str)
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:855
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

Referenced by GetEventMessage().

◆ BuildLogListAndFilterList()

VOID BuildLogListAndFilterList ( IN LPCWSTR  lpComputerName)

Definition at line 2796 of file eventvwr.c.

2797 {
2798  LONG Result;
2799  HKEY hEventLogKey, hLogKey;
2800  DWORD dwNumLogs = 0;
2801  DWORD dwIndex, dwMaxKeyLength;
2802  DWORD dwType;
2803  PEVENTLOG EventLog;
2804  PEVENTLOGFILTER EventLogFilter;
2805  LPWSTR LogName = NULL;
2807  DWORD lpcName;
2808  DWORD dwMessageID;
2810  HTREEITEM hRootNode = NULL, hItem = NULL, hItemDefault = NULL;
2811 
2813  {
2814  /* We are connected to some other computer, close the old connection */
2816  hkMachine = NULL;
2817  }
2818  if (!lpComputerName || !*lpComputerName)
2819  {
2820  /* Use the local computer registry */
2822  }
2823  else
2824  {
2825  /* Connect to the remote computer registry */
2827  if (Result != ERROR_SUCCESS)
2828  {
2829  /* Connection failed, display a message and bail out */
2830  hkMachine = NULL;
2832  return;
2833  }
2834  }
2835 
2836  /* Open the EventLog key */
2837  Result = RegOpenKeyExW(hkMachine, EVENTLOG_BASE_KEY, 0, KEY_READ, &hEventLogKey);
2838  if (Result != ERROR_SUCCESS)
2839  {
2840  return;
2841  }
2842 
2843  /* Retrieve the number of event logs enumerated as registry keys */
2844  Result = RegQueryInfoKeyW(hEventLogKey, NULL, NULL, NULL, &dwNumLogs, &dwMaxKeyLength,
2845  NULL, NULL, NULL, NULL, NULL, NULL);
2846  if (Result != ERROR_SUCCESS)
2847  {
2848  goto Quit;
2849  }
2850  if (!dwNumLogs)
2851  goto Quit;
2852 
2853  /* Take the NULL terminator into account */
2854  ++dwMaxKeyLength;
2855 
2856  /* Allocate the temporary buffer */
2857  LogName = HeapAlloc(GetProcessHeap(), 0, dwMaxKeyLength * sizeof(WCHAR));
2858  if (!LogName)
2859  goto Quit;
2860 
2861  /* Enumerate and retrieve each event log name */
2862  for (dwIndex = 0; dwIndex < dwNumLogs; dwIndex++)
2863  {
2864  lpcName = dwMaxKeyLength;
2865  Result = RegEnumKeyExW(hEventLogKey, dwIndex, LogName, &lpcName, NULL, NULL, NULL, NULL);
2866  if (Result != ERROR_SUCCESS)
2867  continue;
2868 
2869  /* Take the NULL terminator into account */
2870  ++lpcName;
2871 
2872  /* Allocate a new event log entry */
2873  EventLog = AllocEventLog(lpComputerName, LogName, TRUE);
2874  if (EventLog == NULL)
2875  continue;
2876 
2877  /* Allocate a new event log filter entry for this event log */
2878  EventLogFilter = AllocEventLogFilter(// LogName,
2879  TRUE, TRUE, TRUE, TRUE, TRUE,
2880  NULL, NULL, NULL,
2881  1, &EventLog);
2882  if (EventLogFilter == NULL)
2883  {
2884  EventLog_Free(EventLog);
2885  continue;
2886  }
2887 
2888  /* Add the event log and the filter into their lists */
2889  InsertTailList(&EventLogList, &EventLog->ListEntry);
2890  InsertTailList(&EventLogFilterList, &EventLogFilter->ListEntry);
2891 
2892  EventLog->FileName = NULL;
2893 
2894  /* Retrieve and cache the event log file */
2895  Result = RegOpenKeyExW(hEventLogKey,
2896  LogName,
2897  0,
2899  &hLogKey);
2900  if (Result == ERROR_SUCCESS)
2901  {
2902  lpcName = 0;
2903  Result = RegQueryValueExW(hLogKey,
2904  L"File",
2905  NULL,
2906  &dwType,
2907  NULL,
2908  &lpcName);
2909  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2910  {
2911  // Windows' EventLog uses some kind of default value, we do not.
2912  EventLog->FileName = NULL;
2913  }
2914  else
2915  {
2916  lpcName = ROUND_DOWN(lpcName, sizeof(WCHAR));
2917  EventLog->FileName = HeapAlloc(GetProcessHeap(), 0, lpcName);
2918  if (EventLog->FileName)
2919  {
2920  Result = RegQueryValueExW(hLogKey,
2921  L"File",
2922  NULL,
2923  &dwType,
2924  (LPBYTE)EventLog->FileName,
2925  &lpcName);
2926  if (Result != ERROR_SUCCESS)
2927  {
2928  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
2929  EventLog->FileName = NULL;
2930  }
2931  else
2932  {
2933  EventLog->FileName[lpcName / sizeof(WCHAR) - 1] = UNICODE_NULL;
2934  }
2935  }
2936  }
2937 
2938  RegCloseKey(hLogKey);
2939  }
2940 
2941  /* Get the display name for the event log */
2942  lpDisplayName = NULL;
2943 
2945  if (GetDisplayNameFileAndID(LogName, szModuleName, &dwMessageID))
2946  {
2947  /* Retrieve the message string without appending extra newlines */
2948  lpDisplayName =
2952  dwMessageID,
2953  0,
2954  NULL);
2955  }
2956 
2957  /*
2958  * Select the correct tree root node, whether the log is a System
2959  * or an Application log. Default to Application log otherwise.
2960  */
2961  hRootNode = htiAppLogs;
2962  for (lpcName = 0; lpcName < ARRAYSIZE(SystemLogs); ++lpcName)
2963  {
2964  /* Check whether the log name is part of the system logs */
2965  if (wcsicmp(LogName, SystemLogs[lpcName]) == 0)
2966  {
2967  hRootNode = htiSystemLogs;
2968  break;
2969  }
2970  }
2971 
2972  hItem = TreeViewAddItem(hwndTreeView, hRootNode,
2973  (lpDisplayName ? lpDisplayName : LogName),
2974  2, 3, (LPARAM)EventLogFilter);
2975 
2976  /* Try to get the default event log: "Application" */
2977  if ((hItemDefault == NULL) && (wcsicmp(LogName, SystemLogs[0]) == 0))
2978  {
2979  hItemDefault = hItem;
2980  }
2981 
2982  /* Free the buffer allocated by FormatMessage */
2983  if (lpDisplayName)
2985  }
2986 
2987  HeapFree(GetProcessHeap(), 0, LogName);
2988 
2989 Quit:
2990  RegCloseKey(hEventLogKey);
2991 
2992  /* Select the default event log */
2993  if (hItemDefault)
2994  {
2995  // TreeView_Expand(hwndTreeView, hRootNode, TVE_EXPAND);
2996  TreeView_SelectItem(hwndTreeView, hItemDefault);
2997  TreeView_EnsureVisible(hwndTreeView, hItemDefault);
2998  }
3001 
3002  return;
3003 }
#define TRUE
Definition: types.h:120
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
#define ERROR_SUCCESS
Definition: deptool.c:10
LIST_ENTRY ListEntry
Definition: eventvwr.h:104
#define KEY_READ
Definition: nt_native.h:1023
HTREEITEM htiSystemLogs
Definition: eventvwr.c:89
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define ZeroMemory
Definition: winbase.h:1635
HWND WINAPI SetFocus(_In_opt_ HWND)
#define InsertTailList(ListHead, Entry)
HKEY hkMachine
Definition: eventvwr.c:95
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:103
static const LPCWSTR SystemLogs[]
Definition: eventvwr.c:45
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:751
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:52
#define UNICODE_NULL
long LONG
Definition: pedump.c:60
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
HTREEITEM hItem
Definition: treelist.h:37
PEVENTLOG AllocEventLog(IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
Definition: eventvwr.c:1296
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
LONG_PTR LPARAM
Definition: windef.h:208
BOOL GetDisplayNameFileAndID(IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
Definition: eventvwr.c:2722
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4116
__wchar_t WCHAR
Definition: xmlstorage.h:180
LIST_ENTRY ListEntry
Definition: eventvwr.h:83
#define MAX_PATH
Definition: compat.h:26
#define RegConnectRegistry
Definition: winreg.h:495
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
unsigned long DWORD
Definition: ntddk_ex.h:95
HTREEITEM TreeViewAddItem(IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
Definition: eventvwr.c:1266
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:41
HTREEITEM htiAppLogs
Definition: eventvwr.c:89
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3686
HWND hwndTreeView
Definition: eventvwr.c:82
static const WCHAR L[]
Definition: oid.c:1250
PWSTR FileName
Definition: eventvwr.h:91
#define wcsicmp
Definition: string.h:1152
LPWSTR lpComputerName
Definition: eventvwr.c:91
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:30
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
#define TreeView_EnsureVisible(hwnd, hitem)
Definition: commctrl.h:3517
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define TreeView_SelectItem(hwnd, hitem)
Definition: commctrl.h:3453
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
LIST_ENTRY EventLogList
Definition: eventvwr.c:102
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1335
PEVENTLOGFILTER AllocEventLogFilter(IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
Definition: eventvwr.c:1372
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:157
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2527
LPCWSTR LPCWSTR szModuleName
Definition: env.c:35
WCHAR * LPWSTR
Definition: xmlstorage.h:184
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2730
#define HeapFree(x, y, z)
Definition: compat.h:394
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define REG_SZ
Definition: layer.c:22

Referenced by wWinMain().

◆ ClearEvents()

BOOL ClearEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2625 of file eventvwr.c.

2626 {
2627  BOOL Success;
2628  PEVENTLOG EventLog;
2629  HANDLE hEventLog;
2630  WCHAR szFileName[MAX_PATH];
2631  WCHAR szMessage[MAX_LOADSTRING];
2632 
2633  /* Bail out if there is no available filter */
2634  if (!EventLogFilter)
2635  return FALSE;
2636 
2637  ZeroMemory(szFileName, sizeof(szFileName));
2638  ZeroMemory(szMessage, sizeof(szMessage));
2639 
2640  LoadStringW(hInst, IDS_CLEAREVENTS_MSG, szMessage, ARRAYSIZE(szMessage));
2641 
2642  sfn.lpstrFile = szFileName;
2643  sfn.nMaxFile = ARRAYSIZE(szFileName);
2644 
2646  {
2647  case IDCANCEL:
2648  return FALSE;
2649 
2650  case IDNO:
2651  sfn.lpstrFile = NULL;
2652  break;
2653 
2654  case IDYES:
2655  if (!GetSaveFileNameW(&sfn))
2656  return FALSE;
2657  break;
2658  }
2659 
2660  EventLogFilter_AddRef(EventLogFilter);
2661 
2662  EventLog = EventLogFilter->EventLogs[0];
2663  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2664 
2665  EventLogFilter_Release(EventLogFilter);
2666 
2667  if (!hEventLog)
2668  {
2670  return FALSE;
2671  }
2672 
2673  Success = ClearEventLogW(hEventLog, sfn.lpstrFile);
2674  if (!Success)
2676 
2677  CloseEventLog(hEventLog);
2678  return Success;
2679 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:60
#define IDYES
Definition: winuser.h:829
#define IDS_CLEAREVENTS_MSG
Definition: resource.h:95
PWSTR LogName
Definition: eventvwr.h:90
LPWSTR lpstrFile
Definition: commdlg.h:367
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define ZeroMemory
Definition: winbase.h:1635
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:65
BOOL WINAPI GetSaveFileNameW(LPOPENFILENAMEW ofn)
Definition: filedlg.c:4629
HWND hwndMainWindow
Definition: eventvwr.c:81
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1429
smooth NULL
Definition: ftsmooth.c:416
#define MB_YESNOCANCEL
Definition: winuser.h:812
PWSTR ComputerName
Definition: eventvwr.h:87
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1435
OPENFILENAMEW sfn
Definition: eventvwr.c:118
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:26
DWORD nMaxFile
Definition: commdlg.h:368
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:66
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:157
#define IDNO
Definition: winuser.h:830
#define IDCANCEL
Definition: winuser.h:825

Referenced by WndProc().

◆ CloseUserEventLog()

VOID CloseUserEventLog ( IN PEVENTLOGFILTER  EventLogFilter,
IN HTREEITEM  hti 
)

Definition at line 2590 of file eventvwr.c.

2591 {
2592  /* Bail out if there is no available filter */
2593  if (!EventLogFilter)
2594  return;
2595 
2596  if (InterlockedCompareExchangePointer((PVOID*)&ActiveFilter, NULL, NULL) == EventLogFilter)
2597  {
2598  /* Signal the enumerator thread we want to stop enumerating events */
2599  // EnumEvents(NULL);
2602  }
2603 
2604  /*
2605  * The deletion of the item automatically triggers a TVN_SELCHANGED
2606  * notification, that will reset the ActiveFilter (in case the item
2607  * selected is a filter). Otherwise we reset it there.
2608  */
2610 
2611  /* Remove the filter from the list */
2612  RemoveEntryList(&EventLogFilter->ListEntry);
2613  EventLogFilter_Release(EventLogFilter);
2614 
2615  // /* Select the default event log */
2616  // // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2617  // TreeView_SelectItem(hwndTreeView, hItem);
2618  // TreeView_EnsureVisible(hwndTreeView, hItem);
2621 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:733
HWND WINAPI SetFocus(_In_opt_ HWND)
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:104
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:113
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
smooth NULL
Definition: ftsmooth.c:416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1435
HANDLE hStartEnumEvent
Definition: eventvwr.c:115
#define TreeView_DeleteItem(hwnd, hitem)
Definition: commctrl.h:3387
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
HWND hwndTreeView
Definition: eventvwr.c:82

Referenced by WndProc().

◆ DisplayUsage()

VOID DisplayUsage ( VOID  )

Definition at line 181 of file eventvwr.c.

182 {
184  LPCWSTR lpUsage;
185  INT iUsageLen = LoadStringW(hInst, IDS_USAGE, (LPWSTR)&lpUsage, 0);
186 
187  if (iUsageLen == 0)
188  return;
189 
190  lpBuffer = HeapAlloc(GetProcessHeap(), 0, (iUsageLen + 1) * sizeof(WCHAR));
191  if (!lpBuffer)
192  return;
193 
194  StringCchCopyNW(lpBuffer, iUsageLen + 1, lpUsage, iUsageLen);
196 
198 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
#define IDS_USAGE
Definition: resource.h:3
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int32_t INT
Definition: typedefs.h:56
HINSTANCE hInst
Definition: eventvwr.c:65
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:173
smooth NULL
Definition: ftsmooth.c:416
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MB_ICONINFORMATION
Definition: winuser.h:796
#define MB_OK
Definition: winuser.h:784
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:66
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by ProcessCmdLine().

◆ EnumEvents()

VOID EnumEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2435 of file eventvwr.c.

2436 {
2437  /* Signal the enumerator thread we want to enumerate events */
2438  InterlockedExchangePointer((PVOID*)&EnumFilter, EventLogFilter);
2440  return;
2441 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:733
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:113
HANDLE hStartEnumEvent
Definition: eventvwr.c:115
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45

Referenced by Refresh(), and WndProc().

◆ EnumEventsThread()

static DWORD WINAPI EnumEventsThread ( IN LPVOID  lpParameter)
static

HACK!!

Definition at line 1975 of file eventvwr.c.

1976 {
1977  PEVENTLOGFILTER EventLogFilter = (PEVENTLOGFILTER)lpParameter;
1978  PEVENTLOG EventLog;
1979 
1980  ULONG LogIndex;
1981  HANDLE hEventLog;
1982  PEVENTLOGRECORD pEvlr = NULL;
1983  PBYTE pEvlrEnd;
1984  PBYTE pEvlrBuffer;
1985  DWORD dwWanted, dwRead, dwNeeded, dwStatus = ERROR_SUCCESS;
1986  DWORD dwTotalRecords = 0, dwCurrentRecord = 0;
1987  DWORD dwFlags, dwMaxLength;
1988  size_t cchRemaining;
1989  LPWSTR lpszSourceName;
1990  LPWSTR lpszComputerName;
1991  BOOL bResult = TRUE; /* Read succeeded */
1993  PSID pLastSid = NULL;
1994 
1995  UINT uStep = 0, uStepAt = 0, uPos = 0;
1996 
1997  WCHAR szWindowTitle[MAX_PATH];
1998  WCHAR szStatusText[MAX_PATH];
1999  WCHAR szLocalDate[MAX_PATH];
2000  WCHAR szLocalTime[MAX_PATH];
2001  WCHAR szEventID[MAX_PATH];
2002  WCHAR szEventTypeText[MAX_LOADSTRING];
2003  WCHAR szCategoryID[MAX_PATH];
2004  WCHAR szUsername[MAX_PATH];
2005  WCHAR szNoUsername[MAX_PATH];
2006  WCHAR szCategory[MAX_PATH];
2007  WCHAR szNoCategory[MAX_PATH];
2008  PWCHAR lpTitleTemplateEnd;
2009 
2010  SYSTEMTIME time;
2011  LVITEMW lviEventItem;
2012 
2013  /* Save the current event log filter globally */
2014  EventLogFilter_AddRef(EventLogFilter);
2015  ActiveFilter = EventLogFilter;
2016 
2017 
2019  EventLog = EventLogFilter->EventLogs[0];
2020 
2021  // FIXME: Use something else instead of EventLog->LogName !!
2022 
2023  /*
2024  * Use a different formatting, whether the event log filter holds
2025  * only one log, or many logs (the latter case is WIP TODO!)
2026  */
2027  if (EventLogFilter->NumOfEventLogs <= 1)
2028  {
2029  StringCchPrintfExW(szWindowTitle,
2030  ARRAYSIZE(szWindowTitle),
2031  &lpTitleTemplateEnd,
2032  &cchRemaining,
2033  0,
2034  szTitleTemplate, szTitle, EventLog->LogName); /* i = number of characters written */
2035  dwMaxLength = (DWORD)cchRemaining;
2036  if (!EventLog->ComputerName)
2037  GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
2038  else
2039  StringCchCopyW(lpTitleTemplateEnd, dwMaxLength, EventLog->ComputerName);
2040 
2041  StringCbPrintfW(szStatusText,
2042  sizeof(szStatusText),
2044  EventLog->LogName,
2045  0,
2046  0);
2047  }
2048  else
2049  {
2050  // TODO: Use a different title & implement filtering for multi-log filters !!
2051  // (EventLogFilter->NumOfEventLogs > 1)
2053  L"Many-logs filtering is not implemented yet!!",
2054  L"Event Log",
2056  }
2057 
2058  /* Set the window title */
2059  SetWindowTextW(hwndMainWindow, szWindowTitle);
2060 
2061  /* Update the status bar */
2062  StatusBar_SetText(hwndStatus, 0, szStatusText);
2063 
2064 
2065  /* Disable list view redraw */
2067 
2068  /* Clear the list view and free the cached records */
2070  FreeRecords();
2071 
2076 
2077  /* Do a loop over the logs enumerated in the filter */
2078  // FIXME: For now we only support 1 event log per filter!
2079  LogIndex = 0;
2080  // for (LogIndex = 0; LogIndex < EventLogFilter->NumOfEventLogs; ++LogIndex)
2081  {
2082 
2083  EventLog = EventLogFilter->EventLogs[LogIndex];
2084 
2085  /* Open the event log */
2086  if (EventLog->Permanent)
2087  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2088  else
2089  hEventLog = OpenBackupEventLogW(EventLog->ComputerName, EventLog->LogName); // FileName
2090 
2091  if (hEventLog == NULL)
2092  {
2094  goto Cleanup;
2095  }
2096 
2097  // GetOldestEventLogRecord(hEventLog, &dwThisRecord);
2098 
2099  /* Get the total number of event log records */
2100  GetNumberOfEventLogRecords(hEventLog, &dwTotalRecords);
2101 
2102  if (dwTotalRecords > 0)
2103  {
2106  }
2107  else
2108  {
2111  }
2112 
2113  /* Set up the event records cache */
2114  g_RecordPtrs = HeapAlloc(hProcessHeap, HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(*g_RecordPtrs));
2115  if (!g_RecordPtrs)
2116  {
2117  // ShowWin32Error(GetLastError());
2118  goto Quit;
2119  }
2120  g_TotalRecords = dwTotalRecords;
2121 
2123  goto Quit;
2124 
2125  LoadStringW(hInst, IDS_NOT_AVAILABLE, szNoUsername, ARRAYSIZE(szNoUsername));
2126  LoadStringW(hInst, IDS_NONE, szNoCategory, ARRAYSIZE(szNoCategory));
2127 
2129  uStepAt = (dwTotalRecords / 100) + 1;
2130 
2132 
2133  /* 0x7ffff is the maximum buffer size ReadEventLog will accept */
2134  dwWanted = 0x7ffff;
2135  pEvlr = HeapAlloc(hProcessHeap, 0, dwWanted);
2136 
2137  if (!pEvlr)
2138  goto Quit;
2139 
2140  while (dwStatus == ERROR_SUCCESS)
2141  {
2142  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwWanted, &dwRead, &dwNeeded);
2143  dwStatus = GetLastError();
2144 
2145  if (!bResult && dwStatus == ERROR_INSUFFICIENT_BUFFER)
2146  {
2147  pEvlr = HeapReAlloc(hProcessHeap, 0, pEvlr, dwNeeded);
2148  dwWanted = dwNeeded;
2149 
2150  if (!pEvlr)
2151  break;
2152 
2153  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwNeeded, &dwRead, &dwNeeded);
2154 
2155  if (!bResult)
2156  break;
2157  }
2158  else if (!bResult)
2159  {
2160  /* Exit on other errors (ERROR_HANDLE_EOF) */
2161  break;
2162  }
2163 
2164  pEvlrBuffer = (LPBYTE)pEvlr;
2165  pEvlrEnd = pEvlrBuffer + dwRead;
2166 
2167  while (pEvlrBuffer < pEvlrEnd)
2168  {
2169  PEVENTLOGRECORD pEvlrTmp = (PEVENTLOGRECORD)pEvlrBuffer;
2170  PWSTR lpszUsername, lpszCategoryName;
2171  g_RecordPtrs[dwCurrentRecord] = NULL;
2172 
2173  // ProgressBar_StepIt(hwndStatusProgress);
2174  uStep++;
2175  if (uStep % uStepAt == 0)
2176  {
2177  ++uPos;
2179  }
2180 
2182  goto Quit;
2183 
2184  /* Filter by event type */
2185  if (!FilterByType(EventLogFilter, pEvlrTmp))
2186  goto SkipEvent;
2187 
2188  /* Get the event source name and filter it */
2189  lpszSourceName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD));
2190  if (!FilterByString(EventLogFilter->Sources, lpszSourceName))
2191  goto SkipEvent;
2192 
2193  /* Get the computer name and filter it */
2194  lpszComputerName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD) + (wcslen(lpszSourceName) + 1) * sizeof(WCHAR));
2195  if (!FilterByString(EventLogFilter->ComputerNames, lpszComputerName))
2196  goto SkipEvent;
2197 
2198  /* Compute the event time */
2199  EventTimeToSystemTime(pEvlrTmp->TimeWritten, &time);
2200  GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, ARRAYSIZE(szLocalDate));
2201  GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &time, NULL, szLocalTime, ARRAYSIZE(szLocalTime));
2202 
2203  /* Get the username that generated the event, and filter it */
2204  lpszUsername = GetEventUserName(pEvlrTmp, &pLastSid, szUsername) ? szUsername : szNoUsername;
2205 
2206  if (!FilterByString(EventLogFilter->Users, lpszUsername))
2207  goto SkipEvent;
2208 
2209  // TODO: Filter by event ID and category
2210  GetEventType(pEvlrTmp->EventType, szEventTypeText);
2211 
2212  lpszCategoryName = GetEventCategory(EventLog->LogName, lpszSourceName, pEvlrTmp, szCategory) ? szCategory : szNoCategory;
2213 
2214  StringCbPrintfW(szEventID, sizeof(szEventID), L"%u", (pEvlrTmp->EventID & 0xFFFF));
2215  StringCbPrintfW(szCategoryID, sizeof(szCategoryID), L"%u", pEvlrTmp->EventCategory);
2216 
2217  g_RecordPtrs[dwCurrentRecord] = HeapAlloc(hProcessHeap, 0, pEvlrTmp->Length);
2218  RtlCopyMemory(g_RecordPtrs[dwCurrentRecord], pEvlrTmp, pEvlrTmp->Length);
2219 
2220  lviEventItem.mask = LVIF_IMAGE | LVIF_TEXT | LVIF_PARAM;
2221  lviEventItem.iItem = 0;
2222  lviEventItem.iSubItem = 0;
2223  lviEventItem.lParam = (LPARAM)g_RecordPtrs[dwCurrentRecord];
2224  lviEventItem.pszText = szEventTypeText;
2225 
2226  switch (pEvlrTmp->EventType)
2227  {
2228  case EVENTLOG_SUCCESS:
2230  lviEventItem.iImage = 0;
2231  break;
2232 
2233  case EVENTLOG_WARNING_TYPE:
2234  lviEventItem.iImage = 1;
2235  break;
2236 
2237  case EVENTLOG_ERROR_TYPE:
2238  lviEventItem.iImage = 2;
2239  break;
2240 
2242  lviEventItem.iImage = 3;
2243  break;
2244 
2246  lviEventItem.iImage = 4;
2247  break;
2248  }
2249 
2250  lviEventItem.iItem = ListView_InsertItem(hwndListView, &lviEventItem);
2251 
2252  ListView_SetItemText(hwndListView, lviEventItem.iItem, 1, szLocalDate);
2253  ListView_SetItemText(hwndListView, lviEventItem.iItem, 2, szLocalTime);
2254  ListView_SetItemText(hwndListView, lviEventItem.iItem, 3, lpszSourceName);
2255  ListView_SetItemText(hwndListView, lviEventItem.iItem, 4, lpszCategoryName);
2256  ListView_SetItemText(hwndListView, lviEventItem.iItem, 5, szEventID);
2257  ListView_SetItemText(hwndListView, lviEventItem.iItem, 6, lpszUsername);
2258  ListView_SetItemText(hwndListView, lviEventItem.iItem, 7, lpszComputerName);
2259 
2260 SkipEvent:
2261  pEvlrBuffer += pEvlrTmp->Length;
2262  dwCurrentRecord++;
2263  }
2264  }
2265 
2266 Quit:
2267 
2268  if (pEvlr)
2269  HeapFree(hProcessHeap, 0, pEvlr);
2270 
2271  /* Close the event log */
2272  CloseEventLog(hEventLog);
2273 
2274  } // end-for (LogIndex)
2275 
2276  /* All events loaded */
2277 
2278 Cleanup:
2279 
2282 
2283  // FIXME: Use something else instead of EventLog->LogName !!
2284 
2285  /*
2286  * Use a different formatting, whether the event log filter holds
2287  * only one log, or many logs (the latter case is WIP TODO!)
2288  */
2289  if (EventLogFilter->NumOfEventLogs <= 1)
2290  {
2291  StringCbPrintfW(szStatusText,
2292  sizeof(szStatusText),
2294  EventLog->LogName,
2295  dwTotalRecords,
2297  }
2298  else
2299  {
2300  // TODO: Use a different title & implement filtering for multi-log filters !!
2301  // (EventLogFilter->NumOfEventLogs > 1)
2302  }
2303 
2304  /* Update the status bar */
2305  StatusBar_SetText(hwndStatus, 0, szStatusText);
2306 
2307  /* Resume list view redraw */
2309 
2310  EventLogFilter_Release(EventLogFilter);
2311 
2314 
2315  return 0;
2316 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:60
int iImage
Definition: commctrl.h:2339
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define CloseHandle
Definition: compat.h:398
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:99
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
#define MF_BYCOMMAND
Definition: winuser.h:202
#define ERROR_SUCCESS
Definition: deptool.c:10
PWSTR LogName
Definition: eventvwr.h:90
BOOL GetEventCategory(IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
Definition: eventvwr.c:1602
#define SW_HIDE
Definition: winuser.h:762
VOID GetEventType(IN WORD dwEventType, OUT PWCHAR eventTypeText)
Definition: eventvwr.c:1783
uint16_t * PWSTR
Definition: typedefs.h:54
#define LOCALE_USER_DEFAULT
#define DATE_SHORTDATE
Definition: winnls.h:193
#define IDS_NONE
Definition: resource.h:122
#define MAKELPARAM(l, h)
Definition: winuser.h:3947
#define WM_SETREDRAW
Definition: winuser.h:1598
DWORD g_TotalRecords
Definition: eventvwr.c:98
HMENU hMainMenu
Definition: eventvwr.c:87
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:134
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
BOOL WINAPI SetWindowTextW(_In_ HWND, _In_opt_ LPCWSTR)
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
uint16_t * PWCHAR
Definition: typedefs.h:54
#define ListView_InsertItem(hwnd, pitem)
Definition: commctrl.h:2380
__u16 time
Definition: mkdosfs.c:366
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:440
HWND hwndStatus
Definition: eventvwr.c:85
PWSTR ComputerNames
Definition: eventvwr.h:131
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define DWORD
Definition: nt_native.h:44
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:104
HINSTANCE hInst
Definition: eventvwr.c:65
HWND hwndMainWindow
Definition: eventvwr.c:81
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2627
#define LVIF_TEXT
Definition: commctrl.h:2281
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
BOOL FilterByType(IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
Definition: eventvwr.c:1902
BOOL WINAPI EnableMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
unsigned char * LPBYTE
Definition: typedefs.h:52
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
HANDLE hStopEnumEvent
Definition: eventvwr.c:107
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1429
int iSubItem
Definition: commctrl.h:2334
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
LPARAM lParam
Definition: commctrl.h:2340
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
VOID EventTimeToSystemTime(IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
Definition: eventvwr.c:726
HWND hwndListView
Definition: eventvwr.c:83
smooth NULL
Definition: ftsmooth.c:416
STRSAFEAPI StringCbPrintfW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:557
PWSTR ComputerName
Definition: eventvwr.h:87
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1435
LONG_PTR LPARAM
Definition: windef.h:208
#define ListView_GetItemCount(hwnd)
Definition: commctrl.h:2279
#define SW_SHOW
Definition: winuser.h:769
BOOL FilterByString(IN PCWSTR FilterString, IN PWSTR String)
Definition: eventvwr.c:1918
#define ListView_SetItemText(hwndLV, i, iSubItem_, pszText_)
Definition: commctrl.h:2663
struct _EVENTLOGFILTER * PEVENTLOGFILTER
HWND hwndStatusProgress
Definition: eventvwr.c:86
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
#define WAIT_OBJECT_0
Definition: winbase.h:387
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
LPWSTR pszText
Definition: commctrl.h:2337
#define MF_ENABLED
Definition: winuser.h:128
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2624
#define MAX_PATH
Definition: compat.h:26
#define LVIF_IMAGE
Definition: commctrl.h:2282
unsigned long DWORD
Definition: ntddk_ex.h:95
#define ProgressBar_SetPos(hwndCtl, pos)
Definition: eventvwr.h:55
SETTINGS Settings
Definition: eventvwr.c:133
#define IDM_CLEAR_EVENTS
Definition: resource.h:69
UINT mask
Definition: commctrl.h:2332
WCHAR szStatusBarTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:68
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
static VOID FreeRecords(VOID)
Definition: eventvwr.c:1884
struct _EVENTLOGRECORD * PEVENTLOGRECORD
static const WCHAR L[]
Definition: oid.c:1250
#define StatusBar_SetText(hwndCtl, index, data)
Definition: eventvwr.h:66
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
LPVOID lpParameter
Definition: kernel32.h:241
#define ProgressBar_SetRange(hwndCtl, range)
Definition: eventvwr.h:57
static const WCHAR Cleanup[]
Definition: register.c:80
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:979
BOOL Permanent
Definition: eventvwr.h:94
DWORD dwStatus
Definition: mediaobj.idl:95
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
#define HeapReAlloc
Definition: compat.h:393
unsigned int UINT
Definition: ndis.h:50
#define MB_OK
Definition: winuser.h:784
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2626
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define IDS_NOT_AVAILABLE
Definition: resource.h:123
#define LVIF_PARAM
Definition: commctrl.h:2283
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:66
unsigned int ULONG
Definition: retypes.h:1
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:157
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
#define IDM_SAVE_EVENTLOG
Definition: resource.h:67
#define MF_GRAYED
Definition: winuser.h:129
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LVM_PROGRESS
Definition: eventvwr.c:38
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1079
BYTE * PBYTE
Definition: pedump.c:66
BOOL GetEventUserName(IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
Definition: eventvwr.c:1813
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
WCHAR szTitleTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:67
#define ListView_DeleteAllItems(hwnd)
Definition: commctrl.h:2386
HANDLE hProcessHeap
Definition: kbswitch.c:25
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by StartStopEnumEventsThread().

◆ EventDetails()

INT_PTR CALLBACK EventDetails ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4149 of file eventvwr.c.

4150 {
4151  switch (uMsg)
4152  {
4153  case WM_INITDIALOG:
4154  {
4155  LONG_PTR dwStyle;
4156  INT sbVXSize, sbHYSize;
4157  RECT rcWnd, rect;
4158 
4160  if (!hWndDetailsCtrl)
4161  {
4162  EndDialog(hDlg, 0);
4163  return (INT_PTR)TRUE;
4164  }
4165 
4166  /* Create a size grip if the dialog has a sizing border */
4167  GetClientRect(hDlg, &rcWnd);
4168  dwStyle = GetWindowLongPtrW(hDlg, GWL_STYLE);
4169  sbVXSize = GetSystemMetrics(SM_CXVSCROLL);
4170  sbHYSize = GetSystemMetrics(SM_CYHSCROLL);
4171  if (dwStyle & WS_THICKFRAME /* == WS_SIZEBOX */)
4172  {
4174  NULL,
4176  rcWnd.right - sbVXSize,
4177  rcWnd.bottom - sbHYSize,
4178  sbVXSize, sbHYSize,
4179  hDlg,
4180  NULL,
4181  hInst,
4182  NULL);
4183  }
4184 
4185  // SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)hWndDetailsCtrl);
4186 
4187  /*
4188  * Compute the minimum window size (in window coordinates) by
4189  * adding the widths/heights of the "Help" and "Close" buttons,
4190  * together with the margins, and add some minimal spacing
4191  * between the buttons.
4192  */
4193  GetWindowRect(hDlg, &rcWnd);
4194  cxMin = cyMin = 0;
4195 
4196  GetWindowRect(GetDlgItem(hDlg, IDHELP), &rect);
4197  cxMin += (rect.right - rect.left) + (rect.left - rcWnd.left); // == (rect.right - rcWnd.left);
4198  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4199 
4200  GetWindowRect(GetDlgItem(hDlg, IDOK), &rect);
4201  cxMin += (rect.right - rect.left) + (rcWnd.right - rect.right); // == (rcWnd.right - rect.left);
4202  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4203 
4204  /*
4205  * Convert the window rect from window to client coordinates
4206  * in order to retrieve the sizes of the left and top margins,
4207  * and add some extra space.
4208  */
4209  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rcWnd, sizeof(RECT)/sizeof(POINT));
4210 
4211  cxMin += -2*rcWnd.left; // Minimal spacing between the buttons == 2 * left margin
4212  cyMin += -rcWnd.top + 12; // Add some space on top
4213 
4214  GetClientRect(hDlg, &rcWnd);
4215  cxOld = rcWnd.right - rcWnd.left;
4216  cyOld = rcWnd.bottom - rcWnd.top;
4217 
4218  /* Show event info on dialog control */
4220 
4221  // SetWindowPos(hWndDetailsCtrl, NULL,
4222  // 0, 0,
4223  // (rcWnd.right - rcWnd.left),
4224  // (rcWnd.bottom - rcWnd.top),
4225  // SWP_NOZORDER | SWP_NOACTIVATE | SWP_SHOWWINDOW);
4226 
4227  /*
4228  * Hide the placeholder static control and show the event details
4229  * control instead. Note that the placeholder is here so far just
4230  * to get the dimensions right in the dialog resource editor.
4231  * I plan to remove it and use a custom control with a suitable
4232  * window class for it, that would create the event details control
4233  * instead.
4234  */
4237  return (INT_PTR)TRUE;
4238  }
4239 
4240  case WM_DESTROY:
4244  return (INT_PTR)TRUE;
4245 
4246  case WM_COMMAND:
4247  switch (LOWORD(wParam))
4248  {
4249  case IDOK:
4250  case IDCANCEL:
4251  EndDialog(hDlg, LOWORD(wParam));
4252  return (INT_PTR)TRUE;
4253 
4254  case IDHELP:
4255  MessageBoxW(hDlg,
4256  L"Help not implemented yet!",
4257  L"Event Log",
4259  return (INT_PTR)TRUE;
4260 
4261  default:
4262  break;
4263  }
4264  break;
4265 
4266  case WM_SETCURSOR:
4267  if (((HWND)wParam == hWndGrip) && (LOWORD(lParam) == HTCLIENT))
4268  {
4271  return (INT_PTR)TRUE;
4272  }
4273  break;
4274 
4275  case WM_SIZING:
4276  {
4277  /* Forbid resizing the dialog smaller than its minimal size */
4278  PRECT dragRect = (PRECT)lParam;
4279 
4280  if ((wParam == WMSZ_LEFT) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_BOTTOMLEFT))
4281  {
4282  if (dragRect->right - dragRect->left < cxMin)
4283  dragRect->left = dragRect->right - cxMin;
4284  }
4285 
4286  if ((wParam == WMSZ_RIGHT) || (wParam == WMSZ_TOPRIGHT) || (wParam == WMSZ_BOTTOMRIGHT))
4287  {
4288  if (dragRect->right - dragRect->left < cxMin)
4289  dragRect->right = dragRect->left + cxMin;
4290  }
4291 
4292  if ((wParam == WMSZ_TOP) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_TOPRIGHT))
4293  {
4294  if (dragRect->bottom - dragRect->top < cyMin)
4295  dragRect->top = dragRect->bottom - cyMin;
4296  }
4297 
4299  {
4300  if (dragRect->bottom - dragRect->top < cyMin)
4301  dragRect->bottom = dragRect->top + cyMin;
4302  }
4303 
4305  return (INT_PTR)TRUE;
4306  }
4307 
4308  case WM_SIZE:
4309  {
4310  INT cx = LOWORD(lParam);
4311  INT cy = HIWORD(lParam);
4312 
4313  HDWP hdwp;
4314  HWND hItemWnd;
4315  RECT rect;
4316 
4317  hdwp = BeginDeferWindowPos(4);
4318 
4319  /* Resize the event details control window */
4320 
4321  hItemWnd = hWndDetailsCtrl;
4322  GetWindowRect(hItemWnd, &rect);
4323  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4324 
4325  if (hdwp)
4326  hdwp = DeferWindowPos(hdwp,
4327  hItemWnd,
4328  HWND_TOP,
4329  0, 0,
4330  (rect.right - rect.left) + (cx - cxOld),
4331  (rect.bottom - rect.top) + (cy - cyOld),
4333 
4334  /* Move the buttons */
4335 
4336  hItemWnd = GetDlgItem(hDlg, IDHELP);
4337  GetWindowRect(hItemWnd, &rect);
4338  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4339 
4340  if (hdwp)
4341  hdwp = DeferWindowPos(hdwp,
4342  hItemWnd,
4343  HWND_TOP,
4344  rect.left,
4345  rect.top + (cy - cyOld),
4346  0, 0,
4348 
4349  hItemWnd = GetDlgItem(hDlg, IDOK);
4350  GetWindowRect(hItemWnd, &rect);
4351  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4352 
4353  if (hdwp)
4354  hdwp = DeferWindowPos(hdwp,
4355  hItemWnd,
4356  HWND_TOP,
4357  rect.left + (cx - cxOld),
4358  rect.top + (cy - cyOld),
4359  0, 0,
4361 
4362  /* Move the size grip */
4363  if (hWndGrip && hdwp)
4364  {
4366  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4367 
4368  hdwp = DeferWindowPos(hdwp,
4369  hWndGrip,
4370  HWND_TOP,
4371  rect.left + (cx - cxOld),
4372  rect.top + (cy - cyOld),
4373  0, 0,
4375  }
4376 
4377  if (hdwp)
4378  EndDeferWindowPos(hdwp);
4379 
4380  /* Hide the size grip if we are in maximized mode */
4381  if (hWndGrip)
4383 
4384  cxOld = cx;
4385  cyOld = cy;
4386 
4388  return (INT_PTR)TRUE;
4389  }
4390  }
4391 
4392  return (INT_PTR)FALSE;
4393 }
#define WS_CLIPSIBLINGS
Definition: pedump.c:618
#define WS_THICKFRAME
Definition: pedump.c:630
#define WMSZ_BOTTOMRIGHT
Definition: winuser.h:2446
HDWP WINAPI BeginDeferWindowPos(_In_ int)
#define SM_CYHSCROLL
Definition: winuser.h:952
#define TRUE
Definition: types.h:120
#define IDOK
Definition: winuser.h:824
static INT cyMin
Definition: eventvwr.c:4145
int WINAPI MapWindowPoints(_In_opt_ HWND hWndFrom, _In_opt_ HWND hWndTo, _Inout_updates_(cPoints) LPPOINT lpPoints, _In_ UINT cPoints)
BOOL WINAPI IsWindow(_In_opt_ HWND)
#define SIZE_MAXIMIZED
Definition: winuser.h:2482
#define SW_HIDE
Definition: winuser.h:762
static INT cxMin
Definition: eventvwr.c:4145
LONG top
Definition: windef.h:292
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:937
static HWND hWndGrip
Definition: eventvwr.c:4144
#define HWND_TOP
Definition: winuser.h:1193
#define WMSZ_TOP
Definition: winuser.h:2441
#define WS_CHILD
Definition: pedump.c:617
#define GetWindowLongPtrW
Definition: winuser.h:4730
LONG left
Definition: windef.h:291
#define SWP_NOZORDER
Definition: winuser.h:1232
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
int32_t INT_PTR
Definition: typedefs.h:62
LONG right
Definition: windef.h:293
BOOL WINAPI DestroyWindow(_In_ HWND)
#define CreateWindowW(a, b, c, d, e, f, g, h, i, j, k)
Definition: winuser.h:4217
int32_t INT
Definition: typedefs.h:56
& rect
Definition: startmenu.cpp:1413
WPARAM wParam
Definition: combotst.c:138
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
HINSTANCE hInst
Definition: eventvwr.c:65
#define DWLP_MSGRESULT
Definition: winuser.h:864
#define WMSZ_TOPLEFT
Definition: winuser.h:2442
#define IDHELP
Definition: resource_2.h:8
#define EVT_DISPLAY
Definition: evtdetctl.h:15
#define IDC_SIZENWSE
Definition: winuser.h:687
#define WM_SETCURSOR
Definition: winuser.h:1618
BOOL WINAPI EndDeferWindowPos(_In_ HDWP)
_Out_opt_ int _Out_opt_ int * cy
Definition: commctrl.h:570
#define WM_SIZING
Definition: winuser.h:1789
smooth NULL
Definition: ftsmooth.c:416
#define SW_SHOW
Definition: winuser.h:769
#define WM_DESTROY
Definition: winuser.h:1591
static INT cxOld
Definition: eventvwr.c:4146
#define SBS_SIZEGRIP
Definition: winuser.h:332
HDWP WINAPI DeferWindowPos(_In_ HDWP, _In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
HWND WINAPI GetDlgItem(_In_opt_ HWND, _In_ int)
#define WM_SIZE
Definition: winuser.h:1593
#define SWP_NOACTIVATE
Definition: winuser.h:1227
#define SBS_SIZEBOXBOTTOMRIGHTALIGN
Definition: winuser.h:330
#define WMSZ_RIGHT
Definition: winuser.h:2440
int WINAPI GetSystemMetrics(_In_ int)
#define IDC_STATIC
Definition: resource.h:4
HCURSOR WINAPI LoadCursorW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
Definition: cursoricon.c:2074
#define MB_ICONINFORMATION
Definition: winuser.h:796
static const WCHAR L[]
Definition: oid.c:1250
#define WM_COMMAND
Definition: winuser.h:1722
#define WMSZ_BOTTOM
Definition: winuser.h:2444
static HWND hWndDetailsCtrl
Definition: eventvwr.c:4143
#define SWP_NOSIZE
Definition: winuser.h:1230
#define GWL_STYLE
Definition: winuser.h:846
BOOL WINAPI GetClientRect(_In_ HWND, _Out_ LPRECT)
HCURSOR WINAPI SetCursor(_In_opt_ HCURSOR)
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define HWND_DESKTOP
Definition: winuser.h:1195
#define MB_OK
Definition: winuser.h:784
#define SM_CXVSCROLL
Definition: winuser.h:951
#define WC_SCROLLBARW
Definition: commctrl.h:4700
_Out_opt_ int * cx
Definition: commctrl.h:570
#define HIWORD(l)
Definition: typedefs.h:246
LONG bottom
Definition: windef.h:294
#define SWP_NOMOVE
Definition: winuser.h:1229
BOOL WINAPI GetWindowRect(_In_ HWND, _Out_ LPRECT)
#define SetWindowLongPtrW
Definition: winuser.h:5247
struct tagRECT * PRECT
#define HTCLIENT
Definition: winuser.h:2450
#define IDCANCEL
Definition: winuser.h:825
#define WS_VISIBLE
Definition: pedump.c:620
#define WM_INITDIALOG
Definition: winuser.h:1721
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define WMSZ_LEFT
Definition: winuser.h:2439
#define WMSZ_TOPRIGHT
Definition: winuser.h:2443
#define WMSZ_BOTTOMLEFT
Definition: winuser.h:2445
static INT cyOld
Definition: eventvwr.c:4146

Referenced by WndProc().

◆ EventLog_Free()

VOID EventLog_Free ( IN PEVENTLOG  EventLog)

Definition at line 1335 of file eventvwr.c.

1336 {
1337  if (EventLog->LogName)
1338  HeapFree(GetProcessHeap(), 0, EventLog->LogName);
1339 
1340  if (EventLog->ComputerName)
1341  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1342 
1343  if (EventLog->FileName)
1344  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
1345 
1346  HeapFree(GetProcessHeap(), 0, EventLog);
1347 }
#define GetProcessHeap()
Definition: compat.h:395
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by BuildLogListAndFilterList(), FreeLogList(), and OpenUserEventLogFile().

◆ EventLogFilter_AddRef()

LONG EventLogFilter_AddRef ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1429 of file eventvwr.c.

1430 {
1431  ASSERT(EventLogFilter);
1432  return InterlockedIncrement(&EventLogFilter->ReferenceCount);
1433 }
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define InterlockedIncrement
Definition: armddk.h:53

Referenced by ClearEvents(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogFilter_Free()

VOID EventLogFilter_Free ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1415 of file eventvwr.c.

1416 {
1417  if (EventLogFilter->Sources)
1418  HeapFree(GetProcessHeap(), 0, EventLogFilter->Sources);
1419 
1420  if (EventLogFilter->Users)
1421  HeapFree(GetProcessHeap(), 0, EventLogFilter->Users);
1422 
1423  if (EventLogFilter->ComputerNames)
1424  HeapFree(GetProcessHeap(), 0, EventLogFilter->ComputerNames);
1425 
1426  HeapFree(GetProcessHeap(), 0, EventLogFilter);
1427 }
#define GetProcessHeap()
Definition: compat.h:395
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by EventLogFilter_Release(), and FreeLogFilterList().

◆ EventLogFilter_Release()

LONG EventLogFilter_Release ( IN PEVENTLOGFILTER  EventLogFilter)

RemoveEntryList(&EventLogFilter->ListEntry);

Definition at line 1435 of file eventvwr.c.

1436 {
1437  LONG RefCount;
1438 
1439  ASSERT(EventLogFilter);
1440 
1441  /* When the reference count reaches zero, delete the filter */
1442  RefCount = InterlockedDecrement(&EventLogFilter->ReferenceCount);
1443  if (RefCount <= 0)
1444  {
1445  /* Remove the filter from the list */
1447  EventLogFilter_Free(EventLogFilter);
1448  }
1449 
1450  return RefCount;
1451 }
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1415
long LONG
Definition: pedump.c:60
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define InterlockedDecrement
Definition: armddk.h:52

Referenced by ClearEvents(), CloseUserEventLog(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogProperties()

INT_PTR EventLogProperties ( HINSTANCE  hInstance,
HWND  hWndParent,
PEVENTLOGFILTER  EventLogFilter 
)

Definition at line 4083 of file eventvwr.c.

4084 {
4085  INT_PTR ret = 0;
4086  PROPSHEETHEADERW psh;
4087  PROPSHEETPAGEW psp[1]; // 2
4088 
4089  /*
4090  * Bail out if there is no available filter, or if the filter
4091  * contains more than one log.
4092  */
4093  if (!EventLogFilter)
4094  return 0;
4095 
4096  EventLogFilter_AddRef(EventLogFilter);
4097 
4098  if (EventLogFilter->NumOfEventLogs > 1 ||
4099  EventLogFilter->EventLogs[0] == NULL)
4100  {
4101  goto Quit;
4102  }
4103 
4104  /* Header */
4105  psh.dwSize = sizeof(psh);
4106  psh.dwFlags = PSH_PROPSHEETPAGE /*| PSH_USEICONID */ | PSH_PROPTITLE | PSH_HASHELP /*| PSH_NOCONTEXTHELP */ /*| PSH_USECALLBACK */;
4107  psh.hInstance = hInstance;
4108  psh.hwndParent = hWndParent;
4109  // psh.pszIcon = MAKEINTRESOURCEW(IDI_APPICON); // Disabled because it only sets the small icon; the big icon is a stretched version of the small one.
4110  psh.pszCaption = EventLogFilter->EventLogs[0]->LogName;
4111  psh.nStartPage = 0;
4112  psh.ppsp = psp;
4113  psh.nPages = ARRAYSIZE(psp);
4114  // psh.pfnCallback = PropSheetCallback;
4115 
4116  /* Log properties page */
4117  psp[0].dwSize = sizeof(psp[0]);
4118  psp[0].dwFlags = PSP_HASHELP;
4119  psp[0].hInstance = hInstance;
4121  psp[0].pfnDlgProc = EventLogPropProc;
4122  psp[0].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4123 
4124 #if 0
4125  /* TODO: Log sources page */
4126  psp[1].dwSize = sizeof(psp[1]);
4127  psp[1].dwFlags = PSP_HASHELP;
4128  psp[1].hInstance = hInstance;
4130  psp[1].pfnDlgProc = GeneralPageWndProc;
4131  psp[0].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4132 #endif
4133 
4134  /* Create the property sheet */
4135  ret = PropertySheetW(&psh);
4136 
4137 Quit:
4138  EventLogFilter_Release(EventLogFilter);
4139  return ret;
4140 }
HWND hwndParent
Definition: prsht.h:277
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
LPCPROPSHEETPAGEW ppsp
Definition: prsht.h:290
LPCWSTR pszTemplate
Definition: prsht.h:209
PWSTR LogName
Definition: eventvwr.h:90
INT_PTR CALLBACK EventLogPropProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
Definition: eventvwr.c:4012
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:134
int32_t INT_PTR
Definition: typedefs.h:62
HINSTANCE hInstance
Definition: charmap.c:20
DWORD dwSize
Definition: prsht.h:205
LPCWSTR pszCaption
Definition: prsht.h:283
DLGPROC pfnDlgProc
Definition: prsht.h:217
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1429
smooth NULL
Definition: ftsmooth.c:416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1435
LONG_PTR LPARAM
Definition: windef.h:208
INT_PTR WINAPI PropertySheetW(LPCPROPSHEETHEADERW lppsh)
Definition: propsheet.c:2902
#define PSH_PROPTITLE
Definition: prsht.h:40
HINSTANCE hInstance
Definition: prsht.h:278
#define PSH_HASHELP
Definition: prsht.h:49
DWORD dwSize
Definition: prsht.h:275
DWORD dwFlags
Definition: prsht.h:276
int ret
LPARAM lParam
Definition: prsht.h:218
HINSTANCE hInstance
Definition: prsht.h:207
#define IDD_GENERAL_PAGE
Definition: resource.h:6
#define IDD_LOGPROPERTIES_GENERAL
Definition: resource.h:25
#define PSH_PROPSHEETPAGE
Definition: prsht.h:43
#define PSP_HASHELP
Definition: prsht.h:28
#define MAKEINTRESOURCEW(i)
Definition: winuser.h:582
INT_PTR CALLBACK GeneralPageWndProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
Definition: generalpage.c:25
DWORD dwFlags
Definition: prsht.h:206
UINT nStartPage
Definition: prsht.h:286

Referenced by WndProc().

◆ EventLogPropProc()

INT_PTR CALLBACK EventLogPropProc ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4012 of file eventvwr.c.

4013 {
4014  PEVENTLOG EventLog;
4015 
4016  EventLog = (PEVENTLOG)GetWindowLongPtrW(hDlg, DWLP_USER);
4017 
4018  switch (uMsg)
4019  {
4020  case WM_INITDIALOG:
4021  {
4022  EventLog = (PEVENTLOG)((LPPROPSHEETPAGE)lParam)->lParam;
4023  SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)EventLog);
4024 
4025  InitPropertiesDlg(hDlg, EventLog);
4026 
4027  PropSheet_UnChanged(GetParent(hDlg), hDlg);
4028  return (INT_PTR)TRUE;
4029  }
4030 
4031  case WM_DESTROY:
4032  return (INT_PTR)TRUE;
4033 
4034  case WM_COMMAND:
4035  switch (LOWORD(wParam))
4036  {
4037  case IDOK:
4038  case IDCANCEL:
4039  EndDialog(hDlg, LOWORD(wParam));
4040  return (INT_PTR)TRUE;
4041 
4043  {
4047  break;
4048  }
4049 
4051  {
4055  break;
4056  }
4057 
4058  case IDC_NO_OVERWRITE:
4059  {
4063  break;
4064  }
4065 
4066  case IDHELP:
4067  MessageBoxW(hDlg,
4068  L"Help not implemented yet!",
4069  L"Event Log",
4071  return (INT_PTR)TRUE;
4072 
4073  default:
4074  break;
4075  }
4076  break;
4077  }
4078 
4079  return (INT_PTR)FALSE;
4080 }
#define TRUE
Definition: types.h:120
#define IDOK
Definition: winuser.h:824
#define GetWindowLongPtrW
Definition: winuser.h:4730
int32_t INT_PTR
Definition: typedefs.h:62
#define IDC_NO_OVERWRITE
Definition: resource.h:59
#define IDC_OVERWRITE_AS_NEEDED
Definition: resource.h:55
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
WPARAM wParam
Definition: combotst.c:138
#define IDHELP
Definition: resource_2.h:8
#define LPPROPSHEETPAGE
Definition: prsht.h:372
#define WM_DESTROY
Definition: winuser.h:1591
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
#define PropSheet_UnChanged(d, w)
Definition: prsht.h:340
#define IDC_OVERWRITE_OLDER_THAN
Definition: resource.h:56
struct _EVENTLOG * PEVENTLOG
#define MB_ICONINFORMATION
Definition: winuser.h:796
static const WCHAR L[]
Definition: oid.c:1250
#define DWLP_USER
Definition: winuser.h:866
static VOID InitPropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:3823
#define WM_COMMAND
Definition: winuser.h:1722
HWND WINAPI GetParent(_In_ HWND)
#define EnableDlgItem(hDlg, nID, bEnable)
Definition: eventvwr.h:52
#define IDC_EDIT_EVENTS_AGE
Definition: resource.h:57
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define MB_OK
Definition: winuser.h:784
BOOL WINAPI CheckRadioButton(_In_ HWND, _In_ int, _In_ int, _In_ int)
#define SetWindowLongPtrW
Definition: winuser.h:5247
#define IDCANCEL
Definition: winuser.h:825
#define WM_INITDIALOG
Definition: winuser.h:1721
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define IDC_UPDOWN_EVENTS_AGE
Definition: resource.h:58

Referenced by EventLogProperties().

◆ EventTimeToSystemTime()

VOID EventTimeToSystemTime ( IN DWORD  EventTime,
OUT PSYSTEMTIME  pSystemTime 
)

Definition at line 726 of file eventvwr.c.

728 {
729  SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
730  FILETIME ftLocal;
731  union
732  {
733  FILETIME ft;
734  ULONGLONG ll;
735  } u1970, uUCT;
736 
737  uUCT.ft.dwHighDateTime = 0;
738  uUCT.ft.dwLowDateTime = EventTime;
739  SystemTimeToFileTime(&st1970, &u1970.ft);
740  uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
741  FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
742  FileTimeToSystemTime(&ftLocal, pSystemTime);
743 }
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:211
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:178
uint64_t ULONGLONG
Definition: typedefs.h:65
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:148
w ll
Definition: byte_order.h:166

Referenced by EnumEventsThread().

◆ FilterByString()

BOOL FilterByString ( IN PCWSTR  FilterString,
IN PWSTR  String 
)

Definition at line 1918 of file eventvwr.c.

1920 {
1921  PCWSTR pStr;
1922 
1923  /* The filter string is NULL so it does not filter anything */
1924  if (!FilterString)
1925  return TRUE;
1926 
1927  /*
1928  * If the filter string filters for an empty string AND the source string
1929  * is an empty string, we have a match (particular case of the last one).
1930  */
1931  if (!*FilterString && !*String)
1932  return TRUE;
1933 
1934  // if (*FilterString || *String)
1935 
1936  /*
1937  * If the filter string is empty BUT the source string is not empty,
1938  * OR vice-versa, we cannot have a match.
1939  */
1940  if ( (!*FilterString && *String) || (*FilterString && !*String) )
1941  return FALSE;
1942 
1943  /*
1944  * If the filter string filters for at least a non-empty string,
1945  * browse it and search for a string that matches the source string.
1946  */
1947  // else if (*FilterString && *String)
1948  {
1949  pStr = FilterString;
1950  while (*pStr)
1951  {
1952  if (wcsicmp(pStr, String) == 0)
1953  {
1954  /* We have a match, break the loop */
1955  break;
1956  }
1957 
1958  pStr += (wcslen(pStr) + 1);
1959  }
1960  if (!*pStr) // && *String
1961  {
1962  /* We do not have a match */
1963  return FALSE;
1964  }
1965  }
1966 
1967  /* We have a match */
1968  return TRUE;
1969 }
const uint16_t * PCWSTR
Definition: typedefs.h:55
#define TRUE
Definition: types.h:120
static WCHAR String[]
Definition: stringtable.c:55
#define wcsicmp
Definition: string.h:1152
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by EnumEventsThread().

◆ FilterByType()

BOOL FilterByType ( IN PEVENTLOGFILTER  EventLogFilter,
IN PEVENTLOGRECORD  pevlr 
)

Definition at line 1902 of file eventvwr.c.

1904 {
1905  if ((pevlr->EventType == EVENTLOG_SUCCESS && !EventLogFilter->Information ) ||
1906  (pevlr->EventType == EVENTLOG_INFORMATION_TYPE && !EventLogFilter->Information ) ||
1907  (pevlr->EventType == EVENTLOG_WARNING_TYPE && !EventLogFilter->Warning ) ||
1908  (pevlr->EventType == EVENTLOG_ERROR_TYPE && !EventLogFilter->Error ) ||
1909  (pevlr->EventType == EVENTLOG_AUDIT_SUCCESS && !EventLogFilter->AuditSuccess) ||
1910  (pevlr->EventType == EVENTLOG_AUDIT_FAILURE && !EventLogFilter->AuditFailure))
1911  {
1912  return FALSE;
1913  }
1914  return TRUE;
1915 }
#define TRUE
Definition: types.h:120
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633

Referenced by EnumEventsThread().

◆ FormatByteSize()

UINT FormatByteSize ( LONGLONG  cbSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1174 of file eventvwr.c.

1175 {
1176  UINT cchWritten, cchRemaining;
1177  LPWSTR pwszEnd;
1178  size_t cchStringRemaining;
1179 
1180  /* Write formated bytes count */
1181  cchWritten = FormatInteger(cbSize, pwszResult, cchResultMax);
1182  if (!cchWritten)
1183  return 0;
1184 
1185  /* Copy " bytes" to buffer */
1186  pwszEnd = pwszResult + cchWritten;
1187  cchRemaining = cchResultMax - cchWritten;
1188  StringCchCopyExW(pwszEnd, cchRemaining, L" ", &pwszEnd, &cchStringRemaining, 0);
1189  cchRemaining = (UINT)cchStringRemaining;
1190  cchWritten = LoadStringW(hInst, IDS_BYTES_FORMAT, pwszEnd, cchRemaining);
1191  cchRemaining -= cchWritten;
1192 
1193  return cchResultMax - cchRemaining;
1194 }
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:65
#define IDS_BYTES_FORMAT
Definition: resource.h:109
static const WCHAR L[]
Definition: oid.c:1250
UINT FormatInteger(LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1114
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
unsigned int UINT
Definition: ndis.h:50
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by FormatFileSizeWithBytes().

◆ FormatFileSizeWithBytes()

LPWSTR FormatFileSizeWithBytes ( const PULARGE_INTEGER  lpQwSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1197 of file eventvwr.c.

1198 {
1199  UINT cchWritten, cchRemaining;
1200  LPWSTR pwszEnd;
1201  size_t cchCopyRemaining;
1202 
1203  /* Format bytes in KBs, MBs etc */
1204  if (StrFormatByteSizeW(lpQwSize->QuadPart, pwszResult, cchResultMax) == NULL)
1205  return NULL;
1206 
1207  /* If there is less bytes than 1KB, we have nothing to do */
1208  if (lpQwSize->QuadPart < 1024)
1209  return pwszResult;
1210 
1211  /* Concatenate " (" */
1212  cchWritten = (UINT)wcslen(pwszResult);
1213  pwszEnd = pwszResult + cchWritten;
1214  cchRemaining = cchResultMax - cchWritten;
1215  StringCchCopyExW(pwszEnd, cchRemaining, L" (", &pwszEnd, &cchCopyRemaining, 0);
1216  cchRemaining = (UINT)cchCopyRemaining;
1217 
1218  /* Write formated bytes count */
1219  cchWritten = FormatByteSize(lpQwSize->QuadPart, pwszEnd, cchRemaining);
1220  pwszEnd += cchWritten;
1221  cchRemaining -= cchWritten;
1222 
1223  /* Copy ")" to the buffer */
1224  StringCchCopyW(pwszEnd, cchRemaining, L")");
1225 
1226  return pwszResult;
1227 }
LPWSTR WINAPI StrFormatByteSizeW(LONGLONG llBytes, LPWSTR lpszDest, UINT cchMax)
Definition: string.c:2376
ULONGLONG QuadPart
Definition: ms-dtyp.idl:185
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
smooth NULL
Definition: ftsmooth.c:416
static const WCHAR L[]
Definition: oid.c:1250
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
UINT FormatByteSize(LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1174
unsigned int UINT
Definition: ndis.h:50
WCHAR * LPWSTR
Definition: xmlstorage.h:184
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by InitPropertiesDlg().

◆ FormatInteger()

UINT FormatInteger ( LONGLONG  Num,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1114 of file eventvwr.c.

1115 {
1116  WCHAR wszNumber[24];
1117  WCHAR wszDecimalSep[8], wszThousandSep[8];
1118  NUMBERFMTW nf;
1119  WCHAR wszGrouping[12];
1120  INT cchGrouping;
1121  INT cchResult;
1122  INT i;
1123 
1124  // Print the number in uniform mode
1125  swprintf(wszNumber, L"%I64u", Num);
1126 
1127  // Get system strings for decimal and thousand separators.
1128  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_SDECIMAL, wszDecimalSep, _countof(wszDecimalSep));
1129  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_STHOUSAND, wszThousandSep, _countof(wszThousandSep));
1130 
1131  // Initialize format for printing the number in bytes
1132  ZeroMemory(&nf, sizeof(nf));
1133  nf.lpDecimalSep = wszDecimalSep;
1134  nf.lpThousandSep = wszThousandSep;
1135 
1136  // Get system string for groups separator
1137  cchGrouping = GetLocaleInfoW(LOCALE_USER_DEFAULT,
1139  wszGrouping,
1140  _countof(wszGrouping));
1141 
1142  // Convert grouping specs from string to integer
1143  for (i = 0; i < cchGrouping; i++)
1144  {
1145  WCHAR wch = wszGrouping[i];
1146 
1147  if (wch >= L'0' && wch <= L'9')
1148  nf.Grouping = nf.Grouping * 10 + (wch - L'0');
1149  else if (wch != L';')
1150  break;
1151  }
1152 
1153  if ((nf.Grouping % 10) == 0)
1154  nf.Grouping /= 10;
1155  else
1156  nf.Grouping *= 10;
1157 
1158  // Format the number
1160  0,
1161  wszNumber,
1162  &nf,
1163  pwszResult,
1164  cchResultMax);
1165 
1166  if (!cchResult)
1167  return 0;
1168 
1169  // GetNumberFormatW returns number of characters including UNICODE_NULL
1170  return cchResult - 1;
1171 }
LPWSTR lpThousandSep
Definition: winnls.h:643
#define LOCALE_SGROUPING
Definition: winnls.h:44
LPWSTR lpDecimalSep
Definition: winnls.h:642
#define _countof(array)
Definition: fontsub.cpp:30
#define LOCALE_USER_DEFAULT
UINT Grouping
Definition: winnls.h:641
#define ZeroMemory
Definition: winbase.h:1635
int32_t INT
Definition: typedefs.h:56
INT WINAPI GetLocaleInfoW(LCID lcid, LCTYPE lctype, LPWSTR buffer, INT len)
Definition: lang.c:1098
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define LOCALE_STHOUSAND
Definition: winnls.h:43
#define LOCALE_SDECIMAL
Definition: winnls.h:42
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define swprintf(buf, format,...)
Definition: sprintf.c:56
static const WCHAR L[]
Definition: oid.c:1250
INT WINAPI GetNumberFormatW(LCID lcid, DWORD dwFlags, LPCWSTR lpszValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchOut)
Definition: lcformat.c:1198

Referenced by FormatByteSize().

◆ FreeLogFilterList()

VOID FreeLogFilterList ( VOID  )

Definition at line 3022 of file eventvwr.c.

3023 {
3025  PEVENTLOGFILTER EventLogFilter;
3026 
3027  while (!IsListEmpty(&EventLogFilterList))
3028  {
3030  EventLogFilter = (PEVENTLOGFILTER)CONTAINING_RECORD(Entry, EVENTLOGFILTER, ListEntry);
3031  EventLogFilter_Free(EventLogFilter);
3032  }
3033 
3034  ActiveFilter = NULL;
3035 
3036  return;
3037 }
struct _Entry Entry
Definition: kefuncs.h:640
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1415
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:104
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:103
smooth NULL
Definition: ftsmooth.c:416
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOGFILTER * PEVENTLOGFILTER
Definition: typedefs.h:117
base of all file and directory entries
Definition: entries.h:82

Referenced by wWinMain().

◆ FreeLogList()

VOID FreeLogList ( VOID  )

Definition at line 3006 of file eventvwr.c.

3007 {
3009  PEVENTLOG EventLog;
3010 
3011  while (!IsListEmpty(&EventLogList))
3012  {
3014  EventLog = (PEVENTLOG)CONTAINING_RECORD(Entry, EVENTLOG, ListEntry);
3015  EventLog_Free(EventLog);
3016  }
3017 
3018  return;
3019 }
struct _Entry Entry
Definition: kefuncs.h:640
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOG * PEVENTLOG
Definition: typedefs.h:117
LIST_ENTRY EventLogList
Definition: eventvwr.c:102
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1335
base of all file and directory entries
Definition: entries.h:82

Referenced by wWinMain().

◆ FreeRecords()

static VOID FreeRecords ( VOID  )
static

Definition at line 1884 of file eventvwr.c.

1885 {
1886  DWORD iIndex;
1887 
1888  if (!g_RecordPtrs)
1889  return;
1890 
1891  for (iIndex = 0; iIndex < g_TotalRecords; iIndex++)
1892  {
1893  if (g_RecordPtrs[iIndex])
1894  HeapFree(GetProcessHeap(), 0, g_RecordPtrs[iIndex]);
1895  }
1897  g_RecordPtrs = NULL;
1898  g_TotalRecords = 0;
1899 }
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:99
DWORD g_TotalRecords
Definition: eventvwr.c:98
smooth NULL
Definition: ftsmooth.c:416
#define GetProcessHeap()
Definition: compat.h:395
unsigned long DWORD
Definition: ntddk_ex.h:95
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by EnumEventsThread(), and StartStopEnumEventsThread().

◆ GetDisplayNameFileAndID()

BOOL GetDisplayNameFileAndID ( IN LPCWSTR  lpLogName,
OUT PWCHAR  lpModuleName,
OUT PDWORD  pdwMessageID 
)

Definition at line 2722 of file eventvwr.c.

2725 {
2726  BOOL Success = FALSE;
2727  LONG Result;
2728  HKEY hLogKey;
2729  WCHAR *KeyPath;
2730  SIZE_T cbKeyPath;
2731  DWORD dwType, cbData;
2732  DWORD dwMessageID = 0;
2734 
2735  /* Use a default value for the message ID */
2736  *pdwMessageID = 0;
2737 
2738  cbKeyPath = (wcslen(EVENTLOG_BASE_KEY) + wcslen(lpLogName) + 1) * sizeof(WCHAR);
2739  KeyPath = HeapAlloc(GetProcessHeap(), 0, cbKeyPath);
2740  if (!KeyPath)
2741  return FALSE;
2742 
2743  StringCbCopyW(KeyPath, cbKeyPath, EVENTLOG_BASE_KEY);
2744  StringCbCatW(KeyPath, cbKeyPath, lpLogName);
2745 
2746  Result = RegOpenKeyExW(hkMachine, KeyPath, 0, KEY_QUERY_VALUE, &hLogKey);
2747  HeapFree(GetProcessHeap(), 0, KeyPath);
2748  if (Result != ERROR_SUCCESS)
2749  return FALSE;
2750 
2751  cbData = sizeof(szModuleName);
2752  Result = RegQueryValueExW(hLogKey,
2753  L"DisplayNameFile",
2754  NULL,
2755  &dwType,
2757  &cbData);
2758  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2759  {
2761  }
2762  else
2763  {
2764  /* NULL-terminate the string and expand it */
2765  szModuleName[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
2767  Success = TRUE;
2768  }
2769 
2770  /*
2771  * If we have a 'DisplayNameFile', query for 'DisplayNameID';
2772  * otherwise it's not really useful. 'DisplayNameID' is optional.
2773  */
2774  if (Success)
2775  {
2776  cbData = sizeof(dwMessageID);
2777  Result = RegQueryValueExW(hLogKey,
2778  L"DisplayNameID",
2779  NULL,
2780  &dwType,
2781  (LPBYTE)&dwMessageID,
2782  &cbData);
2783  if ((Result != ERROR_SUCCESS) || (dwType != REG_DWORD))
2784  dwMessageID = 0;
2785 
2786  *pdwMessageID = dwMessageID;
2787  }
2788 
2789  RegCloseKey(hLogKey);
2790 
2791  return Success;
2792 }
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:95
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:52
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
long LONG
Definition: pedump.c:60
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1468
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4116
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:26
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:41
static const WCHAR L[]
Definition: oid.c:1250
LPWSTR lpComputerName
Definition: eventvwr.c:91
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366
LPCWSTR LPCWSTR szModuleName
Definition: env.c:35
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
#define REG_DWORD
Definition: sdbapi.c:596
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394
#define REG_SZ
Definition: layer.c:22

Referenced by BuildLogListAndFilterList().

◆ GetEventCategory()

BOOL GetEventCategory ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  CategoryName 
)

Definition at line 1602 of file eventvwr.c.

1606 {
1607  BOOL Success = FALSE;
1608  WCHAR szMessageDLL[MAX_PATH];
1609  LPWSTR lpMsgBuf = NULL;
1610 
1612  goto Quit;
1613 
1614  /* Retrieve the message string without appending extra newlines */
1615  lpMsgBuf =
1616  GetMessageStringFromDllList(szMessageDLL,
1619  pevlr->EventCategory,
1621  NULL);
1622  if (lpMsgBuf)
1623  {
1624  /* Trim the string */
1625  TrimNulls(lpMsgBuf);
1626 
1627  /* Copy the category name */
1628  StringCchCopyW(CategoryName, MAX_PATH, lpMsgBuf);
1629 
1630  /* Free the buffer allocated by FormatMessage */
1631  LocalFree(lpMsgBuf);
1632 
1633  /* The ID was found and the message was formatted */
1634  Success = TRUE;
1635  }
1636 
1637 Quit:
1638  if (!Success)
1639  {
1640  if (pevlr->EventCategory != 0)
1641  {
1642  StringCchPrintfW(CategoryName, MAX_PATH, L"(%lu)", pevlr->EventCategory);
1643  Success = TRUE;
1644  }
1645  }
1646 
1647  return Success;
1648 }
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1454
#define TRUE
Definition: types.h:120
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
smooth NULL
Definition: ftsmooth.c:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define EVENT_CATEGORY_MESSAGE_FILE
Definition: eventvwr.c:56
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:26
static const WCHAR L[]
Definition: oid.c:1250
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
WCHAR SourceName[256]
Definition: arping.c:28
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1541
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:855
#define EVENT_MESSAGE_FILE_BUFFER
Definition: eventvwr.c:54

Referenced by EnumEventsThread().

◆ GetEventMessage()

BOOL GetEventMessage ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  EventText 
)

Definition at line 1652 of file eventvwr.c.

1656 {
1657  BOOL Success = FALSE;
1658  DWORD i;
1659  size_t cch;
1660  WCHAR SourceModuleName[1024];
1661  WCHAR ParameterModuleName[1024];
1662  BOOL IsParamModNameCached = FALSE;
1663  LPWSTR lpMsgBuf = NULL;
1664  LPWSTR szStringArray, szMessage;
1665  LPWSTR *szArguments;
1666 
1667  /* Get the event string array */
1668  szStringArray = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset);
1669 
1670  /* NOTE: GetEventMessageFileDLL can return a comma-separated list of DLLs */
1671  if (!GetEventMessageFileDLL(KeyName, SourceName, EVENT_MESSAGE_FILE, SourceModuleName))
1672  goto Quit;
1673 
1674  /* Allocate space for insertion strings */
1675  szArguments = HeapAlloc(GetProcessHeap(), 0, pevlr->NumStrings * sizeof(LPVOID));
1676  if (!szArguments)
1677  goto Quit;
1678 
1679  if (!IsParamModNameCached)
1680  {
1681  /* Now that the parameter file list is loaded, no need to reload it at the next run! */
1682  IsParamModNameCached = GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName);
1683  // FIXME: If the string loading failed the first time, no need to retry it just after???
1684  }
1685 
1686  if (IsParamModNameCached)
1687  {
1688  /* Not yet support for reading messages from parameter message DLL */
1689  }
1690 
1691  szMessage = szStringArray;
1692  /*
1693  * HACK:
1694  * We do some hackish preformatting of the cached event strings...
1695  * That's because after we pass the string to FormatMessage
1696  * (via GetMessageStringFromDllList) with the FORMAT_MESSAGE_ARGUMENT_ARRAY
1697  * flag, instead of ignoring the insertion parameters and do the formatting
1698  * by ourselves. Therefore, the resulting string should have the parameter
1699  * string placeholders starting with a single '%' instead of a mix of one
1700  * and two '%'.
1701  */
1702  /* HACK part 1: Compute the full length of the string array */
1703  cch = 0;
1704  for (i = 0; i < pevlr->NumStrings; i++)
1705  {
1706  szMessage += wcslen(szMessage) + 1;
1707  }
1708  cch = szMessage - szStringArray;
1709 
1710  /* HACK part 2: Now do the HACK proper! */
1711  szMessage = szStringArray;
1712  for (i = 0; i < pevlr->NumStrings; i++)
1713  {
1714  lpMsgBuf = szMessage;
1715  while ((lpMsgBuf = wcsstr(lpMsgBuf, L"%%")))
1716  {
1717  if (iswdigit(lpMsgBuf[2]))
1718  {
1719  RtlMoveMemory(lpMsgBuf, lpMsgBuf+1, ((szStringArray + cch) - lpMsgBuf - 1) * sizeof(WCHAR));
1720  }
1721  }
1722 
1723  szArguments[i] = szMessage;
1724  szMessage += wcslen(szMessage) + 1;
1725  }
1726 
1727  /* Retrieve the message string without appending extra newlines */
1728  lpMsgBuf =
1729  GetMessageStringFromDllList(SourceModuleName,
1732  pevlr->EventID,
1733  0,
1734  (va_list*)szArguments);
1735  if (lpMsgBuf)
1736  {
1737  /* Trim the string */
1738  TrimNulls(lpMsgBuf);
1739 
1740  szMessage = NULL;
1741  Success = (ApplyParameterStringsToMessage(ParameterModuleName,
1742  TRUE,
1743  lpMsgBuf,
1744  &szMessage) == ERROR_SUCCESS);
1745  if (Success && szMessage)
1746  {
1747  /* Free the buffer allocated by FormatMessage */
1748  LocalFree(lpMsgBuf);
1749  lpMsgBuf = szMessage;
1750  }
1751 
1752  /* Copy the event text */
1753  StringCchCopyW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf);
1754 
1755  /* Free the buffer allocated by FormatMessage */
1756  LocalFree(lpMsgBuf);
1757  }
1758 
1759  HeapFree(GetProcessHeap(), 0, szArguments);
1760 
1761 Quit:
1762  if (!Success)
1763  {
1764  /* Get a read-only pointer to the "event-not-found" string */
1765  lpMsgBuf = HeapAlloc(GetProcessHeap(), 0, EVENT_MESSAGE_EVENTTEXT_BUFFER * sizeof(WCHAR));
1767  StringCchPrintfW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf, (pevlr->EventID & 0xFFFF), SourceName);
1768 
1769  /* Append the strings */
1770  szMessage = szStringArray;
1771  for (i = 0; i < pevlr->NumStrings; i++)
1772  {
1773  StringCchCatW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, szMessage);
1775  szMessage += wcslen(szMessage) + 1;
1776  }
1777  }
1778 
1779  return Success;
1780 }
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1454
#define TRUE
Definition: types.h:120
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:406
#define ERROR_SUCCESS
Definition: deptool.c:10
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:405
#define iswdigit(_c)
Definition: ctype.h:667
#define EVENT_PARAMETER_MESSAGE_FILE
Definition: eventvwr.c:58
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:65
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:263
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:325
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned char * LPBYTE
Definition: typedefs.h:52
DWORD ApplyParameterStringsToMessage(IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
Definition: eventvwr.c:916
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:201
smooth NULL
Definition: ftsmooth.c:416
char * va_list
Definition: acmsvcex.h:78
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR L[]
Definition: oid.c:1250
#define EVENT_MESSAGE_EVENTTEXT_BUFFER
Definition: eventvwr.c:53
#define IDS_EVENTSTRINGIDNOTFOUND
Definition: resource.h:96
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define EVENT_MESSAGE_FILE
Definition: eventvwr.c:57
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
WCHAR SourceName[256]
Definition: arping.c:28
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1541
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:855
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by DisplayEvent().

◆ GetEventMessageFileDLL()

BOOL GetEventMessageFileDLL ( IN LPCWSTR  lpLogName,
IN LPCWSTR  SourceName,
IN LPCWSTR  EntryName,
OUT PWCHAR  lpModuleName 
)

Definition at line 1541 of file eventvwr.c.

1545 {
1546  BOOL Success = FALSE;
1547  LONG Result;
1548  DWORD dwType, dwSize;
1550  WCHAR szKeyName[MAX_PATH];
1551  HKEY hLogKey = NULL;
1552  HKEY hSourceKey = NULL;
1553 
1554  StringCbCopyW(szKeyName, sizeof(szKeyName), EVENTLOG_BASE_KEY);
1555  StringCbCatW(szKeyName, sizeof(szKeyName), lpLogName);
1556 
1558  szKeyName,
1559  0,
1560  KEY_READ,
1561  &hLogKey);
1562  if (Result != ERROR_SUCCESS)
1563  return FALSE;
1564 
1565  Result = RegOpenKeyExW(hLogKey,
1566  SourceName,
1567  0,
1569  &hSourceKey);
1570  if (Result != ERROR_SUCCESS)
1571  {
1572  RegCloseKey(hLogKey);
1573  return FALSE;
1574  }
1575 
1576  dwSize = sizeof(szModuleName);
1577  Result = RegQueryValueExW(hSourceKey,
1578  EntryName,
1579  NULL,
1580  &dwType,
1582  &dwSize);
1583  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
1584  {
1586  }
1587  else
1588  {
1589  /* NULL-terminate the string and expand it */
1590  szModuleName[dwSize / sizeof(WCHAR) - 1] = UNICODE_NULL;
1592  Success = TRUE;
1593  }
1594 
1595  RegCloseKey(hSourceKey);
1596  RegCloseKey(hLogKey);
1597 
1598  return Success;
1599 }
#define TRUE
Definition: types.h:120
#define ERROR_SUCCESS
Definition: deptool.c:10
#define KEY_READ
Definition: nt_native.h:1023
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:95
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:52
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
long LONG
Definition: pedump.c:60
smooth NULL
Definition: ftsmooth.c:416
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1468
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4116
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:26
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:41
LPWSTR lpComputerName
Definition: eventvwr.c:91
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
WCHAR SourceName[256]
Definition: arping.c:28
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366
LPCWSTR LPCWSTR szModuleName
Definition: env.c:35
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:54
#define REG_SZ
Definition: layer.c:22

Referenced by GetEventCategory(), and GetEventMessage().

◆ GetEventType()

VOID GetEventType ( IN WORD  dwEventType,
OUT PWCHAR  eventTypeText 
)

Definition at line 1783 of file eventvwr.c.

1785 {
1786  switch (dwEventType)
1787  {
1788  case EVENTLOG_ERROR_TYPE:
1790  break;
1791  case EVENTLOG_WARNING_TYPE:
1793  break;
1796  break;
1797  case EVENTLOG_SUCCESS:
1799  break;
1802  break;
1805  break;
1806  default:
1808  break;
1809  }
1810 }
#define MAX_LOADSTRING
Definition: eventvwr.c:60
#define IDS_EVENTLOG_ERROR_TYPE
Definition: resource.h:101
#define IDS_EVENTLOG_INFORMATION_TYPE
Definition: resource.h:103
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define IDS_EVENTLOG_UNKNOWN_TYPE
Definition: resource.h:107
HINSTANCE hInst
Definition: eventvwr.c:65
#define IDS_EVENTLOG_SUCCESS
Definition: resource.h:106
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2630
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2634
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2629
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2632
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2631
#define IDS_EVENTLOG_AUDIT_FAILURE
Definition: resource.h:105
#define IDS_EVENTLOG_WARNING_TYPE
Definition: resource.h:102
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2633
#define IDS_EVENTLOG_AUDIT_SUCCESS
Definition: resource.h:104

Referenced by EnumEventsThread().

◆ GetEventUserName()

BOOL GetEventUserName ( IN PEVENTLOGRECORD  pelr,
IN OUT PSID pLastSid,
OUT PWCHAR  pszUser 
)

Definition at line 1813 of file eventvwr.c.

1816 {
1817  PSID pCurrentSid;
1818  PWSTR StringSid;
1819  WCHAR szName[1024];
1820  WCHAR szDomain[1024];
1823  DWORD cchDomain = ARRAYSIZE(szDomain);
1824  BOOL Success = FALSE;
1825 
1826  /* Point to the SID */
1827  pCurrentSid = (PSID)((LPBYTE)pelr + pelr->UserSidOffset);
1828 
1829  if (!IsValidSid(pCurrentSid))
1830  {
1831  *pLastSid = NULL;
1832  return FALSE;
1833  }
1834  else if (*pLastSid && EqualSid(*pLastSid, pCurrentSid))
1835  {
1836  return TRUE;
1837  }
1838 
1839  /* User SID */
1840  if (pelr->UserSidLength > 0)
1841  {
1842  /*
1843  * Try to retrieve the user account name and domain name corresponding
1844  * to the SID. If it cannot be retrieved, try to convert the SID to a
1845  * string-form. It should not be bigger than the user-provided buffer
1846  * 'pszUser', otherwise we return an error.
1847  */
1849  pCurrentSid,
1850  szName,
1851  &cchName,
1852  szDomain,
1853  &cchDomain,
1854  &peUse))
1855  {
1856  StringCchCopyW(pszUser, MAX_PATH, szName);
1857  Success = TRUE;
1858  }
1859  else if (ConvertSidToStringSidW(pCurrentSid, &StringSid))
1860  {
1861  /* Copy the string only if the user-provided buffer is big enough */
1862  if (wcslen(StringSid) + 1 <= MAX_PATH) // + 1 for NULL-terminator
1863  {
1864  StringCchCopyW(pszUser, MAX_PATH, StringSid);
1865  Success = TRUE;
1866  }
1867  else
1868  {
1870  Success = FALSE;
1871  }
1872 
1873  /* Free the allocated buffer */
1874  LocalFree(StringSid);
1875  }
1876  }
1877 
1878  *pLastSid = Success ? pCurrentSid : NULL;
1879 
1880  return Success;
1881 }
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2684
#define TRUE
Definition: types.h:120
enum _SID_NAME_USE SID_NAME_USE
uint16_t * PWSTR
Definition: typedefs.h:54
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3259
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2706
unsigned char * LPBYTE
Definition: typedefs.h:52
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:26
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:409
struct _SID * PSID
Definition: eventlog.c:35
LPWSTR lpComputerName
Definition: eventvwr.c:91
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
static const WCHAR szName[]
Definition: msipriv.h:1194
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:698
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by EnumEventsThread().

◆ GetExpandedFilePathName()

DWORD GetExpandedFilePathName ( IN LPCWSTR ComputerName  OPTIONAL,
IN LPCWSTR  lpFileName,
OUT LPWSTR lpFullFileName  OPTIONAL,
IN DWORD  nSize 
)

Definition at line 1468 of file eventvwr.c.

1473 {
1474  SIZE_T dwLength;
1475 
1476  /* Determine the needed size after expansion of any environment strings */
1478  if (dwLength == 0)
1479  {
1480  /* We failed, bail out */
1481  return 0;
1482  }
1483 
1484  /* If the file path is on a remote computer, estimate its length */
1485  // FIXME: Use WNetGetUniversalName instead?
1486  if (ComputerName && *ComputerName)
1487  {
1488  /* Skip any leading backslashes */
1489  while (*ComputerName == L'\\')
1490  ++ComputerName;
1491 
1492  if (*ComputerName)
1493  {
1494  /* Count 2 backslashes plus the computer name and one backslash separator */
1495  dwLength += 2 + wcslen(ComputerName) + 1;
1496  }
1497  }
1498 
1499  /* Check whether we have enough space */
1500  if (dwLength > nSize)
1501  {
1502  /* No, return the needed size in characters (includes NULL-terminator) */
1503  return dwLength;
1504  }
1505 
1506 
1507  /* Now expand the file path */
1508  ASSERT(dwLength <= nSize);
1509 
1510  /* Expand any existing environment strings */
1511  if (ExpandEnvironmentStringsW(lpFileName, lpFullFileName, dwLength) == 0)
1512  {
1513  /* We failed, bail out */
1514  return 0;
1515  }
1516 
1517  /* If the file path is on a remote computer, retrieve the network share form of the file name */
1518  // FIXME: Use WNetGetUniversalName instead?
1519  if (ComputerName && *ComputerName)
1520  {
1521  /* Note that we previously skipped any potential leading backslashes */
1522 
1523  /* Replace ':' by '$' in the drive letter */
1524  if (*lpFullFileName && lpFullFileName[1] == L':')
1525  lpFullFileName[1] = L'$';
1526 
1527  /* Prepend the computer name */
1528  RtlMoveMemory(lpFullFileName + 2 + wcslen(ComputerName) + 1,
1529  lpFullFileName, dwLength * sizeof(WCHAR) - (2 + wcslen(ComputerName) + 1) * sizeof(WCHAR));
1530  lpFullFileName[0] = L'\\';
1531  lpFullFileName[1] = L'\\';
1532  wcsncpy(lpFullFileName + 2, ComputerName, wcslen(ComputerName));
1533  lpFullFileName[2 + wcslen(ComputerName)] = L'\\';
1534  }
1535 
1536  /* Return the number of stored characters (includes NULL-terminator) */
1537  return dwLength;
1538 }
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2024
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:263
smooth NULL
Definition: ftsmooth.c:416
__wchar_t WCHAR
Definition: xmlstorage.h:180
static DWORD DWORD * dwLength
Definition: fusion.c:83
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
static const WCHAR L[]
Definition: oid.c:1250
ULONG_PTR SIZE_T
Definition: typedefs.h:78
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
_In_ LPCSTR lpFileName
Definition: winbase.h:3011

Referenced by GetDisplayNameFileAndID(), GetEventMessageFileDLL(), and InitPropertiesDlg().

◆ GetFileTimeString()

BOOL GetFileTimeString ( LPFILETIME  lpFileTime,
LPWSTR  pwszResult,
UINT  cchResult 
)

Definition at line 1231 of file eventvwr.c.

1232 {
1233  FILETIME ft;
1234  SYSTEMTIME st;
1235  int cchWritten;
1236  UINT cchRemaining = cchResult;
1237  size_t cchCopyRemaining;
1238  LPWSTR pwszEnd = pwszResult;
1239 
1240  if (!FileTimeToLocalFileTime(lpFileTime, &ft) || !FileTimeToSystemTime(&ft, &st))
1241  return FALSE;
1242 
1243  cchWritten = GetDateFormatW(LOCALE_USER_DEFAULT, DATE_LONGDATE, &st, NULL, pwszEnd, cchRemaining);
1244  if (cchWritten)
1245  --cchWritten; // GetDateFormatW returns count with terminating zero
1246  // else
1247  // ERR("GetDateFormatW failed\n");
1248 
1249  cchRemaining -= cchWritten;
1250  pwszEnd += cchWritten;
1251 
1252  StringCchCopyExW(pwszEnd, cchRemaining, L", ", &pwszEnd, &cchCopyRemaining, 0);
1253  cchRemaining = (UINT)cchCopyRemaining;
1254 
1255  cchWritten = GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &st, NULL, pwszEnd, cchRemaining);
1256  if (cchWritten)
1257  --cchWritten; // GetTimeFormatW returns count with terminating zero
1258  // else
1259  // ERR("GetTimeFormatW failed\n");
1260 
1261  return TRUE;
1262 }
#define TRUE
Definition: types.h:120
#define LOCALE_USER_DEFAULT
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:211
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:178
static const WCHAR L[]
Definition: oid.c:1250
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:979
#define DATE_LONGDATE
Definition: winnls.h:194
unsigned int UINT
Definition: ndis.h:50
WCHAR * LPWSTR
Definition: xmlstorage.h:184
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1079

Referenced by InitPropertiesDlg().

◆ GetMessageStringFromDll()

LPWSTR GetMessageStringFromDll ( IN LPCWSTR  lpMessageDll,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 751 of file eventvwr.c.

757 {
759  DWORD dwLength;
760  LPWSTR lpMsgBuf = NULL;
761 
762  hLibrary = LoadLibraryExW(lpMessageDll, NULL,
763  /* LOAD_LIBRARY_AS_IMAGE_RESOURCE | */ LOAD_LIBRARY_AS_DATAFILE);
764  if (hLibrary == NULL)
765  return NULL;
766 
767  /* Sanitize dwFlags */
770 
771  _SEH2_TRY
772  {
773  /*
774  * Retrieve the message string without appending extra newlines.
775  * Wrap in SEH to protect from invalid string parameters.
776  */
777  _SEH2_TRY
778  {
780  /* FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE |
781  FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, */
782  hLibrary,
783  dwMessageId,
785  (LPWSTR)&lpMsgBuf,
786  nSize,
787  Arguments);
788  }
790  {
791  dwLength = 0;
792 
793  /*
794  * An exception occurred while calling FormatMessage, this is usually
795  * the sign that a parameter was invalid, either 'lpMsgBuf' was NULL
796  * but we did not pass the flag FORMAT_MESSAGE_ALLOCATE_BUFFER, or the
797  * array pointer 'Arguments' was NULL or did not contain enough elements,
798  * and we did not pass the flag FORMAT_MESSAGE_IGNORE_INSERTS, and the
799  * message string expected too many inserts.
800  * In this last case only, we can call again FormatMessage but ignore
801  * explicitly the inserts. The string that we will return to the user
802  * will not be pre-formatted.
803  */
804  if (((dwFlags & FORMAT_MESSAGE_ALLOCATE_BUFFER) || lpMsgBuf) &&
806  {
807  /* Remove any possible harmful flags and always ignore inserts */
810 
811  /* If this call also throws an exception, we are really dead */
813  hLibrary,
814  dwMessageId,
816  (LPWSTR)&lpMsgBuf,
817  nSize,
818  NULL /* Arguments */);
819  }
820  }
821  _SEH2_END;
822  }
824  {
826  }
827  _SEH2_END;
828 
829  if (dwLength == 0)
830  {
831  ASSERT(lpMsgBuf == NULL);
832  lpMsgBuf = NULL;
833  }
834  else
835  {
836  LPWSTR ptr;
837 
838  ASSERT(lpMsgBuf);
839 
840  /* Trim any trailing whitespace */
841  ptr = lpMsgBuf + dwLength - 1;
842  while (iswspace(*ptr))
843  *ptr-- = UNICODE_NULL;
844  }
845 
846  return lpMsgBuf;
847 }
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:405
#define FORMAT_MESSAGE_FROM_STRING
Definition: winbase.h:402
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
Definition: loader.c:288
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2024
DWORD WINAPI FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, __ms_va_list *args)
Definition: format_msg.c:583
_SEH2_TRY
Definition: create.c:4250
#define UNICODE_NULL
static PVOID ptr
Definition: dispmode.c:27
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:400
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
smooth NULL
Definition: ftsmooth.c:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:403
#define FreeLibrary(x)
Definition: compat.h:405
static DWORD DWORD * dwLength
Definition: fusion.c:83
unsigned long DWORD
Definition: ntddk_ex.h:95
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define iswspace(_c)
Definition: ctype.h:669
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
HMODULE hLibrary
Definition: odbccp32.c:12
#define LOAD_LIBRARY_AS_DATAFILE
Definition: winbase.h:338
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:401
_SEH2_END
Definition: create.c:4424
_SEH2_FINALLY
Definition: create.c:4395
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LANG_USER_DEFAULT
Definition: tnerror.cpp:50

Referenced by BuildLogListAndFilterList(), and GetMessageStringFromDllList().

◆ GetMessageStringFromDllList()

LPWSTR GetMessageStringFromDllList ( IN LPCWSTR  lpMessageDllList,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 855 of file eventvwr.c.

861 {
862  BOOL Success = FALSE;
863  SIZE_T cbLength;
864  LPWSTR szMessageDllList;
865  LPWSTR szDll;
866  LPWSTR lpMsgBuf = NULL;
867 
868  /* Allocate a local buffer for the DLL list that can be tokenized */
869  // TODO: Optimize that!! Maybe we can cleverly use lpMessageDllList in read/write mode
870  // and cleverly temporarily replace the ';' by UNICODE_NULL, do our job, then reverse the change.
871  cbLength = (wcslen(lpMessageDllList) + 1) * sizeof(WCHAR);
872  szMessageDllList = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbLength);
873  if (!szMessageDllList)
874  return NULL;
875  RtlCopyMemory(szMessageDllList, lpMessageDllList, cbLength);
876 
877  /* Loop through the list of message DLLs */
878  szDll = wcstok(szMessageDllList, EVENT_DLL_SEPARATOR);
879  while ((szDll != NULL) && !Success)
880  {
881  // Uses LANG_USER_DEFAULT
882  lpMsgBuf = GetMessageStringFromDll(szDll,
883  dwFlags,
884  dwMessageId,
885  nSize,
886  Arguments);
887  if (lpMsgBuf)
888  {
889  /* The ID was found and the message was formatted */
890  Success = TRUE;
891  break;
892  }
893 
894  /*
895  * The DLL could not be loaded, or the message could not be found,
896  * try the next DLL, if any.
897  */
898  szDll = wcstok(NULL, EVENT_DLL_SEPARATOR);
899  }
900 
901  HeapFree(GetProcessHeap(), 0, szMessageDllList);
902 
903  return lpMsgBuf;
904 }
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2024
_Check_return_ _CRTIMP wchar_t *__cdecl wcstok(_Inout_opt_z_ wchar_t *_Str, _In_z_ const wchar_t *_Delim)
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:751
#define EVENT_DLL_SEPARATOR
Definition: eventvwr.c:55
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
#define GetProcessHeap()
Definition: compat.h:395
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
ULONG_PTR SIZE_T
Definition: typedefs.h:78
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
WCHAR * LPWSTR
Definition: xmlstorage.h:184
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by ApplyParameterStringsToMessage(), GetEventCategory(), and GetEventMessage().

◆ GetSelectedFilter()

PEVENTLOGFILTER GetSelectedFilter ( OUT HTREEITEM *phti  OPTIONAL)

Definition at line 2445 of file eventvwr.c.

2446 {
2447  TVITEMEXW tvItemEx;
2448  HTREEITEM hti;
2449 
2450  if (phti)
2451  *phti = NULL;
2452 
2453  /* Get index of selected item */
2455  if (hti == NULL)
2456  return NULL; // No filter
2457 
2458  tvItemEx.mask = TVIF_PARAM;
2459  tvItemEx.hItem = hti;
2460 
2461  TreeView_GetItem(hwndTreeView, &tvItemEx);
2462 
2463  if (phti)
2464  *phti = tvItemEx.hItem;
2465 
2466  return (PEVENTLOGFILTER)tvItemEx.lParam;
2467 }
LPARAM lParam
Definition: commctrl.h:3327
smooth NULL
Definition: ftsmooth.c:416
#define TreeView_GetSelection(hwnd)
Definition: commctrl.h:3445
HWND hwndTreeView
Definition: eventvwr.c:82
HTREEITEM hItem
Definition: commctrl.h:3319
#define TVIF_PARAM
Definition: commctrl.h:3240
#define TreeView_GetItem(hwnd, pitem)
Definition: commctrl.h:3462

Referenced by WndProc().

◆ InitInstance()

BOOL InitInstance ( HINSTANCE  hInstance)

Definition at line 3040 of file eventvwr.c.

3041 {
3042  RECT rcClient, rs;
3043  LONG StatusHeight;
3044  HIMAGELIST hSmall;
3045  LVCOLUMNW lvc = {0};
3046  WCHAR szTemp[256];
3047 
3048  /* Create the main window */
3049  rs = Settings.wpPos.rcNormalPosition;
3051  szTitle,
3053  rs.left, rs.top,
3054  (rs.right != CW_USEDEFAULT && rs.left != CW_USEDEFAULT) ? rs.right - rs.left : CW_USEDEFAULT,
3055  (rs.bottom != CW_USEDEFAULT && rs.top != CW_USEDEFAULT) ? rs.bottom - rs.top : CW_USEDEFAULT,
3056  NULL,
3057  NULL,
3058  hInstance,
3059  NULL);
3060  if (!hwndMainWindow)
3061  return FALSE;
3062 
3063  /* Create the status bar */
3064  hwndStatus = CreateWindowExW(0, // no extended styles
3065  STATUSCLASSNAMEW, // status bar
3066  L"", // no text
3067  WS_CHILD | WS_VISIBLE | CCS_BOTTOM | SBARS_SIZEGRIP, // styles
3068  0, 0, 0, 0, // x, y, cx, cy
3069  hwndMainWindow, // parent window
3070  (HMENU)100, // window ID
3071  hInstance, // instance
3072  NULL); // window data
3073 
3074  GetClientRect(hwndMainWindow, &rcClient);
3075  GetWindowRect(hwndStatus, &rs);
3076  StatusHeight = rs.bottom - rs.top;
3077 
3078  /* Create a progress bar in the status bar (hidden by default) */
3080  hwndStatusProgress = CreateWindowExW(0, // no extended styles
3081  PROGRESS_CLASSW, // status bar
3082  NULL, // no text
3083  WS_CHILD | PBS_SMOOTH, // styles
3084  rs.left, rs.top, // x, y
3085  rs.right - rs.left, rs.bottom - rs.top, // cx, cy
3086  hwndStatus, // parent window
3087  NULL, // window ID
3088  hInstance, // instance
3089  NULL); // window data
3090  /* Remove its static edge */
3094 
3095  /* Initialize the splitter default positions */
3096  nVSplitPos = Settings.nVSplitPos;
3097  nHSplitPos = Settings.nHSplitPos;
3098 
3099  /* Create the TreeView */
3101  WC_TREEVIEWW,
3102  NULL,
3103  // WS_CHILD | WS_VISIBLE | TVS_HASLINES | TVS_SHOWSELALWAYS,
3105  0, 0,
3106  nVSplitPos - SPLIT_WIDTH/2,
3107  (rcClient.bottom - rcClient.top) - StatusHeight,
3109  NULL,
3110  hInstance,
3111  NULL);
3112 
3113  /* Create the ImageList */
3116  ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3117  1, 1);
3118 
3119  /* Add event type icons to the ImageList: closed/opened folder, event log (normal/viewed) */
3124 
3125  /* Assign the ImageList to the Tree View */
3127 
3128  /* Add the event logs nodes */
3129  // "System Logs"
3132  // "Application Logs"
3133  LoadStringW(hInstance, IDS_EVENTLOG_APP, szTemp, ARRAYSIZE(szTemp));
3134  htiAppLogs = TreeViewAddItem(hwndTreeView, NULL, szTemp, 0, 1, (LPARAM)NULL);
3135  // "User Logs"
3136  LoadStringW(hInstance, IDS_EVENTLOG_USER, szTemp, ARRAYSIZE(szTemp));
3138 
3139  /* Create the Event details pane (optional) */
3141  if (hwndEventDetails)
3142  {
3146  nVSplitPos + SPLIT_WIDTH/2,
3147  nHSplitPos + SPLIT_WIDTH/2,
3148  (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3149  (rcClient.bottom - rcClient.top) - nHSplitPos - SPLIT_WIDTH/2 - StatusHeight,
3151  }
3152 
3153  /* Create the ListView */
3155  WC_LISTVIEWW,
3156  NULL,
3158  nVSplitPos + SPLIT_WIDTH/2,
3159  0,
3160  (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3161  hwndEventDetails && Settings.bShowDetailsPane
3162  ? nHSplitPos - SPLIT_WIDTH/2
3163  : (rcClient.bottom - rcClient.top) - StatusHeight,
3165  NULL,
3166  hInstance,
3167  NULL);
3168 
3169  /* Add the extended ListView styles */
3171 
3172  /* Create the ImageList */
3175  ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3176  1, 1);
3177 
3178  /* Add event type icons to the ImageList */
3184 
3185  /* Assign the ImageList to the List View */
3187 
3188  /* Now set up the listview with its columns */
3189  lvc.mask = LVCF_TEXT | LVCF_WIDTH;
3190  lvc.cx = 90;
3193  szTemp,
3194  ARRAYSIZE(szTemp));
3195  lvc.pszText = szTemp;
3197 
3198  lvc.cx = 70;
3201  szTemp,
3202  ARRAYSIZE(szTemp));
3203  lvc.pszText = szTemp;
3205 
3206  lvc.cx = 70;
3209  szTemp,
3210  ARRAYSIZE(szTemp));
3211  lvc.pszText = szTemp;
3213 
3214  lvc.cx = 150;
3217  szTemp,
3218  ARRAYSIZE(szTemp));
3219  lvc.pszText = szTemp;
3221 
3222  lvc.cx = 100;
3225  szTemp,
3226  ARRAYSIZE(szTemp));
3227  lvc.pszText = szTemp;
3229 
3230  lvc.cx = 60;
3233  szTemp,
3234  ARRAYSIZE(szTemp));
3235  lvc.pszText = szTemp;
3237 
3238  lvc.cx = 120;
3241  szTemp,
3242  ARRAYSIZE(szTemp));
3243  lvc.pszText = szTemp;
3245 
3246  lvc.cx = 100;
3249  szTemp,
3250  ARRAYSIZE(szTemp));
3251  lvc.pszText = szTemp;
3253 
3254  /* Initialize the save Dialog */
3255  ZeroMemory(&sfn, sizeof(sfn));
3257 
3259 
3260  sfn.lStructSize = sizeof(sfn);
3266  sfn.lpstrDefExt = NULL;
3267 
3268  ShowWindow(hwndMainWindow, Settings.wpPos.showCmd);
3270 
3271  return TRUE;
3272 }
#define STATUSCLASSNAMEW
Definition: commctrl.h:1908
HINSTANCE hInstance
Definition: commdlg.h:362
DWORD Flags
Definition: commdlg.h:373
#define TRUE
Definition: types.h:120
#define WC_TREEVIEWW
Definition: commctrl.h:3215
#define PBS_SMOOTH
Definition: commctrl.h:2152
LPCWSTR lpstrFilter
Definition: commdlg.h:363
#define LVCF_WIDTH
Definition: commctrl.h:2559
#define LVSIL_SMALL
Definition: commctrl.h:2271
#define LVCF_TEXT
Definition: commctrl.h:2560