ReactOS 0.4.16-dev-91-g764881a
eventvwr.c File Reference
#include "eventvwr.h"
#include "evtdetctl.h"
#include <sddl.h>
#include <shellapi.h>
#include <shlwapi.h>
#include <pseh/pseh2.h>
Include dependency graph for eventvwr.c:

Go to the source code of this file.

Classes

struct  _SETTINGS
 
struct  param_strings_format_data
 

Macros

#define LVM_PROGRESS   (WM_APP + 1)
 
#define EVENT_MESSAGE_EVENTTEXT_BUFFER   (1024*10)
 
#define EVENT_MESSAGE_FILE_BUFFER   (1024*10)
 
#define EVENT_DLL_SEPARATOR   L";"
 
#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"
 
#define EVENT_MESSAGE_FILE   L"EventMessageFile"
 
#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"
 
#define MAX_LOADSTRING   255
 
#define SPLIT_WIDTH   4
 

Typedefs

typedef struct _SETTINGS SETTINGS
 
typedef struct _SETTINGSPSETTINGS
 

Functions

static DWORD WINAPI StartStopEnumEventsThread (IN LPVOID lpParameter)
 
VOID OpenUserEventLogFile (IN LPCWSTR lpszFileName)
 
VOID BuildLogListAndFilterList (IN LPCWSTR lpComputerName)
 
VOID FreeLogList (VOID)
 
VOID FreeLogFilterList (VOID)
 
ATOM MyRegisterClass (HINSTANCE)
 
BOOL InitInstance (HINSTANCE)
 
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM)
 
INT_PTR EventLogProperties (HINSTANCE, HWND, PEVENTLOGFILTER)
 
INT_PTR CALLBACK EventDetails (HWND, UINT, WPARAM, LPARAM)
 
VOID ShowWin32Error (IN DWORD dwError)
 
VOID DisplayUsage (VOID)
 
BOOL ProcessCmdLine (IN LPWSTR lpCmdLine)
 
BOOL LoadSettings (int nDefCmdShow)
 
BOOL SaveSettings (VOID)
 
int APIENTRY wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
 
VOID EventTimeToSystemTime (IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
 
LPWSTR GetMessageStringFromDll (IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
LPWSTR GetMessageStringFromDllList (IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
DWORD ApplyParameterStringsToMessage (IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
 
UINT FormatInteger (LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
 
UINT FormatByteSize (LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
 
LPWSTR FormatFileSizeWithBytes (const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
 
BOOL GetFileTimeString (LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
 
HTREEITEM TreeViewAddItem (IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
 
PEVENTLOG AllocEventLog (IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
 
VOID EventLog_Free (IN PEVENTLOG EventLog)
 
PWSTR AllocAndCopyMultiStr (IN PCWSTR MultiStr OPTIONAL)
 
PEVENTLOGFILTER AllocEventLogFilter (IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
 
VOID EventLogFilter_Free (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_AddRef (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_Release (IN PEVENTLOGFILTER EventLogFilter)
 
void TrimNulls (LPWSTR s)
 
DWORD GetExpandedFilePathName (IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
 
BOOL GetEventMessageFileDLL (IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
 
BOOL GetEventCategory (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
 
BOOL GetEventMessage (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR EventText)
 
VOID GetEventType (IN WORD dwEventType, OUT PWCHAR eventTypeText)
 
BOOL GetEventUserName (IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
 
static VOID FreeRecords (VOID)
 
BOOL FilterByType (IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
 
BOOL FilterByString (IN PCWSTR FilterString, IN PWSTR String)
 
static DWORD WINAPI EnumEventsThread (IN LPVOID lpParameter)
 
VOID EnumEvents (IN PEVENTLOGFILTER EventLogFilter)
 
PEVENTLOGFILTER GetSelectedFilter (OUT HTREEITEM *phti OPTIONAL)
 
VOID OpenUserEventLog (VOID)
 
VOID SaveEventLog (IN PEVENTLOGFILTER EventLogFilter)
 
VOID CloseUserEventLog (IN PEVENTLOGFILTER EventLogFilter, IN HTREEITEM hti)
 
BOOL ClearEvents (IN PEVENTLOGFILTER EventLogFilter)
 
VOID Refresh (IN PEVENTLOGFILTER EventLogFilter)
 
BOOL GetDisplayNameFileAndID (IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
 
VOID ResizeWnd (INT cx, INT cy)
 
static VOID InitPropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
static VOID SavePropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
INT_PTR CALLBACK EventLogPropProc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 

Variables

static const LPCWSTR EVENTVWR_WNDCLASS = L"EVENTVWR"
 
static const LPCWSTR EVENTLOG_BASE_KEY = L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
 
static const LPCWSTR EVNTVWR_PARAM_KEY = L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Event Viewer"
 
static const LPCWSTR SystemLogs []
 
HINSTANCE hInst
 
WCHAR szTitle [MAX_LOADSTRING]
 
WCHAR szTitleTemplate [MAX_LOADSTRING]
 
WCHAR szStatusBarTemplate [MAX_LOADSTRING]
 
WCHAR szLoadingWait [MAX_LOADSTRING]
 
WCHAR szEmptyList [MAX_LOADSTRING]
 
WCHAR szSaveFilter [MAX_LOADSTRING]
 
INT nVSplitPos
 
INT nHSplitPos
 
BYTE bSplit = 0
 
HWND hwndMainWindow = NULL
 
HWND hwndTreeView
 
HWND hwndListView
 
HWND hwndEventDetails
 
HWND hwndStatus
 
HWND hwndStatusProgress
 
HMENU hMainMenu
 
HTREEITEM htiSystemLogs = NULL
 
HTREEITEM htiAppLogs = NULL
 
HTREEITEM htiUserLogs = NULL
 
LPWSTR lpComputerName = NULL
 
LPWSTR lpszzUserLogsToLoad = NULL
 
SIZE_T cbUserLogsSize = 0
 
HKEY hkMachine = NULL
 
DWORD g_TotalRecords = 0
 
PEVENTLOGRECORDg_RecordPtrs = NULL
 
LIST_ENTRY EventLogList
 
LIST_ENTRY EventLogFilterList
 
PEVENTLOGFILTER ActiveFilter = NULL
 
HANDLE hEnumEventsThread = NULL
 
HANDLE hStopEnumEvent = NULL
 
PEVENTLOGFILTER EnumFilter = NULL
 
HANDLE hStartStopEnumEvent = NULL
 
HANDLE hStartEnumEvent = NULL
 
OPENFILENAMEW sfn
 
SETTINGS Settings
 
static HWND hWndDetailsCtrl = NULL
 
static HWND hWndGrip = NULL
 
static INT cxMin
 
static INT cyMin
 
static INT cxOld
 
static INT cyOld
 

Macro Definition Documentation

◆ EVENT_CATEGORY_MESSAGE_FILE

#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"

Definition at line 39 of file eventvwr.c.

◆ EVENT_DLL_SEPARATOR

#define EVENT_DLL_SEPARATOR   L";"

Definition at line 38 of file eventvwr.c.

◆ EVENT_MESSAGE_EVENTTEXT_BUFFER

#define EVENT_MESSAGE_EVENTTEXT_BUFFER   (1024*10)

Definition at line 36 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE

#define EVENT_MESSAGE_FILE   L"EventMessageFile"

Definition at line 40 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE_BUFFER

#define EVENT_MESSAGE_FILE_BUFFER   (1024*10)

Definition at line 37 of file eventvwr.c.

◆ EVENT_PARAMETER_MESSAGE_FILE

#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"

Definition at line 41 of file eventvwr.c.

◆ LVM_PROGRESS

#define LVM_PROGRESS   (WM_APP + 1)

Definition at line 21 of file eventvwr.c.

◆ MAX_LOADSTRING

#define MAX_LOADSTRING   255

Definition at line 43 of file eventvwr.c.

◆ SPLIT_WIDTH

#define SPLIT_WIDTH   4

Definition at line 45 of file eventvwr.c.

Typedef Documentation

◆ PSETTINGS

◆ SETTINGS

Function Documentation

◆ AllocAndCopyMultiStr()

PWSTR AllocAndCopyMultiStr ( IN PCWSTR MultiStr  OPTIONAL)

Definition at line 1338 of file eventvwr.c.

1339{
1340 PWSTR pStr;
1341 ULONG Length;
1342
1343 if (!MultiStr)
1344 return NULL;
1345
1346 pStr = (PWSTR)MultiStr;
1347 while (*pStr) pStr += (wcslen(pStr) + 1);
1348 Length = MultiStr - pStr + 2;
1349
1350 pStr = HeapAlloc(GetProcessHeap(), 0, Length * sizeof(WCHAR));
1351 // NOTE: If we failed allocating the string, then fall back into no filter!
1352 if (pStr)
1353 CopyMemory(pStr, MultiStr, Length * sizeof(WCHAR));
1354
1355 return pStr;
1356}
#define NULL
Definition: types.h:112
#define GetProcessHeap()
Definition: compat.h:736
#define HeapAlloc
Definition: compat.h:733
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
uint16_t * PWSTR
Definition: typedefs.h:56
uint32_t ULONG
Definition: typedefs.h:59
#define CopyMemory
Definition: winbase.h:1710
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by AllocEventLogFilter().

◆ AllocEventLog()

PEVENTLOG AllocEventLog ( IN PCWSTR ComputerName  OPTIONAL,
IN PCWSTR  LogName,
IN BOOL  Permanent 
)

Definition at line 1283 of file eventvwr.c.

1286{
1287 PEVENTLOG EventLog;
1289
1290 /* Allocate a new event log entry */
1291 EventLog = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*EventLog));
1292 if (!EventLog)
1293 return NULL;
1294
1295 /* Allocate the computer name string (optional) and copy it */
1296 if (ComputerName)
1297 {
1298 cchName = wcslen(ComputerName) + 1;
1299 EventLog->ComputerName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1300 if (EventLog->ComputerName)
1301 StringCchCopyW(EventLog->ComputerName, cchName, ComputerName);
1302 }
1303
1304 /* Allocate the event log name string and copy it */
1305 cchName = wcslen(LogName) + 1;
1306 EventLog->LogName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1307 if (!EventLog->LogName)
1308 {
1309 if (EventLog->ComputerName)
1310 HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1311 HeapFree(GetProcessHeap(), 0, EventLog);
1312 return NULL;
1313 }
1314 StringCchCopyW(EventLog->LogName, cchName, LogName);
1315
1316 EventLog->Permanent = Permanent;
1317
1318 return EventLog;
1319}
#define HeapFree(x, y, z)
Definition: compat.h:735
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
PWSTR LogName
Definition: eventvwr.h:93
PWSTR ComputerName
Definition: eventvwr.h:90
BOOL Permanent
Definition: eventvwr.h:97
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2767

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ AllocEventLogFilter()

PEVENTLOGFILTER AllocEventLogFilter ( IN BOOL  Information,
IN BOOL  Warning,
IN BOOL  Error,
IN BOOL  AuditSuccess,
IN BOOL  AuditFailure,
IN PCWSTR Sources  OPTIONAL,
IN PCWSTR Users  OPTIONAL,
IN PCWSTR ComputerNames  OPTIONAL,
IN ULONG  NumOfEventLogs,
IN PEVENTLOG EventLogs 
)

Definition at line 1359 of file eventvwr.c.

1370{
1371 PEVENTLOGFILTER EventLogFilter;
1372
1373 /* Allocate a new event log filter entry, big enough to accommodate the list of logs */
1374 EventLogFilter = HeapAlloc(GetProcessHeap(),
1376 FIELD_OFFSET(EVENTLOGFILTER, EventLogs[NumOfEventLogs]));
1377 if (!EventLogFilter)
1378 return NULL;
1379
1380 EventLogFilter->Information = Information;
1381 EventLogFilter->Warning = Warning;
1382 EventLogFilter->Error = Error;
1383 EventLogFilter->AuditSuccess = AuditSuccess;
1384 EventLogFilter->AuditFailure = AuditFailure;
1385
1386 /* Allocate and copy the sources, users, and computers multi-strings */
1387 EventLogFilter->Sources = AllocAndCopyMultiStr(Sources);
1388 EventLogFilter->Users = AllocAndCopyMultiStr(Users);
1389 EventLogFilter->ComputerNames = AllocAndCopyMultiStr(ComputerNames);
1390
1391 /* Copy the list of event logs */
1392 EventLogFilter->NumOfEventLogs = NumOfEventLogs;
1393 CopyMemory(EventLogFilter->EventLogs, EventLogs, NumOfEventLogs * sizeof(PEVENTLOG));
1394
1395 /* Initialize the filter reference count */
1396 EventLogFilter->ReferenceCount = 1;
1397
1398 return EventLogFilter;
1399}
BOOL Error
Definition: chkdsk.c:66
PWSTR AllocAndCopyMultiStr(IN PCWSTR MultiStr OPTIONAL)
Definition: eventvwr.c:1338
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:138
ULONG NumOfEventLogs
Definition: eventvwr.h:137
BOOL AuditSuccess
Definition: eventvwr.h:120
BOOL Information
Definition: eventvwr.h:117
PWSTR ComputerNames
Definition: eventvwr.h:134
BOOL AuditFailure
Definition: eventvwr.h:121
LONG ReferenceCount
Definition: eventvwr.h:109
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1049

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ ApplyParameterStringsToMessage()

DWORD ApplyParameterStringsToMessage ( IN LPCWSTR  lpMessageDllList,
IN BOOL  bMessagePreFormatted,
IN CONST LPCWSTR  pMessage,
OUT LPWSTR pFinalMessage 
)

Definition at line 903 of file eventvwr.c.

908{
909 /*
910 * This code is heavily adapted from the MSDN example:
911 * https://msdn.microsoft.com/en-us/library/windows/desktop/bb427356.aspx
912 * with bugs removed.
913 */
914
916 DWORD dwParamCount = 0; // Number of insertion strings found in pMessage
917 size_t cchBuffer = 0; // Size of the buffer in characters
918 size_t cchParams = 0; // Number of characters in all the parameter strings
919 size_t cch = 0;
920 DWORD i = 0;
921 param_strings_format_data* pParamData = NULL; // Array of pointers holding information about each parameter string in pMessage
922 LPWSTR pTempMessage = (LPWSTR)pMessage;
923 LPWSTR pTempFinalMessage = NULL;
924
925 *pFinalMessage = NULL;
926
927 /* Determine the number of parameter insertion strings in pMessage */
928 if (bMessagePreFormatted)
929 {
930 while ((pTempMessage = wcschr(pTempMessage, L'%')))
931 {
932 pTempMessage++;
933 if (iswdigit(*pTempMessage))
934 {
935 dwParamCount++;
936 while (iswdigit(*++pTempMessage)) ;
937 }
938 }
939 }
940 else
941 {
942 while ((pTempMessage = wcsstr(pTempMessage, L"%%")))
943 {
944 pTempMessage += 2;
945 if (iswdigit(*pTempMessage))
946 {
947 dwParamCount++;
948 while (iswdigit(*++pTempMessage)) ;
949 }
950 }
951 }
952
953 /* If there are no parameter insertion strings in pMessage, just return */
954 if (dwParamCount == 0)
955 {
956 // *pFinalMessage = NULL;
957 goto Cleanup;
958 }
959
960 /* Allocate the array of parameter string format data */
961 pParamData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwParamCount * sizeof(param_strings_format_data));
962 if (!pParamData)
963 {
965 goto Cleanup;
966 }
967
968 /*
969 * Retrieve each parameter in pMessage and the beginning and end of the
970 * insertion string, as well as the message identifier of the parameter.
971 */
972 pTempMessage = (LPWSTR)pMessage;
973 if (bMessagePreFormatted)
974 {
975 while ((pTempMessage = wcschr(pTempMessage, L'%')) && (i < dwParamCount))
976 {
977 pTempMessage++;
978 if (iswdigit(*pTempMessage))
979 {
980 pParamData[i].pStartingAddress = pTempMessage-1;
981 pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
982
983 while (iswdigit(*++pTempMessage)) ;
984
985 pParamData[i].pEndingAddress = pTempMessage;
986 i++;
987 }
988 }
989 }
990 else
991 {
992 while ((pTempMessage = wcsstr(pTempMessage, L"%%")) && (i < dwParamCount))
993 {
994 pTempMessage += 2;
995 if (iswdigit(*pTempMessage))
996 {
997 pParamData[i].pStartingAddress = pTempMessage-2;
998 pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
999
1000 while (iswdigit(*++pTempMessage)) ;
1001
1002 pParamData[i].pEndingAddress = pTempMessage;
1003 i++;
1004 }
1005 }
1006 }
1007
1008 /* Retrieve each parameter string */
1009 for (i = 0; i < dwParamCount; i++)
1010 {
1011 // pParamData[i].pParameter = GetMessageString(pParamData[i].pParameterID, 0, NULL);
1012 pParamData[i].pParameter =
1013 GetMessageStringFromDllList(lpMessageDllList,
1016 pParamData[i].pParameterID,
1017 0, NULL);
1018 if (!pParamData[i].pParameter)
1019 {
1020 /* Skip the insertion string */
1021 continue;
1022 }
1023
1024 cchParams += wcslen(pParamData[i].pParameter);
1025 }
1026
1027 /*
1028 * Allocate the final message buffer, the size of which is based on the
1029 * length of the original message and the length of each parameter string.
1030 */
1031 cchBuffer = wcslen(pMessage) + cchParams + 1;
1032 *pFinalMessage = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cchBuffer * sizeof(WCHAR));
1033 if (!*pFinalMessage)
1034 {
1036 goto Cleanup;
1037 }
1038
1039 pTempFinalMessage = *pFinalMessage;
1040
1041 /* Build the final message string */
1042 pTempMessage = (LPWSTR)pMessage;
1043 for (i = 0; i < dwParamCount; i++)
1044 {
1045 /* Append the segment from pMessage */
1046 cch = pParamData[i].pStartingAddress - pTempMessage;
1047 StringCchCopyNW(pTempFinalMessage, cchBuffer, pTempMessage, cch);
1048 pTempMessage = pParamData[i].pEndingAddress;
1049 cchBuffer -= cch;
1050 pTempFinalMessage += cch;
1051
1052 /* Append the parameter string */
1053 if (pParamData[i].pParameter)
1054 {
1055 StringCchCopyW(pTempFinalMessage, cchBuffer, pParamData[i].pParameter);
1056 cch = wcslen(pParamData[i].pParameter); // pTempFinalMessage
1057 }
1058 else
1059 {
1060 /*
1061 * We failed to retrieve the parameter string before, so just
1062 * place back the original string placeholder.
1063 */
1064 cch = pParamData[i].pEndingAddress /* == pTempMessage */ - pParamData[i].pStartingAddress;
1065 StringCchCopyNW(pTempFinalMessage, cchBuffer, pParamData[i].pStartingAddress, cch);
1066 // cch = wcslen(pTempFinalMessage);
1067 }
1068 cchBuffer -= cch;
1069 pTempFinalMessage += cch;
1070 }
1071
1072 /* Append the last segment from pMessage */
1073 StringCchCopyW(pTempFinalMessage, cchBuffer, pTempMessage);
1074
1075Cleanup:
1076
1077 // if (Status != ERROR_SUCCESS)
1078 // *pFinalMessage = NULL;
1079
1080 if (pParamData)
1081 {
1082 for (i = 0; i < dwParamCount; i++)
1083 {
1084 if (pParamData[i].pParameter)
1085 LocalFree(pParamData[i].pParameter);
1086 }
1087
1088 HeapFree(GetProcessHeap(), 0, pParamData);
1089 }
1090
1091 return Status;
1092}
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13
#define ERROR_SUCCESS
Definition: deptool.c:10
#define wcschr
Definition: compat.h:17
static DWORD cchBuffer
Definition: fusion.c:85
static const WCHAR Cleanup[]
Definition: register.c:80
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:842
unsigned long DWORD
Definition: ntddk_ex.h:95
Status
Definition: gdiplustypes.h:25
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
#define iswdigit(_c)
Definition: ctype.h:667
_Check_return_ _CRTIMP long __cdecl _wtol(_In_z_ const wchar_t *_Str)
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
static DWORD DWORD void LPSTR DWORD cch
Definition: str.c:202
#define DWORD
Definition: nt_native.h:44
#define L(x)
Definition: ntvdm.h:50
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:425
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:420
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:419
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:422
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by GetEventMessage().

◆ BuildLogListAndFilterList()

VOID BuildLogListAndFilterList ( IN LPCWSTR  lpComputerName)

Definition at line 2789 of file eventvwr.c.

2790{
2791 LONG Result;
2792 HKEY hEventLogKey, hLogKey;
2793 DWORD dwNumLogs = 0;
2794 DWORD dwIndex, dwMaxKeyLength;
2795 DWORD dwType;
2796 PEVENTLOG EventLog;
2797 PEVENTLOGFILTER EventLogFilter;
2798 LPWSTR LogName = NULL;
2800 DWORD lpcName;
2801 DWORD dwMessageID;
2803 HTREEITEM hRootNode = NULL, hItem = NULL, hItemDefault = NULL;
2804
2806 {
2807 /* We are connected to some other computer, close the old connection */
2809 hkMachine = NULL;
2810 }
2812 {
2813 /* Use the local computer registry */
2815 }
2816 else
2817 {
2818 /* Connect to the remote computer registry */
2820 if (Result != ERROR_SUCCESS)
2821 {
2822 /* Connection failed, display a message and bail out */
2823 hkMachine = NULL;
2825 return;
2826 }
2827 }
2828
2829 /* Open the EventLog key */
2831 if (Result != ERROR_SUCCESS)
2832 {
2833 return;
2834 }
2835
2836 /* Retrieve the number of event logs enumerated as registry keys */
2837 Result = RegQueryInfoKeyW(hEventLogKey, NULL, NULL, NULL, &dwNumLogs, &dwMaxKeyLength,
2838 NULL, NULL, NULL, NULL, NULL, NULL);
2839 if (Result != ERROR_SUCCESS)
2840 {
2841 goto Quit;
2842 }
2843 if (!dwNumLogs)
2844 goto Quit;
2845
2846 /* Take the NULL terminator into account */
2847 ++dwMaxKeyLength;
2848
2849 /* Allocate the temporary buffer */
2850 LogName = HeapAlloc(GetProcessHeap(), 0, dwMaxKeyLength * sizeof(WCHAR));
2851 if (!LogName)
2852 goto Quit;
2853
2854 /* Enumerate and retrieve each event log name */
2855 for (dwIndex = 0; dwIndex < dwNumLogs; dwIndex++)
2856 {
2857 lpcName = dwMaxKeyLength;
2858 Result = RegEnumKeyExW(hEventLogKey, dwIndex, LogName, &lpcName, NULL, NULL, NULL, NULL);
2859 if (Result != ERROR_SUCCESS)
2860 continue;
2861
2862 /* Take the NULL terminator into account */
2863 ++lpcName;
2864
2865 /* Allocate a new event log entry */
2866 EventLog = AllocEventLog(lpComputerName, LogName, TRUE);
2867 if (EventLog == NULL)
2868 continue;
2869
2870 /* Allocate a new event log filter entry for this event log */
2871 EventLogFilter = AllocEventLogFilter(// LogName,
2872 TRUE, TRUE, TRUE, TRUE, TRUE,
2873 NULL, NULL, NULL,
2874 1, &EventLog);
2875 if (EventLogFilter == NULL)
2876 {
2877 EventLog_Free(EventLog);
2878 continue;
2879 }
2880
2881 /* Add the event log and the filter into their lists */
2883 InsertTailList(&EventLogFilterList, &EventLogFilter->ListEntry);
2884
2885 EventLog->FileName = NULL;
2886
2887 /* Retrieve and cache the event log file */
2888 Result = RegOpenKeyExW(hEventLogKey,
2889 LogName,
2890 0,
2892 &hLogKey);
2893 if (Result == ERROR_SUCCESS)
2894 {
2895 lpcName = 0;
2896 Result = RegQueryValueExW(hLogKey,
2897 L"File",
2898 NULL,
2899 &dwType,
2900 NULL,
2901 &lpcName);
2902 if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2903 {
2904 // Windows' EventLog uses some kind of default value, we do not.
2905 EventLog->FileName = NULL;
2906 }
2907 else
2908 {
2909 lpcName = ROUND_DOWN(lpcName, sizeof(WCHAR));
2910 EventLog->FileName = HeapAlloc(GetProcessHeap(), 0, lpcName);
2911 if (EventLog->FileName)
2912 {
2913 Result = RegQueryValueExW(hLogKey,
2914 L"File",
2915 NULL,
2916 &dwType,
2917 (LPBYTE)EventLog->FileName,
2918 &lpcName);
2919 if (Result != ERROR_SUCCESS)
2920 {
2921 HeapFree(GetProcessHeap(), 0, EventLog->FileName);
2922 EventLog->FileName = NULL;
2923 }
2924 else
2925 {
2926 EventLog->FileName[lpcName / sizeof(WCHAR) - 1] = UNICODE_NULL;
2927 }
2928 }
2929 }
2930
2931 RegCloseKey(hLogKey);
2932 }
2933
2934 /* Get the display name for the event log */
2936
2938 if (GetDisplayNameFileAndID(LogName, szModuleName, &dwMessageID))
2939 {
2940 /* Retrieve the message string without appending extra newlines */
2945 dwMessageID,
2946 0,
2947 NULL);
2948 }
2949
2950 /*
2951 * Select the correct tree root node, whether the log is a System
2952 * or an Application log. Default to Application log otherwise.
2953 */
2954 hRootNode = htiAppLogs;
2955 for (lpcName = 0; lpcName < ARRAYSIZE(SystemLogs); ++lpcName)
2956 {
2957 /* Check whether the log name is part of the system logs */
2958 if (wcsicmp(LogName, SystemLogs[lpcName]) == 0)
2959 {
2960 hRootNode = htiSystemLogs;
2961 break;
2962 }
2963 }
2964
2965 hItem = TreeViewAddItem(hwndTreeView, hRootNode,
2966 (lpDisplayName ? lpDisplayName : LogName),
2967 2, 3, (LPARAM)EventLogFilter);
2968
2969 /* Try to get the default event log: "Application" */
2970 if ((hItemDefault == NULL) && (wcsicmp(LogName, SystemLogs[0]) == 0))
2971 {
2972 hItemDefault = hItem;
2973 }
2974
2975 /* Free the buffer allocated by FormatMessage */
2976 if (lpDisplayName)
2978 }
2979
2980 HeapFree(GetProcessHeap(), 0, LogName);
2981
2982Quit:
2983 RegCloseKey(hEventLogKey);
2984
2985 /* Select the default event log */
2986 if (hItemDefault)
2987 {
2988 // TreeView_Expand(hwndTreeView, hRootNode, TVE_EXPAND);
2989 TreeView_SelectItem(hwndTreeView, hItemDefault);
2990 TreeView_EnsureVisible(hwndTreeView, hItemDefault);
2991 }
2994
2995 return;
2996}
#define RegCloseKey(hKey)
Definition: registry.h:49
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3333
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2504
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3662
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4103
#define MAX_PATH
Definition: compat.h:34
#define wcsicmp
Definition: compat.h:15
#define InsertTailList(ListHead, Entry)
static const LPCWSTR SystemLogs[]
Definition: eventvwr.c:28
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:140
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1322
PEVENTLOG AllocEventLog(IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
Definition: eventvwr.c:1283
HTREEITEM htiAppLogs
Definition: eventvwr.c:72
BOOL GetDisplayNameFileAndID(IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
Definition: eventvwr.c:2709
LPWSTR lpComputerName
Definition: eventvwr.c:74
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:738
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:86
HKEY hkMachine
Definition: eventvwr.c:78
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:24
HWND hwndTreeView
Definition: eventvwr.c:65
LIST_ENTRY EventLogList
Definition: eventvwr.c:85
HTREEITEM TreeViewAddItem(IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
Definition: eventvwr.c:1253
PEVENTLOGFILTER AllocEventLogFilter(IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
Definition: eventvwr.c:1359
HTREEITEM htiSystemLogs
Definition: eventvwr.c:72
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:33
#define REG_SZ
Definition: layer.c:22
LPCWSTR LPCWSTR szModuleName
Definition: env.c:37
#define KEY_READ
Definition: nt_native.h:1023
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define UNICODE_NULL
long LONG
Definition: pedump.c:60
#define TreeView_SelectItem(hwnd, hitem)
Definition: commctrl.h:3486
#define TreeView_EnsureVisible(hwnd, hitem)
Definition: commctrl.h:3550
LIST_ENTRY ListEntry
Definition: eventvwr.h:107
PWSTR FileName
Definition: eventvwr.h:94
LIST_ENTRY ListEntry
Definition: eventvwr.h:86
HTREEITEM hItem
Definition: treelist.h:37
unsigned char * LPBYTE
Definition: typedefs.h:53
#define ZeroMemory
Definition: winbase.h:1712
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2790
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
LONG_PTR LPARAM
Definition: windef.h:208
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define RegConnectRegistry
Definition: winreg.h:495
HWND WINAPI SetFocus(_In_opt_ HWND)
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409

Referenced by wWinMain().

◆ ClearEvents()

BOOL ClearEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2612 of file eventvwr.c.

2613{
2614 BOOL Success;
2615 PEVENTLOG EventLog;
2616 HANDLE hEventLog;
2617 WCHAR szFileName[MAX_PATH];
2618 WCHAR szMessage[MAX_LOADSTRING];
2619
2620 /* Bail out if there is no available filter */
2621 if (!EventLogFilter)
2622 return FALSE;
2623
2624 ZeroMemory(szFileName, sizeof(szFileName));
2625 ZeroMemory(szMessage, sizeof(szMessage));
2626
2627 LoadStringW(hInst, IDS_CLEAREVENTS_MSG, szMessage, ARRAYSIZE(szMessage));
2628
2629 sfn.lpstrFile = szFileName;
2630 sfn.nMaxFile = ARRAYSIZE(szFileName);
2631
2633 {
2634 case IDCANCEL:
2635 return FALSE;
2636
2637 case IDNO:
2638 sfn.lpstrFile = NULL;
2639 break;
2640
2641 case IDYES:
2642 if (!GetSaveFileNameW(&sfn))
2643 return FALSE;
2644 break;
2645 }
2646
2647 EventLogFilter_AddRef(EventLogFilter);
2648
2649 EventLog = EventLogFilter->EventLogs[0];
2650 hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2651
2652 EventLogFilter_Release(EventLogFilter);
2653
2654 if (!hEventLog)
2655 {
2657 return FALSE;
2658 }
2659
2660 Success = ClearEventLogW(hEventLog, sfn.lpstrFile);
2661 if (!Success)
2663
2664 CloseEventLog(hEventLog);
2665 return Success;
2666}
#define IDS_CLEAREVENTS_MSG
Definition: resource.h:105
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
BOOL WINAPI GetSaveFileNameW(LPOPENFILENAMEW ofn)
Definition: filedlg.c:4801
@ Success
Definition: eventcreate.c:712
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1422
#define MAX_LOADSTRING
Definition: eventvwr.c:43
HINSTANCE hInst
Definition: eventvwr.c:48
OPENFILENAMEW sfn
Definition: eventvwr.c:101
HWND hwndMainWindow
Definition: eventvwr.c:64
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:49
unsigned int BOOL
Definition: ntddk_ex.h:94
LPWSTR lpstrFile
Definition: commdlg.h:367
DWORD nMaxFile
Definition: commdlg.h:368
#define IDCANCEL
Definition: winuser.h:834
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
#define IDNO
Definition: winuser.h:839
#define MB_ICONINFORMATION
Definition: winuser.h:805
#define IDYES
Definition: winuser.h:838
#define MB_YESNOCANCEL
Definition: winuser.h:821

Referenced by EventLogPropProc(), and WndProc().

◆ CloseUserEventLog()

VOID CloseUserEventLog ( IN PEVENTLOGFILTER  EventLogFilter,
IN HTREEITEM  hti 
)

Definition at line 2577 of file eventvwr.c.

2578{
2579 /* Bail out if there is no available filter */
2580 if (!EventLogFilter)
2581 return;
2582
2583 if (InterlockedCompareExchangePointer((PVOID*)&ActiveFilter, NULL, NULL) == EventLogFilter)
2584 {
2585 /* Signal the enumerator thread we want to stop enumerating events */
2586 // EnumEvents(NULL);
2589 }
2590
2591 /*
2592 * The deletion of the item automatically triggers a TVN_SELCHANGED
2593 * notification, that will reset the ActiveFilter (in case the item
2594 * selected is a filter). Otherwise we reset it there.
2595 */
2597
2598 /* Remove the filter from the list */
2599 RemoveEntryList(&EventLogFilter->ListEntry);
2600 EventLogFilter_Release(EventLogFilter);
2601
2602 // /* Select the default event log */
2603 // // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2604 // TreeView_SelectItem(hwndTreeView, hItem);
2605 // TreeView_EnsureVisible(hwndTreeView, hItem);
2608}
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
#define RemoveEntryList(Entry)
Definition: env_spec_w32.h:986
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:87
HANDLE hStartEnumEvent
Definition: eventvwr.c:98
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:96
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
#define TreeView_DeleteItem(hwnd, hitem)
Definition: commctrl.h:3420
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:733

Referenced by WndProc().

◆ DisplayUsage()

VOID DisplayUsage ( VOID  )

Definition at line 164 of file eventvwr.c.

165{
167 LPCWSTR lpUsage;
168 INT iUsageLen = LoadStringW(hInst, IDS_USAGE, (LPWSTR)&lpUsage, 0);
169
170 if (iUsageLen == 0)
171 return;
172
173 lpBuffer = HeapAlloc(GetProcessHeap(), 0, (iUsageLen + 1) * sizeof(WCHAR));
174 if (!lpBuffer)
175 return;
176
177 StringCchCopyNW(lpBuffer, iUsageLen + 1, lpUsage, iUsageLen);
179
181}
#define IDS_USAGE
Definition: resource.h:3
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:175
int32_t INT
Definition: typedefs.h:58
#define MB_OK
Definition: winuser.h:793
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185

Referenced by ProcessCmdLine().

◆ EnumEvents()

VOID EnumEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2422 of file eventvwr.c.

2423{
2424 /* Signal the enumerator thread we want to enumerate events */
2425 InterlockedExchangePointer((PVOID*)&EnumFilter, EventLogFilter);
2427 return;
2428}

Referenced by Refresh(), and WndProc().

◆ EnumEventsThread()

static DWORD WINAPI EnumEventsThread ( IN LPVOID  lpParameter)
static

HACK!!

Definition at line 1962 of file eventvwr.c.

1963{
1964 PEVENTLOGFILTER EventLogFilter = (PEVENTLOGFILTER)lpParameter;
1965 PEVENTLOG EventLog;
1966
1967 ULONG LogIndex;
1968 HANDLE hEventLog;
1969 PEVENTLOGRECORD pEvlr = NULL;
1970 PBYTE pEvlrEnd;
1971 PBYTE pEvlrBuffer;
1972 DWORD dwWanted, dwRead, dwNeeded, dwStatus = ERROR_SUCCESS;
1973 DWORD dwTotalRecords = 0, dwCurrentRecord = 0;
1974 DWORD dwFlags, dwMaxLength;
1975 size_t cchRemaining;
1976 LPWSTR lpszSourceName;
1977 LPWSTR lpszComputerName;
1978 BOOL bResult = TRUE; /* Read succeeded */
1980 PSID pLastSid = NULL;
1981
1982 UINT uStep = 0, uStepAt = 0, uPos = 0;
1983
1984 WCHAR szWindowTitle[MAX_PATH];
1985 WCHAR szStatusText[MAX_PATH];
1986 WCHAR szLocalDate[MAX_PATH];
1987 WCHAR szLocalTime[MAX_PATH];
1988 WCHAR szEventID[MAX_PATH];
1989 WCHAR szEventTypeText[MAX_LOADSTRING];
1990 WCHAR szCategoryID[MAX_PATH];
1991 WCHAR szUsername[MAX_PATH];
1992 WCHAR szNoUsername[MAX_PATH];
1993 WCHAR szCategory[MAX_PATH];
1994 WCHAR szNoCategory[MAX_PATH];
1995 PWCHAR lpTitleTemplateEnd;
1996
1998 LVITEMW lviEventItem;
1999
2000 /* Save the current event log filter globally */
2001 EventLogFilter_AddRef(EventLogFilter);
2002 ActiveFilter = EventLogFilter;
2003
2004
2006 EventLog = EventLogFilter->EventLogs[0];
2007
2008 // FIXME: Use something else instead of EventLog->LogName !!
2009
2010 /*
2011 * Use a different formatting, whether the event log filter holds
2012 * only one log, or many logs (the latter case is WIP TODO!)
2013 */
2014 if (EventLogFilter->NumOfEventLogs <= 1)
2015 {
2016 StringCchPrintfExW(szWindowTitle,
2017 ARRAYSIZE(szWindowTitle),
2018 &lpTitleTemplateEnd,
2019 &cchRemaining,
2020 0,
2021 szTitleTemplate, szTitle, EventLog->LogName); /* i = number of characters written */
2022 dwMaxLength = (DWORD)cchRemaining;
2023 if (!EventLog->ComputerName)
2024 GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
2025 else
2026 StringCchCopyW(lpTitleTemplateEnd, dwMaxLength, EventLog->ComputerName);
2027
2028 StringCbPrintfW(szStatusText,
2029 sizeof(szStatusText),
2031 EventLog->LogName,
2032 0,
2033 0);
2034 }
2035 else
2036 {
2037 // TODO: Use a different title & implement filtering for multi-log filters !!
2038 // (EventLogFilter->NumOfEventLogs > 1)
2040 L"Many-logs filtering is not implemented yet!!",
2041 szTitle,
2043 }
2044
2045 /* Set the window title */
2046 SetWindowTextW(hwndMainWindow, szWindowTitle);
2047
2048 /* Update the status bar */
2049 StatusBar_SetText(hwndStatus, 0, szStatusText);
2050
2051
2052 /* Disable list view redraw */
2054
2055 /* Clear the list view and free the cached records */
2057 FreeRecords();
2058
2063
2064 /* Do a loop over the logs enumerated in the filter */
2065 // FIXME: For now we only support 1 event log per filter!
2066 LogIndex = 0;
2067 // for (LogIndex = 0; LogIndex < EventLogFilter->NumOfEventLogs; ++LogIndex)
2068 {
2069
2070 EventLog = EventLogFilter->EventLogs[LogIndex];
2071
2072 /* Open the event log */
2073 if (EventLog->Permanent)
2074 hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2075 else
2076 hEventLog = OpenBackupEventLogW(EventLog->ComputerName, EventLog->LogName); // FileName
2077
2078 if (hEventLog == NULL)
2079 {
2081 goto Cleanup;
2082 }
2083
2084 // GetOldestEventLogRecord(hEventLog, &dwThisRecord);
2085
2086 /* Get the total number of event log records */
2087 GetNumberOfEventLogRecords(hEventLog, &dwTotalRecords);
2088
2089 if (dwTotalRecords > 0)
2090 {
2093 }
2094 else
2095 {
2098 }
2099
2100 /* Set up the event records cache */
2101 g_RecordPtrs = HeapAlloc(hProcessHeap, HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(*g_RecordPtrs));
2102 if (!g_RecordPtrs)
2103 {
2104 // ShowWin32Error(GetLastError());
2105 goto Quit;
2106 }
2107 g_TotalRecords = dwTotalRecords;
2108
2110 goto Quit;
2111
2112 LoadStringW(hInst, IDS_NOT_AVAILABLE, szNoUsername, ARRAYSIZE(szNoUsername));
2113 LoadStringW(hInst, IDS_NONE, szNoCategory, ARRAYSIZE(szNoCategory));
2114
2116 uStepAt = (dwTotalRecords / 100) + 1;
2117
2119
2120 /* 0x7ffff is the maximum buffer size ReadEventLog will accept */
2121 dwWanted = 0x7ffff;
2122 pEvlr = HeapAlloc(hProcessHeap, 0, dwWanted);
2123
2124 if (!pEvlr)
2125 goto Quit;
2126
2127 while (dwStatus == ERROR_SUCCESS)
2128 {
2129 bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwWanted, &dwRead, &dwNeeded);
2131
2132 if (!bResult && dwStatus == ERROR_INSUFFICIENT_BUFFER)
2133 {
2134 pEvlr = HeapReAlloc(hProcessHeap, 0, pEvlr, dwNeeded);
2135 dwWanted = dwNeeded;
2136
2137 if (!pEvlr)
2138 break;
2139
2140 bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwNeeded, &dwRead, &dwNeeded);
2141
2142 if (!bResult)
2143 break;
2144 }
2145 else if (!bResult)
2146 {
2147 /* Exit on other errors (ERROR_HANDLE_EOF) */
2148 break;
2149 }
2150
2151 pEvlrBuffer = (LPBYTE)pEvlr;
2152 pEvlrEnd = pEvlrBuffer + dwRead;
2153
2154 while (pEvlrBuffer < pEvlrEnd)
2155 {
2156 PEVENTLOGRECORD pEvlrTmp = (PEVENTLOGRECORD)pEvlrBuffer;
2157 PWSTR lpszUsername, lpszCategoryName;
2158 g_RecordPtrs[dwCurrentRecord] = NULL;
2159
2160 // ProgressBar_StepIt(hwndStatusProgress);
2161 uStep++;
2162 if (uStep % uStepAt == 0)
2163 {
2164 ++uPos;
2166 }
2167
2169 goto Quit;
2170
2171 /* Filter by event type */
2172 if (!FilterByType(EventLogFilter, pEvlrTmp))
2173 goto SkipEvent;
2174
2175 /* Get the event source name and filter it */
2176 lpszSourceName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD));
2177 if (!FilterByString(EventLogFilter->Sources, lpszSourceName))
2178 goto SkipEvent;
2179
2180 /* Get the computer name and filter it */
2181 lpszComputerName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD) + (wcslen(lpszSourceName) + 1) * sizeof(WCHAR));
2182 if (!FilterByString(EventLogFilter->ComputerNames, lpszComputerName))
2183 goto SkipEvent;
2184
2185 /* Compute the event time */
2187 GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, ARRAYSIZE(szLocalDate));
2188 GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &time, NULL, szLocalTime, ARRAYSIZE(szLocalTime));
2189
2190 /* Get the username that generated the event, and filter it */
2191 lpszUsername = GetEventUserName(pEvlrTmp, &pLastSid, szUsername) ? szUsername : szNoUsername;
2192
2193 if (!FilterByString(EventLogFilter->Users, lpszUsername))
2194 goto SkipEvent;
2195
2196 // TODO: Filter by event ID and category
2197 GetEventType(pEvlrTmp->EventType, szEventTypeText);
2198
2199 lpszCategoryName = GetEventCategory(EventLog->LogName, lpszSourceName, pEvlrTmp, szCategory) ? szCategory : szNoCategory;
2200
2201 StringCbPrintfW(szEventID, sizeof(szEventID), L"%u", (pEvlrTmp->EventID & 0xFFFF));
2202 StringCbPrintfW(szCategoryID, sizeof(szCategoryID), L"%u", pEvlrTmp->EventCategory);
2203
2204 g_RecordPtrs[dwCurrentRecord] = HeapAlloc(hProcessHeap, 0, pEvlrTmp->Length);
2205 CopyMemory(g_RecordPtrs[dwCurrentRecord], pEvlrTmp, pEvlrTmp->Length);
2206
2207 lviEventItem.mask = LVIF_IMAGE | LVIF_TEXT | LVIF_PARAM;
2208 lviEventItem.iItem = 0;
2209 lviEventItem.iSubItem = 0;
2210 lviEventItem.lParam = (LPARAM)g_RecordPtrs[dwCurrentRecord];
2211 lviEventItem.pszText = szEventTypeText;
2212
2213 switch (pEvlrTmp->EventType)
2214 {
2215 case EVENTLOG_SUCCESS:
2217 lviEventItem.iImage = 0;
2218 break;
2219
2221 lviEventItem.iImage = 1;
2222 break;
2223
2225 lviEventItem.iImage = 2;
2226 break;
2227
2229 lviEventItem.iImage = 3;
2230 break;
2231
2233 lviEventItem.iImage = 4;
2234 break;
2235 }
2236
2237 lviEventItem.iItem = ListView_InsertItem(hwndListView, &lviEventItem);
2238
2239 ListView_SetItemText(hwndListView, lviEventItem.iItem, 1, szLocalDate);
2240 ListView_SetItemText(hwndListView, lviEventItem.iItem, 2, szLocalTime);
2241 ListView_SetItemText(hwndListView, lviEventItem.iItem, 3, lpszSourceName);
2242 ListView_SetItemText(hwndListView, lviEventItem.iItem, 4, lpszCategoryName);
2243 ListView_SetItemText(hwndListView, lviEventItem.iItem, 5, szEventID);
2244 ListView_SetItemText(hwndListView, lviEventItem.iItem, 6, lpszUsername);
2245 ListView_SetItemText(hwndListView, lviEventItem.iItem, 7, lpszComputerName);
2246
2247SkipEvent:
2248 pEvlrBuffer += pEvlrTmp->Length;
2249 dwCurrentRecord++;
2250 }
2251 }
2252
2253Quit:
2254
2255 if (pEvlr)
2256 HeapFree(hProcessHeap, 0, pEvlr);
2257
2258 /* Close the event log */
2259 CloseEventLog(hEventLog);
2260
2261 } // end-for (LogIndex)
2262
2263 /* All events loaded */
2264
2265Cleanup:
2266
2269
2270 // FIXME: Use something else instead of EventLog->LogName !!
2271
2272 /*
2273 * Use a different formatting, whether the event log filter holds
2274 * only one log, or many logs (the latter case is WIP TODO!)
2275 */
2276 if (EventLogFilter->NumOfEventLogs <= 1)
2277 {
2278 StringCbPrintfW(szStatusText,
2279 sizeof(szStatusText),
2281 EventLog->LogName,
2282 dwTotalRecords,
2284 }
2285 else
2286 {
2287 // TODO: Use a different title & implement filtering for multi-log filters !!
2288 // (EventLogFilter->NumOfEventLogs > 1)
2289 }
2290
2291 /* Update the status bar */
2292 StatusBar_SetText(hwndStatus, 0, szStatusText);
2293
2294 /* Resume list view redraw */
2296
2297 EventLogFilter_Release(EventLogFilter);
2298
2301
2302 return 0;
2303}
#define IDS_NOT_AVAILABLE
Definition: resource.h:134
#define IDS_NONE
Definition: resource.h:133
#define IDM_SAVE_EVENTLOG
Definition: resource.h:76
#define IDM_CLEAR_EVENTS
Definition: resource.h:78
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
#define CloseHandle
Definition: compat.h:739
#define HeapReAlloc
Definition: compat.h:734
BOOL GetEventCategory(IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
Definition: eventvwr.c:1589
HANDLE hStopEnumEvent
Definition: eventvwr.c:90
VOID EventTimeToSystemTime(IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
Definition: eventvwr.c:713
BOOL FilterByString(IN PCWSTR FilterString, IN PWSTR String)
Definition: eventvwr.c:1905
#define LVM_PROGRESS
Definition: eventvwr.c:21
WCHAR szTitleTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:50
WCHAR szStatusBarTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:51
HMENU hMainMenu
Definition: eventvwr.c:70
BOOL FilterByType(IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
Definition: eventvwr.c:1889
HWND hwndStatus
Definition: eventvwr.c:68
BOOL GetEventUserName(IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
Definition: eventvwr.c:1800
DWORD g_TotalRecords
Definition: eventvwr.c:81
VOID GetEventType(IN WORD dwEventType, OUT PWCHAR eventTypeText)
Definition: eventvwr.c:1770
static VOID FreeRecords(VOID)
Definition: eventvwr.c:1871
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:82
HWND hwndStatusProgress
Definition: eventvwr.c:69
HWND hwndListView
Definition: eventvwr.c:66
#define ProgressBar_SetRange(hwndCtl, range)
Definition: eventvwr.h:60
#define ProgressBar_SetPos(hwndCtl, pos)
Definition: eventvwr.h:58
#define StatusBar_SetText(hwndCtl, index, data)
Definition: eventvwr.h:69
struct _EVENTLOGFILTER * PEVENTLOGFILTER
HANDLE hProcessHeap
Definition: kbswitch.c:37
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1093
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:993
__u16 time
Definition: mkdosfs.c:8
unsigned int UINT
Definition: ndis.h:50
#define LOCALE_USER_DEFAULT
BYTE * PBYTE
Definition: pedump.c:66
#define ListView_InsertItem(hwnd, pitem)
Definition: commctrl.h:2413
#define ListView_GetItemCount(hwnd)
Definition: commctrl.h:2312
#define LVIF_PARAM
Definition: commctrl.h:2316
#define ListView_DeleteAllItems(hwnd)
Definition: commctrl.h:2419
#define ListView_SetItemText(hwndLV, i, iSubItem_, pszText_)
Definition: commctrl.h:2696
#define LVIF_TEXT
Definition: commctrl.h:2314
#define LVIF_IMAGE
Definition: commctrl.h:2315
DWORD dwStatus
Definition: mediaobj.idl:95
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
STRSAFEAPI StringCbPrintfW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:557
LPWSTR pszText
Definition: commctrl.h:2370
int iSubItem
Definition: commctrl.h:2367
UINT mask
Definition: commctrl.h:2365
LPARAM lParam
Definition: commctrl.h:2373
int iImage
Definition: commctrl.h:2372
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
uint16_t * PWCHAR
Definition: typedefs.h:56
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_POWER_POLICY_IDLE_SETTINGS Settings
Definition: wdfdevice.h:2595
#define WAIT_OBJECT_0
Definition: winbase.h:406
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1176
#define DATE_SHORTDATE
Definition: winnls.h:196
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2834
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2828
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2838
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2836
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2837
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2831
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2833
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2830
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2835
struct _EVENTLOGRECORD * PEVENTLOGRECORD
#define SW_HIDE
Definition: winuser.h:771
#define MF_BYCOMMAND
Definition: winuser.h:202
#define MAKELPARAM(l, h)
Definition: winuser.h:4011
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
BOOL WINAPI SetWindowTextW(_In_ HWND, _In_opt_ LPCWSTR)
#define MF_ENABLED
Definition: winuser.h:128
#define SW_SHOW
Definition: winuser.h:778
BOOL WINAPI EnableMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
#define MF_GRAYED
Definition: winuser.h:129
#define WM_SETREDRAW
Definition: winuser.h:1619

Referenced by StartStopEnumEventsThread().

◆ EventDetails()

INT_PTR CALLBACK EventDetails ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4316 of file eventvwr.c.

4317{
4318 switch (uMsg)
4319 {
4320 case WM_INITDIALOG:
4321 {
4322 LONG_PTR dwStyle;
4323 RECT rcWnd, rect;
4324 INT iEventItem;
4325
4327 if (!hWndDetailsCtrl)
4328 {
4329 EndDialog(hDlg, 0);
4330 return (INT_PTR)TRUE;
4331 }
4332
4333 /* Create a size grip if the dialog has a sizing border */
4334 GetClientRect(hDlg, &rcWnd);
4335 dwStyle = GetWindowLongPtrW(hDlg, GWL_STYLE);
4336 if (dwStyle & WS_THICKFRAME /* == WS_SIZEBOX */)
4337 {
4338 INT sbVXSize = GetSystemMetrics(SM_CXVSCROLL);
4339 INT sbHYSize = GetSystemMetrics(SM_CYHSCROLL);
4340
4342 NULL,
4344 rcWnd.right - sbVXSize,
4345 rcWnd.bottom - sbHYSize,
4346 sbVXSize, sbHYSize,
4347 hDlg,
4348 NULL,
4349 hInst,
4350 NULL);
4351 }
4352
4353 // SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)hWndDetailsCtrl);
4354
4355 /*
4356 * Compute the minimum window size (in window coordinates) by
4357 * adding the widths/heights of the "Help" and "Close" buttons,
4358 * together with the margins, and add some minimal spacing
4359 * between the buttons.
4360 */
4361 GetWindowRect(hDlg, &rcWnd);
4362 cxMin = cyMin = 0;
4363
4365 cxMin += (rect.right - rect.left) + (rect.left - rcWnd.left); // == (rect.right - rcWnd.left);
4366 cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4367
4369 cxMin += (rect.right - rect.left) + (rcWnd.right - rect.right); // == (rcWnd.right - rect.left);
4370 cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4371
4372 /*
4373 * Convert the window rect from window to client coordinates
4374 * in order to retrieve the sizes of the left and top margins,
4375 * and add some extra space.
4376 */
4377 MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rcWnd, sizeof(RECT)/sizeof(POINT));
4378
4379 cxMin += -2*rcWnd.left; // Minimal spacing between the buttons == 2 * left margin
4380 cyMin += -rcWnd.top + 12; // Add some space on top
4381
4382 GetClientRect(hDlg, &rcWnd);
4383 cxOld = rcWnd.right - rcWnd.left;
4384 cyOld = rcWnd.bottom - rcWnd.top;
4385
4386 /* Show event info in dialog control */
4387 iEventItem = (lParam != 0 ? ((PEVENTDETAIL_INFO)lParam)->iEventItem : 0);
4389
4390 // SetWindowPos(hWndDetailsCtrl, NULL,
4391 // 0, 0,
4392 // (rcWnd.right - rcWnd.left),
4393 // (rcWnd.bottom - rcWnd.top),
4394 // SWP_NOZORDER | SWP_NOACTIVATE | SWP_SHOWWINDOW);
4395
4396 /*
4397 * Hide the placeholder static control and show the event details
4398 * control instead. Note that the placeholder is here so far just
4399 * to get the dimensions right in the dialog resource editor.
4400 * I plan to remove it and use a custom control with a suitable
4401 * window class for it, that would create the event details control
4402 * instead.
4403 */
4406 return (INT_PTR)TRUE;
4407 }
4408
4409 case WM_DESTROY:
4413 return (INT_PTR)TRUE;
4414
4415 case WM_COMMAND:
4416 switch (LOWORD(wParam))
4417 {
4418 case IDOK:
4419 case IDCANCEL:
4420 EndDialog(hDlg, LOWORD(wParam));
4421 return (INT_PTR)TRUE;
4422
4423 case IDHELP:
4424 MessageBoxW(hDlg,
4425 L"Help not implemented yet!",
4426 szTitle,
4428 return (INT_PTR)TRUE;
4429
4430 default:
4431 break;
4432 }
4433 break;
4434
4435 case WM_SETCURSOR:
4436 if (((HWND)wParam == hWndGrip) && (LOWORD(lParam) == HTCLIENT))
4437 {
4440 return (INT_PTR)TRUE;
4441 }
4442 break;
4443
4444 case WM_SIZING:
4445 {
4446 /* Forbid resizing the dialog smaller than its minimal size */
4447 PRECT dragRect = (PRECT)lParam;
4448
4449 if ((wParam == WMSZ_LEFT) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_BOTTOMLEFT))
4450 {
4451 if (dragRect->right - dragRect->left < cxMin)
4452 dragRect->left = dragRect->right - cxMin;
4453 }
4454
4456 {
4457 if (dragRect->right - dragRect->left < cxMin)
4458 dragRect->right = dragRect->left + cxMin;
4459 }
4460
4461 if ((wParam == WMSZ_TOP) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_TOPRIGHT))
4462 {
4463 if (dragRect->bottom - dragRect->top < cyMin)
4464 dragRect->top = dragRect->bottom - cyMin;
4465 }
4466
4468 {
4469 if (dragRect->bottom - dragRect->top < cyMin)
4470 dragRect->bottom = dragRect->top + cyMin;
4471 }
4472
4474 return (INT_PTR)TRUE;
4475 }
4476
4477 case WM_SIZE:
4478 {
4479 INT cx = LOWORD(lParam);
4480 INT cy = HIWORD(lParam);
4481
4482 HDWP hdwp;
4483 HWND hItemWnd;
4484 RECT rect;
4485
4486 hdwp = BeginDeferWindowPos(4);
4487
4488 /* Resize the event details control window */
4489
4490 hItemWnd = hWndDetailsCtrl;
4491 GetWindowRect(hItemWnd, &rect);
4492 MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4493
4494 if (hdwp)
4495 hdwp = DeferWindowPos(hdwp,
4496 hItemWnd,
4497 HWND_TOP,
4498 0, 0,
4499 (rect.right - rect.left) + (cx - cxOld),
4500 (rect.bottom - rect.top) + (cy - cyOld),
4502
4503 /* Move the buttons */
4504
4505 hItemWnd = GetDlgItem(hDlg, IDHELP);
4506 GetWindowRect(hItemWnd, &rect);
4507 MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4508
4509 if (hdwp)
4510 hdwp = DeferWindowPos(hdwp,
4511 hItemWnd,
4512 HWND_TOP,
4513 rect.left,
4514 rect.top + (cy - cyOld),
4515 0, 0,
4517
4518 hItemWnd = GetDlgItem(hDlg, IDOK);
4519 GetWindowRect(hItemWnd, &rect);
4520 MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4521
4522 if (hdwp)
4523 hdwp = DeferWindowPos(hdwp,
4524 hItemWnd,
4525 HWND_TOP,
4526 rect.left + (cx - cxOld),
4527 rect.top + (cy - cyOld),
4528 0, 0,
4530
4531 /* Move the size grip */
4532 if (hWndGrip && hdwp)
4533 {
4535 MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4536
4537 hdwp = DeferWindowPos(hdwp,
4538 hWndGrip,
4539 HWND_TOP,
4540 rect.left + (cx - cxOld),
4541 rect.top + (cy - cyOld),
4542 0, 0,
4544 }
4545
4546 if (hdwp)
4547 EndDeferWindowPos(hdwp);
4548
4549 /* Hide the size grip if we are in maximized mode */
4550 if (hWndGrip)
4552
4553 cxOld = cx;
4554 cyOld = cy;
4555
4557 return (INT_PTR)TRUE;
4558 }
4559 }
4560
4561 return (INT_PTR)FALSE;
4562}
#define IDC_STATIC
Definition: resource.h:4
WPARAM wParam
Definition: combotst.c:138
LPARAM lParam
Definition: combotst.c:139
static INT cxMin
Definition: eventvwr.c:4312
static INT cyMin
Definition: eventvwr.c:4312
static INT cxOld
Definition: eventvwr.c:4313
static HWND hWndGrip
Definition: eventvwr.c:4311
static HWND hWndDetailsCtrl
Definition: eventvwr.c:4310
static INT cyOld
Definition: eventvwr.c:4313
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:954
struct _EVENTDETAIL_INFO * PEVENTDETAIL_INFO
#define EVT_DISPLAY
Definition: evtdetctl.h:22
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define LOWORD(l)
Definition: pedump.c:82
#define WS_CHILD
Definition: pedump.c:617
#define WS_VISIBLE
Definition: pedump.c:620
#define WS_CLIPSIBLINGS
Definition: pedump.c:618
#define WS_THICKFRAME
Definition: pedump.c:630
_Out_opt_ int _Out_opt_ int * cy
Definition: commctrl.h:586
_Out_opt_ int * cx
Definition: commctrl.h:585
#define WC_SCROLLBARW
Definition: commctrl.h:4734
#define IDHELP
Definition: resource_2.h:8
& rect
Definition: startmenu.cpp:1413
LONG right
Definition: windef.h:308
LONG bottom
Definition: windef.h:309
LONG top
Definition: windef.h:307
LONG left
Definition: windef.h:306
int32_t INT_PTR
Definition: typedefs.h:64
#define HIWORD(l)
Definition: typedefs.h:247
#define PRECT
Definition: precomp.h:27
BOOL WINAPI IsWindow(_In_opt_ HWND)
#define SWP_NOACTIVATE
Definition: winuser.h:1245
#define GetWindowLongPtrW
Definition: winuser.h:4832
#define SBS_SIZEGRIP
Definition: winuser.h:332
#define WMSZ_BOTTOMRIGHT
Definition: winuser.h:2474
#define WMSZ_BOTTOMLEFT
Definition: winuser.h:2473
BOOL WINAPI GetWindowRect(_In_ HWND, _Out_ LPRECT)
#define SM_CXVSCROLL
Definition: winuser.h:964
#define WM_SIZE
Definition: winuser.h:1614
#define SWP_NOMOVE
Definition: winuser.h:1247
#define WM_COMMAND
Definition: winuser.h:1743
#define WMSZ_TOP
Definition: winuser.h:2469
#define IDC_SIZENWSE
Definition: winuser.h:692
HCURSOR WINAPI SetCursor(_In_opt_ HCURSOR)
#define SWP_NOSIZE
Definition: winuser.h:1248
#define WM_INITDIALOG
Definition: winuser.h:1742
BOOL WINAPI EndDeferWindowPos(_In_ HDWP)
HCURSOR WINAPI LoadCursorW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
Definition: cursoricon.c:2149
int WINAPI MapWindowPoints(_In_opt_ HWND hWndFrom, _In_opt_ HWND hWndTo, _Inout_updates_(cPoints) LPPOINT lpPoints, _In_ UINT cPoints)
#define WMSZ_LEFT
Definition: winuser.h:2467
#define SM_CYHSCROLL
Definition: winuser.h:965
HWND WINAPI GetDlgItem(_In_opt_ HWND, _In_ int)
#define IDOK
Definition: winuser.h:833
#define HWND_DESKTOP
Definition: winuser.h:1212
#define WMSZ_TOPLEFT
Definition: winuser.h:2470
BOOL WINAPI GetClientRect(_In_ HWND, _Out_ LPRECT)
#define HWND_TOP
Definition: winuser.h:1210
#define SIZE_MAXIMIZED
Definition: winuser.h:2510
#define WMSZ_TOPRIGHT
Definition: winuser.h:2471
#define HTCLIENT
Definition: winuser.h:2478
#define CreateWindowW(a, b, c, d, e, f, g, h, i, j, k)
Definition: winuser.h:4319
#define WMSZ_BOTTOM
Definition: winuser.h:2472
#define WM_SIZING
Definition: winuser.h:1810
#define SBS_SIZEBOXBOTTOMRIGHTALIGN
Definition: winuser.h:330
#define DWLP_MSGRESULT
Definition: winuser.h:873
#define WMSZ_RIGHT
Definition: winuser.h:2468
#define WM_SETCURSOR
Definition: winuser.h:1639
HDWP WINAPI DeferWindowPos(_In_ HDWP, _In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
#define WM_DESTROY
Definition: winuser.h:1612
#define SWP_NOZORDER
Definition: winuser.h:1250
#define SetWindowLongPtrW
Definition: winuser.h:5358
#define GWL_STYLE
Definition: winuser.h:855
BOOL WINAPI DestroyWindow(_In_ HWND)
int WINAPI GetSystemMetrics(_In_ int)
HDWP WINAPI BeginDeferWindowPos(_In_ int)
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)

Referenced by WndProc().

◆ EventLog_Free()

VOID EventLog_Free ( IN PEVENTLOG  EventLog)

Definition at line 1322 of file eventvwr.c.

1323{
1324 if (EventLog->LogName)
1325 HeapFree(GetProcessHeap(), 0, EventLog->LogName);
1326
1327 if (EventLog->ComputerName)
1328 HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1329
1330 if (EventLog->FileName)
1331 HeapFree(GetProcessHeap(), 0, EventLog->FileName);
1332
1333 HeapFree(GetProcessHeap(), 0, EventLog);
1334}

Referenced by BuildLogListAndFilterList(), FreeLogList(), and OpenUserEventLogFile().

◆ EventLogFilter_AddRef()

LONG EventLogFilter_AddRef ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1416 of file eventvwr.c.

1417{
1418 ASSERT(EventLogFilter);
1419 return InterlockedIncrement(&EventLogFilter->ReferenceCount);
1420}
#define InterlockedIncrement
Definition: armddk.h:53
#define ASSERT(a)
Definition: mode.c:44

Referenced by ClearEvents(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogFilter_Free()

VOID EventLogFilter_Free ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1402 of file eventvwr.c.

1403{
1404 if (EventLogFilter->Sources)
1405 HeapFree(GetProcessHeap(), 0, EventLogFilter->Sources);
1406
1407 if (EventLogFilter->Users)
1408 HeapFree(GetProcessHeap(), 0, EventLogFilter->Users);
1409
1410 if (EventLogFilter->ComputerNames)
1411 HeapFree(GetProcessHeap(), 0, EventLogFilter->ComputerNames);
1412
1413 HeapFree(GetProcessHeap(), 0, EventLogFilter);
1414}

Referenced by EventLogFilter_Release(), and FreeLogFilterList().

◆ EventLogFilter_Release()

LONG EventLogFilter_Release ( IN PEVENTLOGFILTER  EventLogFilter)

RemoveEntryList(&EventLogFilter->ListEntry);

Definition at line 1422 of file eventvwr.c.

1423{
1424 LONG RefCount;
1425
1426 ASSERT(EventLogFilter);
1427
1428 /* When the reference count reaches zero, delete the filter */
1429 RefCount = InterlockedDecrement(&EventLogFilter->ReferenceCount);
1430 if (RefCount <= 0)
1431 {
1432 /* Remove the filter from the list */
1434 EventLogFilter_Free(EventLogFilter);
1435 }
1436
1437 return RefCount;
1438}
#define InterlockedDecrement
Definition: armddk.h:52
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1402

Referenced by ClearEvents(), CloseUserEventLog(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogProperties()

INT_PTR EventLogProperties ( HINSTANCE  hInstance,
HWND  hWndParent,
PEVENTLOGFILTER  EventLogFilter 
)

Definition at line 4250 of file eventvwr.c.

4251{
4252 INT_PTR ret = 0;
4253 PROPSHEETHEADERW psh;
4254 PROPSHEETPAGEW psp[1]; // 2
4255
4256 /*
4257 * Bail out if there is no available filter, or if the filter
4258 * contains more than one log.
4259 */
4260 if (!EventLogFilter)
4261 return 0;
4262
4263 EventLogFilter_AddRef(EventLogFilter);
4264
4265 if (EventLogFilter->NumOfEventLogs > 1 ||
4266 EventLogFilter->EventLogs[0] == NULL)
4267 {
4268 goto Quit;
4269 }
4270
4271 /* Header */
4272 psh.dwSize = sizeof(psh);
4273 psh.dwFlags = PSH_PROPSHEETPAGE /*| PSH_USEICONID */ | PSH_PROPTITLE | PSH_HASHELP /*| PSH_NOCONTEXTHELP */ /*| PSH_USECALLBACK */;
4274 psh.hInstance = hInstance;
4275 psh.hwndParent = hWndParent;
4276 // psh.pszIcon = MAKEINTRESOURCEW(IDI_APPICON); // Disabled because it only sets the small icon; the big icon is a stretched version of the small one.
4277 psh.pszCaption = EventLogFilter->EventLogs[0]->LogName;
4278 psh.nStartPage = 0;
4279 psh.ppsp = psp;
4280 psh.nPages = ARRAYSIZE(psp);
4281 // psh.pfnCallback = PropSheetCallback;
4282
4283 /* Log properties page */
4284 psp[0].dwSize = sizeof(psp[0]);
4285 psp[0].dwFlags = PSP_HASHELP;
4286 psp[0].hInstance = hInstance;
4289 psp[0].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4290
4291#if 0
4292 /* TODO: Log sources page */
4293 psp[1].dwSize = sizeof(psp[1]);
4294 psp[1].dwFlags = PSP_HASHELP;
4295 psp[1].hInstance = hInstance;
4298 psp[1].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4299#endif
4300
4301 /* Create the property sheet */
4302 ret = PropertySheetW(&psh);
4303
4304Quit:
4305 EventLogFilter_Release(EventLogFilter);
4306 return ret;
4307}
#define IDD_GENERAL_PAGE
Definition: resource.h:6
#define IDD_LOGPROPERTIES_GENERAL
Definition: resource.h:34
HINSTANCE hInstance
Definition: charmap.c:19
INT_PTR WINAPI PropertySheetW(LPCPROPSHEETHEADERW lppsh)
Definition: propsheet.c:2916
INT_PTR CALLBACK EventLogPropProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
Definition: eventvwr.c:4129
INT_PTR CALLBACK GeneralPageWndProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
Definition: generalpage.c:25
#define PSP_HASHELP
Definition: prsht.h:28
#define PSH_PROPTITLE
Definition: prsht.h:40
#define PSH_HASHELP
Definition: prsht.h:49
#define PSH_PROPSHEETPAGE
Definition: prsht.h:43
LPCPROPSHEETPAGEW ppsp
Definition: prsht.h:308
HINSTANCE hInstance
Definition: prsht.h:296
DWORD dwSize
Definition: prsht.h:293
DWORD dwFlags
Definition: prsht.h:294
HWND hwndParent
Definition: prsht.h:295
UINT nStartPage
Definition: prsht.h:304
LPCWSTR pszCaption
Definition: prsht.h:301
DLGPROC pfnDlgProc
Definition: prsht.h:226
DWORD dwSize
Definition: prsht.h:214
DWORD dwFlags
Definition: prsht.h:215
LPARAM lParam
Definition: prsht.h:227
LPCWSTR pszTemplate
Definition: prsht.h:218
HINSTANCE hInstance
Definition: prsht.h:216
int ret
#define MAKEINTRESOURCEW(i)
Definition: winuser.h:582

Referenced by WndProc().

◆ EventLogPropProc()

INT_PTR CALLBACK EventLogPropProc ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4129 of file eventvwr.c.

4130{
4131 PEVENTLOG EventLog;
4132 WCHAR szText[MAX_LOADSTRING];
4133
4134 EventLog = (PEVENTLOG)GetWindowLongPtrW(hDlg, DWLP_USER);
4135
4136 switch (uMsg)
4137 {
4138 case WM_INITDIALOG:
4139 {
4140 EventLog = (PEVENTLOG)((LPPROPSHEETPAGE)lParam)->lParam;
4141 SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)EventLog);
4142
4143 InitPropertiesDlg(hDlg, EventLog);
4144
4145 PropSheet_UnChanged(GetParent(hDlg), hDlg);
4146 return (INT_PTR)TRUE;
4147 }
4148
4149 case WM_DESTROY:
4150 return (INT_PTR)TRUE;
4151
4152 case WM_NOTIFY:
4153 switch (((LPNMHDR)lParam)->code)
4154 {
4155 case PSN_APPLY:
4156 PropSheet_UnChanged(GetParent(hDlg), hDlg);
4157 SavePropertiesDlg(hDlg, EventLog);
4158 return (INT_PTR)TRUE;
4159 }
4160 break;
4161
4162 case WM_COMMAND:
4163 switch (LOWORD(wParam))
4164 {
4165 case IDOK:
4166 case IDCANCEL:
4167 EndDialog(hDlg, LOWORD(wParam));
4168 return (INT_PTR)TRUE;
4169
4170 case ID_CLEARLOG:
4171 {
4172 PEVENTLOGFILTER EventLogFilter = GetSelectedFilter(NULL);
4173 if (EventLogFilter && ClearEvents(EventLogFilter))
4174 {
4175 Refresh(EventLogFilter);
4176 InitPropertiesDlg(hDlg, EventLog);
4177 }
4178 return (INT_PTR)TRUE;
4179 }
4180
4183 if (HIWORD(wParam) == EN_CHANGE)
4184 {
4185 PropSheet_Changed(GetParent(hDlg), hDlg);
4186 }
4187 return (INT_PTR)TRUE;
4188
4190 {
4194 PropSheet_Changed(GetParent(hDlg), hDlg);
4195 return (INT_PTR)TRUE;
4196 }
4197
4199 {
4203 PropSheet_Changed(GetParent(hDlg), hDlg);
4204 return (INT_PTR)TRUE;
4205 }
4206
4207 case IDC_NO_OVERWRITE:
4208 {
4212 PropSheet_Changed(GetParent(hDlg), hDlg);
4213 return (INT_PTR)TRUE;
4214 }
4215
4217 {
4218 LoadStringW(hInst, IDS_RESTOREDEFAULTS, szText, _countof(szText));
4219
4220 if (MessageBoxW(hDlg, szText, szTitle, MB_YESNO | MB_ICONQUESTION) == IDYES)
4221 {
4223 /* Workstation: 512 KB; Server: 16384 KB */
4228 PropSheet_Changed(GetParent(hDlg), hDlg);
4229 }
4230 return (INT_PTR)TRUE;
4231 }
4232
4233 case IDHELP:
4234 MessageBoxW(hDlg,
4235 L"Help not implemented yet!",
4236 szTitle,
4238 return (INT_PTR)TRUE;
4239
4240 default:
4241 break;
4242 }
4243 break;
4244 }
4245
4246 return (INT_PTR)FALSE;
4247}
#define IDC_UPDOWN_EVENTS_AGE
Definition: resource.h:67
#define IDC_NO_OVERWRITE
Definition: resource.h:68
#define IDC_OVERWRITE_AS_NEEDED
Definition: resource.h:64
#define IDS_RESTOREDEFAULTS
Definition: resource.h:107
#define ID_CLEARLOG
Definition: resource.h:71
#define IDC_OVERWRITE_OLDER_THAN
Definition: resource.h:65
#define IDC_EDIT_MAXLOGSIZE
Definition: resource.h:62
#define IDC_EDIT_EVENTS_AGE
Definition: resource.h:66
#define IDC_RESTOREDEFAULTS
Definition: resource.h:69
PEVENTLOGFILTER GetSelectedFilter(OUT HTREEITEM *phti OPTIONAL)
Definition: eventvwr.c:2432
BOOL ClearEvents(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:2612
static VOID SavePropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:4070
static VOID InitPropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:3880
struct _EVENTLOG * PEVENTLOG
#define EnableDlgItem(hDlg, nID, bEnable)
Definition: eventvwr.h:55
void Refresh(void)
Definition: magnifier.c:317
#define PropSheet_Changed(d, w)
Definition: prsht.h:344
#define PropSheet_UnChanged(d, w)
Definition: prsht.h:358
#define PSN_APPLY
Definition: prsht.h:117
#define LPPROPSHEETPAGE
Definition: prsht.h:390
#define WM_NOTIFY
Definition: richedit.h:61
#define _countof(array)
Definition: sndvol32.h:70
Definition: inflate.c:139
#define DWLP_USER
Definition: winuser.h:875
#define MB_YESNO
Definition: winuser.h:820
BOOL WINAPI SetDlgItemInt(_In_ HWND, _In_ int, _In_ UINT, _In_ BOOL)
HWND WINAPI GetParent(_In_ HWND)
BOOL WINAPI CheckRadioButton(_In_ HWND, _In_ int, _In_ int, _In_ int)
#define MB_ICONQUESTION
Definition: winuser.h:792
#define EN_CHANGE
Definition: winuser.h:2025

Referenced by EventLogProperties().

◆ EventTimeToSystemTime()

VOID EventTimeToSystemTime ( IN DWORD  EventTime,
OUT PSYSTEMTIME  pSystemTime 
)

Definition at line 713 of file eventvwr.c.

715{
716 SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
717 FILETIME ftLocal;
718 union
719 {
720 FILETIME ft;
722 } u1970, uUCT;
723
724 uUCT.ft.dwHighDateTime = 0;
725 uUCT.ft.dwLowDateTime = EventTime;
726 SystemTimeToFileTime(&st1970, &u1970.ft);
727 uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
728 FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
729 FileTimeToSystemTime(&ftLocal, pSystemTime);
730}
w ll
Definition: byte_order.h:167
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:188
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:158
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:221
uint64_t ULONGLONG
Definition: typedefs.h:67

Referenced by EnumEventsThread().

◆ FilterByString()

BOOL FilterByString ( IN PCWSTR  FilterString,
IN PWSTR  String 
)

Definition at line 1905 of file eventvwr.c.

1907{
1908 PCWSTR pStr;
1909
1910 /* The filter string is NULL so it does not filter anything */
1911 if (!FilterString)
1912 return TRUE;
1913
1914 /*
1915 * If the filter string filters for an empty string AND the source string
1916 * is an empty string, we have a match (particular case of the last one).
1917 */
1918 if (!*FilterString && !*String)
1919 return TRUE;
1920
1921 // if (*FilterString || *String)
1922
1923 /*
1924 * If the filter string is empty BUT the source string is not empty,
1925 * OR vice-versa, we cannot have a match.
1926 */
1927 if ( (!*FilterString && *String) || (*FilterString && !*String) )
1928 return FALSE;
1929
1930 /*
1931 * If the filter string filters for at least a non-empty string,
1932 * browse it and search for a string that matches the source string.
1933 */
1934 // else if (*FilterString && *String)
1935 {
1936 pStr = FilterString;
1937 while (*pStr)
1938 {
1939 if (wcsicmp(pStr, String) == 0)
1940 {
1941 /* We have a match, break the loop */
1942 break;
1943 }
1944
1945 pStr += (wcslen(pStr) + 1);
1946 }
1947 if (!*pStr) // && *String
1948 {
1949 /* We do not have a match */
1950 return FALSE;
1951 }
1952 }
1953
1954 /* We have a match */
1955 return TRUE;
1956}
const uint16_t * PCWSTR
Definition: typedefs.h:57
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2433

Referenced by EnumEventsThread().

◆ FilterByType()

BOOL FilterByType ( IN PEVENTLOGFILTER  EventLogFilter,
IN PEVENTLOGRECORD  pevlr 
)

Definition at line 1889 of file eventvwr.c.

1891{
1892 if ((pevlr->EventType == EVENTLOG_SUCCESS && !EventLogFilter->Information ) ||
1893 (pevlr->EventType == EVENTLOG_INFORMATION_TYPE && !EventLogFilter->Information ) ||
1894 (pevlr->EventType == EVENTLOG_WARNING_TYPE && !EventLogFilter->Warning ) ||
1895 (pevlr->EventType == EVENTLOG_ERROR_TYPE && !EventLogFilter->Error ) ||
1896 (pevlr->EventType == EVENTLOG_AUDIT_SUCCESS && !EventLogFilter->AuditSuccess) ||
1897 (pevlr->EventType == EVENTLOG_AUDIT_FAILURE && !EventLogFilter->AuditFailure))
1898 {
1899 return FALSE;
1900 }
1901 return TRUE;
1902}

Referenced by EnumEventsThread().

◆ FormatByteSize()

UINT FormatByteSize ( LONGLONG  cbSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1161 of file eventvwr.c.

1162{
1163 UINT cchWritten, cchRemaining;
1164 LPWSTR pwszEnd;
1165 size_t cchStringRemaining;
1166
1167 /* Write formated bytes count */
1168 cchWritten = FormatInteger(cbSize, pwszResult, cchResultMax);
1169 if (!cchWritten)
1170 return 0;
1171
1172 /* Copy " bytes" to buffer */
1173 pwszEnd = pwszResult + cchWritten;
1174 cchRemaining = cchResultMax - cchWritten;
1175 StringCchCopyExW(pwszEnd, cchRemaining, L" ", &pwszEnd, &cchStringRemaining, 0);
1176 cchRemaining = (UINT)cchStringRemaining;
1177 cchWritten = LoadStringW(hInst, IDS_BYTES_FORMAT, pwszEnd, cchRemaining);
1178 cchRemaining -= cchWritten;
1179
1180 return cchResultMax - cchRemaining;
1181}
#define IDS_BYTES_FORMAT
Definition: resource.h:120
UINT FormatInteger(LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1101
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184

Referenced by FormatFileSizeWithBytes().

◆ FormatFileSizeWithBytes()

LPWSTR FormatFileSizeWithBytes ( const PULARGE_INTEGER  lpQwSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1184 of file eventvwr.c.

1185{
1186 UINT cchWritten, cchRemaining;
1187 LPWSTR pwszEnd;
1188 size_t cchCopyRemaining;
1189
1190 /* Format bytes in KBs, MBs etc */
1191 if (StrFormatByteSizeW(lpQwSize->QuadPart, pwszResult, cchResultMax) == NULL)
1192 return NULL;
1193
1194 /* If there is less bytes than 1KB, we have nothing to do */
1195 if (lpQwSize->QuadPart < 1024)
1196 return pwszResult;
1197
1198 /* Concatenate " (" */
1199 cchWritten = (UINT)wcslen(pwszResult);
1200 pwszEnd = pwszResult + cchWritten;
1201 cchRemaining = cchResultMax - cchWritten;
1202 StringCchCopyExW(pwszEnd, cchRemaining, L" (", &pwszEnd, &cchCopyRemaining, 0);
1203 cchRemaining = (UINT)cchCopyRemaining;
1204
1205 /* Write formated bytes count */
1206 cchWritten = FormatByteSize(lpQwSize->QuadPart, pwszEnd, cchRemaining);
1207 pwszEnd += cchWritten;
1208 cchRemaining -= cchWritten;
1209
1210 /* Copy ")" to the buffer */
1211 StringCchCopyW(pwszEnd, cchRemaining, L")");
1212
1213 return pwszResult;
1214}
LPWSTR WINAPI StrFormatByteSizeW(LONGLONG llBytes, LPWSTR lpszDest, UINT cchMax)
Definition: string.c:2388
UINT FormatByteSize(LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1161
ULONGLONG QuadPart
Definition: ms-dtyp.idl:185

Referenced by InitPropertiesDlg().

◆ FormatInteger()

UINT FormatInteger ( LONGLONG  Num,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1101 of file eventvwr.c.

1102{
1103 WCHAR wszNumber[24];
1104 WCHAR wszDecimalSep[8], wszThousandSep[8];
1105 NUMBERFMTW nf;
1106 WCHAR wszGrouping[12];
1107 INT cchGrouping;
1108 INT cchResult;
1109 INT i;
1110
1111 // Print the number in uniform mode
1112 swprintf(wszNumber, L"%I64u", Num);
1113
1114 // Get system strings for decimal and thousand separators.
1115 GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_SDECIMAL, wszDecimalSep, _countof(wszDecimalSep));
1116 GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_STHOUSAND, wszThousandSep, _countof(wszThousandSep));
1117
1118 // Initialize format for printing the number in bytes
1119 ZeroMemory(&nf, sizeof(nf));
1120 nf.lpDecimalSep = wszDecimalSep;
1121 nf.lpThousandSep = wszThousandSep;
1122
1123 // Get system string for groups separator
1124 cchGrouping = GetLocaleInfoW(LOCALE_USER_DEFAULT,
1126 wszGrouping,
1127 _countof(wszGrouping));
1128
1129 // Convert grouping specs from string to integer
1130 for (i = 0; i < cchGrouping; i++)
1131 {
1132 WCHAR wch = wszGrouping[i];
1133
1134 if (wch >= L'0' && wch <= L'9')
1135 nf.Grouping = nf.Grouping * 10 + (wch - L'0');
1136 else if (wch != L';')
1137 break;
1138 }
1139
1140 if ((nf.Grouping % 10) == 0)
1141 nf.Grouping /= 10;
1142 else
1143 nf.Grouping *= 10;
1144
1145 // Format the number
1147 0,
1148 wszNumber,
1149 &nf,
1150 pwszResult,
1151 cchResultMax);
1152
1153 if (!cchResult)
1154 return 0;
1155
1156 // GetNumberFormatW returns number of characters including UNICODE_NULL
1157 return cchResult - 1;
1158}
INT WINAPI GetLocaleInfoW(LCID lcid, LCTYPE lctype, LPWSTR buffer, INT len)
Definition: locale.c:1665
#define swprintf
Definition: precomp.h:40
INT WINAPI GetNumberFormatW(LCID lcid, DWORD dwFlags, LPCWSTR lpszValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchOut)
Definition: lcformat.c:1212
LPWSTR lpDecimalSep
Definition: winnls.h:645
UINT Grouping
Definition: winnls.h:644
LPWSTR lpThousandSep
Definition: winnls.h:646
#define LOCALE_SGROUPING
Definition: winnls.h:44
#define LOCALE_SDECIMAL
Definition: winnls.h:42
#define LOCALE_STHOUSAND
Definition: winnls.h:43

Referenced by FormatByteSize().

◆ FreeLogFilterList()

VOID FreeLogFilterList ( VOID  )

Definition at line 3015 of file eventvwr.c.

3016{
3018 PEVENTLOGFILTER EventLogFilter;
3019
3021 {
3023 EventLogFilter = (PEVENTLOGFILTER)CONTAINING_RECORD(Entry, EVENTLOGFILTER, ListEntry);
3024 EventLogFilter_Free(EventLogFilter);
3025 }
3026
3028
3029 return;
3030}
#define IsListEmpty(ListHead)
Definition: env_spec_w32.h:954
#define RemoveHeadList(ListHead)
Definition: env_spec_w32.h:964
base of all file and directory entries
Definition: entries.h:83
Definition: typedefs.h:120
#define CONTAINING_RECORD(address, type, field)
Definition: typedefs.h:260

Referenced by wWinMain().

◆ FreeLogList()

VOID FreeLogList ( VOID  )

Definition at line 2999 of file eventvwr.c.

3000{
3002 PEVENTLOG EventLog;
3003
3004 while (!IsListEmpty(&EventLogList))
3005 {
3007 EventLog = (PEVENTLOG)CONTAINING_RECORD(Entry, EVENTLOG, ListEntry);
3008 EventLog_Free(EventLog);
3009 }
3010
3011 return;
3012}

Referenced by wWinMain().

◆ FreeRecords()

static VOID FreeRecords ( VOID  )
static

Definition at line 1871 of file eventvwr.c.

1872{
1873 DWORD iIndex;
1874
1875 if (!g_RecordPtrs)
1876 return;
1877
1878 for (iIndex = 0; iIndex < g_TotalRecords; iIndex++)
1879 {
1880 if (g_RecordPtrs[iIndex])
1881 HeapFree(GetProcessHeap(), 0, g_RecordPtrs[iIndex]);
1882 }
1885 g_TotalRecords = 0;
1886}

Referenced by EnumEventsThread(), and StartStopEnumEventsThread().

◆ GetDisplayNameFileAndID()

BOOL GetDisplayNameFileAndID ( IN LPCWSTR  lpLogName,
OUT PWCHAR  lpModuleName,
OUT PDWORD  pdwMessageID 
)

Definition at line 2709 of file eventvwr.c.

2712{
2713 BOOL Success = FALSE;
2714 LONG Result;
2715 HKEY hLogKey;
2716 WCHAR *KeyPath;
2717 SIZE_T cbKeyPath;
2718 DWORD dwType, cbData;
2719 DWORD dwMessageID = 0;
2721
2722 /* Use a default value for the message ID */
2723 *pdwMessageID = 0;
2724
2725 cbKeyPath = (wcslen(EVENTLOG_BASE_KEY) + wcslen(lpLogName) + 1) * sizeof(WCHAR);
2726 KeyPath = HeapAlloc(GetProcessHeap(), 0, cbKeyPath);
2727 if (!KeyPath)
2728 {
2730 return FALSE;
2731 }
2732
2733 StringCbCopyW(KeyPath, cbKeyPath, EVENTLOG_BASE_KEY);
2734 StringCbCatW(KeyPath, cbKeyPath, lpLogName);
2735
2736 Result = RegOpenKeyExW(hkMachine, KeyPath, 0, KEY_QUERY_VALUE, &hLogKey);
2737 HeapFree(GetProcessHeap(), 0, KeyPath);
2738 if (Result != ERROR_SUCCESS)
2739 {
2741 return FALSE;
2742 }
2743
2744 cbData = sizeof(szModuleName);
2745 Result = RegQueryValueExW(hLogKey,
2746 L"DisplayNameFile",
2747 NULL,
2748 &dwType,
2750 &cbData);
2751 if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2752 {
2754 }
2755 else
2756 {
2757 /* NULL-terminate the string and expand it */
2758 szModuleName[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
2760 Success = TRUE;
2761 }
2762
2763 /*
2764 * If we have a 'DisplayNameFile', query for 'DisplayNameID';
2765 * otherwise it's not really useful. 'DisplayNameID' is optional.
2766 */
2767 if (Success)
2768 {
2769 cbData = sizeof(dwMessageID);
2770 Result = RegQueryValueExW(hLogKey,
2771 L"DisplayNameID",
2772 NULL,
2773 &dwType,
2774 (LPBYTE)&dwMessageID,
2775 &cbData);
2776 if ((Result != ERROR_SUCCESS) || (dwType != REG_DWORD))
2777 dwMessageID = 0;
2778
2779 *pdwMessageID = dwMessageID;
2780 }
2781
2782 RegCloseKey(hLogKey);
2783
2784 return Success;
2785}
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1455
#define REG_DWORD
Definition: sdbapi.c:596
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342

Referenced by BuildLogListAndFilterList().

◆ GetEventCategory()

BOOL GetEventCategory ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  CategoryName 
)

Definition at line 1589 of file eventvwr.c.

1593{
1594 BOOL Success = FALSE;
1595 WCHAR szMessageDLL[MAX_PATH];
1596 LPWSTR lpMsgBuf = NULL;
1597
1599 goto Quit;
1600
1601 /* Retrieve the message string without appending extra newlines */
1602 lpMsgBuf =
1603 GetMessageStringFromDllList(szMessageDLL,
1606 pevlr->EventCategory,
1608 NULL);
1609 if (lpMsgBuf)
1610 {
1611 /* Trim the string */
1612 TrimNulls(lpMsgBuf);
1613
1614 /* Copy the category name */
1615 StringCchCopyW(CategoryName, MAX_PATH, lpMsgBuf);
1616
1617 /* Free the buffer allocated by FormatMessage */
1618 LocalFree(lpMsgBuf);
1619
1620 /* The ID was found and the message was formatted */
1621 Success = TRUE;
1622 }
1623
1624Quit:
1625 if (!Success)
1626 {
1627 if (pevlr->EventCategory != 0)
1628 {
1629 StringCchPrintfW(CategoryName, MAX_PATH, L"(%lu)", pevlr->EventCategory);
1630 Success = TRUE;
1631 }
1632 }
1633
1634 return Success;
1635}
WCHAR SourceName[256]
Definition: arping.c:28
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1441
#define EVENT_CATEGORY_MESSAGE_FILE
Definition: eventvwr.c:39
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1528
#define EVENT_MESSAGE_FILE_BUFFER
Definition: eventvwr.c:37
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2699

Referenced by EnumEventsThread().

◆ GetEventMessage()

BOOL GetEventMessage ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  EventText 
)

Definition at line 1639 of file eventvwr.c.

1643{
1644 BOOL Success = FALSE;
1645 DWORD i;
1646 size_t cch;
1647 WCHAR SourceModuleName[1024];
1648 WCHAR ParameterModuleName[1024];
1649 BOOL IsParamModNameCached = FALSE;
1650 LPWSTR lpMsgBuf = NULL;
1651 LPWSTR szStringArray, szMessage;
1652 LPWSTR *szArguments;
1653
1654 /* Get the event string array */
1655 szStringArray = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset);
1656
1657 /* NOTE: GetEventMessageFileDLL can return a comma-separated list of DLLs */
1659 goto Quit;
1660
1661 /* Allocate space for insertion strings */
1662 szArguments = HeapAlloc(GetProcessHeap(), 0, pevlr->NumStrings * sizeof(LPVOID));
1663 if (!szArguments)
1664 goto Quit;
1665
1666 if (!IsParamModNameCached)
1667 {
1668 /* Now that the parameter file list is loaded, no need to reload it at the next run! */
1669 IsParamModNameCached = GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName);
1670 // FIXME: If the string loading failed the first time, no need to retry it just after???
1671 }
1672
1673 if (IsParamModNameCached)
1674 {
1675 /* Not yet support for reading messages from parameter message DLL */
1676 }
1677
1678 szMessage = szStringArray;
1679 /*
1680 * HACK:
1681 * We do some hackish preformatting of the cached event strings...
1682 * That's because after we pass the string to FormatMessage
1683 * (via GetMessageStringFromDllList) with the FORMAT_MESSAGE_ARGUMENT_ARRAY
1684 * flag, instead of ignoring the insertion parameters and do the formatting
1685 * by ourselves. Therefore, the resulting string should have the parameter
1686 * string placeholders starting with a single '%' instead of a mix of one
1687 * and two '%'.
1688 */
1689 /* HACK part 1: Compute the full length of the string array */
1690 cch = 0;
1691 for (i = 0; i < pevlr->NumStrings; i++)
1692 {
1693 szMessage += wcslen(szMessage) + 1;
1694 }
1695 cch = szMessage - szStringArray;
1696
1697 /* HACK part 2: Now do the HACK proper! */
1698 szMessage = szStringArray;
1699 for (i = 0; i < pevlr->NumStrings; i++)
1700 {
1701 lpMsgBuf = szMessage;
1702 while ((lpMsgBuf = wcsstr(lpMsgBuf, L"%%")))
1703 {
1704 if (iswdigit(lpMsgBuf[2]))
1705 {
1706 MoveMemory(lpMsgBuf, lpMsgBuf+1, ((szStringArray + cch) - lpMsgBuf - 1) * sizeof(WCHAR));
1707 }
1708 }
1709
1710 szArguments[i] = szMessage;
1711 szMessage += wcslen(szMessage) + 1;
1712 }
1713
1714 /* Retrieve the message string without appending extra newlines */
1715 lpMsgBuf =
1716 GetMessageStringFromDllList(SourceModuleName,
1719 pevlr->EventID,
1720 0,
1721 (va_list*)szArguments);
1722 if (lpMsgBuf)
1723 {
1724 /* Trim the string */
1725 TrimNulls(lpMsgBuf);
1726
1727 szMessage = NULL;
1728 Success = (ApplyParameterStringsToMessage(ParameterModuleName,
1729 TRUE,
1730 lpMsgBuf,
1731 &szMessage) == ERROR_SUCCESS);
1732 if (Success && szMessage)
1733 {
1734 /* Free the buffer allocated by FormatMessage */
1735 LocalFree(lpMsgBuf);
1736 lpMsgBuf = szMessage;
1737 }
1738
1739 /* Copy the event text */
1740 StringCchCopyW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf);
1741
1742 /* Free the buffer allocated by FormatMessage */
1743 LocalFree(lpMsgBuf);
1744 }
1745
1746 HeapFree(GetProcessHeap(), 0, szArguments);
1747
1748Quit:
1749 if (!Success)
1750 {
1751 /* Get a read-only pointer to the "event-not-found" string */
1754 StringCchPrintfW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf, (pevlr->EventID & 0xFFFF), SourceName);
1755
1756 /* Append the strings */
1757 szMessage = szStringArray;
1758 for (i = 0; i < pevlr->NumStrings; i++)
1759 {
1760 StringCchCatW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, szMessage);
1762 szMessage += wcslen(szMessage) + 1;
1763 }
1764 }
1765
1766 return Success;
1767}
char * va_list
Definition: acmsvcex.h:78
#define IDS_EVENTSTRINGIDNOTFOUND
Definition: resource.h:106
DWORD ApplyParameterStringsToMessage(IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
Definition: eventvwr.c:903
#define EVENT_MESSAGE_EVENTTEXT_BUFFER
Definition: eventvwr.c:36
#define EVENT_PARAMETER_MESSAGE_FILE
Definition: eventvwr.c:41
#define EVENT_MESSAGE_FILE
Definition: eventvwr.c:40
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:325
#define MoveMemory
Definition: winbase.h:1709
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:424

Referenced by DisplayEvent().

◆ GetEventMessageFileDLL()

BOOL GetEventMessageFileDLL ( IN LPCWSTR  lpLogName,
IN LPCWSTR  SourceName,
IN LPCWSTR  EntryName,
OUT PWCHAR  lpModuleName 
)

Definition at line 1528 of file eventvwr.c.

1532{
1533 BOOL Success = FALSE;
1534 LONG Result;
1535 DWORD dwType, dwSize;
1537 WCHAR szKeyName[MAX_PATH];
1538 HKEY hLogKey = NULL;
1539 HKEY hSourceKey = NULL;
1540
1541 StringCbCopyW(szKeyName, sizeof(szKeyName), EVENTLOG_BASE_KEY);
1542 StringCbCatW(szKeyName, sizeof(szKeyName), lpLogName);
1543
1545 szKeyName,
1546 0,
1547 KEY_READ,
1548 &hLogKey);
1549 if (Result != ERROR_SUCCESS)
1550 return FALSE;
1551
1552 Result = RegOpenKeyExW(hLogKey,
1553 SourceName,
1554 0,
1556 &hSourceKey);
1557 if (Result != ERROR_SUCCESS)
1558 {
1559 RegCloseKey(hLogKey);
1560 return FALSE;
1561 }
1562
1563 dwSize = sizeof(szModuleName);
1564 Result = RegQueryValueExW(hSourceKey,
1565 EntryName,
1566 NULL,
1567 &dwType,
1569 &dwSize);
1570 if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
1571 {
1573 }
1574 else
1575 {
1576 /* NULL-terminate the string and expand it */
1577 szModuleName[dwSize / sizeof(WCHAR) - 1] = UNICODE_NULL;
1579 Success = TRUE;
1580 }
1581
1582 RegCloseKey(hSourceKey);
1583 RegCloseKey(hLogKey);
1584
1585 return Success;
1586}
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56

Referenced by GetEventCategory(), and GetEventMessage().

◆ GetEventType()

VOID GetEventType ( IN WORD  dwEventType,
OUT PWCHAR  eventTypeText 
)

Definition at line 1770 of file eventvwr.c.

1772{
1773 switch (dwEventType)
1774 {
1777 break;
1780 break;
1783 break;
1784 case EVENTLOG_SUCCESS:
1786 break;
1789 break;
1792 break;
1793 default:
1795 break;
1796 }
1797}
#define IDS_EVENTLOG_INFORMATION_TYPE
Definition: resource.h:114
#define IDS_EVENTLOG_SUCCESS
Definition: resource.h:117
#define IDS_EVENTLOG_AUDIT_FAILURE
Definition: resource.h:116
#define IDS_EVENTLOG_ERROR_TYPE
Definition: resource.h:112
#define IDS_EVENTLOG_WARNING_TYPE
Definition: resource.h:113
#define IDS_EVENTLOG_UNKNOWN_TYPE
Definition: resource.h:118
#define IDS_EVENTLOG_AUDIT_SUCCESS
Definition: resource.h:115

Referenced by EnumEventsThread().

◆ GetEventUserName()

BOOL GetEventUserName ( IN PEVENTLOGRECORD  pelr,
IN OUT PSID pLastSid,
OUT PWCHAR  pszUser 
)

Definition at line 1800 of file eventvwr.c.

1803{
1804 PSID pCurrentSid;
1805 PWSTR StringSid;
1806 WCHAR szName[1024];
1807 WCHAR szDomain[1024];
1810 DWORD cchDomain = ARRAYSIZE(szDomain);
1811 BOOL Success = FALSE;
1812
1813 /* Point to the SID */
1814 pCurrentSid = (PSID)((LPBYTE)pelr + pelr->UserSidOffset);
1815
1816 if (!IsValidSid(pCurrentSid))
1817 {
1818 *pLastSid = NULL;
1819 return FALSE;
1820 }
1821 else if (*pLastSid && EqualSid(*pLastSid, pCurrentSid))
1822 {
1823 return TRUE;
1824 }
1825
1826 /* User SID */
1827 if (pelr->UserSidLength > 0)
1828 {
1829 /*
1830 * Try to retrieve the user account name and domain name corresponding
1831 * to the SID. If it cannot be retrieved, try to convert the SID to a
1832 * string-form. It should not be bigger than the user-provided buffer
1833 * 'pszUser', otherwise we return an error.
1834 */
1836 pCurrentSid,
1837 szName,
1838 &cchName,
1839 szDomain,
1840 &cchDomain,
1841 &peUse))
1842 {
1843 StringCchCopyW(pszUser, MAX_PATH, szName);
1844 Success = TRUE;
1845 }
1846 else if (ConvertSidToStringSidW(pCurrentSid, &StringSid))
1847 {
1848 /* Copy the string only if the user-provided buffer is big enough */
1849 if (wcslen(StringSid) + 1 <= MAX_PATH) // + 1 for NULL-terminator
1850 {
1851 StringCchCopyW(pszUser, MAX_PATH, StringSid);
1852 Success = TRUE;
1853 }
1854 else
1855 {
1857 Success = FALSE;
1858 }
1859
1860 /* Free the allocated buffer */
1861 LocalFree(StringSid);
1862 }
1863 }
1864
1865 *pLastSid = Success ? pCurrentSid : NULL;
1866
1867 return Success;
1868}
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3583
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:819
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829
#define SetLastError(x)
Definition: compat.h:752
enum _SID_NAME_USE SID_NAME_USE
struct _SID * PSID
Definition: eventlog.c:35
static const WCHAR szName[]
Definition: powrprof.c:45
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2746

Referenced by EnumEventsThread().

◆ GetExpandedFilePathName()

DWORD GetExpandedFilePathName ( IN LPCWSTR ComputerName  OPTIONAL,
IN LPCWSTR  lpFileName,
OUT LPWSTR lpFullFileName  OPTIONAL,
IN DWORD  nSize 
)

Definition at line 1455 of file eventvwr.c.

1460{
1462
1463 /* Determine the needed size after expansion of any environment strings */
1465 if (dwLength == 0)
1466 {
1467 /* We failed, bail out */
1468 return 0;
1469 }
1470
1471 /* If the file path is on a remote computer, estimate its length */
1472 // FIXME: Use WNetGetUniversalName instead?
1473 if (ComputerName && *ComputerName)
1474 {
1475 /* Skip any leading backslashes */
1476 while (*ComputerName == L'\\')
1477 ++ComputerName;
1478
1479 if (*ComputerName)
1480 {
1481 /* Count 2 backslashes plus the computer name and one backslash separator */
1482 dwLength += 2 + wcslen(ComputerName) + 1;
1483 }
1484 }
1485
1486 /* Check whether we have enough space */
1487 if (dwLength > nSize)
1488 {
1489 /* No, return the needed size in characters (includes NULL-terminator) */
1490 return dwLength;
1491 }
1492
1493
1494 /* Now expand the file path */
1495 ASSERT(dwLength <= nSize);
1496
1497 /* Expand any existing environment strings */
1498 if (ExpandEnvironmentStringsW(lpFileName, lpFullFileName, dwLength) == 0)
1499 {
1500 /* We failed, bail out */
1501 return 0;
1502 }
1503
1504 /* If the file path is on a remote computer, retrieve the network share form of the file name */
1505 // FIXME: Use WNetGetUniversalName instead?
1506 if (ComputerName && *ComputerName)
1507 {
1508 /* Note that we previously skipped any potential leading backslashes */
1509
1510 /* Replace ':' by '$' in the drive letter */
1511 if (*lpFullFileName && lpFullFileName[1] == L':')
1512 lpFullFileName[1] = L'$';
1513
1514 /* Prepend the computer name */
1515 MoveMemory(lpFullFileName + 2 + wcslen(ComputerName) + 1,
1516 lpFullFileName, dwLength * sizeof(WCHAR) - (2 + wcslen(ComputerName) + 1) * sizeof(WCHAR));
1517 lpFullFileName[0] = L'\\';
1518 lpFullFileName[1] = L'\\';
1519 wcsncpy(lpFullFileName + 2, ComputerName, wcslen(ComputerName));
1520 lpFullFileName[2 + wcslen(ComputerName)] = L'\\';
1521 }
1522
1523 /* Return the number of stored characters (includes NULL-terminator) */
1524 return dwLength;
1525}
static DWORD DWORD * dwLength
Definition: fusion.c:86
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
_In_ LPCSTR lpFileName
Definition: winbase.h:3071
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2084

Referenced by GetDisplayNameFileAndID(), GetEventMessageFileDLL(), and InitPropertiesDlg().

◆ GetFileTimeString()

BOOL GetFileTimeString ( LPFILETIME  lpFileTime,
LPWSTR  pwszResult,
UINT  cchResult 
)

Definition at line 1218 of file eventvwr.c.

1219{
1220 FILETIME ft;
1221 SYSTEMTIME st;
1222 int cchWritten;
1223 UINT cchRemaining = cchResult;
1224 size_t cchCopyRemaining;
1225 LPWSTR pwszEnd = pwszResult;
1226
1227 if (!FileTimeToLocalFileTime(lpFileTime, &ft) || !FileTimeToSystemTime(&ft, &st))
1228 return FALSE;
1229
1230 cchWritten = GetDateFormatW(LOCALE_USER_DEFAULT, DATE_LONGDATE, &st, NULL, pwszEnd, cchRemaining);
1231 if (cchWritten)
1232 --cchWritten; // GetDateFormatW returns count with terminating zero
1233 // else
1234 // ERR("GetDateFormatW failed\n");
1235
1236 cchRemaining -= cchWritten;
1237 pwszEnd += cchWritten;
1238
1239 StringCchCopyExW(pwszEnd, cchRemaining, L", ", &pwszEnd, &cchCopyRemaining, 0);
1240 cchRemaining = (UINT)cchCopyRemaining;
1241
1242 cchWritten = GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &st, NULL, pwszEnd, cchRemaining);
1243 if (cchWritten)
1244 --cchWritten; // GetTimeFormatW returns count with terminating zero
1245 // else
1246 // ERR("GetTimeFormatW failed\n");
1247
1248 return TRUE;
1249}
#define DATE_LONGDATE
Definition: winnls.h:197

Referenced by InitPropertiesDlg().

◆ GetMessageStringFromDll()

LPWSTR GetMessageStringFromDll ( IN LPCWSTR  lpMessageDll,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 738 of file eventvwr.c.

744{
747 LPWSTR lpMsgBuf = NULL;
748
749 hLibrary = LoadLibraryExW(lpMessageDll, NULL,
750 /* LOAD_LIBRARY_AS_IMAGE_RESOURCE | */ LOAD_LIBRARY_AS_DATAFILE);
751 if (hLibrary == NULL)
752 return NULL;
753
754 /* Sanitize dwFlags */
755 dwFlags &= ~FORMAT_MESSAGE_FROM_STRING;
757
759 {
760 /*
761 * Retrieve the message string without appending extra newlines.
762 * Wrap in SEH to protect from invalid string parameters.
763 */
765 {
767 /* FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE |
768 FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, */
769 hLibrary,
770 dwMessageId,
772 (LPWSTR)&lpMsgBuf,
773 nSize,
774 Arguments);
775 }
777 {
778 dwLength = 0;
779
780 /*
781 * An exception occurred while calling FormatMessage, this is usually
782 * the sign that a parameter was invalid, either 'lpMsgBuf' was NULL
783 * but we did not pass the flag FORMAT_MESSAGE_ALLOCATE_BUFFER, or the
784 * array pointer 'Arguments' was NULL or did not contain enough elements,
785 * and we did not pass the flag FORMAT_MESSAGE_IGNORE_INSERTS, and the
786 * message string expected too many inserts.
787 * In this last case only, we can call again FormatMessage but ignore
788 * explicitly the inserts. The string that we will return to the user
789 * will not be pre-formatted.
790 */
791 if (((dwFlags & FORMAT_MESSAGE_ALLOCATE_BUFFER) || lpMsgBuf) &&
793 {
794 /* Remove any possible harmful flags and always ignore inserts */
795 dwFlags &= ~FORMAT_MESSAGE_ARGUMENT_ARRAY;
797
798 /* If this call also throws an exception, we are really dead */
800 hLibrary,
801 dwMessageId,
803 (LPWSTR)&lpMsgBuf,
804 nSize,
805 NULL /* Arguments */);
806 }
807 }
808 _SEH2_END;
809 }
811 {
813 }
814 _SEH2_END;
815
816 if (dwLength == 0)
817 {
818 ASSERT(lpMsgBuf == NULL);
819 lpMsgBuf = NULL;
820 }
821 else
822 {
823 LPWSTR ptr;
824
825 ASSERT(lpMsgBuf);
826
827 /* Trim any trailing whitespace */
828 ptr = lpMsgBuf + dwLength - 1;
829 while (iswspace(*ptr))
830 *ptr-- = UNICODE_NULL;
831 }
832
833 return lpMsgBuf;
834}
HMODULE hLibrary
Definition: odbccp32.c:12
#define FreeLibrary(x)
Definition: compat.h:748
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
Definition: loader.c:288
DWORD WINAPI FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, __ms_va_list *args)
Definition: format_msg.c:583
#define _SEH2_FINALLY
Definition: filesup.c:21
#define _SEH2_END
Definition: filesup.c:22
#define _SEH2_TRY
Definition: filesup.c:19
#define iswspace(_c)
Definition: ctype.h:669
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
static PVOID ptr
Definition: dispmode.c:27
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:66
#define LANG_USER_DEFAULT
Definition: tnerror.cpp:50
#define LOAD_LIBRARY_AS_DATAFILE
Definition: winbase.h:342

Referenced by BuildLogListAndFilterList(), and GetMessageStringFromDllList().

◆ GetMessageStringFromDllList()

LPWSTR GetMessageStringFromDllList ( IN LPCWSTR  lpMessageDllList,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 842 of file eventvwr.c.

848{
850 SIZE_T cbLength;
851 LPWSTR szMessageDllList;
852 LPWSTR szDll;
853 LPWSTR lpMsgBuf = NULL;
854
855 /* Allocate a local buffer for the DLL list that can be tokenized */
856 // TODO: Optimize that!! Maybe we can cleverly use lpMessageDllList in read/write mode
857 // and cleverly temporarily replace the ';' by UNICODE_NULL, do our job, then reverse the change.
858 cbLength = (wcslen(lpMessageDllList) + 1) * sizeof(WCHAR);
859 szMessageDllList = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbLength);
860 if (!szMessageDllList)
861 return NULL;
862 CopyMemory(szMessageDllList, lpMessageDllList, cbLength);
863
864 /* Loop through the list of message DLLs */
865 szDll = wcstok(szMessageDllList, EVENT_DLL_SEPARATOR);
866 while ((szDll != NULL) && !Success)
867 {
868 // Uses LANG_USER_DEFAULT
869 lpMsgBuf = GetMessageStringFromDll(szDll,
870 dwFlags,
871 dwMessageId,
872 nSize,
873 Arguments);
874 if (lpMsgBuf)
875 {
876 /* The ID was found and the message was formatted */
877 Success = TRUE;
878 break;
879 }
880
881 /*
882 * The DLL could not be loaded, or the message could not be found,
883 * try the next DLL, if any.
884 */
886 }
887
888 HeapFree(GetProcessHeap(), 0, szMessageDllList);
889
890 return lpMsgBuf;
891}
#define EVENT_DLL_SEPARATOR
Definition: eventvwr.c:38
_Check_return_ _CRTIMP wchar_t *__cdecl wcstok(_Inout_opt_z_ wchar_t *_Str, _In_z_ const wchar_t *_Delim)

Referenced by ApplyParameterStringsToMessage(), GetEventCategory(), and GetEventMessage().

◆ GetSelectedFilter()

PEVENTLOGFILTER GetSelectedFilter ( OUT HTREEITEM *phti  OPTIONAL)

Definition at line 2432 of file eventvwr.c.

2433{
2434 TVITEMEXW tvItemEx;
2435 HTREEITEM hti;
2436
2437 if (phti)
2438 *phti = NULL;
2439
2440 /* Get index of selected item */
2442 if (hti == NULL)
2443 return NULL; // No filter
2444
2445 tvItemEx.mask = TVIF_PARAM;
2446 tvItemEx.hItem = hti;
2447
2448 TreeView_GetItem(hwndTreeView, &tvItemEx);
2449
2450 if (phti)
2451 *phti = tvItemEx.hItem;
2452
2453 return (PEVENTLOGFILTER)tvItemEx.lParam;
2454}
#define TreeView_GetSelection(hwnd)
Definition: commctrl.h:3478
#define TreeView_GetItem(hwnd, pitem)
Definition: commctrl.h:3495
#define TVIF_PARAM
Definition: commctrl.h:3273
LPARAM lParam
Definition: commctrl.h:3360
HTREEITEM hItem
Definition: commctrl.h:3352

Referenced by EventLogPropProc(), and WndProc().

◆ InitInstance()

BOOL InitInstance ( HINSTANCE  hInstance)

Definition at line 3033 of file eventvwr.c.

3034{
3035 RECT rcClient, rs;
3036 LONG StatusHeight;
3037 HIMAGELIST hSmall;
3038 LVCOLUMNW lvc = {0};
3039 WCHAR szTemp[256];
3040
3041 /* Create the main window */
3042 rs = Settings.wpPos.rcNormalPosition;
3044 szTitle,
3046 rs.left, rs.top,
3047 (rs.right != CW_USEDEFAULT && rs.left != CW_USEDEFAULT) ? rs.right - rs.left : CW_USEDEFAULT,
3048 (rs.bottom != CW_USEDEFAULT && rs.top != CW_USEDEFAULT) ? rs.bottom - rs.top : CW_USEDEFAULT,
3049 NULL,
3050 NULL,
3051 hInstance,
3052 NULL);
3053 if (!hwndMainWindow)
3054 return FALSE;
3055
3056 /* Create the status bar */
3057 hwndStatus = CreateWindowExW(0, // no extended styles
3058 STATUSCLASSNAMEW, // status bar
3059 L"", // no text
3061 0, 0, 0, 0, // x, y, cx, cy
3062 hwndMainWindow, // parent window
3063 (HMENU)100, // window ID
3064 hInstance, // instance
3065 NULL); // window data
3066
3067 GetClientRect(hwndMainWindow, &rcClient);
3069 StatusHeight = rs.bottom - rs.top;
3070
3071 /* Create a progress bar in the status bar (hidden by default) */
3073 hwndStatusProgress = CreateWindowExW(0, // no extended styles
3074 PROGRESS_CLASSW, // status bar
3075 NULL, // no text
3076 WS_CHILD | PBS_SMOOTH, // styles
3077 rs.left, rs.top, // x, y
3078 rs.right - rs.left, rs.bottom - rs.top, // cx, cy
3079 hwndStatus, // parent window
3080 NULL, // window ID
3081 hInstance, // instance
3082 NULL); // window data
3083 /* Remove its static edge */
3087
3088 /* Initialize the splitter default positions */
3089 nVSplitPos = Settings.nVSplitPos;
3090 nHSplitPos = Settings.nHSplitPos;
3091
3092 /* Create the TreeView */
3095 NULL,
3096 // WS_CHILD | WS_VISIBLE | TVS_HASLINES | TVS_SHOWSELALWAYS,
3098 0, 0,
3100 (rcClient.bottom - rcClient.top) - StatusHeight,
3102 NULL,
3103 hInstance,
3104 NULL);
3105
3106 /* Create the ImageList */
3109 ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3110 1, 1);
3111
3112 /* Add event type icons to the ImageList: closed/opened folder, event log (normal/viewed) */
3117
3118 /* Assign the ImageList to the Tree View */
3120
3121 /* Add the event logs nodes */
3122 // "System Logs"
3125 // "Application Logs"
3128 // "User Logs"
3131
3132 /* Create the Event details pane (optional) */
3134 if (hwndEventDetails)
3135 {
3141 (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3142 (rcClient.bottom - rcClient.top) - nHSplitPos - SPLIT_WIDTH/2 - StatusHeight,
3144 }
3145
3146 /* Create the ListView */
3149 NULL,
3152 0,
3153 (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3154 hwndEventDetails && Settings.bShowDetailsPane
3156 : (rcClient.bottom - rcClient.top) - StatusHeight,
3158 NULL,
3159 hInstance,
3160 NULL);
3161
3162 /* Add the extended ListView styles */
3164
3165 /* Create the ImageList */
3168 ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3169 1, 1);
3170
3171 /* Add event type icons to the ImageList */
3177
3178 /* Assign the ImageList to the List View */
3180
3181 /* Now set up the listview with its columns */
3182 lvc.mask = LVCF_TEXT | LVCF_WIDTH;
3183 lvc.cx = 90;
3186 szTemp,
3187 ARRAYSIZE(szTemp));
3188 lvc.pszText = szTemp;
3190
3191 lvc.cx = 70;
3194 szTemp,
3195 ARRAYSIZE(szTemp));
3196 lvc.pszText = szTemp;
3198
3199 lvc.cx = 70;
3202 szTemp,
3203 ARRAYSIZE(szTemp));
3204 lvc.pszText = szTemp;
3206
3207 lvc.cx = 150;
3210 szTemp,
3211 ARRAYSIZE(szTemp));
3212 lvc.pszText = szTemp;
3214
3215 lvc.cx = 100;
3218 szTemp,
3219 ARRAYSIZE(szTemp));
3220 lvc.pszText = szTemp;
3222
3223 lvc.cx = 60;
3226 szTemp,
3227 ARRAYSIZE(szTemp));
3228 lvc.pszText = szTemp;
3230
3231 lvc.cx = 120;
3234 szTemp,
3235 ARRAYSIZE(szTemp));
3236 lvc.pszText = szTemp;
3238
3239 lvc.cx = 100;
3242 szTemp,
3243 ARRAYSIZE(szTemp));
3244 lvc.pszText = szTemp;
3246
3247 /* Initialize the save Dialog */
3248 ZeroMemory(&sfn, sizeof(sfn));
3250
3252
3253 sfn.lStructSize = sizeof(sfn);
3259 sfn.lpstrDefExt = L"evt";
3260
3261 ShowWindow(hwndMainWindow, Settings.wpPos.showCmd);
3263
3264 return TRUE;
3265}
#define IDI_EVENTVWR
Definition: resource.h:13
#define IDI_CLOSED_CATEGORY
Definition: resource.h:15
#define IDS_COLUMNTIME
Definition: resource.h:124
#define IDS_COLUMNSOURCE
Definition: resource.h:125
#define IDI_OPENED_CATEGORY
Definition: resource.h:16
#define IDI_EVENTLOG
Definition: resource.h:14
#define IDS_COLUMNTYPE
Definition: resource.h:122
#define IDS_COLUMNCOMPUTER
Definition: resource.h:129
#define IDS_COLUMNEVENT
Definition: resource.h:127
#define IDI_AUDITFAILUREICON
Definition: resource.h:21
#define IDI_ERRORICON
Definition: resource.h:19
#define IDI_AUDITSUCCESSICON
Definition: resource.h:20
#define IDI_INFORMATIONICON
Definition: resource.h:17
#define IDS_EVENTLOG_SYSTEM
Definition: resource.h:101
#define IDS_SAVE_FILTER
Definition: resource.h:104
#define IDS_EVENTLOG_APP
Definition: resource.h:102
#define IDS_COLUMNUSER
Definition: resource.h:128
#define IDI_WARNINGICON
Definition: resource.h:18
#define IDS_COLUMNCATEGORY
Definition: resource.h:126
#define IDS_COLUMNDATE
Definition: resource.h:123
#define IDS_EVENTLOG_USER
Definition: resource.h:103
#define OFN_EXPLORER
Definition: commdlg.h:104
#define OFN_SHAREAWARE
Definition: commdlg.h:119
#define OFN_HIDEREADONLY
Definition: commdlg.h:107
HIMAGELIST WINAPI ImageList_Create(INT cx, INT cy, UINT flags, INT cInitial, INT cGrow)
Definition: imagelist.c:804
#define SPLIT_WIDTH
Definition: eventvwr.c:45
HTREEITEM htiUserLogs
Definition: eventvwr.c:72
HWND hwndEventDetails
Definition: eventvwr.c:67
static const LPCWSTR EVENTVWR_WNDCLASS
Definition: eventvwr.c:23
INT nVSplitPos
Definition: eventvwr.c:56
INT nHSplitPos
Definition: eventvwr.c:57
WCHAR szSaveFilter[MAX_LOADSTRING]
Definition: eventvwr.c:54
#define StatusBar_GetItemRect(hwndCtl, index, lprc)
Definition: eventvwr.h:67
#define ProgressBar_SetStep(hwndCtl, inc)
Definition: eventvwr.h:62
static const CLSID *static CLSID *static const GUID VARIANT VARIANT *static IServiceProvider DWORD *static HMENU
Definition: ordinal.c:63
#define WS_OVERLAPPEDWINDOW
Definition: pedump.c:637
#define WS_CLIPCHILDREN
Definition: pedump.c:619
#define LVSIL_SMALL
Definition: commctrl.h:2304
#define TVS_LINESATROOT
Definition: commctrl.h:3254
#define PROGRESS_CLASSW
Definition: commctrl.h:2181
#define LVS_EX_LABELTIP
Definition: commctrl.h:2748
#define ListView_InsertColumn(hwnd, iCol, pcol)
Definition: commctrl.h:2641
#define LVS_EX_GRIDLINES
Definition: commctrl.h:2734
#define ListView_SetImageList(hwnd, himl, iImageList)
Definition: commctrl.h:2309
#define WC_LISTVIEWW
Definition: commctrl.h:2262
#define LVS_EX_HEADERDRAGDROP
Definition: commctrl.h:2738
#define CCS_BOTTOM
Definition: commctrl.h:2249
#define LVS_SHOWSELALWAYS
Definition: commctrl.h:2272
#define LVS_REPORT
Definition: commctrl.h:2267
#define TVSIL_NORMAL
Definition: commctrl.h:3448
#define LVCF_WIDTH
Definition: commctrl.h:2592
#define STATUSCLASSNAMEW
Definition: commctrl.h:1941
#define TVS_SHOWSELALWAYS
Definition: commctrl.h:3257
#define ILC_COLOR32
Definition: commctrl.h:358
#define LVS_EX_FULLROWSELECT
Definition: commctrl.h:2739
#define TVS_HASLINES
Definition: commctrl.h:3253
#define ListView_SetExtendedListViewStyle(hwndLV, dw)
Definition: commctrl.h:2730
#define PBS_SMOOTH
Definition: commctrl.h:2185
#define WC_TREEVIEWW
Definition: commctrl.h:3248
#define ImageList_AddIcon(himl, hicon)
Definition: commctrl.h:415
#define TVS_HASBUTTONS
Definition: commctrl.h:3252
#define ILC_MASK
Definition: commctrl.h:351
#define SBARS_SIZEGRIP
Definition: commctrl.h:1928
#define TVS_EDITLABELS
Definition: commctrl.h:3255
#define LVCF_TEXT
Definition: commctrl.h:2593
#define TreeView_SetImageList(hwnd, himl, iImage)
Definition: commctrl.h:3452
LPWSTR pszText
Definition: commctrl.h:2572
HINSTANCE hInstance
Definition: commdlg.h:362
HWND hwndOwner
Definition: commdlg.h:361
DWORD Flags
Definition: commdlg.h:373
LPCWSTR lpstrInitialDir
Definition: commdlg.h:371
LPCWSTR lpstrDefExt
Definition: commdlg.h:376
DWORD lStructSize
Definition: commdlg.h:360
LPCWSTR lpstrFilter
Definition: commdlg.h:363
#define WS_EX_STATICEDGE
Definition: winuser.h:403
BOOL WINAPI SetWindowPos(_In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
#define SM_CYSMICON
Definition: winuser.h:1016
#define SM_CXSMICON
Definition: winuser.h:1015
HWND WINAPI CreateWindowExW(_In_ DWORD dwExStyle, _In_opt_ LPCWSTR lpClassName, _In_opt_ LPCWSTR lpWindowName, _In_ DWORD dwStyle, _In_ int X, _In_ int Y, _In_ int nWidth, _In_ int nHeight, _In_opt_ HWND hWndParent, _In_opt_ HMENU hMenu, _In_opt_ HINSTANCE hInstance, _In_opt_ LPVOID lpParam)
BOOL WINAPI UpdateWindow(_In_ HWND)
#define SWP_SHOWWINDOW
Definition: winuser.h:1251
#define CW_USEDEFAULT
Definition: winuser.h:225
#define SWP_HIDEWINDOW
Definition: winuser.h:1244
#define WS_EX_CLIENTEDGE
Definition: winuser.h:384
HICON WINAPI LoadIconW(_In_opt_ HINSTANCE hInstance, _In_ LPCWSTR lpIconName)
Definition: cursoricon.c:2119
#define GWL_EXSTYLE
Definition: winuser.h:854

Referenced by wWinMain().

◆ InitPropertiesDlg()

static VOID InitPropertiesDlg ( HWND  hDlg,
PEVENTLOG  EventLog 
)
static

Definition at line 3880 of file eventvwr.c.

3881{
3882 LPWSTR lpLogName = EventLog->LogName;
3883
3884 DWORD Result, dwType;
3885 DWORD dwMaxSize = 0, dwRetention = 0;
3886 BOOL Success;
3887 WIN32_FIND_DATAW FileInfo; // WIN32_FILE_ATTRIBUTE_DATA
3889 WCHAR wszBuf[MAX_PATH];
3890 WCHAR szTemp[MAX_LOADSTRING];
3892
3893 HKEY hLogKey;
3894 WCHAR *KeyPath;
3895 DWORD cbData;
3896 SIZE_T cbKeyPath;
3897
3898 if (EventLog->Permanent)
3899 {
3900
3901 cbKeyPath = (wcslen(EVENTLOG_BASE_KEY) + wcslen(lpLogName) + 1) * sizeof(WCHAR);
3902 KeyPath = HeapAlloc(GetProcessHeap(), 0, cbKeyPath);
3903 if (!KeyPath)
3904 {
3906 goto Quit;
3907 }
3908
3909 StringCbCopyW(KeyPath, cbKeyPath, EVENTLOG_BASE_KEY);
3910 StringCbCatW(KeyPath, cbKeyPath, lpLogName);
3911
3912 Result = RegOpenKeyExW(hkMachine, KeyPath, 0, KEY_QUERY_VALUE, &hLogKey);
3913 HeapFree(GetProcessHeap(), 0, KeyPath);
3914 if (Result != ERROR_SUCCESS)
3915 {
3917 goto Quit;
3918 }
3919
3920
3921 cbData = sizeof(dwMaxSize);
3922 Result = RegQueryValueExW(hLogKey,
3923 L"MaxSize",
3924 NULL,
3925 &dwType,
3926 (LPBYTE)&dwMaxSize,
3927 &cbData);
3928 if ((Result != ERROR_SUCCESS) || (dwType != REG_DWORD))
3929 {
3930 // dwMaxSize = 512 * 1024; /* 512 kBytes */
3931 /* Workstation: 512 KB; Server: 16384 KB */
3932 dwMaxSize = 16384 * 1024;
3933 }
3934 /* Convert in KB */
3935 dwMaxSize /= 1024;
3936
3937 cbData = sizeof(dwRetention);
3938 Result = RegQueryValueExW(hLogKey,
3939 L"Retention",
3940 NULL,
3941 &dwType,
3942 (LPBYTE)&dwRetention,
3943 &cbData);
3944 if ((Result != ERROR_SUCCESS) || (dwType != REG_DWORD))
3945 {
3946 /* By default, it is 604800 (secs) == 7 days. On Server, the retention is zeroed out. */
3947 dwRetention = 0;
3948 }
3949 /* Convert in days, rounded up */
3950 if (dwRetention != INFINITE)
3951 dwRetention = (dwRetention + 24*3600 - 1) / (24*3600);
3952
3953 RegCloseKey(hLogKey);
3954
3955 }
3956
3957Quit:
3958
3959 SetDlgItemTextW(hDlg, IDC_DISPLAYNAME, lpLogName); // FIXME!
3960 SetDlgItemTextW(hDlg, IDC_LOGNAME, lpLogName);
3961
3962 FileName = EventLog->FileName;
3963 if (FileName && *FileName)
3964 {
3965 /* Expand the file name. If the log file is on a remote computer, retrieve the network share form of the file name. */
3966 GetExpandedFilePathName(EventLog->ComputerName, FileName, wszBuf, ARRAYSIZE(wszBuf));
3967 FileName = wszBuf;
3968 }
3969 else
3970 {
3971 FileName = L"";
3972 }
3974
3975 if (FileName && *FileName)
3976 {
3977 /*
3978 * The general problem here (and in the shell as well) is that
3979 * GetFileAttributesEx fails for files that are opened without
3980 * shared access. To retrieve file information for those we need
3981 * to use something else: FindFirstFile, on the full file name.
3982 */
3986 if (!Success)
3987 {
3989 Success = (hFind != INVALID_HANDLE_VALUE);
3990 if (Success)
3991 FindClose(hFind);
3992 }
3993 }
3994 else
3995 {
3996 Success = FALSE;
3997 }
3998
3999 /* Starting there, FileName becomes invalid because we are reusing wszBuf */
4000
4001 if (Success)
4002 {
4003 FileSize.u.LowPart = FileInfo.nFileSizeLow;
4004 FileSize.u.HighPart = FileInfo.nFileSizeHigh;
4005 if (FormatFileSizeWithBytes(&FileSize, wszBuf, ARRAYSIZE(wszBuf)))
4006 SetDlgItemTextW(hDlg, IDC_SIZE_LABEL, wszBuf);
4007
4008 LoadStringW(hInst, IDS_NOT_AVAILABLE, szTemp, ARRAYSIZE(szTemp));
4009
4010 if (GetFileTimeString(&FileInfo.ftCreationTime, wszBuf, ARRAYSIZE(wszBuf)))
4011 SetDlgItemTextW(hDlg, IDC_CREATED_LABEL, wszBuf);
4012 else
4013 SetDlgItemTextW(hDlg, IDC_CREATED_LABEL, szTemp);
4014
4015 if (GetFileTimeString(&FileInfo.ftLastWriteTime, wszBuf, ARRAYSIZE(wszBuf)))
4016 SetDlgItemTextW(hDlg, IDC_MODIFIED_LABEL, wszBuf);
4017 else
4018 SetDlgItemTextW(hDlg, IDC_MODIFIED_LABEL, szTemp);
4019
4020 if (GetFileTimeString(&FileInfo.ftLastAccessTime, wszBuf, ARRAYSIZE(wszBuf)))
4021 SetDlgItemTextW(hDlg, IDC_ACCESSED_LABEL, wszBuf);
4022 else
4023 SetDlgItemTextW(hDlg, IDC_MODIFIED_LABEL, szTemp);
4024 }
4025 else
4026 {
4027 LoadStringW(hInst, IDS_NOT_AVAILABLE, szTemp, ARRAYSIZE(szTemp));
4028
4029 SetDlgItemTextW(hDlg, IDC_SIZE_LABEL, szTemp);
4030 SetDlgItemTextW(hDlg, IDC_CREATED_LABEL, szTemp);
4031 SetDlgItemTextW(hDlg, IDC_MODIFIED_LABEL, szTemp);
4032 SetDlgItemTextW(hDlg, IDC_ACCESSED_LABEL, szTemp);
4033 }
4034
4035 if (EventLog->Permanent)
4036 {
4039
4040 SetDlgItemInt(hDlg, IDC_EDIT_MAXLOGSIZE, dwMaxSize, FALSE);
4041 SetDlgItemInt(hDlg, IDC_EDIT_EVENTS_AGE, (dwRetention == 0) ? 7 : dwRetention, FALSE);
4042
4043 if (dwRetention == 0)
4044 {
4048 }
4049 else if (dwRetention == INFINITE)
4050 {
4054 }
4055 else
4056 {
4060 }
4061 }
4062 else
4063 {
4064 // TODO: Hide the unused controls! Or, just use another type of property sheet!
4065 }
4066}
#define IDC_DISPLAYNAME
Definition: resource.h:55
#define IDC_UPDOWN_MAXLOGSIZE
Definition: resource.h:63
#define IDC_LOGFILE
Definition: resource.h:57
#define IDC_CREATED_LABEL
Definition: resource.h:59
#define IDC_SIZE_LABEL
Definition: resource.h:58
#define IDC_MODIFIED_LABEL
Definition: resource.h:60
#define IDC_ACCESSED_LABEL
Definition: resource.h:61
#define IDC_LOGNAME
Definition: resource.h:56
#define INVALID_HANDLE_VALUE
Definition: compat.h:731
BOOL WINAPI GetFileAttributesExW(LPCWSTR lpFileName, GET_FILEEX_INFO_LEVELS fInfoLevelId, LPVOID lpFileInformation)
Definition: fileinfo.c:552
HANDLE WINAPI FindFirstFileW(IN LPCWSTR lpFileName, OUT LPWIN32_FIND_DATAW lpFindFileData)
Definition: find.c:320
BOOL WINAPI FindClose(HANDLE hFindFile)
Definition: find.c:502
#define INFINITE
Definition: serial.h:102
BOOL GetFileTimeString(LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
Definition: eventvwr.c:1218
LPWSTR FormatFileSizeWithBytes(const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1184
struct _FileName FileName
Definition: fatprocs.h:897
_Must_inspect_result_ _Out_ PLARGE_INTEGER FileSize
Definition: fsrtlfuncs.h:108
#define UDM_SETRANGE
Definition: commctrl.h:2146
#define UDM_SETRANGE32
Definition: commctrl.h:2156
#define MAKELONG(a, b)
Definition: typedefs.h:249
struct _LARGE_INTEGER::@2299 u
@ GetFileExInfoStandard
Definition: winbase.h:1161
UINT_PTR WPARAM
Definition: windef.h:207
BOOL WINAPI SetDlgItemTextW(_In_ HWND, _In_ int, _In_ LPCWSTR)
LRESULT WINAPI SendDlgItemMessageW(_In_ HWND, _In_ int, _In_ UINT, _In_ WPARAM, _In_ LPARAM)

Referenced by EventLogPropProc().

◆ LoadSettings()

BOOL LoadSettings ( int  nDefCmdShow)

Definition at line 347 of file eventvwr.c.

348{
349 LONG Result;
350 HKEY hKeyEventVwr;
351 DWORD dwType, cbData;
352 WCHAR buffer[100];
353
354 /* Load the default values */
355 Settings.bSaveSettings = TRUE;
356 Settings.bShowDetailsPane = TRUE;
357 Settings.bShowGrid = FALSE;
358 Settings.bNewestEventsFirst = TRUE;
359 Settings.nVSplitPos = 250; /* Splitter default positions */
360 Settings.nHSplitPos = 250;
361 ZeroMemory(&Settings.wpPos, sizeof(Settings.wpPos));
362 Settings.wpPos.length = sizeof(Settings.wpPos);
363 SetRect(&Settings.wpPos.rcNormalPosition,
365 Settings.wpPos.showCmd = nDefCmdShow; // SW_SHOWNORMAL;
366
367 /* Try to open the Event Viewer user key */
370 0,
372 &hKeyEventVwr) != ERROR_SUCCESS)
373 {
374 return FALSE;
375 }
376
377 // Result = RegQueryValueExW(hKeyEventVwr, L"Filter", NULL, &dwType, (LPBYTE)&szFilter, &cbData); // REG_SZ
378 // Result = RegQueryValueExW(hKeyEventVwr, L"Find", NULL, &dwType, (LPBYTE)&szFind, &cbData); // REG_SZ
379 // Result = RegQueryValueExW(hKeyEventVwr, L"Module", NULL, &dwType, (LPBYTE)&szModule, &cbData); // REG_SZ
380
381 cbData = sizeof(buffer);
382 Result = RegQueryValueExW(hKeyEventVwr, L"SaveSettings", NULL, &dwType, (LPBYTE)buffer, &cbData);
383 if (Result == ERROR_SUCCESS)
384 {
385 if (dwType == REG_SZ)
386 {
387 buffer[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
388 Settings.bSaveSettings = !!(DWORD)_wtoi(buffer);
389 }
390 else if (dwType == REG_DWORD && cbData == sizeof(DWORD))
391 {
392 Settings.bSaveSettings = !!*(PDWORD)buffer;
393 }
394 }
395
396 cbData = sizeof(buffer);
397 Result = RegQueryValueExW(hKeyEventVwr, L"DetailsPane", NULL, &dwType, (LPBYTE)buffer, &cbData);
398 if (Result == ERROR_SUCCESS)
399 {
400 if (dwType == REG_SZ)
401 {
402 buffer[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
403 Settings.bShowDetailsPane = !!(DWORD)_wtoi(buffer);
404 }
405 else if (dwType == REG_DWORD && cbData == sizeof(DWORD))
406 {
407 Settings.bShowDetailsPane = !!*(PDWORD)buffer;
408 }
409 }
410
411 cbData = sizeof(buffer);
412 Result = RegQueryValueExW(hKeyEventVwr, L"ShowGrid", NULL, &dwType, (LPBYTE)buffer, &cbData);
413 if (Result == ERROR_SUCCESS)
414 {
415 if (dwType == REG_SZ)
416 {
417 buffer[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
418 Settings.bShowGrid = !!(DWORD)_wtoi(buffer);
419 }
420 else if (dwType == REG_DWORD && cbData == sizeof(DWORD))
421 {
422 Settings.bShowGrid = !!*(PDWORD)buffer;
423 }
424 }
425
426 cbData = sizeof(buffer);
427 Result = RegQueryValueExW(hKeyEventVwr, L"SortOrder", NULL, &dwType, (LPBYTE)buffer, &cbData);
428 if (Result == ERROR_SUCCESS)
429 {
430 if (dwType == REG_SZ)
431 {
432 buffer[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
433 Settings.bNewestEventsFirst = !!(DWORD)_wtoi(buffer);
434 }
435 else if (dwType == REG_DWORD && cbData == sizeof(DWORD))
436 {
437 Settings.bNewestEventsFirst = !!*(PDWORD)buffer;
438 }
439 }
440
441 /* Retrieve the splitter positions */
442 cbData = sizeof(buffer);
443 Result = RegQueryValueExW(hKeyEventVwr, L"VSplitPos", NULL, &dwType, (LPBYTE)buffer, &cbData);
444 if (Result == ERROR_SUCCESS)
445 {
446 if (dwType == REG_SZ)
447 {
448 buffer[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
449 Settings.nVSplitPos = (DWORD)_wtoi(buffer);
450 }
451 else if (dwType == REG_DWORD && cbData == sizeof(DWORD))
452 {
453 Settings.nVSplitPos = *(PDWORD)buffer;
454 }
455 }
456
457 cbData = sizeof(buffer);
458 Result = RegQueryValueExW(hKeyEventVwr, L"HSplitPos", NULL, &dwType, (LPBYTE)buffer, &cbData);
459 if (Result == ERROR_SUCCESS)
460 {
461 if (dwType == REG_SZ)
462 {
463 buffer[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
464 Settings.nHSplitPos = (DWORD)_wtoi(buffer);
465 }
466 else if (dwType == REG_DWORD && cbData == sizeof(DWORD))
467 {
468 Settings.nHSplitPos = *(PDWORD)buffer;
469 }
470 }
471
472 /* Retrieve the geometry of the main window */
473 cbData = sizeof(buffer);
474 Result = RegQueryValueExW(hKeyEventVwr, L"Window", NULL, &dwType, (LPBYTE)buffer, &cbData);
475 if ((Result == ERROR_SUCCESS) && (dwType == REG_SZ))
476 buffer[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
477 else
478 buffer[0] = UNICODE_NULL;
479
480 if (swscanf(buffer, L"%d %d %d %d %d",
481 &Settings.wpPos.rcNormalPosition.left,
482 &Settings.wpPos.rcNormalPosition.top,
483 &Settings.wpPos.rcNormalPosition.right,
484 &Settings.wpPos.rcNormalPosition.bottom,
485 &Settings.wpPos.showCmd) != 5)
486 {
487 /* Parsing failed, use defaults */
488 SetRect(&Settings.wpPos.rcNormalPosition,
490 Settings.wpPos.showCmd = nDefCmdShow; // SW_SHOWNORMAL;
491 }
492
493 RegCloseKey(hKeyEventVwr);
494 return TRUE;
495}
static const LPCWSTR EVNTVWR_PARAM_KEY
Definition: eventvwr.c:25
GLuint buffer
Definition: glext.h:5915
_Check_return_ _CRTIMP int __cdecl swscanf(_In_z_ const wchar_t *_Src, _In_z_ _Scanf_format_string_ const wchar_t *_Format,...)
_Check_return_ _CRTIMP int __cdecl _wtoi(_In_z_ const wchar_t *_Str)
DWORD * PDWORD
Definition: pedump.c:68
#define HKEY_CURRENT_USER
Definition: winreg.h:11
BOOL WINAPI SetRect(_Out_ LPRECT, _In_ int, _In_ int, _In_ int, _In_ int)

◆ MyRegisterClass()

ATOM MyRegisterClass ( HINSTANCE  hInstance)

Definition at line 2682 of file eventvwr.c.

2683{
2684 WNDCLASSEXW wcex;
2685
2686 wcex.cbSize = sizeof(wcex);
2687 wcex.style = 0;
2688 wcex.lpfnWndProc = WndProc;
2689 wcex.cbClsExtra = 0;
2690 wcex.cbWndExtra = 0;
2691 wcex.hInstance = hInstance;
2694 wcex.hbrBackground = (HBRUSH)(COLOR_3DFACE + 1); // COLOR_WINDOW + 1
2699 IMAGE_ICON,
2700 16,
2701 16,
2702 LR_SHARED);
2703
2704 return RegisterClassExW(&wcex);
2705}
#define IDM_EVENTVWR
Definition: resource.h:74
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM)
Definition: eventvwr.c:3337
static HICON
Definition: imagelist.c:80
LPCWSTR lpszClassName
Definition: winuser.h:3229
LPCWSTR lpszMenuName
Definition: winuser.h:3228
HBRUSH hbrBackground
Definition: winuser.h:3227
WNDPROC lpfnWndProc
Definition: winuser.h:3221
UINT cbSize
Definition: winuser.h:3219
int cbWndExtra
Definition: winuser.h:3223
HCURSOR hCursor
Definition: winuser.h:3226
HICON hIconSm
Definition: winuser.h:3230
HINSTANCE hInstance
Definition: winuser.h:3224
UINT style
Definition: winuser.h:3220
int cbClsExtra
Definition: winuser.h:3222
HICON hIcon
Definition: winuser.h:3225
#define IMAGE_ICON
Definition: winuser.h:212
HANDLE WINAPI LoadImageW(_In_opt_ HINSTANCE hInst, _In_ LPCWSTR name, _In_ UINT type, _In_ int cx, _In_ int cy, _In_ UINT fuLoad)
Definition: cursoricon.c:2247
#define IDC_ARROW
Definition: winuser.h:687
ATOM WINAPI RegisterClassExW(_In_ CONST WNDCLASSEXW *)
#define LR_SHARED
Definition: winuser.h:1103
#define COLOR_3DFACE
Definition: winuser.h:932

Referenced by wWinMain().

◆ OpenUserEventLog()

VOID OpenUserEventLog ( VOID  )

Definition at line 2522 of file eventvwr.c.

2523{
2524 WCHAR szFileName[MAX_PATH];
2525
2526 ZeroMemory(szFileName, sizeof(szFileName));
2527
2528 sfn.lpstrFile = szFileName;
2529 sfn.nMaxFile = ARRAYSIZE(szFileName);
2530
2531 if (!GetOpenFileNameW(&sfn))
2532 return;
2534
2536}
BOOL WINAPI GetOpenFileNameW(OPENFILENAMEW *ofn)
Definition: filedlg.c:4736
VOID OpenUserEventLogFile(IN LPCWSTR lpszFileName)
Definition: eventvwr.c:2458

Referenced by WndProc().

◆ OpenUserEventLogFile()

VOID OpenUserEventLogFile ( IN LPCWSTR  lpszFileName)

Definition at line 2458 of file eventvwr.c.

2459{
2460 WIN32_FIND_DATAW FindData;
2461 HANDLE hFind;
2462 PEVENTLOG EventLog;
2463 PEVENTLOGFILTER EventLogFilter;
2464 SIZE_T cchFileName;
2466
2467 /* Check whether the file actually exists */
2468 hFind = FindFirstFileW(lpszFileName, &FindData);
2469 if (hFind == INVALID_HANDLE_VALUE)
2470 {
2472 return;
2473 }
2474 FindClose(hFind);
2475
2476 /* Allocate a new event log entry */
2477 EventLog = AllocEventLog(NULL, lpszFileName, FALSE);
2478 if (EventLog == NULL)
2479 {
2481 return;
2482 }
2483
2484 /* Allocate a new event log filter entry for this event log */
2485 EventLogFilter = AllocEventLogFilter(// LogName,
2486 TRUE, TRUE, TRUE, TRUE, TRUE,
2487 NULL, NULL, NULL,
2488 1, &EventLog);
2489 if (EventLogFilter == NULL)
2490 {
2492 EventLog_Free(EventLog);
2493 return;
2494 }
2495
2496 /* Add the event log and the filter into their lists */
2498 InsertTailList(&EventLogFilterList, &EventLogFilter->ListEntry);
2499
2500 /* Retrieve and cache the event log file */
2501 cchFileName = wcslen(lpszFileName) + 1;
2502 EventLog->FileName = HeapAlloc(GetProcessHeap(), 0, cchFileName * sizeof(WCHAR));
2503 if (EventLog->FileName)
2504 StringCchCopyW(EventLog->FileName, cchFileName, lpszFileName);
2505
2507 (LPWSTR)lpszFileName,
2508 2, 3, (LPARAM)EventLogFilter);
2509
2510 /* Select the event log */
2511 if (hItem)
2512 {
2513 // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2516 }
2519}

Referenced by OpenUserEventLog(), and wWinMain().

◆ ProcessCmdLine()

BOOL ProcessCmdLine ( IN LPWSTR  lpCmdLine)

Definition at line 184 of file eventvwr.c.

185{
187 INT i, argc;
188 LPWSTR* argv;
189
190 /* Skip any leading whitespace */
191 if (lpCmdLine)
192 {
193 while (iswspace(*lpCmdLine))
194 ++lpCmdLine;
195 }
196
197 /* No command line means no processing needed */
198 if (!lpCmdLine || !*lpCmdLine)
199 return TRUE;
200
201 /* Build the arguments vector */
202 argv = CommandLineToArgvW(lpCmdLine, &argc);
203 if (!argv)
204 return FALSE;
205
206 /* Parse the command line for options (skip the program name) */
207 for (i = 1; i < argc; ++i)
208 {
209 /* Check for new options */
210 if (argv[i][0] == L'-' || argv[i][0] == L'/')
211 {
212 if (argv[i][1] == L'?' && argv[i][2] == 0)
213 {
214 /* Display help */
215 DisplayUsage();
216 goto Quit;
217 }
218 else
219 if (argv[i][2] == L':')
220 {
221 switch (towupper(argv[i][1]))
222 {
223 case L'L':
224 {
225 LPWSTR lpNewBuffer;
226 LPWSTR lpFileName = argv[i] + 3;
227 SIZE_T cbFileName;
228
229 /* Check for a quoted file name */
230 if (*