#include "eventvwr.h"#include "evtdetctl.h"#include <sddl.h>#include <shellapi.h>#include <shlwapi.h>#include <pseh/pseh2.h>
Include dependency graph for eventvwr.c:
Go to the source code of this file.
Classes | |
| struct | _SETTINGS |
| struct | param_strings_format_data |
Macros | |
| #define | LVM_PROGRESS (WM_APP + 1) |
| #define | EVENT_MESSAGE_EVENTTEXT_BUFFER (1024*10) |
| #define | EVENT_MESSAGE_FILE_BUFFER (1024*10) |
| #define | EVENT_DLL_SEPARATOR L";" |
| #define | EVENT_CATEGORY_MESSAGE_FILE L"CategoryMessageFile" |
| #define | EVENT_MESSAGE_FILE L"EventMessageFile" |
| #define | EVENT_PARAMETER_MESSAGE_FILE L"ParameterMessageFile" |
| #define | MAX_LOADSTRING 255 |
| #define | SPLIT_WIDTH 4 |
Typedefs | |
| typedef struct _SETTINGS | SETTINGS |
| typedef struct _SETTINGS * | PSETTINGS |
Macro Definition Documentation
◆ EVENT_CATEGORY_MESSAGE_FILE
| #define EVENT_CATEGORY_MESSAGE_FILE L"CategoryMessageFile" |
Definition at line 39 of file eventvwr.c.
◆ EVENT_DLL_SEPARATOR
| #define EVENT_DLL_SEPARATOR L";" |
Definition at line 38 of file eventvwr.c.
◆ EVENT_MESSAGE_EVENTTEXT_BUFFER
| #define EVENT_MESSAGE_EVENTTEXT_BUFFER (1024*10) |
Definition at line 36 of file eventvwr.c.
◆ EVENT_MESSAGE_FILE
| #define EVENT_MESSAGE_FILE L"EventMessageFile" |
Definition at line 40 of file eventvwr.c.
◆ EVENT_MESSAGE_FILE_BUFFER
| #define EVENT_MESSAGE_FILE_BUFFER (1024*10) |
Definition at line 37 of file eventvwr.c.
◆ EVENT_PARAMETER_MESSAGE_FILE
| #define EVENT_PARAMETER_MESSAGE_FILE L"ParameterMessageFile" |
Definition at line 41 of file eventvwr.c.
◆ LVM_PROGRESS
Definition at line 21 of file eventvwr.c.
◆ MAX_LOADSTRING
| #define MAX_LOADSTRING 255 |
Definition at line 43 of file eventvwr.c.
◆ SPLIT_WIDTH
| #define SPLIT_WIDTH 4 |
Definition at line 45 of file eventvwr.c.
Typedef Documentation
◆ PSETTINGS
◆ SETTINGS
Function Documentation
◆ AllocAndCopyMultiStr()
Definition at line 1338 of file eventvwr.c.
1339{
1340 PWSTR pStr;
1342
1343 if (!MultiStr)
1345
1346 pStr = (PWSTR)MultiStr;
1348 Length = MultiStr - pStr + 2;
1349
1351 // NOTE: If we failed allocating the string, then fall back into no filter!
1352 if (pStr)
1354
1355 return pStr;
1356}
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
Referenced by AllocEventLogFilter().
◆ AllocEventLog()
Definition at line 1283 of file eventvwr.c.
1286{
1287 PEVENTLOG EventLog;
1289
1290 /* Allocate a new event log entry */
1292 if (!EventLog)
1294
1295 /* Allocate the computer name string (optional) and copy it */
1296 if (ComputerName)
1297 {
1302 }
1303
1304 /* Allocate the event log name string and copy it */
1308 {
1313 }
1315
1316 EventLog->Permanent = Permanent;
1317
1318 return EventLog;
1319}
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
Definition: eventvwr.h:85
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2754
Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().
◆ AllocEventLogFilter()
| PEVENTLOGFILTER AllocEventLogFilter | ( | IN BOOL | Information, |
| IN BOOL | Warning, | ||
| IN BOOL | Error, | ||
| IN BOOL | AuditSuccess, | ||
| IN BOOL | AuditFailure, | ||
| IN PCWSTR Sources | OPTIONAL, | ||
| IN PCWSTR Users | OPTIONAL, | ||
| IN PCWSTR ComputerNames | OPTIONAL, | ||
| IN ULONG | NumOfEventLogs, | ||
| IN PEVENTLOG * | EventLogs | ||
| ) |
Definition at line 1359 of file eventvwr.c.
1370{
1371 PEVENTLOGFILTER EventLogFilter;
1372
1373 /* Allocate a new event log filter entry, big enough to accommodate the list of logs */
1375 HEAP_ZERO_MEMORY,
1377 if (!EventLogFilter)
1379
1381 EventLogFilter->Warning = Warning;
1383 EventLogFilter->AuditSuccess = AuditSuccess;
1384 EventLogFilter->AuditFailure = AuditFailure;
1385
1386 /* Allocate and copy the sources, users, and computers multi-strings */
1390
1391 /* Copy the list of event logs */
1392 EventLogFilter->NumOfEventLogs = NumOfEventLogs;
1394
1395 /* Initialize the filter reference count */
1396 EventLogFilter->ReferenceCount = 1;
1397
1398 return EventLogFilter;
1399}
PWSTR AllocAndCopyMultiStr(IN PCWSTR MultiStr OPTIONAL)
Definition: eventvwr.c:1338
Definition: eventvwr.h:106
Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().
◆ ApplyParameterStringsToMessage()
| DWORD ApplyParameterStringsToMessage | ( | IN LPCWSTR | lpMessageDllList, |
| IN BOOL | bMessagePreFormatted, | ||
| IN CONST LPCWSTR | pMessage, | ||
| OUT LPWSTR * | pFinalMessage | ||
| ) |
Definition at line 903 of file eventvwr.c.
908{
909 /*
910 * This code is heavily adapted from the MSDN example:
911 * https://msdn.microsoft.com/en-us/library/windows/desktop/bb427356.aspx
912 * with bugs removed.
913 */
914
918 size_t cchParams = 0; // Number of characters in all the parameter strings
921 param_strings_format_data* pParamData = NULL; // Array of pointers holding information about each parameter string in pMessage
924
925 *pFinalMessage = NULL;
926
927 /* Determine the number of parameter insertion strings in pMessage */
928 if (bMessagePreFormatted)
929 {
931 {
932 pTempMessage++;
934 {
935 dwParamCount++;
937 }
938 }
939 }
940 else
941 {
943 {
944 pTempMessage += 2;
946 {
947 dwParamCount++;
949 }
950 }
951 }
952
953 /* If there are no parameter insertion strings in pMessage, just return */
954 if (dwParamCount == 0)
955 {
956 // *pFinalMessage = NULL;
958 }
959
960 /* Allocate the array of parameter string format data */
961 pParamData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwParamCount * sizeof(param_strings_format_data));
962 if (!pParamData)
963 {
966 }
967
968 /*
969 * Retrieve each parameter in pMessage and the beginning and end of the
970 * insertion string, as well as the message identifier of the parameter.
971 */
972 pTempMessage = (LPWSTR)pMessage;
973 if (bMessagePreFormatted)
974 {
976 {
977 pTempMessage++;
979 {
982
984
986 i++;
987 }
988 }
989 }
990 else
991 {
993 {
994 pTempMessage += 2;
996 {
999
1001
1003 i++;
1004 }
1005 }
1006 }
1007
1008 /* Retrieve each parameter string */
1010 {
1011 // pParamData[i].pParameter = GetMessageString(pParamData[i].pParameterID, 0, NULL);
1013 GetMessageStringFromDllList(lpMessageDllList,
1016 pParamData[i].pParameterID,
1017 0, NULL);
1019 {
1020 /* Skip the insertion string */
1021 continue;
1022 }
1023
1025 }
1026
1027 /*
1028 * Allocate the final message buffer, the size of which is based on the
1029 * length of the original message and the length of each parameter string.
1030 */
1033 if (!*pFinalMessage)
1034 {
1037 }
1038
1039 pTempFinalMessage = *pFinalMessage;
1040
1041 /* Build the final message string */
1042 pTempMessage = (LPWSTR)pMessage;
1044 {
1045 /* Append the segment from pMessage */
1050 pTempFinalMessage += cch;
1051
1052 /* Append the parameter string */
1054 {
1057 }
1058 else
1059 {
1060 /*
1061 * We failed to retrieve the parameter string before, so just
1062 * place back the original string placeholder.
1063 */
1066 // cch = wcslen(pTempFinalMessage);
1067 }
1069 pTempFinalMessage += cch;
1070 }
1071
1072 /* Append the last segment from pMessage */
1074
1075Cleanup:
1076
1077 // if (Status != ERROR_SUCCESS)
1078 // *pFinalMessage = NULL;
1079
1080 if (pParamData)
1081 {
1083 {
1086 }
1087
1089 }
1090
1092}
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:842
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_Check_return_ _CRTIMP long __cdecl _wtol(_In_z_ const wchar_t *_Str)
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
Definition: eventvwr.c:895
Referenced by GetEventMessage().
◆ BuildLogListAndFilterList()
Definition at line 2789 of file eventvwr.c.
2790{
2792 HKEY hEventLogKey, hLogKey;
2793 DWORD dwNumLogs = 0;
2794 DWORD dwIndex, dwMaxKeyLength;
2795 DWORD dwType;
2796 PEVENTLOG EventLog;
2797 PEVENTLOGFILTER EventLogFilter;
2800 DWORD lpcName;
2801 DWORD dwMessageID;
2804
2806 {
2807 /* We are connected to some other computer, close the old connection */
2810 }
2812 {
2813 /* Use the local computer registry */
2815 }
2816 else
2817 {
2818 /* Connect to the remote computer registry */
2821 {
2822 /* Connection failed, display a message and bail out */
2825 return;
2826 }
2827 }
2828
2829 /* Open the EventLog key */
2832 {
2833 return;
2834 }
2835
2836 /* Retrieve the number of event logs enumerated as registry keys */
2840 {
2841 goto Quit;
2842 }
2843 if (!dwNumLogs)
2844 goto Quit;
2845
2846 /* Take the NULL terminator into account */
2847 ++dwMaxKeyLength;
2848
2849 /* Allocate the temporary buffer */
2851 if (!LogName)
2852 goto Quit;
2853
2854 /* Enumerate and retrieve each event log name */
2855 for (dwIndex = 0; dwIndex < dwNumLogs; dwIndex++)
2856 {
2857 lpcName = dwMaxKeyLength;
2860 continue;
2861
2862 /* Take the NULL terminator into account */
2863 ++lpcName;
2864
2865 /* Allocate a new event log entry */
2868 continue;
2869
2870 /* Allocate a new event log filter entry for this event log */
2874 1, &EventLog);
2876 {
2877 EventLog_Free(EventLog);
2878 continue;
2879 }
2880
2881 /* Add the event log and the filter into their lists */
2884
2886
2887 /* Retrieve and cache the event log file */
2889 LogName,
2890 0,
2891 KEY_QUERY_VALUE,
2892 &hLogKey);
2894 {
2895 lpcName = 0;
2898 NULL,
2899 &dwType,
2900 NULL,
2901 &lpcName);
2903 {
2904 // Windows' EventLog uses some kind of default value, we do not.
2906 }
2907 else
2908 {
2912 {
2915 NULL,
2916 &dwType,
2918 &lpcName);
2920 {
2923 }
2924 else
2925 {
2927 }
2928 }
2929 }
2930
2931 RegCloseKey(hLogKey);
2932 }
2933
2934 /* Get the display name for the event log */
2936
2939 {
2940 /* Retrieve the message string without appending extra newlines */
2941 lpDisplayName =
2945 dwMessageID,
2946 0,
2947 NULL);
2948 }
2949
2950 /*
2951 * Select the correct tree root node, whether the log is a System
2952 * or an Application log. Default to Application log otherwise.
2953 */
2954 hRootNode = htiAppLogs;
2956 {
2957 /* Check whether the log name is part of the system logs */
2959 {
2960 hRootNode = htiSystemLogs;
2961 break;
2962 }
2963 }
2964
2967 2, 3, (LPARAM)EventLogFilter);
2968
2969 /* Try to get the default event log: "Application" */
2971 {
2972 hItemDefault = hItem;
2973 }
2974
2975 /* Free the buffer allocated by FormatMessage */
2978 }
2979
2981
2982Quit:
2983 RegCloseKey(hEventLogKey);
2984
2985 /* Select the default event log */
2986 if (hItemDefault)
2987 {
2988 // TreeView_Expand(hwndTreeView, hRootNode, TVE_EXPAND);
2991 }
2994
2995 return;
2996}
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3353
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2524
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3687
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4118
PEVENTLOG AllocEventLog(IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
Definition: eventvwr.c:1283
BOOL GetDisplayNameFileAndID(IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
Definition: eventvwr.c:2709
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:738
HTREEITEM TreeViewAddItem(IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
Definition: eventvwr.c:1253
PEVENTLOGFILTER AllocEventLogFilter(IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
Definition: eventvwr.c:1359
Definition: nsiface.idl:2307
#define UNICODE_NULL
Definition: treeview.c:141
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2777
HWND WINAPI SetFocus(_In_opt_ HWND)
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
Referenced by wWinMain().
◆ ClearEvents()
| BOOL ClearEvents | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 2612 of file eventvwr.c.
2613{
2615 PEVENTLOG EventLog;
2616 HANDLE hEventLog;
2619
2620 /* Bail out if there is no available filter */
2621 if (!EventLogFilter)
2623
2626
2628
2631
2633 {
2636
2639 break;
2640
2644 break;
2645 }
2646
2647 EventLogFilter_AddRef(EventLogFilter);
2648
2649 EventLog = EventLogFilter->EventLogs[0];
2651
2652 EventLogFilter_Release(EventLogFilter);
2653
2654 if (!hEventLog)
2655 {
2658 }
2659
2663
2664 CloseEventLog(hEventLog);
2666}
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1422
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
Referenced by EventLogPropProc(), and WndProc().
◆ CloseUserEventLog()
| VOID CloseUserEventLog | ( | IN PEVENTLOGFILTER | EventLogFilter, |
| IN HTREEITEM | hti | ||
| ) |
Definition at line 2577 of file eventvwr.c.
2578{
2579 /* Bail out if there is no available filter */
2580 if (!EventLogFilter)
2581 return;
2582
2584 {
2585 /* Signal the enumerator thread we want to stop enumerating events */
2586 // EnumEvents(NULL);
2589 }
2590
2591 /*
2592 * The deletion of the item automatically triggers a TVN_SELCHANGED
2593 * notification, that will reset the ActiveFilter (in case the item
2594 * selected is a filter). Otherwise we reset it there.
2595 */
2597
2598 /* Remove the filter from the list */
2599 RemoveEntryList(&EventLogFilter->ListEntry);
2600 EventLogFilter_Release(EventLogFilter);
2601
2602 // /* Select the default event log */
2603 // // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2604 // TreeView_SelectItem(hwndTreeView, hItem);
2605 // TreeView_EnsureVisible(hwndTreeView, hItem);
2608}
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
Referenced by WndProc().
◆ DisplayUsage()
Definition at line 164 of file eventvwr.c.
Referenced by ProcessCmdLine().
◆ EnumEvents()
| VOID EnumEvents | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 2422 of file eventvwr.c.
2423{
2424 /* Signal the enumerator thread we want to enumerate events */
2427 return;
2428}
◆ EnumEventsThread()
HACK!!
Definition at line 1962 of file eventvwr.c.
1963{
1965 PEVENTLOG EventLog;
1966
1967 ULONG LogIndex;
1968 HANDLE hEventLog;
1970 PBYTE pEvlrEnd;
1971 PBYTE pEvlrBuffer;
1973 DWORD dwTotalRecords = 0, dwCurrentRecord = 0;
1975 size_t cchRemaining;
1976 LPWSTR lpszSourceName;
1977 LPWSTR lpszComputerName;
1981
1982 UINT uStep = 0, uStepAt = 0, uPos = 0;
1983
1995 PWCHAR lpTitleTemplateEnd;
1996
1998 LVITEMW lviEventItem;
1999
2000 /* Save the current event log filter globally */
2001 EventLogFilter_AddRef(EventLogFilter);
2002 ActiveFilter = EventLogFilter;
2003
2004
2006 EventLog = EventLogFilter->EventLogs[0];
2007
2008 // FIXME: Use something else instead of EventLog->LogName !!
2009
2010 /*
2011 * Use a different formatting, whether the event log filter holds
2012 * only one log, or many logs (the latter case is WIP TODO!)
2013 */
2015 {
2016 StringCchPrintfExW(szWindowTitle,
2017 ARRAYSIZE(szWindowTitle),
2018 &lpTitleTemplateEnd,
2019 &cchRemaining,
2020 0,
2022 dwMaxLength = (DWORD)cchRemaining;
2024 GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
2025 else
2027
2028 StringCbPrintfW(szStatusText,
2029 sizeof(szStatusText),
2030 szStatusBarTemplate,
2031 EventLog->LogName,
2032 0,
2033 0);
2034 }
2035 else
2036 {
2037 // TODO: Use a different title & implement filtering for multi-log filters !!
2038 // (EventLogFilter->NumOfEventLogs > 1)
2041 szTitle,
2043 }
2044
2045 /* Set the window title */
2047
2048 /* Update the status bar */
2050
2051
2052 /* Disable list view redraw */
2054
2055 /* Clear the list view and free the cached records */
2057 FreeRecords();
2058
2063
2064 /* Do a loop over the logs enumerated in the filter */
2065 // FIXME: For now we only support 1 event log per filter!
2066 LogIndex = 0;
2067 // for (LogIndex = 0; LogIndex < EventLogFilter->NumOfEventLogs; ++LogIndex)
2068 {
2069
2070 EventLog = EventLogFilter->EventLogs[LogIndex];
2071
2072 /* Open the event log */
2075 else
2077
2079 {
2082 }
2083
2084 // GetOldestEventLogRecord(hEventLog, &dwThisRecord);
2085
2086 /* Get the total number of event log records */
2087 GetNumberOfEventLogRecords(hEventLog, &dwTotalRecords);
2088
2089 if (dwTotalRecords > 0)
2090 {
2093 }
2094 else
2095 {
2098 }
2099
2100 /* Set up the event records cache */
2101 g_RecordPtrs = HeapAlloc(hProcessHeap, HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(*g_RecordPtrs));
2103 {
2104 // ShowWin32Error(GetLastError());
2105 goto Quit;
2106 }
2107 g_TotalRecords = dwTotalRecords;
2108
2110 goto Quit;
2111
2114
2116 uStepAt = (dwTotalRecords / 100) + 1;
2117
2118 dwFlags = EVENTLOG_SEQUENTIAL_READ | (Settings.bNewestEventsFirst ? EVENTLOG_FORWARDS_READ : EVENTLOG_BACKWARDS_READ);
2119
2120 /* 0x7ffff is the maximum buffer size ReadEventLog will accept */
2121 dwWanted = 0x7ffff;
2123
2124 if (!pEvlr)
2125 goto Quit;
2126
2128 {
2131
2133 {
2135 dwWanted = dwNeeded;
2136
2137 if (!pEvlr)
2138 break;
2139
2141
2142 if (!bResult)
2143 break;
2144 }
2145 else if (!bResult)
2146 {
2147 /* Exit on other errors (ERROR_HANDLE_EOF) */
2148 break;
2149 }
2150
2151 pEvlrBuffer = (LPBYTE)pEvlr;
2152 pEvlrEnd = pEvlrBuffer + dwRead;
2153
2154 while (pEvlrBuffer < pEvlrEnd)
2155 {
2157 PWSTR lpszUsername, lpszCategoryName;
2159
2160 // ProgressBar_StepIt(hwndStatusProgress);
2161 uStep++;
2162 if (uStep % uStepAt == 0)
2163 {
2164 ++uPos;
2166 }
2167
2169 goto Quit;
2170
2171 /* Filter by event type */
2173 goto SkipEvent;
2174
2175 /* Get the event source name and filter it */
2178 goto SkipEvent;
2179
2180 /* Get the computer name and filter it */
2181 lpszComputerName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD) + (wcslen(lpszSourceName) + 1) * sizeof(WCHAR));
2183 goto SkipEvent;
2184
2185 /* Compute the event time */
2187 GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, ARRAYSIZE(szLocalDate));
2189
2190 /* Get the username that generated the event, and filter it */
2191 lpszUsername = GetEventUserName(pEvlrTmp, &pLastSid, szUsername) ? szUsername : szNoUsername;
2192
2194 goto SkipEvent;
2195
2196 // TODO: Filter by event ID and category
2198
2199 lpszCategoryName = GetEventCategory(EventLog->LogName, lpszSourceName, pEvlrTmp, szCategory) ? szCategory : szNoCategory;
2200
2203
2206
2208 lviEventItem.iItem = 0;
2209 lviEventItem.iSubItem = 0;
2211 lviEventItem.pszText = szEventTypeText;
2212
2214 {
2217 lviEventItem.iImage = 0;
2218 break;
2219
2221 lviEventItem.iImage = 1;
2222 break;
2223
2225 lviEventItem.iImage = 2;
2226 break;
2227
2229 lviEventItem.iImage = 3;
2230 break;
2231
2233 lviEventItem.iImage = 4;
2234 break;
2235 }
2236
2238
2246
2247SkipEvent:
2248 pEvlrBuffer += pEvlrTmp->Length;
2249 dwCurrentRecord++;
2250 }
2251 }
2252
2253Quit:
2254
2255 if (pEvlr)
2257
2258 /* Close the event log */
2259 CloseEventLog(hEventLog);
2260
2261 } // end-for (LogIndex)
2262
2263 /* All events loaded */
2264
2265Cleanup:
2266
2269
2270 // FIXME: Use something else instead of EventLog->LogName !!
2271
2272 /*
2273 * Use a different formatting, whether the event log filter holds
2274 * only one log, or many logs (the latter case is WIP TODO!)
2275 */
2277 {
2278 StringCbPrintfW(szStatusText,
2279 sizeof(szStatusText),
2280 szStatusBarTemplate,
2281 EventLog->LogName,
2282 dwTotalRecords,
2284 }
2285 else
2286 {
2287 // TODO: Use a different title & implement filtering for multi-log filters !!
2288 // (EventLogFilter->NumOfEventLogs > 1)
2289 }
2290
2291 /* Update the status bar */
2293
2294 /* Resume list view redraw */
2296
2297 EventLogFilter_Release(EventLogFilter);
2298
2301
2302 return 0;
2303}
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
BOOL GetEventCategory(IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
Definition: eventvwr.c:1589
VOID EventTimeToSystemTime(IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
Definition: eventvwr.c:713
BOOL FilterByString(IN PCWSTR FilterString, IN PWSTR String)
Definition: eventvwr.c:1905
BOOL FilterByType(IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
Definition: eventvwr.c:1889
BOOL GetEventUserName(IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
Definition: eventvwr.c:1800
VOID GetEventType(IN WORD dwEventType, OUT PWCHAR eventTypeText)
Definition: eventvwr.c:1770
struct _EVENTLOGFILTER * PEVENTLOGFILTER
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1079
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:979
#define LOCALE_USER_DEFAULT
#define ListView_SetItemText(hwndLV, i, iSubItem_, pszText_)
Definition: commctrl.h:2691
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
STRSAFEAPI StringCbPrintfW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:557
Definition: winnt_old.h:2887
Definition: ms-dtyp.idl:198
Definition: winbase.h:904
Definition: commctrl.h:2359
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_POWER_POLICY_IDLE_SETTINGS Settings
Definition: wdfdevice.h:2595
struct _EVENTLOGRECORD * PEVENTLOGRECORD
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
BOOL WINAPI SetWindowTextW(_In_ HWND, _In_opt_ LPCWSTR)
BOOL WINAPI EnableMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
Referenced by StartStopEnumEventsThread().
◆ EventDetails()
Definition at line 4318 of file eventvwr.c.
4319{
4320 switch (uMsg)
4321 {
4323 {
4324 LONG_PTR dwStyle;
4326 INT iEventItem;
4327
4330 {
4331 EndDialog(hDlg, 0);
4333 }
4334
4335 /* Create a size grip if the dialog has a sizing border */
4336 GetClientRect(hDlg, &rcWnd);
4339 {
4342
4344 NULL,
4346 rcWnd.right - sbVXSize,
4347 rcWnd.bottom - sbHYSize,
4348 sbVXSize, sbHYSize,
4349 hDlg,
4350 NULL,
4351 hInst,
4352 NULL);
4353 }
4354
4355 // SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)hWndDetailsCtrl);
4356
4357 /*
4358 * Compute the minimum window size (in window coordinates) by
4359 * adding the widths/heights of the "Help" and "Close" buttons,
4360 * together with the margins, and add some minimal spacing
4361 * between the buttons.
4362 */
4363 GetWindowRect(hDlg, &rcWnd);
4365
4368 cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4369
4371 cxMin += (rect.right - rect.left) + (rcWnd.right - rect.right); // == (rcWnd.right - rect.left);
4372 cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4373
4374 /*
4375 * Convert the window rect from window to client coordinates
4376 * in order to retrieve the sizes of the left and top margins,
4377 * and add some extra space.
4378 */
4380
4383
4384 GetClientRect(hDlg, &rcWnd);
4385 cxOld = rcWnd.right - rcWnd.left;
4386 cyOld = rcWnd.bottom - rcWnd.top;
4387
4388 /* Show event info in dialog control */
4391
4392 // SetWindowPos(hWndDetailsCtrl, NULL,
4393 // 0, 0,
4394 // (rcWnd.right - rcWnd.left),
4395 // (rcWnd.bottom - rcWnd.top),
4396 // SWP_NOZORDER | SWP_NOACTIVATE | SWP_SHOWWINDOW);
4397
4398 /*
4399 * Hide the placeholder static control and show the event details
4400 * control instead. Note that the placeholder is here so far just
4401 * to get the dimensions right in the dialog resource editor.
4402 * I plan to remove it and use a custom control with a suitable
4403 * window class for it, that would create the event details control
4404 * instead.
4405 */
4409 }
4410
4416
4419 {
4424
4426 MessageBoxW(hDlg,
4428 szTitle,
4431
4432 default:
4433 break;
4434 }
4435 break;
4436
4439 {
4443 }
4444 break;
4445
4447 {
4448 /* Forbid resizing the dialog smaller than its minimal size */
4450
4452 {
4455 }
4456
4458 {
4461 }
4462
4464 {
4467 }
4468
4470 {
4473 }
4474
4477 }
4478
4480 {
4483
4484 HDWP hdwp;
4485 HWND hItemWnd;
4487
4488 hdwp = BeginDeferWindowPos(4);
4489
4490 /* Resize the event details control window */
4491
4492 hItemWnd = hWndDetailsCtrl;
4495
4496 if (hdwp)
4497 hdwp = DeferWindowPos(hdwp,
4498 hItemWnd,
4499 HWND_TOP,
4500 0, 0,
4504
4505 /* Move the buttons */
4506
4510
4511 if (hdwp)
4512 hdwp = DeferWindowPos(hdwp,
4513 hItemWnd,
4514 HWND_TOP,
4515 rect.left,
4517 0, 0,
4519
4523
4524 if (hdwp)
4525 hdwp = DeferWindowPos(hdwp,
4526 hItemWnd,
4527 HWND_TOP,
4530 0, 0,
4532
4533 /* Move the size grip */
4535 {
4538
4539 hdwp = DeferWindowPos(hdwp,
4540 hWndGrip,
4541 HWND_TOP,
4544 0, 0,
4546 }
4547
4548 if (hdwp)
4549 EndDeferWindowPos(hdwp);
4550
4551 /* Hide the size grip if we are in maximized mode */
4554
4557
4560 }
4561 }
4562
4564}
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:954
struct _EVENTDETAIL_INFO * PEVENTDETAIL_INFO
Definition: polytest.cpp:47
Definition: windef.h:305
BOOL WINAPI IsWindow(_In_opt_ HWND)
BOOL WINAPI GetWindowRect(_In_ HWND, _Out_ LPRECT)
HCURSOR WINAPI SetCursor(_In_opt_ HCURSOR)
BOOL WINAPI EndDeferWindowPos(_In_ HDWP)
HCURSOR WINAPI LoadCursorW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
Definition: cursoricon.c:2074
int WINAPI MapWindowPoints(_In_opt_ HWND hWndFrom, _In_opt_ HWND hWndTo, _Inout_updates_(cPoints) LPPOINT lpPoints, _In_ UINT cPoints)
HWND WINAPI GetDlgItem(_In_opt_ HWND, _In_ int)
BOOL WINAPI GetClientRect(_In_ HWND, _Out_ LPRECT)
HDWP WINAPI DeferWindowPos(_In_ HDWP, _In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
BOOL WINAPI DestroyWindow(_In_ HWND)
int WINAPI GetSystemMetrics(_In_ int)
HDWP WINAPI BeginDeferWindowPos(_In_ int)
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
Referenced by WndProc().
◆ EventLog_Free()
Definition at line 1322 of file eventvwr.c.
1323{
1324 if (EventLog->LogName)
1326
1327 if (EventLog->ComputerName)
1329
1330 if (EventLog->FileName)
1332
1334}
Referenced by BuildLogListAndFilterList(), FreeLogList(), and OpenUserEventLogFile().
◆ EventLogFilter_AddRef()
| LONG EventLogFilter_AddRef | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 1416 of file eventvwr.c.
Referenced by ClearEvents(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().
◆ EventLogFilter_Free()
| VOID EventLogFilter_Free | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 1402 of file eventvwr.c.
1403{
1404 if (EventLogFilter->Sources)
1406
1407 if (EventLogFilter->Users)
1409
1410 if (EventLogFilter->ComputerNames)
1412
1414}
Referenced by EventLogFilter_Release(), and FreeLogFilterList().
◆ EventLogFilter_Release()
| LONG EventLogFilter_Release | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
RemoveEntryList(&EventLogFilter->ListEntry);
Definition at line 1422 of file eventvwr.c.
1423{
1424 LONG RefCount;
1425
1426 ASSERT(EventLogFilter);
1427
1428 /* When the reference count reaches zero, delete the filter */
1429 RefCount = InterlockedDecrement(&EventLogFilter->ReferenceCount);
1430 if (RefCount <= 0)
1431 {
1432 /* Remove the filter from the list */
1434 EventLogFilter_Free(EventLogFilter);
1435 }
1436
1437 return RefCount;
1438}
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1402
Referenced by ClearEvents(), CloseUserEventLog(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().
◆ EventLogProperties()
| INT_PTR EventLogProperties | ( | HINSTANCE | hInstance, |
| HWND | hWndParent, | ||
| PEVENTLOGFILTER | EventLogFilter | ||
| ) |
Definition at line 4252 of file eventvwr.c.
4253{
4255 PROPSHEETHEADERW psh;
4257
4258 /*
4259 * Bail out if there is no available filter, or if the filter
4260 * contains more than one log.
4261 */
4262 if (!EventLogFilter)
4263 return 0;
4264
4265 EventLogFilter_AddRef(EventLogFilter);
4266
4269 {
4270 goto Quit;
4271 }
4272
4273 /* Header */
4275 psh.dwFlags = PSH_PROPSHEETPAGE /*| PSH_USEICONID */ | PSH_PROPTITLE | PSH_HASHELP /*| PSH_NOCONTEXTHELP */ /*| PSH_USECALLBACK */;
4278 // psh.pszIcon = MAKEINTRESOURCEW(IDI_APPICON); // Disabled because it only sets the small icon; the big icon is a stretched version of the small one.
4280 psh.nStartPage = 0;
4281 psh.ppsp = psp;
4283 // psh.pfnCallback = PropSheetCallback;
4284
4285 /* Log properties page */
4292
4293#if 0
4294 /* TODO: Log sources page */
4295 psp[1].dwSize = sizeof(psp[1]);
4301#endif
4302
4303 /* Create the property sheet */
4305
4306Quit:
4307 EventLogFilter_Release(EventLogFilter);
4309}
INT_PTR CALLBACK EventLogPropProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
Definition: eventvwr.c:4131
INT_PTR CALLBACK GeneralPageWndProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
Definition: generalpage.c:25
Definition: prsht.h:292
Definition: prsht.h:213
Referenced by WndProc().
◆ EventLogPropProc()
Definition at line 4131 of file eventvwr.c.
4132{
4133 PEVENTLOG EventLog;
4135
4137
4138 switch (uMsg)
4139 {
4141 {
4144
4145 InitPropertiesDlg(hDlg, EventLog);
4146
4149 }
4150
4153
4156 {
4159 SavePropertiesDlg(hDlg, EventLog);
4161 }
4162 break;
4163
4166 {
4171
4173 {
4176 {
4177 Refresh(EventLogFilter);
4178 InitPropertiesDlg(hDlg, EventLog);
4179 }
4181 }
4182
4186 {
4188 }
4190
4192 {
4198 }
4199
4201 {
4207 }
4208
4210 {
4216 }
4217
4219 {
4221
4223 {
4225 /* Workstation: 512 KB; Server: 16384 KB */
4231 }
4233 }
4234
4236 MessageBoxW(hDlg,
4238 szTitle,
4241
4242 default:
4243 break;
4244 }
4245 break;
4246 }
4247
4249}
PEVENTLOGFILTER GetSelectedFilter(OUT HTREEITEM *phti OPTIONAL)
Definition: eventvwr.c:2432
static VOID SavePropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:4072
static VOID InitPropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:3882
struct _EVENTLOG * PEVENTLOG
Definition: inflate.c:139
Definition: winuser.h:3146
BOOL WINAPI SetDlgItemInt(_In_ HWND, _In_ int, _In_ UINT, _In_ BOOL)
HWND WINAPI GetParent(_In_ HWND)
BOOL WINAPI CheckRadioButton(_In_ HWND, _In_ int, _In_ int, _In_ int)
Referenced by EventLogProperties().
◆ EventTimeToSystemTime()
| VOID EventTimeToSystemTime | ( | IN DWORD | EventTime, |
| OUT PSYSTEMTIME | pSystemTime | ||
| ) |
Definition at line 713 of file eventvwr.c.
715{
716 SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
717 FILETIME ftLocal;
718 union
719 {
720 FILETIME ft;
722 } u1970, uUCT;
723
724 uUCT.ft.dwHighDateTime = 0;
725 uUCT.ft.dwLowDateTime = EventTime;
726 SystemTimeToFileTime(&st1970, &u1970.ft);
727 uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
728 FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
729 FileTimeToSystemTime(&ftLocal, pSystemTime);
730}
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:188
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:158
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:221
Definition: mapidefs.h:60
Referenced by EnumEventsThread().
◆ FilterByString()
Definition at line 1905 of file eventvwr.c.
1907{
1908 PCWSTR pStr;
1909
1910 /* The filter string is NULL so it does not filter anything */
1911 if (!FilterString)
1913
1914 /*
1915 * If the filter string filters for an empty string AND the source string
1916 * is an empty string, we have a match (particular case of the last one).
1917 */
1920
1921 // if (*FilterString || *String)
1922
1923 /*
1924 * If the filter string is empty BUT the source string is not empty,
1925 * OR vice-versa, we cannot have a match.
1926 */
1929
1930 /*
1931 * If the filter string filters for at least a non-empty string,
1932 * browse it and search for a string that matches the source string.
1933 */
1934 // else if (*FilterString && *String)
1935 {
1936 pStr = FilterString;
1937 while (*pStr)
1938 {
1940 {
1941 /* We have a match, break the loop */
1942 break;
1943 }
1944
1945 pStr += (wcslen(pStr) + 1);
1946 }
1947 if (!*pStr) // && *String
1948 {
1949 /* We do not have a match */
1951 }
1952 }
1953
1954 /* We have a match */
1956}
Referenced by EnumEventsThread().
◆ FilterByType()
| BOOL FilterByType | ( | IN PEVENTLOGFILTER | EventLogFilter, |
| IN PEVENTLOGRECORD | pevlr | ||
| ) |
Definition at line 1889 of file eventvwr.c.
1891{
1893 (pevlr->EventType == EVENTLOG_INFORMATION_TYPE && !EventLogFilter->Information ) ||
1894 (pevlr->EventType == EVENTLOG_WARNING_TYPE && !EventLogFilter->Warning ) ||
1895 (pevlr->EventType == EVENTLOG_ERROR_TYPE && !EventLogFilter->Error ) ||
1896 (pevlr->EventType == EVENTLOG_AUDIT_SUCCESS && !EventLogFilter->AuditSuccess) ||
1897 (pevlr->EventType == EVENTLOG_AUDIT_FAILURE && !EventLogFilter->AuditFailure))
1898 {
1900 }
1902}
Referenced by EnumEventsThread().
◆ FormatByteSize()
Definition at line 1161 of file eventvwr.c.
1162{
1163 UINT cchWritten, cchRemaining;
1164 LPWSTR pwszEnd;
1165 size_t cchStringRemaining;
1166
1167 /* Write formated bytes count */
1168 cchWritten = FormatInteger(cbSize, pwszResult, cchResultMax);
1169 if (!cchWritten)
1170 return 0;
1171
1172 /* Copy " bytes" to buffer */
1173 pwszEnd = pwszResult + cchWritten;
1174 cchRemaining = cchResultMax - cchWritten;
1176 cchRemaining = (UINT)cchStringRemaining;
1178 cchRemaining -= cchWritten;
1179
1180 return cchResultMax - cchRemaining;
1181}
UINT FormatInteger(LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1101
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
Referenced by FormatFileSizeWithBytes().
◆ FormatFileSizeWithBytes()
| LPWSTR FormatFileSizeWithBytes | ( | const PULARGE_INTEGER | lpQwSize, |
| LPWSTR | pwszResult, | ||
| UINT | cchResultMax | ||
| ) |
Definition at line 1184 of file eventvwr.c.
1185{
1186 UINT cchWritten, cchRemaining;
1187 LPWSTR pwszEnd;
1188 size_t cchCopyRemaining;
1189
1190 /* Format bytes in KBs, MBs etc */
1193
1194 /* If there is less bytes than 1KB, we have nothing to do */
1196 return pwszResult;
1197
1198 /* Concatenate " (" */
1200 pwszEnd = pwszResult + cchWritten;
1201 cchRemaining = cchResultMax - cchWritten;
1203 cchRemaining = (UINT)cchCopyRemaining;
1204
1205 /* Write formated bytes count */
1207 pwszEnd += cchWritten;
1208 cchRemaining -= cchWritten;
1209
1210 /* Copy ")" to the buffer */
1212
1213 return pwszResult;
1214}
LPWSTR WINAPI StrFormatByteSizeW(LONGLONG llBytes, LPWSTR lpszDest, UINT cchMax)
Definition: string.c:2380
UINT FormatByteSize(LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1161
Referenced by InitPropertiesDlg().
◆ FormatInteger()
Definition at line 1101 of file eventvwr.c.
1102{
1103 WCHAR wszNumber[24];
1104 WCHAR wszDecimalSep[8], wszThousandSep[8];
1105 NUMBERFMTW nf;
1106 WCHAR wszGrouping[12];
1107 INT cchGrouping;
1108 INT cchResult;
1110
1111 // Print the number in uniform mode
1113
1114 // Get system strings for decimal and thousand separators.
1116 GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_STHOUSAND, wszThousandSep, _countof(wszThousandSep));
1117
1118 // Initialize format for printing the number in bytes
1120 nf.lpDecimalSep = wszDecimalSep;
1121 nf.lpThousandSep = wszThousandSep;
1122
1123 // Get system string for groups separator
1125 LOCALE_SGROUPING,
1126 wszGrouping,
1127 _countof(wszGrouping));
1128
1129 // Convert grouping specs from string to integer
1131 {
1133
1137 break;
1138 }
1139
1141 nf.Grouping /= 10;
1142 else
1143 nf.Grouping *= 10;
1144
1145 // Format the number
1147 0,
1148 wszNumber,
1149 &nf,
1150 pwszResult,
1151 cchResultMax);
1152
1153 if (!cchResult)
1154 return 0;
1155
1156 // GetNumberFormatW returns number of characters including UNICODE_NULL
1157 return cchResult - 1;
1158}
INT WINAPI GetLocaleInfoW(LCID lcid, LCTYPE lctype, LPWSTR buffer, INT len)
Definition: lang.c:1102
INT WINAPI GetNumberFormatW(LCID lcid, DWORD dwFlags, LPCWSTR lpszValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchOut)
Definition: lcformat.c:1198
Definition: winnls.h:641
Referenced by FormatByteSize().
◆ FreeLogFilterList()
Definition at line 3015 of file eventvwr.c.
3016{
3018 PEVENTLOGFILTER EventLogFilter;
3019
3021 {
3024 EventLogFilter_Free(EventLogFilter);
3025 }
3026
3028
3029 return;
3030}
Definition: typedefs.h:120
Referenced by wWinMain().
◆ FreeLogList()
Definition at line 2999 of file eventvwr.c.
3000{
3002 PEVENTLOG EventLog;
3003
3005 {
3008 EventLog_Free(EventLog);
3009 }
3010
3011 return;
3012}
Referenced by wWinMain().
◆ FreeRecords()
Definition at line 1871 of file eventvwr.c.
Referenced by EnumEventsThread(), and StartStopEnumEventsThread().
◆ GetDisplayNameFileAndID()
| BOOL GetDisplayNameFileAndID | ( | IN LPCWSTR | lpLogName, |
| OUT PWCHAR | lpModuleName, | ||
| OUT PDWORD | pdwMessageID | ||
| ) |
Definition at line 2709 of file eventvwr.c.
2712{
2715 HKEY hLogKey;
2716 WCHAR *KeyPath;
2717 SIZE_T cbKeyPath;
2718 DWORD dwType, cbData;
2719 DWORD dwMessageID = 0;
2721
2722 /* Use a default value for the message ID */
2723 *pdwMessageID = 0;
2724
2727 if (!KeyPath)
2728 {
2731 }
2732
2734 StringCbCatW(KeyPath, cbKeyPath, lpLogName);
2735
2739 {
2742 }
2743
2747 NULL,
2748 &dwType,
2750 &cbData);
2752 {
2754 }
2755 else
2756 {
2757 /* NULL-terminate the string and expand it */
2761 }
2762
2763 /*
2764 * If we have a 'DisplayNameFile', query for 'DisplayNameID';
2765 * otherwise it's not really useful. 'DisplayNameID' is optional.
2766 */
2768 {
2769 cbData = sizeof(dwMessageID);
2772 NULL,
2773 &dwType,
2774 (LPBYTE)&dwMessageID,
2775 &cbData);
2777 dwMessageID = 0;
2778
2779 *pdwMessageID = dwMessageID;
2780 }
2781
2782 RegCloseKey(hLogKey);
2783
2785}
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1455
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
Referenced by BuildLogListAndFilterList().
◆ GetEventCategory()
| BOOL GetEventCategory | ( | IN LPCWSTR | KeyName, |
| IN LPCWSTR | SourceName, | ||
| IN PEVENTLOGRECORD | pevlr, | ||
| OUT PWCHAR | CategoryName | ||
| ) |
Definition at line 1589 of file eventvwr.c.
1593{
1597
1599 goto Quit;
1600
1601 /* Retrieve the message string without appending extra newlines */
1602 lpMsgBuf =
1603 GetMessageStringFromDllList(szMessageDLL,
1606 pevlr->EventCategory,
1608 NULL);
1609 if (lpMsgBuf)
1610 {
1611 /* Trim the string */
1612 TrimNulls(lpMsgBuf);
1613
1614 /* Copy the category name */
1616
1617 /* Free the buffer allocated by FormatMessage */
1618 LocalFree(lpMsgBuf);
1619
1620 /* The ID was found and the message was formatted */
1622 }
1623
1624Quit:
1626 {
1627 if (pevlr->EventCategory != 0)
1628 {
1631 }
1632 }
1633
1635}
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1528
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2699
Referenced by EnumEventsThread().
◆ GetEventMessage()
| BOOL GetEventMessage | ( | IN LPCWSTR | KeyName, |
| IN LPCWSTR | SourceName, | ||
| IN PEVENTLOGRECORD | pevlr, | ||
| OUT PWCHAR | EventText | ||
| ) |
Definition at line 1639 of file eventvwr.c.
1643{
1647 WCHAR SourceModuleName[1024];
1648 WCHAR ParameterModuleName[1024];
1651 LPWSTR szStringArray, szMessage;
1652 LPWSTR *szArguments;
1653
1654 /* Get the event string array */
1656
1657 /* NOTE: GetEventMessageFileDLL can return a comma-separated list of DLLs */
1659 goto Quit;
1660
1661 /* Allocate space for insertion strings */
1663 if (!szArguments)
1664 goto Quit;
1665
1666 if (!IsParamModNameCached)
1667 {
1668 /* Now that the parameter file list is loaded, no need to reload it at the next run! */
1669 IsParamModNameCached = GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName);
1670 // FIXME: If the string loading failed the first time, no need to retry it just after???
1671 }
1672
1673 if (IsParamModNameCached)
1674 {
1675 /* Not yet support for reading messages from parameter message DLL */
1676 }
1677
1678 szMessage = szStringArray;
1679 /*
1680 * HACK:
1681 * We do some hackish preformatting of the cached event strings...
1682 * That's because after we pass the string to FormatMessage
1683 * (via GetMessageStringFromDllList) with the FORMAT_MESSAGE_ARGUMENT_ARRAY
1684 * flag, instead of ignoring the insertion parameters and do the formatting
1685 * by ourselves. Therefore, the resulting string should have the parameter
1686 * string placeholders starting with a single '%' instead of a mix of one
1687 * and two '%'.
1688 */
1689 /* HACK part 1: Compute the full length of the string array */
1690 cch = 0;
1692 {
1693 szMessage += wcslen(szMessage) + 1;
1694 }
1695 cch = szMessage - szStringArray;
1696
1697 /* HACK part 2: Now do the HACK proper! */
1698 szMessage = szStringArray;
1700 {
1701 lpMsgBuf = szMessage;
1703 {
1705 {
1707 }
1708 }
1709
1710 szArguments[i] = szMessage;
1711 szMessage += wcslen(szMessage) + 1;
1712 }
1713
1714 /* Retrieve the message string without appending extra newlines */
1715 lpMsgBuf =
1716 GetMessageStringFromDllList(SourceModuleName,
1719 pevlr->EventID,
1720 0,
1721 (va_list*)szArguments);
1722 if (lpMsgBuf)
1723 {
1724 /* Trim the string */
1725 TrimNulls(lpMsgBuf);
1726
1727 szMessage = NULL;
1729 TRUE,
1730 lpMsgBuf,
1731 &szMessage) == ERROR_SUCCESS);
1733 {
1734 /* Free the buffer allocated by FormatMessage */
1735 LocalFree(lpMsgBuf);
1736 lpMsgBuf = szMessage;
1737 }
1738
1739 /* Copy the event text */
1741
1742 /* Free the buffer allocated by FormatMessage */
1743 LocalFree(lpMsgBuf);
1744 }
1745
1747
1748Quit:
1750 {
1751 /* Get a read-only pointer to the "event-not-found" string */
1754 StringCchPrintfW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf, (pevlr->EventID & 0xFFFF), SourceName);
1755
1756 /* Append the strings */
1757 szMessage = szStringArray;
1759 {
1762 szMessage += wcslen(szMessage) + 1;
1763 }
1764 }
1765
1767}
DWORD ApplyParameterStringsToMessage(IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
Definition: eventvwr.c:903
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:325
Referenced by DisplayEvent().
◆ GetEventMessageFileDLL()
| BOOL GetEventMessageFileDLL | ( | IN LPCWSTR | lpLogName, |
| IN LPCWSTR | SourceName, | ||
| IN LPCWSTR | EntryName, | ||
| OUT PWCHAR | lpModuleName | ||
| ) |
Definition at line 1528 of file eventvwr.c.
1532{
1540
1543
1545 szKeyName,
1546 0,
1547 KEY_READ,
1548 &hLogKey);
1551
1553 SourceName,
1554 0,
1555 KEY_QUERY_VALUE,
1556 &hSourceKey);
1558 {
1559 RegCloseKey(hLogKey);
1561 }
1562
1565 EntryName,
1566 NULL,
1567 &dwType,
1569 &dwSize);
1571 {
1573 }
1574 else
1575 {
1576 /* NULL-terminate the string and expand it */
1580 }
1581
1582 RegCloseKey(hSourceKey);
1583 RegCloseKey(hLogKey);
1584
1586}
Referenced by GetEventCategory(), and GetEventMessage().
◆ GetEventType()
Definition at line 1770 of file eventvwr.c.
1772{
1773 switch (dwEventType)
1774 {
1777 break;
1780 break;
1783 break;
1786 break;
1789 break;
1792 break;
1793 default:
1795 break;
1796 }
1797}
Referenced by EnumEventsThread().
◆ GetEventUserName()
Definition at line 1800 of file eventvwr.c.
1803{
1804 PSID pCurrentSid;
1805 PWSTR StringSid;
1807 WCHAR szDomain[1024];
1812
1813 /* Point to the SID */
1815
1817 {
1818 *pLastSid = NULL;
1820 }
1822 {
1824 }
1825
1826 /* User SID */
1827 if (pelr->UserSidLength > 0)
1828 {
1829 /*
1830 * Try to retrieve the user account name and domain name corresponding
1831 * to the SID. If it cannot be retrieved, try to convert the SID to a
1832 * string-form. It should not be bigger than the user-provided buffer
1833 * 'pszUser', otherwise we return an error.
1834 */
1836 pCurrentSid,
1837 szName,
1838 &cchName,
1839 szDomain,
1840 &cchDomain,
1841 &peUse))
1842 {
1845 }
1847 {
1848 /* Copy the string only if the user-provided buffer is big enough */
1850 {
1853 }
1854 else
1855 {
1858 }
1859
1860 /* Free the allocated buffer */
1861 LocalFree(StringSid);
1862 }
1863 }
1864
1866
1868}
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3382
enum _SID_NAME_USE SID_NAME_USE
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2733
Referenced by EnumEventsThread().
◆ GetExpandedFilePathName()
| DWORD GetExpandedFilePathName | ( | IN LPCWSTR ComputerName | OPTIONAL, |
| IN LPCWSTR | lpFileName, | ||
| OUT LPWSTR lpFullFileName | OPTIONAL, | ||
| IN DWORD | nSize | ||
| ) |
Definition at line 1455 of file eventvwr.c.
1460{
1462
1463 /* Determine the needed size after expansion of any environment strings */
1466 {
1467 /* We failed, bail out */
1468 return 0;
1469 }
1470
1471 /* If the file path is on a remote computer, estimate its length */
1472 // FIXME: Use WNetGetUniversalName instead?
1473 if (ComputerName && *ComputerName)
1474 {
1475 /* Skip any leading backslashes */
1477 ++ComputerName;
1478
1479 if (*ComputerName)
1480 {
1481 /* Count 2 backslashes plus the computer name and one backslash separator */
1483 }
1484 }
1485
1486 /* Check whether we have enough space */
1488 {
1489 /* No, return the needed size in characters (includes NULL-terminator) */
1491 }
1492
1493
1494 /* Now expand the file path */
1496
1497 /* Expand any existing environment strings */
1499 {
1500 /* We failed, bail out */
1501 return 0;
1502 }
1503
1504 /* If the file path is on a remote computer, retrieve the network share form of the file name */
1505 // FIXME: Use WNetGetUniversalName instead?
1506 if (ComputerName && *ComputerName)
1507 {
1508 /* Note that we previously skipped any potential leading backslashes */
1509
1510 /* Replace ':' by '$' in the drive letter */
1513
1514 /* Prepend the computer name */
1521 }
1522
1523 /* Return the number of stored characters (includes NULL-terminator) */
1525}
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
Referenced by GetDisplayNameFileAndID(), GetEventMessageFileDLL(), and InitPropertiesDlg().
◆ GetFileTimeString()
| BOOL GetFileTimeString | ( | LPFILETIME | lpFileTime, |
| LPWSTR | pwszResult, | ||
| UINT | cchResult | ||
| ) |
Definition at line 1218 of file eventvwr.c.
1219{
1220 FILETIME ft;
1221 SYSTEMTIME st;
1222 int cchWritten;
1223 UINT cchRemaining = cchResult;
1224 size_t cchCopyRemaining;
1225 LPWSTR pwszEnd = pwszResult;
1226
1229
1230 cchWritten = GetDateFormatW(LOCALE_USER_DEFAULT, DATE_LONGDATE, &st, NULL, pwszEnd, cchRemaining);
1231 if (cchWritten)
1232 --cchWritten; // GetDateFormatW returns count with terminating zero
1233 // else
1234 // ERR("GetDateFormatW failed\n");
1235
1236 cchRemaining -= cchWritten;
1237 pwszEnd += cchWritten;
1238
1240 cchRemaining = (UINT)cchCopyRemaining;
1241
1243 if (cchWritten)
1244 --cchWritten; // GetTimeFormatW returns count with terminating zero
1245 // else
1246 // ERR("GetTimeFormatW failed\n");
1247
1249}
Referenced by InitPropertiesDlg().
◆ GetMessageStringFromDll()
| LPWSTR GetMessageStringFromDll | ( | IN LPCWSTR | lpMessageDll, |
| IN DWORD | dwFlags, | ||
| IN DWORD | dwMessageId, | ||
| IN DWORD | nSize, | ||
| IN va_list *Arguments | OPTIONAL | ||
| ) |
Definition at line 738 of file eventvwr.c.
744{
748
753
754 /* Sanitize dwFlags */
755 dwFlags &= ~FORMAT_MESSAGE_FROM_STRING;
757
758 _SEH2_TRY
759 {
760 /*
761 * Retrieve the message string without appending extra newlines.
762 * Wrap in SEH to protect from invalid string parameters.
763 */
764 _SEH2_TRY
765 {
767 /* FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE |
768 FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, */
769 hLibrary,
770 dwMessageId,
771 LANG_USER_DEFAULT,
772 (LPWSTR)&lpMsgBuf,
773 nSize,
774 Arguments);
775 }
777 {
778 dwLength = 0;
779
780 /*
781 * An exception occurred while calling FormatMessage, this is usually
782 * the sign that a parameter was invalid, either 'lpMsgBuf' was NULL
783 * but we did not pass the flag FORMAT_MESSAGE_ALLOCATE_BUFFER, or the
784 * array pointer 'Arguments' was NULL or did not contain enough elements,
785 * and we did not pass the flag FORMAT_MESSAGE_IGNORE_INSERTS, and the
786 * message string expected too many inserts.
787 * In this last case only, we can call again FormatMessage but ignore
788 * explicitly the inserts. The string that we will return to the user
789 * will not be pre-formatted.
790 */
793 {
794 /* Remove any possible harmful flags and always ignore inserts */
795 dwFlags &= ~FORMAT_MESSAGE_ARGUMENT_ARRAY;
797
798 /* If this call also throws an exception, we are really dead */
800 hLibrary,
801 dwMessageId,
802 LANG_USER_DEFAULT,
803 (LPWSTR)&lpMsgBuf,
804 nSize,
806 }
807 }
808 _SEH2_END;
809 }
810 _SEH2_FINALLY
811 {
813 }
814 _SEH2_END;
815
817 {
819 lpMsgBuf = NULL;
820 }
821 else
822 {
824
825 ASSERT(lpMsgBuf);
826
827 /* Trim any trailing whitespace */
831 }
832
833 return lpMsgBuf;
834}
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
Definition: loader.c:288
DWORD WINAPI FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, __ms_va_list *args)
Definition: format_msg.c:583
Referenced by BuildLogListAndFilterList(), and GetMessageStringFromDllList().
◆ GetMessageStringFromDllList()
| LPWSTR GetMessageStringFromDllList | ( | IN LPCWSTR | lpMessageDllList, |
| IN DWORD | dwFlags, | ||
| IN DWORD | dwMessageId, | ||
| IN DWORD | nSize, | ||
| IN va_list *Arguments | OPTIONAL | ||
| ) |
Definition at line 842 of file eventvwr.c.
848{
850 SIZE_T cbLength;
851 LPWSTR szMessageDllList;
852 LPWSTR szDll;
854
855 /* Allocate a local buffer for the DLL list that can be tokenized */
856 // TODO: Optimize that!! Maybe we can cleverly use lpMessageDllList in read/write mode
857 // and cleverly temporarily replace the ';' by UNICODE_NULL, do our job, then reverse the change.
860 if (!szMessageDllList)
862 CopyMemory(szMessageDllList, lpMessageDllList, cbLength);
863
864 /* Loop through the list of message DLLs */
867 {
868 // Uses LANG_USER_DEFAULT
869 lpMsgBuf = GetMessageStringFromDll(szDll,
870 dwFlags,
871 dwMessageId,
872 nSize,
873 Arguments);
874 if (lpMsgBuf)
875 {
876 /* The ID was found and the message was formatted */
878 break;
879 }
880
881 /*
882 * The DLL could not be loaded, or the message could not be found,
883 * try the next DLL, if any.
884 */
886 }
887
889
890 return lpMsgBuf;
891}
_Check_return_ _CRTIMP wchar_t *__cdecl wcstok(_Inout_opt_z_ wchar_t *_Str, _In_z_ const wchar_t *_Delim)
Referenced by ApplyParameterStringsToMessage(), GetEventCategory(), and GetEventMessage().
◆ GetSelectedFilter()
| PEVENTLOGFILTER GetSelectedFilter | ( | OUT HTREEITEM *phti | OPTIONAL | ) |
Definition at line 2432 of file eventvwr.c.
2433{
2434 TVITEMEXW tvItemEx;
2435 HTREEITEM hti;
2436
2437 if (phti)
2438 *phti = NULL;
2439
2440 /* Get index of selected item */
2444
2446 tvItemEx.hItem = hti;
2447
2449
2450 if (phti)
2451 *phti = tvItemEx.hItem;
2452
2454}
Definition: commctrl.h:3345
Referenced by EventLogPropProc(), and WndProc().
◆ InitInstance()
Definition at line 3033 of file eventvwr.c.
3034{
3035 RECT rcClient, rs;
3036 LONG StatusHeight;
3037 HIMAGELIST hSmall;
3038 LVCOLUMNW lvc = {0};
3039 WCHAR szTemp[256];
3040
3041 /* Create the main window */
3042 rs = Settings.wpPos.rcNormalPosition;
3044 szTitle,
3049 NULL,
3050 NULL,
3051 hInstance,
3052 NULL);
3055
3056 /* Create the status bar */
3061 0, 0, 0, 0, // x, y, cx, cy
3066
3070
3071 /* Create a progress bar in the status bar (hidden by default) */
3083 /* Remove its static edge */
3087
3088 /* Initialize the splitter default positions */
3091
3092 /* Create the TreeView */
3094 WC_TREEVIEWW,
3095 NULL,
3096 // WS_CHILD | WS_VISIBLE | TVS_HASLINES | TVS_SHOWSELALWAYS,
3097 WS_CHILD | WS_VISIBLE | /* WS_TABSTOP | */ TVS_HASLINES | TVS_HASBUTTONS | TVS_LINESATROOT | TVS_EDITLABELS | TVS_SHOWSELALWAYS,
3098 0, 0,
3101 hwndMainWindow,
3102 NULL,
3103 hInstance,
3104 NULL);
3105
3106 /* Create the ImageList */
3110 1, 1);
3111
3112 /* Add event type icons to the ImageList: closed/opened folder, event log (normal/viewed) */
3117
3118 /* Assign the ImageList to the Tree View */
3120
3121 /* Add the event logs nodes */
3122 // "System Logs"
3125 // "Application Logs"
3128 // "User Logs"
3131
3132 /* Create the Event details pane (optional) */
3135 {
3143 SWP_NOZORDER | SWP_NOACTIVATE | (Settings.bShowDetailsPane ? SWP_SHOWWINDOW : SWP_HIDEWINDOW));
3144 }
3145
3146 /* Create the ListView */
3148 WC_LISTVIEWW,
3149 NULL,
3152 0,
3157 hwndMainWindow,
3158 NULL,
3159 hInstance,
3160 NULL);
3161
3162 /* Add the extended ListView styles */
3163 ListView_SetExtendedListViewStyle(hwndListView, LVS_EX_HEADERDRAGDROP | LVS_EX_FULLROWSELECT | LVS_EX_LABELTIP | (Settings.bShowGrid ? LVS_EX_GRIDLINES : 0));
3164
3165 /* Create the ImageList */
3169 1, 1);
3170
3171 /* Add event type icons to the ImageList */
3177
3178 /* Assign the ImageList to the List View */
3180
3181 /* Now set up the listview with its columns */
3183 lvc.cx = 90;
3185 IDS_COLUMNTYPE,
3186 szTemp,
3187 ARRAYSIZE(szTemp));
3188 lvc.pszText = szTemp;
3190
3191 lvc.cx = 70;
3193 IDS_COLUMNDATE,
3194 szTemp,
3195 ARRAYSIZE(szTemp));
3196 lvc.pszText = szTemp;
3198
3199 lvc.cx = 70;
3201 IDS_COLUMNTIME,
3202 szTemp,
3203 ARRAYSIZE(szTemp));
3204 lvc.pszText = szTemp;
3206
3207 lvc.cx = 150;
3209 IDS_COLUMNSOURCE,
3210 szTemp,
3211 ARRAYSIZE(szTemp));
3212 lvc.pszText = szTemp;
3214
3215 lvc.cx = 100;
3217 IDS_COLUMNCATEGORY,
3218 szTemp,
3219 ARRAYSIZE(szTemp));
3220 lvc.pszText = szTemp;
3222
3223 lvc.cx = 60;
3225 IDS_COLUMNEVENT,
3226 szTemp,
3227 ARRAYSIZE(szTemp));
3228 lvc.pszText = szTemp;
3230
3231 lvc.cx = 120;
3233 IDS_COLUMNUSER,
3234 szTemp,
3235 ARRAYSIZE(szTemp));
3236 lvc.pszText = szTemp;
3238
3239 lvc.cx = 100;
3241 IDS_COLUMNCOMPUTER,
3242 szTemp,
3243 ARRAYSIZE(szTemp));
3244 lvc.pszText = szTemp;
3246
3247 /* Initialize the save Dialog */
3250
3252
3260
3263
3265}
HIMAGELIST WINAPI ImageList_Create(INT cx, INT cy, UINT flags, INT cInitial, INT cGrow)
Definition: imagelist.c:804
static const CLSID *static CLSID *static const GUID VARIANT VARIANT *static IServiceProvider DWORD *static HMENU
Definition: ordinal.c:60
#define ListView_SetImageList(hwnd, himl, iImageList)
Definition: commctrl.h:2304
#define ListView_SetExtendedListViewStyle(hwndLV, dw)
Definition: commctrl.h:2725
Definition: imagelist.c:84
Definition: commctrl.h:2563
BOOL WINAPI SetWindowPos(_In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
HWND WINAPI CreateWindowExW(_In_ DWORD dwExStyle, _In_opt_ LPCWSTR lpClassName, _In_opt_ LPCWSTR lpWindowName, _In_ DWORD dwStyle, _In_ int X, _In_ int Y, _In_ int nWidth, _In_ int nHeight, _In_opt_ HWND hWndParent, _In_opt_ HMENU hMenu, _In_opt_ HINSTANCE hInstance, _In_opt_ LPVOID lpParam)
BOOL WINAPI UpdateWindow(_In_ HWND)
HICON WINAPI LoadIconW(_In_opt_ HINSTANCE hInstance, _In_ LPCWSTR lpIconName)
Definition: cursoricon.c:2044
Referenced by wWinMain().
◆ InitPropertiesDlg()
Definition at line 3882 of file eventvwr.c.
3883{
3885
3887 DWORD dwMaxSize = 0, dwRetention = 0;
3894
3895 HKEY hLogKey;
3896 WCHAR *KeyPath;
3897 DWORD cbData;
3898 SIZE_T cbKeyPath;
3899
3901 {
3902
3905 if (!KeyPath)
3906 {
3908 goto Quit;
3909 }
3910
3912 StringCbCatW(KeyPath, cbKeyPath, lpLogName);
3913
3917 {
3919 goto Quit;
3920 }
3921
3922
3923 cbData = sizeof(dwMaxSize);
3926 NULL,
3927 &dwType,
3928 (LPBYTE)&dwMaxSize,
3929 &cbData);
3931 {
3932 // dwMaxSize = 512 * 1024; /* 512 kBytes */
3933 /* Workstation: 512 KB; Server: 16384 KB */
3934 dwMaxSize = 16384 * 1024;
3935 }
3936 /* Convert in KB */
3937 dwMaxSize /= 1024;
3938
3939 cbData = sizeof(dwRetention);
3942 NULL,
3943 &dwType,
3944 (LPBYTE)&dwRetention,
3945 &cbData);
3947 {
3948 /* By default, it is 604800 (secs) == 7 days. On Server, the retention is zeroed out. */
3949 dwRetention = 0;
3950 }
3951 /* Convert in days, rounded up */
3953 dwRetention = (dwRetention + 24*3600 - 1) / (24*3600);
3954
3955 RegCloseKey(hLogKey);
3956
3957 }
3958
3959Quit:
3960
3963
3966 {
3967 /* Expand the file name. If the log file is on a remote computer, retrieve the network share form of the file name. */
3969 FileName = wszBuf;
3970 }
3971 else
3972 {
3974 }
3976
3978 {
3979 /*
3980 * The general problem here (and in the shell as well) is that
3981 * GetFileAttributesEx fails for files that are opened without
3982 * shared access. To retrieve file information for those we need
3983 * to use something else: FindFirstFile, on the full file name.
3984 */
3986 GetFileExInfoStandard,
3989 {
3993 FindClose(hFind);
3994 }
3995 }
3996 else
3997 {
3999 }
4000
4001 /* Starting there, FileName becomes invalid because we are reusing wszBuf */
4002
4004 {
4009
4011
4014 else
4016
4019 else
4021
4024 else
4026 }
4027 else
4028 {
4030
4035 }
4036
4038 {
4041
4044
4045 if (dwRetention == 0)
4046 {
4050 }
4052 {
4056 }
4057 else
4058 {
4062 }
4063 }
4064 else
4065 {
4066 // TODO: Hide the unused controls! Or, just use another type of property sheet!
4067 }
4068}
BOOL WINAPI GetFileAttributesExW(LPCWSTR lpFileName, GET_FILEEX_INFO_LEVELS fInfoLevelId, LPVOID lpFileInformation)
Definition: fileinfo.c:552
HANDLE WINAPI FindFirstFileW(IN LPCWSTR lpFileName, OUT LPWIN32_FIND_DATAW lpFindFileData)
Definition: find.c:320
BOOL GetFileTimeString(LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
Definition: eventvwr.c:1218
LPWSTR FormatFileSizeWithBytes(const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1184
Definition: DriveVolume.h:53
Definition: shtypes.idl:80
Definition: filecomp.c:348
Definition: ms-dtyp.idl:184
Definition: winbase.h:918
struct _LARGE_INTEGER::@2272 u
BOOL WINAPI SetDlgItemTextW(_In_ HWND, _In_ int, _In_ LPCWSTR)
LRESULT WINAPI SendDlgItemMessageW(_In_ HWND, _In_ int, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
Referenced by EventLogPropProc().
◆ LoadSettings()
Definition at line 347 of file eventvwr.c.
348{
350 HKEY hKeyEventVwr;
351 DWORD dwType, cbData;
353
354 /* Load the default values */
360 Settings.nHSplitPos = 250;
366
367 /* Try to open the Event Viewer user key */
369 EVNTVWR_PARAM_KEY,
370 0,
371 KEY_QUERY_VALUE,
372 &hKeyEventVwr) != ERROR_SUCCESS)
373 {
375 }
376
377 // Result = RegQueryValueExW(hKeyEventVwr, L"Filter", NULL, &dwType, (LPBYTE)&szFilter, &cbData); // REG_SZ
378 // Result = RegQueryValueExW(hKeyEventVwr, L"Find", NULL, &dwType, (LPBYTE)&szFind, &cbData); // REG_SZ
379 // Result = RegQueryValueExW(hKeyEventVwr, L"Module", NULL, &dwType, (LPBYTE)&szModule, &cbData); // REG_SZ
380
382 Result = RegQueryValueExW(hKeyEventVwr, L"SaveSettings", NULL, &dwType, (LPBYTE)buffer, &cbData);
384 {
386 {
389 }
391 {
393 }
394 }
395
397 Result = RegQueryValueExW(hKeyEventVwr, L"DetailsPane", NULL, &dwType, (LPBYTE)buffer, &cbData);
399 {
401 {
404 }
406 {
408 }
409 }
410
414 {
416 {
419 }
421 {
423 }
424 }
425
429 {
431 {
434 }
436 {
438 }
439 }
440
441 /* Retrieve the splitter positions */
445 {
447 {
450 }
452 {
454 }
455 }
456
460 {
462 {
465 }
467 {
469 }
470 }
471
472 /* Retrieve the geometry of the main window */
477 else
479
481 &Settings.wpPos.rcNormalPosition.left,
482 &Settings.wpPos.rcNormalPosition.top,
483 &Settings.wpPos.rcNormalPosition.right,
484 &Settings.wpPos.rcNormalPosition.bottom,
485 &Settings.wpPos.showCmd) != 5)
486 {
487 /* Parsing failed, use defaults */
491 }
492
493 RegCloseKey(hKeyEventVwr);
495}
_Check_return_ _CRTIMP int __cdecl swscanf(_In_z_ const wchar_t *_Src, _In_z_ _Scanf_format_string_ const wchar_t *_Format,...)
_Check_return_ _CRTIMP int __cdecl _wtoi(_In_z_ const wchar_t *_Str)
BOOL WINAPI SetRect(_Out_ LPRECT, _In_ int, _In_ int, _In_ int, _In_ int)
◆ MyRegisterClass()
Definition at line 2682 of file eventvwr.c.
2683{
2684 WNDCLASSEXW wcex;
2685
2687 wcex.style = 0;
2689 wcex.cbClsExtra = 0;
2690 wcex.cbWndExtra = 0;
2699 IMAGE_ICON,
2700 16,
2701 16,
2702 LR_SHARED);
2703
2705}
Definition: winuser.h:3205
HANDLE WINAPI LoadImageW(_In_opt_ HINSTANCE hInst, _In_ LPCWSTR name, _In_ UINT type, _In_ int cx, _In_ int cy, _In_ UINT fuLoad)
Definition: cursoricon.c:2172
ATOM WINAPI RegisterClassExW(_In_ CONST WNDCLASSEXW *)
Referenced by wWinMain().
◆ OpenUserEventLog()
Definition at line 2522 of file eventvwr.c.
2523{
2525
2527
2530
2532 return;
2534
2536}
Referenced by WndProc().
◆ OpenUserEventLogFile()
Definition at line 2458 of file eventvwr.c.
2459{
2460 WIN32_FIND_DATAW FindData;
2461 HANDLE hFind;
2462 PEVENTLOG EventLog;
2463 PEVENTLOGFILTER EventLogFilter;
2464 SIZE_T cchFileName;
2466
2467 /* Check whether the file actually exists */
2468 hFind = FindFirstFileW(lpszFileName, &FindData);
2470 {
2472 return;
2473 }
2474 FindClose(hFind);
2475
2476 /* Allocate a new event log entry */
2479 {
2481 return;
2482 }
2483
2484 /* Allocate a new event log filter entry for this event log */
2488 1, &EventLog);
2490 {
2492 EventLog_Free(EventLog);
2493 return;
2494 }
2495
2496 /* Add the event log and the filter into their lists */
2499
2500 /* Retrieve and cache the event log file */
2501 cchFileName = wcslen(lpszFileName) + 1;
2505
2507 (LPWSTR)lpszFileName,
2508 2, 3, (LPARAM)EventLogFilter);
2509
2510 /* Select the event log */
2512 {
2513 // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2516 }
2519}
Referenced by OpenUserEventLog(), and wWinMain().
◆ ProcessCmdLine()
Definition at line 184 of file eventvwr.c.
185{
189
190 /* Skip any leading whitespace */
191 if (lpCmdLine)
192 {
194 ++lpCmdLine;
195 }
196
197 /* No command line means no processing needed */
198 if (!lpCmdLine || !*lpCmdLine)
200
201 /* Build the arguments vector */
205
206 /* Parse the command line for options (skip the program name) */
208 {
209 /* Check for new options */
211 {
213 {
214 /* Display help */
215 DisplayUsage();
216 goto Quit;
217 }
218 else
220 {
222 {
224 {
225 LPWSTR lpNewBuffer;
227 SIZE_T cbFileName;
228
229 /* Check for a quoted file name */