ReactOS  0.4.15-dev-3173-g40ee59d
eventvwr.c File Reference
#include "eventvwr.h"
#include "evtdetctl.h"
#include <sddl.h>
#include <shellapi.h>
#include <shlwapi.h>
#include <pseh/pseh2.h>
Include dependency graph for eventvwr.c:

Go to the source code of this file.

Classes

struct  _SETTINGS
 
struct  param_strings_format_data
 

Macros

#define LVM_PROGRESS   (WM_APP + 1)
 
#define EVENT_MESSAGE_EVENTTEXT_BUFFER   1024*10
 
#define EVENT_MESSAGE_FILE_BUFFER   1024*10
 
#define EVENT_DLL_SEPARATOR   L";"
 
#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"
 
#define EVENT_MESSAGE_FILE   L"EventMessageFile"
 
#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"
 
#define MAX_LOADSTRING   255
 
#define SPLIT_WIDTH   4
 

Typedefs

typedef struct _SETTINGS SETTINGS
 
typedef struct _SETTINGSPSETTINGS
 

Functions

static DWORD WINAPI StartStopEnumEventsThread (IN LPVOID lpParameter)
 
VOID OpenUserEventLogFile (IN LPCWSTR lpszFileName)
 
VOID BuildLogListAndFilterList (IN LPCWSTR lpComputerName)
 
VOID FreeLogList (VOID)
 
VOID FreeLogFilterList (VOID)
 
ATOM MyRegisterClass (HINSTANCE)
 
BOOL InitInstance (HINSTANCE)
 
LRESULT CALLBACK WndProc (HWND, UINT, WPARAM, LPARAM)
 
INT_PTR EventLogProperties (HINSTANCE, HWND, PEVENTLOGFILTER)
 
INT_PTR CALLBACK EventDetails (HWND, UINT, WPARAM, LPARAM)
 
VOID ShowWin32Error (IN DWORD dwError)
 
VOID DisplayUsage (VOID)
 
BOOL ProcessCmdLine (IN LPWSTR lpCmdLine)
 
BOOL LoadSettings (int nDefCmdShow)
 
BOOL SaveSettings (VOID)
 
int APIENTRY wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPWSTR lpCmdLine, int nCmdShow)
 
VOID EventTimeToSystemTime (IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
 
LPWSTR GetMessageStringFromDll (IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
LPWSTR GetMessageStringFromDllList (IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
 
DWORD ApplyParameterStringsToMessage (IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
 
UINT FormatInteger (LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
 
UINT FormatByteSize (LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
 
LPWSTR FormatFileSizeWithBytes (const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
 
BOOL GetFileTimeString (LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
 
HTREEITEM TreeViewAddItem (IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
 
PEVENTLOG AllocEventLog (IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
 
VOID EventLog_Free (IN PEVENTLOG EventLog)
 
PWSTR AllocAndCopyMultiStr (IN PCWSTR MultiStr OPTIONAL)
 
PEVENTLOGFILTER AllocEventLogFilter (IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
 
VOID EventLogFilter_Free (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_AddRef (IN PEVENTLOGFILTER EventLogFilter)
 
LONG EventLogFilter_Release (IN PEVENTLOGFILTER EventLogFilter)
 
void TrimNulls (LPWSTR s)
 
DWORD GetExpandedFilePathName (IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
 
BOOL GetEventMessageFileDLL (IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
 
BOOL GetEventCategory (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
 
BOOL GetEventMessage (IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR EventText)
 
VOID GetEventType (IN WORD dwEventType, OUT PWCHAR eventTypeText)
 
BOOL GetEventUserName (IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
 
static VOID FreeRecords (VOID)
 
BOOL FilterByType (IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
 
BOOL FilterByString (IN PCWSTR FilterString, IN PWSTR String)
 
static DWORD WINAPI EnumEventsThread (IN LPVOID lpParameter)
 
VOID EnumEvents (IN PEVENTLOGFILTER EventLogFilter)
 
PEVENTLOGFILTER GetSelectedFilter (OUT HTREEITEM *phti OPTIONAL)
 
VOID OpenUserEventLog (VOID)
 
VOID SaveEventLog (IN PEVENTLOGFILTER EventLogFilter)
 
VOID CloseUserEventLog (IN PEVENTLOGFILTER EventLogFilter, IN HTREEITEM hti)
 
BOOL ClearEvents (IN PEVENTLOGFILTER EventLogFilter)
 
VOID Refresh (IN PEVENTLOGFILTER EventLogFilter)
 
BOOL GetDisplayNameFileAndID (IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
 
VOID ResizeWnd (INT cx, INT cy)
 
static VOID InitPropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
static VOID SavePropertiesDlg (HWND hDlg, PEVENTLOG EventLog)
 
INT_PTR CALLBACK EventLogPropProc (HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 

Variables

static const LPCWSTR EVENTVWR_WNDCLASS = L"EVENTVWR"
 
static const LPCWSTR EVENTLOG_BASE_KEY = L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\"
 
static const LPCWSTR EVNTVWR_PARAM_KEY = L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Event Viewer"
 
static const LPCWSTR SystemLogs []
 
HINSTANCE hInst
 
WCHAR szTitle [MAX_LOADSTRING]
 
WCHAR szTitleTemplate [MAX_LOADSTRING]
 
WCHAR szStatusBarTemplate [MAX_LOADSTRING]
 
WCHAR szLoadingWait [MAX_LOADSTRING]
 
WCHAR szEmptyList [MAX_LOADSTRING]
 
WCHAR szSaveFilter [MAX_LOADSTRING]
 
INT nVSplitPos
 
INT nHSplitPos
 
BYTE bSplit = 0
 
HWND hwndMainWindow = NULL
 
HWND hwndTreeView
 
HWND hwndListView
 
HWND hwndEventDetails
 
HWND hwndStatus
 
HWND hwndStatusProgress
 
HMENU hMainMenu
 
HTREEITEM htiSystemLogs = NULL
 
HTREEITEM htiAppLogs = NULL
 
HTREEITEM htiUserLogs = NULL
 
LPWSTR lpComputerName = NULL
 
LPWSTR lpszzUserLogsToLoad = NULL
 
SIZE_T cbUserLogsSize = 0
 
HKEY hkMachine = NULL
 
DWORD g_TotalRecords = 0
 
PEVENTLOGRECORDg_RecordPtrs = NULL
 
LIST_ENTRY EventLogList
 
LIST_ENTRY EventLogFilterList
 
PEVENTLOGFILTER ActiveFilter = NULL
 
HANDLE hEnumEventsThread = NULL
 
HANDLE hStopEnumEvent = NULL
 
PEVENTLOGFILTER EnumFilter = NULL
 
HANDLE hStartStopEnumEvent = NULL
 
HANDLE hStartEnumEvent = NULL
 
OPENFILENAMEW sfn
 
SETTINGS Settings
 
static HWND hWndDetailsCtrl = NULL
 
static HWND hWndGrip = NULL
 
static INT cxMin
 
static INT cyMin
 
static INT cxOld
 
static INT cyOld
 

Macro Definition Documentation

◆ EVENT_CATEGORY_MESSAGE_FILE

#define EVENT_CATEGORY_MESSAGE_FILE   L"CategoryMessageFile"

Definition at line 58 of file eventvwr.c.

◆ EVENT_DLL_SEPARATOR

#define EVENT_DLL_SEPARATOR   L";"

Definition at line 57 of file eventvwr.c.

◆ EVENT_MESSAGE_EVENTTEXT_BUFFER

#define EVENT_MESSAGE_EVENTTEXT_BUFFER   1024*10

Definition at line 55 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE

#define EVENT_MESSAGE_FILE   L"EventMessageFile"

Definition at line 59 of file eventvwr.c.

◆ EVENT_MESSAGE_FILE_BUFFER

#define EVENT_MESSAGE_FILE_BUFFER   1024*10

Definition at line 56 of file eventvwr.c.

◆ EVENT_PARAMETER_MESSAGE_FILE

#define EVENT_PARAMETER_MESSAGE_FILE   L"ParameterMessageFile"

Definition at line 60 of file eventvwr.c.

◆ LVM_PROGRESS

#define LVM_PROGRESS   (WM_APP + 1)

Definition at line 40 of file eventvwr.c.

◆ MAX_LOADSTRING

#define MAX_LOADSTRING   255

Definition at line 62 of file eventvwr.c.

◆ SPLIT_WIDTH

#define SPLIT_WIDTH   4

Definition at line 64 of file eventvwr.c.

Typedef Documentation

◆ PSETTINGS

◆ SETTINGS

Function Documentation

◆ AllocAndCopyMultiStr()

PWSTR AllocAndCopyMultiStr ( IN PCWSTR MultiStr  OPTIONAL)

Definition at line 1353 of file eventvwr.c.

1354 {
1355  PWSTR pStr;
1356  ULONG Length;
1357 
1358  if (!MultiStr)
1359  return NULL;
1360 
1361  pStr = (PWSTR)MultiStr;
1362  while (*pStr) pStr += (wcslen(pStr) + 1);
1363  Length = MultiStr - pStr + 2;
1364 
1365  pStr = HeapAlloc(GetProcessHeap(), 0, Length * sizeof(WCHAR));
1366  // NOTE: If we failed allocating the string, then fall back into no filter!
1367  if (pStr)
1368  RtlCopyMemory(pStr, MultiStr, Length * sizeof(WCHAR));
1369 
1370  return pStr;
1371 }
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
uint16_t * PWSTR
Definition: typedefs.h:56
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
unsigned int ULONG
Definition: retypes.h:1
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263

Referenced by AllocEventLogFilter().

◆ AllocEventLog()

PEVENTLOG AllocEventLog ( IN PCWSTR ComputerName  OPTIONAL,
IN PCWSTR  LogName,
IN BOOL  Permanent 
)

Definition at line 1298 of file eventvwr.c.

1301 {
1302  PEVENTLOG EventLog;
1303  SIZE_T cchName;
1304 
1305  /* Allocate a new event log entry */
1306  EventLog = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*EventLog));
1307  if (!EventLog)
1308  return NULL;
1309 
1310  /* Allocate the computer name string (optional) and copy it */
1311  if (ComputerName)
1312  {
1313  cchName = wcslen(ComputerName) + 1;
1314  EventLog->ComputerName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1315  if (EventLog->ComputerName)
1316  StringCchCopyW(EventLog->ComputerName, cchName, ComputerName);
1317  }
1318 
1319  /* Allocate the event log name string and copy it */
1320  cchName = wcslen(LogName) + 1;
1321  EventLog->LogName = HeapAlloc(GetProcessHeap(), 0, cchName * sizeof(WCHAR));
1322  if (!EventLog->LogName)
1323  {
1324  if (EventLog->ComputerName)
1325  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1326  HeapFree(GetProcessHeap(), 0, EventLog);
1327  return NULL;
1328  }
1329  StringCchCopyW(EventLog->LogName, cchName, LogName);
1330 
1331  EventLog->Permanent = Permanent;
1332 
1333  return EventLog;
1334 }
PWSTR LogName
Definition: eventvwr.h:90
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2745
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
PWSTR ComputerName
Definition: eventvwr.h:87
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
BOOL Permanent
Definition: eventvwr.h:94
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define HeapFree(x, y, z)
Definition: compat.h:594

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ AllocEventLogFilter()

PEVENTLOGFILTER AllocEventLogFilter ( IN BOOL  Information,
IN BOOL  Warning,
IN BOOL  Error,
IN BOOL  AuditSuccess,
IN BOOL  AuditFailure,
IN PCWSTR Sources  OPTIONAL,
IN PCWSTR Users  OPTIONAL,
IN PCWSTR ComputerNames  OPTIONAL,
IN ULONG  NumOfEventLogs,
IN PEVENTLOG EventLogs 
)

Definition at line 1374 of file eventvwr.c.

1385 {
1386  PEVENTLOGFILTER EventLogFilter;
1387 
1388  /* Allocate a new event log filter entry, big enough to accommodate the list of logs */
1389  EventLogFilter = HeapAlloc(GetProcessHeap(),
1391  FIELD_OFFSET(EVENTLOGFILTER, EventLogs[NumOfEventLogs]));
1392  if (!EventLogFilter)
1393  return NULL;
1394 
1395  EventLogFilter->Information = Information;
1396  EventLogFilter->Warning = Warning;
1397  EventLogFilter->Error = Error;
1398  EventLogFilter->AuditSuccess = AuditSuccess;
1399  EventLogFilter->AuditFailure = AuditFailure;
1400 
1401  /* Allocate and copy the sources, users, and computers multi-strings */
1402  EventLogFilter->Sources = AllocAndCopyMultiStr(Sources);
1403  EventLogFilter->Users = AllocAndCopyMultiStr(Users);
1404  EventLogFilter->ComputerNames = AllocAndCopyMultiStr(ComputerNames);
1405 
1406  /* Copy the list of event logs */
1407  EventLogFilter->NumOfEventLogs = NumOfEventLogs;
1408  RtlCopyMemory(EventLogFilter->EventLogs, EventLogs, NumOfEventLogs * sizeof(PEVENTLOG));
1409 
1410  /* Initialize the filter reference count */
1411  EventLogFilter->ReferenceCount = 1;
1412 
1413  return EventLogFilter;
1414 }
BOOL AuditSuccess
Definition: eventvwr.h:117
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
BOOL Information
Definition: eventvwr.h:114
ULONG NumOfEventLogs
Definition: eventvwr.h:134
BOOL AuditFailure
Definition: eventvwr.h:118
PWSTR ComputerNames
Definition: eventvwr.h:131
_In_ WDFREQUEST _In_ NTSTATUS _In_ ULONG_PTR Information
Definition: wdfrequest.h:1044
PWSTR AllocAndCopyMultiStr(IN PCWSTR MultiStr OPTIONAL)
Definition: eventvwr.c:1353
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
BOOL Error
Definition: chkdsk.c:66
LONG ReferenceCount
Definition: eventvwr.h:106
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263

Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().

◆ ApplyParameterStringsToMessage()

DWORD ApplyParameterStringsToMessage ( IN LPCWSTR  lpMessageDllList,
IN BOOL  bMessagePreFormatted,
IN CONST LPCWSTR  pMessage,
OUT LPWSTR pFinalMessage 
)

Definition at line 918 of file eventvwr.c.

923 {
924  /*
925  * This code is heavily adapted from the MSDN example:
926  * https://msdn.microsoft.com/en-us/library/windows/desktop/bb427356.aspx
927  * with bugs removed.
928  */
929 
931  DWORD dwParamCount = 0; // Number of insertion strings found in pMessage
932  size_t cchBuffer = 0; // Size of the buffer in characters
933  size_t cchParams = 0; // Number of characters in all the parameter strings
934  size_t cch = 0;
935  DWORD i = 0;
936  param_strings_format_data* pParamData = NULL; // Array of pointers holding information about each parameter string in pMessage
937  LPWSTR pTempMessage = (LPWSTR)pMessage;
938  LPWSTR pTempFinalMessage = NULL;
939 
940  *pFinalMessage = NULL;
941 
942  /* Determine the number of parameter insertion strings in pMessage */
943  if (bMessagePreFormatted)
944  {
945  while ((pTempMessage = wcschr(pTempMessage, L'%')))
946  {
947  pTempMessage++;
948  if (iswdigit(*pTempMessage))
949  {
950  dwParamCount++;
951  while (iswdigit(*++pTempMessage)) ;
952  }
953  }
954  }
955  else
956  {
957  while ((pTempMessage = wcsstr(pTempMessage, L"%%")))
958  {
959  pTempMessage += 2;
960  if (iswdigit(*pTempMessage))
961  {
962  dwParamCount++;
963  while (iswdigit(*++pTempMessage)) ;
964  }
965  }
966  }
967 
968  /* If there are no parameter insertion strings in pMessage, just return */
969  if (dwParamCount == 0)
970  {
971  // *pFinalMessage = NULL;
972  goto Cleanup;
973  }
974 
975  /* Allocate the array of parameter string format data */
976  pParamData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwParamCount * sizeof(param_strings_format_data));
977  if (!pParamData)
978  {
980  goto Cleanup;
981  }
982 
983  /*
984  * Retrieve each parameter in pMessage and the beginning and end of the
985  * insertion string, as well as the message identifier of the parameter.
986  */
987  pTempMessage = (LPWSTR)pMessage;
988  if (bMessagePreFormatted)
989  {
990  while ((pTempMessage = wcschr(pTempMessage, L'%')) && (i < dwParamCount))
991  {
992  pTempMessage++;
993  if (iswdigit(*pTempMessage))
994  {
995  pParamData[i].pStartingAddress = pTempMessage-1;
996  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
997 
998  while (iswdigit(*++pTempMessage)) ;
999 
1000  pParamData[i].pEndingAddress = pTempMessage;
1001  i++;
1002  }
1003  }
1004  }
1005  else
1006  {
1007  while ((pTempMessage = wcsstr(pTempMessage, L"%%")) && (i < dwParamCount))
1008  {
1009  pTempMessage += 2;
1010  if (iswdigit(*pTempMessage))
1011  {
1012  pParamData[i].pStartingAddress = pTempMessage-2;
1013  pParamData[i].pParameterID = (DWORD)_wtol(pTempMessage);
1014 
1015  while (iswdigit(*++pTempMessage)) ;
1016 
1017  pParamData[i].pEndingAddress = pTempMessage;
1018  i++;
1019  }
1020  }
1021  }
1022 
1023  /* Retrieve each parameter string */
1024  for (i = 0; i < dwParamCount; i++)
1025  {
1026  // pParamData[i].pParameter = GetMessageString(pParamData[i].pParameterID, 0, NULL);
1027  pParamData[i].pParameter =
1028  GetMessageStringFromDllList(lpMessageDllList,
1031  pParamData[i].pParameterID,
1032  0, NULL);
1033  if (!pParamData[i].pParameter)
1034  {
1035  /* Skip the insertion string */
1036  continue;
1037  }
1038 
1039  cchParams += wcslen(pParamData[i].pParameter);
1040  }
1041 
1042  /*
1043  * Allocate the final message buffer, the size of which is based on the
1044  * length of the original message and the length of each parameter string.
1045  */
1046  cchBuffer = wcslen(pMessage) + cchParams + 1;
1047  *pFinalMessage = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cchBuffer * sizeof(WCHAR));
1048  if (!*pFinalMessage)
1049  {
1051  goto Cleanup;
1052  }
1053 
1054  pTempFinalMessage = *pFinalMessage;
1055 
1056  /* Build the final message string */
1057  pTempMessage = (LPWSTR)pMessage;
1058  for (i = 0; i < dwParamCount; i++)
1059  {
1060  /* Append the segment from pMessage */
1061  cch = pParamData[i].pStartingAddress - pTempMessage;
1062  StringCchCopyNW(pTempFinalMessage, cchBuffer, pTempMessage, cch);
1063  pTempMessage = pParamData[i].pEndingAddress;
1064  cchBuffer -= cch;
1065  pTempFinalMessage += cch;
1066 
1067  /* Append the parameter string */
1068  if (pParamData[i].pParameter)
1069  {
1070  StringCchCopyW(pTempFinalMessage, cchBuffer, pParamData[i].pParameter);
1071  cch = wcslen(pParamData[i].pParameter); // pTempFinalMessage
1072  }
1073  else
1074  {
1075  /*
1076  * We failed to retrieve the parameter string before, so just
1077  * place back the original string placeholder.
1078  */
1079  cch = pParamData[i].pEndingAddress /* == pTempMessage */ - pParamData[i].pStartingAddress;
1080  StringCchCopyNW(pTempFinalMessage, cchBuffer, pParamData[i].pStartingAddress, cch);
1081  // cch = wcslen(pTempFinalMessage);
1082  }
1083  cchBuffer -= cch;
1084  pTempFinalMessage += cch;
1085  }
1086 
1087  /* Append the last segment from pMessage */
1088  StringCchCopyW(pTempFinalMessage, cchBuffer, pTempMessage);
1089 
1090 Cleanup:
1091 
1092  // if (Status != ERROR_SUCCESS)
1093  // *pFinalMessage = NULL;
1094 
1095  if (pParamData)
1096  {
1097  for (i = 0; i < dwParamCount; i++)
1098  {
1099  if (pParamData[i].pParameter)
1100  LocalFree(pParamData[i].pParameter);
1101  }
1102 
1103  HeapFree(GetProcessHeap(), 0, pParamData);
1104  }
1105 
1106  return Status;
1107 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:422
#define ERROR_SUCCESS
Definition: deptool.c:10
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define iswdigit(_c)
Definition: ctype.h:667
#define DWORD
Definition: nt_native.h:44
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
static DWORD cchBuffer
Definition: fusion.c:85
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:419
Status
Definition: gdiplustypes.h:24
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR L[]
Definition: oid.c:1250
static const WCHAR Cleanup[]
Definition: register.c:80
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:417
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
_Check_return_ _CRTIMP long __cdecl _wtol(_In_z_ const wchar_t *_Str)
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:857
IN PCTCH IN DWORD cch
Definition: pager.h:36
#define HeapFree(x, y, z)
Definition: compat.h:594
#define ERROR_OUTOFMEMORY
Definition: deptool.c:13

Referenced by GetEventMessage().

◆ BuildLogListAndFilterList()

VOID BuildLogListAndFilterList ( IN LPCWSTR  lpComputerName)

Definition at line 2804 of file eventvwr.c.

2805 {
2806  LONG Result;
2807  HKEY hEventLogKey, hLogKey;
2808  DWORD dwNumLogs = 0;
2809  DWORD dwIndex, dwMaxKeyLength;
2810  DWORD dwType;
2811  PEVENTLOG EventLog;
2812  PEVENTLOGFILTER EventLogFilter;
2813  LPWSTR LogName = NULL;
2815  DWORD lpcName;
2816  DWORD dwMessageID;
2818  HTREEITEM hRootNode = NULL, hItem = NULL, hItemDefault = NULL;
2819 
2821  {
2822  /* We are connected to some other computer, close the old connection */
2824  hkMachine = NULL;
2825  }
2826  if (!lpComputerName || !*lpComputerName)
2827  {
2828  /* Use the local computer registry */
2830  }
2831  else
2832  {
2833  /* Connect to the remote computer registry */
2835  if (Result != ERROR_SUCCESS)
2836  {
2837  /* Connection failed, display a message and bail out */
2838  hkMachine = NULL;
2840  return;
2841  }
2842  }
2843 
2844  /* Open the EventLog key */
2845  Result = RegOpenKeyExW(hkMachine, EVENTLOG_BASE_KEY, 0, KEY_READ, &hEventLogKey);
2846  if (Result != ERROR_SUCCESS)
2847  {
2848  return;
2849  }
2850 
2851  /* Retrieve the number of event logs enumerated as registry keys */
2852  Result = RegQueryInfoKeyW(hEventLogKey, NULL, NULL, NULL, &dwNumLogs, &dwMaxKeyLength,
2853  NULL, NULL, NULL, NULL, NULL, NULL);
2854  if (Result != ERROR_SUCCESS)
2855  {
2856  goto Quit;
2857  }
2858  if (!dwNumLogs)
2859  goto Quit;
2860 
2861  /* Take the NULL terminator into account */
2862  ++dwMaxKeyLength;
2863 
2864  /* Allocate the temporary buffer */
2865  LogName = HeapAlloc(GetProcessHeap(), 0, dwMaxKeyLength * sizeof(WCHAR));
2866  if (!LogName)
2867  goto Quit;
2868 
2869  /* Enumerate and retrieve each event log name */
2870  for (dwIndex = 0; dwIndex < dwNumLogs; dwIndex++)
2871  {
2872  lpcName = dwMaxKeyLength;
2873  Result = RegEnumKeyExW(hEventLogKey, dwIndex, LogName, &lpcName, NULL, NULL, NULL, NULL);
2874  if (Result != ERROR_SUCCESS)
2875  continue;
2876 
2877  /* Take the NULL terminator into account */
2878  ++lpcName;
2879 
2880  /* Allocate a new event log entry */
2881  EventLog = AllocEventLog(lpComputerName, LogName, TRUE);
2882  if (EventLog == NULL)
2883  continue;
2884 
2885  /* Allocate a new event log filter entry for this event log */
2886  EventLogFilter = AllocEventLogFilter(// LogName,
2887  TRUE, TRUE, TRUE, TRUE, TRUE,
2888  NULL, NULL, NULL,
2889  1, &EventLog);
2890  if (EventLogFilter == NULL)
2891  {
2892  EventLog_Free(EventLog);
2893  continue;
2894  }
2895 
2896  /* Add the event log and the filter into their lists */
2897  InsertTailList(&EventLogList, &EventLog->ListEntry);
2898  InsertTailList(&EventLogFilterList, &EventLogFilter->ListEntry);
2899 
2900  EventLog->FileName = NULL;
2901 
2902  /* Retrieve and cache the event log file */
2903  Result = RegOpenKeyExW(hEventLogKey,
2904  LogName,
2905  0,
2907  &hLogKey);
2908  if (Result == ERROR_SUCCESS)
2909  {
2910  lpcName = 0;
2911  Result = RegQueryValueExW(hLogKey,
2912  L"File",
2913  NULL,
2914  &dwType,
2915  NULL,
2916  &lpcName);
2917  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2918  {
2919  // Windows' EventLog uses some kind of default value, we do not.
2920  EventLog->FileName = NULL;
2921  }
2922  else
2923  {
2924  lpcName = ROUND_DOWN(lpcName, sizeof(WCHAR));
2925  EventLog->FileName = HeapAlloc(GetProcessHeap(), 0, lpcName);
2926  if (EventLog->FileName)
2927  {
2928  Result = RegQueryValueExW(hLogKey,
2929  L"File",
2930  NULL,
2931  &dwType,
2932  (LPBYTE)EventLog->FileName,
2933  &lpcName);
2934  if (Result != ERROR_SUCCESS)
2935  {
2936  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
2937  EventLog->FileName = NULL;
2938  }
2939  else
2940  {
2941  EventLog->FileName[lpcName / sizeof(WCHAR) - 1] = UNICODE_NULL;
2942  }
2943  }
2944  }
2945 
2946  RegCloseKey(hLogKey);
2947  }
2948 
2949  /* Get the display name for the event log */
2950  lpDisplayName = NULL;
2951 
2953  if (GetDisplayNameFileAndID(LogName, szModuleName, &dwMessageID))
2954  {
2955  /* Retrieve the message string without appending extra newlines */
2956  lpDisplayName =
2960  dwMessageID,
2961  0,
2962  NULL);
2963  }
2964 
2965  /*
2966  * Select the correct tree root node, whether the log is a System
2967  * or an Application log. Default to Application log otherwise.
2968  */
2969  hRootNode = htiAppLogs;
2970  for (lpcName = 0; lpcName < ARRAYSIZE(SystemLogs); ++lpcName)
2971  {
2972  /* Check whether the log name is part of the system logs */
2973  if (wcsicmp(LogName, SystemLogs[lpcName]) == 0)
2974  {
2975  hRootNode = htiSystemLogs;
2976  break;
2977  }
2978  }
2979 
2980  hItem = TreeViewAddItem(hwndTreeView, hRootNode,
2981  (lpDisplayName ? lpDisplayName : LogName),
2982  2, 3, (LPARAM)EventLogFilter);
2983 
2984  /* Try to get the default event log: "Application" */
2985  if ((hItemDefault == NULL) && (wcsicmp(LogName, SystemLogs[0]) == 0))
2986  {
2987  hItemDefault = hItem;
2988  }
2989 
2990  /* Free the buffer allocated by FormatMessage */
2991  if (lpDisplayName)
2993  }
2994 
2995  HeapFree(GetProcessHeap(), 0, LogName);
2996 
2997 Quit:
2998  RegCloseKey(hEventLogKey);
2999 
3000  /* Select the default event log */
3001  if (hItemDefault)
3002  {
3003  // TreeView_Expand(hwndTreeView, hRootNode, TVE_EXPAND);
3004  TreeView_SelectItem(hwndTreeView, hItemDefault);
3005  TreeView_EnsureVisible(hwndTreeView, hItemDefault);
3006  }
3009 
3010  return;
3011 }
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:422
#define ERROR_SUCCESS
Definition: deptool.c:10
LIST_ENTRY ListEntry
Definition: eventvwr.h:104
#define KEY_READ
Definition: nt_native.h:1023
#define TRUE
Definition: types.h:120
HTREEITEM htiSystemLogs
Definition: eventvwr.c:91
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
#define ZeroMemory
Definition: winbase.h:1664
HWND WINAPI SetFocus(_In_opt_ HWND)
#define InsertTailList(ListHead, Entry)
HKEY hkMachine
Definition: eventvwr.c:97
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:105
static const LPCWSTR SystemLogs[]
Definition: eventvwr.c:47
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:753
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
#define UNICODE_NULL
long LONG
Definition: pedump.c:60
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:416
HTREEITEM hItem
Definition: treelist.h:37
PEVENTLOG AllocEventLog(IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
Definition: eventvwr.c:1298
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
LONG_PTR LPARAM
Definition: windef.h:208
BOOL GetDisplayNameFileAndID(IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
Definition: eventvwr.c:2724
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:419
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4116
__wchar_t WCHAR
Definition: xmlstorage.h:180
LIST_ENTRY ListEntry
Definition: eventvwr.h:83
#define MAX_PATH
Definition: compat.h:34
#define RegConnectRegistry
Definition: winreg.h:495
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
unsigned long DWORD
Definition: ntddk_ex.h:95
HTREEITEM TreeViewAddItem(IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
Definition: eventvwr.c:1268
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:43
HTREEITEM htiAppLogs
Definition: eventvwr.c:91
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3686
#define wcsicmp
Definition: compat.h:15
HWND hwndTreeView
Definition: eventvwr.c:84
static const WCHAR L[]
Definition: oid.c:1250
PWSTR FileName
Definition: eventvwr.h:91
LPWSTR lpComputerName
Definition: eventvwr.c:93
#define ROUND_DOWN(n, align)
Definition: eventvwr.h:30
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:417
#define TreeView_EnsureVisible(hwnd, hitem)
Definition: commctrl.h:3545
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define TreeView_SelectItem(hwnd, hitem)
Definition: commctrl.h:3481
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
LIST_ENTRY EventLogList
Definition: eventvwr.c:104
#define NULL
Definition: types.h:112
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1337
PEVENTLOGFILTER AllocEventLogFilter(IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
Definition: eventvwr.c:1374
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:159
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2527
LPCWSTR LPCWSTR szModuleName
Definition: env.c:37
WCHAR * LPWSTR
Definition: xmlstorage.h:184
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2769
#define HeapFree(x, y, z)
Definition: compat.h:594
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define REG_SZ
Definition: layer.c:22

Referenced by wWinMain().

◆ ClearEvents()

BOOL ClearEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2627 of file eventvwr.c.

2628 {
2629  BOOL Success;
2630  PEVENTLOG EventLog;
2631  HANDLE hEventLog;
2632  WCHAR szFileName[MAX_PATH];
2633  WCHAR szMessage[MAX_LOADSTRING];
2634 
2635  /* Bail out if there is no available filter */
2636  if (!EventLogFilter)
2637  return FALSE;
2638 
2639  ZeroMemory(szFileName, sizeof(szFileName));
2640  ZeroMemory(szMessage, sizeof(szMessage));
2641 
2642  LoadStringW(hInst, IDS_CLEAREVENTS_MSG, szMessage, ARRAYSIZE(szMessage));
2643 
2644  sfn.lpstrFile = szFileName;
2645  sfn.nMaxFile = ARRAYSIZE(szFileName);
2646 
2648  {
2649  case IDCANCEL:
2650  return FALSE;
2651 
2652  case IDNO:
2653  sfn.lpstrFile = NULL;
2654  break;
2655 
2656  case IDYES:
2657  if (!GetSaveFileNameW(&sfn))
2658  return FALSE;
2659  break;
2660  }
2661 
2662  EventLogFilter_AddRef(EventLogFilter);
2663 
2664  EventLog = EventLogFilter->EventLogs[0];
2665  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2666 
2667  EventLogFilter_Release(EventLogFilter);
2668 
2669  if (!hEventLog)
2670  {
2672  return FALSE;
2673  }
2674 
2675  Success = ClearEventLogW(hEventLog, sfn.lpstrFile);
2676  if (!Success)
2678 
2679  CloseEventLog(hEventLog);
2680  return Success;
2681 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:62
#define IDYES
Definition: winuser.h:829
#define IDS_CLEAREVENTS_MSG
Definition: resource.h:96
PWSTR LogName
Definition: eventvwr.h:90
LPWSTR lpstrFile
Definition: commdlg.h:367
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
#define ZeroMemory
Definition: winbase.h:1664
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:67
BOOL WINAPI GetSaveFileNameW(LPOPENFILENAMEW ofn)
Definition: filedlg.c:4742
HWND hwndMainWindow
Definition: eventvwr.c:83
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1431
#define MB_YESNOCANCEL
Definition: winuser.h:812
PWSTR ComputerName
Definition: eventvwr.h:87
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1437
OPENFILENAMEW sfn
Definition: eventvwr.c:120
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
DWORD nMaxFile
Definition: commdlg.h:368
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
#define NULL
Definition: types.h:112
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:68
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:159
#define IDNO
Definition: winuser.h:830
#define IDCANCEL
Definition: winuser.h:825

Referenced by EventLogPropProc(), and WndProc().

◆ CloseUserEventLog()

VOID CloseUserEventLog ( IN PEVENTLOGFILTER  EventLogFilter,
IN HTREEITEM  hti 
)

Definition at line 2592 of file eventvwr.c.

2593 {
2594  /* Bail out if there is no available filter */
2595  if (!EventLogFilter)
2596  return;
2597 
2598  if (InterlockedCompareExchangePointer((PVOID*)&ActiveFilter, NULL, NULL) == EventLogFilter)
2599  {
2600  /* Signal the enumerator thread we want to stop enumerating events */
2601  // EnumEvents(NULL);
2604  }
2605 
2606  /*
2607  * The deletion of the item automatically triggers a TVN_SELCHANGED
2608  * notification, that will reset the ActiveFilter (in case the item
2609  * selected is a filter). Otherwise we reset it there.
2610  */
2612 
2613  /* Remove the filter from the list */
2614  RemoveEntryList(&EventLogFilter->ListEntry);
2615  EventLogFilter_Release(EventLogFilter);
2616 
2617  // /* Select the default event log */
2618  // // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2619  // TreeView_SelectItem(hwndTreeView, hItem);
2620  // TreeView_EnsureVisible(hwndTreeView, hItem);
2623 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:733
HWND WINAPI SetFocus(_In_opt_ HWND)
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:106
FORCEINLINE BOOLEAN RemoveEntryList(_In_ PLIST_ENTRY Entry)
Definition: rtlfuncs.h:105
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:115
#define FALSE
Definition: types.h:117
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1437
HANDLE hStartEnumEvent
Definition: eventvwr.c:117
#define TreeView_DeleteItem(hwnd, hitem)
Definition: commctrl.h:3415
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
HWND hwndTreeView
Definition: eventvwr.c:84
#define NULL
Definition: types.h:112

Referenced by WndProc().

◆ DisplayUsage()

VOID DisplayUsage ( VOID  )

Definition at line 183 of file eventvwr.c.

184 {
186  LPCWSTR lpUsage;
187  INT iUsageLen = LoadStringW(hInst, IDS_USAGE, (LPWSTR)&lpUsage, 0);
188 
189  if (iUsageLen == 0)
190  return;
191 
192  lpBuffer = HeapAlloc(GetProcessHeap(), 0, (iUsageLen + 1) * sizeof(WCHAR));
193  if (!lpBuffer)
194  return;
195 
196  StringCchCopyNW(lpBuffer, iUsageLen + 1, lpUsage, iUsageLen);
198 
200 }
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
#define IDS_USAGE
Definition: resource.h:3
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int32_t INT
Definition: typedefs.h:58
HINSTANCE hInst
Definition: eventvwr.c:67
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:175
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MB_ICONINFORMATION
Definition: winuser.h:796
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:68
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define HeapFree(x, y, z)
Definition: compat.h:594

Referenced by ProcessCmdLine().

◆ EnumEvents()

VOID EnumEvents ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 2437 of file eventvwr.c.

2438 {
2439  /* Signal the enumerator thread we want to enumerate events */
2440  InterlockedExchangePointer((PVOID*)&EnumFilter, EventLogFilter);
2442  return;
2443 }
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:733
PEVENTLOGFILTER EnumFilter
Definition: eventvwr.c:115
HANDLE hStartEnumEvent
Definition: eventvwr.c:117
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45

Referenced by Refresh(), and WndProc().

◆ EnumEventsThread()

static DWORD WINAPI EnumEventsThread ( IN LPVOID  lpParameter)
static

HACK!!

Definition at line 1977 of file eventvwr.c.

1978 {
1979  PEVENTLOGFILTER EventLogFilter = (PEVENTLOGFILTER)lpParameter;
1980  PEVENTLOG EventLog;
1981 
1982  ULONG LogIndex;
1983  HANDLE hEventLog;
1984  PEVENTLOGRECORD pEvlr = NULL;
1985  PBYTE pEvlrEnd;
1986  PBYTE pEvlrBuffer;
1987  DWORD dwWanted, dwRead, dwNeeded, dwStatus = ERROR_SUCCESS;
1988  DWORD dwTotalRecords = 0, dwCurrentRecord = 0;
1989  DWORD dwFlags, dwMaxLength;
1990  size_t cchRemaining;
1991  LPWSTR lpszSourceName;
1992  LPWSTR lpszComputerName;
1993  BOOL bResult = TRUE; /* Read succeeded */
1995  PSID pLastSid = NULL;
1996 
1997  UINT uStep = 0, uStepAt = 0, uPos = 0;
1998 
1999  WCHAR szWindowTitle[MAX_PATH];
2000  WCHAR szStatusText[MAX_PATH];
2001  WCHAR szLocalDate[MAX_PATH];
2002  WCHAR szLocalTime[MAX_PATH];
2003  WCHAR szEventID[MAX_PATH];
2004  WCHAR szEventTypeText[MAX_LOADSTRING];
2005  WCHAR szCategoryID[MAX_PATH];
2006  WCHAR szUsername[MAX_PATH];
2007  WCHAR szNoUsername[MAX_PATH];
2008  WCHAR szCategory[MAX_PATH];
2009  WCHAR szNoCategory[MAX_PATH];
2010  PWCHAR lpTitleTemplateEnd;
2011 
2012  SYSTEMTIME time;
2013  LVITEMW lviEventItem;
2014 
2015  /* Save the current event log filter globally */
2016  EventLogFilter_AddRef(EventLogFilter);
2017  ActiveFilter = EventLogFilter;
2018 
2019 
2021  EventLog = EventLogFilter->EventLogs[0];
2022 
2023  // FIXME: Use something else instead of EventLog->LogName !!
2024 
2025  /*
2026  * Use a different formatting, whether the event log filter holds
2027  * only one log, or many logs (the latter case is WIP TODO!)
2028  */
2029  if (EventLogFilter->NumOfEventLogs <= 1)
2030  {
2031  StringCchPrintfExW(szWindowTitle,
2032  ARRAYSIZE(szWindowTitle),
2033  &lpTitleTemplateEnd,
2034  &cchRemaining,
2035  0,
2036  szTitleTemplate, szTitle, EventLog->LogName); /* i = number of characters written */
2037  dwMaxLength = (DWORD)cchRemaining;
2038  if (!EventLog->ComputerName)
2039  GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
2040  else
2041  StringCchCopyW(lpTitleTemplateEnd, dwMaxLength, EventLog->ComputerName);
2042 
2043  StringCbPrintfW(szStatusText,
2044  sizeof(szStatusText),
2046  EventLog->LogName,
2047  0,
2048  0);
2049  }
2050  else
2051  {
2052  // TODO: Use a different title & implement filtering for multi-log filters !!
2053  // (EventLogFilter->NumOfEventLogs > 1)
2055  L"Many-logs filtering is not implemented yet!!",
2056  L"Event Log",
2058  }
2059 
2060  /* Set the window title */
2061  SetWindowTextW(hwndMainWindow, szWindowTitle);
2062 
2063  /* Update the status bar */
2064  StatusBar_SetText(hwndStatus, 0, szStatusText);
2065 
2066 
2067  /* Disable list view redraw */
2069 
2070  /* Clear the list view and free the cached records */
2072  FreeRecords();
2073 
2078 
2079  /* Do a loop over the logs enumerated in the filter */
2080  // FIXME: For now we only support 1 event log per filter!
2081  LogIndex = 0;
2082  // for (LogIndex = 0; LogIndex < EventLogFilter->NumOfEventLogs; ++LogIndex)
2083  {
2084 
2085  EventLog = EventLogFilter->EventLogs[LogIndex];
2086 
2087  /* Open the event log */
2088  if (EventLog->Permanent)
2089  hEventLog = OpenEventLogW(EventLog->ComputerName, EventLog->LogName);
2090  else
2091  hEventLog = OpenBackupEventLogW(EventLog->ComputerName, EventLog->LogName); // FileName
2092 
2093  if (hEventLog == NULL)
2094  {
2096  goto Cleanup;
2097  }
2098 
2099  // GetOldestEventLogRecord(hEventLog, &dwThisRecord);
2100 
2101  /* Get the total number of event log records */
2102  GetNumberOfEventLogRecords(hEventLog, &dwTotalRecords);
2103 
2104  if (dwTotalRecords > 0)
2105  {
2108  }
2109  else
2110  {
2113  }
2114 
2115  /* Set up the event records cache */
2116  g_RecordPtrs = HeapAlloc(hProcessHeap, HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(*g_RecordPtrs));
2117  if (!g_RecordPtrs)
2118  {
2119  // ShowWin32Error(GetLastError());
2120  goto Quit;
2121  }
2122  g_TotalRecords = dwTotalRecords;
2123 
2125  goto Quit;
2126 
2127  LoadStringW(hInst, IDS_NOT_AVAILABLE, szNoUsername, ARRAYSIZE(szNoUsername));
2128  LoadStringW(hInst, IDS_NONE, szNoCategory, ARRAYSIZE(szNoCategory));
2129 
2131  uStepAt = (dwTotalRecords / 100) + 1;
2132 
2134 
2135  /* 0x7ffff is the maximum buffer size ReadEventLog will accept */
2136  dwWanted = 0x7ffff;
2137  pEvlr = HeapAlloc(hProcessHeap, 0, dwWanted);
2138 
2139  if (!pEvlr)
2140  goto Quit;
2141 
2142  while (dwStatus == ERROR_SUCCESS)
2143  {
2144  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwWanted, &dwRead, &dwNeeded);
2145  dwStatus = GetLastError();
2146 
2147  if (!bResult && dwStatus == ERROR_INSUFFICIENT_BUFFER)
2148  {
2149  pEvlr = HeapReAlloc(hProcessHeap, 0, pEvlr, dwNeeded);
2150  dwWanted = dwNeeded;
2151 
2152  if (!pEvlr)
2153  break;
2154 
2155  bResult = ReadEventLogW(hEventLog, dwFlags, 0, pEvlr, dwNeeded, &dwRead, &dwNeeded);
2156 
2157  if (!bResult)
2158  break;
2159  }
2160  else if (!bResult)
2161  {
2162  /* Exit on other errors (ERROR_HANDLE_EOF) */
2163  break;
2164  }
2165 
2166  pEvlrBuffer = (LPBYTE)pEvlr;
2167  pEvlrEnd = pEvlrBuffer + dwRead;
2168 
2169  while (pEvlrBuffer < pEvlrEnd)
2170  {
2171  PEVENTLOGRECORD pEvlrTmp = (PEVENTLOGRECORD)pEvlrBuffer;
2172  PWSTR lpszUsername, lpszCategoryName;
2173  g_RecordPtrs[dwCurrentRecord] = NULL;
2174 
2175  // ProgressBar_StepIt(hwndStatusProgress);
2176  uStep++;
2177  if (uStep % uStepAt == 0)
2178  {
2179  ++uPos;
2181  }
2182 
2184  goto Quit;
2185 
2186  /* Filter by event type */
2187  if (!FilterByType(EventLogFilter, pEvlrTmp))
2188  goto SkipEvent;
2189 
2190  /* Get the event source name and filter it */
2191  lpszSourceName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD));
2192  if (!FilterByString(EventLogFilter->Sources, lpszSourceName))
2193  goto SkipEvent;
2194 
2195  /* Get the computer name and filter it */
2196  lpszComputerName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD) + (wcslen(lpszSourceName) + 1) * sizeof(WCHAR));
2197  if (!FilterByString(EventLogFilter->ComputerNames, lpszComputerName))
2198  goto SkipEvent;
2199 
2200  /* Compute the event time */
2201  EventTimeToSystemTime(pEvlrTmp->TimeWritten, &time);
2202  GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, ARRAYSIZE(szLocalDate));
2203  GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &time, NULL, szLocalTime, ARRAYSIZE(szLocalTime));
2204 
2205  /* Get the username that generated the event, and filter it */
2206  lpszUsername = GetEventUserName(pEvlrTmp, &pLastSid, szUsername) ? szUsername : szNoUsername;
2207 
2208  if (!FilterByString(EventLogFilter->Users, lpszUsername))
2209  goto SkipEvent;
2210 
2211  // TODO: Filter by event ID and category
2212  GetEventType(pEvlrTmp->EventType, szEventTypeText);
2213 
2214  lpszCategoryName = GetEventCategory(EventLog->LogName, lpszSourceName, pEvlrTmp, szCategory) ? szCategory : szNoCategory;
2215 
2216  StringCbPrintfW(szEventID, sizeof(szEventID), L"%u", (pEvlrTmp->EventID & 0xFFFF));
2217  StringCbPrintfW(szCategoryID, sizeof(szCategoryID), L"%u", pEvlrTmp->EventCategory);
2218 
2219  g_RecordPtrs[dwCurrentRecord] = HeapAlloc(hProcessHeap, 0, pEvlrTmp->Length);
2220  RtlCopyMemory(g_RecordPtrs[dwCurrentRecord], pEvlrTmp, pEvlrTmp->Length);
2221 
2222  lviEventItem.mask = LVIF_IMAGE | LVIF_TEXT | LVIF_PARAM;
2223  lviEventItem.iItem = 0;
2224  lviEventItem.iSubItem = 0;
2225  lviEventItem.lParam = (LPARAM)g_RecordPtrs[dwCurrentRecord];
2226  lviEventItem.pszText = szEventTypeText;
2227 
2228  switch (pEvlrTmp->EventType)
2229  {
2230  case EVENTLOG_SUCCESS:
2232  lviEventItem.iImage = 0;
2233  break;
2234 
2235  case EVENTLOG_WARNING_TYPE:
2236  lviEventItem.iImage = 1;
2237  break;
2238 
2239  case EVENTLOG_ERROR_TYPE:
2240  lviEventItem.iImage = 2;
2241  break;
2242 
2244  lviEventItem.iImage = 3;
2245  break;
2246 
2248  lviEventItem.iImage = 4;
2249  break;
2250  }
2251 
2252  lviEventItem.iItem = ListView_InsertItem(hwndListView, &lviEventItem);
2253 
2254  ListView_SetItemText(hwndListView, lviEventItem.iItem, 1, szLocalDate);
2255  ListView_SetItemText(hwndListView, lviEventItem.iItem, 2, szLocalTime);
2256  ListView_SetItemText(hwndListView, lviEventItem.iItem, 3, lpszSourceName);
2257  ListView_SetItemText(hwndListView, lviEventItem.iItem, 4, lpszCategoryName);
2258  ListView_SetItemText(hwndListView, lviEventItem.iItem, 5, szEventID);
2259  ListView_SetItemText(hwndListView, lviEventItem.iItem, 6, lpszUsername);
2260  ListView_SetItemText(hwndListView, lviEventItem.iItem, 7, lpszComputerName);
2261 
2262 SkipEvent:
2263  pEvlrBuffer += pEvlrTmp->Length;
2264  dwCurrentRecord++;
2265  }
2266  }
2267 
2268 Quit:
2269 
2270  if (pEvlr)
2271  HeapFree(hProcessHeap, 0, pEvlr);
2272 
2273  /* Close the event log */
2274  CloseEventLog(hEventLog);
2275 
2276  } // end-for (LogIndex)
2277 
2278  /* All events loaded */
2279 
2280 Cleanup:
2281 
2284 
2285  // FIXME: Use something else instead of EventLog->LogName !!
2286 
2287  /*
2288  * Use a different formatting, whether the event log filter holds
2289  * only one log, or many logs (the latter case is WIP TODO!)
2290  */
2291  if (EventLogFilter->NumOfEventLogs <= 1)
2292  {
2293  StringCbPrintfW(szStatusText,
2294  sizeof(szStatusText),
2296  EventLog->LogName,
2297  dwTotalRecords,
2299  }
2300  else
2301  {
2302  // TODO: Use a different title & implement filtering for multi-log filters !!
2303  // (EventLogFilter->NumOfEventLogs > 1)
2304  }
2305 
2306  /* Update the status bar */
2307  StatusBar_SetText(hwndStatus, 0, szStatusText);
2308 
2309  /* Resume list view redraw */
2311 
2312  EventLogFilter_Release(EventLogFilter);
2313 
2316 
2317  return 0;
2318 }
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
#define MAX_LOADSTRING
Definition: eventvwr.c:62
int iImage
Definition: commctrl.h:2367
#define CloseHandle
Definition: compat.h:598
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:101
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
#define MF_BYCOMMAND
Definition: winuser.h:202
#define ERROR_SUCCESS
Definition: deptool.c:10
PWSTR LogName
Definition: eventvwr.h:90
BOOL GetEventCategory(IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
Definition: eventvwr.c:1604
#define TRUE
Definition: types.h:120
#define SW_HIDE
Definition: winuser.h:762
VOID GetEventType(IN WORD dwEventType, OUT PWCHAR eventTypeText)
Definition: eventvwr.c:1785
uint16_t * PWSTR
Definition: typedefs.h:56
#define LOCALE_USER_DEFAULT
#define DATE_SHORTDATE
Definition: winnls.h:196
#define IDS_NONE
Definition: resource.h:124
#define MAKELPARAM(l, h)
Definition: winuser.h:3984
#define WM_SETREDRAW
Definition: winuser.h:1599
DWORD g_TotalRecords
Definition: eventvwr.c:100
HMENU hMainMenu
Definition: eventvwr.c:89
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:134
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
BOOL WINAPI SetWindowTextW(_In_ HWND, _In_opt_ LPCWSTR)
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
uint16_t * PWCHAR
Definition: typedefs.h:56
#define ListView_InsertItem(hwnd, pitem)
Definition: commctrl.h:2408
__u16 time
Definition: mkdosfs.c:366
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
HWND hwndStatus
Definition: eventvwr.c:87
PWSTR ComputerNames
Definition: eventvwr.h:131
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define DWORD
Definition: nt_native.h:44
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:106
HINSTANCE hInst
Definition: eventvwr.c:67
HWND hwndMainWindow
Definition: eventvwr.c:83
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2751
#define LVIF_TEXT
Definition: commctrl.h:2309
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_POWER_POLICY_IDLE_SETTINGS Settings
Definition: wdfdevice.h:2592
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
BOOL FilterByType(IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
Definition: eventvwr.c:1904
BOOL WINAPI EnableMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
unsigned char * LPBYTE
Definition: typedefs.h:53
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2754
HANDLE hStopEnumEvent
Definition: eventvwr.c:109
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1431
int iSubItem
Definition: commctrl.h:2362
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
LPARAM lParam
Definition: commctrl.h:2368
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2758
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
VOID EventTimeToSystemTime(IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
Definition: eventvwr.c:728
HWND hwndListView
Definition: eventvwr.c:85
STRSAFEAPI StringCbPrintfW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:557
PWSTR ComputerName
Definition: eventvwr.h:87
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1437
LONG_PTR LPARAM
Definition: windef.h:208
#define ListView_GetItemCount(hwnd)
Definition: commctrl.h:2307
#define SW_SHOW
Definition: winuser.h:769
BOOL FilterByString(IN PCWSTR FilterString, IN PWSTR String)
Definition: eventvwr.c:1920
#define ListView_SetItemText(hwndLV, i, iSubItem_, pszText_)
Definition: commctrl.h:2691
struct _EVENTLOGFILTER * PEVENTLOGFILTER
HWND hwndStatusProgress
Definition: eventvwr.c:88
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2753
#define InterlockedExchangePointer(Target, Value)
Definition: dshow.h:45
#define WAIT_OBJECT_0
Definition: winbase.h:403
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2756
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2755
LPWSTR pszText
Definition: commctrl.h:2365
#define MF_ENABLED
Definition: winuser.h:128
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2748
#define MAX_PATH
Definition: compat.h:34
#define LVIF_IMAGE
Definition: commctrl.h:2310
unsigned long DWORD
Definition: ntddk_ex.h:95
#define ProgressBar_SetPos(hwndCtl, pos)
Definition: eventvwr.h:55
#define IDM_CLEAR_EVENTS
Definition: resource.h:69
UINT mask
Definition: commctrl.h:2360
WCHAR szStatusBarTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:70
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
static VOID FreeRecords(VOID)
Definition: eventvwr.c:1886
struct _EVENTLOGRECORD * PEVENTLOGRECORD
static const WCHAR L[]
Definition: oid.c:1250
#define StatusBar_SetText(hwndCtl, index, data)
Definition: eventvwr.h:66
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
LPVOID lpParameter
Definition: kernel32.h:241
#define ProgressBar_SetRange(hwndCtl, range)
Definition: eventvwr.h:57
static const WCHAR Cleanup[]
Definition: register.c:80
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:979
BOOL Permanent
Definition: eventvwr.h:94
DWORD dwStatus
Definition: mediaobj.idl:95
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
#define HeapReAlloc
Definition: compat.h:593
unsigned int UINT
Definition: ndis.h:50
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2750
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define IDS_NOT_AVAILABLE
Definition: resource.h:125
#define LVIF_PARAM
Definition: commctrl.h:2311
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:68
unsigned int ULONG
Definition: retypes.h:1
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:159
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2757
#define IDM_SAVE_EVENTLOG
Definition: resource.h:67
#define MF_GRAYED
Definition: winuser.h:129
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LVM_PROGRESS
Definition: eventvwr.c:40
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1079
BYTE * PBYTE
Definition: pedump.c:66
BOOL GetEventUserName(IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
Definition: eventvwr.c:1815
#define HeapFree(x, y, z)
Definition: compat.h:594
WCHAR szTitleTemplate[MAX_LOADSTRING]
Definition: eventvwr.c:69
#define ListView_DeleteAllItems(hwnd)
Definition: commctrl.h:2414
HANDLE hProcessHeap
Definition: kbswitch.c:25
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by StartStopEnumEventsThread().

◆ EventDetails()

INT_PTR CALLBACK EventDetails ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4294 of file eventvwr.c.

4295 {
4296  switch (uMsg)
4297  {
4298  case WM_INITDIALOG:
4299  {
4300  LONG_PTR dwStyle;
4301  INT sbVXSize, sbHYSize;
4302  RECT rcWnd, rect;
4303 
4305  if (!hWndDetailsCtrl)
4306  {
4307  EndDialog(hDlg, 0);
4308  return (INT_PTR)TRUE;
4309  }
4310 
4311  /* Create a size grip if the dialog has a sizing border */
4312  GetClientRect(hDlg, &rcWnd);
4313  dwStyle = GetWindowLongPtrW(hDlg, GWL_STYLE);
4314  sbVXSize = GetSystemMetrics(SM_CXVSCROLL);
4315  sbHYSize = GetSystemMetrics(SM_CYHSCROLL);
4316  if (dwStyle & WS_THICKFRAME /* == WS_SIZEBOX */)
4317  {
4319  NULL,
4321  rcWnd.right - sbVXSize,
4322  rcWnd.bottom - sbHYSize,
4323  sbVXSize, sbHYSize,
4324  hDlg,
4325  NULL,
4326  hInst,
4327  NULL);
4328  }
4329 
4330  // SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)hWndDetailsCtrl);
4331 
4332  /*
4333  * Compute the minimum window size (in window coordinates) by
4334  * adding the widths/heights of the "Help" and "Close" buttons,
4335  * together with the margins, and add some minimal spacing
4336  * between the buttons.
4337  */
4338  GetWindowRect(hDlg, &rcWnd);
4339  cxMin = cyMin = 0;
4340 
4341  GetWindowRect(GetDlgItem(hDlg, IDHELP), &rect);
4342  cxMin += (rect.right - rect.left) + (rect.left - rcWnd.left); // == (rect.right - rcWnd.left);
4343  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4344 
4345  GetWindowRect(GetDlgItem(hDlg, IDOK), &rect);
4346  cxMin += (rect.right - rect.left) + (rcWnd.right - rect.right); // == (rcWnd.right - rect.left);
4347  cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4348 
4349  /*
4350  * Convert the window rect from window to client coordinates
4351  * in order to retrieve the sizes of the left and top margins,
4352  * and add some extra space.
4353  */
4354  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rcWnd, sizeof(RECT)/sizeof(POINT));
4355 
4356  cxMin += -2*rcWnd.left; // Minimal spacing between the buttons == 2 * left margin
4357  cyMin += -rcWnd.top + 12; // Add some space on top
4358 
4359  GetClientRect(hDlg, &rcWnd);
4360  cxOld = rcWnd.right - rcWnd.left;
4361  cyOld = rcWnd.bottom - rcWnd.top;
4362 
4363  /* Show event info on dialog control */
4365 
4366  // SetWindowPos(hWndDetailsCtrl, NULL,
4367  // 0, 0,
4368  // (rcWnd.right - rcWnd.left),
4369  // (rcWnd.bottom - rcWnd.top),
4370  // SWP_NOZORDER | SWP_NOACTIVATE | SWP_SHOWWINDOW);
4371 
4372  /*
4373  * Hide the placeholder static control and show the event details
4374  * control instead. Note that the placeholder is here so far just
4375  * to get the dimensions right in the dialog resource editor.
4376  * I plan to remove it and use a custom control with a suitable
4377  * window class for it, that would create the event details control
4378  * instead.
4379  */
4382  return (INT_PTR)TRUE;
4383  }
4384 
4385  case WM_DESTROY:
4389  return (INT_PTR)TRUE;
4390 
4391  case WM_COMMAND:
4392  switch (LOWORD(wParam))
4393  {
4394  case IDOK:
4395  case IDCANCEL:
4396  EndDialog(hDlg, LOWORD(wParam));
4397  return (INT_PTR)TRUE;
4398 
4399  case IDHELP:
4400  MessageBoxW(hDlg,
4401  L"Help not implemented yet!",
4402  L"Event Log",
4404  return (INT_PTR)TRUE;
4405 
4406  default:
4407  break;
4408  }
4409  break;
4410 
4411  case WM_SETCURSOR:
4412  if (((HWND)wParam == hWndGrip) && (LOWORD(lParam) == HTCLIENT))
4413  {
4416  return (INT_PTR)TRUE;
4417  }
4418  break;
4419 
4420  case WM_SIZING:
4421  {
4422  /* Forbid resizing the dialog smaller than its minimal size */
4423  PRECT dragRect = (PRECT)lParam;
4424 
4425  if ((wParam == WMSZ_LEFT) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_BOTTOMLEFT))
4426  {
4427  if (dragRect->right - dragRect->left < cxMin)
4428  dragRect->left = dragRect->right - cxMin;
4429  }
4430 
4431  if ((wParam == WMSZ_RIGHT) || (wParam == WMSZ_TOPRIGHT) || (wParam == WMSZ_BOTTOMRIGHT))
4432  {
4433  if (dragRect->right - dragRect->left < cxMin)
4434  dragRect->right = dragRect->left + cxMin;
4435  }
4436 
4437  if ((wParam == WMSZ_TOP) || (wParam == WMSZ_TOPLEFT) || (wParam == WMSZ_TOPRIGHT))
4438  {
4439  if (dragRect->bottom - dragRect->top < cyMin)
4440  dragRect->top = dragRect->bottom - cyMin;
4441  }
4442 
4444  {
4445  if (dragRect->bottom - dragRect->top < cyMin)
4446  dragRect->bottom = dragRect->top + cyMin;
4447  }
4448 
4450  return (INT_PTR)TRUE;
4451  }
4452 
4453  case WM_SIZE:
4454  {
4455  INT cx = LOWORD(lParam);
4456  INT cy = HIWORD(lParam);
4457 
4458  HDWP hdwp;
4459  HWND hItemWnd;
4460  RECT rect;
4461 
4462  hdwp = BeginDeferWindowPos(4);
4463 
4464  /* Resize the event details control window */
4465 
4466  hItemWnd = hWndDetailsCtrl;
4467  GetWindowRect(hItemWnd, &rect);
4468  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4469 
4470  if (hdwp)
4471  hdwp = DeferWindowPos(hdwp,
4472  hItemWnd,
4473  HWND_TOP,
4474  0, 0,
4475  (rect.right - rect.left) + (cx - cxOld),
4476  (rect.bottom - rect.top) + (cy - cyOld),
4478 
4479  /* Move the buttons */
4480 
4481  hItemWnd = GetDlgItem(hDlg, IDHELP);
4482  GetWindowRect(hItemWnd, &rect);
4483  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4484 
4485  if (hdwp)
4486  hdwp = DeferWindowPos(hdwp,
4487  hItemWnd,
4488  HWND_TOP,
4489  rect.left,
4490  rect.top + (cy - cyOld),
4491  0, 0,
4493 
4494  hItemWnd = GetDlgItem(hDlg, IDOK);
4495  GetWindowRect(hItemWnd, &rect);
4496  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4497 
4498  if (hdwp)
4499  hdwp = DeferWindowPos(hdwp,
4500  hItemWnd,
4501  HWND_TOP,
4502  rect.left + (cx - cxOld),
4503  rect.top + (cy - cyOld),
4504  0, 0,
4506 
4507  /* Move the size grip */
4508  if (hWndGrip && hdwp)
4509  {
4511  MapWindowPoints(HWND_DESKTOP /*NULL*/, hDlg, (LPPOINT)&rect, sizeof(RECT)/sizeof(POINT));
4512 
4513  hdwp = DeferWindowPos(hdwp,
4514  hWndGrip,
4515  HWND_TOP,
4516  rect.left + (cx - cxOld),
4517  rect.top + (cy - cyOld),
4518  0, 0,
4520  }
4521 
4522  if (hdwp)
4523  EndDeferWindowPos(hdwp);
4524 
4525  /* Hide the size grip if we are in maximized mode */
4526  if (hWndGrip)
4528 
4529  cxOld = cx;
4530  cyOld = cy;
4531 
4533  return (INT_PTR)TRUE;
4534  }
4535  }
4536 
4537  return (INT_PTR)FALSE;
4538 }
#define WS_CLIPSIBLINGS
Definition: pedump.c:618
#define WS_THICKFRAME
Definition: pedump.c:630
#define WMSZ_BOTTOMRIGHT
Definition: winuser.h:2447
HDWP WINAPI BeginDeferWindowPos(_In_ int)
#define SM_CYHSCROLL
Definition: winuser.h:952
#define IDOK
Definition: winuser.h:824
static INT cyMin
Definition: eventvwr.c:4290
int WINAPI MapWindowPoints(_In_opt_ HWND hWndFrom, _In_opt_ HWND hWndTo, _Inout_updates_(cPoints) LPPOINT lpPoints, _In_ UINT cPoints)
BOOL WINAPI IsWindow(_In_opt_ HWND)
#define SIZE_MAXIMIZED
Definition: winuser.h:2483
#define TRUE
Definition: types.h:120
#define SW_HIDE
Definition: winuser.h:762
static INT cxMin
Definition: eventvwr.c:4290
LONG top
Definition: windef.h:307
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:937
static HWND hWndGrip
Definition: eventvwr.c:4289
#define HWND_TOP
Definition: winuser.h:1193
#define WMSZ_TOP
Definition: winuser.h:2442
#define WS_CHILD
Definition: pedump.c:617
#define GetWindowLongPtrW
Definition: winuser.h:4805
LONG left
Definition: windef.h:306
#define SWP_NOZORDER
Definition: winuser.h:1233
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
int32_t INT_PTR
Definition: typedefs.h:64
LONG right
Definition: windef.h:308
BOOL WINAPI DestroyWindow(_In_ HWND)
#define CreateWindowW(a, b, c, d, e, f, g, h, i, j, k)
Definition: winuser.h:4292
int32_t INT
Definition: typedefs.h:58
& rect
Definition: startmenu.cpp:1413
WPARAM wParam
Definition: combotst.c:138
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
HINSTANCE hInst
Definition: eventvwr.c:67
#define DWLP_MSGRESULT
Definition: winuser.h:864
#define WMSZ_TOPLEFT
Definition: winuser.h:2443
#define IDHELP
Definition: resource_2.h:8
#define EVT_DISPLAY
Definition: evtdetctl.h:15
#define IDC_SIZENWSE
Definition: winuser.h:687
#define FALSE
Definition: types.h:117
#define WM_SETCURSOR
Definition: winuser.h:1619
BOOL WINAPI EndDeferWindowPos(_In_ HDWP)
_Out_opt_ int _Out_opt_ int * cy
Definition: commctrl.h:585
#define WM_SIZING
Definition: winuser.h:1790
#define SW_SHOW
Definition: winuser.h:769
#define WM_DESTROY
Definition: winuser.h:1592
static INT cxOld
Definition: eventvwr.c:4291
#define SBS_SIZEGRIP
Definition: winuser.h:332
HDWP WINAPI DeferWindowPos(_In_ HDWP, _In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
HWND WINAPI GetDlgItem(_In_opt_ HWND, _In_ int)
#define WM_SIZE
Definition: winuser.h:1594
#define SWP_NOACTIVATE
Definition: winuser.h:1228
#define SBS_SIZEBOXBOTTOMRIGHTALIGN
Definition: winuser.h:330
#define WMSZ_RIGHT
Definition: winuser.h:2441
int WINAPI GetSystemMetrics(_In_ int)
#define IDC_STATIC
Definition: resource.h:4
HCURSOR WINAPI LoadCursorW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
Definition: cursoricon.c:2074
#define MB_ICONINFORMATION
Definition: winuser.h:796
static const WCHAR L[]
Definition: oid.c:1250
#define WM_COMMAND
Definition: winuser.h:1723
#define WMSZ_BOTTOM
Definition: winuser.h:2445
static HWND hWndDetailsCtrl
Definition: eventvwr.c:4288
#define SWP_NOSIZE
Definition: winuser.h:1231
#define GWL_STYLE
Definition: winuser.h:846
BOOL WINAPI GetClientRect(_In_ HWND, _Out_ LPRECT)
HCURSOR WINAPI SetCursor(_In_opt_ HCURSOR)
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define HWND_DESKTOP
Definition: winuser.h:1195
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
#define SM_CXVSCROLL
Definition: winuser.h:951
#define WC_SCROLLBARW
Definition: commctrl.h:4729
_Out_opt_ int * cx
Definition: commctrl.h:585
#define HIWORD(l)
Definition: typedefs.h:247
LONG bottom
Definition: windef.h:309
#define SWP_NOMOVE
Definition: winuser.h:1230
BOOL WINAPI GetWindowRect(_In_ HWND, _Out_ LPRECT)
#define SetWindowLongPtrW
Definition: winuser.h:5322
struct tagRECT * PRECT
#define HTCLIENT
Definition: winuser.h:2451
#define IDCANCEL
Definition: winuser.h:825
#define WS_VISIBLE
Definition: pedump.c:620
#define WM_INITDIALOG
Definition: winuser.h:1722
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define WMSZ_LEFT
Definition: winuser.h:2440
#define WMSZ_TOPRIGHT
Definition: winuser.h:2444
#define WMSZ_BOTTOMLEFT
Definition: winuser.h:2446
static INT cyOld
Definition: eventvwr.c:4291

Referenced by WndProc().

◆ EventLog_Free()

VOID EventLog_Free ( IN PEVENTLOG  EventLog)

Definition at line 1337 of file eventvwr.c.

1338 {
1339  if (EventLog->LogName)
1340  HeapFree(GetProcessHeap(), 0, EventLog->LogName);
1341 
1342  if (EventLog->ComputerName)
1343  HeapFree(GetProcessHeap(), 0, EventLog->ComputerName);
1344 
1345  if (EventLog->FileName)
1346  HeapFree(GetProcessHeap(), 0, EventLog->FileName);
1347 
1348  HeapFree(GetProcessHeap(), 0, EventLog);
1349 }
#define GetProcessHeap()
Definition: compat.h:595
#define HeapFree(x, y, z)
Definition: compat.h:594

Referenced by BuildLogListAndFilterList(), FreeLogList(), and OpenUserEventLogFile().

◆ EventLogFilter_AddRef()

LONG EventLogFilter_AddRef ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1431 of file eventvwr.c.

1432 {
1433  ASSERT(EventLogFilter);
1434  return InterlockedIncrement(&EventLogFilter->ReferenceCount);
1435 }
#define ASSERT(a)
Definition: mode.c:44
#define InterlockedIncrement
Definition: armddk.h:53

Referenced by ClearEvents(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogFilter_Free()

VOID EventLogFilter_Free ( IN PEVENTLOGFILTER  EventLogFilter)

Definition at line 1417 of file eventvwr.c.

1418 {
1419  if (EventLogFilter->Sources)
1420  HeapFree(GetProcessHeap(), 0, EventLogFilter->Sources);
1421 
1422  if (EventLogFilter->Users)
1423  HeapFree(GetProcessHeap(), 0, EventLogFilter->Users);
1424 
1425  if (EventLogFilter->ComputerNames)
1426  HeapFree(GetProcessHeap(), 0, EventLogFilter->ComputerNames);
1427 
1428  HeapFree(GetProcessHeap(), 0, EventLogFilter);
1429 }
#define GetProcessHeap()
Definition: compat.h:595
#define HeapFree(x, y, z)
Definition: compat.h:594

Referenced by EventLogFilter_Release(), and FreeLogFilterList().

◆ EventLogFilter_Release()

LONG EventLogFilter_Release ( IN PEVENTLOGFILTER  EventLogFilter)

RemoveEntryList(&EventLogFilter->ListEntry);

Definition at line 1437 of file eventvwr.c.

1438 {
1439  LONG RefCount;
1440 
1441  ASSERT(EventLogFilter);
1442 
1443  /* When the reference count reaches zero, delete the filter */
1444  RefCount = InterlockedDecrement(&EventLogFilter->ReferenceCount);
1445  if (RefCount <= 0)
1446  {
1447  /* Remove the filter from the list */
1449  EventLogFilter_Free(EventLogFilter);
1450  }
1451 
1452  return RefCount;
1453 }
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1417
long LONG
Definition: pedump.c:60
#define ASSERT(a)
Definition: mode.c:44
#define InterlockedDecrement
Definition: armddk.h:52

Referenced by ClearEvents(), CloseUserEventLog(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().

◆ EventLogProperties()

INT_PTR EventLogProperties ( HINSTANCE  hInstance,
HWND  hWndParent,
PEVENTLOGFILTER  EventLogFilter 
)

Definition at line 4228 of file eventvwr.c.

4229 {
4230  INT_PTR ret = 0;
4231  PROPSHEETHEADERW psh;
4232  PROPSHEETPAGEW psp[1]; // 2
4233 
4234  /*
4235  * Bail out if there is no available filter, or if the filter
4236  * contains more than one log.
4237  */
4238  if (!EventLogFilter)
4239  return 0;
4240 
4241  EventLogFilter_AddRef(EventLogFilter);
4242 
4243  if (EventLogFilter->NumOfEventLogs > 1 ||
4244  EventLogFilter->EventLogs[0] == NULL)
4245  {
4246  goto Quit;
4247  }
4248 
4249  /* Header */
4250  psh.dwSize = sizeof(psh);
4251  psh.dwFlags = PSH_PROPSHEETPAGE /*| PSH_USEICONID */ | PSH_PROPTITLE | PSH_HASHELP /*| PSH_NOCONTEXTHELP */ /*| PSH_USECALLBACK */;
4252  psh.hInstance = hInstance;
4253  psh.hwndParent = hWndParent;
4254  // psh.pszIcon = MAKEINTRESOURCEW(IDI_APPICON); // Disabled because it only sets the small icon; the big icon is a stretched version of the small one.
4255  psh.pszCaption = EventLogFilter->EventLogs[0]->LogName;
4256  psh.nStartPage = 0;
4257  psh.ppsp = psp;
4258  psh.nPages = ARRAYSIZE(psp);
4259  // psh.pfnCallback = PropSheetCallback;
4260 
4261  /* Log properties page */
4262  psp[0].dwSize = sizeof(psp[0]);
4263  psp[0].dwFlags = PSP_HASHELP;
4264  psp[0].hInstance = hInstance;
4266  psp[0].pfnDlgProc = EventLogPropProc;
4267  psp[0].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4268 
4269 #if 0
4270  /* TODO: Log sources page */
4271  psp[1].dwSize = sizeof(psp[1]);
4272  psp[1].dwFlags = PSP_HASHELP;
4273  psp[1].hInstance = hInstance;
4275  psp[1].pfnDlgProc = GeneralPageWndProc;
4276  psp[1].lParam = (LPARAM)EventLogFilter->EventLogs[0];
4277 #endif
4278 
4279  /* Create the property sheet */
4280  ret = PropertySheetW(&psh);
4281 
4282 Quit:
4283  EventLogFilter_Release(EventLogFilter);
4284  return ret;
4285 }
HWND hwndParent
Definition: prsht.h:295
PEVENTLOG EventLogs[ANYSIZE_ARRAY]
Definition: eventvwr.h:135
LPCPROPSHEETPAGEW ppsp
Definition: prsht.h:308
LPCWSTR pszTemplate
Definition: prsht.h:218
PWSTR LogName
Definition: eventvwr.h:90
INT_PTR CALLBACK EventLogPropProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
Definition: eventvwr.c:4107
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
ULONG NumOfEventLogs
Definition: eventvwr.h:134
int32_t INT_PTR
Definition: typedefs.h:64
HINSTANCE hInstance
Definition: charmap.c:20
DWORD dwSize
Definition: prsht.h:214
LPCWSTR pszCaption
Definition: prsht.h:301
DLGPROC pfnDlgProc
Definition: prsht.h:226
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1431
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1437
LONG_PTR LPARAM
Definition: windef.h:208
INT_PTR WINAPI PropertySheetW(LPCPROPSHEETHEADERW lppsh)
Definition: propsheet.c:2905
#define PSH_PROPTITLE
Definition: prsht.h:40
HINSTANCE hInstance
Definition: prsht.h:296
#define PSH_HASHELP
Definition: prsht.h:49
DWORD dwSize
Definition: prsht.h:293
DWORD dwFlags
Definition: prsht.h:294
int ret
LPARAM lParam
Definition: prsht.h:227
HINSTANCE hInstance
Definition: prsht.h:216
#define IDD_GENERAL_PAGE
Definition: resource.h:6
#define IDD_LOGPROPERTIES_GENERAL
Definition: resource.h:25
#define PSH_PROPSHEETPAGE
Definition: prsht.h:43
#define NULL
Definition: types.h:112
#define PSP_HASHELP
Definition: prsht.h:28
#define MAKEINTRESOURCEW(i)
Definition: winuser.h:582
INT_PTR CALLBACK GeneralPageWndProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
Definition: generalpage.c:25
DWORD dwFlags
Definition: prsht.h:215
UINT nStartPage
Definition: prsht.h:304

Referenced by WndProc().

◆ EventLogPropProc()

INT_PTR CALLBACK EventLogPropProc ( HWND  hDlg,
UINT  uMsg,
WPARAM  wParam,
LPARAM  lParam 
)

Definition at line 4107 of file eventvwr.c.

4108 {
4109  PEVENTLOG EventLog;
4111 
4112  EventLog = (PEVENTLOG)GetWindowLongPtrW(hDlg, DWLP_USER);
4113 
4114  switch (uMsg)
4115  {
4116  case WM_INITDIALOG:
4117  {
4118  EventLog = (PEVENTLOG)((LPPROPSHEETPAGE)lParam)->lParam;
4119  SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)EventLog);
4120 
4121  InitPropertiesDlg(hDlg, EventLog);
4122 
4123  PropSheet_UnChanged(GetParent(hDlg), hDlg);
4124  return (INT_PTR)TRUE;
4125  }
4126 
4127  case WM_DESTROY:
4128  return (INT_PTR)TRUE;
4129 
4130  case WM_NOTIFY:
4131  switch (((LPNMHDR)lParam)->code)
4132  {
4133  case PSN_APPLY:
4134  PropSheet_UnChanged(GetParent(hDlg), hDlg);
4135  SavePropertiesDlg(hDlg, EventLog);
4136  return (INT_PTR)TRUE;
4137  }
4138  break;
4139 
4140  case WM_COMMAND:
4141  switch (LOWORD(wParam))
4142  {
4143  case IDOK:
4144  case IDCANCEL:
4145  EndDialog(hDlg, LOWORD(wParam));
4146  return (INT_PTR)TRUE;
4147 
4148  case ID_CLEARLOG:
4149  {
4150  PEVENTLOGFILTER EventLogFilter = GetSelectedFilter(NULL);
4151  if (EventLogFilter && ClearEvents(EventLogFilter))
4152  {
4153  Refresh(EventLogFilter);
4154  InitPropertiesDlg(hDlg, EventLog);
4155  }
4156  return (INT_PTR)TRUE;
4157  }
4158 
4159  case IDC_EDIT_EVENTS_AGE:
4160  case IDC_EDIT_MAXLOGSIZE:
4161  if (HIWORD(wParam) == EN_CHANGE)
4162  {
4163  PropSheet_Changed(GetParent(hDlg), hDlg);
4164  }
4165  return (INT_PTR)TRUE;
4166 
4168  {
4172  PropSheet_Changed(GetParent(hDlg), hDlg);
4173  return (INT_PTR)TRUE;
4174  }
4175 
4177  {
4181  PropSheet_Changed(GetParent(hDlg), hDlg);
4182  return (INT_PTR)TRUE;
4183  }
4184 
4185  case IDC_NO_OVERWRITE:
4186  {
4190  PropSheet_Changed(GetParent(hDlg), hDlg);
4191  return (INT_PTR)TRUE;
4192  }
4193 
4194  case IDC_RESTOREDEFAULTS:
4195  {
4197 
4199  {
4201  /* Workstation: 512 KB; Server: 16384 KB */
4202  SetDlgItemInt(hDlg, IDC_EDIT_MAXLOGSIZE, 5120, FALSE);
4206  PropSheet_Changed(GetParent(hDlg), hDlg);
4207  }
4208  return (INT_PTR)TRUE;
4209  }
4210 
4211  case IDHELP:
4212  MessageBoxW(hDlg,
4213  L"Help not implemented yet!",
4214  L"Event Log",
4216  return (INT_PTR)TRUE;
4217 
4218  default:
4219  break;
4220  }
4221  break;
4222  }
4223 
4224  return (INT_PTR)FALSE;
4225 }
#define MAX_LOADSTRING
Definition: eventvwr.c:62
#define IDOK
Definition: winuser.h:824
#define IDYES
Definition: winuser.h:829
#define TRUE
Definition: types.h:120
#define IDC_RESTOREDEFAULTS
Definition: resource.h:60
#define GetWindowLongPtrW
Definition: winuser.h:4805
#define PSN_APPLY
Definition: prsht.h:117
int32_t INT_PTR
Definition: typedefs.h:64
#define IDC_NO_OVERWRITE
Definition: resource.h:59
#define IDC_OVERWRITE_AS_NEEDED
Definition: resource.h:55
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
WPARAM wParam
Definition: combotst.c:138
HINSTANCE hInst
Definition: eventvwr.c:67
#define IDHELP
Definition: resource_2.h:8
static VOID SavePropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:4048
VOID Refresh(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:2685
#define FALSE
Definition: types.h:117
#define MB_YESNO
Definition: winuser.h:811
static const WCHAR szText[]
Definition: dialog.c:139
#define LPPROPSHEETPAGE
Definition: prsht.h:390
#define MB_ICONQUESTION
Definition: winuser.h:783
#define WM_DESTROY
Definition: winuser.h:1592
int WINAPI MessageBoxW(_In_opt_ HWND, _In_opt_ LPCWSTR, _In_opt_ LPCWSTR, _In_ UINT)
#define PropSheet_UnChanged(d, w)
Definition: prsht.h:358
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define PropSheet_Changed(d, w)
Definition: prsht.h:344
#define IDC_OVERWRITE_OLDER_THAN
Definition: resource.h:56
#define _countof(array)
Definition: sndvol32.h:68
PEVENTLOGFILTER GetSelectedFilter(OUT HTREEITEM *phti OPTIONAL)
Definition: eventvwr.c:2447
struct _EVENTLOG * PEVENTLOG
#define MB_ICONINFORMATION
Definition: winuser.h:796
BOOL WINAPI SetDlgItemInt(_In_ HWND, _In_ int, _In_ UINT, _In_ BOOL)
static const WCHAR L[]
Definition: oid.c:1250
#define DWLP_USER
Definition: winuser.h:866
static VOID InitPropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:3858
#define WM_COMMAND
Definition: winuser.h:1723
Definition: inflate.c:139
HWND WINAPI GetParent(_In_ HWND)
#define EnableDlgItem(hDlg, nID, bEnable)
Definition: eventvwr.h:52
#define IDC_EDIT_MAXLOGSIZE
Definition: resource.h:53
#define IDC_EDIT_EVENTS_AGE
Definition: resource.h:57
__int3264 LONG_PTR
Definition: mstsclib_h.h:276
#define NULL
Definition: types.h:112
#define MB_OK
Definition: winuser.h:784
#define IDS_RESTOREDEFAULTS
Definition: resource.h:98
#define ID_CLEARLOG
Definition: resource.h:62
WCHAR szTitle[MAX_LOADSTRING]
Definition: eventvwr.c:68
#define HIWORD(l)
Definition: typedefs.h:247
BOOL WINAPI CheckRadioButton(_In_ HWND, _In_ int, _In_ int, _In_ int)
#define SetWindowLongPtrW
Definition: winuser.h:5322
#define IDCANCEL
Definition: winuser.h:825
#define WM_INITDIALOG
Definition: winuser.h:1722
LPARAM lParam
Definition: combotst.c:139
#define LOWORD(l)
Definition: pedump.c:82
#define WM_NOTIFY
Definition: richedit.h:61
BOOL ClearEvents(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:2627
#define IDC_UPDOWN_EVENTS_AGE
Definition: resource.h:58
#define EN_CHANGE
Definition: winuser.h:2005

Referenced by EventLogProperties().

◆ EventTimeToSystemTime()

VOID EventTimeToSystemTime ( IN DWORD  EventTime,
OUT PSYSTEMTIME  pSystemTime 
)

Definition at line 728 of file eventvwr.c.

730 {
731  SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
732  FILETIME ftLocal;
733  union
734  {
735  FILETIME ft;
736  ULONGLONG ll;
737  } u1970, uUCT;
738 
739  uUCT.ft.dwHighDateTime = 0;
740  uUCT.ft.dwLowDateTime = EventTime;
741  SystemTimeToFileTime(&st1970, &u1970.ft);
742  uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
743  FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
744  FileTimeToSystemTime(&ftLocal, pSystemTime);
745 }
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:221
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:188
uint64_t ULONGLONG
Definition: typedefs.h:67
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:158
w ll
Definition: byte_order.h:166

Referenced by EnumEventsThread().

◆ FilterByString()

BOOL FilterByString ( IN PCWSTR  FilterString,
IN PWSTR  String 
)

Definition at line 1920 of file eventvwr.c.

1922 {
1923  PCWSTR pStr;
1924 
1925  /* The filter string is NULL so it does not filter anything */
1926  if (!FilterString)
1927  return TRUE;
1928 
1929  /*
1930  * If the filter string filters for an empty string AND the source string
1931  * is an empty string, we have a match (particular case of the last one).
1932  */
1933  if (!*FilterString && !*String)
1934  return TRUE;
1935 
1936  // if (*FilterString || *String)
1937 
1938  /*
1939  * If the filter string is empty BUT the source string is not empty,
1940  * OR vice-versa, we cannot have a match.
1941  */
1942  if ( (!*FilterString && *String) || (*FilterString && !*String) )
1943  return FALSE;
1944 
1945  /*
1946  * If the filter string filters for at least a non-empty string,
1947  * browse it and search for a string that matches the source string.
1948  */
1949  // else if (*FilterString && *String)
1950  {
1951  pStr = FilterString;
1952  while (*pStr)
1953  {
1954  if (wcsicmp(pStr, String) == 0)
1955  {
1956  /* We have a match, break the loop */
1957  break;
1958  }
1959 
1960  pStr += (wcslen(pStr) + 1);
1961  }
1962  if (!*pStr) // && *String
1963  {
1964  /* We do not have a match */
1965  return FALSE;
1966  }
1967  }
1968 
1969  /* We have a match */
1970  return TRUE;
1971 }
const uint16_t * PCWSTR
Definition: typedefs.h:57
#define TRUE
Definition: types.h:120
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2430
#define FALSE
Definition: types.h:117
#define wcsicmp
Definition: compat.h:15
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by EnumEventsThread().

◆ FilterByType()

BOOL FilterByType ( IN PEVENTLOGFILTER  EventLogFilter,
IN PEVENTLOGRECORD  pevlr 
)

Definition at line 1904 of file eventvwr.c.

1906 {
1907  if ((pevlr->EventType == EVENTLOG_SUCCESS && !EventLogFilter->Information ) ||
1908  (pevlr->EventType == EVENTLOG_INFORMATION_TYPE && !EventLogFilter->Information ) ||
1909  (pevlr->EventType == EVENTLOG_WARNING_TYPE && !EventLogFilter->Warning ) ||
1910  (pevlr->EventType == EVENTLOG_ERROR_TYPE && !EventLogFilter->Error ) ||
1911  (pevlr->EventType == EVENTLOG_AUDIT_SUCCESS && !EventLogFilter->AuditSuccess) ||
1912  (pevlr->EventType == EVENTLOG_AUDIT_FAILURE && !EventLogFilter->AuditFailure))
1913  {
1914  return FALSE;
1915  }
1916  return TRUE;
1917 }
#define TRUE
Definition: types.h:120
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2754
#define FALSE
Definition: types.h:117
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2758
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2753
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2756
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2755
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2757

Referenced by EnumEventsThread().

◆ FormatByteSize()

UINT FormatByteSize ( LONGLONG  cbSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1176 of file eventvwr.c.

1177 {
1178  UINT cchWritten, cchRemaining;
1179  LPWSTR pwszEnd;
1180  size_t cchStringRemaining;
1181 
1182  /* Write formated bytes count */
1183  cchWritten = FormatInteger(cbSize, pwszResult, cchResultMax);
1184  if (!cchWritten)
1185  return 0;
1186 
1187  /* Copy " bytes" to buffer */
1188  pwszEnd = pwszResult + cchWritten;
1189  cchRemaining = cchResultMax - cchWritten;
1190  StringCchCopyExW(pwszEnd, cchRemaining, L" ", &pwszEnd, &cchStringRemaining, 0);
1191  cchRemaining = (UINT)cchStringRemaining;
1192  cchWritten = LoadStringW(hInst, IDS_BYTES_FORMAT, pwszEnd, cchRemaining);
1193  cchRemaining -= cchWritten;
1194 
1195  return cchResultMax - cchRemaining;
1196 }
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:67
#define IDS_BYTES_FORMAT
Definition: resource.h:111
static const WCHAR L[]
Definition: oid.c:1250
UINT FormatInteger(LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1116
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
unsigned int UINT
Definition: ndis.h:50
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by FormatFileSizeWithBytes().

◆ FormatFileSizeWithBytes()

LPWSTR FormatFileSizeWithBytes ( const PULARGE_INTEGER  lpQwSize,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1199 of file eventvwr.c.

1200 {
1201  UINT cchWritten, cchRemaining;
1202  LPWSTR pwszEnd;
1203  size_t cchCopyRemaining;
1204 
1205  /* Format bytes in KBs, MBs etc */
1206  if (StrFormatByteSizeW(lpQwSize->QuadPart, pwszResult, cchResultMax) == NULL)
1207  return NULL;
1208 
1209  /* If there is less bytes than 1KB, we have nothing to do */
1210  if (lpQwSize->QuadPart < 1024)
1211  return pwszResult;
1212 
1213  /* Concatenate " (" */
1214  cchWritten = (UINT)wcslen(pwszResult);
1215  pwszEnd = pwszResult + cchWritten;
1216  cchRemaining = cchResultMax - cchWritten;
1217  StringCchCopyExW(pwszEnd, cchRemaining, L" (", &pwszEnd, &cchCopyRemaining, 0);
1218  cchRemaining = (UINT)cchCopyRemaining;
1219 
1220  /* Write formated bytes count */
1221  cchWritten = FormatByteSize(lpQwSize->QuadPart, pwszEnd, cchRemaining);
1222  pwszEnd += cchWritten;
1223  cchRemaining -= cchWritten;
1224 
1225  /* Copy ")" to the buffer */
1226  StringCchCopyW(pwszEnd, cchRemaining, L")");
1227 
1228  return pwszResult;
1229 }
LPWSTR WINAPI StrFormatByteSizeW(LONGLONG llBytes, LPWSTR lpszDest, UINT cchMax)
Definition: string.c:2380
ULONGLONG QuadPart
Definition: ms-dtyp.idl:185
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
static const WCHAR L[]
Definition: oid.c:1250
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
UINT FormatByteSize(LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1176
unsigned int UINT
Definition: ndis.h:50
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by InitPropertiesDlg().

◆ FormatInteger()

UINT FormatInteger ( LONGLONG  Num,
LPWSTR  pwszResult,
UINT  cchResultMax 
)

Definition at line 1116 of file eventvwr.c.

1117 {
1118  WCHAR wszNumber[24];
1119  WCHAR wszDecimalSep[8], wszThousandSep[8];
1120  NUMBERFMTW nf;
1121  WCHAR wszGrouping[12];
1122  INT cchGrouping;
1123  INT cchResult;
1124  INT i;
1125 
1126  // Print the number in uniform mode
1127  swprintf(wszNumber, L"%I64u", Num);
1128 
1129  // Get system strings for decimal and thousand separators.
1130  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_SDECIMAL, wszDecimalSep, _countof(wszDecimalSep));
1131  GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_STHOUSAND, wszThousandSep, _countof(wszThousandSep));
1132 
1133  // Initialize format for printing the number in bytes
1134  ZeroMemory(&nf, sizeof(nf));
1135  nf.lpDecimalSep = wszDecimalSep;
1136  nf.lpThousandSep = wszThousandSep;
1137 
1138  // Get system string for groups separator
1139  cchGrouping = GetLocaleInfoW(LOCALE_USER_DEFAULT,
1141  wszGrouping,
1142  _countof(wszGrouping));
1143 
1144  // Convert grouping specs from string to integer
1145  for (i = 0; i < cchGrouping; i++)
1146  {
1147  WCHAR wch = wszGrouping[i];
1148 
1149  if (wch >= L'0' && wch <= L'9')
1150  nf.Grouping = nf.Grouping * 10 + (wch - L'0');
1151  else if (wch != L';')
1152  break;
1153  }
1154 
1155  if ((nf.Grouping % 10) == 0)
1156  nf.Grouping /= 10;
1157  else
1158  nf.Grouping *= 10;
1159 
1160  // Format the number
1162  0,
1163  wszNumber,
1164  &nf,
1165  pwszResult,
1166  cchResultMax);
1167 
1168  if (!cchResult)
1169  return 0;
1170 
1171  // GetNumberFormatW returns number of characters including UNICODE_NULL
1172  return cchResult - 1;
1173 }
LPWSTR lpThousandSep
Definition: winnls.h:646
#define LOCALE_SGROUPING
Definition: winnls.h:44
LPWSTR lpDecimalSep
Definition: winnls.h:645
#define LOCALE_USER_DEFAULT
UINT Grouping
Definition: winnls.h:644
#define ZeroMemory
Definition: winbase.h:1664
#define swprintf
Definition: precomp.h:40
int32_t INT
Definition: typedefs.h:58
INT WINAPI GetLocaleInfoW(LCID lcid, LCTYPE lctype, LPWSTR buffer, INT len)
Definition: lang.c:1098
#define LOCALE_STHOUSAND
Definition: winnls.h:43
#define LOCALE_SDECIMAL
Definition: winnls.h:42
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define _countof(array)
Definition: sndvol32.h:68
static const WCHAR L[]
Definition: oid.c:1250
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
INT WINAPI GetNumberFormatW(LCID lcid, DWORD dwFlags, LPCWSTR lpszValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchOut)
Definition: lcformat.c:1198

Referenced by FormatByteSize().

◆ FreeLogFilterList()

VOID FreeLogFilterList ( VOID  )

Definition at line 3030 of file eventvwr.c.

3031 {
3033  PEVENTLOGFILTER EventLogFilter;
3034 
3035  while (!IsListEmpty(&EventLogFilterList))
3036  {
3038  EventLogFilter = (PEVENTLOGFILTER)CONTAINING_RECORD(Entry, EVENTLOGFILTER, ListEntry);
3039  EventLogFilter_Free(EventLogFilter);
3040  }
3041 
3042  ActiveFilter = NULL;
3043 
3044  return;
3045 }
struct _Entry Entry
Definition: kefuncs.h:627
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1417
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
PEVENTLOGFILTER ActiveFilter
Definition: eventvwr.c:106
LIST_ENTRY EventLogFilterList
Definition: eventvwr.c:105
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOGFILTER * PEVENTLOGFILTER
Definition: typedefs.h:119
#define NULL
Definition: types.h:112
base of all file and directory entries
Definition: entries.h:82

Referenced by wWinMain().

◆ FreeLogList()

VOID FreeLogList ( VOID  )

Definition at line 3014 of file eventvwr.c.

3015 {
3017  PEVENTLOG EventLog;
3018 
3019  while (!IsListEmpty(&EventLogList))
3020  {
3022  EventLog = (PEVENTLOG)CONTAINING_RECORD(Entry, EVENTLOG, ListEntry);
3023  EventLog_Free(EventLog);
3024  }
3025 
3026  return;
3027 }
struct _Entry Entry
Definition: kefuncs.h:627
_Must_inspect_result_ FORCEINLINE BOOLEAN IsListEmpty(_In_ const LIST_ENTRY *ListHead)
Definition: rtlfuncs.h:57
FORCEINLINE PLIST_ENTRY RemoveHeadList(_Inout_ PLIST_ENTRY ListHead)
Definition: rtlfuncs.h:128
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
struct _EVENTLOG * PEVENTLOG
Definition: typedefs.h:119
LIST_ENTRY EventLogList
Definition: eventvwr.c:104
VOID EventLog_Free(IN PEVENTLOG EventLog)
Definition: eventvwr.c:1337
base of all file and directory entries
Definition: entries.h:82

Referenced by wWinMain().

◆ FreeRecords()

static VOID FreeRecords ( VOID  )
static

Definition at line 1886 of file eventvwr.c.

1887 {
1888  DWORD iIndex;
1889 
1890  if (!g_RecordPtrs)
1891  return;
1892 
1893  for (iIndex = 0; iIndex < g_TotalRecords; iIndex++)
1894  {
1895  if (g_RecordPtrs[iIndex])
1896  HeapFree(GetProcessHeap(), 0, g_RecordPtrs[iIndex]);
1897  }
1899  g_RecordPtrs = NULL;
1900  g_TotalRecords = 0;
1901 }
PEVENTLOGRECORD * g_RecordPtrs
Definition: eventvwr.c:101
DWORD g_TotalRecords
Definition: eventvwr.c:100
#define GetProcessHeap()
Definition: compat.h:595
unsigned long DWORD
Definition: ntddk_ex.h:95
#define NULL
Definition: types.h:112
#define HeapFree(x, y, z)
Definition: compat.h:594

Referenced by EnumEventsThread(), and StartStopEnumEventsThread().

◆ GetDisplayNameFileAndID()

BOOL GetDisplayNameFileAndID ( IN LPCWSTR  lpLogName,
OUT PWCHAR  lpModuleName,
OUT PDWORD  pdwMessageID 
)

Definition at line 2724 of file eventvwr.c.

2727 {
2728  BOOL Success = FALSE;
2729  LONG Result;
2730  HKEY hLogKey;
2731  WCHAR *KeyPath;
2732  SIZE_T cbKeyPath;
2733  DWORD dwType, cbData;
2734  DWORD dwMessageID = 0;
2736 
2737  /* Use a default value for the message ID */
2738  *pdwMessageID = 0;
2739 
2740  cbKeyPath = (wcslen(EVENTLOG_BASE_KEY) + wcslen(lpLogName) + 1) * sizeof(WCHAR);
2741  KeyPath = HeapAlloc(GetProcessHeap(), 0, cbKeyPath);
2742  if (!KeyPath)
2743  {
2745  return FALSE;
2746  }
2747 
2748  StringCbCopyW(KeyPath, cbKeyPath, EVENTLOG_BASE_KEY);
2749  StringCbCatW(KeyPath, cbKeyPath, lpLogName);
2750 
2751  Result = RegOpenKeyExW(hkMachine, KeyPath, 0, KEY_QUERY_VALUE, &hLogKey);
2752  HeapFree(GetProcessHeap(), 0, KeyPath);
2753  if (Result != ERROR_SUCCESS)
2754  {
2756  return FALSE;
2757  }
2758 
2759  cbData = sizeof(szModuleName);
2760  Result = RegQueryValueExW(hLogKey,
2761  L"DisplayNameFile",
2762  NULL,
2763  &dwType,
2765  &cbData);
2766  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
2767  {
2769  }
2770  else
2771  {
2772  /* NULL-terminate the string and expand it */
2773  szModuleName[cbData / sizeof(WCHAR) - 1] = UNICODE_NULL;
2775  Success = TRUE;
2776  }
2777 
2778  /*
2779  * If we have a 'DisplayNameFile', query for 'DisplayNameID';
2780  * otherwise it's not really useful. 'DisplayNameID' is optional.
2781  */
2782  if (Success)
2783  {
2784  cbData = sizeof(dwMessageID);
2785  Result = RegQueryValueExW(hLogKey,
2786  L"DisplayNameID",
2787  NULL,
2788  &dwType,
2789  (LPBYTE)&dwMessageID,
2790  &cbData);
2791  if ((Result != ERROR_SUCCESS) || (dwType != REG_DWORD))
2792  dwMessageID = 0;
2793 
2794  *pdwMessageID = dwMessageID;
2795  }
2796 
2797  RegCloseKey(hLogKey);
2798 
2799  return Success;
2800 }
#define ERROR_SUCCESS
Definition: deptool.c:10
#define TRUE
Definition: types.h:120
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:97
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
long LONG
Definition: pedump.c:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1470
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4116
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:43
static const WCHAR L[]
Definition: oid.c:1250
LPWSTR lpComputerName
Definition: eventvwr.c:93
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366
VOID ShowWin32Error(IN DWORD dwError)
Definition: eventvwr.c:159
LPCWSTR LPCWSTR szModuleName
Definition: env.c:37
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
#define REG_DWORD
Definition: sdbapi.c:596
#define HeapFree(x, y, z)
Definition: compat.h:594
#define REG_SZ
Definition: layer.c:22

Referenced by BuildLogListAndFilterList().

◆ GetEventCategory()

BOOL GetEventCategory ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  CategoryName 
)

Definition at line 1604 of file eventvwr.c.

1608 {
1609  BOOL Success = FALSE;
1610  WCHAR szMessageDLL[MAX_PATH];
1611  LPWSTR lpMsgBuf = NULL;
1612 
1614  goto Quit;
1615 
1616  /* Retrieve the message string without appending extra newlines */
1617  lpMsgBuf =
1618  GetMessageStringFromDllList(szMessageDLL,
1621  pevlr->EventCategory,
1623  NULL);
1624  if (lpMsgBuf)
1625  {
1626  /* Trim the string */
1627  TrimNulls(lpMsgBuf);
1628 
1629  /* Copy the category name */
1630  StringCchCopyW(CategoryName, MAX_PATH, lpMsgBuf);
1631 
1632  /* Free the buffer allocated by FormatMessage */
1633  LocalFree(lpMsgBuf);
1634 
1635  /* The ID was found and the message was formatted */
1636  Success = TRUE;
1637  }
1638 
1639 Quit:
1640  if (!Success)
1641  {
1642  if (pevlr->EventCategory != 0)
1643  {
1644  StringCchPrintfW(CategoryName, MAX_PATH, L"(%lu)", pevlr->EventCategory);
1645  Success = TRUE;
1646  }
1647  }
1648 
1649  return Success;
1650 }
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1456
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:422
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:416
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:419
#define EVENT_CATEGORY_MESSAGE_FILE
Definition: eventvwr.c:58
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
static const WCHAR L[]
Definition: oid.c:1250
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:417
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1543
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:857
#define EVENT_MESSAGE_FILE_BUFFER
Definition: eventvwr.c:56

Referenced by EnumEventsThread().

◆ GetEventMessage()

BOOL GetEventMessage ( IN LPCWSTR  KeyName,
IN LPCWSTR  SourceName,
IN PEVENTLOGRECORD  pevlr,
OUT PWCHAR  EventText 
)

Definition at line 1654 of file eventvwr.c.

1658 {
1659  BOOL Success = FALSE;
1660  DWORD i;
1661  size_t cch;
1662  WCHAR SourceModuleName[1024];
1663  WCHAR ParameterModuleName[1024];
1664  BOOL IsParamModNameCached = FALSE;
1665  LPWSTR lpMsgBuf = NULL;
1666  LPWSTR szStringArray, szMessage;
1667  LPWSTR *szArguments;
1668 
1669  /* Get the event string array */
1670  szStringArray = (LPWSTR)((LPBYTE)pevlr + pevlr->StringOffset);
1671 
1672  /* NOTE: GetEventMessageFileDLL can return a comma-separated list of DLLs */
1673  if (!GetEventMessageFileDLL(KeyName, SourceName, EVENT_MESSAGE_FILE, SourceModuleName))
1674  goto Quit;
1675 
1676  /* Allocate space for insertion strings */
1677  szArguments = HeapAlloc(GetProcessHeap(), 0, pevlr->NumStrings * sizeof(LPVOID));
1678  if (!szArguments)
1679  goto Quit;
1680 
1681  if (!IsParamModNameCached)
1682  {
1683  /* Now that the parameter file list is loaded, no need to reload it at the next run! */
1684  IsParamModNameCached = GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName);
1685  // FIXME: If the string loading failed the first time, no need to retry it just after???
1686  }
1687 
1688  if (IsParamModNameCached)
1689  {
1690  /* Not yet support for reading messages from parameter message DLL */
1691  }
1692 
1693  szMessage = szStringArray;
1694  /*
1695  * HACK:
1696  * We do some hackish preformatting of the cached event strings...
1697  * That's because after we pass the string to FormatMessage
1698  * (via GetMessageStringFromDllList) with the FORMAT_MESSAGE_ARGUMENT_ARRAY
1699  * flag, instead of ignoring the insertion parameters and do the formatting
1700  * by ourselves. Therefore, the resulting string should have the parameter
1701  * string placeholders starting with a single '%' instead of a mix of one
1702  * and two '%'.
1703  */
1704  /* HACK part 1: Compute the full length of the string array */
1705  cch = 0;
1706  for (i = 0; i < pevlr->NumStrings; i++)
1707  {
1708  szMessage += wcslen(szMessage) + 1;
1709  }
1710  cch = szMessage - szStringArray;
1711 
1712  /* HACK part 2: Now do the HACK proper! */
1713  szMessage = szStringArray;
1714  for (i = 0; i < pevlr->NumStrings; i++)
1715  {
1716  lpMsgBuf = szMessage;
1717  while ((lpMsgBuf = wcsstr(lpMsgBuf, L"%%")))
1718  {
1719  if (iswdigit(lpMsgBuf[2]))
1720  {
1721  RtlMoveMemory(lpMsgBuf, lpMsgBuf+1, ((szStringArray + cch) - lpMsgBuf - 1) * sizeof(WCHAR));
1722  }
1723  }
1724 
1725  szArguments[i] = szMessage;
1726  szMessage += wcslen(szMessage) + 1;
1727  }
1728 
1729  /* Retrieve the message string without appending extra newlines */
1730  lpMsgBuf =
1731  GetMessageStringFromDllList(SourceModuleName,
1734  pevlr->EventID,
1735  0,
1736  (va_list*)szArguments);
1737  if (lpMsgBuf)
1738  {
1739  /* Trim the string */
1740  TrimNulls(lpMsgBuf);
1741 
1742  szMessage = NULL;
1743  Success = (ApplyParameterStringsToMessage(ParameterModuleName,
1744  TRUE,
1745  lpMsgBuf,
1746  &szMessage) == ERROR_SUCCESS);
1747  if (Success && szMessage)
1748  {
1749  /* Free the buffer allocated by FormatMessage */
1750  LocalFree(lpMsgBuf);
1751  lpMsgBuf = szMessage;
1752  }
1753 
1754  /* Copy the event text */
1755  StringCchCopyW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf);
1756 
1757  /* Free the buffer allocated by FormatMessage */
1758  LocalFree(lpMsgBuf);
1759  }
1760 
1761  HeapFree(GetProcessHeap(), 0, szArguments);
1762 
1763 Quit:
1764  if (!Success)
1765  {
1766  /* Get a read-only pointer to the "event-not-found" string */
1767  lpMsgBuf = HeapAlloc(GetProcessHeap(), 0, EVENT_MESSAGE_EVENTTEXT_BUFFER * sizeof(WCHAR));
1769  StringCchPrintfW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf, (pevlr->EventID & 0xFFFF), SourceName);
1770 
1771  /* Append the strings */
1772  szMessage = szStringArray;
1773  for (i = 0; i < pevlr->NumStrings; i++)
1774  {
1775  StringCchCatW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, szMessage);
1777  szMessage += wcslen(szMessage) + 1;
1778  }
1779  }
1780 
1781  return Success;
1782 }
void TrimNulls(LPWSTR s)
Definition: eventvwr.c:1456
#define FORMAT_MESSAGE_MAX_WIDTH_MASK
Definition: winbase.h:422
#define ERROR_SUCCESS
Definition: deptool.c:10
#define TRUE
Definition: types.h:120
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:421
#define iswdigit(_c)
Definition: ctype.h:667
#define EVENT_PARAMETER_MESSAGE_FILE
Definition: eventvwr.c:60
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
HINSTANCE hInst
Definition: eventvwr.c:67
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:325
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
DWORD ApplyParameterStringsToMessage(IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
Definition: eventvwr.c:918
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:416
char * va_list
Definition: acmsvcex.h:78
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:419
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned long DWORD
Definition: ntddk_ex.h:95
static const WCHAR L[]
Definition: oid.c:1250
#define EVENT_MESSAGE_EVENTTEXT_BUFFER
Definition: eventvwr.c:55
#define IDS_EVENTSTRINGIDNOTFOUND
Definition: resource.h:97
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define EVENT_MESSAGE_FILE
Definition: eventvwr.c:59
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1543
WCHAR * LPWSTR
Definition: xmlstorage.h:184
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:857
IN PCTCH IN DWORD cch
Definition: pager.h:36
#define HeapFree(x, y, z)
Definition: compat.h:594

Referenced by DisplayEvent().

◆ GetEventMessageFileDLL()

BOOL GetEventMessageFileDLL ( IN LPCWSTR  lpLogName,
IN LPCWSTR  SourceName,
IN LPCWSTR  EntryName,
OUT PWCHAR  lpModuleName 
)

Definition at line 1543 of file eventvwr.c.

1547 {
1548  BOOL Success = FALSE;
1549  LONG Result;
1550  DWORD dwType, dwSize;
1552  WCHAR szKeyName[MAX_PATH];
1553  HKEY hLogKey = NULL;
1554  HKEY hSourceKey = NULL;
1555 
1556  StringCbCopyW(szKeyName, sizeof(szKeyName), EVENTLOG_BASE_KEY);
1557  StringCbCatW(szKeyName, sizeof(szKeyName), lpLogName);
1558 
1560  szKeyName,
1561  0,
1562  KEY_READ,
1563  &hLogKey);
1564  if (Result != ERROR_SUCCESS)
1565  return FALSE;
1566 
1567  Result = RegOpenKeyExW(hLogKey,
1568  SourceName,
1569  0,
1571  &hSourceKey);
1572  if (Result != ERROR_SUCCESS)
1573  {
1574  RegCloseKey(hLogKey);
1575  return FALSE;
1576  }
1577 
1578  dwSize = sizeof(szModuleName);
1579  Result = RegQueryValueExW(hSourceKey,
1580  EntryName,
1581  NULL,
1582  &dwType,
1584  &dwSize);
1585  if ((Result != ERROR_SUCCESS) || (dwType != REG_EXPAND_SZ && dwType != REG_SZ))
1586  {
1588  }
1589  else
1590  {
1591  /* NULL-terminate the string and expand it */
1592  szModuleName[dwSize / sizeof(WCHAR) - 1] = UNICODE_NULL;
1594  Success = TRUE;
1595  }
1596 
1597  RegCloseKey(hSourceKey);
1598  RegCloseKey(hLogKey);
1599 
1600  return Success;
1601 }
#define ERROR_SUCCESS
Definition: deptool.c:10
#define KEY_READ
Definition: nt_native.h:1023
#define TRUE
Definition: types.h:120
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
HKEY hkMachine
Definition: eventvwr.c:97
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
long LONG
Definition: pedump.c:60
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1470
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4116
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
unsigned long DWORD
Definition: ntddk_ex.h:95
static const LPCWSTR EVENTLOG_BASE_KEY
Definition: eventvwr.c:43
LPWSTR lpComputerName
Definition: eventvwr.c:93
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define REG_EXPAND_SZ
Definition: nt_native.h:1494
#define NULL
Definition: types.h:112
WCHAR SourceName[256]
Definition: arping.c:28
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366
LPCWSTR LPCWSTR szModuleName
Definition: env.c:37
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
#define REG_SZ
Definition: layer.c:22

Referenced by GetEventCategory(), and GetEventMessage().

◆ GetEventType()

VOID GetEventType ( IN WORD  dwEventType,
OUT PWCHAR  eventTypeText 
)

Definition at line 1785 of file eventvwr.c.

1787 {
1788  switch (dwEventType)
1789  {
1790  case EVENTLOG_ERROR_TYPE:
1792  break;
1793  case EVENTLOG_WARNING_TYPE:
1795  break;
1798  break;
1799  case EVENTLOG_SUCCESS:
1801  break;
1804  break;
1807  break;
1808  default:
1810  break;
1811  }
1812 }
#define MAX_LOADSTRING
Definition: eventvwr.c:62
#define IDS_EVENTLOG_ERROR_TYPE
Definition: resource.h:103
#define IDS_EVENTLOG_INFORMATION_TYPE
Definition: resource.h:105
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
#define IDS_EVENTLOG_UNKNOWN_TYPE
Definition: resource.h:109
HINSTANCE hInst
Definition: eventvwr.c:67
#define IDS_EVENTLOG_SUCCESS
Definition: resource.h:108
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2754
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2758
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2753
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2756
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2755
#define IDS_EVENTLOG_AUDIT_FAILURE
Definition: resource.h:107
#define IDS_EVENTLOG_WARNING_TYPE
Definition: resource.h:104
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2757
#define IDS_EVENTLOG_AUDIT_SUCCESS
Definition: resource.h:106

Referenced by EnumEventsThread().

◆ GetEventUserName()

BOOL GetEventUserName ( IN PEVENTLOGRECORD  pelr,
IN OUT PSID pLastSid,
OUT PWCHAR  pszUser 
)

Definition at line 1815 of file eventvwr.c.

1818 {
1819  PSID pCurrentSid;
1820  PWSTR StringSid;
1821  WCHAR szName[1024];
1822  WCHAR szDomain[1024];
1825  DWORD cchDomain = ARRAYSIZE(szDomain);
1826  BOOL Success = FALSE;
1827 
1828  /* Point to the SID */
1829  pCurrentSid = (PSID)((LPBYTE)pelr + pelr->UserSidOffset);
1830 
1831  if (!IsValidSid(pCurrentSid))
1832  {
1833  *pLastSid = NULL;
1834  return FALSE;
1835  }
1836  else if (*pLastSid && EqualSid(*pLastSid, pCurrentSid))
1837  {
1838  return TRUE;
1839  }
1840 
1841  /* User SID */
1842  if (pelr->UserSidLength > 0)
1843  {
1844  /*
1845  * Try to retrieve the user account name and domain name corresponding
1846  * to the SID. If it cannot be retrieved, try to convert the SID to a
1847  * string-form. It should not be bigger than the user-provided buffer
1848  * 'pszUser', otherwise we return an error.
1849  */
1851  pCurrentSid,
1852  szName,
1853  &cchName,
1854  szDomain,
1855  &cchDomain,
1856  &peUse))
1857  {
1858  StringCchCopyW(pszUser, MAX_PATH, szName);
1859  Success = TRUE;
1860  }
1861  else if (ConvertSidToStringSidW(pCurrentSid, &StringSid))
1862  {
1863  /* Copy the string only if the user-provided buffer is big enough */
1864  if (wcslen(StringSid) + 1 <= MAX_PATH) // + 1 for NULL-terminator
1865  {
1866  StringCchCopyW(pszUser, MAX_PATH, StringSid);
1867  Success = TRUE;
1868  }
1869  else
1870  {
1872  Success = FALSE;
1873  }
1874 
1875  /* Free the allocated buffer */
1876  LocalFree(StringSid);
1877  }
1878  }
1879 
1880  *pLastSid = Success ? pCurrentSid : NULL;
1881 
1882  return Success;
1883 }
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2723
enum _SID_NAME_USE SID_NAME_USE
#define TRUE
Definition: types.h:120
uint16_t * PWSTR
Definition: typedefs.h:56
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3259
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2745
unsigned char * LPBYTE
Definition: typedefs.h:53
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define MAX_PATH
Definition: compat.h:34
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:611
struct _SID * PSID
Definition: eventlog.c:35
LPWSTR lpComputerName
Definition: eventvwr.c:93
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define NULL
Definition: types.h:112
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
static const WCHAR szName[]
Definition: msipriv.h:1194
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:698

Referenced by EnumEventsThread().

◆ GetExpandedFilePathName()

DWORD GetExpandedFilePathName ( IN LPCWSTR ComputerName  OPTIONAL,
IN LPCWSTR  lpFileName,
OUT LPWSTR lpFullFileName  OPTIONAL,
IN DWORD  nSize 
)

Definition at line 1470 of file eventvwr.c.

1475 {
1476  SIZE_T dwLength;
1477 
1478  /* Determine the needed size after expansion of any environment strings */
1480  if (dwLength == 0)
1481  {
1482  /* We failed, bail out */
1483  return 0;
1484  }
1485 
1486  /* If the file path is on a remote computer, estimate its length */
1487  // FIXME: Use WNetGetUniversalName instead?
1488  if (ComputerName && *ComputerName)
1489  {
1490  /* Skip any leading backslashes */
1491  while (*ComputerName == L'\\')
1492  ++ComputerName;
1493 
1494  if (*ComputerName)
1495  {
1496  /* Count 2 backslashes plus the computer name and one backslash separator */
1497  dwLength += 2 + wcslen(ComputerName) + 1;
1498  }
1499  }
1500 
1501  /* Check whether we have enough space */
1502  if (dwLength > nSize)
1503  {
1504  /* No, return the needed size in characters (includes NULL-terminator) */
1505  return dwLength;
1506  }
1507 
1508 
1509  /* Now expand the file path */
1510  ASSERT(dwLength <= nSize);
1511 
1512  /* Expand any existing environment strings */
1513  if (ExpandEnvironmentStringsW(lpFileName, lpFullFileName, dwLength) == 0)
1514  {
1515  /* We failed, bail out */
1516  return 0;
1517  }
1518 
1519  /* If the file path is on a remote computer, retrieve the network share form of the file name */
1520  // FIXME: Use WNetGetUniversalName instead?
1521  if (ComputerName && *ComputerName)
1522  {
1523  /* Note that we previously skipped any potential leading backslashes */
1524 
1525  /* Replace ':' by '$' in the drive letter */
1526  if (*lpFullFileName && lpFullFileName[1] == L':')
1527  lpFullFileName[1] = L'$';
1528 
1529  /* Prepend the computer name */
1530  RtlMoveMemory(lpFullFileName + 2 + wcslen(ComputerName) + 1,
1531  lpFullFileName, dwLength * sizeof(WCHAR) - (2 + wcslen(ComputerName) + 1) * sizeof(WCHAR));
1532  lpFullFileName[0] = L'\\';
1533  lpFullFileName[1] = L'\\';
1534  wcsncpy(lpFullFileName + 2, ComputerName, wcslen(ComputerName));
1535  lpFullFileName[2 + wcslen(ComputerName)] = L'\\';
1536  }
1537 
1538  /* Return the number of stored characters (includes NULL-terminator) */
1539  return dwLength;
1540 }
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2053
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264
#define ASSERT(a)
Definition: mode.c:44
__wchar_t WCHAR
Definition: xmlstorage.h:180
static DWORD DWORD * dwLength
Definition: fusion.c:85
static const WCHAR L[]
Definition: oid.c:1250
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
#define NULL
Definition: types.h:112
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
_In_ LPCSTR lpFileName
Definition: winbase.h:3050

Referenced by GetDisplayNameFileAndID(), GetEventMessageFileDLL(), and InitPropertiesDlg().

◆ GetFileTimeString()

BOOL GetFileTimeString ( LPFILETIME  lpFileTime,
LPWSTR  pwszResult,
UINT  cchResult 
)

Definition at line 1233 of file eventvwr.c.

1234 {
1235  FILETIME ft;
1236  SYSTEMTIME st;
1237  int cchWritten;
1238  UINT cchRemaining = cchResult;
1239  size_t cchCopyRemaining;
1240  LPWSTR pwszEnd = pwszResult;
1241 
1242  if (!FileTimeToLocalFileTime(lpFileTime, &ft) || !FileTimeToSystemTime(&ft, &st))
1243  return FALSE;
1244 
1245  cchWritten = GetDateFormatW(LOCALE_USER_DEFAULT, DATE_LONGDATE, &st, NULL, pwszEnd, cchRemaining);
1246  if (cchWritten)
1247  --cchWritten; // GetDateFormatW returns count with terminating zero
1248  // else
1249  // ERR("GetDateFormatW failed\n");
1250 
1251  cchRemaining -= cchWritten;
1252  pwszEnd += cchWritten;
1253 
1254  StringCchCopyExW(pwszEnd, cchRemaining, L", ", &pwszEnd, &cchCopyRemaining, 0);
1255  cchRemaining = (UINT)cchCopyRemaining;
1256 
1257  cchWritten = GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &st, NULL, pwszEnd, cchRemaining);
1258  if (cchWritten)
1259  --cchWritten; // GetTimeFormatW returns count with terminating zero
1260  // else
1261  // ERR("GetTimeFormatW failed\n");
1262 
1263  return TRUE;
1264 }
#define TRUE
Definition: types.h:120
#define LOCALE_USER_DEFAULT
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:221
#define FALSE
Definition: types.h:117
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:188
static const WCHAR L[]
Definition: oid.c:1250
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:979
#define DATE_LONGDATE
Definition: winnls.h:197
unsigned int UINT
Definition: ndis.h:50
#define NULL
Definition: types.h:112
WCHAR * LPWSTR
Definition: xmlstorage.h:184
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1079

Referenced by InitPropertiesDlg().

◆ GetMessageStringFromDll()

LPWSTR GetMessageStringFromDll ( IN LPCWSTR  lpMessageDll,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 753 of file eventvwr.c.

759 {
761  DWORD dwLength;
762  LPWSTR lpMsgBuf = NULL;
763 
764  hLibrary = LoadLibraryExW(lpMessageDll, NULL,
765  /* LOAD_LIBRARY_AS_IMAGE_RESOURCE | */ LOAD_LIBRARY_AS_DATAFILE);
766  if (hLibrary == NULL)
767  return NULL;
768 
769  /* Sanitize dwFlags */
772 
773  _SEH2_TRY
774  {
775  /*
776  * Retrieve the message string without appending extra newlines.
777  * Wrap in SEH to protect from invalid string parameters.
778  */
779  _SEH2_TRY
780  {
782  /* FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE |
783  FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, */
784  hLibrary,
785  dwMessageId,
787  (LPWSTR)&lpMsgBuf,
788  nSize,
789  Arguments);
790  }
792  {
793  dwLength = 0;
794 
795  /*
796  * An exception occurred while calling FormatMessage, this is usually
797  * the sign that a parameter was invalid, either 'lpMsgBuf' was NULL
798  * but we did not pass the flag FORMAT_MESSAGE_ALLOCATE_BUFFER, or the
799  * array pointer 'Arguments' was NULL or did not contain enough elements,
800  * and we did not pass the flag FORMAT_MESSAGE_IGNORE_INSERTS, and the
801  * message string expected too many inserts.
802  * In this last case only, we can call again FormatMessage but ignore
803  * explicitly the inserts. The string that we will return to the user
804  * will not be pre-formatted.
805  */
806  if (((dwFlags & FORMAT_MESSAGE_ALLOCATE_BUFFER) || lpMsgBuf) &&
808  {
809  /* Remove any possible harmful flags and always ignore inserts */
812 
813  /* If this call also throws an exception, we are really dead */
815  hLibrary,
816  dwMessageId,
818  (LPWSTR)&lpMsgBuf,
819  nSize,
820  NULL /* Arguments */);
821  }
822  }
823  _SEH2_END;
824  }
826  {
828  }
829  _SEH2_END;
830 
831  if (dwLength == 0)
832  {
833  ASSERT(lpMsgBuf == NULL);
834  lpMsgBuf = NULL;
835  }
836  else
837  {
838  LPWSTR ptr;
839 
840  ASSERT(lpMsgBuf);
841 
842  /* Trim any trailing whitespace */
843  ptr = lpMsgBuf + dwLength - 1;
844  while (iswspace(*ptr))
845  *ptr-- = UNICODE_NULL;
846  }
847 
848  return lpMsgBuf;
849 }
#define FORMAT_MESSAGE_ARGUMENT_ARRAY
Definition: winbase.h:421
#define FORMAT_MESSAGE_FROM_STRING
Definition: winbase.h:418
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
Definition: loader.c:288
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2053
DWORD WINAPI FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, __ms_va_list *args)
Definition: format_msg.c:583
_SEH2_TRY
Definition: create.c:4226
#define UNICODE_NULL
static PVOID ptr
Definition: dispmode.c:27
#define FORMAT_MESSAGE_ALLOCATE_BUFFER
Definition: winbase.h:416
#define FORMAT_MESSAGE_FROM_HMODULE
Definition: winbase.h:419
#define FreeLibrary(x)
Definition: compat.h:607
#define ASSERT(a)
Definition: mode.c:44
static DWORD DWORD * dwLength
Definition: fusion.c:85
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned long DWORD
Definition: ntddk_ex.h:95
#define iswspace(_c)
Definition: ctype.h:669
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
HMODULE hLibrary
Definition: odbccp32.c:12
#define LOAD_LIBRARY_AS_DATAFILE
Definition: winbase.h:339
#define FORMAT_MESSAGE_IGNORE_INSERTS
Definition: winbase.h:417
_SEH2_END
Definition: create.c:4400
_SEH2_FINALLY
Definition: create.c:4371
#define NULL
Definition: types.h:112
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define LANG_USER_DEFAULT
Definition: tnerror.cpp:50

Referenced by BuildLogListAndFilterList(), and GetMessageStringFromDllList().

◆ GetMessageStringFromDllList()

LPWSTR GetMessageStringFromDllList ( IN LPCWSTR  lpMessageDllList,
IN DWORD  dwFlags,
IN DWORD  dwMessageId,
IN DWORD  nSize,
IN va_list *Arguments  OPTIONAL 
)

Definition at line 857 of file eventvwr.c.

863 {
864  BOOL Success = FALSE;
865  SIZE_T cbLength;
866  LPWSTR szMessageDllList;
867  LPWSTR szDll;
868  LPWSTR lpMsgBuf = NULL;
869 
870  /* Allocate a local buffer for the DLL list that can be tokenized */
871  // TODO: Optimize that!! Maybe we can cleverly use lpMessageDllList in read/write mode
872  // and cleverly temporarily replace the ';' by UNICODE_NULL, do our job, then reverse the change.
873  cbLength = (wcslen(lpMessageDllList) + 1) * sizeof(WCHAR);
874  szMessageDllList = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbLength);
875  if (!szMessageDllList)
876  return NULL;
877  RtlCopyMemory(szMessageDllList, lpMessageDllList, cbLength);
878 
879  /* Loop through the list of message DLLs */
880  szDll = wcstok(szMessageDllList, EVENT_DLL_SEPARATOR);
881  while ((szDll != NULL) && !Success)
882  {
883  // Uses LANG_USER_DEFAULT
884  lpMsgBuf = GetMessageStringFromDll(szDll,
885  dwFlags,
886  dwMessageId,
887  nSize,
888  Arguments);
889  if (lpMsgBuf)
890  {
891  /* The ID was found and the message was formatted */
892  Success = TRUE;
893  break;
894  }
895 
896  /*
897  * The DLL could not be loaded, or the message could not be found,
898  * try the next DLL, if any.
899  */
900  szDll = wcstok(NULL, EVENT_DLL_SEPARATOR);
901  }
902 
903  HeapFree(GetProcessHeap(), 0, szMessageDllList);
904 
905  return lpMsgBuf;
906 }
#define TRUE
Definition: types.h:120
*nSize LPSTR _Inout_ LPDWORD nSize
Definition: winbase.h:2053
_Check_return_ _CRTIMP wchar_t *__cdecl wcstok(_Inout_opt_z_ wchar_t *_Str, _In_z_ const wchar_t *_Delim)
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:753
#define EVENT_DLL_SEPARATOR
Definition: eventvwr.c:57
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
#define GetProcessHeap()
Definition: compat.h:595
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
__wchar_t WCHAR
Definition: xmlstorage.h:180
_In_ PCCERT_CONTEXT _In_ DWORD dwFlags
Definition: wincrypt.h:1175
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
WCHAR * LPWSTR
Definition: xmlstorage.h:184
#define HeapFree(x, y, z)
Definition: compat.h:594

Referenced by ApplyParameterStringsToMessage(), GetEventCategory(), and GetEventMessage().

◆ GetSelectedFilter()

PEVENTLOGFILTER GetSelectedFilter ( OUT HTREEITEM *phti  OPTIONAL)

Definition at line 2447 of file eventvwr.c.

2448 {
2449  TVITEMEXW tvItemEx;
2450  HTREEITEM hti;
2451 
2452  if (phti)
2453  *phti = NULL;
2454 
2455  /* Get index of selected item */
2457  if (hti == NULL)
2458  return NULL; // No filter
2459 
2460  tvItemEx.mask = TVIF_PARAM;
2461  tvItemEx.hItem = hti;
2462 
2463  TreeView_GetItem(hwndTreeView, &tvItemEx);
2464 
2465  if (phti)
2466  *phti = tvItemEx.hItem;
2467 
2468  return (PEVENTLOGFILTER)tvItemEx.lParam;
2469 }
LPARAM lParam
Definition: commctrl.h:3355
#define TreeView_GetSelection(hwnd)
Definition: commctrl.h:3473
HWND hwndTreeView
Definition: eventvwr.c:84
HTREEITEM hItem
Definition: commctrl.h:3347
#define NULL
Definition: types.h:112
#define TVIF_PARAM
Definition: commctrl.h:3268
#define TreeView_GetItem(hwnd, pitem)
Definition: commctrl.h:3490

Referenced by EventLogPropProc(), and WndProc().

◆ InitInstance()

BOOL InitInstance ( HINSTANCE  hInstance)

Definition at line 3048 of file eventvwr.c.

3049 {
3050  RECT rcClient, rs;
3051  LONG StatusHeight;
3052  HIMAGELIST hSmall;
3053  LVCOLUMNW lvc = {0};
3054  WCHAR szTemp[256];
3055 
3056  /* Create the main window */
3057  rs = Settings.wpPos.rcNormalPosition;
3059  szTitle,
3061  rs.left, rs.top,
3062  (rs.right != CW_USEDEFAULT && rs.left != CW_USEDEFAULT) ? rs.right - rs.left : CW_USEDEFAULT,
3063  (rs.bottom != CW_USEDEFAULT && rs.top != CW_USEDEFAULT) ? rs.bottom - rs.top : CW_USEDEFAULT,
3064  NULL,
3065  NULL,
3066  hInstance,
3067  NULL);
3068  if (!hwndMainWindow)
3069  return FALSE;
3070 
3071  /* Create the status bar */
3072  hwndStatus = CreateWindowExW(0, // no extended styles
3073  STATUSCLASSNAMEW, // status bar
3074  L"", // no text
3075  WS_CHILD | WS_VISIBLE | CCS_BOTTOM | SBARS_SIZEGRIP, // styles
3076  0, 0, 0, 0, // x, y, cx, cy
3077  hwndMainWindow, // parent window
3078  (HMENU)100, // window ID
3079  hInstance, // instance
3080  NULL); // window data
3081 
3082  GetClientRect(hwndMainWindow, &rcClient);
3083  GetWindowRect(hwndStatus, &rs);
3084  StatusHeight = rs.bottom - rs.top;
3085 
3086  /* Create a progress bar in the status bar (hidden by default) */
3088  hwndStatusProgress = CreateWindowExW(0, // no extended styles
3089  PROGRESS_CLASSW, // status bar
3090  NULL, // no text
3091  WS_CHILD | PBS_SMOOTH, // styles
3092  rs.left, rs.top, // x, y
3093  rs.right - rs.left, rs.bottom - rs.top, // cx, cy
3094  hwndStatus, // parent window
3095  NULL, // window ID
3096  hInstance, // instance
3097  NULL); // window data
3098  /* Remove its static edge */
3102 
3103  /* Initialize the splitter default positions */
3104  nVSplitPos = Settings.nVSplitPos;
3105  nHSplitPos = Settings.nHSplitPos;
3106 
3107  /* Create the TreeView */
3109  WC_TREEVIEWW,
3110  NULL,
3111  // WS_CHILD | WS_VISIBLE | TVS_HASLINES | TVS_SHOWSELALWAYS,
3113  0, 0,
3114  nVSplitPos - SPLIT_WIDTH/2,
3115  (rcClient.bottom - rcClient.top) - StatusHeight,
3117  NULL,
3118  hInstance,
3119  NULL);
3120 
3121  /* Create the ImageList */
3124  ILC_COLOR32 | ILC_MASK, // ILC_COLOR24
3125  1, 1);
3126 
3127  /* Add event type icons to the ImageList: closed/opened folder, event log (normal/viewed) */
3132 
3133  /* Assign the ImageList to the Tree View */
3135 
3136  /* Add the event logs nodes */
3137  // "System Logs"
3140  // "Application Logs"
3141  LoadStringW(hInstance, IDS_EVENTLOG_APP, szTemp, ARRAYSIZE(szTemp));
3142  htiAppLogs = TreeViewAddItem(hwndTreeView, NULL, szTemp, 0, 1, (LPARAM)NULL);
3143  // "User Logs"
3144  LoadStringW(hInstance, IDS_EVENTLOG_USER, szTemp, ARRAYSIZE(szTemp));
3146 
3147  /* Create the Event details pane (optional) */
3149  if (hwndEventDetails)
3150  {
3154  nVSplitPos + SPLIT_WIDTH/2,
3155  nHSplitPos + SPLIT_WIDTH/2,
3156  (rcClient.right - rcClient.left) - nVSplitPos - SPLIT_WIDTH/2,
3157  (rcClient.bottom - rcClient.top) - nHSplitPos - SPLIT_WIDTH/2 - StatusHeight,
3159  }
3160 
3161  /* Create the ListView */
3163  WC_LISTVIEWW,
3164  NULL,
3165