#include "eventvwr.h"#include "evtdetctl.h"#include <sddl.h>#include <shellapi.h>#include <shlwapi.h>#include <pseh/pseh2.h>
Include dependency graph for eventvwr.c:
Go to the source code of this file.
Classes | |
| struct | _SETTINGS |
| struct | param_strings_format_data |
Macros | |
| #define | LVM_PROGRESS (WM_APP + 1) |
| #define | EVENT_MESSAGE_EVENTTEXT_BUFFER (1024*10) |
| #define | EVENT_MESSAGE_FILE_BUFFER (1024*10) |
| #define | EVENT_DLL_SEPARATOR L";" |
| #define | EVENT_CATEGORY_MESSAGE_FILE L"CategoryMessageFile" |
| #define | EVENT_MESSAGE_FILE L"EventMessageFile" |
| #define | EVENT_PARAMETER_MESSAGE_FILE L"ParameterMessageFile" |
| #define | MAX_LOADSTRING 255 |
| #define | SPLIT_WIDTH 4 |
Typedefs | |
| typedef struct _SETTINGS | SETTINGS |
| typedef struct _SETTINGS * | PSETTINGS |
Macro Definition Documentation
◆ EVENT_CATEGORY_MESSAGE_FILE
| #define EVENT_CATEGORY_MESSAGE_FILE L"CategoryMessageFile" |
Definition at line 39 of file eventvwr.c.
◆ EVENT_DLL_SEPARATOR
| #define EVENT_DLL_SEPARATOR L";" |
Definition at line 38 of file eventvwr.c.
◆ EVENT_MESSAGE_EVENTTEXT_BUFFER
| #define EVENT_MESSAGE_EVENTTEXT_BUFFER (1024*10) |
Definition at line 36 of file eventvwr.c.
◆ EVENT_MESSAGE_FILE
| #define EVENT_MESSAGE_FILE L"EventMessageFile" |
Definition at line 40 of file eventvwr.c.
◆ EVENT_MESSAGE_FILE_BUFFER
| #define EVENT_MESSAGE_FILE_BUFFER (1024*10) |
Definition at line 37 of file eventvwr.c.
◆ EVENT_PARAMETER_MESSAGE_FILE
| #define EVENT_PARAMETER_MESSAGE_FILE L"ParameterMessageFile" |
Definition at line 41 of file eventvwr.c.
◆ LVM_PROGRESS
Definition at line 21 of file eventvwr.c.
◆ MAX_LOADSTRING
| #define MAX_LOADSTRING 255 |
Definition at line 43 of file eventvwr.c.
◆ SPLIT_WIDTH
| #define SPLIT_WIDTH 4 |
Definition at line 45 of file eventvwr.c.
Typedef Documentation
◆ PSETTINGS
◆ SETTINGS
Function Documentation
◆ AllocAndCopyMultiStr()
Definition at line 1338 of file eventvwr.c.
1339{
1340 PWSTR pStr;
1342
1343 if (!MultiStr)
1345
1346 pStr = (PWSTR)MultiStr;
1348 Length = MultiStr - pStr + 2;
1349
1351 // NOTE: If we failed allocating the string, then fall back into no filter!
1352 if (pStr)
1354
1355 return pStr;
1356}
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
Referenced by AllocEventLogFilter().
◆ AllocEventLog()
Definition at line 1283 of file eventvwr.c.
1286{
1287 PEVENTLOG EventLog;
1289
1290 /* Allocate a new event log entry */
1292 if (!EventLog)
1294
1295 /* Allocate the computer name string (optional) and copy it */
1296 if (ComputerName)
1297 {
1302 }
1303
1304 /* Allocate the event log name string and copy it */
1308 {
1313 }
1315
1316 EventLog->Permanent = Permanent;
1317
1318 return EventLog;
1319}
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:149
Definition: eventvwr.h:85
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2767
Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().
◆ AllocEventLogFilter()
| PEVENTLOGFILTER AllocEventLogFilter | ( | IN BOOL | Information, |
| IN BOOL | Warning, | ||
| IN BOOL | Error, | ||
| IN BOOL | AuditSuccess, | ||
| IN BOOL | AuditFailure, | ||
| IN PCWSTR Sources | OPTIONAL, | ||
| IN PCWSTR Users | OPTIONAL, | ||
| IN PCWSTR ComputerNames | OPTIONAL, | ||
| IN ULONG | NumOfEventLogs, | ||
| IN PEVENTLOG * | EventLogs | ||
| ) |
Definition at line 1359 of file eventvwr.c.
1370{
1371 PEVENTLOGFILTER EventLogFilter;
1372
1373 /* Allocate a new event log filter entry, big enough to accommodate the list of logs */
1375 HEAP_ZERO_MEMORY,
1377 if (!EventLogFilter)
1379
1381 EventLogFilter->Warning = Warning;
1383 EventLogFilter->AuditSuccess = AuditSuccess;
1384 EventLogFilter->AuditFailure = AuditFailure;
1385
1386 /* Allocate and copy the sources, users, and computers multi-strings */
1390
1391 /* Copy the list of event logs */
1392 EventLogFilter->NumOfEventLogs = NumOfEventLogs;
1394
1395 /* Initialize the filter reference count */
1396 EventLogFilter->ReferenceCount = 1;
1397
1398 return EventLogFilter;
1399}
PWSTR AllocAndCopyMultiStr(IN PCWSTR MultiStr OPTIONAL)
Definition: eventvwr.c:1338
Definition: eventvwr.h:106
Referenced by BuildLogListAndFilterList(), and OpenUserEventLogFile().
◆ ApplyParameterStringsToMessage()
| DWORD ApplyParameterStringsToMessage | ( | IN LPCWSTR | lpMessageDllList, |
| IN BOOL | bMessagePreFormatted, | ||
| IN CONST LPCWSTR | pMessage, | ||
| OUT LPWSTR * | pFinalMessage | ||
| ) |
Definition at line 903 of file eventvwr.c.
908{
909 /*
910 * This code is heavily adapted from the MSDN example:
911 * https://msdn.microsoft.com/en-us/library/windows/desktop/bb427356.aspx
912 * with bugs removed.
913 */
914
918 size_t cchParams = 0; // Number of characters in all the parameter strings
921 param_strings_format_data* pParamData = NULL; // Array of pointers holding information about each parameter string in pMessage
924
925 *pFinalMessage = NULL;
926
927 /* Determine the number of parameter insertion strings in pMessage */
928 if (bMessagePreFormatted)
929 {
931 {
932 pTempMessage++;
934 {
935 dwParamCount++;
937 }
938 }
939 }
940 else
941 {
943 {
944 pTempMessage += 2;
946 {
947 dwParamCount++;
949 }
950 }
951 }
952
953 /* If there are no parameter insertion strings in pMessage, just return */
954 if (dwParamCount == 0)
955 {
956 // *pFinalMessage = NULL;
958 }
959
960 /* Allocate the array of parameter string format data */
961 pParamData = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwParamCount * sizeof(param_strings_format_data));
962 if (!pParamData)
963 {
966 }
967
968 /*
969 * Retrieve each parameter in pMessage and the beginning and end of the
970 * insertion string, as well as the message identifier of the parameter.
971 */
972 pTempMessage = (LPWSTR)pMessage;
973 if (bMessagePreFormatted)
974 {
976 {
977 pTempMessage++;
979 {
982
984
986 i++;
987 }
988 }
989 }
990 else
991 {
993 {
994 pTempMessage += 2;
996 {
999
1001
1003 i++;
1004 }
1005 }
1006 }
1007
1008 /* Retrieve each parameter string */
1010 {
1011 // pParamData[i].pParameter = GetMessageString(pParamData[i].pParameterID, 0, NULL);
1013 GetMessageStringFromDllList(lpMessageDllList,
1016 pParamData[i].pParameterID,
1017 0, NULL);
1019 {
1020 /* Skip the insertion string */
1021 continue;
1022 }
1023
1025 }
1026
1027 /*
1028 * Allocate the final message buffer, the size of which is based on the
1029 * length of the original message and the length of each parameter string.
1030 */
1033 if (!*pFinalMessage)
1034 {
1037 }
1038
1039 pTempFinalMessage = *pFinalMessage;
1040
1041 /* Build the final message string */
1042 pTempMessage = (LPWSTR)pMessage;
1044 {
1045 /* Append the segment from pMessage */
1050 pTempFinalMessage += cch;
1051
1052 /* Append the parameter string */
1054 {
1057 }
1058 else
1059 {
1060 /*
1061 * We failed to retrieve the parameter string before, so just
1062 * place back the original string placeholder.
1063 */
1066 // cch = wcslen(pTempFinalMessage);
1067 }
1069 pTempFinalMessage += cch;
1070 }
1071
1072 /* Append the last segment from pMessage */
1074
1075Cleanup:
1076
1077 // if (Status != ERROR_SUCCESS)
1078 // *pFinalMessage = NULL;
1079
1080 if (pParamData)
1081 {
1083 {
1086 }
1087
1089 }
1090
1092}
LPWSTR GetMessageStringFromDllList(IN LPCWSTR lpMessageDllList, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:842
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_Check_return_ _CRTIMP long __cdecl _wtol(_In_z_ const wchar_t *_Str)
_CONST_RETURN wchar_t *__cdecl wcsstr(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_SubStr)
STRSAFEAPI StringCchCopyNW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, size_t cchToCopy)
Definition: strsafe.h:236
Definition: eventvwr.c:895
Referenced by GetEventMessage().
◆ BuildLogListAndFilterList()
Definition at line 2789 of file eventvwr.c.
2790{
2792 HKEY hEventLogKey, hLogKey;
2793 DWORD dwNumLogs = 0;
2794 DWORD dwIndex, dwMaxKeyLength;
2795 DWORD dwType;
2796 PEVENTLOG EventLog;
2797 PEVENTLOGFILTER EventLogFilter;
2800 DWORD lpcName;
2801 DWORD dwMessageID;
2804
2806 {
2807 /* We are connected to some other computer, close the old connection */
2810 }
2812 {
2813 /* Use the local computer registry */
2815 }
2816 else
2817 {
2818 /* Connect to the remote computer registry */
2821 {
2822 /* Connection failed, display a message and bail out */
2825 return;
2826 }
2827 }
2828
2829 /* Open the EventLog key */
2832 {
2833 return;
2834 }
2835
2836 /* Retrieve the number of event logs enumerated as registry keys */
2840 {
2841 goto Quit;
2842 }
2843 if (!dwNumLogs)
2844 goto Quit;
2845
2846 /* Take the NULL terminator into account */
2847 ++dwMaxKeyLength;
2848
2849 /* Allocate the temporary buffer */
2851 if (!LogName)
2852 goto Quit;
2853
2854 /* Enumerate and retrieve each event log name */
2855 for (dwIndex = 0; dwIndex < dwNumLogs; dwIndex++)
2856 {
2857 lpcName = dwMaxKeyLength;
2860 continue;
2861
2862 /* Take the NULL terminator into account */
2863 ++lpcName;
2864
2865 /* Allocate a new event log entry */
2868 continue;
2869
2870 /* Allocate a new event log filter entry for this event log */
2874 1, &EventLog);
2876 {
2877 EventLog_Free(EventLog);
2878 continue;
2879 }
2880
2881 /* Add the event log and the filter into their lists */
2884
2886
2887 /* Retrieve and cache the event log file */
2889 LogName,
2890 0,
2891 KEY_QUERY_VALUE,
2892 &hLogKey);
2894 {
2895 lpcName = 0;
2898 NULL,
2899 &dwType,
2900 NULL,
2901 &lpcName);
2903 {
2904 // Windows' EventLog uses some kind of default value, we do not.
2906 }
2907 else
2908 {
2912 {
2915 NULL,
2916 &dwType,
2918 &lpcName);
2920 {
2923 }
2924 else
2925 {
2927 }
2928 }
2929 }
2930
2931 RegCloseKey(hLogKey);
2932 }
2933
2934 /* Get the display name for the event log */
2936
2939 {
2940 /* Retrieve the message string without appending extra newlines */
2941 lpDisplayName =
2945 dwMessageID,
2946 0,
2947 NULL);
2948 }
2949
2950 /*
2951 * Select the correct tree root node, whether the log is a System
2952 * or an Application log. Default to Application log otherwise.
2953 */
2954 hRootNode = htiAppLogs;
2956 {
2957 /* Check whether the log name is part of the system logs */
2959 {
2960 hRootNode = htiSystemLogs;
2961 break;
2962 }
2963 }
2964
2967 2, 3, (LPARAM)EventLogFilter);
2968
2969 /* Try to get the default event log: "Application" */
2971 {
2972 hItemDefault = hItem;
2973 }
2974
2975 /* Free the buffer allocated by FormatMessage */
2978 }
2979
2981
2982Quit:
2983 RegCloseKey(hEventLogKey);
2984
2985 /* Select the default event log */
2986 if (hItemDefault)
2987 {
2988 // TreeView_Expand(hwndTreeView, hRootNode, TVE_EXPAND);
2991 }
2994
2995 return;
2996}
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3333
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
Definition: reg.c:2504
LONG WINAPI RegQueryInfoKeyW(HKEY hKey, LPWSTR lpClass, LPDWORD lpcClass, LPDWORD lpReserved, LPDWORD lpcSubKeys, LPDWORD lpcMaxSubKeyLen, LPDWORD lpcMaxClassLen, LPDWORD lpcValues, LPDWORD lpcMaxValueNameLen, LPDWORD lpcMaxValueLen, LPDWORD lpcbSecurityDescriptor, PFILETIME lpftLastWriteTime)
Definition: reg.c:3662
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4103
PEVENTLOG AllocEventLog(IN PCWSTR ComputerName OPTIONAL, IN PCWSTR LogName, IN BOOL Permanent)
Definition: eventvwr.c:1283
BOOL GetDisplayNameFileAndID(IN LPCWSTR lpLogName, OUT PWCHAR lpModuleName, OUT PDWORD pdwMessageID)
Definition: eventvwr.c:2709
LPWSTR GetMessageStringFromDll(IN LPCWSTR lpMessageDll, IN DWORD dwFlags, IN DWORD dwMessageId, IN DWORD nSize, IN va_list *Arguments OPTIONAL)
Definition: eventvwr.c:738
HTREEITEM TreeViewAddItem(IN HWND hTreeView, IN HTREEITEM hParent, IN LPWSTR lpText, IN INT Image, IN INT SelectedImage, IN LPARAM lParam)
Definition: eventvwr.c:1253
PEVENTLOGFILTER AllocEventLogFilter(IN BOOL Information, IN BOOL Warning, IN BOOL Error, IN BOOL AuditSuccess, IN BOOL AuditFailure, IN PCWSTR Sources OPTIONAL, IN PCWSTR Users OPTIONAL, IN PCWSTR ComputerNames OPTIONAL, IN ULONG NumOfEventLogs, IN PEVENTLOG *EventLogs)
Definition: eventvwr.c:1359
Definition: nsiface.idl:2307
#define UNICODE_NULL
Definition: treeview.c:141
_In_ LPCSTR _Out_writes_to_opt_ cchDisplayName LPSTR lpDisplayName
Definition: winbase.h:2790
HWND WINAPI SetFocus(_In_opt_ HWND)
BOOL WINAPI InvalidateRect(_In_opt_ HWND, _In_opt_ LPCRECT, _In_ BOOL)
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
Referenced by wWinMain().
◆ ClearEvents()
| BOOL ClearEvents | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 2612 of file eventvwr.c.
2613{
2615 PEVENTLOG EventLog;
2616 HANDLE hEventLog;
2619
2620 /* Bail out if there is no available filter */
2621 if (!EventLogFilter)
2623
2626
2628
2631
2633 {
2636
2639 break;
2640
2644 break;
2645 }
2646
2647 EventLogFilter_AddRef(EventLogFilter);
2648
2649 EventLog = EventLogFilter->EventLogs[0];
2651
2652 EventLogFilter_Release(EventLogFilter);
2653
2654 if (!hEventLog)
2655 {
2658 }
2659
2663
2664 CloseEventLog(hEventLog);
2666}
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
BOOL WINAPI ClearEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:367
LONG EventLogFilter_AddRef(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1416
LONG EventLogFilter_Release(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1422
int WINAPI LoadStringW(_In_opt_ HINSTANCE hInstance, _In_ UINT uID, _Out_writes_to_(cchBufferMax, return+1) LPWSTR lpBuffer, _In_ int cchBufferMax)
int WINAPI MessageBoxW(_In_opt_ HWND hWnd, _In_opt_ LPCWSTR lpText, _In_opt_ LPCWSTR lpCaption, _In_ UINT uType)
Referenced by EventLogPropProc(), and WndProc().
◆ CloseUserEventLog()
| VOID CloseUserEventLog | ( | IN PEVENTLOGFILTER | EventLogFilter, |
| IN HTREEITEM | hti | ||
| ) |
Definition at line 2577 of file eventvwr.c.
2578{
2579 /* Bail out if there is no available filter */
2580 if (!EventLogFilter)
2581 return;
2582
2584 {
2585 /* Signal the enumerator thread we want to stop enumerating events */
2586 // EnumEvents(NULL);
2589 }
2590
2591 /*
2592 * The deletion of the item automatically triggers a TVN_SELCHANGED
2593 * notification, that will reset the ActiveFilter (in case the item
2594 * selected is a filter). Otherwise we reset it there.
2595 */
2597
2598 /* Remove the filter from the list */
2599 RemoveEntryList(&EventLogFilter->ListEntry);
2600 EventLogFilter_Release(EventLogFilter);
2601
2602 // /* Select the default event log */
2603 // // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2604 // TreeView_SelectItem(hwndTreeView, hItem);
2605 // TreeView_EnsureVisible(hwndTreeView, hItem);
2608}
#define InterlockedCompareExchangePointer
Definition: interlocked.h:129
Referenced by WndProc().
◆ DisplayUsage()
Definition at line 164 of file eventvwr.c.
Referenced by ProcessCmdLine().
◆ EnumEvents()
| VOID EnumEvents | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 2422 of file eventvwr.c.
2423{
2424 /* Signal the enumerator thread we want to enumerate events */
2427 return;
2428}
◆ EnumEventsThread()
HACK!!
Definition at line 1962 of file eventvwr.c.
1963{
1965 PEVENTLOG EventLog;
1966
1967 ULONG LogIndex;
1968 HANDLE hEventLog;
1970 PBYTE pEvlrEnd;
1971 PBYTE pEvlrBuffer;
1973 DWORD dwTotalRecords = 0, dwCurrentRecord = 0;
1975 size_t cchRemaining;
1976 LPWSTR lpszSourceName;
1977 LPWSTR lpszComputerName;
1981
1982 UINT uStep = 0, uStepAt = 0, uPos = 0;
1983
1995 PWCHAR lpTitleTemplateEnd;
1996
1998 LVITEMW lviEventItem;
1999
2000 /* Save the current event log filter globally */
2001 EventLogFilter_AddRef(EventLogFilter);
2002 ActiveFilter = EventLogFilter;
2003
2004
2006 EventLog = EventLogFilter->EventLogs[0];
2007
2008 // FIXME: Use something else instead of EventLog->LogName !!
2009
2010 /*
2011 * Use a different formatting, whether the event log filter holds
2012 * only one log, or many logs (the latter case is WIP TODO!)
2013 */
2015 {
2016 StringCchPrintfExW(szWindowTitle,
2017 ARRAYSIZE(szWindowTitle),
2018 &lpTitleTemplateEnd,
2019 &cchRemaining,
2020 0,
2022 dwMaxLength = (DWORD)cchRemaining;
2024 GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
2025 else
2027
2028 StringCbPrintfW(szStatusText,
2029 sizeof(szStatusText),
2030 szStatusBarTemplate,
2031 EventLog->LogName,
2032 0,
2033 0);
2034 }
2035 else
2036 {
2037 // TODO: Use a different title & implement filtering for multi-log filters !!
2038 // (EventLogFilter->NumOfEventLogs > 1)
2041 szTitle,
2043 }
2044
2045 /* Set the window title */
2047
2048 /* Update the status bar */
2050
2051
2052 /* Disable list view redraw */
2054
2055 /* Clear the list view and free the cached records */
2057 FreeRecords();
2058
2063
2064 /* Do a loop over the logs enumerated in the filter */
2065 // FIXME: For now we only support 1 event log per filter!
2066 LogIndex = 0;
2067 // for (LogIndex = 0; LogIndex < EventLogFilter->NumOfEventLogs; ++LogIndex)
2068 {
2069
2070 EventLog = EventLogFilter->EventLogs[LogIndex];
2071
2072 /* Open the event log */
2075 else
2077
2079 {
2082 }
2083
2084 // GetOldestEventLogRecord(hEventLog, &dwThisRecord);
2085
2086 /* Get the total number of event log records */
2087 GetNumberOfEventLogRecords(hEventLog, &dwTotalRecords);
2088
2089 if (dwTotalRecords > 0)
2090 {
2093 }
2094 else
2095 {
2098 }
2099
2100 /* Set up the event records cache */
2101 g_RecordPtrs = HeapAlloc(hProcessHeap, HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(*g_RecordPtrs));
2103 {
2104 // ShowWin32Error(GetLastError());
2105 goto Quit;
2106 }
2107 g_TotalRecords = dwTotalRecords;
2108
2110 goto Quit;
2111
2114
2116 uStepAt = (dwTotalRecords / 100) + 1;
2117
2118 dwFlags = EVENTLOG_SEQUENTIAL_READ | (Settings.bNewestEventsFirst ? EVENTLOG_FORWARDS_READ : EVENTLOG_BACKWARDS_READ);
2119
2120 /* 0x7ffff is the maximum buffer size ReadEventLog will accept */
2121 dwWanted = 0x7ffff;
2123
2124 if (!pEvlr)
2125 goto Quit;
2126
2128 {
2131
2133 {
2135 dwWanted = dwNeeded;
2136
2137 if (!pEvlr)
2138 break;
2139
2141
2142 if (!bResult)
2143 break;
2144 }
2145 else if (!bResult)
2146 {
2147 /* Exit on other errors (ERROR_HANDLE_EOF) */
2148 break;
2149 }
2150
2151 pEvlrBuffer = (LPBYTE)pEvlr;
2152 pEvlrEnd = pEvlrBuffer + dwRead;
2153
2154 while (pEvlrBuffer < pEvlrEnd)
2155 {
2157 PWSTR lpszUsername, lpszCategoryName;
2159
2160 // ProgressBar_StepIt(hwndStatusProgress);
2161 uStep++;
2162 if (uStep % uStepAt == 0)
2163 {
2164 ++uPos;
2166 }
2167
2169 goto Quit;
2170
2171 /* Filter by event type */
2173 goto SkipEvent;
2174
2175 /* Get the event source name and filter it */
2178 goto SkipEvent;
2179
2180 /* Get the computer name and filter it */
2181 lpszComputerName = (LPWSTR)(pEvlrBuffer + sizeof(EVENTLOGRECORD) + (wcslen(lpszSourceName) + 1) * sizeof(WCHAR));
2183 goto SkipEvent;
2184
2185 /* Compute the event time */
2187 GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, ARRAYSIZE(szLocalDate));
2189
2190 /* Get the username that generated the event, and filter it */
2191 lpszUsername = GetEventUserName(pEvlrTmp, &pLastSid, szUsername) ? szUsername : szNoUsername;
2192
2194 goto SkipEvent;
2195
2196 // TODO: Filter by event ID and category
2198
2199 lpszCategoryName = GetEventCategory(EventLog->LogName, lpszSourceName, pEvlrTmp, szCategory) ? szCategory : szNoCategory;
2200
2203
2206
2208 lviEventItem.iItem = 0;
2209 lviEventItem.iSubItem = 0;
2211 lviEventItem.pszText = szEventTypeText;
2212
2214 {
2217 lviEventItem.iImage = 0;
2218 break;
2219
2221 lviEventItem.iImage = 1;
2222 break;
2223
2225 lviEventItem.iImage = 2;
2226 break;
2227
2229 lviEventItem.iImage = 3;
2230 break;
2231
2233 lviEventItem.iImage = 4;
2234 break;
2235 }
2236
2238
2246
2247SkipEvent:
2248 pEvlrBuffer += pEvlrTmp->Length;
2249 dwCurrentRecord++;
2250 }
2251 }
2252
2253Quit:
2254
2255 if (pEvlr)
2257
2258 /* Close the event log */
2259 CloseEventLog(hEventLog);
2260
2261 } // end-for (LogIndex)
2262
2263 /* All events loaded */
2264
2265Cleanup:
2266
2269
2270 // FIXME: Use something else instead of EventLog->LogName !!
2271
2272 /*
2273 * Use a different formatting, whether the event log filter holds
2274 * only one log, or many logs (the latter case is WIP TODO!)
2275 */
2277 {
2278 StringCbPrintfW(szStatusText,
2279 sizeof(szStatusText),
2280 szStatusBarTemplate,
2281 EventLog->LogName,
2282 dwTotalRecords,
2284 }
2285 else
2286 {
2287 // TODO: Use a different title & implement filtering for multi-log filters !!
2288 // (EventLogFilter->NumOfEventLogs > 1)
2289 }
2290
2291 /* Update the status bar */
2293
2294 /* Resume list view redraw */
2296
2297 EventLogFilter_Release(EventLogFilter);
2298
2301
2302 return 0;
2303}
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
HANDLE WINAPI OpenBackupEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpFileName)
Definition: eventlog.c:830
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
BOOL GetEventCategory(IN LPCWSTR KeyName, IN LPCWSTR SourceName, IN PEVENTLOGRECORD pevlr, OUT PWCHAR CategoryName)
Definition: eventvwr.c:1589
VOID EventTimeToSystemTime(IN DWORD EventTime, OUT PSYSTEMTIME pSystemTime)
Definition: eventvwr.c:713
BOOL FilterByString(IN PCWSTR FilterString, IN PWSTR String)
Definition: eventvwr.c:1905
BOOL FilterByType(IN PEVENTLOGFILTER EventLogFilter, IN PEVENTLOGRECORD pevlr)
Definition: eventvwr.c:1889
BOOL GetEventUserName(IN PEVENTLOGRECORD pelr, IN OUT PSID *pLastSid, OUT PWCHAR pszUser)
Definition: eventvwr.c:1800
VOID GetEventType(IN WORD dwEventType, OUT PWCHAR eventTypeText)
Definition: eventvwr.c:1770
struct _EVENTLOGFILTER * PEVENTLOGFILTER
INT WINAPI GetTimeFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpTimeStr, INT cchOut)
Definition: lcformat.c:1093
INT WINAPI GetDateFormatW(LCID lcid, DWORD dwFlags, const SYSTEMTIME *lpTime, LPCWSTR lpFormat, LPWSTR lpDateStr, INT cchOut)
Definition: lcformat.c:993
#define LOCALE_USER_DEFAULT
#define ListView_SetItemText(hwndLV, i, iSubItem_, pszText_)
Definition: commctrl.h:2691
STRSAFEAPI StringCchPrintfExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:585
STRSAFEAPI StringCbPrintfW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:557
Definition: winnt_old.h:2840
Definition: ms-dtyp.idl:198
Definition: winbase.h:904
Definition: commctrl.h:2359
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_POWER_POLICY_IDLE_SETTINGS Settings
Definition: wdfdevice.h:2595
struct _EVENTLOGRECORD * PEVENTLOGRECORD
BOOL WINAPI ShowWindow(_In_ HWND, _In_ int)
BOOL WINAPI SetWindowTextW(_In_ HWND, _In_opt_ LPCWSTR)
BOOL WINAPI EnableMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
LRESULT WINAPI SendMessageW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
Referenced by StartStopEnumEventsThread().
◆ EventDetails()
Definition at line 4316 of file eventvwr.c.
4317{
4318 switch (uMsg)
4319 {
4321 {
4322 LONG_PTR dwStyle;
4324 INT iEventItem;
4325
4328 {
4329 EndDialog(hDlg, 0);
4331 }
4332
4333 /* Create a size grip if the dialog has a sizing border */
4334 GetClientRect(hDlg, &rcWnd);
4337 {
4340
4342 NULL,
4344 rcWnd.right - sbVXSize,
4345 rcWnd.bottom - sbHYSize,
4346 sbVXSize, sbHYSize,
4347 hDlg,
4348 NULL,
4349 hInst,
4350 NULL);
4351 }
4352
4353 // SetWindowLongPtrW(hDlg, DWLP_USER, (LONG_PTR)hWndDetailsCtrl);
4354
4355 /*
4356 * Compute the minimum window size (in window coordinates) by
4357 * adding the widths/heights of the "Help" and "Close" buttons,
4358 * together with the margins, and add some minimal spacing
4359 * between the buttons.
4360 */
4361 GetWindowRect(hDlg, &rcWnd);
4363
4366 cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4367
4369 cxMin += (rect.right - rect.left) + (rcWnd.right - rect.right); // == (rcWnd.right - rect.left);
4370 cyMin += (rect.bottom - rect.top) + (rcWnd.bottom - rect.bottom); // == (rcWnd.bottom - rect.top);
4371
4372 /*
4373 * Convert the window rect from window to client coordinates
4374 * in order to retrieve the sizes of the left and top margins,
4375 * and add some extra space.
4376 */
4378
4381
4382 GetClientRect(hDlg, &rcWnd);
4383 cxOld = rcWnd.right - rcWnd.left;
4384 cyOld = rcWnd.bottom - rcWnd.top;
4385
4386 /* Show event info in dialog control */
4389
4390 // SetWindowPos(hWndDetailsCtrl, NULL,
4391 // 0, 0,
4392 // (rcWnd.right - rcWnd.left),
4393 // (rcWnd.bottom - rcWnd.top),
4394 // SWP_NOZORDER | SWP_NOACTIVATE | SWP_SHOWWINDOW);
4395
4396 /*
4397 * Hide the placeholder static control and show the event details
4398 * control instead. Note that the placeholder is here so far just
4399 * to get the dimensions right in the dialog resource editor.
4400 * I plan to remove it and use a custom control with a suitable
4401 * window class for it, that would create the event details control
4402 * instead.
4403 */
4407 }
4408
4414
4417 {
4422
4424 MessageBoxW(hDlg,
4426 szTitle,
4429
4430 default:
4431 break;
4432 }
4433 break;
4434
4437 {
4441 }
4442 break;
4443
4445 {
4446 /* Forbid resizing the dialog smaller than its minimal size */
4448
4450 {
4453 }
4454
4456 {
4459 }
4460
4462 {
4465 }
4466
4468 {
4471 }
4472
4475 }
4476
4478 {
4481
4482 HDWP hdwp;
4483 HWND hItemWnd;
4485
4486 hdwp = BeginDeferWindowPos(4);
4487
4488 /* Resize the event details control window */
4489
4490 hItemWnd = hWndDetailsCtrl;
4493
4494 if (hdwp)
4495 hdwp = DeferWindowPos(hdwp,
4496 hItemWnd,
4497 HWND_TOP,
4498 0, 0,
4502
4503 /* Move the buttons */
4504
4508
4509 if (hdwp)
4510 hdwp = DeferWindowPos(hdwp,
4511 hItemWnd,
4512 HWND_TOP,
4513 rect.left,
4515 0, 0,
4517
4521
4522 if (hdwp)
4523 hdwp = DeferWindowPos(hdwp,
4524 hItemWnd,
4525 HWND_TOP,
4528 0, 0,
4530
4531 /* Move the size grip */
4533 {
4536
4537 hdwp = DeferWindowPos(hdwp,
4538 hWndGrip,
4539 HWND_TOP,
4542 0, 0,
4544 }
4545
4546 if (hdwp)
4547 EndDeferWindowPos(hdwp);
4548
4549 /* Hide the size grip if we are in maximized mode */
4552
4555
4558 }
4559 }
4560
4562}
HWND CreateEventDetailsCtrl(HINSTANCE hInstance, HWND hParentWnd, LPARAM lParam)
Definition: evtdetctl.c:954
struct _EVENTDETAIL_INFO * PEVENTDETAIL_INFO
Definition: polytest.cpp:47
Definition: windef.h:305
BOOL WINAPI IsWindow(_In_opt_ HWND)
BOOL WINAPI GetWindowRect(_In_ HWND, _Out_ LPRECT)
HCURSOR WINAPI SetCursor(_In_opt_ HCURSOR)
BOOL WINAPI EndDeferWindowPos(_In_ HDWP)
HCURSOR WINAPI LoadCursorW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
Definition: cursoricon.c:2105
int WINAPI MapWindowPoints(_In_opt_ HWND hWndFrom, _In_opt_ HWND hWndTo, _Inout_updates_(cPoints) LPPOINT lpPoints, _In_ UINT cPoints)
HWND WINAPI GetDlgItem(_In_opt_ HWND, _In_ int)
BOOL WINAPI GetClientRect(_In_ HWND, _Out_ LPRECT)
HDWP WINAPI DeferWindowPos(_In_ HDWP, _In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
BOOL WINAPI DestroyWindow(_In_ HWND)
int WINAPI GetSystemMetrics(_In_ int)
HDWP WINAPI BeginDeferWindowPos(_In_ int)
BOOL WINAPI EndDialog(_In_ HWND, _In_ INT_PTR)
Referenced by WndProc().
◆ EventLog_Free()
Definition at line 1322 of file eventvwr.c.
1323{
1324 if (EventLog->LogName)
1326
1327 if (EventLog->ComputerName)
1329
1330 if (EventLog->FileName)
1332
1334}
Referenced by BuildLogListAndFilterList(), FreeLogList(), and OpenUserEventLogFile().
◆ EventLogFilter_AddRef()
| LONG EventLogFilter_AddRef | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 1416 of file eventvwr.c.
Referenced by ClearEvents(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().
◆ EventLogFilter_Free()
| VOID EventLogFilter_Free | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 1402 of file eventvwr.c.
1403{
1404 if (EventLogFilter->Sources)
1406
1407 if (EventLogFilter->Users)
1409
1410 if (EventLogFilter->ComputerNames)
1412
1414}
Referenced by EventLogFilter_Release(), and FreeLogFilterList().
◆ EventLogFilter_Release()
| LONG EventLogFilter_Release | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
RemoveEntryList(&EventLogFilter->ListEntry);
Definition at line 1422 of file eventvwr.c.
1423{
1424 LONG RefCount;
1425
1426 ASSERT(EventLogFilter);
1427
1428 /* When the reference count reaches zero, delete the filter */
1429 RefCount = InterlockedDecrement(&EventLogFilter->ReferenceCount);
1430 if (RefCount <= 0)
1431 {
1432 /* Remove the filter from the list */
1434 EventLogFilter_Free(EventLogFilter);
1435 }
1436
1437 return RefCount;
1438}
VOID EventLogFilter_Free(IN PEVENTLOGFILTER EventLogFilter)
Definition: eventvwr.c:1402
Referenced by ClearEvents(), CloseUserEventLog(), EnumEventsThread(), EventLogProperties(), SaveEventLog(), and WndProc().
◆ EventLogProperties()
| INT_PTR EventLogProperties | ( | HINSTANCE | hInstance, |
| HWND | hWndParent, | ||
| PEVENTLOGFILTER | EventLogFilter | ||
| ) |
Definition at line 4250 of file eventvwr.c.
4251{
4253 PROPSHEETHEADERW psh;
4255
4256 /*
4257 * Bail out if there is no available filter, or if the filter
4258 * contains more than one log.
4259 */
4260 if (!EventLogFilter)
4261 return 0;
4262
4263 EventLogFilter_AddRef(EventLogFilter);
4264
4267 {
4268 goto Quit;
4269 }
4270
4271 /* Header */
4273 psh.dwFlags = PSH_PROPSHEETPAGE /*| PSH_USEICONID */ | PSH_PROPTITLE | PSH_HASHELP /*| PSH_NOCONTEXTHELP */ /*| PSH_USECALLBACK */;
4276 // psh.pszIcon = MAKEINTRESOURCEW(IDI_APPICON); // Disabled because it only sets the small icon; the big icon is a stretched version of the small one.
4278 psh.nStartPage = 0;
4279 psh.ppsp = psp;
4281 // psh.pfnCallback = PropSheetCallback;
4282
4283 /* Log properties page */
4290
4291#if 0
4292 /* TODO: Log sources page */
4293 psp[1].dwSize = sizeof(psp[1]);
4299#endif
4300
4301 /* Create the property sheet */
4303
4304Quit:
4305 EventLogFilter_Release(EventLogFilter);
4307}
INT_PTR CALLBACK EventLogPropProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
Definition: eventvwr.c:4129
INT_PTR CALLBACK GeneralPageWndProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
Definition: generalpage.c:25
Definition: prsht.h:292
Definition: prsht.h:213
Referenced by WndProc().
◆ EventLogPropProc()
Definition at line 4129 of file eventvwr.c.
4130{
4131 PEVENTLOG EventLog;
4133
4135
4136 switch (uMsg)
4137 {
4139 {
4142
4143 InitPropertiesDlg(hDlg, EventLog);
4144
4147 }
4148
4151
4154 {
4157 SavePropertiesDlg(hDlg, EventLog);
4159 }
4160 break;
4161
4164 {
4169
4171 {
4174 {
4175 Refresh(EventLogFilter);
4176 InitPropertiesDlg(hDlg, EventLog);
4177 }
4179 }
4180
4184 {
4186 }
4188
4190 {
4196 }
4197
4199 {
4205 }
4206
4208 {
4214 }
4215
4217 {
4219
4221 {
4223 /* Workstation: 512 KB; Server: 16384 KB */
4229 }
4231 }
4232
4234 MessageBoxW(hDlg,
4236 szTitle,
4239
4240 default:
4241 break;
4242 }
4243 break;
4244 }
4245
4247}
PEVENTLOGFILTER GetSelectedFilter(OUT HTREEITEM *phti OPTIONAL)
Definition: eventvwr.c:2432
static VOID SavePropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:4070
static VOID InitPropertiesDlg(HWND hDlg, PEVENTLOG EventLog)
Definition: eventvwr.c:3880
struct _EVENTLOG * PEVENTLOG
Definition: inflate.c:139
Definition: winuser.h:3156
BOOL WINAPI SetDlgItemInt(_In_ HWND, _In_ int, _In_ UINT, _In_ BOOL)
HWND WINAPI GetParent(_In_ HWND)
BOOL WINAPI CheckRadioButton(_In_ HWND, _In_ int, _In_ int, _In_ int)
Referenced by EventLogProperties().
◆ EventTimeToSystemTime()
| VOID EventTimeToSystemTime | ( | IN DWORD | EventTime, |
| OUT PSYSTEMTIME | pSystemTime | ||
| ) |
Definition at line 713 of file eventvwr.c.
715{
716 SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
717 FILETIME ftLocal;
718 union
719 {
720 FILETIME ft;
722 } u1970, uUCT;
723
724 uUCT.ft.dwHighDateTime = 0;
725 uUCT.ft.dwLowDateTime = EventTime;
726 SystemTimeToFileTime(&st1970, &u1970.ft);
727 uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
728 FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
729 FileTimeToSystemTime(&ftLocal, pSystemTime);
730}
BOOL WINAPI FileTimeToSystemTime(IN CONST FILETIME *lpFileTime, OUT LPSYSTEMTIME lpSystemTime)
Definition: time.c:188
BOOL WINAPI SystemTimeToFileTime(IN CONST SYSTEMTIME *lpSystemTime, OUT LPFILETIME lpFileTime)
Definition: time.c:158
BOOL WINAPI FileTimeToLocalFileTime(IN CONST FILETIME *lpFileTime, OUT LPFILETIME lpLocalFileTime)
Definition: time.c:221
Definition: mapidefs.h:60
Referenced by EnumEventsThread().
◆ FilterByString()
Definition at line 1905 of file eventvwr.c.
1907{
1908 PCWSTR pStr;
1909
1910 /* The filter string is NULL so it does not filter anything */
1911 if (!FilterString)
1913
1914 /*
1915 * If the filter string filters for an empty string AND the source string
1916 * is an empty string, we have a match (particular case of the last one).
1917 */
1920
1921 // if (*FilterString || *String)
1922
1923 /*
1924 * If the filter string is empty BUT the source string is not empty,
1925 * OR vice-versa, we cannot have a match.
1926 */
1929
1930 /*
1931 * If the filter string filters for at least a non-empty string,
1932 * browse it and search for a string that matches the source string.
1933 */
1934 // else if (*FilterString && *String)
1935 {
1936 pStr = FilterString;
1937 while (*pStr)
1938 {
1940 {
1941 /* We have a match, break the loop */
1942 break;
1943 }
1944
1945 pStr += (wcslen(pStr) + 1);
1946 }
1947 if (!*pStr) // && *String
1948 {
1949 /* We do not have a match */
1951 }
1952 }
1953
1954 /* We have a match */
1956}
Referenced by EnumEventsThread().
◆ FilterByType()
| BOOL FilterByType | ( | IN PEVENTLOGFILTER | EventLogFilter, |
| IN PEVENTLOGRECORD | pevlr | ||
| ) |
Definition at line 1889 of file eventvwr.c.
1891{
1893 (pevlr->EventType == EVENTLOG_INFORMATION_TYPE && !EventLogFilter->Information ) ||
1894 (pevlr->EventType == EVENTLOG_WARNING_TYPE && !EventLogFilter->Warning ) ||
1895 (pevlr->EventType == EVENTLOG_ERROR_TYPE && !EventLogFilter->Error ) ||
1896 (pevlr->EventType == EVENTLOG_AUDIT_SUCCESS && !EventLogFilter->AuditSuccess) ||
1897 (pevlr->EventType == EVENTLOG_AUDIT_FAILURE && !EventLogFilter->AuditFailure))
1898 {
1900 }
1902}
Referenced by EnumEventsThread().
◆ FormatByteSize()
Definition at line 1161 of file eventvwr.c.
1162{
1163 UINT cchWritten, cchRemaining;
1164 LPWSTR pwszEnd;
1165 size_t cchStringRemaining;
1166
1167 /* Write formated bytes count */
1168 cchWritten = FormatInteger(cbSize, pwszResult, cchResultMax);
1169 if (!cchWritten)
1170 return 0;
1171
1172 /* Copy " bytes" to buffer */
1173 pwszEnd = pwszResult + cchWritten;
1174 cchRemaining = cchResultMax - cchWritten;
1176 cchRemaining = (UINT)cchStringRemaining;
1178 cchRemaining -= cchWritten;
1179
1180 return cchResultMax - cchRemaining;
1181}
UINT FormatInteger(LONGLONG Num, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1101
STRSAFEAPI StringCchCopyExW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc, STRSAFE_LPWSTR *ppszDestEnd, size_t *pcchRemaining, STRSAFE_DWORD dwFlags)
Definition: strsafe.h:184
Referenced by FormatFileSizeWithBytes().
◆ FormatFileSizeWithBytes()
| LPWSTR FormatFileSizeWithBytes | ( | const PULARGE_INTEGER | lpQwSize, |
| LPWSTR | pwszResult, | ||
| UINT | cchResultMax | ||
| ) |
Definition at line 1184 of file eventvwr.c.
1185{
1186 UINT cchWritten, cchRemaining;
1187 LPWSTR pwszEnd;
1188 size_t cchCopyRemaining;
1189
1190 /* Format bytes in KBs, MBs etc */
1193
1194 /* If there is less bytes than 1KB, we have nothing to do */
1196 return pwszResult;
1197
1198 /* Concatenate " (" */
1200 pwszEnd = pwszResult + cchWritten;
1201 cchRemaining = cchResultMax - cchWritten;
1203 cchRemaining = (UINT)cchCopyRemaining;
1204
1205 /* Write formated bytes count */
1207 pwszEnd += cchWritten;
1208 cchRemaining -= cchWritten;
1209
1210 /* Copy ")" to the buffer */
1212
1213 return pwszResult;
1214}
LPWSTR WINAPI StrFormatByteSizeW(LONGLONG llBytes, LPWSTR lpszDest, UINT cchMax)
Definition: string.c:2388
UINT FormatByteSize(LONGLONG cbSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1161
Referenced by InitPropertiesDlg().
◆ FormatInteger()
Definition at line 1101 of file eventvwr.c.
1102{
1103 WCHAR wszNumber[24];
1104 WCHAR wszDecimalSep[8], wszThousandSep[8];
1105 NUMBERFMTW nf;
1106 WCHAR wszGrouping[12];
1107 INT cchGrouping;
1108 INT cchResult;
1110
1111 // Print the number in uniform mode
1113
1114 // Get system strings for decimal and thousand separators.
1116 GetLocaleInfoW(LOCALE_USER_DEFAULT, LOCALE_STHOUSAND, wszThousandSep, _countof(wszThousandSep));
1117
1118 // Initialize format for printing the number in bytes
1120 nf.lpDecimalSep = wszDecimalSep;
1121 nf.lpThousandSep = wszThousandSep;
1122
1123 // Get system string for groups separator
1125 LOCALE_SGROUPING,
1126 wszGrouping,
1127 _countof(wszGrouping));
1128
1129 // Convert grouping specs from string to integer
1131 {
1133
1137 break;
1138 }
1139
1141 nf.Grouping /= 10;
1142 else
1143 nf.Grouping *= 10;
1144
1145 // Format the number
1147 0,
1148 wszNumber,
1149 &nf,
1150 pwszResult,
1151 cchResultMax);
1152
1153 if (!cchResult)
1154 return 0;
1155
1156 // GetNumberFormatW returns number of characters including UNICODE_NULL
1157 return cchResult - 1;
1158}
INT WINAPI GetLocaleInfoW(LCID lcid, LCTYPE lctype, LPWSTR buffer, INT len)
Definition: lang.c:1108
INT WINAPI GetNumberFormatW(LCID lcid, DWORD dwFlags, LPCWSTR lpszValue, const NUMBERFMTW *lpFormat, LPWSTR lpNumberStr, int cchOut)
Definition: lcformat.c:1212
Definition: winnls.h:641
Referenced by FormatByteSize().
◆ FreeLogFilterList()
Definition at line 3015 of file eventvwr.c.
3016{
3018 PEVENTLOGFILTER EventLogFilter;
3019
3021 {
3024 EventLogFilter_Free(EventLogFilter);
3025 }
3026
3028
3029 return;
3030}
Definition: typedefs.h:120
Referenced by wWinMain().
◆ FreeLogList()
Definition at line 2999 of file eventvwr.c.
3000{
3002 PEVENTLOG EventLog;
3003
3005 {
3008 EventLog_Free(EventLog);
3009 }
3010
3011 return;
3012}
Referenced by wWinMain().
◆ FreeRecords()
Definition at line 1871 of file eventvwr.c.
Referenced by EnumEventsThread(), and StartStopEnumEventsThread().
◆ GetDisplayNameFileAndID()
| BOOL GetDisplayNameFileAndID | ( | IN LPCWSTR | lpLogName, |
| OUT PWCHAR | lpModuleName, | ||
| OUT PDWORD | pdwMessageID | ||
| ) |
Definition at line 2709 of file eventvwr.c.
2712{
2715 HKEY hLogKey;
2716 WCHAR *KeyPath;
2717 SIZE_T cbKeyPath;
2718 DWORD dwType, cbData;
2719 DWORD dwMessageID = 0;
2721
2722 /* Use a default value for the message ID */
2723 *pdwMessageID = 0;
2724
2727 if (!KeyPath)
2728 {
2731 }
2732
2734 StringCbCatW(KeyPath, cbKeyPath, lpLogName);
2735
2739 {
2742 }
2743
2747 NULL,
2748 &dwType,
2750 &cbData);
2752 {
2754 }
2755 else
2756 {
2757 /* NULL-terminate the string and expand it */
2761 }
2762
2763 /*
2764 * If we have a 'DisplayNameFile', query for 'DisplayNameID';
2765 * otherwise it's not really useful. 'DisplayNameID' is optional.
2766 */
2768 {
2769 cbData = sizeof(dwMessageID);
2772 NULL,
2773 &dwType,
2774 (LPBYTE)&dwMessageID,
2775 &cbData);
2777 dwMessageID = 0;
2778
2779 *pdwMessageID = dwMessageID;
2780 }
2781
2782 RegCloseKey(hLogKey);
2783
2785}
DWORD GetExpandedFilePathName(IN LPCWSTR ComputerName OPTIONAL, IN LPCWSTR lpFileName, OUT LPWSTR lpFullFileName OPTIONAL, IN DWORD nSize)
Definition: eventvwr.c:1455
STRSAFEAPI StringCbCopyW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:166
STRSAFEAPI StringCbCatW(STRSAFE_LPWSTR pszDest, size_t cbDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:342
Referenced by BuildLogListAndFilterList().
◆ GetEventCategory()
| BOOL GetEventCategory | ( | IN LPCWSTR | KeyName, |
| IN LPCWSTR | SourceName, | ||
| IN PEVENTLOGRECORD | pevlr, | ||
| OUT PWCHAR | CategoryName | ||
| ) |
Definition at line 1589 of file eventvwr.c.
1593{
1597
1599 goto Quit;
1600
1601 /* Retrieve the message string without appending extra newlines */
1602 lpMsgBuf =
1603 GetMessageStringFromDllList(szMessageDLL,
1606 pevlr->EventCategory,
1608 NULL);
1609 if (lpMsgBuf)
1610 {
1611 /* Trim the string */
1612 TrimNulls(lpMsgBuf);
1613
1614 /* Copy the category name */
1616
1617 /* Free the buffer allocated by FormatMessage */
1618 LocalFree(lpMsgBuf);
1619
1620 /* The ID was found and the message was formatted */
1622 }
1623
1624Quit:
1626 {
1627 if (pevlr->EventCategory != 0)
1628 {
1631 }
1632 }
1633
1635}
BOOL GetEventMessageFileDLL(IN LPCWSTR lpLogName, IN LPCWSTR SourceName, IN LPCWSTR EntryName, OUT PWCHAR lpModuleName)
Definition: eventvwr.c:1528
STRSAFEAPI StringCchPrintfW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszFormat,...)
Definition: strsafe.h:530
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2699
Referenced by EnumEventsThread().
◆ GetEventMessage()
| BOOL GetEventMessage | ( | IN LPCWSTR | KeyName, |
| IN LPCWSTR | SourceName, | ||
| IN PEVENTLOGRECORD | pevlr, | ||
| OUT PWCHAR | EventText | ||
| ) |
Definition at line 1639 of file eventvwr.c.
1643{
1647 WCHAR SourceModuleName[1024];
1648 WCHAR ParameterModuleName[1024];
1651 LPWSTR szStringArray, szMessage;
1652 LPWSTR *szArguments;
1653
1654 /* Get the event string array */
1656
1657 /* NOTE: GetEventMessageFileDLL can return a comma-separated list of DLLs */
1659 goto Quit;
1660
1661 /* Allocate space for insertion strings */
1663 if (!szArguments)
1664 goto Quit;
1665
1666 if (!IsParamModNameCached)
1667 {
1668 /* Now that the parameter file list is loaded, no need to reload it at the next run! */
1669 IsParamModNameCached = GetEventMessageFileDLL(KeyName, SourceName, EVENT_PARAMETER_MESSAGE_FILE, ParameterModuleName);
1670 // FIXME: If the string loading failed the first time, no need to retry it just after???
1671 }
1672
1673 if (IsParamModNameCached)
1674 {
1675 /* Not yet support for reading messages from parameter message DLL */
1676 }
1677
1678 szMessage = szStringArray;
1679 /*
1680 * HACK:
1681 * We do some hackish preformatting of the cached event strings...
1682 * That's because after we pass the string to FormatMessage
1683 * (via GetMessageStringFromDllList) with the FORMAT_MESSAGE_ARGUMENT_ARRAY
1684 * flag, instead of ignoring the insertion parameters and do the formatting
1685 * by ourselves. Therefore, the resulting string should have the parameter
1686 * string placeholders starting with a single '%' instead of a mix of one
1687 * and two '%'.
1688 */
1689 /* HACK part 1: Compute the full length of the string array */
1690 cch = 0;
1692 {
1693 szMessage += wcslen(szMessage) + 1;
1694 }
1695 cch = szMessage - szStringArray;
1696
1697 /* HACK part 2: Now do the HACK proper! */
1698 szMessage = szStringArray;
1700 {
1701 lpMsgBuf = szMessage;
1703 {
1705 {
1707 }
1708 }
1709
1710 szArguments[i] = szMessage;
1711 szMessage += wcslen(szMessage) + 1;
1712 }
1713
1714 /* Retrieve the message string without appending extra newlines */
1715 lpMsgBuf =
1716 GetMessageStringFromDllList(SourceModuleName,
1719 pevlr->EventID,
1720 0,
1721 (va_list*)szArguments);
1722 if (lpMsgBuf)
1723 {
1724 /* Trim the string */
1725 TrimNulls(lpMsgBuf);
1726
1727 szMessage = NULL;
1729 TRUE,
1730 lpMsgBuf,
1731 &szMessage) == ERROR_SUCCESS);
1733 {
1734 /* Free the buffer allocated by FormatMessage */
1735 LocalFree(lpMsgBuf);
1736 lpMsgBuf = szMessage;
1737 }
1738
1739 /* Copy the event text */
1741
1742 /* Free the buffer allocated by FormatMessage */
1743 LocalFree(lpMsgBuf);
1744 }
1745
1747
1748Quit:
1750 {
1751 /* Get a read-only pointer to the "event-not-found" string */
1754 StringCchPrintfW(EventText, EVENT_MESSAGE_EVENTTEXT_BUFFER, lpMsgBuf, (pevlr->EventID & 0xFFFF), SourceName);
1755
1756 /* Append the strings */
1757 szMessage = szStringArray;
1759 {
1762 szMessage += wcslen(szMessage) + 1;
1763 }
1764 }
1765
1767}
DWORD ApplyParameterStringsToMessage(IN LPCWSTR lpMessageDllList, IN BOOL bMessagePreFormatted, IN CONST LPCWSTR pMessage, OUT LPWSTR *pFinalMessage)
Definition: eventvwr.c:903
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
Definition: strsafe.h:325
Referenced by DisplayEvent().
◆ GetEventMessageFileDLL()
| BOOL GetEventMessageFileDLL | ( | IN LPCWSTR | lpLogName, |
| IN LPCWSTR | SourceName, | ||
| IN LPCWSTR | EntryName, | ||
| OUT PWCHAR | lpModuleName | ||
| ) |
Definition at line 1528 of file eventvwr.c.
1532{
1540
1543
1545 szKeyName,
1546 0,
1547 KEY_READ,
1548 &hLogKey);
1551
1553 SourceName,
1554 0,
1555 KEY_QUERY_VALUE,
1556 &hSourceKey);
1558 {
1559 RegCloseKey(hLogKey);
1561 }
1562
1565 EntryName,
1566 NULL,
1567 &dwType,
1569 &dwSize);
1571 {
1573 }
1574 else
1575 {
1576 /* NULL-terminate the string and expand it */
1580 }
1581
1582 RegCloseKey(hSourceKey);
1583 RegCloseKey(hLogKey);
1584
1586}
Referenced by GetEventCategory(), and GetEventMessage().
◆ GetEventType()
Definition at line 1770 of file eventvwr.c.
1772{
1773 switch (dwEventType)
1774 {
1777 break;
1780 break;
1783 break;
1786 break;
1789 break;
1792 break;
1793 default:
1795 break;
1796 }
1797}
Referenced by EnumEventsThread().
◆ GetEventUserName()
Definition at line 1800 of file eventvwr.c.
1803{
1804 PSID pCurrentSid;
1805 PWSTR StringSid;
1807 WCHAR szDomain[1024];
1812
1813 /* Point to the SID */
1815
1817 {
1818 *pLastSid = NULL;
1820 }
1822 {
1824 }
1825
1826 /* User SID */
1827 if (pelr->UserSidLength > 0)
1828 {
1829 /*
1830 * Try to retrieve the user account name and domain name corresponding
1831 * to the SID. If it cannot be retrieved, try to convert the SID to a
1832 * string-form. It should not be bigger than the user-provided buffer
1833 * 'pszUser', otherwise we return an error.
1834 */
1836 pCurrentSid,
1837 szName,
1838 &cchName,
1839 szDomain,
1840 &cchDomain,
1841 &peUse))
1842 {
1845 }
1847 {
1848 /* Copy the string only if the user-provided buffer is big enough */
1850 {
1853 }
1854 else
1855 {
1858 }
1859
1860 /* Free the allocated buffer */
1861 LocalFree(StringSid);
1862 }
1863 }
1864
1866
1868}
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3583
enum _SID_NAME_USE SID_NAME_USE
_In_ LPCSTR _Out_writes_bytes_to_opt_ cbSid PSID _Inout_ LPDWORD _Out_writes_to_opt_ cchReferencedDomainName LPSTR _Inout_ LPDWORD _Out_ PSID_NAME_USE peUse
Definition: winbase.h:2746
Referenced by EnumEventsThread().
◆ GetExpandedFilePathName()
| DWORD GetExpandedFilePathName | ( | IN LPCWSTR ComputerName | OPTIONAL, |
| IN LPCWSTR | lpFileName, | ||
| OUT LPWSTR lpFullFileName | OPTIONAL, | ||
| IN DWORD | nSize | ||
| ) |
Definition at line 1455 of file eventvwr.c.
1460{
1462
1463 /* Determine the needed size after expansion of any environment strings */
1466 {
1467 /* We failed, bail out */
1468 return 0;
1469 }
1470
1471 /* If the file path is on a remote computer, estimate its length */
1472 // FIXME: Use WNetGetUniversalName instead?
1473 if (ComputerName && *ComputerName)
1474 {
1475 /* Skip any leading backslashes */
1477 ++ComputerName;
1478
1479 if (*ComputerName)
1480 {
1481 /* Count 2 backslashes plus the computer name and one backslash separator */
1483 }
1484 }
1485
1486 /* Check whether we have enough space */
1488 {
1489 /* No, return the needed size in characters (includes NULL-terminator) */
1491 }
1492
1493
1494 /* Now expand the file path */
1496
1497 /* Expand any existing environment strings */
1499 {
1500 /* We failed, bail out */
1501 return 0;
1502 }
1503
1504 /* If the file path is on a remote computer, retrieve the network share form of the file name */
1505 // FIXME: Use WNetGetUniversalName instead?
1506 if (ComputerName && *ComputerName)
1507 {
1508 /* Note that we previously skipped any potential leading backslashes */
1509
1510 /* Replace ':' by '$' in the drive letter */
1513
1514 /* Prepend the computer name */
1521 }
1522
1523 /* Return the number of stored characters (includes NULL-terminator) */
1525}
DWORD WINAPI ExpandEnvironmentStringsW(IN LPCWSTR lpSrc, IN LPWSTR lpDst, IN DWORD nSize)
Definition: environ.c:519
_CRTIMP wchar_t *__cdecl wcsncpy(wchar_t *_Dest, const wchar_t *_Source, size_t _Count)
Referenced by GetDisplayNameFileAndID(), GetEventMessageFileDLL(), and InitPropertiesDlg().
◆ GetFileTimeString()
| BOOL GetFileTimeString | ( | LPFILETIME | lpFileTime, |
| LPWSTR | pwszResult, | ||
| UINT | cchResult | ||
| ) |
Definition at line 1218 of file eventvwr.c.
1219{
1220 FILETIME ft;
1221 SYSTEMTIME st;
1222 int cchWritten;
1223 UINT cchRemaining = cchResult;
1224 size_t cchCopyRemaining;
1225 LPWSTR pwszEnd = pwszResult;
1226
1229
1230 cchWritten = GetDateFormatW(LOCALE_USER_DEFAULT, DATE_LONGDATE, &st, NULL, pwszEnd, cchRemaining);
1231 if (cchWritten)
1232 --cchWritten; // GetDateFormatW returns count with terminating zero
1233 // else
1234 // ERR("GetDateFormatW failed\n");
1235
1236 cchRemaining -= cchWritten;
1237 pwszEnd += cchWritten;
1238
1240 cchRemaining = (UINT)cchCopyRemaining;
1241
1243 if (cchWritten)
1244 --cchWritten; // GetTimeFormatW returns count with terminating zero
1245 // else
1246 // ERR("GetTimeFormatW failed\n");
1247
1249}
Referenced by InitPropertiesDlg().
◆ GetMessageStringFromDll()
| LPWSTR GetMessageStringFromDll | ( | IN LPCWSTR | lpMessageDll, |
| IN DWORD | dwFlags, | ||
| IN DWORD | dwMessageId, | ||
| IN DWORD | nSize, | ||
| IN va_list *Arguments | OPTIONAL | ||
| ) |
Definition at line 738 of file eventvwr.c.
744{
748
753
754 /* Sanitize dwFlags */
755 dwFlags &= ~FORMAT_MESSAGE_FROM_STRING;
757
758 _SEH2_TRY
759 {
760 /*
761 * Retrieve the message string without appending extra newlines.
762 * Wrap in SEH to protect from invalid string parameters.
763 */
764 _SEH2_TRY
765 {
767 /* FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE |
768 FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK, */
769 hLibrary,
770 dwMessageId,
771 LANG_USER_DEFAULT,
772 (LPWSTR)&lpMsgBuf,
773 nSize,
774 Arguments);
775 }
777 {
778 dwLength = 0;
779
780 /*
781 * An exception occurred while calling FormatMessage, this is usually
782 * the sign that a parameter was invalid, either 'lpMsgBuf' was NULL
783 * but we did not pass the flag FORMAT_MESSAGE_ALLOCATE_BUFFER, or the
784 * array pointer 'Arguments' was NULL or did not contain enough elements,
785 * and we did not pass the flag FORMAT_MESSAGE_IGNORE_INSERTS, and the
786 * message string expected too many inserts.
787 * In this last case only, we can call again FormatMessage but ignore
788 * explicitly the inserts. The string that we will return to the user
789 * will not be pre-formatted.
790 */
793 {
794 /* Remove any possible harmful flags and always ignore inserts */
795 dwFlags &= ~FORMAT_MESSAGE_ARGUMENT_ARRAY;
797
798 /* If this call also throws an exception, we are really dead */
800 hLibrary,
801 dwMessageId,
802 LANG_USER_DEFAULT,
803 (LPWSTR)&lpMsgBuf,
804 nSize,
806 }
807 }
808 _SEH2_END;
809 }
810 _SEH2_FINALLY
811 {
813 }
814 _SEH2_END;
815
817 {
819 lpMsgBuf = NULL;
820 }
821 else
822 {
824
825 ASSERT(lpMsgBuf);
826
827 /* Trim any trailing whitespace */
831 }
832
833 return lpMsgBuf;
834}
HINSTANCE WINAPI DECLSPEC_HOTPATCH LoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags)
Definition: loader.c:288
DWORD WINAPI FormatMessageW(DWORD dwFlags, LPCVOID lpSource, DWORD dwMessageId, DWORD dwLanguageId, LPWSTR lpBuffer, DWORD nSize, __ms_va_list *args)
Definition: format_msg.c:583
Referenced by BuildLogListAndFilterList(), and GetMessageStringFromDllList().
◆ GetMessageStringFromDllList()
| LPWSTR GetMessageStringFromDllList | ( | IN LPCWSTR | lpMessageDllList, |
| IN DWORD | dwFlags, | ||
| IN DWORD | dwMessageId, | ||
| IN DWORD | nSize, | ||
| IN va_list *Arguments | OPTIONAL | ||
| ) |
Definition at line 842 of file eventvwr.c.
848{
850 SIZE_T cbLength;
851 LPWSTR szMessageDllList;
852 LPWSTR szDll;
854
855 /* Allocate a local buffer for the DLL list that can be tokenized */
856 // TODO: Optimize that!! Maybe we can cleverly use lpMessageDllList in read/write mode
857 // and cleverly temporarily replace the ';' by UNICODE_NULL, do our job, then reverse the change.
860 if (!szMessageDllList)
862 CopyMemory(szMessageDllList, lpMessageDllList, cbLength);
863
864 /* Loop through the list of message DLLs */
867 {
868 // Uses LANG_USER_DEFAULT
869 lpMsgBuf = GetMessageStringFromDll(szDll,
870 dwFlags,
871 dwMessageId,
872 nSize,
873 Arguments);
874 if (lpMsgBuf)
875 {
876 /* The ID was found and the message was formatted */
878 break;
879 }
880
881 /*
882 * The DLL could not be loaded, or the message could not be found,
883 * try the next DLL, if any.
884 */
886 }
887
889
890 return lpMsgBuf;
891}
_Check_return_ _CRTIMP wchar_t *__cdecl wcstok(_Inout_opt_z_ wchar_t *_Str, _In_z_ const wchar_t *_Delim)
Referenced by ApplyParameterStringsToMessage(), GetEventCategory(), and GetEventMessage().
◆ GetSelectedFilter()
| PEVENTLOGFILTER GetSelectedFilter | ( | OUT HTREEITEM *phti | OPTIONAL | ) |
Definition at line 2432 of file eventvwr.c.
2433{
2434 TVITEMEXW tvItemEx;
2435 HTREEITEM hti;
2436
2437 if (phti)
2438 *phti = NULL;
2439
2440 /* Get index of selected item */
2444
2446 tvItemEx.hItem = hti;
2447
2449
2450 if (phti)
2451 *phti = tvItemEx.hItem;
2452
2454}
Definition: commctrl.h:3345
Referenced by EventLogPropProc(), and WndProc().
◆ InitInstance()
Definition at line 3033 of file eventvwr.c.
3034{
3035 RECT rcClient, rs;
3036 LONG StatusHeight;
3037 HIMAGELIST hSmall;
3038 LVCOLUMNW lvc = {0};
3039 WCHAR szTemp[256];
3040
3041 /* Create the main window */
3042 rs = Settings.wpPos.rcNormalPosition;
3044 szTitle,
3049 NULL,
3050 NULL,
3051 hInstance,
3052 NULL);
3055
3056 /* Create the status bar */
3061 0, 0, 0, 0, // x, y, cx, cy
3066
3070
3071 /* Create a progress bar in the status bar (hidden by default) */
3083 /* Remove its static edge */
3087
3088 /* Initialize the splitter default positions */
3091
3092 /* Create the TreeView */
3094 WC_TREEVIEWW,
3095 NULL,
3096 // WS_CHILD | WS_VISIBLE | TVS_HASLINES | TVS_SHOWSELALWAYS,
3097 WS_CHILD | WS_VISIBLE | /* WS_TABSTOP | */ TVS_HASLINES | TVS_HASBUTTONS | TVS_LINESATROOT | TVS_EDITLABELS | TVS_SHOWSELALWAYS,
3098 0, 0,
3101 hwndMainWindow,
3102 NULL,
3103 hInstance,
3104 NULL);
3105
3106 /* Create the ImageList */
3110 1, 1);
3111
3112 /* Add event type icons to the ImageList: closed/opened folder, event log (normal/viewed) */
3117
3118 /* Assign the ImageList to the Tree View */
3120
3121 /* Add the event logs nodes */
3122 // "System Logs"
3125 // "Application Logs"
3128 // "User Logs"
3131
3132 /* Create the Event details pane (optional) */
3135 {
3143 SWP_NOZORDER | SWP_NOACTIVATE | (Settings.bShowDetailsPane ? SWP_SHOWWINDOW : SWP_HIDEWINDOW));
3144 }
3145
3146 /* Create the ListView */
3148 WC_LISTVIEWW,
3149 NULL,
3152 0,
3157 hwndMainWindow,
3158 NULL,
3159 hInstance,
3160 NULL);
3161
3162 /* Add the extended ListView styles */
3163 ListView_SetExtendedListViewStyle(hwndListView, LVS_EX_HEADERDRAGDROP | LVS_EX_FULLROWSELECT | LVS_EX_LABELTIP | (Settings.bShowGrid ? LVS_EX_GRIDLINES : 0));
3164
3165 /* Create the ImageList */
3169 1, 1);
3170
3171 /* Add event type icons to the ImageList */
3177
3178 /* Assign the ImageList to the List View */
3180
3181 /* Now set up the listview with its columns */
3183 lvc.cx = 90;
3185 IDS_COLUMNTYPE,
3186 szTemp,
3187 ARRAYSIZE(szTemp));
3188 lvc.pszText = szTemp;
3190
3191 lvc.cx = 70;
3193 IDS_COLUMNDATE,
3194 szTemp,
3195 ARRAYSIZE(szTemp));
3196 lvc.pszText = szTemp;
3198
3199 lvc.cx = 70;
3201 IDS_COLUMNTIME,
3202 szTemp,
3203 ARRAYSIZE(szTemp));
3204 lvc.pszText = szTemp;
3206
3207 lvc.cx = 150;
3209 IDS_COLUMNSOURCE,
3210 szTemp,
3211 ARRAYSIZE(szTemp));
3212 lvc.pszText = szTemp;
3214
3215 lvc.cx = 100;
3217 IDS_COLUMNCATEGORY,
3218 szTemp,
3219 ARRAYSIZE(szTemp));
3220 lvc.pszText = szTemp;
3222
3223 lvc.cx = 60;
3225 IDS_COLUMNEVENT,
3226 szTemp,
3227 ARRAYSIZE(szTemp));
3228 lvc.pszText = szTemp;
3230
3231 lvc.cx = 120;
3233 IDS_COLUMNUSER,
3234 szTemp,
3235 ARRAYSIZE(szTemp));
3236 lvc.pszText = szTemp;
3238
3239 lvc.cx = 100;
3241 IDS_COLUMNCOMPUTER,
3242 szTemp,
3243 ARRAYSIZE(szTemp));
3244 lvc.pszText = szTemp;
3246
3247 /* Initialize the save Dialog */
3250
3252
3260
3263
3265}
HIMAGELIST WINAPI ImageList_Create(INT cx, INT cy, UINT flags, INT cInitial, INT cGrow)
Definition: imagelist.c:804
static const CLSID *static CLSID *static const GUID VARIANT VARIANT *static IServiceProvider DWORD *static HMENU
Definition: ordinal.c:63
#define ListView_SetImageList(hwnd, himl, iImageList)
Definition: commctrl.h:2304
#define ListView_SetExtendedListViewStyle(hwndLV, dw)
Definition: commctrl.h:2725
Definition: imagelist.c:84
Definition: commctrl.h:2563
BOOL WINAPI SetWindowPos(_In_ HWND, _In_opt_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ UINT)
HWND WINAPI CreateWindowExW(_In_ DWORD dwExStyle, _In_opt_ LPCWSTR lpClassName, _In_opt_ LPCWSTR lpWindowName, _In_ DWORD dwStyle, _In_ int X, _In_ int Y, _In_ int nWidth, _In_ int nHeight, _In_opt_ HWND hWndParent, _In_opt_ HMENU hMenu, _In_opt_ HINSTANCE hInstance, _In_opt_ LPVOID lpParam)
BOOL WINAPI UpdateWindow(_In_ HWND)
HICON WINAPI LoadIconW(_In_opt_ HINSTANCE hInstance, _In_ LPCWSTR lpIconName)
Definition: cursoricon.c:2075
Referenced by wWinMain().
◆ InitPropertiesDlg()
Definition at line 3880 of file eventvwr.c.
3881{
3883
3885 DWORD dwMaxSize = 0, dwRetention = 0;
3892
3893 HKEY hLogKey;
3894 WCHAR *KeyPath;
3895 DWORD cbData;
3896 SIZE_T cbKeyPath;
3897
3899 {
3900
3903 if (!KeyPath)
3904 {
3906 goto Quit;
3907 }
3908
3910 StringCbCatW(KeyPath, cbKeyPath, lpLogName);
3911
3915 {
3917 goto Quit;
3918 }
3919
3920
3921 cbData = sizeof(dwMaxSize);
3924 NULL,
3925 &dwType,
3926 (LPBYTE)&dwMaxSize,
3927 &cbData);
3929 {
3930 // dwMaxSize = 512 * 1024; /* 512 kBytes */
3931 /* Workstation: 512 KB; Server: 16384 KB */
3932 dwMaxSize = 16384 * 1024;
3933 }
3934 /* Convert in KB */
3935 dwMaxSize /= 1024;
3936
3937 cbData = sizeof(dwRetention);
3940 NULL,
3941 &dwType,
3942 (LPBYTE)&dwRetention,
3943 &cbData);
3945 {
3946 /* By default, it is 604800 (secs) == 7 days. On Server, the retention is zeroed out. */
3947 dwRetention = 0;
3948 }
3949 /* Convert in days, rounded up */
3951 dwRetention = (dwRetention + 24*3600 - 1) / (24*3600);
3952
3953 RegCloseKey(hLogKey);
3954
3955 }
3956
3957Quit:
3958
3961
3964 {
3965 /* Expand the file name. If the log file is on a remote computer, retrieve the network share form of the file name. */
3967 FileName = wszBuf;
3968 }
3969 else
3970 {
3972 }
3974
3976 {
3977 /*
3978 * The general problem here (and in the shell as well) is that
3979 * GetFileAttributesEx fails for files that are opened without
3980 * shared access. To retrieve file information for those we need
3981 * to use something else: FindFirstFile, on the full file name.
3982 */
3984 GetFileExInfoStandard,
3987 {
3991 FindClose(hFind);
3992 }
3993 }
3994 else
3995 {
3997 }
3998
3999 /* Starting there, FileName becomes invalid because we are reusing wszBuf */
4000
4002 {
4007
4009
4012 else
4014
4017 else
4019
4022 else
4024 }
4025 else
4026 {
4028
4033 }
4034
4036 {
4039
4042
4043 if (dwRetention == 0)
4044 {
4048 }
4050 {
4054 }
4055 else
4056 {
4060 }
4061 }
4062 else
4063 {
4064 // TODO: Hide the unused controls! Or, just use another type of property sheet!
4065 }
4066}
BOOL WINAPI GetFileAttributesExW(LPCWSTR lpFileName, GET_FILEEX_INFO_LEVELS fInfoLevelId, LPVOID lpFileInformation)
Definition: fileinfo.c:552
HANDLE WINAPI FindFirstFileW(IN LPCWSTR lpFileName, OUT LPWIN32_FIND_DATAW lpFindFileData)
Definition: find.c:320
BOOL GetFileTimeString(LPFILETIME lpFileTime, LPWSTR pwszResult, UINT cchResult)
Definition: eventvwr.c:1218
LPWSTR FormatFileSizeWithBytes(const PULARGE_INTEGER lpQwSize, LPWSTR pwszResult, UINT cchResultMax)
Definition: eventvwr.c:1184
Definition: DriveVolume.h:53
Definition: shtypes.idl:80
Definition: filecomp.c:348
Definition: ms-dtyp.idl:184
Definition: winbase.h:918
struct _LARGE_INTEGER::@2295 u
BOOL WINAPI SetDlgItemTextW(_In_ HWND, _In_ int, _In_ LPCWSTR)
LRESULT WINAPI SendDlgItemMessageW(_In_ HWND, _In_ int, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
Referenced by EventLogPropProc().
◆ LoadSettings()
Definition at line 347 of file eventvwr.c.
348{
350 HKEY hKeyEventVwr;
351 DWORD dwType, cbData;
353
354 /* Load the default values */
360 Settings.nHSplitPos = 250;
366
367 /* Try to open the Event Viewer user key */
369 EVNTVWR_PARAM_KEY,
370 0,
371 KEY_QUERY_VALUE,
372 &hKeyEventVwr) != ERROR_SUCCESS)
373 {
375 }
376
377 // Result = RegQueryValueExW(hKeyEventVwr, L"Filter", NULL, &dwType, (LPBYTE)&szFilter, &cbData); // REG_SZ
378 // Result = RegQueryValueExW(hKeyEventVwr, L"Find", NULL, &dwType, (LPBYTE)&szFind, &cbData); // REG_SZ
379 // Result = RegQueryValueExW(hKeyEventVwr, L"Module", NULL, &dwType, (LPBYTE)&szModule, &cbData); // REG_SZ
380
382 Result = RegQueryValueExW(hKeyEventVwr, L"SaveSettings", NULL, &dwType, (LPBYTE)buffer, &cbData);
384 {
386 {
389 }
391 {
393 }
394 }
395
397 Result = RegQueryValueExW(hKeyEventVwr, L"DetailsPane", NULL, &dwType, (LPBYTE)buffer, &cbData);
399 {
401 {
404 }
406 {
408 }
409 }
410
414 {
416 {
419 }
421 {
423 }
424 }
425
429 {
431 {
434 }
436 {
438 }
439 }
440
441 /* Retrieve the splitter positions */
445 {
447 {
450 }
452 {
454 }
455 }
456
460 {
462 {
465 }
467 {
469 }
470 }
471
472 /* Retrieve the geometry of the main window */
477 else
479
481 &Settings.wpPos.rcNormalPosition.left,
482 &Settings.wpPos.rcNormalPosition.top,
483 &Settings.wpPos.rcNormalPosition.right,
484 &Settings.wpPos.rcNormalPosition.bottom,
485 &Settings.wpPos.showCmd) != 5)
486 {
487 /* Parsing failed, use defaults */
491 }
492
493 RegCloseKey(hKeyEventVwr);
495}
_Check_return_ _CRTIMP int __cdecl swscanf(_In_z_ const wchar_t *_Src, _In_z_ _Scanf_format_string_ const wchar_t *_Format,...)
_Check_return_ _CRTIMP int __cdecl _wtoi(_In_z_ const wchar_t *_Str)
BOOL WINAPI SetRect(_Out_ LPRECT, _In_ int, _In_ int, _In_ int, _In_ int)
◆ MyRegisterClass()
Definition at line 2682 of file eventvwr.c.
2683{
2684 WNDCLASSEXW wcex;
2685
2687 wcex.style = 0;
2689 wcex.cbClsExtra = 0;
2690 wcex.cbWndExtra = 0;
2699 IMAGE_ICON,
2700 16,
2701 16,
2702 LR_SHARED);
2703
2705}
Definition: winuser.h:3215
HANDLE WINAPI LoadImageW(_In_opt_ HINSTANCE hInst, _In_ LPCWSTR name, _In_ UINT type, _In_ int cx, _In_ int cy, _In_ UINT fuLoad)
Definition: cursoricon.c:2203
ATOM WINAPI RegisterClassExW(_In_ CONST WNDCLASSEXW *)
Referenced by wWinMain().
◆ OpenUserEventLog()
Definition at line 2522 of file eventvwr.c.
2523{
2525
2527
2530
2532 return;
2534
2536}
Referenced by WndProc().
◆ OpenUserEventLogFile()
Definition at line 2458 of file eventvwr.c.
2459{
2460 WIN32_FIND_DATAW FindData;
2461 HANDLE hFind;
2462 PEVENTLOG EventLog;
2463 PEVENTLOGFILTER EventLogFilter;
2464 SIZE_T cchFileName;
2466
2467 /* Check whether the file actually exists */
2468 hFind = FindFirstFileW(lpszFileName, &FindData);
2470 {
2472 return;
2473 }
2474 FindClose(hFind);
2475
2476 /* Allocate a new event log entry */
2479 {
2481 return;
2482 }
2483
2484 /* Allocate a new event log filter entry for this event log */
2488 1, &EventLog);
2490 {
2492 EventLog_Free(EventLog);
2493 return;
2494 }
2495
2496 /* Add the event log and the filter into their lists */
2499
2500 /* Retrieve and cache the event log file */
2501 cchFileName = wcslen(lpszFileName) + 1;
2505
2507 (LPWSTR)lpszFileName,
2508 2, 3, (LPARAM)EventLogFilter);
2509
2510 /* Select the event log */
2512 {
2513 // TreeView_Expand(hwndTreeView, htiUserLogs, TVE_EXPAND);
2516 }
2519}
Referenced by OpenUserEventLog(), and wWinMain().
◆ ProcessCmdLine()
Definition at line 184 of file eventvwr.c.
185{
189
190 /* Skip any leading whitespace */
191 if (lpCmdLine)
192 {
194 ++lpCmdLine;
195 }
196
197 /* No command line means no processing needed */
198 if (!lpCmdLine || !*lpCmdLine)
200
201 /* Build the arguments vector */
205
206 /* Parse the command line for options (skip the program name) */
208 {
209 /* Check for new options */
211 {
213 {
214 /* Display help */
215 DisplayUsage();
216 goto Quit;
217 }
218 else
220 {
222 {
224 {
225 LPWSTR lpNewBuffer;
227 SIZE_T cbFileName;
228
229 /* Check for a quoted file name */
231 {
232 /* Skip this quote, and the last one too if any */
233 ++lpFileName;
237 }
238
239 /* Skip this one if we do not actually have a file name */
241 continue;
242
244
245 /* Reallocate the list of user logs to load */
247 {
249 HEAP_ZERO_MEMORY,
250 lpszzUserLogsToLoad,
251 /* Count the multi-string NULL-terminator */
253 }
254 else
255 {
256 cbUserLogsSize = 0;
258 HEAP_ZERO_MEMORY,
259 /* Count the multi-string NULL-terminator */
261 }
262
263 if (!lpNewBuffer)
264 {
266 goto Quit;
267 }
268
269 lpszzUserLogsToLoad = lpNewBuffer;
271 cbUserLogsSize += cbFileName;
272
273 /* Save the file name */
275
276 continue;
277 }
278
279 default:
280 break;
281 }
282 }
283
284 /* Unknown argument: display help and bail out */
285 DisplayUsage();
286 goto Quit;
287 }
288 else
289 {
290 /*
291 * An argument that does not start with the switch character.
292 * If this is the first argument then this corresponds to the
293 * optional computer name. Otherwise this is a wrong argument.
294 */
296 {
297 /* Store the computer name */
299 SIZE_T cbLength;
300
301 /* Strip any leading backslashes */
303 ++lpTemp;
304
308 {
310 }
311 /* else, fall back to local computer */
312 }
313 else
314 {
315 /* Invalid syntax: display help and bail out */
316 DisplayUsage();
317 goto Quit;
318 }
319 }
320 }
321
323
324Quit:
325 /* In case of failure, free anything we have allocated */
327 {
329 {
330 cbUserLogsSize = 0;
333 }
335 {
338 }
339 }
340
341 /* Free the arguments vector and exit */
344}
LPWSTR *WINAPI CommandLineToArgvW(LPCWSTR lpCmdline, int *numargs)
Definition: shell32_main.c:80
Referenced by regdump(), and wWinMain().
◆ Refresh()
| VOID Refresh | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 2670 of file eventvwr.c.
2671{
2672 /* Bail out if there is no available filter */
2673 if (!EventLogFilter)
2674 return;
2675
2676 /* Reenumerate the events through the filter */
2677 EnumEvents(EventLogFilter);
2678}
◆ ResizeWnd()
Definition at line 3267 of file eventvwr.c.
3268{
3269 RECT rs;
3270 LONG StatusHeight;
3271 LONG_PTR dwExStyle;
3272 HDWP hdwp;
3273
3274 /* Resize the status bar -- now done in WM_SIZE */
3275 // SendMessageW(hwndStatus, WM_SIZE, 0, 0);
3278
3279 /*
3280 * Move the progress bar -- Take into account for extra size due to the static edge
3281 * (AdjustWindowRectEx() does not seem to work for the progress bar).
3282 */
3290
3291 /*
3292 * TODO: Adjust the splitter positions:
3293 * - Vertical splitter (1) : fixed position from the left window side.
3294 * - Horizontal splitter (2): fixed position from the bottom window side.
3295 */
3298
3299 hdwp = BeginDeferWindowPos(3);
3300
3301 if (hdwp)
3302 hdwp = DeferWindowPos(hdwp,
3303 hwndTreeView,
3304 HWND_TOP,
3305 0, 0,
3307 cy - StatusHeight,
3309
3310 if (hdwp)
3311 hdwp = DeferWindowPos(hdwp,
3312 hwndListView,
3313 HWND_TOP,
3318 : cy - StatusHeight,
3320
3322 hdwp = DeferWindowPos(hdwp,
3323 hwndEventDetails,
3324 HWND_TOP,
3330
3331 if (hdwp)
3332 EndDeferWindowPos(hdwp);
3333}
BOOL WINAPI IsWindowVisible(_In_ HWND)
BOOL WINAPI MoveWindow(_In_ HWND, _In_ int, _In_ int, _In_ int, _In_ int, _In_ BOOL)
Referenced by LoadSettings(), and WndProc().
◆ SaveEventLog()
| VOID SaveEventLog | ( | IN PEVENTLOGFILTER | EventLogFilter | ) |
Definition at line 2539 of file eventvwr.c.
2540{
2541 PEVENTLOG EventLog;
2542 HANDLE hEventLog;
2544
2545 /* Bail out if there is no available filter */
2546 if (!EventLogFilter)
2547 return;
2548
2550
2553
2555 return;
2556
2557 EventLogFilter_AddRef(EventLogFilter);
2558
2559 EventLog = EventLogFilter->EventLogs[0];
2561
2562 EventLogFilter_Release(EventLogFilter);
2563
2564 if (!hEventLog)
2565 {
2567 return;
2568 }
2569
2572
2573 CloseEventLog(hEventLog);
2574}
BOOL WINAPI BackupEventLogW(IN HANDLE hEventLog, IN LPCWSTR lpBackupFileName)
Definition: eventlog.c:245
Referenced by WndProc().
◆ SavePropertiesDlg()
Definition at line 4070 of file eventvwr.c.
4071{
4073
4075 DWORD dwMaxSize = 0, dwRetention = 0;
4076 HKEY hLogKey;
4077 WCHAR *KeyPath;
4078 SIZE_T cbKeyPath;
4079
4081 return;
4082
4085 if (!KeyPath)
4086 {
4088 return;
4089 }
4090
4092 StringCbCatW(KeyPath, cbKeyPath, lpLogName);
4093
4097 {
4099 return;
4100 }
4101
4103 RegSetValueExW(hLogKey,
4105 0,
4106 REG_DWORD,
4107 (LPBYTE)&dwMaxSize,
4108 sizeof(dwMaxSize));
4109
4111 dwRetention = 0;
4113 dwRetention = INFINITE;
4114 else // if (IsDlgButtonChecked(hDlg, IDC_OVERWRITE_OLDER_THAN) == BST_CHECKED)
4116
4117 RegSetValueExW(hLogKey,
4119 0,
4120 REG_DWORD,
4121 (LPBYTE)&dwRetention,
4122 sizeof(dwRetention));
4123
4124 RegCloseKey(hLogKey);
4125}
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4882
UINT WINAPI IsDlgButtonChecked(_In_ HWND, _In_ int)
UINT WINAPI GetDlgItemInt(_In_ HWND, _In_ int, _Out_opt_ PBOOL, _In_ BOOL)
Referenced by EventLogPropProc().
◆ SaveSettings()
Definition at line 498 of file eventvwr.c.
499{
500 HKEY hKeyEventVwr;
503
504 /* Try to create/open the Event Viewer user key */
506 EVNTVWR_PARAM_KEY,
507 0,
508 NULL,
510 KEY_SET_VALUE,
511 NULL,
512 &hKeyEventVwr,
514 {
516 }
517
519 RegSetValueExW(hKeyEventVwr, L"SaveSettings", 0, REG_DWORD, (LPBYTE)&Settings.bSaveSettings, dwSize);
520
521 /* Do not save more settings if we are not asked to do so */
523 goto Quit;
524
526 RegSetValueExW(hKeyEventVwr, L"DetailsPane", 0, REG_DWORD, (LPBYTE)&Settings.bShowDetailsPane, dwSize);
527
530
532 RegSetValueExW(hKeyEventVwr, L"SortOrder", 0, REG_DWORD, (LPBYTE)&Settings.bNewestEventsFirst, dwSize);
533
537
541
544 Settings.wpPos.rcNormalPosition.left,
545 Settings.wpPos.rcNormalPosition.top,
546 Settings.wpPos.rcNormalPosition.right,
547 Settings.wpPos.rcNormalPosition.bottom,
548 Settings.wpPos.showCmd);
549
552
553Quit:
554 RegCloseKey(hKeyEventVwr);
556}
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
Definition: reg.c:1096
◆ ShowWin32Error()
Definition at line 140 of file eventvwr.c.
141{
142 LPWSTR lpMessageBuffer;
143
145 return;
146
150 NULL,
151 dwError,
152 LANG_USER_DEFAULT,
153 (LPWSTR)&lpMessageBuffer,
154 0, NULL))
155 {
156 return;
157 }
158
160 LocalFree(lpMessageBuffer);
161}
Referenced by BuildLogListAndFilterList(), ClearEvents(), EnumEventsThread(), GetDisplayNameFileAndID(), InitPropertiesDlg(), OpenUserEventLogFile(), ProcessCmdLine(), SaveEventLog(), SavePropertiesDlg(), ShutDown_Hibernate(), ShutDown_LockComputer(), ShutDown_LogOffUser(), ShutDown_PowerOff(), ShutDown_Reboot(), and ShutDown_StandBy().
◆ StartStopEnumEventsThread()
Definition at line 2311 of file eventvwr.c.
2312{
2313 HANDLE WaitHandles[2];
2314 DWORD WaitResult;
2315
2318
2320 {
2322 WaitHandles,
2324 INFINITE);
2325 switch (WaitResult)
2326 {
2328 {
2329 /* End-of-application event signaled, quit this thread */
2330
2331 /* Stop the previous enumeration */
2333 {
2335 {
2338 // NOTE: The following is done by the enumeration thread just before terminating.
2339 // hStopEnumEvent = NULL;
2340 }
2341
2344 }
2345
2346 /* Clear the list view and free the cached records */
2348 FreeRecords();
2349
2350 /* Reset the active filter */
2352
2353 return 0;
2354 }
2355
2357 {
2358 /* Restart a new enumeration if needed */
2359 PEVENTLOGFILTER EventLogFilter;
2360
2361 /* Stop the previous enumeration */
2363 {
2365 {
2368 // NOTE: The following is done by the enumeration thread just before terminating.
2369 // hStopEnumEvent = NULL;
2370 }
2371
2374 }
2375
2376 /* Clear the list view and free the cached records */
2378 FreeRecords();
2379
2380 /* Reset the active filter */
2382
2384 if (!EventLogFilter)
2385 break;
2386
2387 // Manual-reset event
2390 break;
2391
2393 0,
2394 EnumEventsThread,
2395 (LPVOID)EventLogFilter,
2396 CREATE_SUSPENDED,
2397 NULL);
2399 {
2402 break;
2403 }
2404 // CloseHandle(hEnumEventsThread);
2406
2407 break;
2408 }
2409
2410 default:
2411 {
2412 /* Unknown command, must never go there! */
2414 }
2415 }
2416 }
2417
2418 return 0;
2419}
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:137
static DWORD WINAPI EnumEventsThread(IN LPVOID lpParameter)
Definition: eventvwr.c:1962
DWORD WINAPI WaitForMultipleObjects(IN DWORD nCount, IN CONST HANDLE *lpHandles, IN BOOL bWaitAll, IN DWORD dwMilliseconds)
Definition: synch.c:151
HANDLE WINAPI DECLSPEC_HOTPATCH CreateEventW(IN LPSECURITY_ATTRIBUTES lpEventAttributes OPTIONAL, IN BOOL bManualReset, IN BOOL bInitialState, IN LPCWSTR lpName OPTIONAL)
Definition: synch.c:651
Referenced by wWinMain().
◆ TreeViewAddItem()
| HTREEITEM TreeViewAddItem | ( | IN HWND | hTreeView, |
| IN HTREEITEM | hParent, | ||
| IN LPWSTR | lpText, | ||
| IN INT | Image, | ||
| IN INT | SelectedImage, | ||
| IN LPARAM | lParam | ||
| ) |
Definition at line 1253 of file eventvwr.c.
1259{
1260 TV_INSERTSTRUCTW Insert;
1261
1263
1265 Insert.hInsertAfter = TVI_LAST;
1266 Insert.hParent = hParent;
1267 Insert.item.pszText = lpText;
1268 Insert.item.iImage = Image;
1269 Insert.item.iSelectedImage = SelectedImage;
1270 Insert.item.lParam = lParam;
1271
1272 Insert.item.mask |= TVIF_STATE;
1273 Insert.item.stateMask = TVIS_OVERLAYMASK;
1274 Insert.item.state = INDEXTOOVERLAYMASK(1);
1275
1277}
Definition: gdiplusheaders.h:23
Referenced by BuildLogListAndFilterList(), InitInstance(), and OpenUserEventLogFile().
◆ TrimNulls()
Definition at line 1441 of file eventvwr.c.
Referenced by GetEventCategory(), and GetEventMessage().
◆ WndProc()
FIXME: Reenable this check once menu items are correctly disabled when no event is selected, etc. MessageBoxW(hWnd, L"No selected items!", szTitle, MB_OK | MB_ICONERROR);
Definition at line 3337 of file eventvwr.c.
3338{
3340
3341 switch (uMsg)
3342 {
3345 break;
3346
3348 {
3350 PostQuitMessage(0);
3351 break;
3352 }
3353
3355 {
3357
3359 {
3361 {
3363 {
3365
3368 {
3370 break;
3371
3372 /* Verify the index of selected item */
3374 {
3377 szTitle,
3379 break;
3380 }
3382 }
3383 break;
3384 }
3385
3386#ifdef LVN_ITEMACTIVATE
3388 {
3389 /* Get the index of the single focused selected item */
3392 if (iItem != -1)
3394 break;
3395 }
3396#else // LVN_ITEMACTIVATE
3399 {
3400 /* Get the index of the single focused selected item */
3402 if (iItem != -1)
3404 break;
3405 }
3406#endif // LVN_ITEMACTIVATE
3407 }
3408 }
3410 {
3412 {
3414 {
3416
3417 /* Disable label editing for root nodes */
3421 }
3422
3424 {
3427
3428 /* Disable label editing for root nodes */
3432 {
3434 }
3435
3437 {
3439
3440 /* Trim leading whitespace */
3442 ++pszText;
3443
3444 if (!*pszText)
3446
3448 }
3449 else
3450 {
3452 }
3453 }
3454
3456 {
3457 PEVENTLOGFILTER EventLogFilter =
3459
3460 // FIXME: It might be nice to reference here the filter,
3461 // so that we don't have to reference/dereference it many times
3462 // in the other functions???
3463
3464 // FIXME: This is a hack!!
3466 {
3468 }
3469
3470 if (EventLogFilter)
3471 {
3472 /*
3473 * If we have selected a filter, enable the menu commands;
3474 * they will possibly be updated after events enumeration.
3475 */
3481 }
3482 else
3483 {
3489 }
3490
3491 /*
3492 * The enumeration thread that is triggered by EnumEvents
3493 * will set a new value for the 'ActiveFilter'.
3494 */
3495 if (EventLogFilter)
3496 EnumEvents(EventLogFilter);
3497
3498 break;
3499 }
3500 }
3501 }
3502 break;
3503 }
3504
3506 {
3507 /* Parse the menu selections */
3509 {
3511 OpenUserEventLog();
3512 break;
3513
3516 break;
3517
3519 {
3520 HTREEITEM hti;
3522 CloseUserEventLog(EventLogFilter, hti);
3523 break;
3524 }
3525
3527 {
3530 Refresh(EventLogFilter);
3531 break;
3532 }
3533
3537 break;
3538
3540 {
3542 // TODO: Check the returned value?
3543 if (EventLogFilter)
3545 break;
3546 }
3547
3550 {
3553
3555 {
3556 Settings.bNewestEventsFirst = bNewest;
3558 }
3559 break;
3560 }
3561
3563 {
3564 INT iItem;
3565 PEVENTLOGFILTER EventLogFilter;
3566
3567 /* Get the index of the single focused selected item */
3569 if (iItem == -1)
3570 {
3579 break;
3580 }
3581
3583 if (EventLogFilter)
3584 {
3585 EVENTDETAIL_INFO DetailInfo = {EventLogFilter, iItem};
3586
3587 EventLogFilter_AddRef(EventLogFilter);
3590 hWnd,
3591 EventDetails,
3592 (LPARAM)&DetailInfo);
3593 EventLogFilter_Release(EventLogFilter);
3594 }
3595 break;
3596 }
3597
3600 break;
3601
3603 {
3607
3610 {
3613 }
3614 else
3615 {
3618 }
3619
3620 break;
3621 }
3622
3624 {
3628
3629 ListView_SetExtendedListViewStyleEx(hwndListView, LVS_EX_GRIDLINES, (Settings.bShowGrid ? LVS_EX_GRIDLINES : 0));
3630 break;
3631 }
3632
3634 {
3638 break;
3639 }
3640
3642 {
3644
3648 break;
3649 }
3650
3654 szTitle,
3656 break;
3657
3660 break;
3661
3662 default:
3664 }
3665 break;
3666 }
3667
3669 {
3671 break;
3672
3675 MF_BYCOMMAND);
3676
3678 {
3681 }
3684
3687
3690
3691 break;
3692 }
3693
3694#if 0
3697 break;
3698#endif
3699
3701 {
3702 RECT rc;
3704 TVHITTESTINFO hInfo = {0};
3705
3708
3712
3715 {
3717
3719 {
3721
3726 }
3727 }
3728 break;
3729 }
3730
3732 {
3734
3737
3740
3741 /* Set the cursor for the vertical splitter */
3743 {
3744 RECT rs;
3748 {
3751 }
3752 }
3753 else
3754 /* Set the cursor for the horizontal splitter, if the Event details pane is displayed */
3757 {
3758 // RECT rs;
3760 // GetWindowRect(hwndStatus, &rs);
3763 {
3766 }
3767 }
3769 }
3770
3772 {
3775
3776 /* Reset the splitter state */
3777 bSplit = 0;
3778
3779 /* Capture the cursor for the vertical splitter */
3781 {
3782 bSplit = 1;
3784 }
3785 else
3786 /* Capture the cursor for the horizontal splitter, if the Event details pane is displayed */
3789 {
3790 bSplit = 2;
3792 }
3793 break;
3794 }
3795
3798 {
3800 break;
3801
3802 /* Adjust the correct splitter position */
3807
3808 /* If we are splitting, resize the windows */
3810 {
3813 }
3814
3815 /* Reset the splitter state */
3816 bSplit = 0;
3817
3818 ReleaseCapture();
3819 break;
3820 }
3821
3823 {
3825 break;
3826
3827 /* Move the correct splitter */
3829 {
3831
3833
3836 {
3839 }
3840 }
3842 {
3843 RECT rs;
3845
3848
3851 {
3854 }
3855 }
3856 break;
3857 }
3858
3860 {
3862 {
3865 break;
3866 }
3867 /* Fall through the default case */
3868 }
3869
3872 }
3873
3874 return 0;
3875}
VOID CloseUserEventLog(IN PEVENTLOGFILTER EventLogFilter, IN HTREEITEM hti)
Definition: eventvwr.c:2577
INT_PTR EventLogProperties(HINSTANCE, HWND, PEVENTLOGFILTER)
Definition: eventvwr.c:4250
#define ListView_SetExtendedListViewStyleEx(hwndLV, dwMask, dw)
Definition: commctrl.h:2726
struct tagNMITEMACTIVATE * LPNMITEMACTIVATE
struct tagNMLISTVIEW * LPNMLISTVIEW
BOOL WINAPI ShellAboutW(HWND hWnd, LPCWSTR szApp, LPCWSTR szOtherStuff, HICON hIcon)
Definition: shell32_main.c:1322
Definition: evtdetctl.h:16
Definition: commctrl.h:3043
Definition: commctrl.h:3032
Definition: commctrl.h:3518
Definition: commctrl.h:3315
HWND WINAPI SetCapture(_In_ HWND hWnd)
LRESULT WINAPI DefWindowProcW(_In_ HWND, _In_ UINT, _In_ WPARAM, _In_ LPARAM)
BOOL WINAPI GetWindowPlacement(_In_ HWND, _Inout_ WINDOWPLACEMENT *)
__analysis_noreturn void WINAPI PostQuitMessage(_In_ int)
BOOL WINAPI TrackPopupMenuEx(_In_ HMENU, _In_ UINT, _In_ int, _In_ int, _In_ HWND, _In_opt_ LPTPMPARAMS)
DWORD WINAPI CheckMenuItem(_In_ HMENU, _In_ UINT, _In_ UINT)
HMENU WINAPI GetSubMenu(_In_ HMENU, _In_ int)
struct tagNMHDR * LPNMHDR
BOOL WINAPI CheckMenuRadioItem(_In_ HMENU, _In_ UINT, _In_ UINT, _In_ UINT, _In_ UINT)
HMENU WINAPI LoadMenuW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
HMENU WINAPI GetMenu(_In_ HWND)
INT_PTR WINAPI DialogBoxParamW(_In_opt_ HINSTANCE, _In_ LPCWSTR, _In_opt_ HWND, _In_opt_ DLGPROC, _In_ LPARAM)
BOOL WINAPI ScreenToClient(_In_ HWND, _Inout_ LPPOINT)
Referenced by MyRegisterClass().
◆ wWinMain()
| int APIENTRY wWinMain | ( | HINSTANCE | hInstance, |
| HINSTANCE | hPrevInstance, | ||
| LPWSTR | lpCmdLine, | ||
| int | nShowCmd | ||
| ) |
This file has no copyright assigned and is placed in the Public Domain. This file is part of the w64 mingw-runtime package. No warranty is given; refer to the file DISCLAIMER.PD within this package.
Definition at line 559 of file eventvwr.c.
563{
565 INITCOMMONCONTROLSEX iccx;
566 HMODULE hRichEdit;
567 HACCEL hAccelTable;
569
570 UNREFERENCED_PARAMETER(hPrevInstance);
571 UNREFERENCED_PARAMETER(lpCmdLine);
572
573 /* Whenever any of the common controls are used in your app,
574 * you must call InitCommonControlsEx() to register the classes
575 * for those controls. */
578 InitCommonControlsEx(&iccx);
579
580 /* Load the RichEdit DLL to add support for RichEdit controls */
582 if (!hRichEdit)
583 return -1;
584
586
587 /* Store the instance handle in the global variable */
589
590 /* Initialize global strings */
596
597 /*
598 * Process the command-line arguments. Note that we need the full
599 * command-line, with the program file included, and not just what
600 * WinMain() provides in its lpCmdLine parameter.
601 */
603 goto Quit;
604
606 goto Quit;
607
608 /* Load the settings */
609 LoadSettings(nCmdShow);
610
611 /* Perform application initialization */
613 goto Quit;
614
616
617 /* Create the Start/Stop enumerator thread */
618 // Manual-reset event
622
623 // Auto-reset event
627
633
634 /* Retrieve the available event logs on this computer and create filters for them */
638
639 /* Open the user-specified logs if any are present on the command-line */
641 {
642 LPWSTR lpUserLog;
644 {
645 OpenUserEventLogFile(lpUserLog);
646 }
647
648 /* Now cleanup the list of user logs */
649 cbUserLogsSize = 0;
652 }
653
654 /* Main message loop */
656 {
658 {
661 }
662 }
663
664 /* Save the settings */
665 SaveSettings();
666
667 /* Disconnect from computer */
669 {
670 /* We are connected to some other computer, close the old connection */
673 }
674
675 /* Stop the enumerator thread */
679
680 /* Free the filters list and the event logs list */
681 FreeLogFilterList();
682 FreeLogList();
683
684Cleanup:
685 /* Handle cleanup */
690
691Quit:
692 /* Final cleanup */
694 {
695 cbUserLogsSize = 0;
698 }
700 {
703 }
704 FreeLibrary(hRichEdit);
705
707}
BOOL WINAPI InitCommonControlsEx(const INITCOMMONCONTROLSEX *lpInitCtrls)
Definition: commctrl.c:893
static DWORD WINAPI StartStopEnumEventsThread(IN LPVOID lpParameter)
Definition: eventvwr.c:2311
VOID BuildLogListAndFilterList(IN LPCWSTR lpComputerName)
Definition: eventvwr.c:2789
Definition: commctrl.h:54
BOOL WINAPI TranslateMessage(_In_ const MSG *)
BOOL WINAPI GetMessageW(_Out_ LPMSG, _In_opt_ HWND, _In_ UINT, _In_ UINT)
HACCEL WINAPI LoadAcceleratorsW(_In_opt_ HINSTANCE, _In_ LPCWSTR)
LRESULT WINAPI DispatchMessageW(_In_ const MSG *)
int WINAPI TranslateAcceleratorW(_In_ HWND, _In_ HACCEL, _In_ LPMSG)
Variable Documentation
◆ ActiveFilter
| PEVENTLOGFILTER ActiveFilter = NULL |
Definition at line 87 of file eventvwr.c.
Referenced by CloseUserEventLog(), EnumEventsThread(), FreeLogFilterList(), and StartStopEnumEventsThread().
◆ bSplit
| BYTE bSplit = 0 |
Definition at line 58 of file eventvwr.c.
Referenced by WndProc().
◆ cbUserLogsSize
| SIZE_T cbUserLogsSize = 0 |
Definition at line 76 of file eventvwr.c.
Referenced by ProcessCmdLine(), and wWinMain().
◆ cxMin
|
static |
Definition at line 4312 of file eventvwr.c.
Referenced by EventDetails(), LISTVIEW_SetColumnWidth(), TextTool::OnButtonUp(), and OnSize().
◆ cxOld
|
static |
Definition at line 4313 of file eventvwr.c.
Referenced by AdjustStatusMessageWindow(), and EventDetails().
◆ cyMin
|
static |
Definition at line 4312 of file eventvwr.c.
Referenced by EventDetails(), TextTool::OnButtonUp(), and OnSize().
◆ cyOld
|
static |
Definition at line 4313 of file eventvwr.c.
Referenced by AdjustStatusMessageWindow(), and EventDetails().
◆ EnumFilter
| PEVENTLOGFILTER EnumFilter = NULL |
Definition at line 96 of file eventvwr.c.
Referenced by CloseUserEventLog(), EnumEvents(), and StartStopEnumEventsThread().
◆ EVENTLOG_BASE_KEY
Definition at line 24 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), GetDisplayNameFileAndID(), GetEventMessageFileDLL(), InitPropertiesDlg(), and SavePropertiesDlg().
◆ EventLogFilterList
| LIST_ENTRY EventLogFilterList |
Definition at line 86 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), FreeLogFilterList(), OpenUserEventLogFile(), and wWinMain().
◆ EventLogList
| LIST_ENTRY EventLogList |
Definition at line 85 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), FreeLogList(), OpenUserEventLogFile(), and wWinMain().
◆ EVENTVWR_WNDCLASS
Definition at line 23 of file eventvwr.c.
Referenced by InitInstance(), and MyRegisterClass().
◆ EVNTVWR_PARAM_KEY
|
static |
Definition at line 25 of file eventvwr.c.
Referenced by LoadSettings(), and SaveSettings().
◆ g_RecordPtrs
| PEVENTLOGRECORD* g_RecordPtrs = NULL |
Definition at line 82 of file eventvwr.c.
Referenced by EnumEventsThread(), and FreeRecords().
◆ g_TotalRecords
| DWORD g_TotalRecords = 0 |
Definition at line 81 of file eventvwr.c.
Referenced by EnumEventsThread(), and FreeRecords().
◆ hEnumEventsThread
Definition at line 89 of file eventvwr.c.
Referenced by StartStopEnumEventsThread().
◆ hInst
| HINSTANCE hInst |
Definition at line 48 of file eventvwr.c.
Referenced by ClearEvents(), DisplayUsage(), EnumEventsThread(), EventDetails(), EventLogPropProc(), FormatByteSize(), GetEventMessage(), GetEventType(), InitInstance(), InitPropertiesDlg(), WndProc(), and wWinMain().
◆ hkMachine
Definition at line 78 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), GetDisplayNameFileAndID(), GetEventMessageFileDLL(), InitPropertiesDlg(), SavePropertiesDlg(), and wWinMain().
◆ hMainMenu
| HMENU hMainMenu |
Definition at line 70 of file eventvwr.c.
Referenced by EnumEventsThread(), and WndProc().
◆ hStartEnumEvent
Definition at line 98 of file eventvwr.c.
Referenced by CloseUserEventLog(), EnumEvents(), StartStopEnumEventsThread(), and wWinMain().
◆ hStartStopEnumEvent
Definition at line 97 of file eventvwr.c.
Referenced by StartStopEnumEventsThread(), and wWinMain().
◆ hStopEnumEvent
Definition at line 90 of file eventvwr.c.
Referenced by EnumEventsThread(), and StartStopEnumEventsThread().
◆ htiAppLogs
Definition at line 72 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), InitInstance(), and WndProc().
◆ htiSystemLogs
Definition at line 72 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), InitInstance(), and WndProc().
◆ htiUserLogs
Definition at line 72 of file eventvwr.c.
Referenced by InitInstance(), OpenUserEventLogFile(), and WndProc().
◆ hWndDetailsCtrl
Definition at line 4310 of file eventvwr.c.
Referenced by EventDetails().
◆ hwndEventDetails
| HWND hwndEventDetails |
Definition at line 67 of file eventvwr.c.
Referenced by InitInstance(), ResizeWnd(), and WndProc().
◆ hWndGrip
Definition at line 4311 of file eventvwr.c.
Referenced by EventDetails().
◆ hwndListView
| HWND hwndListView |
Definition at line 66 of file eventvwr.c.
Referenced by CDesktopBrowser::_Resize(), AddEmptyItem(), AddUserProfile(), AddUserProfiles(), AddValuesToList(), AdvProcDetailsDlgProc(), BrowseRequiredFolder(), ChangeUserProfileType(), CopyUserProfile(), DeleteUserProfile(), DisplayClassCoinstallers(), DisplayClassProperties(), DisplayCsFlags(), DisplayCurrentPowerState(), DisplayDeviceCoinstallers(), DisplayDeviceProperties(), DisplayDevicePropertyText(), DisplayDeviceRelations(), DisplayDevNodeEnumerator(), DisplayDevNodeFlags(), DisplayEvent(), DisplayEventData(), DisplayMatchingDeviceId(), DisplayPowerCapabilities(), DisplayPowerStateMappings(), EditVariableDlgProc(), EnumEventsThread(), EventDetailsCtrl(), GatherDataFromListView(), GetEnvironmentVariables(), GetSelectedListViewItem(), CDesktopBrowser::Initialize(), InitInstance(), MoveListItem(), NtUserSetShellWindowEx(), OnDeleteVariable(), OnEditVariable(), OnGroupsPageInitDialog(), OnInitDialog(), OnInitEnvironmentDialog(), OnNewVariable(), ReleaseListViewItems(), ResizeWnd(), SetAllVars(), SetEnvironmentDialogListViewColumns(), SetGroupsListColumns(), SetListViewColumns(), SetUsersListColumns(), StartStopEnumEventsThread(), UpdateButtonState(), UpdateDetailsDlg(), UpdateGroupsList(), UpdateUsersList(), and WndProc().
◆ hwndMainWindow
Definition at line 64 of file eventvwr.c.
Referenced by ClearEvents(), EnumEventsThread(), InitInstance(), ShowWin32Error(), WndProc(), and wWinMain().
◆ hwndStatus
| HWND hwndStatus |
Definition at line 68 of file eventvwr.c.
Referenced by EnumEventsThread(), InitInstance(), ResizeWnd(), and WndProc().
◆ hwndStatusProgress
| HWND hwndStatusProgress |
Definition at line 69 of file eventvwr.c.
Referenced by EnumEventsThread(), InitInstance(), and ResizeWnd().
◆ hwndTreeView
| HWND hwndTreeView |
Definition at line 65 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), Child_WndProc(), CloseUserEventLog(), GetSelectedFilter(), InitInstance(), OpenUserEventLogFile(), ResizeWnd(), ShowContextMenu(), TreeView_GetItemData(), ViewDlg_OnInitDialog(), ViewDlg_OnTreeViewClick(), ViewDlg_OnTreeViewKeyDown(), ViewDlg_RestoreDefaults(), ViewDlg_ToggleCheckItem(), ViewTree_InsertAll(), ViewTree_InsertEntry(), and WndProc().
◆ lpComputerName
Definition at line 74 of file eventvwr.c.
Referenced by BuildLogListAndFilterList(), DeleteProfileA(), DeleteProfileW(), GetDisplayNameFileAndID(), GetEventMessageFileDLL(), GetEventUserName(), IsValidComputerName(), ProcessCmdLine(), SetComputerNameA(), SetComputerNameW(), and wWinMain().
◆ lpszzUserLogsToLoad
Definition at line 75 of file eventvwr.c.
Referenced by ProcessCmdLine(), and wWinMain().
◆ nHSplitPos
| INT nHSplitPos |
Definition at line 57 of file eventvwr.c.
Referenced by InitInstance(), ResizeWnd(), SaveSettings(), and WndProc().
◆ nVSplitPos
| INT nVSplitPos |
Definition at line 56 of file eventvwr.c.
Referenced by InitInstance(), ResizeWnd(), SaveSettings(), and WndProc().
◆ Settings
Definition at line 116 of file eventvwr.c.
◆ sfn
| OPENFILENAMEW sfn |
Definition at line 101 of file eventvwr.c.
Referenced by ClearEvents(), create_name(), DialogSaveFile(), CMainWindow::GetSaveFileName(), InitInstance(), OpenUserEventLog(), Preview_pSaveImageAs(), SaveClipboardToFile(), and SaveEventLog().
◆ SystemLogs
Initial value:
Definition at line 28 of file eventvwr.c.
Referenced by BuildLogListAndFilterList().
◆ szEmptyList
| WCHAR szEmptyList[MAX_LOADSTRING] |
Definition at line 53 of file eventvwr.c.
Referenced by wWinMain().
◆ szLoadingWait
| WCHAR szLoadingWait[MAX_LOADSTRING] |
Definition at line 52 of file eventvwr.c.
Referenced by wWinMain().
◆ szSaveFilter
| WCHAR szSaveFilter[MAX_LOADSTRING] |
Definition at line 54 of file eventvwr.c.
Referenced by InitInstance().
◆ szStatusBarTemplate
| WCHAR szStatusBarTemplate[MAX_LOADSTRING] |
Definition at line 51 of file eventvwr.c.
Referenced by EnumEventsThread(), and wWinMain().
◆ szTitle
| WCHAR szTitle[MAX_LOADSTRING] |
Definition at line 49 of file eventvwr.c.
Referenced by ClearEvents(), DisplayUsage(), EnumEventsThread(), EventDetails(), EventLogPropProc(), InitInstance(), ShowWin32Error(), WndProc(), and wWinMain().
◆ szTitleTemplate
| WCHAR szTitleTemplate[MAX_LOADSTRING] |
Definition at line 50 of file eventvwr.c.
Referenced by EnumEventsThread(), and wWinMain().
