101#define EVENT_ID_MIN 0
102#define EVENT_ID_MAX 65535
108#define APPLICATION_NAME L"EventCreate"
129 DWORD cbTokenBuffer = 0;
161 *ppUserToken = pUserToken;
184 DWORD dwDisposition = 0;
195 &hSourceKey, &dwDisposition);
225 if ((PathSize > 0) && (
_wcsnicmp(ExePath, TmpDir, PathSize) == 0))
232 EventMessageFile = ExePath;
272#define MAX_KEY_LENGTH 255
280 BOOL LogNameValid, LogSourceValid;
289 LogNameValid = (EventLogName && *EventLogName);
296 if (!LogNameValid && !LogSourceValid)
300 L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
311 if (LogNameValid && !LogSourceValid)
323 SourceCreated =
TRUE;
324 IsCustomSource =
TRUE;
344 lRet =
RegEnumKeyExW(hEventLogKey, dwIndex, LogName, &NameLen,
367 if (LogNameValid &&
_wcsicmp(LogName, EventLogName) == 0)
392 SourceCreated =
TRUE;
393 IsCustomSource =
TRUE;
397 if (SourceAlreadyExists)
415 if (LogSourceValid && !FoundSource)
473 if (LogNameValid && !(FoundLog &&
_wcsicmp(LogName, EventLogName) == 0))
480 SourceAlreadyExists =
TRUE;
498 SourceCreated =
TRUE;
504 IsCustomSource =
FALSE;
514 IsCustomSource =
TRUE;
553 if (LogNameValid && !FoundLog)
565 if (LogNameValid && !LogSourceValid )
573 if ( FoundSource && SourceAlreadyExists)
580 if ( FoundSource && !SourceAlreadyExists)
587 if (IsCustomSource || AllowAppSources)
602 if (LogSourceValid && !FoundSource)
634 SourceCreated =
TRUE;
660#define OPTION_ALLOWED_LIST 0x01
661#define OPTION_NOT_EMPTY 0x02
662#define OPTION_TRIM_SPACE 0x04
663#define OPTION_EXCLUSIVE 0x08
664#define OPTION_MANDATORY 0x10
684#define NEW_OPT(Name, Type, Flags, MaxOfInstances, ValueSize, ValueBuffer) \
685 {(Name), (Type), (Flags), (MaxOfInstances), NULL, NULL, 0, (ValueSize), (ValueBuffer)}
687#define NEW_OPT_EX(Name, Type, Flags, AllowedValues, MaxOfInstances, ValueSize, ValueBuffer) \
688 {(Name), (Type), (Flags), (MaxOfInstances), (AllowedValues), NULL, 0, (ValueSize), (ValueBuffer)}
742 UINT Option = NumOptions;
753 if (Option != NumOptions)
764 if (ExclusiveOptionPresent)
770 for (Option = 0; Option < NumOptions; ++Option)
776 if (Option >= NumOptions)
786 if (
Options[Option].MaxOfInstances != 0 &&
795 Options[Option].OptionStr = OptionStr;
804 ExclusiveOptionPresent =
TRUE;
870 PWSTR AllowedValues, Scan;
873 AllowedValues =
Options[Option].AllowedValues;
882 Scan = AllowedValues;
945 if (Option != NumOptions)
954 if (ExclusiveOptionPresent)
960 for (
i = 0;
i < NumOptions; ++
i)
976 for (
i = 0;
i < NumOptions; ++
i)
999 static UINT ErrorIDs[] =
1045 ULONG ulEventCategory = 0;
1046 ULONG ulEventIdentifier = 0;
1054 sizeof(bDisplayHelp), &bDisplayHelp),
1060 sizeof(szSystem), &szSystem),
1066 sizeof(szDomainUser), &szDomainUser),
1072 sizeof(szPassword), &szPassword),
1078 sizeof(szLogName), &szLogName),
1084 sizeof(szEventSource), &szEventSource),
1089 L"SUCCESS|ERROR|WARNING|INFORMATION",
1091 sizeof(szEventType), &szEventType),
1097 sizeof(ulEventCategory), &ulEventCategory),
1103 sizeof(ulEventIdentifier), &ulEventIdentifier),
1111#define OPT_SYSTEM (Options[1])
1112#define OPT_USER (Options[2])
1113#define OPT_PASSWD (Options[3])
1114#define OPT_EVTID (Options[8])
1138 if (szSystem || szDomainUser || szPassword)
1150 if (ulEventIdentifier < EVENT_ID_MIN || ulEventIdentifier >
EVENT_ID_MAX)
1162 if (
_wcsicmp(szEventType,
L"SUCCESS") == 0)
1165 if (
_wcsicmp(szEventType,
L"ERROR") == 0)
1168 if (
_wcsicmp(szEventType,
L"WARNING") == 0)
1171 if (
_wcsicmp(szEventType,
L"INFORMATION") == 0)
1191 szLogName =
L"Application";
1193 if (
_wcsicmp(szLogName,
L"Application") == 0)
1259 else if (!szLogName)
1274 if (szEventSource && *szEventSource)
#define IDS_INVALIDSWITCH
#define IDS_SOURCE_NOCREATE
#define IDS_LOG_NOT_FOUND
#define IDS_SOURCE_NOT_CUSTOM
#define IDS_SOURCE_EXISTS
#define IDS_SWITCH_UNIMPLEMENTED
void ConPuts(FILE *fp, LPCWSTR psz)
#define ConInitStdStreams()
void ConPrintf(FILE *fp, LPCWSTR psz,...)
void ConResPrintf(FILE *fp, UINT nID,...)
void ConResPuts(FILE *fp, UINT nID)
static FCRET Finalize(FILECOMPARE *pFC, struct list *ptr0, struct list *ptr1, BOOL fDifferent)
PEVENTSOURCE EventLogSource
#define RegCloseKey(hKey)
#define ERROR_NOT_ENOUGH_MEMORY
#define ERROR_INSUFFICIENT_BUFFER
static const WCHAR szDescription[]
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
LONG WINAPI RegFlushKey(HKEY hKey)
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
BOOL WINAPI ReportEventW(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCWSTR *lpStrings, IN LPVOID lpRawData)
BOOL WINAPI DeregisterEventSource(IN HANDLE hEventLog)
HANDLE WINAPI RegisterEventSourceW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
#define GetCurrentProcess()
#define ERROR_NO_MORE_ITEMS
#define HeapFree(x, y, z)
DWORD WINAPI GetModuleFileNameW(HINSTANCE hModule, LPWSTR lpFilename, DWORD nSize)
UINT WINAPI GetSystemWindowsDirectoryW(OUT LPWSTR lpBuffer, IN UINT uSize)
BOOL DoParse(IN INT argc, IN WCHAR *argv[], IN OUT POPTION Options, IN ULONG NumOptions, IN PRINT_ERROR_FUNC PrintErrorFunc OPTIONAL)
VOID PrintError(DWORD dwError)
#define OPTION_ALLOWED_LIST
static PWSTR TrimLeftRightWhitespace(IN PWSTR String)
#define OPTION_TRIM_SPACE
static LONG InstallEventSource(IN HKEY hEventLogKey, IN LPCWSTR EventLogSource)
static BOOL GetUserToken(OUT PTOKEN_USER *ppUserToken)
enum _PARSER_ERROR PARSER_ERROR
static VOID __cdecl PrintParserError(PARSER_ERROR Error,...)
static BOOL CheckLogOrSourceExistence(IN LPCWSTR UNCServerName OPTIONAL, IN LPCWSTR EventLogName, IN LPCWSTR EventLogSource, IN BOOL AllowAppSources OPTIONAL)
#define NEW_OPT(Name, Type, Flags, MaxOfInstances, ValueSize, ValueBuffer)
#define NEW_OPT_EX(Name, Type, Flags, AllowedValues, MaxOfInstances, ValueSize, ValueBuffer)
VOID(__cdecl * PRINT_ERROR_FUNC)(IN PARSER_ERROR,...)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
_Check_return_ unsigned long __cdecl wcstoul(_In_z_ const wchar_t *_Str, _Out_opt_ _Deref_post_z_ wchar_t **_EndPtr, _In_ int _Radix)
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define ERROR_FILE_NOT_FOUND
static HANDLE ULONG_PTR dwData
#define KEY_CREATE_SUB_KEY
#define REG_OPTION_NON_VOLATILE
#define REG_CREATED_NEW_KEY
#define KEY_ENUMERATE_SUB_KEYS
#define UNREFERENCED_PARAMETER(P)
_In_ ULONG _In_ ULONG _In_ ULONG Length
INT ConResPrintfV(IN PCON_STREAM Stream, IN UINT uID, IN va_list args)
INT ConMsgPuts(IN PCON_STREAM Stream, IN DWORD dwFlags, IN LPCVOID lpSource OPTIONAL, IN DWORD dwMessageId, IN DWORD dwLanguageId)
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
_Check_return_ _CRTIMP size_t __cdecl wcscspn(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_Control)
_Check_return_ _CRTIMP int __cdecl _wcsnicmp(_In_reads_or_z_(_MaxCount) const wchar_t *_Str1, _In_reads_or_z_(_MaxCount) const wchar_t *_Str2, _In_ size_t _MaxCount)
PULONG MinorVersion OPTIONAL
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
#define LANG_USER_DEFAULT
#define RtlCopyMemory(Destination, Source, Length)
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
DWORD WINAPI GetLastError(void)
#define FORMAT_MESSAGE_FROM_SYSTEM
#define EVENTLOG_ERROR_TYPE
#define EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_WARNING_TYPE
#define HKEY_LOCAL_MACHINE
_Must_inspect_result_ _In_ ULONG Flags