101 #define EVENT_ID_MIN 0 102 #define EVENT_ID_MAX 65535 108 #define APPLICATION_NAME L"EventCreate" 129 DWORD cbTokenBuffer = 0;
161 *ppUserToken = pUserToken;
184 DWORD dwDisposition = 0;
195 &hSourceKey, &dwDisposition);
225 if ((PathSize > 0) && (
_wcsnicmp(ExePath, TmpDir, PathSize) == 0))
232 EventMessageFile = ExePath;
272 #define MAX_KEY_LENGTH 255 // or 256 ?? 280 BOOL LogNameValid, LogSourceValid;
289 LogNameValid = (EventLogName && *EventLogName);
296 if (!LogNameValid && !LogSourceValid)
300 L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
311 if (LogNameValid && !LogSourceValid)
323 SourceCreated =
TRUE;
324 IsCustomSource =
TRUE;
344 lRet =
RegEnumKeyExW(hEventLogKey, dwIndex, LogName, &NameLen,
367 if (LogNameValid &&
_wcsicmp(LogName, EventLogName) == 0)
392 SourceCreated =
TRUE;
393 IsCustomSource =
TRUE;
397 if (SourceAlreadyExists)
415 if (LogSourceValid && !FoundSource)
473 if (LogNameValid && !(FoundLog &&
_wcsicmp(LogName, EventLogName) == 0))
480 SourceAlreadyExists =
TRUE;
498 SourceCreated =
TRUE;
504 IsCustomSource =
FALSE;
514 IsCustomSource =
TRUE;
553 if (LogNameValid && !FoundLog)
565 if (LogNameValid && !LogSourceValid )
573 if ( FoundSource && SourceAlreadyExists)
580 if ( FoundSource && !SourceAlreadyExists)
587 if (IsCustomSource || AllowAppSources)
602 if (LogSourceValid && !FoundSource)
634 SourceCreated =
TRUE;
660 #define OPTION_ALLOWED_LIST 0x01 661 #define OPTION_NOT_EMPTY 0x02 662 #define OPTION_TRIM_SPACE 0x04 663 #define OPTION_EXCLUSIVE 0x08 664 #define OPTION_MANDATORY 0x10 684 #define NEW_OPT(Name, Type, Flags, MaxOfInstances, ValueSize, ValueBuffer) \ 685 {(Name), (Type), (Flags), (MaxOfInstances), NULL, NULL, 0, (ValueSize), (ValueBuffer)} 687 #define NEW_OPT_EX(Name, Type, Flags, AllowedValues, MaxOfInstances, ValueSize, ValueBuffer) \ 688 {(Name), (Type), (Flags), (MaxOfInstances), (AllowedValues), NULL, 0, (ValueSize), (ValueBuffer)} 742 UINT Option = NumOptions;
753 if (Option != NumOptions)
764 if (ExclusiveOptionPresent)
770 for (Option = 0; Option < NumOptions; ++Option)
776 if (Option >= NumOptions)
786 if (
Options[Option].MaxOfInstances != 0 &&
795 Options[Option].OptionStr = OptionStr;
804 ExclusiveOptionPresent =
TRUE;
870 PWSTR AllowedValues, Scan;
873 AllowedValues =
Options[Option].AllowedValues;
882 Scan = AllowedValues;
945 if (Option != NumOptions)
954 if (ExclusiveOptionPresent)
960 for (
i = 0;
i < NumOptions; ++
i)
976 for (
i = 0;
i < NumOptions; ++
i)
999 static UINT ErrorIDs[] =
1045 ULONG ulEventCategory = 0;
1046 ULONG ulEventIdentifier = 0;
1054 sizeof(bDisplayHelp), &bDisplayHelp),
1060 sizeof(szSystem), &szSystem),
1066 sizeof(szDomainUser), &szDomainUser),
1072 sizeof(szPassword), &szPassword),
1078 sizeof(szLogName), &szLogName),
1084 sizeof(szEventSource), &szEventSource),
1089 L"SUCCESS|ERROR|WARNING|INFORMATION",
1091 sizeof(szEventType), &szEventType),
1097 sizeof(ulEventCategory), &ulEventCategory),
1103 sizeof(ulEventIdentifier), &ulEventIdentifier),
1111 #define OPT_SYSTEM (Options[1]) 1112 #define OPT_USER (Options[2]) 1113 #define OPT_PASSWD (Options[3]) 1114 #define OPT_EVTID (Options[8]) 1138 if (szSystem || szDomainUser || szPassword)
1150 if (ulEventIdentifier < EVENT_ID_MIN || ulEventIdentifier >
EVENT_ID_MAX)
1162 if (
_wcsicmp(szEventType,
L"SUCCESS") == 0)
1165 if (
_wcsicmp(szEventType,
L"ERROR") == 0)
1168 if (
_wcsicmp(szEventType,
L"WARNING") == 0)
1171 if (
_wcsicmp(szEventType,
L"INFORMATION") == 0)
1191 szLogName =
L"Application";
1193 if (
_wcsicmp(szLogName,
L"Application") == 0)
1259 else if (!szLogName)
1274 if (szEventSource && *szEventSource)
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
DWORD WINAPI GetModuleFileNameW(HINSTANCE hModule, LPWSTR lpFilename, DWORD nSize)
UINT WINAPI GetSystemWindowsDirectoryW(OUT LPWSTR lpBuffer, IN UINT uSize)
_In_ ULONG _In_ ULONG _In_ ULONG Length
INT ConResPrintfV(IN PCON_STREAM Stream, IN UINT uID, IN va_list args)
#define ERROR_NO_MORE_ITEMS
#define UNREFERENCED_PARAMETER(P)
#define IDS_LOG_NOT_FOUND
#define IDS_SOURCE_EXISTS
_Check_return_ _CRTIMP size_t __cdecl wcscspn(_In_z_ const wchar_t *_Str, _In_z_ const wchar_t *_Control)
_Check_return_ _CRTIMP int __cdecl _wcsnicmp(_In_reads_or_z_(_MaxCount) const wchar_t *_Str1, _In_reads_or_z_(_MaxCount) const wchar_t *_Str2, _In_ size_t _MaxCount)
static HANDLE ULONG_PTR dwData
#define ERROR_NOT_ENOUGH_MEMORY
DWORD WINAPI GetLastError(VOID)
static VOID __cdecl PrintParserError(PARSER_ERROR Error,...)
static BOOL GetUserToken(OUT PTOKEN_USER *ppUserToken)
_Check_return_ unsigned long __cdecl wcstoul(_In_z_ const wchar_t *_Str, _Out_opt_ _Deref_post_z_ wchar_t **_EndPtr, _In_ int _Radix)
LONG WINAPI RegFlushKey(HKEY hKey)
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
void ConPuts(FILE *fp, LPCWSTR psz)
STRSAFEAPI StringCchCatW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
#define OPTION_TRIM_SPACE
#define IDS_SWITCH_UNIMPLEMENTED
static BOOL CheckLogOrSourceExistence(IN LPCWSTR UNCServerName OPTIONAL, IN LPCWSTR EventLogName, IN LPCWSTR EventLogSource, IN BOOL AllowAppSources OPTIONAL)
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
#define EVENTLOG_ERROR_TYPE
STRSAFEAPI StringCchCopyW(STRSAFE_LPWSTR pszDest, size_t cchDest, STRSAFE_LPCWSTR pszSrc)
#define REG_CREATED_NEW_KEY
static FCRET Finalize(FILECOMPARE *pFC, struct list *ptr0, struct list *ptr1, BOOL fDifferent)
void ConResPuts(FILE *fp, UINT nID)
#define ERROR_FILE_NOT_FOUND
#define FORMAT_MESSAGE_FROM_SYSTEM
int wmain(int argc, WCHAR *argv[])
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
#define REG_OPTION_NON_VOLATILE
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
void ConResPrintf(FILE *fp, UINT nID,...)
_In_ PWDFDEVICE_INIT _In_ PWDF_REMOVE_LOCK_OPTIONS Options
_Must_inspect_result_ _In_ ULONG Flags
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define EVENTLOG_INFORMATION_TYPE
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
#define EVENTLOG_WARNING_TYPE
PEVENTSOURCE EventLogSource
INT ConMsgPuts(IN PCON_STREAM Stream, IN DWORD dwFlags, IN LPCVOID lpSource OPTIONAL, IN DWORD dwMessageId, IN DWORD dwLanguageId)
VOID PrintError(DWORD dwError)
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
#define NEW_OPT_EX(Name, Type, Flags, AllowedValues, MaxOfInstances, ValueSize, ValueBuffer)
static PWSTR TrimLeftRightWhitespace(IN PWSTR String)
#define GetCurrentProcess()
BOOL WINAPI ReportEventW(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCWSTR *lpStrings, IN LPVOID lpRawData)
BOOL DoParse(IN INT argc, IN WCHAR *argv[], IN OUT POPTION Options, IN ULONG NumOptions, IN PRINT_ERROR_FUNC PrintErrorFunc OPTIONAL)
void ConPrintf(FILE *fp, LPCWSTR psz,...)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
#define IDS_SOURCE_NOT_CUSTOM
static LONG InstallEventSource(IN HKEY hEventLogKey, IN LPCWSTR EventLogSource)
#define NEW_OPT(Name, Type, Flags, MaxOfInstances, ValueSize, ValueBuffer)
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
BOOL WINAPI DeregisterEventSource(IN HANDLE hEventLog)
#define IDS_SOURCE_NOCREATE
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
#define OPTION_ALLOWED_LIST
#define ConInitStdStreams()
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
#define IDS_INVALIDSWITCH
#define RtlCopyMemory(Destination, Source, Length)
LONG WINAPI RegEnumKeyExW(_In_ HKEY hKey, _In_ DWORD dwIndex, _Out_ LPWSTR lpName, _Inout_ LPDWORD lpcbName, _Reserved_ LPDWORD lpReserved, _Out_opt_ LPWSTR lpClass, _Inout_opt_ LPDWORD lpcbClass, _Out_opt_ PFILETIME lpftLastWriteTime)
HANDLE WINAPI RegisterEventSourceW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
#define KEY_CREATE_SUB_KEY
#define HeapFree(x, y, z)
#define RegCloseKey(hKey)
VOID(__cdecl * PRINT_ERROR_FUNC)(IN PARSER_ERROR,...)
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
enum _PARSER_ERROR PARSER_ERROR
#define LANG_USER_DEFAULT
static const WCHAR szDescription[]
#define HKEY_LOCAL_MACHINE
#define KEY_ENUMERATE_SUB_KEYS
#define ERROR_INSUFFICIENT_BUFFER
PULONG MinorVersion OPTIONAL