ReactOS 0.4.15-dev-7918-g2a2556c
eventlog.c File Reference
#include <stdarg.h>
#include "initguid.h"
#include "windef.h"
#include "winbase.h"
#include "winerror.h"
#include "winnt.h"
#include "winreg.h"
#include "sddl.h"
#include "wmistr.h"
#include "evntrace.h"
#include "wine/test.h"
Include dependency graph for eventlog.c:

Go to the source code of this file.

Functions

static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE
 
static void init_function_pointers (void)
 
static BOOL create_backup (const char *filename)
 
static void test_open_close (void)
 
static void test_info (void)
 
static void test_count (void)
 
static void test_oldest (void)
 
static void test_backup (void)
 
static void test_read (void)
 
static void test_openbackup (void)
 
static void test_clear (void)
 
static BOOL create_new_eventlog (void)
 
static void test_readwrite (void)
 
static void test_autocreation (void)
 
static void cleanup_eventlog (void)
 
static void test_start_trace (void)
 
 START_TEST (eventlog)
 

Variables

static PSID
 
static DWORD *static DWORD
 
static DWORD *static LPVOID
 
static DWORD *static LPDWORD
 
static LPSTR
 
static const char eventlogsvc [] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
 
static const char eventlogname [] = "Wine"
 
static const char eventsources [][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" }
 
static const charone_string [] = { "First string" }
 
static const chartwo_strings [] = { "First string", "Second string" }
 
struct {
   const char *   evt_src
 
   WORD   evt_type
 
   WORD   evt_cat
 
   DWORD   evt_id
 
   BOOL   evt_sid
 
   WORD   evt_numstrings
 
   const char **   evt_strings
 
read_write []
 
static char eventlogfile [MAX_PATH]
 

Function Documentation

◆ BOOL()

static BOOL ( WINAPI pCreateWellKnownSid)
static

◆ cleanup_eventlog()

static void cleanup_eventlog ( void  )
static

Definition at line 1121 of file eventlog.c.

1122{
1123 BOOL bret;
1124 LONG lret;
1125 HKEY key;
1126 DWORD i;
1127 char winesvc[MAX_PATH];
1128
1129 /* Delete the registry tree */
1130 lstrcpyA(winesvc, eventlogsvc);
1131 lstrcatA(winesvc, "\\");
1132 lstrcatA(winesvc, eventlogname);
1133
1135 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
1137 RegDeleteValueA(key, "Sources");
1139 lret = RegDeleteKeyA(HKEY_LOCAL_MACHINE, winesvc);
1140 ok(lret == ERROR_SUCCESS, "Could not delete the registry tree : %d\n", lret);
1141
1142 /* A handle to the eventlog is locked by services.exe. We can only
1143 * delete the eventlog file after reboot.
1144 */
1146 ok(bret, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1147}
#define ok(value,...)
Definition: atltest.h:57
#define RegCloseKey(hKey)
Definition: registry.h:49
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
LONG WINAPI RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
Definition: reg.c:3234
LONG WINAPI RegDeleteValueA(HKEY hKey, LPCSTR lpValueName)
Definition: reg.c:2287
LONG WINAPI RegDeleteKeyA(_In_ HKEY hKey, _In_ LPCSTR lpSubKey)
Definition: reg.c:1224
#define MAX_PATH
Definition: compat.h:34
BOOL WINAPI MoveFileExA(IN LPCSTR lpExistingFileName, IN LPCSTR lpNewFileName OPTIONAL, IN DWORD dwFlags)
Definition: move.c:1153
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
LPSTR WINAPI lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:100
LPSTR WINAPI lstrcatA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:123
static char eventlogfile[MAX_PATH]
Definition: eventlog.c:1050
static const char eventsources[][11]
Definition: eventlog.c:653
static const char eventlogname[]
Definition: eventlog.c:652
static const char eventlogsvc[]
Definition: eventlog.c:651
long LONG
Definition: pedump.c:60
Definition: copy.c:22
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define MOVEFILE_DELAY_UNTIL_REBOOT
Definition: winbase.h:400
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Referenced by START_TEST().

◆ create_backup()

static BOOL create_backup ( const char filename)
static

Definition at line 55 of file eventlog.c.

56{
58 DWORD rc, attribs;
59
61 handle = OpenEventLogA(NULL, "Application");
64 {
65 skip("insufficient privileges to backup the eventlog\n");
67 return FALSE;
68 }
69 ok(rc, "BackupEventLogA failed, le=%u\n", GetLastError());
71
74 ok(attribs != INVALID_FILE_ATTRIBUTES, "Expected a backup file attribs=%#x le=%u\n", attribs, GetLastError());
75 return TRUE;
76}
#define skip(...)
Definition: atltest.h:64
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
HANDLE WINAPI OpenEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:919
BOOL WINAPI BackupEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:177
BOOL WINAPI DeleteFileA(IN LPCSTR lpFileName)
Definition: delete.c:24
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
Definition: fileinfo.c:636
const GLint * attribs
Definition: glext.h:10538
const char * filename
Definition: ioapi.h:137
#define todo_wine
Definition: custom.c:79
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23
#define ERROR_PRIVILEGE_NOT_HELD
Definition: winerror.h:796

Referenced by test_clear(), test_count(), test_oldest(), and test_openbackup().

◆ create_new_eventlog()

static BOOL create_new_eventlog ( void  )
static

Definition at line 655 of file eventlog.c.

656{
657 HKEY key, eventkey;
658 BOOL bret = FALSE;
659 LONG lret;
660 DWORD i;
661
662 /* First create our eventlog */
664 if (lret != ERROR_SUCCESS)
665 {
666 skip("Could not open the EventLog service registry key\n");
667 return FALSE;
668 }
669 lret = RegCreateKeyA(key, eventlogname, &eventkey);
670 if (lret != ERROR_SUCCESS)
671 {
672 skip("Could not create the eventlog '%s' registry key\n", eventlogname);
673 goto cleanup;
674 }
675
676 /* Create some event sources, the registry value 'Sources' is updated automatically */
677 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
678 {
679 HKEY srckey;
680
681 lret = RegCreateKeyA(eventkey, eventsources[i], &srckey);
682 if (lret != ERROR_SUCCESS)
683 {
684 skip("Could not create the eventsource '%s' registry key\n", eventsources[i]);
685 goto cleanup;
686 }
687 RegFlushKey(srckey);
688 RegCloseKey(srckey);
689 }
690
691 bret = TRUE;
692
693 /* The flushing of the registry (here and above) gives us some assurance
694 * that we are not to quickly writing events as 'Sources' could still be
695 * not updated.
696 */
697 RegFlushKey(eventkey);
698cleanup:
699 RegCloseKey(eventkey);
701
702 return bret;
703}
LONG WINAPI RegCreateKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
Definition: reg.c:1179
LONG WINAPI RegFlushKey(HKEY hKey)
Definition: reg.c:2951
static void cleanup(void)
Definition: main.c:1335

Referenced by START_TEST().

◆ init_function_pointers()

static void init_function_pointers ( void  )
static

Definition at line 42 of file eventlog.c.

43{
44 HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
45 HMODULE hkernel32 = GetModuleHandleA("kernel32.dll");
46
47 pCreateWellKnownSid = (void*)GetProcAddress(hadvapi32, "CreateWellKnownSid");
48 pGetEventLogInformation = (void*)GetProcAddress(hadvapi32, "GetEventLogInformation");
49
50 pGetComputerNameExA = (void*)GetProcAddress(hkernel32, "GetComputerNameExA");
51 pWow64DisableWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64DisableWow64FsRedirection");
52 pWow64RevertWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64RevertWow64FsRedirection");
53}
#define GetProcAddress(x, y)
Definition: compat.h:753
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:812
static HINSTANCE hkernel32
Definition: process.c:66

Referenced by START_TEST().

◆ START_TEST()

START_TEST ( eventlog  )

Definition at line 1241 of file eventlog.c.

1242{
1243 SetLastError(0xdeadbeef);
1246 {
1247 win_skip("Event log functions are not implemented\n");
1248 return;
1249 }
1250
1252
1253 /* Parameters only */
1255 test_info();
1256 test_count();
1257 test_oldest();
1258 test_backup();
1260 test_read();
1261 test_clear();
1262
1263 /* Functional tests */
1264 if (create_new_eventlog())
1265 {
1269 }
1270
1271 /* Trace tests */
1273}
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define SetLastError(x)
Definition: compat.h:752
static void test_clear(void)
Definition: eventlog.c:598
static void test_oldest(void)
Definition: eventlog.c:246
static void test_backup(void)
Definition: eventlog.c:300
static void init_function_pointers(void)
Definition: eventlog.c:42
static BOOL create_new_eventlog(void)
Definition: eventlog.c:655
static void test_readwrite(void)
Definition: eventlog.c:730
static void test_autocreation(void)
Definition: eventlog.c:1051
static void test_count(void)
Definition: eventlog.c:192
static void test_info(void)
Definition: eventlog.c:131
static void test_start_trace(void)
Definition: eventlog.c:1149
static void test_read(void)
Definition: eventlog.c:363
static void cleanup_eventlog(void)
Definition: eventlog.c:1121
static void test_openbackup(void)
Definition: eventlog.c:511
static void test_open_close(void)
Definition: eventlog.c:78
#define win_skip
Definition: test.h:160

◆ test_autocreation()

static void test_autocreation ( void  )
static

Definition at line 1051 of file eventlog.c.

1052{
1053 HKEY key, eventkey;
1054 DWORD type, size;
1055 LONG ret;
1056 int i;
1057 char *p;
1058 char sources[sizeof(eventsources)];
1059 char sysdir[MAX_PATH];
1060 void *redir = 0;
1061
1063 RegOpenKeyA(key, eventlogname, &eventkey);
1064
1065 size = sizeof(sources);
1066 sources[0] = 0;
1067 ret = RegQueryValueExA(eventkey, "Sources", NULL, &type, (LPBYTE)sources, &size);
1068 if (ret == ERROR_SUCCESS)
1069 {
1070 char sources_verify[sizeof(eventsources)];
1071
1072 ok(type == REG_MULTI_SZ, "Expected a REG_MULTI_SZ, got %d\n", type);
1073
1074 /* Build the expected string */
1075 memset(sources_verify, 0, sizeof(sources_verify));
1076 p = sources_verify;
1077 for (i = sizeof(eventsources)/sizeof(eventsources[0]); i > 0; i--)
1078 {
1079 lstrcpyA(p, eventsources[i - 1]);
1080 p += (lstrlenA(eventsources[i - 1]) + 1);
1081 }
1083
1084 ok(!memcmp(sources, sources_verify, size),
1085 "Expected a correct 'Sources' value (size : %d)\n", size);
1086 }
1087
1088 RegCloseKey(eventkey);
1090
1091 /* The directory that holds the eventlog files could be redirected */
1092 if (pWow64DisableWow64FsRedirection)
1093 pWow64DisableWow64FsRedirection(&redir);
1094
1095 /* On Windows we also automatically get an eventlog file */
1096 GetSystemDirectoryA(sysdir, sizeof(sysdir));
1097
1098 /* NT4 - W2K3 */
1099 lstrcpyA(eventlogfile, sysdir);
1100 lstrcatA(eventlogfile, "\\config\\");
1102 lstrcatA(eventlogfile, ".evt");
1103
1105 {
1106 /* Vista+ */
1107 lstrcpyA(eventlogfile, sysdir);
1108 lstrcatA(eventlogfile, "\\winevt\\Logs\\");
1110 lstrcatA(eventlogfile, ".evtx");
1111 }
1112
1113 todo_wine
1115 "Expected an eventlog file\n");
1116
1117 if (pWow64RevertWow64FsRedirection)
1118 pWow64RevertWow64FsRedirection(redir);
1119}
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
LONG WINAPI RegQueryValueExA(_In_ HKEY hkeyorg, _In_ LPCSTR name, _In_ LPDWORD reserved, _Out_opt_ LPDWORD type, _Out_opt_ LPBYTE data, _Inout_opt_ LPDWORD count)
Definition: reg.c:4009
UINT WINAPI GetSystemDirectoryA(OUT LPSTR lpBuffer, IN UINT uSize)
Definition: path.c:2283
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
GLsizeiptr size
Definition: glext.h:5919
GLsizei GLenum * sources
Definition: glext.h:7753
GLfloat GLfloat p
Definition: glext.h:8902
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
#define REG_MULTI_SZ
Definition: nt_native.h:1501
#define memset(x, y, z)
Definition: compat.h:39
unsigned char * LPBYTE
Definition: typedefs.h:53
int ret

Referenced by START_TEST().

◆ test_backup()

static void test_backup ( void  )
static

Definition at line 300 of file eventlog.c.

301{
303 BOOL ret;
304 const char backup[] = "backup.evt";
305 const char backup2[] = "backup2.evt";
306
307 SetLastError(0xdeadbeef);
309 ok(!ret, "Expected failure\n");
310 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
311
312 SetLastError(0xdeadbeef);
314 ok(!ret, "Expected failure\n");
315 ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
316
317 handle = OpenEventLogA(NULL, "Application");
318
319 SetLastError(0xdeadbeef);
321 ok(!ret, "Expected failure\n");
322 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
323
326 {
327 skip("insufficient privileges for backup tests\n");
329 return;
330 }
331 ok(ret, "Expected success\n");
333 ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
334
335 /* Try to overwrite */
336 SetLastError(0xdeadbeef);
339 {
340 ok(!ret, "Expected failure\n");
341 ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
342 }
343
345
346 /* Can we make a backup of a backup? */
349 ok(handle != NULL, "Expected a handle\n");
350
351 ret = BackupEventLogA(handle, backup2);
353 {
354 ok(ret, "Expected success\n");
355 ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
356 }
357
360 DeleteFileA(backup2);
361}
static long backup()
Definition: maze.c:403
HANDLE WINAPI OpenBackupEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpFileName)
Definition: eventlog.c:725
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
#define ERROR_ALREADY_EXISTS
Definition: disk.h:80

Referenced by START_TEST().

◆ test_clear()

static void test_clear ( void  )
static

Definition at line 598 of file eventlog.c.

599{
601 BOOL ret;
602 const char backup[] = "backup.evt";
603 const char backup2[] = "backup2.evt";
604
605 SetLastError(0xdeadbeef);
607 ok(!ret, "Expected failure\n");
608 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
609
610 /* Make a backup eventlog to work with */
611 if (!create_backup(backup))
612 return;
613
614 SetLastError(0xdeadbeef);
616 ok(!ret, "Expected failure\n");
617 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
618
621 ok(handle != NULL, "Expected a handle\n");
622
623 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
624 SetLastError(0xdeadbeef);
626 ok(!ret, "Expected failure\n");
627 /* The eventlog service runs under an account that doesn't have the necessary
628 * permissions on the users home directory on a default Vista+ system.
629 */
631 GetLastError() == ERROR_ACCESS_DENIED, /* Vista+ */
632 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
633
634 /* Show that ClearEventLog only works for real eventlogs. */
635 SetLastError(0xdeadbeef);
636 ret = ClearEventLogA(handle, backup2);
637 ok(!ret, "Expected failure\n");
638 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
639 ok(GetFileAttributesA(backup2) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
640
641 SetLastError(0xdeadbeef);
643 ok(!ret, "Expected failure\n");
644 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
645
648 ok(DeleteFileA(backup), "Could not delete the backup file\n");
649}
BOOL WINAPI ClearEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:305
#define ERROR_INVALID_HANDLE
Definition: compat.h:98
#define ERROR_ACCESS_DENIED
Definition: compat.h:97
static BOOL create_backup(const char *filename)
Definition: eventlog.c:55

Referenced by START_TEST(), and test_HTMLDocument_hlink().

◆ test_count()

static void test_count ( void  )
static

Definition at line 192 of file eventlog.c.

193{
195 BOOL ret;
196 DWORD count;
197 const char backup[] = "backup.evt";
198
199 SetLastError(0xdeadbeef);
201 ok(!ret, "Expected failure\n");
202 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
203
204 SetLastError(0xdeadbeef);
205 count = 0xdeadbeef;
207 ok(!ret, "Expected failure\n");
208 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
209 ok(count == 0xdeadbeef, "Expected count to stay unchanged\n");
210
211 handle = OpenEventLogA(NULL, "Application");
212
213 SetLastError(0xdeadbeef);
215 ok(!ret, "Expected failure\n");
216 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
217
218 count = 0xdeadbeef;
220 ok(ret, "Expected success\n");
221 ok(count != 0xdeadbeef, "Expected the number of records\n");
222
224
225 /* Make a backup eventlog to work with */
227 {
230 ok(handle != NULL, "Expected a handle, le=%d\n", GetLastError());
231
232 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
233 count = 0xdeadbeef;
236 {
237 ok(ret, "Expected success\n");
238 ok(count != 0xdeadbeef, "Expected the number of records\n");
239 }
240
243 }
244}
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
GLuint GLuint GLsizei count
Definition: gl.h:1545

Referenced by START_TEST().

◆ test_info()

static void test_info ( void  )
static

Definition at line 131 of file eventlog.c.

132{
134 BOOL ret;
135 DWORD needed;
137 EVENTLOG_FULL_INFORMATION *efi = (void *)buffer;
138
139 if (!pGetEventLogInformation)
140 {
141 /* NT4 */
142 win_skip("GetEventLogInformation is not available\n");
143 return;
144 }
145 SetLastError(0xdeadbeef);
146 ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL);
147 ok(!ret, "Expected failure\n");
148 ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
149
150 SetLastError(0xdeadbeef);
151 ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL);
152 ok(!ret, "Expected failure\n");
153 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
154
155 handle = OpenEventLogA(NULL, "Application");
156
157 SetLastError(0xdeadbeef);
158 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL);
159 ok(!ret, "Expected failure\n");
160 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
161
162 SetLastError(0xdeadbeef);
163 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed);
164 ok(!ret, "Expected failure\n");
165 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
166
167 SetLastError(0xdeadbeef);
168 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, NULL);
169 ok(!ret, "Expected failure\n");
170 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
171
172 SetLastError(0xdeadbeef);
173 needed = 0xdeadbeef;
174 efi->dwFull = 0xdeadbeef;
175 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, &needed);
176 ok(!ret, "Expected failure\n");
177 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
178 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
179 ok(efi->dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n");
180
181 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
182 efi->dwFull = 0xdeadbeef;
183 needed = sizeof(buffer);
184 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, needed, &needed);
185 ok(ret, "Expected success\n");
186 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
187 ok(efi->dwFull == 0 || efi->dwFull == 1, "Expected 0 (not full) or 1 (full), got %d\n", efi->dwFull);
188
190}
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
GLuint buffer
Definition: glext.h:5915
#define EVENTLOG_FULL_INFO
Definition: winbase.h:1154
struct _EVENTLOG_FULL_INFORMATION EVENTLOG_FULL_INFORMATION
#define ERROR_INVALID_LEVEL
Definition: winerror.h:196
#define RPC_X_NULL_REF_POINTER
Definition: winerror.h:1087
unsigned char BYTE
Definition: xxhash.c:193

Referenced by START_TEST().

◆ test_oldest()

static void test_oldest ( void  )
static

Definition at line 246 of file eventlog.c.

247{
249 BOOL ret;
250 DWORD oldest;
251 const char backup[] = "backup.evt";
252
253 SetLastError(0xdeadbeef);
255 ok(!ret, "Expected failure\n");
256 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
257
258 SetLastError(0xdeadbeef);
259 oldest = 0xdeadbeef;
260 ret = GetOldestEventLogRecord(NULL, &oldest);
261 ok(!ret, "Expected failure\n");
262 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
263 ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n");
264
265 handle = OpenEventLogA(NULL, "Application");
266
267 SetLastError(0xdeadbeef);
269 ok(!ret, "Expected failure\n");
270 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
271
272 oldest = 0xdeadbeef;
274 ok(ret, "Expected success\n");
275 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
276
278
279 /* Make a backup eventlog to work with */
281 {
284 ok(handle != NULL, "Expected a handle\n");
285
286 /* Does GetOldestEventLogRecord work with backup eventlogs? */
287 oldest = 0xdeadbeef;
290 {
291 ok(ret, "Expected success\n");
292 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
293 }
294
297 }
298}
BOOL WINAPI GetOldestEventLogRecord(IN HANDLE hEventLog, OUT PDWORD OldestRecord)
Definition: eventlog.c:619

Referenced by START_TEST().

◆ test_open_close()

static void test_open_close ( void  )
static

Definition at line 78 of file eventlog.c.

79{
81 BOOL ret;
82
83 SetLastError(0xdeadbeef);
85 ok(!ret, "Expected failure\n");
87 GetLastError() == ERROR_NOACCESS, /* W2K */
88 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
89
90 SetLastError(0xdeadbeef);
92 ok(handle == NULL, "Didn't expect a handle\n");
93 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
94
95 SetLastError(0xdeadbeef);
96 handle = OpenEventLogA("IDontExist", NULL);
97 ok(handle == NULL, "Didn't expect a handle\n");
98 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
99
100 SetLastError(0xdeadbeef);
101 handle = OpenEventLogA("IDontExist", "deadbeef");
102 ok(handle == NULL, "Didn't expect a handle\n");
104 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
105 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
106
107 /* This one opens the Application log */
108 handle = OpenEventLogA(NULL, "deadbeef");
109 ok(handle != NULL, "Expected a handle\n");
111 ok(ret, "Expected success\n");
112 /* Close a second time */
113 SetLastError(0xdeadbeef);
116 {
117 ok(!ret, "Expected failure\n");
118 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
119 }
120
121 /* Empty servername should be read as local server */
122 handle = OpenEventLogA("", "Application");
123 ok(handle != NULL, "Expected a handle\n");
125
126 handle = OpenEventLogA(NULL, "Application");
127 ok(handle != NULL, "Expected a handle\n");
129}
#define RPC_S_SERVER_UNAVAILABLE
Definition: winerror.h:1033
#define RPC_S_INVALID_NET_ADDR
Definition: winerror.h:1018
#define ERROR_NOACCESS
Definition: winerror.h:578

Referenced by START_TEST().

◆ test_openbackup()

static void test_openbackup ( void  )
static

Definition at line 511 of file eventlog.c.

512{
513 HANDLE handle, handle2, file;
514 DWORD written;
515 const char backup[] = "backup.evt";
516 const char text[] = "Just some text";
517
518 SetLastError(0xdeadbeef);
520 ok(handle == NULL, "Didn't expect a handle\n");
521 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
522
523 SetLastError(0xdeadbeef);
524 handle = OpenBackupEventLogA(NULL, "idontexist.evt");
525 ok(handle == NULL, "Didn't expect a handle\n");
526 ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
527
528 SetLastError(0xdeadbeef);
529 handle = OpenBackupEventLogA("IDontExist", NULL);
530 ok(handle == NULL, "Didn't expect a handle\n");
531 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
532
533 SetLastError(0xdeadbeef);
534 handle = OpenBackupEventLogA("IDontExist", "idontexist.evt");
535 ok(handle == NULL, "Didn't expect a handle\n");
537 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
538 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
539
540 /* Make a backup eventlog to work with */
542 {
543 /* FIXME: Wine stops here */
545 {
546 skip("We don't have a backup eventlog to work with\n");
547 return;
548 }
549
550 SetLastError(0xdeadbeef);
551 handle = OpenBackupEventLogA("IDontExist", backup);
552 ok(handle == NULL, "Didn't expect a handle\n");
554 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
555 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
556
557 /* Empty servername should be read as local server */
559 ok(handle != NULL, "Expected a handle\n");
561
563 ok(handle != NULL, "Expected a handle\n");
564
565 /* Can we open that same backup eventlog more than once? */
566 handle2 = OpenBackupEventLogA(NULL, backup);
567 ok(handle2 != NULL, "Expected a handle\n");
568 ok(handle2 != handle, "Didn't expect the same handle\n");
569 CloseEventLog(handle2);
570
573 }
574
575 /* Is there any content checking done? */
578 SetLastError(0xdeadbeef);
580 ok(handle == NULL, "Didn't expect a handle\n");
582 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, /* Vista and Win7 */
583 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
586
588 WriteFile(file, text, sizeof(text), &written, NULL);
590 SetLastError(0xdeadbeef);
592 ok(handle == NULL, "Didn't expect a handle\n");
593 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
596}
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
#define CloseHandle
Definition: compat.h:739
#define CreateFileA(a, b, c, d, e, f, g)
Definition: compat.h:740
BOOL WINAPI WriteFile(IN HANDLE hFile, IN LPCVOID lpBuffer, IN DWORD nNumberOfBytesToWrite OPTIONAL, OUT LPDWORD lpNumberOfBytesWritten, IN LPOVERLAPPED lpOverlapped OPTIONAL)
Definition: rw.c:24
const WCHAR * text
Definition: package.c:1799
#define CREATE_NEW
Definition: disk.h:69
#define ERROR_FILE_NOT_FOUND
Definition: disk.h:79
#define GENERIC_WRITE
Definition: nt_native.h:90
Definition: fci.c:127
#define ERROR_EVENTLOG_FILE_CORRUPT
Definition: winerror.h:952

Referenced by START_TEST().

◆ test_read()

static void test_read ( void  )
static

Definition at line 363 of file eventlog.c.

364{
366 BOOL ret;
367 DWORD count, toread, read, needed;
368 void *buf;
369
370 SetLastError(0xdeadbeef);
371 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL);
372 ok(!ret, "Expected failure\n");
374 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
375
376 read = 0xdeadbeef;
377 SetLastError(0xdeadbeef);
378 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL);
379 ok(!ret, "Expected failure\n");
380 ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
382 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
383
384 needed = 0xdeadbeef;
385 SetLastError(0xdeadbeef);
386 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed);
387 ok(!ret, "Expected failure\n");
388 ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
390 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
391
392 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
393 SetLastError(0xdeadbeef);
394 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed);
395 ok(!ret, "Expected failure\n");
397 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
398
399 SetLastError(0xdeadbeef);
401 ok(!ret, "Expected failure\n");
403 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
404
405 SetLastError(0xdeadbeef);
407 ok(!ret, "Expected failure\n");
409 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
410
411 buf = NULL;
412 SetLastError(0xdeadbeef);
414 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
415 ok(!ret, "Expected failure\n");
417 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
418
420 SetLastError(0xdeadbeef);
422 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
423 ok(!ret, "Expected failure\n");
425 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
427
428 handle = OpenEventLogA(NULL, "Application");
429
430 /* Show that we need the proper dwFlags with a (for the rest) proper call */
432
433 SetLastError(0xdeadbeef);
434 ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
435 ok(!ret, "Expected failure\n");
437 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
438
439 SetLastError(0xdeadbeef);
441 ok(!ret, "Expected failure\n");
443 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
444
445 SetLastError(0xdeadbeef);
447 ok(!ret, "Expected failure\n");
449 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
450
451 SetLastError(0xdeadbeef);
453 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
454 ok(!ret, "Expected failure\n");
456 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
457
458 SetLastError(0xdeadbeef);
460 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
461 ok(!ret, "Expected failure\n");
463 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
464
465 SetLastError(0xdeadbeef);
467 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
468 ok(!ret, "Expected failure\n");
470 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
471
473
474 /* First check if there are any records (in practice only on Wine: FIXME) */
475 count = 0;
477 if (!count)
478 {
479 skip("No records in the 'Application' log\n");
481 return;
482 }
483
484 /* Get the buffer size for the first record */
486 read = needed = 0xdeadbeef;
487 SetLastError(0xdeadbeef);
489 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
490 ok(!ret, "Expected failure\n");
491 ok(read == 0, "Expected no bytes read\n");
492 ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
493 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
494
495 /* Read the first record */
496 toread = needed;
497 buf = HeapReAlloc(GetProcessHeap(), 0, buf, toread);
498 read = needed = 0xdeadbeef;
499 SetLastError(0xdeadbeef);
501 ok(ret, "Expected success\n");
502 ok(read == toread ||
503 broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */
504 "Expected the requested size to be read\n");
505 ok(needed == 0, "Expected no extra bytes to be read\n");
507
509}
#define broken(x)
Definition: _sntprintf.h:21
#define read
Definition: acwin.h:96
BOOL WINAPI ReadEventLogA(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1061
#define GetProcessHeap()
Definition: compat.h:736
#define HeapAlloc
Definition: compat.h:733
#define HeapReAlloc
Definition: compat.h:734
#define HeapFree(x, y, z)
Definition: compat.h:735
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2828
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2831
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2830
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:2829

Referenced by START_TEST().

◆ test_readwrite()

static void test_readwrite ( void  )
static

Definition at line 730 of file eventlog.c.

731{
733 PSID user;
734 DWORD sidsize, count;
735 BOOL ret, sidavailable;
736 BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
737 DWORD i;
738 char *localcomputer = NULL;
739 DWORD size;
740
741 if (pCreateWellKnownSid)
742 {
743 sidsize = SECURITY_MAX_SID_SIZE;
744 user = HeapAlloc(GetProcessHeap(), 0, sidsize);
745 SetLastError(0xdeadbeef);
746 pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
747 sidavailable = TRUE;
748 }
749 else
750 {
751 win_skip("Skipping some SID related tests\n");
752 sidavailable = FALSE;
753 user = NULL;
754 }
755
756 /* Write an event with an incorrect event type. This will fail on Windows 7
757 * but succeed on all others, hence it's not part of the struct.
758 */
760 if (!handle)
761 {
762 /* Intermittently seen on NT4 when tests are run immediately after boot */
763 win_skip("Could not get a handle to the eventlog\n");
764 goto cleanup;
765 }
766
767 count = 0xdeadbeef;
769 if (count != 0)
770 {
771 /* Needed for W2K3 without a service pack */
772 win_skip("We most likely opened the Application eventlog\n");
774 Sleep(2000);
775
777 count = 0xdeadbeef;
779 if (count != 0)
780 {
781 win_skip("We didn't open our new eventlog\n");
783 goto cleanup;
784 }
785 }
786
787 SetLastError(0xdeadbeef);
788 ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
789 if (!ret && GetLastError() == ERROR_CRC)
790 {
791 win_skip("Win7 fails when using incorrect event types\n");
792 ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
793 ok(ret, "Expected success : %d\n", GetLastError());
794 }
795 else
796 {
797 void *buf;
798 DWORD read, needed = 0;
800
801 ok(ret, "Expected success : %d\n", GetLastError());
802
803 /* Needed to catch earlier Vista (with no ServicePack for example) */
806 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
808 {
809 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
811 0, buf, needed, &read, &needed);
812 }
813 if (ret)
814 {
816
817 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
818 * the written eventtype (0x20 in this case).
819 */
820 if (record->EventType == EVENTLOG_SUCCESS)
821 on_vista = TRUE;
822 }
824 }
825
826 /* This will clear the eventlog. The record numbering for new
827 * events however differs on Vista SP1+. Before Vista the first
828 * event would be numbered 1, on Vista SP1+ it's higher as we already
829 * had at least one event (more in case of multiple test runs without
830 * a reboot).
831 */
834
835 /* Write a bunch of events while using different event sources */
836 for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
837 {
838 DWORD oldest;
839 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
840
841 /* We don't need to use RegisterEventSource to report events */
842 if (i % 2)
844 else
846 ok(handle != NULL, "Expected a handle\n");
847
848 SetLastError(0xdeadbeef);
850 read_write[i].evt_id, run_sidtests ? user : NULL,
852 ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
853
854 count = 0xdeadbeef;
855 SetLastError(0xdeadbeef);
857 ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
859 ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
860
861 oldest = 0xdeadbeef;
863 ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
865 ok(oldest == 1 ||
866 (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
867 "Expected oldest to be 1 or higher, got %d\n", oldest);
868 if (oldest > 1 && oldest != 0xdeadbeef)
869 on_vista = TRUE;
870
871 SetLastError(0xdeadbeef);
872 if (i % 2)
874 else
876 ok(ret, "Expected success : %d\n", GetLastError());
877 }
878
880 count = 0xdeadbeef;
882 ok(ret, "Expected success\n");
884 ok(count == i, "Expected %d records, got %d\n", i, count);
886
887 if (count == 0)
888 {
889 skip("No events were written to the eventlog\n");
890 goto cleanup;
891 }
892
893 /* Report only once */
894 if (on_vista)
895 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
896
897 if (on_vista && pGetComputerNameExA)
898 {
899 /* New Vista+ behavior */
900 size = 0;
901 SetLastError(0xdeadbeef);
902 pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
903 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
904 pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
905 }
906 else
907 {
909 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
910 GetComputerNameA(localcomputer, &size);
911 }
912
913 /* Read all events from our created eventlog, one by one */
915 ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
916 i = 0;
917 for (;;)
918 {
919 void *buf;
920 DWORD read, needed;
922 char *sourcename, *computername;
923 int k;
924 char *ptr;
925 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
926
928 SetLastError(0xdeadbeef);
930 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
931 ok(!ret, "Expected failure\n");
933 {
935 ok(GetLastError() == ERROR_HANDLE_EOF, "record %d, got %d\n", i, GetLastError());
936 break;
937 }
938
939 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
941 0, buf, needed, &read, &needed);
942 ok(ret, "Expected success: %d\n", GetLastError());
943
945
946 ok(record->Length == read,
947 "Expected %d, got %d\n", read, record->Length);
948 ok(record->Reserved == 0x654c664c,
949 "Expected 0x654c664c, got %d\n", record->Reserved);
950 ok(record->RecordNumber == i + 1 ||
951 (on_vista && (record->RecordNumber > i + 1)),
952 "Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
953 ok(record->EventID == read_write[i].evt_id,
954 "Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
955 ok(record->EventType == read_write[i].evt_type,
956 "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
957 ok(record->NumStrings == read_write[i].evt_numstrings,
958 "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
959 ok(record->EventCategory == read_write[i].evt_cat,
960 "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
961
962 sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
963 ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
964 read_write[i].evt_src, sourcename);
965
966 computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
967 ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
968 localcomputer, computername);
969
970 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
971 * no padding was actually required a 0 DWORD was still used for padding. No
972 * application should be relying on the padding as we are working with offsets
973 * anyway.
974 */
975
976 if (!on_vista)
977 {
978 DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
979
980 /* We are already DWORD aligned, there should still be some padding */
981 if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
982 ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
983
984 ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
985 }
986
987 if (run_sidtests)
988 {
989 ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
990 }
991 else
992 {
993 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
994 ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
995 }
996
997 ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
998
999 ptr = (char *)((BYTE *)buf + record->StringOffset);
1000 for (k = 0; k < record->NumStrings; k++)
1001 {
1002 ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
1003 ptr += lstrlenA(ptr) + 1;
1004 }
1005
1006 ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
1007 "Expected the closing DWORD to contain the length of the record\n");
1008
1010 i++;
1011 }
1013
1014 /* Test clearing a real eventlog */
1016 ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
1017
1018 SetLastError(0xdeadbeef);
1020 ok(ret, "Expected success\n");
1021
1022 count = 0xdeadbeef;
1024 ok(ret, "Expected success\n");
1025 ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
1026
1028
1029cleanup:
1030 HeapFree(GetProcessHeap(), 0, localcomputer);
1032}
void user(int argc, const char *argv[])
Definition: cmds.c:1350
BOOL WINAPI ReportEventA(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCSTR *lpStrings, IN LPVOID lpRawData)
Definition: eventlog.c:1377
BOOL WINAPI DeregisterEventSource(IN HANDLE hEventLog)
Definition: eventlog.c:473
HANDLE WINAPI RegisterEventSourceA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:1224
int WINAPI lstrcmpiA(LPCSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:42
int WINAPI lstrcmpA(LPCSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:18
static PVOID ptr
Definition: dispmode.c:27
static const char * two_strings[]
Definition: eventlog.c:706
WORD evt_cat
Definition: eventlog.c:711
const char * evt_src
Definition: eventlog.c:709
const char ** evt_strings
Definition: eventlog.c:715
WORD evt_numstrings
Definition: eventlog.c:714
static const struct @1640 read_write[]
WORD evt_type
Definition: eventlog.c:710
DWORD evt_id
Definition: eventlog.c:712
int k
Definition: mpi.c:3369
unsigned __int3264 UINT_PTR
Definition: mstsclib_h.h:274
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
Definition: shimtest.c:21
VOID WINAPI DECLSPEC_HOTPATCH Sleep(IN DWORD dwMilliseconds)
Definition: synch.c:790
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:243
#define ERROR_HANDLE_EOF
Definition: winerror.h:140
#define ERROR_CRC
Definition: winerror.h:126
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2833
struct _EVENTLOGRECORD EVENTLOGRECORD
#define SECURITY_MAX_SID_SIZE
Definition: setypes.h:486

Referenced by START_TEST().

◆ test_start_trace()

static void test_start_trace ( void  )
static

Definition at line 1149 of file eventlog.c.

1150{
1151 const char sessionname[] = "wine";
1152 const char filepath[] = "wine.etl";
1153 const char filepath2[] = "eniw.etl";
1154 EVENT_TRACE_PROPERTIES *properties;
1156 LONG buffersize;
1157 LONG ret;
1158
1159 buffersize = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname) + sizeof(filepath);
1160 properties = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffersize);
1161 properties->Wnode.BufferSize = buffersize;
1162 properties->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
1164 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1165 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1166 strcpy((char *)properties + properties->LogFileNameOffset, filepath);
1167
1168 properties->Wnode.BufferSize = 0;
1169 ret = StartTraceA(&handle, sessionname, properties);
1170 todo_wine
1171 ok(ret == ERROR_BAD_LENGTH ||
1172 ret == ERROR_INVALID_PARAMETER, /* XP and 2k3 */
1173 "Expected ERROR_BAD_LENGTH, got %d\n", ret);
1174 properties->Wnode.BufferSize = buffersize;
1175
1176 ret = StartTraceA(&handle, "this name is too long", properties);
1177 todo_wine
1178 ok(ret == ERROR_BAD_LENGTH, "Expected ERROR_BAD_LENGTH, got %d\n", ret);
1179
1180 ret = StartTraceA(&handle, sessionname, NULL);
1181 todo_wine
1182 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1183
1184 ret = StartTraceA(NULL, sessionname, properties);
1185 todo_wine
1186 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1187
1188 properties->LogFileNameOffset = 1;
1189 ret = StartTraceA(&handle, sessionname, properties);
1190 todo_wine
1191 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1192 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1193
1194 properties->LoggerNameOffset = 1;
1195 ret = StartTraceA(&handle, sessionname, properties);
1196 todo_wine
1197 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1198 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1199
1201 ret = StartTraceA(&handle, sessionname, properties);
1202 todo_wine
1203 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1205 /* XP creates a file we can't delete, so change the filepath to something else */
1206 strcpy((char *)properties + properties->LogFileNameOffset, filepath2);
1207
1208 properties->Wnode.Guid = SystemTraceControlGuid;
1209 ret = StartTraceA(&handle, sessionname, properties);
1210 todo_wine
1211 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1212 memset(&properties->Wnode.Guid, 0, sizeof(properties->Wnode.Guid));
1213
1214 properties->LogFileNameOffset = 0;
1215 ret = StartTraceA(&handle, sessionname, properties);
1216 todo_wine
1217 ok(ret == ERROR_BAD_PATHNAME, "Expected ERROR_BAD_PATHNAME, got %d\n", ret);
1218 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1219
1220 ret = StartTraceA(&handle, sessionname, properties);
1221 if (ret == ERROR_ACCESS_DENIED)
1222 {
1223 skip("need admin rights\n");
1224 goto done;
1225 }
1226 ok(ret == ERROR_SUCCESS, "Expected success, got %d\n", ret);
1227
1228 ret = StartTraceA(&handle, sessionname, properties);
1229 todo_wine
1231 ret == ERROR_SHARING_VIOLATION, /* 2k3 */
1232 "Expected ERROR_ALREADY_EXISTS, got %d\n", ret);
1233
1234 /* clean up */
1235 ControlTraceA(handle, sessionname, properties, EVENT_TRACE_CONTROL_STOP);
1236done:
1237 HeapFree(GetProcessHeap(), 0, properties);
1238 DeleteFileA(filepath);
1239}
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
struct _EVENT_TRACE_PROPERTIES EVENT_TRACE_PROPERTIES
#define EVENT_TRACE_CONTROL_STOP
Definition: evntrace.h:214
#define EVENT_TRACE_FILE_MODE_NONE
Definition: evntrace.h:184
#define EVENT_TRACE_FILE_MODE_CIRCULAR
Definition: evntrace.h:186
EXTERN_C ULONG WMIAPI StartTraceA(OUT PTRACEHANDLE TraceHandle, IN LPCSTR InstanceName, IN OUT PEVENT_TRACE_PROPERTIES Properties)
#define EVENT_TRACE_FILE_MODE_SEQUENTIAL
Definition: evntrace.h:185
ULONG64 TRACEHANDLE
Definition: evntrace.h:40
EXTERN_C ULONG WMIAPI ControlTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties, IN ULONG ControlCode)
WNODE_HEADER Wnode
Definition: evntrace.h:571
ULONG BufferSize
Definition: wmistr.h:6
GUID Guid
Definition: wmistr.h:23
ULONG Flags
Definition: wmistr.h:25
#define ERROR_SHARING_VIOLATION
Definition: winerror.h:135
#define ERROR_BAD_LENGTH
Definition: winerror.h:127
#define ERROR_BAD_PATHNAME
Definition: winerror.h:233
#define WNODE_FLAG_TRACED_GUID
Definition: wmistr.h:43

Referenced by START_TEST().

Variable Documentation

◆ DWORD

DWORD *static DWORD

Definition at line 36 of file eventlog.c.

◆ eventlogfile

char eventlogfile[MAX_PATH]
static

Definition at line 1050 of file eventlog.c.

Referenced by cleanup_eventlog(), and test_autocreation().

◆ eventlogname

const char eventlogname[] = "Wine"
static

◆ eventlogsvc

const char eventlogsvc[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog"
static

Definition at line 651 of file eventlog.c.

Referenced by cleanup_eventlog(), create_new_eventlog(), and test_autocreation().

◆ eventsources

const char eventsources[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" }
static

Definition at line 653 of file eventlog.c.

Referenced by cleanup_eventlog(), create_new_eventlog(), and test_autocreation().

◆ evt_cat

WORD evt_cat

Definition at line 711 of file eventlog.c.

Referenced by test_readwrite().

◆ evt_id

DWORD evt_id

Definition at line 712 of file eventlog.c.

Referenced by test_readwrite().

◆ evt_numstrings

WORD evt_numstrings

Definition at line 714 of file eventlog.c.

Referenced by test_readwrite().

◆ evt_sid

BOOL evt_sid

Definition at line 713 of file eventlog.c.

◆ evt_src

const char* evt_src

Definition at line 709 of file eventlog.c.

Referenced by test_readwrite().

◆ evt_strings

const char** evt_strings

Definition at line 715 of file eventlog.c.

Referenced by test_readwrite().

◆ evt_type

WORD evt_type

Definition at line 710 of file eventlog.c.

Referenced by test_readwrite(), and UDFEjectReqWaiter().

◆ LPDWORD

Definition at line 36 of file eventlog.c.

◆ LPSTR

Definition at line 38 of file eventlog.c.

◆ LPVOID

DWORD *static LPVOID

Definition at line 36 of file eventlog.c.

◆ one_string

const char* one_string[] = { "First string" }
static

Definition at line 705 of file eventlog.c.

◆ PSID

Definition at line 35 of file eventlog.c.

◆ 

const struct { ... } read_write[]
Initial value:
=
{
}
static const char * one_string[]
Definition: eventlog.c:705
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2834
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2838
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2836
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2837
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2835

Referenced by test_readwrite().

◆ two_strings

const char* two_strings[] = { "First string", "Second string" }
static

Definition at line 706 of file eventlog.c.

Referenced by test_readwrite().