ReactOS 0.4.16-dev-2332-g4cba65d
eventlog.c
Go to the documentation of this file.
1/*
2 * Unit tests for Event Logging functions
3 *
4 * Copyright (c) 2009 Paul Vriens
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21#include <stdarg.h>
22
23#include "initguid.h"
24#include "windef.h"
25#include "winbase.h"
26#include "winerror.h"
27#include "winnt.h"
28#include "winreg.h"
29#include "sddl.h"
30#include "wmistr.h"
31#include "evntprov.h"
32#include "evntrace.h"
33#include "netevent.h"
34
35#include "wine/test.h"
36
37static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE,PSID,PSID,DWORD*);
38static BOOL (WINAPI *pGetEventLogInformation)(HANDLE,DWORD,LPVOID,DWORD,LPDWORD);
39static ULONG (WINAPI *pEventRegister)(const GUID *,PENABLECALLBACK,void *,REGHANDLE *);
40static ULONG (WINAPI *pEventUnregister)(REGHANDLE);
41static ULONG (WINAPI *pEventWriteString)(REGHANDLE,UCHAR,ULONGLONG,const WCHAR *);
42
43static BOOL (WINAPI *pGetComputerNameExA)(COMPUTER_NAME_FORMAT,LPSTR,LPDWORD);
44static BOOL (WINAPI *pWow64DisableWow64FsRedirection)(PVOID *);
45static BOOL (WINAPI *pWow64RevertWow64FsRedirection)(PVOID);
46
47static void init_function_pointers(void)
48{
49 HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
50 HMODULE hkernel32 = GetModuleHandleA("kernel32.dll");
51
52 pCreateWellKnownSid = (void*)GetProcAddress(hadvapi32, "CreateWellKnownSid");
53 pGetEventLogInformation = (void*)GetProcAddress(hadvapi32, "GetEventLogInformation");
54 pEventWriteString = (void*)GetProcAddress(hadvapi32, "EventWriteString");
55 pEventRegister = (void*)GetProcAddress(hadvapi32, "EventRegister");
56 pEventUnregister = (void*)GetProcAddress(hadvapi32, "EventUnregister");
57
58 pGetComputerNameExA = (void*)GetProcAddress(hkernel32, "GetComputerNameExA");
59 pWow64DisableWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64DisableWow64FsRedirection");
60 pWow64RevertWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64RevertWow64FsRedirection");
61}
62
63static BOOL create_backup(const char *filename)
64{
65 HANDLE handle;
66 DWORD rc, attribs;
67
68 handle = OpenEventLogA(NULL, "Application");
69 if (!handle && (GetLastError() == ERROR_ACCESS_DENIED || GetLastError() == RPC_S_SERVER_UNAVAILABLE))
70 {
71 win_skip( "Can't open event log\n" );
72 return FALSE;
73 }
74 ok(handle != NULL, "OpenEventLogA(Application) failed : %ld\n", GetLastError());
75
76 DeleteFileA(filename);
77 rc = BackupEventLogA(handle, filename);
78 if (!rc && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
79 {
80 skip("insufficient privileges to backup the eventlog\n");
81 CloseEventLog(handle);
82 return FALSE;
83 }
84 ok(rc, "BackupEventLogA failed, le=%lu\n", GetLastError());
85 CloseEventLog(handle);
86
87 attribs = GetFileAttributesA(filename);
88 todo_wine
89 ok(attribs != INVALID_FILE_ATTRIBUTES, "Expected a backup file attribs=%#lx le=%lu\n", attribs, GetLastError());
90 return TRUE;
91}
92
93static void test_open_close(void)
94{
95 HANDLE handle;
96 BOOL ret;
97
98 SetLastError(0xdeadbeef);
99 ret = CloseEventLog(NULL);
100 ok(!ret, "Expected failure\n");
101 ok(GetLastError() == ERROR_INVALID_HANDLE ||
102 GetLastError() == ERROR_NOACCESS, /* W2K */
103 "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
104
105 SetLastError(0xdeadbeef);
106 handle = OpenEventLogA(NULL, NULL);
107 ok(handle == NULL, "OpenEventLogA() succeeded\n");
108 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
109
110 SetLastError(0xdeadbeef);
111 handle = OpenEventLogA("IDontExist", NULL);
112 ok(handle == NULL, "OpenEventLogA(IDontExist,) succeeded\n");
113 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
114
115 SetLastError(0xdeadbeef);
116 handle = OpenEventLogA("IDontExist", "deadbeef");
117 ok(handle == NULL, "OpenEventLogA(IDontExist,deadbeef) succeeded\n");
118 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
119 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
120 "Expected RPC_S_SERVER_UNAVAILABLE, got %ld\n", GetLastError());
121
122 /* This one opens the Application log */
123 handle = OpenEventLogA(NULL, "deadbeef");
124 ok(handle != NULL, "OpenEventLogA(deadbeef) failed : %ld\n", GetLastError());
125 ret = CloseEventLog(handle);
126 ok(ret, "Expected success : %ld\n", GetLastError());
127 /* Close a second time */
128 SetLastError(0xdeadbeef);
129 ret = CloseEventLog(handle);
130 todo_wine
131 {
132 ok(!ret, "Expected failure\n");
133 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
134 }
135
136 /* Empty servername should be read as local server */
137 handle = OpenEventLogA("", "Application");
138 ok(handle != NULL, "OpenEventLogA('',Application) failed : %ld\n", GetLastError());
139 CloseEventLog(handle);
140
141 handle = OpenEventLogA(NULL, "Application");
142 ok(handle != NULL, "OpenEventLogA(Application) failed : %ld\n", GetLastError());
143 CloseEventLog(handle);
144}
145
146static void test_info(void)
147{
148 HANDLE handle;
149 BOOL ret;
150 DWORD needed;
151 BYTE buffer[2 * sizeof(EVENTLOG_FULL_INFORMATION)];
152 EVENTLOG_FULL_INFORMATION *efi = (void *)buffer;
153
154 if (!pGetEventLogInformation)
155 {
156 /* NT4 */
157 win_skip("GetEventLogInformation is not available\n");
158 return;
159 }
160 SetLastError(0xdeadbeef);
161 ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL);
162 ok(!ret, "Expected failure\n");
163 ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %ld\n", GetLastError());
164
165 SetLastError(0xdeadbeef);
166 ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL);
167 ok(!ret, "Expected failure\n");
168 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
169
170 handle = OpenEventLogA(NULL, "Application");
171 ok(handle != NULL, "OpenEventLogA(Application) failed : %ld\n", GetLastError());
172
173 SetLastError(0xdeadbeef);
174 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL);
175 ok(!ret, "Expected failure\n");
176 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %ld\n", GetLastError());
177
178 SetLastError(0xdeadbeef);
179 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed);
180 ok(!ret, "Expected failure\n");
181 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %ld\n", GetLastError());
182
183 SetLastError(0xdeadbeef);
184 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, NULL);
185 ok(!ret, "Expected failure\n");
186 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %ld\n", GetLastError());
187
188 SetLastError(0xdeadbeef);
189 needed = 0xdeadbeef;
190 efi->dwFull = 0xdeadbeef;
191 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, &needed);
192 ok(!ret, "Expected failure\n");
193 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
194 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %ld\n", needed);
195 ok(efi->dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n");
196
197 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
198 efi->dwFull = 0xdeadbeef;
199 needed = sizeof(buffer);
200 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, needed, &needed);
201 ok(ret, "Expected success : %ld\n", GetLastError());
202 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %ld\n", needed);
203 ok(efi->dwFull == 0 || efi->dwFull == 1, "Expected 0 (not full) or 1 (full), got %ld\n", efi->dwFull);
204
205 CloseEventLog(handle);
206}
207
208static void test_count(void)
209{
210 HANDLE handle;
211 BOOL ret;
212 DWORD count;
213 const char backup[] = "backup.evt";
214
215 SetLastError(0xdeadbeef);
216 ret = GetNumberOfEventLogRecords(NULL, NULL);
217 ok(!ret, "Expected failure\n");
218 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
219
220 SetLastError(0xdeadbeef);
221 count = 0xdeadbeef;
222 ret = GetNumberOfEventLogRecords(NULL, &count);
223 ok(!ret, "Expected failure\n");
224 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
225 ok(count == 0xdeadbeef, "Expected count to stay unchanged\n");
226
227 handle = OpenEventLogA(NULL, "Application");
228 ok(handle != NULL, "OpenEventLogA(Application) failed : %ld\n", GetLastError());
229
230 SetLastError(0xdeadbeef);
231 ret = GetNumberOfEventLogRecords(handle, NULL);
232 ok(!ret, "Expected failure\n");
233 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
234
235 count = 0xdeadbeef;
236 ret = GetNumberOfEventLogRecords(handle, &count);
237 ok(ret, "Expected success : %ld\n", GetLastError());
238 ok(count != 0xdeadbeef, "Expected the number of records\n");
239
240 CloseEventLog(handle);
241
242 /* Make a backup eventlog to work with */
243 if (create_backup(backup))
244 {
245 handle = OpenBackupEventLogA(NULL, backup);
246 todo_wine
247 ok(handle != NULL, "Expected a handle, le=%ld\n", GetLastError());
248
249 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
250 count = 0xdeadbeef;
251 ret = GetNumberOfEventLogRecords(handle, &count);
252 todo_wine
253 {
254 ok(ret, "Expected success : %ld\n", GetLastError());
255 ok(count != 0xdeadbeef, "Expected the number of records\n");
256 }
257
258 CloseEventLog(handle);
259 DeleteFileA(backup);
260 }
261}
262
263static void test_oldest(void)
264{
265 HANDLE handle;
266 BOOL ret;
267 DWORD oldest;
268 const char backup[] = "backup.evt";
269
270 SetLastError(0xdeadbeef);
271 ret = GetOldestEventLogRecord(NULL, NULL);
272 ok(!ret, "Expected failure\n");
273 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
274
275 SetLastError(0xdeadbeef);
276 oldest = 0xdeadbeef;
277 ret = GetOldestEventLogRecord(NULL, &oldest);
278 ok(!ret, "Expected failure\n");
279 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
280 ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n");
281
282 handle = OpenEventLogA(NULL, "Application");
283 if (!handle && (GetLastError() == ERROR_ACCESS_DENIED || GetLastError() == RPC_S_SERVER_UNAVAILABLE))
284 {
285 win_skip( "Can't open event log\n" );
286 return;
287 }
288 ok(handle != NULL, "OpenEventLogA(Application) failed : %ld\n", GetLastError());
289
290 SetLastError(0xdeadbeef);
291 ret = GetOldestEventLogRecord(handle, NULL);
292 ok(!ret, "Expected failure\n");
293 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
294
295 oldest = 0xdeadbeef;
296 ret = GetOldestEventLogRecord(handle, &oldest);
297 ok(ret, "Expected success : %ld\n", GetLastError());
298 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
299
300 CloseEventLog(handle);
301
302 /* Make a backup eventlog to work with */
303 if (create_backup(backup))
304 {
305 handle = OpenBackupEventLogA(NULL, backup);
306 todo_wine
307 ok(handle != NULL, "Expected a handle\n");
308
309 /* Does GetOldestEventLogRecord work with backup eventlogs? */
310 oldest = 0xdeadbeef;
311 ret = GetOldestEventLogRecord(handle, &oldest);
312 todo_wine
313 {
314 ok(ret, "Expected success : %ld\n", GetLastError());
315 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
316 }
317
318 CloseEventLog(handle);
319 DeleteFileA(backup);
320 }
321}
322
323static void test_backup(void)
324{
325 HANDLE handle;
326 BOOL ret;
327 const char backup[] = "backup.evt";
328 const char backup2[] = "backup2.evt";
329
330 SetLastError(0xdeadbeef);
331 ret = BackupEventLogA(NULL, NULL);
332 ok(!ret, "Expected failure\n");
333 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
334
335 SetLastError(0xdeadbeef);
336 ret = BackupEventLogA(NULL, backup);
337 ok(!ret, "Expected failure\n");
338 ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
339
340 handle = OpenEventLogA(NULL, "Application");
341 if (!handle && (GetLastError() == ERROR_ACCESS_DENIED || GetLastError() == RPC_S_SERVER_UNAVAILABLE))
342 {
343 win_skip( "Can't open event log\n" );
344 return;
345 }
346 ok(handle != NULL, "OpenEventLogA(Application) failed : %ld\n", GetLastError());
347
348 SetLastError(0xdeadbeef);
349 ret = BackupEventLogA(handle, NULL);
350 ok(!ret, "Expected failure\n");
351 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
352
353 ret = BackupEventLogA(handle, backup);
354 if (!ret && GetLastError() == ERROR_PRIVILEGE_NOT_HELD)
355 {
356 skip("insufficient privileges for backup tests\n");
357 CloseEventLog(handle);
358 return;
359 }
360 ok(ret, "Expected success : %ld\n", GetLastError());
361 todo_wine
362 ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
363
364 /* Try to overwrite */
365 SetLastError(0xdeadbeef);
366 ret = BackupEventLogA(handle, backup);
367 todo_wine
368 {
369 ok(!ret, "Expected failure\n");
370 ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %ld\n", GetLastError());
371 }
372
373 CloseEventLog(handle);
374
375 /* Can we make a backup of a backup? */
376 handle = OpenBackupEventLogA(NULL, backup);
377 todo_wine
378 ok(handle != NULL, "Expected a handle\n");
379
380 ret = BackupEventLogA(handle, backup2);
381 todo_wine
382 {
383 ok(ret, "Expected success : %ld\n", GetLastError());
384 ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
385 }
386
387 CloseEventLog(handle);
388 DeleteFileA(backup);
389 DeleteFileA(backup2);
390}
391
392static void test_read(void)
393{
394 HANDLE handle;
395 BOOL ret;
396 DWORD count, toread, read, needed;
397 void *buf;
398
399 SetLastError(0xdeadbeef);
400 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL);
401 ok(!ret, "Expected failure\n");
402 todo_wine
403 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
404
405 read = 0xdeadbeef;
406 SetLastError(0xdeadbeef);
407 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL);
408 ok(!ret, "Expected failure\n");
409 ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
410 todo_wine
411 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
412
413 needed = 0xdeadbeef;
414 SetLastError(0xdeadbeef);
415 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed);
416 ok(!ret, "Expected failure\n");
417 ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
418 todo_wine
419 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
420
421 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
422 SetLastError(0xdeadbeef);
423 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed);
424 ok(!ret, "Expected failure\n");
425 todo_wine
426 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
427
428 SetLastError(0xdeadbeef);
429 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, NULL, NULL);
430 ok(!ret, "Expected failure\n");
431 todo_wine
432 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
433
434 SetLastError(0xdeadbeef);
435 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, &read, &needed);
436 ok(!ret, "Expected failure\n");
437 todo_wine
438 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
439
440 buf = NULL;
441 SetLastError(0xdeadbeef);
442 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
443 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
444 ok(!ret, "Expected failure\n");
445 todo_wine
446 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
447
448 buf = malloc(sizeof(EVENTLOGRECORD));
449 SetLastError(0xdeadbeef);
450 ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
451 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
452 ok(!ret, "Expected failure\n");
453 todo_wine
454 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
455 free(buf);
456
457 handle = OpenEventLogA(NULL, "Application");
458 if (!handle && (GetLastError() == ERROR_ACCESS_DENIED || GetLastError() == RPC_S_SERVER_UNAVAILABLE))
459 {
460 win_skip( "Can't open event log\n" );
461 return;
462 }
463 ok(handle != NULL, "OpenEventLogA(Application) failed : %ld\n", GetLastError());
464
465 /* Show that we need the proper dwFlags with a (for the rest) proper call */
466 buf = malloc(sizeof(EVENTLOGRECORD));
467
468 SetLastError(0xdeadbeef);
469 ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
470 ok(!ret, "Expected failure\n");
471 todo_wine
472 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
473
474 SetLastError(0xdeadbeef);
475 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
476 ok(!ret, "Expected failure\n");
477 todo_wine
478 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
479
480 SetLastError(0xdeadbeef);
481 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
482 ok(!ret, "Expected failure\n");
483 todo_wine
484 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
485
486 SetLastError(0xdeadbeef);
487 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
488 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
489 ok(!ret, "Expected failure\n");
490 todo_wine
491 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
492
493 SetLastError(0xdeadbeef);
494 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ,
495 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
496 ok(!ret, "Expected failure\n");
497 todo_wine
498 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
499
500 SetLastError(0xdeadbeef);
501 ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
502 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
503 ok(!ret, "Expected failure\n");
504 todo_wine
505 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
506
507 free(buf);
508
509 /* First check if there are any records (in practice only on Wine: FIXME) */
510 count = 0;
511 GetNumberOfEventLogRecords(handle, &count);
512 if (!count)
513 {
514 skip("No records in the 'Application' log\n");
515 CloseEventLog(handle);
516 return;
517 }
518
519 /* Get the buffer size for the first record */
520 buf = malloc(sizeof(EVENTLOGRECORD));
521 read = needed = 0xdeadbeef;
522 SetLastError(0xdeadbeef);
523 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
524 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
525 ok(!ret, "Expected failure\n");
526 ok(read == 0, "Expected no bytes read\n");
527 ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
528 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
529
530 /* Read the first record */
531 toread = needed;
532 buf = realloc(buf, toread);
533 read = needed = 0xdeadbeef;
534 SetLastError(0xdeadbeef);
535 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, toread, &read, &needed);
536 ok(ret, "Expected success : %ld\n", GetLastError());
537 ok(read == toread ||
538 broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */
539 "Expected the requested size to be read\n");
540 ok(needed == 0, "Expected no extra bytes to be read\n");
541 free(buf);
542
543 CloseEventLog(handle);
544}
545
546static void test_openbackup(void)
547{
548 HANDLE handle, handle2, file;
549 DWORD written;
550 const char backup[] = "backup.evt";
551 const char text[] = "Just some text";
552
553 SetLastError(0xdeadbeef);
554 handle = OpenBackupEventLogA(NULL, NULL);
555 ok(handle == NULL, "Didn't expect a handle\n");
556 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
557
558 SetLastError(0xdeadbeef);
559 handle = OpenBackupEventLogA(NULL, "idontexist.evt");
560 ok(handle == NULL, "Didn't expect a handle\n");
561 ok(GetLastError() == ERROR_FILE_NOT_FOUND ||
562 GetLastError() == ERROR_ACCESS_DENIED ||
563 GetLastError() == RPC_S_SERVER_UNAVAILABLE,
564 "got %ld\n", GetLastError());
565
566 SetLastError(0xdeadbeef);
567 handle = OpenBackupEventLogA("IDontExist", NULL);
568 ok(handle == NULL, "Didn't expect a handle\n");
569 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
570
571 SetLastError(0xdeadbeef);
572 handle = OpenBackupEventLogA("IDontExist", "idontexist.evt");
573 ok(handle == NULL, "Didn't expect a handle\n");
574 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
575 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
576 "Expected RPC_S_SERVER_UNAVAILABLE, got %ld\n", GetLastError());
577
578 /* Make a backup eventlog to work with */
579 if (create_backup(backup))
580 {
581 /* FIXME: Wine stops here */
582 if (GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES)
583 {
584 skip("We don't have a backup eventlog to work with\n");
585 return;
586 }
587
588 SetLastError(0xdeadbeef);
589 handle = OpenBackupEventLogA("IDontExist", backup);
590 ok(handle == NULL, "Didn't expect a handle\n");
591 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
592 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
593 "Expected RPC_S_SERVER_UNAVAILABLE, got %ld\n", GetLastError());
594
595 /* Empty servername should be read as local server */
596 handle = OpenBackupEventLogA("", backup);
597 ok(handle != NULL, "Expected a handle\n");
598 CloseEventLog(handle);
599
600 handle = OpenBackupEventLogA(NULL, backup);
601 ok(handle != NULL, "Expected a handle\n");
602
603 /* Can we open that same backup eventlog more than once? */
604 handle2 = OpenBackupEventLogA(NULL, backup);
605 ok(handle2 != NULL, "Expected a handle\n");
606 ok(handle2 != handle, "Didn't expect the same handle\n");
607 CloseEventLog(handle2);
608
609 CloseEventLog(handle);
610 DeleteFileA(backup);
611 }
612
613 /* Is there any content checking done? */
614 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
615 CloseHandle(file);
616 SetLastError(0xdeadbeef);
617 handle = OpenBackupEventLogA(NULL, backup);
618 ok(handle == NULL, "Didn't expect a handle\n");
619 ok(GetLastError() == ERROR_NOT_ENOUGH_MEMORY ||
620 GetLastError() == ERROR_ACCESS_DENIED ||
621 GetLastError() == RPC_S_SERVER_UNAVAILABLE ||
622 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, /* Vista and Win7 */
623 "got %ld\n", GetLastError());
624 CloseEventLog(handle);
625 DeleteFileA(backup);
626
627 file = CreateFileA(backup, GENERIC_WRITE, 0, NULL, CREATE_NEW, 0, NULL);
628 WriteFile(file, text, sizeof(text), &written, NULL);
629 CloseHandle(file);
630 SetLastError(0xdeadbeef);
631 handle = OpenBackupEventLogA(NULL, backup);
632 ok(handle == NULL, "Didn't expect a handle\n");
633 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT ||
634 GetLastError() == ERROR_ACCESS_DENIED ||
635 GetLastError() == RPC_S_SERVER_UNAVAILABLE,
636 "got %ld\n", GetLastError());
637 CloseEventLog(handle);
638 DeleteFileA(backup);
639}
640
641static void test_clear(void)
642{
643 HANDLE handle;
644 BOOL ret;
645 const char backup[] = "backup.evt";
646 const char backup2[] = "backup2.evt";
647
648 SetLastError(0xdeadbeef);
649 ret = ClearEventLogA(NULL, NULL);
650 ok(!ret, "Expected failure\n");
651 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
652
653 /* Make a backup eventlog to work with */
654 if (!create_backup(backup))
655 return;
656
657 SetLastError(0xdeadbeef);
658 ret = ClearEventLogA(NULL, backup);
659 ok(!ret, "Expected failure\n");
660 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
661
662 handle = OpenBackupEventLogA(NULL, backup);
663 todo_wine
664 ok(handle != NULL, "Expected a handle\n");
665
666 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
667 SetLastError(0xdeadbeef);
668 ret = ClearEventLogA(handle, backup);
669 ok(!ret, "Expected failure\n");
670 /* The eventlog service runs under an account that doesn't have the necessary
671 * permissions on the users home directory on a default Vista+ system.
672 */
673 ok(GetLastError() == ERROR_INVALID_HANDLE ||
674 GetLastError() == ERROR_ACCESS_DENIED, /* Vista+ */
675 "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
676
677 /* Show that ClearEventLog only works for real eventlogs. */
678 SetLastError(0xdeadbeef);
679 ret = ClearEventLogA(handle, backup2);
680 ok(!ret, "Expected failure\n");
681 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
682 ok(GetFileAttributesA(backup2) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
683
684 SetLastError(0xdeadbeef);
685 ret = ClearEventLogA(handle, NULL);
686 ok(!ret, "Expected failure\n");
687 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %ld\n", GetLastError());
688
689 CloseEventLog(handle);
690 todo_wine
691 ok(DeleteFileA(backup), "Could not delete the backup file\n");
692}
693
694static const char eventlogsvc[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
695static const char eventlogname[] = "Wine";
696static const char eventsources[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
697
698static BOOL create_new_eventlog(void)
699{
700 HKEY key, eventkey;
701 BOOL bret = FALSE;
702 LONG lret;
703 DWORD i;
704
705 /* First create our eventlog */
706 lret = RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
707 if (lret != ERROR_SUCCESS)
708 {
709 skip("Could not open the EventLog service registry key\n");
710 return FALSE;
711 }
712 lret = RegCreateKeyA(key, eventlogname, &eventkey);
713 if (lret != ERROR_SUCCESS)
714 {
715 skip("Could not create the eventlog '%s' registry key\n", eventlogname);
716 goto cleanup;
717 }
718
719 /* Create some event sources, the registry value 'Sources' is updated automatically */
720 for (i = 0; i < ARRAY_SIZE(eventsources); i++)
721 {
722 HKEY srckey;
723
724 lret = RegCreateKeyA(eventkey, eventsources[i], &srckey);
725 if (lret != ERROR_SUCCESS)
726 {
727 skip("Could not create the eventsource '%s' registry key\n", eventsources[i]);
728 goto cleanup;
729 }
730 RegFlushKey(srckey);
731 RegCloseKey(srckey);
732 }
733
734 bret = TRUE;
735
736 /* The flushing of the registry (here and above) gives us some assurance
737 * that we are not to quickly writing events as 'Sources' could still be
738 * not updated.
739 */
740 RegFlushKey(eventkey);
741cleanup:
742 RegCloseKey(eventkey);
743 RegCloseKey(key);
744
745 return bret;
746}
747
748static const char *one_string[] = { "First string" };
749static const char *two_strings[] = { "First string", "Second string" };
750static const struct
751{
752 const char *evt_src;
753 WORD evt_type;
754 WORD evt_cat;
755 DWORD evt_id;
756 BOOL evt_sid;
757 WORD evt_numstrings;
758 const char **evt_strings;
759} read_write [] =
760{
761 { eventlogname, EVENTLOG_INFORMATION_TYPE, 1, 1, FALSE, 1, one_string },
762 { eventsources[0], EVENTLOG_WARNING_TYPE, 1, 2, FALSE, 0, NULL },
763 { eventsources[1], EVENTLOG_AUDIT_FAILURE, 1, 3, FALSE, 2, two_strings },
764 { eventsources[2], EVENTLOG_ERROR_TYPE, 1, 4, FALSE, 0, NULL },
765 { eventsources[3], EVENTLOG_WARNING_TYPE, 1, 5, FALSE, 1, one_string },
766 { eventlogname, EVENTLOG_SUCCESS, 2, 6, TRUE, 2, two_strings },
767 { eventsources[0], EVENTLOG_AUDIT_FAILURE, 2, 7, TRUE, 0, NULL },
768 { eventsources[1], EVENTLOG_AUDIT_SUCCESS, 2, 8, TRUE, 2, two_strings },
769 { eventsources[2], EVENTLOG_WARNING_TYPE, 2, 9, TRUE, 0, NULL },
770 { eventsources[3], EVENTLOG_ERROR_TYPE, 2, 10, TRUE, 1, one_string }
771};
772
773static void test_readwrite(void)
774{
775 HANDLE handle;
776 PSID user;
777 DWORD sidsize, count;
778 BOOL ret, sidavailable;
779 BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
780 DWORD i;
781 char *localcomputer = NULL;
782 DWORD size;
783 void* buf;
784
785 if (pCreateWellKnownSid)
786 {
787 sidsize = SECURITY_MAX_SID_SIZE;
788 user = malloc(sidsize);
789 SetLastError(0xdeadbeef);
790 pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
791 sidavailable = TRUE;
792 }
793 else
794 {
795 win_skip("Skipping some SID related tests\n");
796 sidavailable = FALSE;
797 user = NULL;
798 }
799
800 /* Write an event with an incorrect event type. This will fail on Windows 7
801 * but succeed on all others, hence it's not part of the struct.
802 */
803 handle = OpenEventLogA(NULL, eventlogname);
804 if (!handle)
805 {
806 /* Intermittently seen on NT4 when tests are run immediately after boot */
807 win_skip("Could not get a handle to the eventlog\n");
808 goto cleanup;
809 }
810
811 count = 0xdeadbeef;
812 GetNumberOfEventLogRecords(handle, &count);
813 if (count != 0)
814 {
815 /* Needed for W2K3 without a service pack */
816 win_skip("We most likely opened the Application eventlog\n");
817 CloseEventLog(handle);
818 Sleep(2000);
819
820 handle = OpenEventLogA(NULL, eventlogname);
821 ok(handle != NULL, "OpenEventLogA(%s) failed : %ld\n", eventlogname, GetLastError());
822 count = 0xdeadbeef;
823 GetNumberOfEventLogRecords(handle, &count);
824 if (count != 0)
825 {
826 win_skip("We didn't open our new eventlog\n");
827 CloseEventLog(handle);
828 goto cleanup;
829 }
830 }
831
832 SetLastError(0xdeadbeef);
833 ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
834 if (!ret && GetLastError() == ERROR_CRC)
835 {
836 win_skip("Win7 fails when using incorrect event types\n");
837 ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
838 ok(ret, "Expected success : %ld\n", GetLastError());
839 }
840 else
841 {
842 void *buf;
843 DWORD read, needed = 0;
844 EVENTLOGRECORD *record;
845
846 ok(ret, "Expected success : %ld\n", GetLastError());
847
848 /* Needed to catch earlier Vista (with no ServicePack for example) */
849 buf = malloc(sizeof(EVENTLOGRECORD));
850 if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
851 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
852 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
853 {
854 buf = realloc(buf, needed);
855 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
856 0, buf, needed, &read, &needed);
857 }
858 if (ret)
859 {
860 record = (EVENTLOGRECORD *)buf;
861
862 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
863 * the written eventtype (0x20 in this case).
864 */
865 if (record->EventType == EVENTLOG_SUCCESS)
866 on_vista = TRUE;
867 }
868 free(buf);
869 }
870
871 /* This will clear the eventlog. The record numbering for new
872 * events however differs on Vista SP1+. Before Vista the first
873 * event would be numbered 1, on Vista SP1+ it's higher as we already
874 * had at least one event (more in case of multiple test runs without
875 * a reboot).
876 */
877 ClearEventLogA(handle, NULL);
878 CloseEventLog(handle);
879
880 /* Write a bunch of events while using different event sources */
881 for (i = 0; i < ARRAY_SIZE(read_write); i++)
882 {
883 DWORD oldest;
884 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
885
886 winetest_push_context("%lu:%s", i, read_write[i].evt_src);
887
888 /* We don't need to use RegisterEventSource to report events */
889 if (i % 2)
890 handle = OpenEventLogA(NULL, read_write[i].evt_src);
891 else
892 handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
893 ok(handle != NULL, "Expected a handle\n");
894
895 SetLastError(0xdeadbeef);
896 ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat,
897 read_write[i].evt_id, run_sidtests ? user : NULL,
898 read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
899 ok(ret, "Expected ReportEvent success : %ld\n", GetLastError());
900
901 count = 0xdeadbeef;
902 SetLastError(0xdeadbeef);
903 ret = GetNumberOfEventLogRecords(handle, &count);
904 ok(ret, "Expected GetNumberOfEventLogRecords success : %ld\n", GetLastError());
905 todo_wine
906 ok(count == (i + 1), "Expected %ld records, got %ld\n", i + 1, count);
907
908 oldest = 0xdeadbeef;
909 ret = GetOldestEventLogRecord(handle, &oldest);
910 ok(ret, "Expected GetOldestEventLogRecord success : %ld\n", GetLastError());
911 todo_wine
912 ok(oldest == 1 ||
913 (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
914 "Expected oldest to be 1 or higher, got %ld\n", oldest);
915 if (oldest > 1 && oldest != 0xdeadbeef)
916 on_vista = TRUE;
917
918 SetLastError(0xdeadbeef);
919 if (i % 2)
920 ret = CloseEventLog(handle);
921 else
922 ret = DeregisterEventSource(handle);
923 ok(ret, "Expected success : %ld\n", GetLastError());
924 winetest_pop_context();
925 }
926
927 handle = OpenEventLogA(NULL, eventlogname);
928 ok(handle != NULL, "OpenEventLogA(%s) failed : %ld\n", eventlogname, GetLastError());
929 count = 0xdeadbeef;
930 ret = GetNumberOfEventLogRecords(handle, &count);
931 ok(ret, "Expected success : %ld\n", GetLastError());
932 todo_wine
933 ok(count == i, "Expected %ld records, got %ld\n", i, count);
934 CloseEventLog(handle);
935
936 if (count == 0)
937 {
938 skip("No events were written to the eventlog\n");
939 goto cleanup;
940 }
941
942 /* Report only once */
943 if (on_vista)
944 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
945
946 if (on_vista && pGetComputerNameExA)
947 {
948 /* New Vista+ behavior */
949 size = 0;
950 SetLastError(0xdeadbeef);
951 pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
952 localcomputer = malloc(size);
953 pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
954 }
955 else
956 {
957 size = MAX_COMPUTERNAME_LENGTH + 1;
958 localcomputer = malloc(size);
959 GetComputerNameA(localcomputer, &size);
960 }
961
962 /* Read all events from our created eventlog, one by one */
963 handle = OpenEventLogA(NULL, eventlogname);
964 ok(handle != NULL, "OpenEventLogA(%s) failed : %ld\n", eventlogname, GetLastError());
965 i = 0;
966 size = sizeof(EVENTLOGRECORD) + 128;
967 buf = malloc(size);
968 for (;;)
969 {
970 DWORD read, needed;
971 EVENTLOGRECORD *record;
972 char *sourcename, *computername;
973 int k;
974 char *ptr;
975 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
976
977 winetest_push_context("%lu", i);
978
979 SetLastError(0xdeadbeef);
980 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
981 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
982 ok(!ret, "Expected failure\n");
983 if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
984 {
985 ok(GetLastError() == ERROR_HANDLE_EOF, "record %ld, got %ld\n", i, GetLastError());
986 winetest_pop_context();
987 break;
988 }
989
990 if (needed > size)
991 {
992 free(buf);
993 size = needed;
994 buf = malloc(size);
995 }
996 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
997 0, buf, needed, &read, &needed);
998 ok(ret, "Expected success: %ld\n", GetLastError());
999 if (!ret)
1000 {
1001 winetest_pop_context();
1002 break;
1003 }
1004 record = (EVENTLOGRECORD *)buf;
1005
1006 ok(record->Length == read,
1007 "Expected %ld, got %ld\n", read, record->Length);
1008 ok(record->Reserved == 0x654c664c,
1009 "Expected 0x654c664c, got %ld\n", record->Reserved);
1010 ok(record->RecordNumber == i + 1 ||
1011 (on_vista && (record->RecordNumber > i + 1)),
1012 "Expected %ld or higher, got %ld\n", i + 1, record->RecordNumber);
1013 ok(record->EventID == read_write[i].evt_id,
1014 "Expected %ld, got %ld\n", read_write[i].evt_id, record->EventID);
1015 ok(record->EventType == read_write[i].evt_type,
1016 "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
1017 ok(record->NumStrings == read_write[i].evt_numstrings,
1018 "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
1019 ok(record->EventCategory == read_write[i].evt_cat,
1020 "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
1021
1022 sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
1023 ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
1024 read_write[i].evt_src, sourcename);
1025
1026 computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
1027 ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
1028 localcomputer, computername);
1029
1030 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
1031 * no padding was actually required a 0 DWORD was still used for padding. No
1032 * application should be relying on the padding as we are working with offsets
1033 * anyway.
1034 */
1035
1036 if (!on_vista)
1037 {
1038 DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
1039
1040 /* We are already DWORD aligned, there should still be some padding */
1041 if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
1042 ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
1043
1044 ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
1045 }
1046
1047 if (run_sidtests)
1048 {
1049 ok(record->UserSidLength == sidsize, "Expected %ld, got %ld\n", sidsize, record->UserSidLength);
1050 }
1051 else
1052 {
1053 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
1054 ok(record->UserSidLength == 0, "Expected 0, got %ld\n", record->UserSidLength);
1055 }
1056
1057 ok(record->DataLength == 0, "Expected 0, got %ld\n", record->DataLength);
1058
1059 ptr = (char *)((BYTE *)buf + record->StringOffset);
1060 for (k = 0; k < record->NumStrings; k++)
1061 {
1062 ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
1063 ptr += lstrlenA(ptr) + 1;
1064 }
1065
1066 ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
1067 "Expected the closing DWORD to contain the length of the record\n");
1068
1069 winetest_pop_context();
1070 i++;
1071 }
1072 free(buf);
1073 CloseEventLog(handle);
1074
1075 /* Test clearing a real eventlog */
1076 handle = OpenEventLogA(NULL, eventlogname);
1077 ok(handle != NULL, "OpenEventLogA(%s) failed : %ld\n", eventlogname, GetLastError());
1078
1079 SetLastError(0xdeadbeef);
1080 ret = ClearEventLogA(handle, NULL);
1081 ok(ret, "Expected success : %ld\n", GetLastError());
1082
1083 count = 0xdeadbeef;
1084 ret = GetNumberOfEventLogRecords(handle, &count);
1085 ok(ret, "Expected success : %ld\n", GetLastError());
1086 ok(count == 0, "Expected an empty eventlog, got %ld records\n", count);
1087
1088 CloseEventLog(handle);
1089
1090cleanup:
1091 free(localcomputer);
1092 free(user);
1093}
1094
1095/* Before Vista:
1096 *
1097 * Creating an eventlog on Windows (via the registry) automatically leads
1098 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1099 * potential event sources for this eventlog. 'Sources' is automatically
1100 * updated when a new key (aka event source) is created.
1101 *
1102 * Although the updating of registry keys is almost instantaneously, we
1103 * check it after some other tests to assure we are not querying the
1104 * registry or file system to quickly.
1105 *
1106 * NT4 and higher:
1107 *
1108 * The eventlog file itself is also automatically created, even before we
1109 * start writing events.
1110 */
1111static char eventlogfile[MAX_PATH];
1112static void test_autocreation(void)
1113{
1114 HKEY key, eventkey;
1115 DWORD type, size;
1116 LONG ret;
1117 int i;
1118 char *p;
1119 char sources[sizeof(eventsources)];
1120 char sysdir[MAX_PATH];
1121 void *redir = 0;
1122
1123 RegOpenKeyA(HKEY_LOCAL_MACHINE, eventlogsvc, &key);
1124 RegOpenKeyA(key, eventlogname, &eventkey);
1125
1126 size = sizeof(sources);
1127 sources[0] = 0;
1128 ret = RegQueryValueExA(eventkey, "Sources", NULL, &type, (LPBYTE)sources, &size);
1129 if (ret == ERROR_SUCCESS)
1130 {
1131 char sources_verify[sizeof(eventsources)];
1132
1133 ok(type == REG_MULTI_SZ, "Expected a REG_MULTI_SZ, got %ld\n", type);
1134
1135 /* Build the expected string */
1136 memset(sources_verify, 0, sizeof(sources_verify));
1137 p = sources_verify;
1138 for (i = ARRAY_SIZE(eventsources); i > 0; i--)
1139 {
1140 lstrcpyA(p, eventsources[i - 1]);
1141 p += (lstrlenA(eventsources[i - 1]) + 1);
1142 }
1143 lstrcpyA(p, eventlogname);
1144
1145 ok(!memcmp(sources, sources_verify, size),
1146 "Expected a correct 'Sources' value (size : %ld)\n", size);
1147 }
1148
1149 RegCloseKey(eventkey);
1150 RegCloseKey(key);
1151
1152 /* The directory that holds the eventlog files could be redirected */
1153 if (pWow64DisableWow64FsRedirection)
1154 pWow64DisableWow64FsRedirection(&redir);
1155
1156 /* On Windows we also automatically get an eventlog file */
1157 GetSystemDirectoryA(sysdir, sizeof(sysdir));
1158
1159 lstrcpyA(eventlogfile, sysdir);
1160 lstrcatA(eventlogfile, "\\winevt\\Logs\\");
1161 lstrcatA(eventlogfile, eventlogname);
1162 lstrcatA(eventlogfile, ".evtx");
1163
1164 if (pWow64RevertWow64FsRedirection)
1165 pWow64RevertWow64FsRedirection(redir);
1166}
1167
1168static void cleanup_eventlog(void)
1169{
1170 BOOL bret;
1171 LONG lret;
1172 HKEY key;
1173 DWORD i;
1174 char winesvc[MAX_PATH];
1175
1176 /* Delete the registry tree */
1177 lstrcpyA(winesvc, eventlogsvc);
1178 lstrcatA(winesvc, "\\");
1179 lstrcatA(winesvc, eventlogname);
1180
1181 RegOpenKeyA(HKEY_LOCAL_MACHINE, winesvc, &key);
1182 for (i = 0; i < ARRAY_SIZE(eventsources); i++)
1183 RegDeleteKeyA(key, eventsources[i]);
1184 RegDeleteValueA(key, "Sources");
1185 RegCloseKey(key);
1186 lret = RegDeleteKeyA(HKEY_LOCAL_MACHINE, winesvc);
1187 ok(lret == ERROR_SUCCESS, "Could not delete the registry tree : %ld\n", lret);
1188
1189 /* A handle to the eventlog is locked by services.exe. We can only
1190 * delete the eventlog file after reboot.
1191 */
1192 bret = MoveFileExA(eventlogfile, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
1193 ok(bret, "Expected MoveFileEx to succeed: %ld\n", GetLastError());
1194}
1195
1196static void test_trace_event_params(void)
1197{
1198 static const WCHAR emptyW[] = {0};
1199 static const GUID test_guid = {0x57696E65, 0x0000, 0x0000, {0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x01}};
1200
1201 REGHANDLE reg_handle;
1202 ULONG uret;
1203
1204 if (!pEventRegister)
1205 {
1206 win_skip("advapi32.EventRegister is missing, skipping trace event tests\n");
1207 return;
1208 }
1209
1210 uret = pEventRegister(NULL, NULL, NULL, &reg_handle);
1211 todo_wine ok(uret == ERROR_INVALID_PARAMETER, "EventRegister gave wrong error: %#lx\n", uret);
1212
1213 uret = pEventRegister(&test_guid, NULL, NULL, NULL);
1214 ok(uret == ERROR_INVALID_PARAMETER, "EventRegister gave wrong error: %#lx\n", uret);
1215
1216 uret = pEventRegister(&test_guid, NULL, NULL, &reg_handle);
1217 ok(uret == ERROR_SUCCESS, "EventRegister gave wrong error: %#lx\n", uret);
1218
1219 uret = pEventWriteString(0, 0, 0, emptyW);
1220 todo_wine ok(uret == ERROR_INVALID_HANDLE, "EventWriteString gave wrong error: %#lx\n", uret);
1221
1222 uret = pEventWriteString(reg_handle, 0, 0, NULL);
1223 todo_wine ok(uret == ERROR_INVALID_PARAMETER, "EventWriteString gave wrong error: %#lx\n", uret);
1224
1225 uret = pEventUnregister(0);
1226 todo_wine ok(uret == ERROR_INVALID_HANDLE, "EventUnregister gave wrong error: %#lx\n", uret);
1227
1228 uret = pEventUnregister(reg_handle);
1229 ok(uret == ERROR_SUCCESS, "EventUnregister gave wrong error: %#lx\n", uret);
1230}
1231
1232static void test_start_trace(void)
1233{
1234 const char sessionname[] = "wine";
1235 const char filepath[] = "wine.etl";
1236 const char filepath2[] = "eniw.etl";
1237 EVENT_TRACE_PROPERTIES *properties;
1238 TRACEHANDLE handle;
1239 LONG buffersize;
1240 LONG ret;
1241
1242 buffersize = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname) + sizeof(filepath);
1243 properties = calloc(1, buffersize);
1244 properties->Wnode.BufferSize = buffersize;
1245 properties->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
1246 properties->LogFileMode = EVENT_TRACE_FILE_MODE_NONE;
1247 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1248 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1249 strcpy((char *)properties + properties->LogFileNameOffset, filepath);
1250
1251 properties->Wnode.BufferSize = 0;
1252 ret = StartTraceA(&handle, sessionname, properties);
1253 todo_wine
1254 ok(ret == ERROR_BAD_LENGTH ||
1255 ret == ERROR_INVALID_PARAMETER, /* XP and 2k3 */
1256 "Expected ERROR_BAD_LENGTH, got %ld\n", ret);
1257 properties->Wnode.BufferSize = buffersize;
1258
1259 ret = StartTraceA(&handle, "this name is too long", properties);
1260 todo_wine
1261 ok(ret == ERROR_BAD_LENGTH, "Expected ERROR_BAD_LENGTH, got %ld\n", ret);
1262
1263 ret = StartTraceA(&handle, sessionname, NULL);
1264 todo_wine
1265 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", ret);
1266
1267 ret = StartTraceA(NULL, sessionname, properties);
1268 todo_wine
1269 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", ret);
1270
1271 properties->LogFileNameOffset = 1;
1272 ret = StartTraceA(&handle, sessionname, properties);
1273 todo_wine
1274 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", ret);
1275 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1276
1277 properties->LoggerNameOffset = 1;
1278 ret = StartTraceA(&handle, sessionname, properties);
1279 todo_wine
1280 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", ret);
1281 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1282
1283 properties->LogFileMode = EVENT_TRACE_FILE_MODE_SEQUENTIAL | EVENT_TRACE_FILE_MODE_CIRCULAR;
1284 ret = StartTraceA(&handle, sessionname, properties);
1285 todo_wine
1286 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", ret);
1287 properties->LogFileMode = EVENT_TRACE_FILE_MODE_NONE;
1288 /* XP creates a file we can't delete, so change the filepath to something else */
1289 strcpy((char *)properties + properties->LogFileNameOffset, filepath2);
1290
1291 properties->Wnode.Guid = SystemTraceControlGuid;
1292 ret = StartTraceA(&handle, sessionname, properties);
1293 todo_wine
1294 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", ret);
1295 memset(&properties->Wnode.Guid, 0, sizeof(properties->Wnode.Guid));
1296
1297 properties->LogFileNameOffset = 0;
1298 ret = StartTraceA(&handle, sessionname, properties);
1299 todo_wine
1300 ok(ret == ERROR_BAD_PATHNAME, "Expected ERROR_BAD_PATHNAME, got %ld\n", ret);
1301 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1302
1303 ret = StartTraceA(&handle, sessionname, properties);
1304 if (ret == ERROR_ACCESS_DENIED)
1305 {
1306 skip("need admin rights\n");
1307 goto done;
1308 }
1309 ok(ret == ERROR_SUCCESS, "Expected success, got %ld\n", ret);
1310
1311 ret = StartTraceA(&handle, sessionname, properties);
1312 todo_wine
1313 ok(ret == ERROR_ALREADY_EXISTS ||
1314 ret == ERROR_SHARING_VIOLATION, /* 2k3 */
1315 "Expected ERROR_ALREADY_EXISTS, got %ld\n", ret);
1316
1317 /* clean up */
1318 ControlTraceA(handle, sessionname, properties, EVENT_TRACE_CONTROL_STOP);
1319done:
1320 free(properties);
1321 DeleteFileA(filepath);
1322}
1323
1324static BOOL read_record(HANDLE handle, DWORD flags, DWORD offset, EVENTLOGRECORD **record, DWORD *size)
1325{
1326 DWORD read, needed;
1327 BOOL ret;
1328
1329 SetLastError(0xdeadbeef);
1330 memset(*record, 0, *size);
1331 needed = 0;
1332 if (!(ret = ReadEventLogW(handle, flags, offset, *record, *size, &read, &needed)) &&
1333 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1334 {
1335 free(*record);
1336 *record = malloc(needed);
1337 SetLastError(0xdeadbeef);
1338 memset(*record, 0, needed);
1339 *size = needed;
1340 ret = ReadEventLogW(handle, flags, offset, *record, *size, &read, &needed);
1341 }
1342
1343 return ret;
1344}
1345
1346static void test_eventlog_start(void)
1347{
1348 BOOL ret, found;
1349 HANDLE handle, handle2;
1350 EVENTLOGRECORD *record, *record2;
1351 DWORD size, size2, count, count2, read, needed;
1352 WCHAR *sourcename, *computername, *localcomputer;
1353 char *sourcenameA, *computernameA, *localcomputerA;
1354
1355 /* ReadEventLogW */
1356 handle = OpenEventLogW(0, L"System");
1357 if (!handle && (GetLastError() == ERROR_ACCESS_DENIED || GetLastError() == RPC_S_SERVER_UNAVAILABLE))
1358 {
1359 win_skip( "Can't open System event log\n" );
1360 return;
1361 }
1362 ok(handle != NULL, "OpenEventLogW(System) failed : %ld\n", GetLastError());
1363 handle2 = OpenEventLogW(0, L"System");
1364 todo_wine ok(handle != handle2, "Expected different handle\n");
1365 CloseEventLog(handle2);
1366
1367 handle2 = OpenEventLogW(0, L"SYSTEM");
1368 ok(!!handle2, "Expected valid handle\n");
1369 CloseEventLog(handle2);
1370
1371 size = MAX_COMPUTERNAME_LENGTH + 1;
1372 localcomputer = malloc(size * sizeof(WCHAR));
1373 GetComputerNameW(localcomputer, &size);
1374
1375 ret = TRUE;
1376 found = FALSE;
1377 while (!found && ret)
1378 {
1379 read = needed = 0;
1380 record = malloc(sizeof(EVENTLOGRECORD));
1381 if (!(ret = ReadEventLogW(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
1382 0, record, sizeof(EVENTLOGRECORD), &read, &needed)) &&
1383 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1384 {
1385 record = realloc(record, needed);
1386 ret = ReadEventLogW(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
1387 0, record, needed, &read, &needed);
1388 ok(needed == 0, "Expected 0, got %ld\n", needed);
1389 }
1390 if (ret && record->EventID == EVENT_EventlogStarted)
1391 {
1392 ok(record->Length == read, "Expected %ld, got %ld\n", read, record->Length);
1393 ok(record->Reserved == 0x654c664c, "Expected 0x654c664c, got %ld\n", record->Reserved);
1394 ok(record->RecordNumber > 0, "Expected 1 or higher, got %ld\n", record->RecordNumber);
1395 ok(record->TimeGenerated == record->TimeWritten, "Expected time values to be the same\n");
1396 ok(record->EventType == EVENTLOG_INFORMATION_TYPE,
1397 "Expected %d, got %d\n", EVENTLOG_INFORMATION_TYPE, record->EventType);
1398#ifdef __REACTOS__
1399 ok(record->NumStrings == 0 || broken(GetNTVersion() <= _WIN32_WINNT_WS03), "Expected 0, got %d\n", record->NumStrings);
1400#else
1401 ok(record->NumStrings == 0, "Expected 0, got %d\n", record->NumStrings);
1402#endif
1403 ok(record->EventCategory == 0, "Expected 0, got %d\n", record->EventCategory);
1404 ok(record->ReservedFlags == 0, "Expected 0, got %d\n", record->ReservedFlags);
1405 ok(record->ClosingRecordNumber == 0, "Expected 0, got %ld\n", record->ClosingRecordNumber);
1406 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
1407 ok(record->UserSidLength == 0, "Expected 0, got %ld\n", record->UserSidLength);
1408#ifdef __REACTOS__
1409 ok(record->DataLength == 24 || broken(GetNTVersion() <= _WIN32_WINNT_WS03), "Expected 24, got %ld\n", record->DataLength);
1410 ok(record->DataOffset == record->UserSidOffset || broken(GetNTVersion() <= _WIN32_WINNT_WS03), "Expected offsets to be the same\n");
1411#else
1412 ok(record->DataLength == 24, "Expected 24, got %ld\n", record->DataLength);
1413 ok(record->DataOffset == record->UserSidOffset, "Expected offsets to be the same\n");
1414#endif
1415
1416 sourcename = (WCHAR *)(record + 1);
1417 ok(!lstrcmpW(sourcename, L"EventLog"),
1418 "Expected 'EventLog', got '%ls'\n", sourcename);
1419
1420 computername = sourcename + sizeof("EventLog");
1421 ok(!lstrcmpiW(computername, localcomputer), "Expected '%ls', got '%ls'\n",
1422 localcomputer, computername);
1423
1424 size = sizeof(EVENTLOGRECORD) + sizeof(L"EventLog") +
1425 (lstrlenW(computername) + 1) * sizeof(WCHAR);
1426 size = (size + 7) & ~7;
1427#ifdef __REACTOS__
1428 ok(record->DataOffset == size || broken(GetNTVersion() <= _WIN32_WINNT_WS03) ||
1429 broken(record->DataOffset == (sizeof(EVENTLOGRECORD) + sizeof(L"EventLog") + (lstrlenW(computername) + 1) * sizeof(WCHAR))) /* Vista */ ||
1430#else
1431 ok(record->DataOffset == size ||
1432#endif
1433 broken(record->DataOffset == size - sizeof(WCHAR)), /* win8 */
1434 "Expected %ld, got %ld\n", size, record->DataOffset);
1435
1436 found = TRUE;
1437 }
1438 free(record);
1439 }
1440 todo_wine ok(found, "EventlogStarted event not found\n");
1441 CloseEventLog(handle);
1442 free(localcomputer);
1443
1444 /* ReadEventLogA */
1445 size = MAX_COMPUTERNAME_LENGTH + 1;
1446 localcomputerA = malloc(size);
1447 GetComputerNameA(localcomputerA, &size);
1448
1449 handle = OpenEventLogA(0, "System");
1450 handle2 = OpenEventLogA(0, "SYSTEM");
1451 todo_wine ok(handle != handle2, "Expected different handle\n");
1452 CloseEventLog(handle2);
1453
1454 ret = TRUE;
1455 found = FALSE;
1456 while (!found && ret)
1457 {
1458 read = needed = 0;
1459 record = malloc(sizeof(EVENTLOGRECORD));
1460 if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
1461 0, record, sizeof(EVENTLOGRECORD), &read, &needed)) &&
1462 GetLastError() == ERROR_INSUFFICIENT_BUFFER)
1463 {
1464 record = realloc(record, needed);
1465 ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ,
1466 0, record, needed, &read, &needed);
1467 ok(needed == 0, "Expected 0, got %ld\n", needed);
1468 }
1469 if (ret && record->EventID == EVENT_EventlogStarted)
1470 {
1471 ok(record->Length == read, "Expected %ld, got %ld\n", read, record->Length);
1472 ok(record->Reserved == 0x654c664c, "Expected 0x654c664c, got %ld\n", record->Reserved);
1473 ok(record->RecordNumber > 0, "Expected 1 or higher, got %ld\n", record->RecordNumber);
1474 ok(record->TimeGenerated == record->TimeWritten, "Expected time values to be the same\n");
1475 ok(record->EventType == EVENTLOG_INFORMATION_TYPE,
1476 "Expected %d, got %d\n", EVENTLOG_INFORMATION_TYPE, record->EventType);
1477#ifdef __REACTOS__
1478 ok(record->NumStrings == 0 || broken(GetNTVersion() <= _WIN32_WINNT_WS03), "Expected 0, got %d\n", record->NumStrings);
1479#else
1480 ok(record->NumStrings == 0, "Expected 0, got %d\n", record->NumStrings);
1481#endif
1482 ok(record->EventCategory == 0, "Expected 0, got %d\n", record->EventCategory);
1483 ok(record->ReservedFlags == 0, "Expected 0, got %d\n", record->ReservedFlags);
1484 ok(record->ClosingRecordNumber == 0, "Expected 0, got %ld\n", record->ClosingRecordNumber);
1485 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
1486 ok(record->UserSidLength == 0, "Expected 0, got %ld\n", record->UserSidLength);
1487#ifdef __REACTOS__
1488 ok(record->DataLength == 24 || broken(GetNTVersion() <= _WIN32_WINNT_WS03), "Expected 24, got %ld\n", record->DataLength);
1489 ok(record->DataOffset == record->UserSidOffset || broken(GetNTVersion() <= _WIN32_WINNT_WS03), "Expected offsets to be the same\n");
1490#else
1491 ok(record->DataLength == 24, "Expected 24, got %ld\n", record->DataLength);
1492 ok(record->DataOffset == record->UserSidOffset, "Expected offsets to be the same\n");
1493#endif
1494
1495 sourcenameA = (char *)(record + 1);
1496 ok(!strcmp(sourcenameA, "EventLog"),
1497 "Expected 'EventLog', got '%s'\n", sourcenameA);
1498
1499 computernameA = sourcenameA + sizeof("EventLog");
1500 ok(!_stricmp(computernameA, localcomputerA), "Expected '%s', got '%s'\n",
1501 localcomputerA, computernameA);
1502
1503 size = sizeof(EVENTLOGRECORD) + sizeof("EventLog") + strlen(computernameA) + 1;
1504 size = (size + 7) & ~7;
1505#ifdef __REACTOS__
1506 ok(record->DataOffset == size || broken(GetNTVersion() <= _WIN32_WINNT_WS03) ||
1507 broken(record->DataOffset == (sizeof(EVENTLOGRECORD) + sizeof("EventLog") + strlen(computernameA) + 1)) /* Vista */ ||
1508#else
1509 ok(record->DataOffset == size ||
1510#endif
1511 broken(record->DataOffset == size - 1), /* win8 */
1512 "Expected %ld, got %ld\n", size, record->DataOffset);
1513
1514 found = TRUE;
1515 }
1516 free(record);
1517 }
1518 todo_wine ok(found, "EventlogStarted event not found\n");
1519 CloseEventLog(handle);
1520 free(localcomputerA);
1521
1522 /* SEQUENTIAL | FORWARDS - dwRecordOffset is ignored */
1523 handle = OpenEventLogW(0, L"System");
1524 size = sizeof(EVENTLOGRECORD) + 128;
1525 record = malloc(size);
1526 todo_wine {
1527 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 100, &record, &size);
1528 ok(ret, "Expected success : %ld\n", GetLastError());
1529#ifndef __REACTOS__ // Flaky on WS03 and Vista
1530 ok(record->RecordNumber == 1, "Expected 1, got %lu\n", record->RecordNumber);
1531#endif
1532 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 200, &record, &size);
1533 ok(ret, "Expected success : %ld\n", GetLastError());
1534#ifndef __REACTOS__ // Flaky on WS03 and Vista
1535 ok(record->RecordNumber == 2, "Expected 2, got %lu\n", record->RecordNumber);
1536#endif
1537
1538 /* change direction sequentially */
1539 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ, 300, &record, &size);
1540 ok(ret, "Expected success : %ld\n", GetLastError());
1541#ifndef __REACTOS__ // Flaky on WS03 and Vista
1542 ok(record->RecordNumber == 2, "Expected 2, got %lu\n", record->RecordNumber);
1543#endif
1544 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ, 400, &record, &size);
1545 ok(ret, "Expected success : %ld\n", GetLastError());
1546#ifndef __REACTOS__ // Flaky on WS03 and Vista
1547 ok(record->RecordNumber == 1, "Expected 1, got %lu\n", record->RecordNumber);
1548#endif
1549 }
1550
1551 /* changing how is an error */
1552 SetLastError(0xdeadbeef);
1553 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ, 0, &record, &size);
1554 ok(!ret, "Expected failure\n");
1555 todo_wine
1556 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
1557 CloseEventLog(handle);
1558
1559 /* SEQUENTIAL | BACKWARDS - dwRecordOffset is ignored */
1560 handle = OpenEventLogW(0, L"System");
1561 count = 0xdeadbeef;
1562 ret = GetNumberOfEventLogRecords(handle, &count);
1563 ok(ret, "Expected success : %ld\n", GetLastError());
1564 todo_wine
1565 ok(count, "Zero records in log\n");
1566
1567 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ, 100, &record, &size);
1568 todo_wine
1569 ok(ret, "Expected success : %ld\n", GetLastError());
1570#ifndef __REACTOS__ // Flaky on WS03 and Vista
1571 ok(record->RecordNumber == count, "Expected %lu, got %lu\n", count, record->RecordNumber);
1572#endif
1573 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ, 100, &record, &size);
1574 todo_wine {
1575 ok(ret, "Expected success : %ld\n", GetLastError());
1576#ifndef __REACTOS__ // Flaky on WS03 and Vista
1577 ok(record->RecordNumber == count - 1, "Expected %lu, got %lu\n", count - 1, record->RecordNumber);
1578#endif
1579 }
1580 CloseEventLog(handle);
1581
1582 handle = OpenEventLogW(0, L"System");
1583 /* SEEK | FORWARDS */
1584 /* bogus offset */
1585 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, 0, &record, &size);
1586 ok(!ret, "Expected failure\n");
1587 todo_wine
1588 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
1589
1590 count = 0xdeadbeef;
1591 ret = GetNumberOfEventLogRecords(handle, &count);
1592 ok(ret, "Expected success : %ld\n", GetLastError());
1593 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, count + 1, &record, &size);
1594#ifdef __REACTOS__
1595 ok(!ret || broken(GetNTVersion() == _WIN32_WINNT_VISTA), "Expected failure\n");
1596 todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER || broken(GetLastError() == ERROR_SUCCESS) /* Vista */, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
1597#else
1598 ok(!ret, "Expected failure\n");
1599 todo_wine
1600 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
1601#endif
1602
1603 todo_wine {
1604 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, 2, &record, &size);
1605#ifdef __REACTOS__
1606 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1607 ok(record->RecordNumber == 2 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 2, got %lu\n", record->RecordNumber);
1608#else
1609 ok(ret, "Expected success : %ld\n", GetLastError());
1610 ok(record->RecordNumber == 2, "Expected 2, got %lu\n", record->RecordNumber);
1611#endif
1612 /* skip one */
1613 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, 4, &record, &size);
1614#ifdef __REACTOS__
1615 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1616 ok(record->RecordNumber == 4 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 4, got %lu\n", record->RecordNumber);
1617#else
1618 ok(ret, "Expected success : %ld\n", GetLastError());
1619 ok(record->RecordNumber == 4, "Expected 4, got %lu\n", record->RecordNumber);
1620#endif
1621 /* seek an earlier one */
1622 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, 3, &record, &size);
1623#ifdef __REACTOS__
1624 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1625 ok(record->RecordNumber == 3 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 3, got %lu\n", record->RecordNumber);
1626#else
1627 ok(ret, "Expected success : %ld\n", GetLastError());
1628 ok(record->RecordNumber == 3, "Expected 3, got %lu\n", record->RecordNumber);
1629#endif
1630 /* change how */
1631 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 100, &record, &size);
1632 ok(ret, "Expected success : %ld\n", GetLastError());
1633#ifndef __REACTOS__ // Flaky on WS03 and Vista
1634 ok(record->RecordNumber == 4 || broken(record->RecordNumber == 5) /* some win10 22h2 */,
1635 "Expected 4, got %lu\n", record->RecordNumber);
1636#endif
1637 /* change direction */
1638 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ, 10, &record, &size);
1639#ifdef __REACTOS__
1640 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1641 ok(record->RecordNumber == 10 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 10, got %lu\n", record->RecordNumber);
1642#else
1643 ok(ret, "Expected success : %ld\n", GetLastError());
1644 ok(record->RecordNumber == 10, "Expected 10, got %lu\n", record->RecordNumber);
1645#endif
1646 }
1647 CloseEventLog(handle);
1648
1649 /* SEEK | BACKWARDS */
1650 handle = OpenEventLogW(0, L"system");
1651 /* bogus offset */
1652 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ, 0, &record, &size);
1653 ok(!ret, "Expected failure\n");
1654 todo_wine
1655 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
1656
1657 todo_wine {
1658 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ, 5, &record, &size);
1659#ifdef __REACTOS__
1660 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1661 ok(record->RecordNumber == 5 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 5, got %lu\n", record->RecordNumber);
1662#else
1663 ok(ret, "Expected success : %ld\n", GetLastError());
1664 ok(record->RecordNumber == 5, "Expected 5, got %lu\n", record->RecordNumber);
1665#endif
1666 /* skip one */
1667 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ, 3, &record, &size);
1668#ifdef __REACTOS__
1669 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1670 ok(record->RecordNumber == 3 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 3, got %lu\n", record->RecordNumber);
1671#else
1672 ok(ret, "Expected success : %ld\n", GetLastError());
1673 ok(record->RecordNumber == 3, "Expected 3, got %lu\n", record->RecordNumber);
1674#endif
1675 /* seek a later one */
1676 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_BACKWARDS_READ, 4, &record, &size);
1677#ifdef __REACTOS__
1678 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1679 ok(record->RecordNumber == 4 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 4, got %lu\n", record->RecordNumber);
1680#else
1681 ok(ret, "Expected success : %ld\n", GetLastError());
1682 ok(record->RecordNumber == 4, "Expected 4, got %lu\n", record->RecordNumber);
1683#endif
1684 /* change how */
1685 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ, 100, &record, &size);
1686 ok(ret, "Expected success : %ld\n", GetLastError());
1687#ifndef __REACTOS__ // Flaky on WS03 and Vista
1688 ok(record->RecordNumber == 3 || broken(record->RecordNumber == 2) /* some win10 22h2 */,
1689 "Expected 3, got %lu\n", record->RecordNumber);
1690#endif
1691 /* change direction */
1692 ret = read_record(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, 10, &record, &size);
1693#ifdef __REACTOS__
1694 ok(ret || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected success : %ld\n", GetLastError());
1695 ok(record->RecordNumber == 10 || broken(GetLastError() == ERROR_INVALID_PARAMETER) /* Vista */, "Expected 10, got %lu\n", record->RecordNumber);
1696#else
1697 ok(ret, "Expected success : %ld\n", GetLastError());
1698 ok(record->RecordNumber == 10, "Expected 10, got %lu\n", record->RecordNumber);
1699#endif
1700 }
1701 CloseEventLog(handle);
1702
1703 /* reading same log with different handles */
1704 handle = OpenEventLogW(0, L"System");
1705 handle2 = OpenEventLogW(0, L"SYSTEM");
1706 todo_wine {
1707 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, &record, &size);
1708 ok(ret, "Expected success : %ld\n", GetLastError());
1709#ifndef __REACTOS__ // Flaky on WS03 and Vista
1710 ok(record->RecordNumber == 1, "Expected 1, got %lu\n", record->RecordNumber);
1711#endif
1712 ret = read_record(handle2, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, &record, &size);
1713 ok(ret, "Expected success : %ld\n", GetLastError());
1714#ifndef __REACTOS__ // Flaky on WS03 and Vista
1715 ok(record->RecordNumber == 1, "Expected 1, got %lu\n", record->RecordNumber);
1716#endif
1717 }
1718 CloseEventLog(handle2);
1719 CloseEventLog(handle);
1720
1721 /* using source name */
1722 size2 = size;
1723 record2 = malloc(size2);
1724 handle = OpenEventLogW(0, L"System");
1725 handle2 = OpenEventLogW(0, L"EventLog");
1726 todo_wine {
1727 ret = read_record(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, &record, &size);
1728 ok(ret, "Expected success : %ld\n", GetLastError());
1729 ret = read_record(handle2, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, &record2, &size2);
1730 ok(ret, "Expected success : %ld\n", GetLastError());
1731 }
1732 ok(size == size2, "Expected %lu, got %lu\n", size, size2);
1733 ok(!memcmp(record, record2, min(size, size2)), "Records miscompare\n");
1734 count = 0xdeadbeef;
1735 count2 = 0xdeadbeef;
1736 ret = GetNumberOfEventLogRecords(handle, &count);
1737 ok(ret, "Expected success : %ld\n", GetLastError());
1738 ret = GetNumberOfEventLogRecords(handle2, &count2);
1739 ok(ret, "Expected success : %ld\n", GetLastError());
1740 ok(count == count2, "Expected %lu, got %lu\n", count, count2);
1741 CloseEventLog(handle2);
1742 CloseEventLog(handle);
1743
1744 free(record2);
1745 free(record);
1746}
1747
1748START_TEST(eventlog)
1749{
1750 SetLastError(0xdeadbeef);
1751 CloseEventLog(NULL);
1752 if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
1753 {
1754 win_skip("Event log functions are not implemented\n");
1755 return;
1756 }
1757
1758 init_function_pointers();
1759
1760 /* Parameters only */
1761 test_open_close();
1762 test_info();
1763 test_count();
1764 test_oldest();
1765 test_backup();
1766 test_openbackup();
1767 test_read();
1768 test_clear();
1769 test_trace_event_params();
1770
1771 /* Functional tests */
1772 if (create_new_eventlog())
1773 {
1774 test_readwrite();
1775 test_autocreation();
1776 cleanup_eventlog();
1777 }
1778
1779 /* Trace tests */
1780 test_start_trace();
1781
1782 test_eventlog_start();
1783}
read
#define read
Definition: acwin.h:96
GetNTVersion
#define GetNTVersion()
Definition: apitest.h:17
backup
static long backup()
Definition: maze.c:403
ok
#define ok(value,...)
Definition: atltest.h:57
skip
#define skip(...)
Definition: atltest.h:64
broken
#define broken(x)
Definition: atltest.h:178
START_TEST
#define START_TEST(x)
Definition: atltest.h:75
user
void user(int argc, const char *argv[])
Definition: cmds.c:1350
ARRAY_SIZE
#define ARRAY_SIZE(A)
Definition: main.h:20
RegCloseKey
#define RegCloseKey(hKey)
Definition: registry.h:49
_stricmp
#define _stricmp
Definition: cat.c:22
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
ERROR_INSUFFICIENT_BUFFER
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
realloc
#define realloc
Definition: debug_ros.c:6
free
#define free
Definition: debug_ros.c:5
malloc
#define malloc
Definition: debug_ros.c:4
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
RegCreateKeyA
LONG WINAPI RegCreateKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
Definition: reg.c:1179
RegFlushKey
LONG WINAPI RegFlushKey(HKEY hKey)
Definition: reg.c:2951
RegOpenKeyA
LONG WINAPI RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
Definition: reg.c:3234
RegDeleteValueA
LONG WINAPI RegDeleteValueA(HKEY hKey, LPCSTR lpValueName)
Definition: reg.c:2287
RegQueryValueExA
LONG WINAPI RegQueryValueExA(_In_ HKEY hkeyorg, _In_ LPCSTR name, _In_ LPDWORD reserved, _Out_opt_ LPDWORD type, _Out_opt_ LPBYTE data, _Inout_opt_ LPDWORD count)
Definition: reg.c:4009
RegDeleteKeyA
LONG WINAPI RegDeleteKeyA(_In_ HKEY hKey, _In_ LPCSTR lpSubKey)
Definition: reg.c:1224
OpenEventLogW
HANDLE WINAPI OpenEventLogW(IN LPCWSTR lpUNCServerName, IN LPCWSTR lpSourceName)
Definition: eventlog.c:985
CloseEventLog
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
GetNumberOfEventLogRecords
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
GetOldestEventLogRecord
BOOL WINAPI GetOldestEventLogRecord(IN HANDLE hEventLog, OUT PDWORD OldestRecord)
Definition: eventlog.c:619
ClearEventLogA
BOOL WINAPI ClearEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:305
ReportEventA
BOOL WINAPI ReportEventA(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCSTR *lpStrings, IN LPVOID lpRawData)
Definition: eventlog.c:1377
OpenEventLogA
HANDLE WINAPI OpenEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:919
ReadEventLogA
BOOL WINAPI ReadEventLogA(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1061
OpenBackupEventLogA
HANDLE WINAPI OpenBackupEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpFileName)
Definition: eventlog.c:725
BackupEventLogA
BOOL WINAPI BackupEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:177
ReadEventLogW
BOOL WINAPI ReadEventLogW(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1154
DeregisterEventSource
BOOL WINAPI DeregisterEventSource(IN HANDLE hEventLog)
Definition: eventlog.c:473
RegisterEventSourceA
HANDLE WINAPI RegisterEventSourceA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:1224
CloseHandle
#define CloseHandle
Definition: compat.h:739
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
SetLastError
#define SetLastError(x)
Definition: compat.h:752
GetProcAddress
#define GetProcAddress(x, y)
Definition: compat.h:753
CreateFileA
#define CreateFileA(a, b, c, d, e, f, g)
Definition: compat.h:740
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
ERROR_INVALID_HANDLE
#define ERROR_INVALID_HANDLE
Definition: compat.h:98
ERROR_ACCESS_DENIED
#define ERROR_ACCESS_DENIED
Definition: compat.h:97
lstrlenW
#define lstrlenW
Definition: compat.h:750
cleanup
static void cleanup(void)
Definition: main.c:1335
DeleteFileA
BOOL WINAPI DeleteFileA(IN LPCSTR lpFileName)
Definition: delete.c:24
GetFileAttributesA
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
Definition: fileinfo.c:620
WriteFile
BOOL WINAPI WriteFile(IN HANDLE hFile, IN LPCVOID lpBuffer, IN DWORD nNumberOfBytesToWrite OPTIONAL, OUT LPDWORD lpNumberOfBytesWritten, IN LPOVERLAPPED lpOverlapped OPTIONAL)
Definition: rw.c:24
GetModuleHandleA
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:812
GetSystemDirectoryA
UINT WINAPI GetSystemDirectoryA(OUT LPSTR lpBuffer, IN UINT uSize)
Definition: path.c:2202
lstrcmpW
int WINAPI lstrcmpW(LPCWSTR str1, LPCWSTR str2)
Definition: locale.c:4152
lstrcmpA
int WINAPI lstrcmpA(LPCSTR str1, LPCSTR str2)
Definition: locale.c:4104
lstrcmpiW
int WINAPI lstrcmpiW(LPCWSTR str1, LPCWSTR str2)
Definition: locale.c:4171
lstrcmpiA
int WINAPI lstrcmpiA(LPCSTR str1, LPCSTR str2)
Definition: locale.c:4133
text
const WCHAR * text
Definition: package.c:1794
memcmp
_ACRTIMP int __cdecl memcmp(const void *, const void *, size_t)
Definition: string.c:2802
strlen
_ACRTIMP size_t __cdecl strlen(const char *)
Definition: string.c:1592
strcmp
_ACRTIMP int __cdecl strcmp(const char *, const char *)
Definition: string.c:3319
ret
return ret
Definition: mutex.c:146
L
#define L(x)
Definition: resources.c:13
REGHANDLE
ULONGLONG REGHANDLE
Definition: evntprov.h:48
EVENT_TRACE_PROPERTIES
struct _EVENT_TRACE_PROPERTIES EVENT_TRACE_PROPERTIES
EVENT_TRACE_CONTROL_STOP
#define EVENT_TRACE_CONTROL_STOP
Definition: evntrace.h:214
EVENT_TRACE_FILE_MODE_NONE
#define EVENT_TRACE_FILE_MODE_NONE
Definition: evntrace.h:184
EVENT_TRACE_FILE_MODE_CIRCULAR
#define EVENT_TRACE_FILE_MODE_CIRCULAR
Definition: evntrace.h:186
StartTraceA
EXTERN_C ULONG WMIAPI StartTraceA(OUT PTRACEHANDLE TraceHandle, IN LPCSTR InstanceName, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EVENT_TRACE_FILE_MODE_SEQUENTIAL
#define EVENT_TRACE_FILE_MODE_SEQUENTIAL
Definition: evntrace.h:185
TRACEHANDLE
ULONG64 TRACEHANDLE
Definition: evntrace.h:40
ControlTraceA
EXTERN_C ULONG WMIAPI ControlTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties, IN ULONG ControlCode)
WORD
unsigned short WORD
Definition: ntddk_ex.h:93
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
count
GLuint GLuint GLsizei count
Definition: gl.h:1545
type
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
buffer
GLuint buffer
Definition: glext.h:5915
size
GLsizeiptr size
Definition: glext.h:5919
offset
GLintptr offset
Definition: glext.h:5920
sources
GLsizei GLenum * sources
Definition: glext.h:7753
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
flags
GLbitfield flags
Definition: glext.h:7161
p
GLfloat GLfloat p
Definition: glext.h:8902
attribs
const GLint * attribs
Definition: glext.h:10538
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
emptyW
static const WCHAR emptyW[]
Definition: navigate.c:40
filename
const char * filename
Definition: ioapi.h:137
lstrcpyA
LPSTR WINAPI lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:100
lstrcatA
LPSTR WINAPI lstrcatA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:123
lstrlenA
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
winetest_push_context
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl winetest_push_context(const char *fmt,...) __WINE_PRINTF_ATTR(1
win_skip
#define win_skip
Definition: minitest.h:67
winetest_pop_context
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl void winetest_pop_context(void)
todo_wine
#define todo_wine
Definition: minitest.h:80
ERROR_ALREADY_EXISTS
#define ERROR_ALREADY_EXISTS
Definition: disk.h:80
CREATE_NEW
#define CREATE_NEW
Definition: disk.h:69
ERROR_FILE_NOT_FOUND
#define ERROR_FILE_NOT_FOUND
Definition: disk.h:79
ptr
static PVOID ptr
Definition: dispmode.c:27
test_clear
static void test_clear(void)
Definition: eventlog.c:641
test_oldest
static void test_oldest(void)
Definition: eventlog.c:263
two_strings
static const char * two_strings[]
Definition: eventlog.c:749
PENABLECALLBACK
static PENABLECALLBACK
Definition: eventlog.c:39
evt_cat
WORD evt_cat
Definition: eventlog.c:754
evt_src
const char * evt_src
Definition: eventlog.c:752
evt_sid
BOOL evt_sid
Definition: eventlog.c:756
test_backup
static void test_backup(void)
Definition: eventlog.c:323
init_function_pointers
static void init_function_pointers(void)
Definition: eventlog.c:47
DWORD
static DWORD *static DWORD
Definition: eventlog.c:38
eventlogfile
static char eventlogfile[MAX_PATH]
Definition: eventlog.c:1111
PSID
static PSID
Definition: eventlog.c:37
create_new_eventlog
static BOOL create_new_eventlog(void)
Definition: eventlog.c:698
one_string
static const char * one_string[]
Definition: eventlog.c:748
eventsources
static const char eventsources[][11]
Definition: eventlog.c:696
test_readwrite
static void test_readwrite(void)
Definition: eventlog.c:773
test_autocreation
static void test_autocreation(void)
Definition: eventlog.c:1112
evt_strings
const char ** evt_strings
Definition: eventlog.c:758
eventlogname
static const char eventlogname[]
Definition: eventlog.c:695
test_eventlog_start
static void test_eventlog_start(void)
Definition: eventlog.c:1346
evt_numstrings
WORD evt_numstrings
Definition: eventlog.c:757
evt_type
WORD evt_type
Definition: eventlog.c:753
test_count
static void test_count(void)
Definition: eventlog.c:208
read_record
static BOOL read_record(HANDLE handle, DWORD flags, DWORD offset, EVENTLOGRECORD **record, DWORD *size)
Definition: eventlog.c:1324
test_info
static void test_info(void)
Definition: eventlog.c:146
LPDWORD
static DWORD *static LPDWORD
Definition: eventlog.c:38
test_start_trace
static void test_start_trace(void)
Definition: eventlog.c:1232
eventlogsvc
static const char eventlogsvc[]
Definition: eventlog.c:694
ULONGLONG
static ULONGLONG
Definition: eventlog.c:41
test_read
static void test_read(void)
Definition: eventlog.c:392
evt_id
DWORD evt_id
Definition: eventlog.c:755
LPSTR
static const WCHAR *static LPSTR
Definition: eventlog.c:43
read_write
static const struct @1753 read_write[]
LPVOID
static DWORD *static LPVOID
Definition: eventlog.c:38
test_trace_event_params
static void test_trace_event_params(void)
Definition: eventlog.c:1196
cleanup_eventlog
static void cleanup_eventlog(void)
Definition: eventlog.c:1168
test_openbackup
static void test_openbackup(void)
Definition: eventlog.c:546
create_backup
static BOOL create_backup(const char *filename)
Definition: eventlog.c:63
UCHAR
static UCHAR
Definition: eventlog.c:41
test_open_close
static void test_open_close(void)
Definition: eventlog.c:93
hkernel32
static HINSTANCE hkernel32
Definition: process.c:68
min
#define min(a, b)
Definition: monoChain.cc:55
MoveFileExA
BOOL WINAPI MoveFileExA(IN LPCSTR lpExistingFileName, IN LPCSTR lpNewFileName OPTIONAL, IN DWORD dwFlags)
Definition: moveansi.c:39
k
int k
Definition: mpi.c:3369
UINT_PTR
unsigned __int3264 UINT_PTR
Definition: mstsclib_h.h:274
EVENT_EventlogStarted
#define EVENT_EventlogStarted
Definition: netevent.h:243
REG_MULTI_SZ
#define REG_MULTI_SZ
Definition: nt_native.h:1504
BOOL
#define BOOL
Definition: nt_native.h:43
GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90
LONG
long LONG
Definition: pedump.c:60
calloc
#define calloc
Definition: rosglue.h:14
strcpy
strcpy
Definition: string.h:131
memset
#define memset(x, y, z)
Definition: compat.h:39
_WIN32_WINNT_WS03
#define _WIN32_WINNT_WS03
Definition: sdkddkver.h:23
_WIN32_WINNT_VISTA
#define _WIN32_WINNT_VISTA
Definition: sdkddkver.h:25
GetComputerNameA
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
Definition: shimtest.c:21
_EVENTLOGRECORD
Definition: winnt_old.h:3081
_EVENTLOG_FULL_INFORMATION
Definition: winbase.h:886
_EVENT_TRACE_PROPERTIES
Definition: evntrace.h:570
_EVENT_TRACE_PROPERTIES::Wnode
WNODE_HEADER Wnode
Definition: evntrace.h:571
_EVENT_TRACE_PROPERTIES::LogFileNameOffset
ULONG LogFileNameOffset
Definition: evntrace.h:587
_EVENT_TRACE_PROPERTIES::LoggerNameOffset
ULONG LoggerNameOffset
Definition: evntrace.h:588
_EVENT_TRACE_PROPERTIES::LogFileMode
ULONG LogFileMode
Definition: evntrace.h:576
_SID
Definition: ms-dtyp.idl:198
_WNODE_HEADER::BufferSize
ULONG BufferSize
Definition: wmistr.h:6
_WNODE_HEADER::Guid
GUID Guid
Definition: wmistr.h:23
_WNODE_HEADER::Flags
ULONG Flags
Definition: wmistr.h:25
file
Definition: fci.c:127
key
Definition: copy.c:22
Sleep
VOID WINAPI DECLSPEC_HOTPATCH Sleep(IN DWORD dwMilliseconds)
Definition: synch.c:726
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
PVOID
void * PVOID
Definition: typedefs.h:50
HANDLE
PVOID HANDLE
Definition: typedefs.h:73
ULONG
uint32_t ULONG
Definition: typedefs.h:59
INVALID_FILE_ATTRIBUTES
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
EVENTLOG_FULL_INFO
#define EVENTLOG_FULL_INFO
Definition: winbase.h:884
MOVEFILE_DELAY_UNTIL_REBOOT
#define MOVEFILE_DELAY_UNTIL_REBOOT
Definition: winbase.h:377
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:267
EVENTLOG_FULL_INFORMATION
struct _EVENTLOG_FULL_INFORMATION EVENTLOG_FULL_INFORMATION
WINAPI
#define WINAPI
Definition: msvc.h:6
ERROR_INVALID_LEVEL
#define ERROR_INVALID_LEVEL
Definition: winerror.h:318
ERROR_SHARING_VIOLATION
#define ERROR_SHARING_VIOLATION
Definition: winerror.h:257
ERROR_BAD_LENGTH
#define ERROR_BAD_LENGTH
Definition: winerror.h:249
ERROR_BAD_PATHNAME
#define ERROR_BAD_PATHNAME
Definition: winerror.h:355
ERROR_HANDLE_EOF
#define ERROR_HANDLE_EOF
Definition: winerror.h:262
RPC_X_NULL_REF_POINTER
#define RPC_X_NULL_REF_POINTER
Definition: winerror.h:1444
ERROR_EVENTLOG_FILE_CORRUPT
#define ERROR_EVENTLOG_FILE_CORRUPT
Definition: winerror.h:1298
RPC_S_SERVER_UNAVAILABLE
#define RPC_S_SERVER_UNAVAILABLE
Definition: winerror.h:1389
RPC_S_INVALID_NET_ADDR
#define RPC_S_INVALID_NET_ADDR
Definition: winerror.h:1374
ERROR_CRC
#define ERROR_CRC
Definition: winerror.h:248
ERROR_NOACCESS
#define ERROR_NOACCESS
Definition: winerror.h:902
ERROR_PRIVILEGE_NOT_HELD
#define ERROR_PRIVILEGE_NOT_HELD
Definition: winerror.h:1141
EVENTLOG_ERROR_TYPE
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:3075
EVENTLOG_SEQUENTIAL_READ
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:3069
EVENTLOG_AUDIT_FAILURE
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:3079
EVENTLOG_INFORMATION_TYPE
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:3077
EVENTLOG_AUDIT_SUCCESS
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:3078
EVENTLOG_BACKWARDS_READ
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:3072
EVENTLOG_SUCCESS
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:3074
EVENTLOG_FORWARDS_READ
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:3071
EVENTLOGRECORD
struct _EVENTLOGRECORD EVENTLOGRECORD
EVENTLOG_WARNING_TYPE
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:3076
EVENTLOG_SEEK_READ
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:3070
HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
WNODE_FLAG_TRACED_GUID
#define WNODE_FLAG_TRACED_GUID
Definition: wmistr.h:43
WELL_KNOWN_SID_TYPE
WELL_KNOWN_SID_TYPE
Definition: setypes.h:455
SECURITY_MAX_SID_SIZE
#define SECURITY_MAX_SID_SIZE
Definition: setypes.h:486
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
BYTE
unsigned char BYTE
Definition: xxhash.c:193