ReactOS 0.4.16-dev-321-g63bb46a
eventlog.c
Go to the documentation of this file.
1/*
2 * Unit tests for Event Logging functions
3 *
4 * Copyright (c) 2009 Paul Vriens
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 */
20
21#include <stdarg.h>
22
23#include "initguid.h"
24#include "windef.h"
25#include "winbase.h"
26#include "winerror.h"
27#include "winnt.h"
28#include "winreg.h"
29#include "sddl.h"
30#include "wmistr.h"
31#include "evntrace.h"
32
33#include "wine/test.h"
34
35static BOOL (WINAPI *pCreateWellKnownSid)(WELL_KNOWN_SID_TYPE,PSID,PSID,DWORD*);
36static BOOL (WINAPI *pGetEventLogInformation)(HANDLE,DWORD,LPVOID,DWORD,LPDWORD);
37
38static BOOL (WINAPI *pGetComputerNameExA)(COMPUTER_NAME_FORMAT,LPSTR,LPDWORD);
39static BOOL (WINAPI *pWow64DisableWow64FsRedirection)(PVOID *);
40static BOOL (WINAPI *pWow64RevertWow64FsRedirection)(PVOID);
41
42static void init_function_pointers(void)
43{
44 HMODULE hadvapi32 = GetModuleHandleA("advapi32.dll");
45 HMODULE hkernel32 = GetModuleHandleA("kernel32.dll");
46
47 pCreateWellKnownSid = (void*)GetProcAddress(hadvapi32, "CreateWellKnownSid");
48 pGetEventLogInformation = (void*)GetProcAddress(hadvapi32, "GetEventLogInformation");
49
50 pGetComputerNameExA = (void*)GetProcAddress(hkernel32, "GetComputerNameExA");
51 pWow64DisableWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64DisableWow64FsRedirection");
52 pWow64RevertWow64FsRedirection = (void*)GetProcAddress(hkernel32, "Wow64RevertWow64FsRedirection");
53}
54
55static BOOL create_backup(const char *filename)
56{
58 DWORD rc, attribs;
59
61 handle = OpenEventLogA(NULL, "Application");
64 {
65 skip("insufficient privileges to backup the eventlog\n");
67 return FALSE;
68 }
69 ok(rc, "BackupEventLogA failed, le=%u\n", GetLastError());
71
74 ok(attribs != INVALID_FILE_ATTRIBUTES, "Expected a backup file attribs=%#x le=%u\n", attribs, GetLastError());
75 return TRUE;
76}
77
78static void test_open_close(void)
79{
81 BOOL ret;
82
83 SetLastError(0xdeadbeef);
85 ok(!ret, "Expected failure\n");
87 GetLastError() == ERROR_NOACCESS, /* W2K */
88 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
89
90 SetLastError(0xdeadbeef);
92 ok(handle == NULL, "Didn't expect a handle\n");
93 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
94
95 SetLastError(0xdeadbeef);
96 handle = OpenEventLogA("IDontExist", NULL);
97 ok(handle == NULL, "Didn't expect a handle\n");
98 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
99
100 SetLastError(0xdeadbeef);
101 handle = OpenEventLogA("IDontExist", "deadbeef");
102 ok(handle == NULL, "Didn't expect a handle\n");
104 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
105 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
106
107 /* This one opens the Application log */
108 handle = OpenEventLogA(NULL, "deadbeef");
109 ok(handle != NULL, "Expected a handle\n");
111 ok(ret, "Expected success\n");
112 /* Close a second time */
113 SetLastError(0xdeadbeef);
116 {
117 ok(!ret, "Expected failure\n");
118 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
119 }
120
121 /* Empty servername should be read as local server */
122 handle = OpenEventLogA("", "Application");
123 ok(handle != NULL, "Expected a handle\n");
125
126 handle = OpenEventLogA(NULL, "Application");
127 ok(handle != NULL, "Expected a handle\n");
129}
130
131static void test_info(void)
132{
134 BOOL ret;
135 DWORD needed;
137 EVENTLOG_FULL_INFORMATION *efi = (void *)buffer;
138
139 if (!pGetEventLogInformation)
140 {
141 /* NT4 */
142 win_skip("GetEventLogInformation is not available\n");
143 return;
144 }
145 SetLastError(0xdeadbeef);
146 ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL);
147 ok(!ret, "Expected failure\n");
148 ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
149
150 SetLastError(0xdeadbeef);
151 ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL);
152 ok(!ret, "Expected failure\n");
153 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
154
155 handle = OpenEventLogA(NULL, "Application");
156
157 SetLastError(0xdeadbeef);
158 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL);
159 ok(!ret, "Expected failure\n");
160 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
161
162 SetLastError(0xdeadbeef);
163 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed);
164 ok(!ret, "Expected failure\n");
165 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
166
167 SetLastError(0xdeadbeef);
168 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, NULL);
169 ok(!ret, "Expected failure\n");
170 ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
171
172 SetLastError(0xdeadbeef);
173 needed = 0xdeadbeef;
174 efi->dwFull = 0xdeadbeef;
175 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, &needed);
176 ok(!ret, "Expected failure\n");
177 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
178 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
179 ok(efi->dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n");
180
181 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
182 efi->dwFull = 0xdeadbeef;
183 needed = sizeof(buffer);
184 ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, needed, &needed);
185 ok(ret, "Expected success\n");
186 ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed);
187 ok(efi->dwFull == 0 || efi->dwFull == 1, "Expected 0 (not full) or 1 (full), got %d\n", efi->dwFull);
188
190}
191
192static void test_count(void)
193{
195 BOOL ret;
196 DWORD count;
197 const char backup[] = "backup.evt";
198
199 SetLastError(0xdeadbeef);
201 ok(!ret, "Expected failure\n");
202 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
203
204 SetLastError(0xdeadbeef);
205 count = 0xdeadbeef;
207 ok(!ret, "Expected failure\n");
208 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
209 ok(count == 0xdeadbeef, "Expected count to stay unchanged\n");
210
211 handle = OpenEventLogA(NULL, "Application");
212
213 SetLastError(0xdeadbeef);
215 ok(!ret, "Expected failure\n");
216 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
217
218 count = 0xdeadbeef;
220 ok(ret, "Expected success\n");
221 ok(count != 0xdeadbeef, "Expected the number of records\n");
222
224
225 /* Make a backup eventlog to work with */
227 {
230 ok(handle != NULL, "Expected a handle, le=%d\n", GetLastError());
231
232 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
233 count = 0xdeadbeef;
236 {
237 ok(ret, "Expected success\n");
238 ok(count != 0xdeadbeef, "Expected the number of records\n");
239 }
240
243 }
244}
245
246static void test_oldest(void)
247{
249 BOOL ret;
250 DWORD oldest;
251 const char backup[] = "backup.evt";
252
253 SetLastError(0xdeadbeef);
255 ok(!ret, "Expected failure\n");
256 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
257
258 SetLastError(0xdeadbeef);
259 oldest = 0xdeadbeef;
260 ret = GetOldestEventLogRecord(NULL, &oldest);
261 ok(!ret, "Expected failure\n");
262 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
263 ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n");
264
265 handle = OpenEventLogA(NULL, "Application");
266
267 SetLastError(0xdeadbeef);
269 ok(!ret, "Expected failure\n");
270 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
271
272 oldest = 0xdeadbeef;
274 ok(ret, "Expected success\n");
275 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
276
278
279 /* Make a backup eventlog to work with */
281 {
284 ok(handle != NULL, "Expected a handle\n");
285
286 /* Does GetOldestEventLogRecord work with backup eventlogs? */
287 oldest = 0xdeadbeef;
290 {
291 ok(ret, "Expected success\n");
292 ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n");
293 }
294
297 }
298}
299
300static void test_backup(void)
301{
303 BOOL ret;
304 const char backup[] = "backup.evt";
305 const char backup2[] = "backup2.evt";
306
307 SetLastError(0xdeadbeef);
309 ok(!ret, "Expected failure\n");
310 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
311
312 SetLastError(0xdeadbeef);
314 ok(!ret, "Expected failure\n");
315 ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
316
317 handle = OpenEventLogA(NULL, "Application");
318
319 SetLastError(0xdeadbeef);
321 ok(!ret, "Expected failure\n");
322 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
323
326 {
327 skip("insufficient privileges for backup tests\n");
329 return;
330 }
331 ok(ret, "Expected success\n");
333 ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
334
335 /* Try to overwrite */
336 SetLastError(0xdeadbeef);
339 {
340 ok(!ret, "Expected failure\n");
341 ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
342 }
343
345
346 /* Can we make a backup of a backup? */
349 ok(handle != NULL, "Expected a handle\n");
350
351 ret = BackupEventLogA(handle, backup2);
353 {
354 ok(ret, "Expected success\n");
355 ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n");
356 }
357
360 DeleteFileA(backup2);
361}
362
363static void test_read(void)
364{
366 BOOL ret;
367 DWORD count, toread, read, needed;
368 void *buf;
369
370 SetLastError(0xdeadbeef);
371 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL);
372 ok(!ret, "Expected failure\n");
374 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
375
376 read = 0xdeadbeef;
377 SetLastError(0xdeadbeef);
378 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL);
379 ok(!ret, "Expected failure\n");
380 ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
382 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
383
384 needed = 0xdeadbeef;
385 SetLastError(0xdeadbeef);
386 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed);
387 ok(!ret, "Expected failure\n");
388 ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
390 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
391
392 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
393 SetLastError(0xdeadbeef);
394 ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed);
395 ok(!ret, "Expected failure\n");
397 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
398
399 SetLastError(0xdeadbeef);
401 ok(!ret, "Expected failure\n");
403 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
404
405 SetLastError(0xdeadbeef);
407 ok(!ret, "Expected failure\n");
409 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
410
411 buf = NULL;
412 SetLastError(0xdeadbeef);
414 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
415 ok(!ret, "Expected failure\n");
417 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
418
420 SetLastError(0xdeadbeef);
422 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
423 ok(!ret, "Expected failure\n");
425 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
427
428 handle = OpenEventLogA(NULL, "Application");
429
430 /* Show that we need the proper dwFlags with a (for the rest) proper call */
432
433 SetLastError(0xdeadbeef);
434 ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
435 ok(!ret, "Expected failure\n");
437 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
438
439 SetLastError(0xdeadbeef);
441 ok(!ret, "Expected failure\n");
443 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
444
445 SetLastError(0xdeadbeef);
447 ok(!ret, "Expected failure\n");
449 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
450
451 SetLastError(0xdeadbeef);
453 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
454 ok(!ret, "Expected failure\n");
456 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
457
458 SetLastError(0xdeadbeef);
460 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
461 ok(!ret, "Expected failure\n");
463 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
464
465 SetLastError(0xdeadbeef);
467 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
468 ok(!ret, "Expected failure\n");
470 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
471
473
474 /* First check if there are any records (in practice only on Wine: FIXME) */
475 count = 0;
477 if (!count)
478 {
479 skip("No records in the 'Application' log\n");
481 return;
482 }
483
484 /* Get the buffer size for the first record */
486 read = needed = 0xdeadbeef;
487 SetLastError(0xdeadbeef);
489 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
490 ok(!ret, "Expected failure\n");
491 ok(read == 0, "Expected no bytes read\n");
492 ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
493 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
494
495 /* Read the first record */
496 toread = needed;
497 buf = HeapReAlloc(GetProcessHeap(), 0, buf, toread);
498 read = needed = 0xdeadbeef;
499 SetLastError(0xdeadbeef);
501 ok(ret, "Expected success\n");
502 ok(read == toread ||
503 broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */
504 "Expected the requested size to be read\n");
505 ok(needed == 0, "Expected no extra bytes to be read\n");
507
509}
510
511static void test_openbackup(void)
512{
513 HANDLE handle, handle2, file;
514 DWORD written;
515 const char backup[] = "backup.evt";
516 const char text[] = "Just some text";
517
518 SetLastError(0xdeadbeef);
520 ok(handle == NULL, "Didn't expect a handle\n");
521 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
522
523 SetLastError(0xdeadbeef);
524 handle = OpenBackupEventLogA(NULL, "idontexist.evt");
525 ok(handle == NULL, "Didn't expect a handle\n");
526 ok(GetLastError() == ERROR_FILE_NOT_FOUND, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
527
528 SetLastError(0xdeadbeef);
529 handle = OpenBackupEventLogA("IDontExist", NULL);
530 ok(handle == NULL, "Didn't expect a handle\n");
531 ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
532
533 SetLastError(0xdeadbeef);
534 handle = OpenBackupEventLogA("IDontExist", "idontexist.evt");
535 ok(handle == NULL, "Didn't expect a handle\n");
537 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
538 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
539
540 /* Make a backup eventlog to work with */
542 {
543 /* FIXME: Wine stops here */
545 {
546 skip("We don't have a backup eventlog to work with\n");
547 return;
548 }
549
550 SetLastError(0xdeadbeef);
551 handle = OpenBackupEventLogA("IDontExist", backup);
552 ok(handle == NULL, "Didn't expect a handle\n");
554 GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */
555 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
556
557 /* Empty servername should be read as local server */
559 ok(handle != NULL, "Expected a handle\n");
561
563 ok(handle != NULL, "Expected a handle\n");
564
565 /* Can we open that same backup eventlog more than once? */
566 handle2 = OpenBackupEventLogA(NULL, backup);
567 ok(handle2 != NULL, "Expected a handle\n");
568 ok(handle2 != handle, "Didn't expect the same handle\n");
569 CloseEventLog(handle2);
570
573 }
574
575 /* Is there any content checking done? */
578 SetLastError(0xdeadbeef);
580 ok(handle == NULL, "Didn't expect a handle\n");
582 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, /* Vista and Win7 */
583 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
586
588 WriteFile(file, text, sizeof(text), &written, NULL);
590 SetLastError(0xdeadbeef);
592 ok(handle == NULL, "Didn't expect a handle\n");
593 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
596}
597
598static void test_clear(void)
599{
601 BOOL ret;
602 const char backup[] = "backup.evt";
603 const char backup2[] = "backup2.evt";
604
605 SetLastError(0xdeadbeef);
607 ok(!ret, "Expected failure\n");
608 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
609
610 /* Make a backup eventlog to work with */
611 if (!create_backup(backup))
612 return;
613
614 SetLastError(0xdeadbeef);
616 ok(!ret, "Expected failure\n");
617 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
618
621 ok(handle != NULL, "Expected a handle\n");
622
623 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
624 SetLastError(0xdeadbeef);
626 ok(!ret, "Expected failure\n");
627 /* The eventlog service runs under an account that doesn't have the necessary
628 * permissions on the users home directory on a default Vista+ system.
629 */
631 GetLastError() == ERROR_ACCESS_DENIED, /* Vista+ */
632 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
633
634 /* Show that ClearEventLog only works for real eventlogs. */
635 SetLastError(0xdeadbeef);
636 ret = ClearEventLogA(handle, backup2);
637 ok(!ret, "Expected failure\n");
638 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
639 ok(GetFileAttributesA(backup2) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n");
640
641 SetLastError(0xdeadbeef);
643 ok(!ret, "Expected failure\n");
644 ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
645
648 ok(DeleteFileA(backup), "Could not delete the backup file\n");
649}
650
651static const char eventlogsvc[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
652static const char eventlogname[] = "Wine";
653static const char eventsources[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
654
656{
657 HKEY key, eventkey;
658 BOOL bret = FALSE;
659 LONG lret;
660 DWORD i;
661
662 /* First create our eventlog */
664 if (lret != ERROR_SUCCESS)
665 {
666 skip("Could not open the EventLog service registry key\n");
667 return FALSE;
668 }
669 lret = RegCreateKeyA(key, eventlogname, &eventkey);
670 if (lret != ERROR_SUCCESS)
671 {
672 skip("Could not create the eventlog '%s' registry key\n", eventlogname);
673 goto cleanup;
674 }
675
676 /* Create some event sources, the registry value 'Sources' is updated automatically */
677 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
678 {
679 HKEY srckey;
680
681 lret = RegCreateKeyA(eventkey, eventsources[i], &srckey);
682 if (lret != ERROR_SUCCESS)
683 {
684 skip("Could not create the eventsource '%s' registry key\n", eventsources[i]);
685 goto cleanup;
686 }
687 RegFlushKey(srckey);
688 RegCloseKey(srckey);
689 }
690
691 bret = TRUE;
692
693 /* The flushing of the registry (here and above) gives us some assurance
694 * that we are not to quickly writing events as 'Sources' could still be
695 * not updated.
696 */
697 RegFlushKey(eventkey);
698cleanup:
699 RegCloseKey(eventkey);
701
702 return bret;
703}
704
705static const char *one_string[] = { "First string" };
706static const char *two_strings[] = { "First string", "Second string" };
707static const struct
708{
709 const char *evt_src;
715 const char **evt_strings;
716} read_write [] =
717{
719 { eventsources[0], EVENTLOG_WARNING_TYPE, 1, 2, FALSE, 0, NULL },
721 { eventsources[2], EVENTLOG_ERROR_TYPE, 1, 4, FALSE, 0, NULL },
724 { eventsources[0], EVENTLOG_AUDIT_FAILURE, 2, 7, TRUE, 0, NULL },
726 { eventsources[2], EVENTLOG_WARNING_TYPE, 2, 9, TRUE, 0, NULL },
729
730static void test_readwrite(void)
731{
733 PSID user;
734 DWORD sidsize, count;
735 BOOL ret, sidavailable;
736 BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
737 DWORD i;
738 char *localcomputer = NULL;
739 DWORD size;
740
741 if (pCreateWellKnownSid)
742 {
743 sidsize = SECURITY_MAX_SID_SIZE;
744 user = HeapAlloc(GetProcessHeap(), 0, sidsize);
745 SetLastError(0xdeadbeef);
746 pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
747 sidavailable = TRUE;
748 }
749 else
750 {
751 win_skip("Skipping some SID related tests\n");
752 sidavailable = FALSE;
753 user = NULL;
754 }
755
756 /* Write an event with an incorrect event type. This will fail on Windows 7
757 * but succeed on all others, hence it's not part of the struct.
758 */
760 if (!handle)
761 {
762 /* Intermittently seen on NT4 when tests are run immediately after boot */
763 win_skip("Could not get a handle to the eventlog\n");
764 goto cleanup;
765 }
766
767 count = 0xdeadbeef;
769 if (count != 0)
770 {
771 /* Needed for W2K3 without a service pack */
772 win_skip("We most likely opened the Application eventlog\n");
774 Sleep(2000);
775
777 count = 0xdeadbeef;
779 if (count != 0)
780 {
781 win_skip("We didn't open our new eventlog\n");
783 goto cleanup;
784 }
785 }
786
787 SetLastError(0xdeadbeef);
788 ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
789 if (!ret && GetLastError() == ERROR_CRC)
790 {
791 win_skip("Win7 fails when using incorrect event types\n");
792 ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
793 ok(ret, "Expected success : %d\n", GetLastError());
794 }
795 else
796 {
797 void *buf;
798 DWORD read, needed = 0;
800
801 ok(ret, "Expected success : %d\n", GetLastError());
802
803 /* Needed to catch earlier Vista (with no ServicePack for example) */
806 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
808 {
809 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
811 0, buf, needed, &read, &needed);
812 }
813 if (ret)
814 {
816
817 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
818 * the written eventtype (0x20 in this case).
819 */
820 if (record->EventType == EVENTLOG_SUCCESS)
821 on_vista = TRUE;
822 }
824 }
825
826 /* This will clear the eventlog. The record numbering for new
827 * events however differs on Vista SP1+. Before Vista the first
828 * event would be numbered 1, on Vista SP1+ it's higher as we already
829 * had at least one event (more in case of multiple test runs without
830 * a reboot).
831 */
834
835 /* Write a bunch of events while using different event sources */
836 for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
837 {
838 DWORD oldest;
839 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
840
841 /* We don't need to use RegisterEventSource to report events */
842 if (i % 2)
844 else
846 ok(handle != NULL, "Expected a handle\n");
847
848 SetLastError(0xdeadbeef);
850 read_write[i].evt_id, run_sidtests ? user : NULL,
852 ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
853
854 count = 0xdeadbeef;
855 SetLastError(0xdeadbeef);
857 ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
859 ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
860
861 oldest = 0xdeadbeef;
863 ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
865 ok(oldest == 1 ||
866 (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
867 "Expected oldest to be 1 or higher, got %d\n", oldest);
868 if (oldest > 1 && oldest != 0xdeadbeef)
869 on_vista = TRUE;
870
871 SetLastError(0xdeadbeef);
872 if (i % 2)
874 else
876 ok(ret, "Expected success : %d\n", GetLastError());
877 }
878
880 count = 0xdeadbeef;
882 ok(ret, "Expected success\n");
884 ok(count == i, "Expected %d records, got %d\n", i, count);
886
887 if (count == 0)
888 {
889 skip("No events were written to the eventlog\n");
890 goto cleanup;
891 }
892
893 /* Report only once */
894 if (on_vista)
895 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
896
897 if (on_vista && pGetComputerNameExA)
898 {
899 /* New Vista+ behavior */
900 size = 0;
901 SetLastError(0xdeadbeef);
902 pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
903 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
904 pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
905 }
906 else
907 {
909 localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
910 GetComputerNameA(localcomputer, &size);
911 }
912
913 /* Read all events from our created eventlog, one by one */
915 ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
916 i = 0;
917 for (;;)
918 {
919 void *buf;
920 DWORD read, needed;
922 char *sourcename, *computername;
923 int k;
924 char *ptr;
925 BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
926
928 SetLastError(0xdeadbeef);
930 0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
931 ok(!ret, "Expected failure\n");
933 {
935 ok(GetLastError() == ERROR_HANDLE_EOF, "record %d, got %d\n", i, GetLastError());
936 break;
937 }
938
939 buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
941 0, buf, needed, &read, &needed);
942 ok(ret, "Expected success: %d\n", GetLastError());
943
945
946 ok(record->Length == read,
947 "Expected %d, got %d\n", read, record->Length);
948 ok(record->Reserved == 0x654c664c,
949 "Expected 0x654c664c, got %d\n", record->Reserved);
950 ok(record->RecordNumber == i + 1 ||
951 (on_vista && (record->RecordNumber > i + 1)),
952 "Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
953 ok(record->EventID == read_write[i].evt_id,
954 "Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
955 ok(record->EventType == read_write[i].evt_type,
956 "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
957 ok(record->NumStrings == read_write[i].evt_numstrings,
958 "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
959 ok(record->EventCategory == read_write[i].evt_cat,
960 "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
961
962 sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
963 ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
964 read_write[i].evt_src, sourcename);
965
966 computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
967 ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
968 localcomputer, computername);
969
970 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
971 * no padding was actually required a 0 DWORD was still used for padding. No
972 * application should be relying on the padding as we are working with offsets
973 * anyway.
974 */
975
976 if (!on_vista)
977 {
978 DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
979
980 /* We are already DWORD aligned, there should still be some padding */
981 if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
982 ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
983
984 ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
985 }
986
987 if (run_sidtests)
988 {
989 ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
990 }
991 else
992 {
993 ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
994 ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
995 }
996
997 ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
998
999 ptr = (char *)((BYTE *)buf + record->StringOffset);
1000 for (k = 0; k < record->NumStrings; k++)
1001 {
1002 ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
1003 ptr += lstrlenA(ptr) + 1;
1004 }
1005
1006 ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
1007 "Expected the closing DWORD to contain the length of the record\n");
1008
1010 i++;
1011 }
1013
1014 /* Test clearing a real eventlog */
1016 ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
1017
1018 SetLastError(0xdeadbeef);
1020 ok(ret, "Expected success\n");
1021
1022 count = 0xdeadbeef;
1024 ok(ret, "Expected success\n");
1025 ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
1026
1028
1029cleanup:
1030 HeapFree(GetProcessHeap(), 0, localcomputer);
1032}
1033
1034/* Before Vista:
1035 *
1036 * Creating an eventlog on Windows (via the registry) automatically leads
1037 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1038 * potential event sources for this eventlog. 'Sources' is automatically
1039 * updated when a new key (aka event source) is created.
1040 *
1041 * Although the updating of registry keys is almost instantaneously, we
1042 * check it after some other tests to assure we are not querying the
1043 * registry or file system to quickly.
1044 *
1045 * NT4 and higher:
1046 *
1047 * The eventlog file itself is also automatically created, even before we
1048 * start writing events.
1049 */
1051static void test_autocreation(void)
1052{
1053 HKEY key, eventkey;
1054 DWORD type, size;
1055 LONG ret;
1056 int i;
1057 char *p;
1058 char sources[sizeof(eventsources)];
1059 char sysdir[MAX_PATH];
1060 void *redir = 0;
1061
1063 RegOpenKeyA(key, eventlogname, &eventkey);
1064
1065 size = sizeof(sources);
1066 sources[0] = 0;
1067 ret = RegQueryValueExA(eventkey, "Sources", NULL, &type, (LPBYTE)sources, &size);
1068 if (ret == ERROR_SUCCESS)
1069 {
1070 char sources_verify[sizeof(eventsources)];
1071
1072 ok(type == REG_MULTI_SZ, "Expected a REG_MULTI_SZ, got %d\n", type);
1073
1074 /* Build the expected string */
1075 memset(sources_verify, 0, sizeof(sources_verify));
1076 p = sources_verify;
1077 for (i = sizeof(eventsources)/sizeof(eventsources[0]); i > 0; i--)
1078 {
1079 lstrcpyA(p, eventsources[i - 1]);
1080 p += (lstrlenA(eventsources[i - 1]) + 1);
1081 }
1083
1084 ok(!memcmp(sources, sources_verify, size),
1085 "Expected a correct 'Sources' value (size : %d)\n", size);
1086 }
1087
1088 RegCloseKey(eventkey);
1090
1091 /* The directory that holds the eventlog files could be redirected */
1092 if (pWow64DisableWow64FsRedirection)
1093 pWow64DisableWow64FsRedirection(&redir);
1094
1095 /* On Windows we also automatically get an eventlog file */
1096 GetSystemDirectoryA(sysdir, sizeof(sysdir));
1097
1098 /* NT4 - W2K3 */
1099 lstrcpyA(eventlogfile, sysdir);
1100 lstrcatA(eventlogfile, "\\config\\");
1102 lstrcatA(eventlogfile, ".evt");
1103
1105 {
1106 /* Vista+ */
1107 lstrcpyA(eventlogfile, sysdir);
1108 lstrcatA(eventlogfile, "\\winevt\\Logs\\");
1110 lstrcatA(eventlogfile, ".evtx");
1111 }
1112
1113 todo_wine
1115 "Expected an eventlog file\n");
1116
1117 if (pWow64RevertWow64FsRedirection)
1118 pWow64RevertWow64FsRedirection(redir);
1119}
1120
1121static void cleanup_eventlog(void)
1122{
1123 BOOL bret;
1124 LONG lret;
1125 HKEY key;
1126 DWORD i;
1127 char winesvc[MAX_PATH];
1128
1129 /* Delete the registry tree */
1130 lstrcpyA(winesvc, eventlogsvc);
1131 lstrcatA(winesvc, "\\");
1132 lstrcatA(winesvc, eventlogname);
1133
1135 for (i = 0; i < sizeof(eventsources)/sizeof(eventsources[0]); i++)
1137 RegDeleteValueA(key, "Sources");
1139 lret = RegDeleteKeyA(HKEY_LOCAL_MACHINE, winesvc);
1140 ok(lret == ERROR_SUCCESS, "Could not delete the registry tree : %d\n", lret);
1141
1142 /* A handle to the eventlog is locked by services.exe. We can only
1143 * delete the eventlog file after reboot.
1144 */
1146 ok(bret, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1147}
1148
1149static void test_start_trace(void)
1150{
1151 const char sessionname[] = "wine";
1152 const char filepath[] = "wine.etl";
1153 const char filepath2[] = "eniw.etl";
1154 EVENT_TRACE_PROPERTIES *properties;
1156 LONG buffersize;
1157 LONG ret;
1158
1159 buffersize = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname) + sizeof(filepath);
1160 properties = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, buffersize);
1161 properties->Wnode.BufferSize = buffersize;
1162 properties->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
1164 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1165 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1166 strcpy((char *)properties + properties->LogFileNameOffset, filepath);
1167
1168 properties->Wnode.BufferSize = 0;
1169 ret = StartTraceA(&handle, sessionname, properties);
1170 todo_wine
1171 ok(ret == ERROR_BAD_LENGTH ||
1172 ret == ERROR_INVALID_PARAMETER, /* XP and 2k3 */
1173 "Expected ERROR_BAD_LENGTH, got %d\n", ret);
1174 properties->Wnode.BufferSize = buffersize;
1175
1176 ret = StartTraceA(&handle, "this name is too long", properties);
1177 todo_wine
1178 ok(ret == ERROR_BAD_LENGTH, "Expected ERROR_BAD_LENGTH, got %d\n", ret);
1179
1180 ret = StartTraceA(&handle, sessionname, NULL);
1181 todo_wine
1182 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1183
1184 ret = StartTraceA(NULL, sessionname, properties);
1185 todo_wine
1186 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1187
1188 properties->LogFileNameOffset = 1;
1189 ret = StartTraceA(&handle, sessionname, properties);
1190 todo_wine
1191 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1192 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1193
1194 properties->LoggerNameOffset = 1;
1195 ret = StartTraceA(&handle, sessionname, properties);
1196 todo_wine
1197 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1198 properties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
1199
1201 ret = StartTraceA(&handle, sessionname, properties);
1202 todo_wine
1203 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1205 /* XP creates a file we can't delete, so change the filepath to something else */
1206 strcpy((char *)properties + properties->LogFileNameOffset, filepath2);
1207
1208 properties->Wnode.Guid = SystemTraceControlGuid;
1209 ret = StartTraceA(&handle, sessionname, properties);
1210 todo_wine
1211 ok(ret == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", ret);
1212 memset(&properties->Wnode.Guid, 0, sizeof(properties->Wnode.Guid));
1213
1214 properties->LogFileNameOffset = 0;
1215 ret = StartTraceA(&handle, sessionname, properties);
1216 todo_wine
1217 ok(ret == ERROR_BAD_PATHNAME, "Expected ERROR_BAD_PATHNAME, got %d\n", ret);
1218 properties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(sessionname);
1219
1220 ret = StartTraceA(&handle, sessionname, properties);
1221 if (ret == ERROR_ACCESS_DENIED)
1222 {
1223 skip("need admin rights\n");
1224 goto done;
1225 }
1226 ok(ret == ERROR_SUCCESS, "Expected success, got %d\n", ret);
1227
1228 ret = StartTraceA(&handle, sessionname, properties);
1229 todo_wine
1231 ret == ERROR_SHARING_VIOLATION, /* 2k3 */
1232 "Expected ERROR_ALREADY_EXISTS, got %d\n", ret);
1233
1234 /* clean up */
1235 ControlTraceA(handle, sessionname, properties, EVENT_TRACE_CONTROL_STOP);
1236done:
1237 HeapFree(GetProcessHeap(), 0, properties);
1238 DeleteFileA(filepath);
1239}
1240
1242{
1243 SetLastError(0xdeadbeef);
1246 {
1247 win_skip("Event log functions are not implemented\n");
1248 return;
1249 }
1250
1252
1253 /* Parameters only */
1255 test_info();
1256 test_count();
1257 test_oldest();
1258 test_backup();
1260 test_read();
1261 test_clear();
1262
1263 /* Functional tests */
1264 if (create_new_eventlog())
1265 {
1269 }
1270
1271 /* Trace tests */
1273}
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
#define read
Definition: acwin.h:96
static long backup()
Definition: maze.c:403
#define ok(value,...)
Definition: atltest.h:57
#define skip(...)
Definition: atltest.h:64
#define broken(x)
Definition: atltest.h:178
#define START_TEST(x)
Definition: atltest.h:75
void user(int argc, const char *argv[])
Definition: cmds.c:1350
#define RegCloseKey(hKey)
Definition: registry.h:49
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
LONG WINAPI RegCreateKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
Definition: reg.c:1179
LONG WINAPI RegFlushKey(HKEY hKey)
Definition: reg.c:2951
LONG WINAPI RegOpenKeyA(HKEY hKey, LPCSTR lpSubKey, PHKEY phkResult)
Definition: reg.c:3234
LONG WINAPI RegDeleteValueA(HKEY hKey, LPCSTR lpValueName)
Definition: reg.c:2287
LONG WINAPI RegQueryValueExA(_In_ HKEY hkeyorg, _In_ LPCSTR name, _In_ LPDWORD reserved, _Out_opt_ LPDWORD type, _Out_opt_ LPBYTE data, _Inout_opt_ LPDWORD count)
Definition: reg.c:4009
LONG WINAPI RegDeleteKeyA(_In_ HKEY hKey, _In_ LPCSTR lpSubKey)
Definition: reg.c:1224
BOOL WINAPI CloseEventLog(IN HANDLE hEventLog)
Definition: eventlog.c:427
BOOL WINAPI GetNumberOfEventLogRecords(IN HANDLE hEventLog, OUT PDWORD NumberOfRecords)
Definition: eventlog.c:570
BOOL WINAPI GetOldestEventLogRecord(IN HANDLE hEventLog, OUT PDWORD OldestRecord)
Definition: eventlog.c:619
BOOL WINAPI ClearEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:305
BOOL WINAPI ReportEventA(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCSTR *lpStrings, IN LPVOID lpRawData)
Definition: eventlog.c:1377
HANDLE WINAPI OpenEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:919
BOOL WINAPI ReadEventLogA(IN HANDLE hEventLog, IN DWORD dwReadFlags, IN DWORD dwRecordOffset, OUT LPVOID lpBuffer, IN DWORD nNumberOfBytesToRead, OUT DWORD *pnBytesRead, OUT DWORD *pnMinNumberOfBytesNeeded)
Definition: eventlog.c:1061
HANDLE WINAPI OpenBackupEventLogA(IN LPCSTR lpUNCServerName, IN LPCSTR lpFileName)
Definition: eventlog.c:725
BOOL WINAPI BackupEventLogA(IN HANDLE hEventLog, IN LPCSTR lpBackupFileName)
Definition: eventlog.c:177
BOOL WINAPI DeregisterEventSource(IN HANDLE hEventLog)
Definition: eventlog.c:473
HANDLE WINAPI RegisterEventSourceA(IN LPCSTR lpUNCServerName, IN LPCSTR lpSourceName)
Definition: eventlog.c:1224
#define CloseHandle
Definition: compat.h:739
#define GetProcessHeap()
Definition: compat.h:736
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
#define SetLastError(x)
Definition: compat.h:752
#define GetProcAddress(x, y)
Definition: compat.h:753
#define HeapAlloc
Definition: compat.h:733
#define HeapReAlloc
Definition: compat.h:734
#define CreateFileA(a, b, c, d, e, f, g)
Definition: compat.h:740
#define MAX_PATH
Definition: compat.h:34
#define HeapFree(x, y, z)
Definition: compat.h:735
#define ERROR_INVALID_HANDLE
Definition: compat.h:98
#define ERROR_ACCESS_DENIED
Definition: compat.h:97
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
static void cleanup(void)
Definition: main.c:1335
BOOL WINAPI DeleteFileA(IN LPCSTR lpFileName)
Definition: delete.c:24
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
Definition: fileinfo.c:636
BOOL WINAPI MoveFileExA(IN LPCSTR lpExistingFileName, IN LPCSTR lpNewFileName OPTIONAL, IN DWORD dwFlags)
Definition: move.c:1153
BOOL WINAPI WriteFile(IN HANDLE hFile, IN LPCVOID lpBuffer, IN DWORD nNumberOfBytesToWrite OPTIONAL, OUT LPDWORD lpNumberOfBytesWritten, IN LPOVERLAPPED lpOverlapped OPTIONAL)
Definition: rw.c:24
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:812
UINT WINAPI GetSystemDirectoryA(OUT LPSTR lpBuffer, IN UINT uSize)
Definition: path.c:2283
int WINAPI lstrcmpA(LPCSTR str1, LPCSTR str2)
Definition: locale.c:4195
int WINAPI lstrcmpiA(LPCSTR str1, LPCSTR str2)
Definition: locale.c:4224
const WCHAR * text
Definition: package.c:1794
struct _EVENT_TRACE_PROPERTIES EVENT_TRACE_PROPERTIES
#define EVENT_TRACE_CONTROL_STOP
Definition: evntrace.h:214
#define EVENT_TRACE_FILE_MODE_NONE
Definition: evntrace.h:184
#define EVENT_TRACE_FILE_MODE_CIRCULAR
Definition: evntrace.h:186
EXTERN_C ULONG WMIAPI StartTraceA(OUT PTRACEHANDLE TraceHandle, IN LPCSTR InstanceName, IN OUT PEVENT_TRACE_PROPERTIES Properties)
#define EVENT_TRACE_FILE_MODE_SEQUENTIAL
Definition: evntrace.h:185
ULONG64 TRACEHANDLE
Definition: evntrace.h:40
EXTERN_C ULONG WMIAPI ControlTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties, IN ULONG ControlCode)
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
unsigned short WORD
Definition: ntddk_ex.h:93
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
GLuint GLuint GLsizei count
Definition: gl.h:1545
GLsizeiptr size
Definition: glext.h:5919
GLuint buffer
Definition: glext.h:5915
GLsizei GLenum * sources
Definition: glext.h:7753
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
GLfloat GLfloat p
Definition: glext.h:8902
const GLint * attribs
Definition: glext.h:10538
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
const char * filename
Definition: ioapi.h:137
LPSTR WINAPI lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:100
LPSTR WINAPI lstrcatA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:123
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
#define ERROR_ALREADY_EXISTS
Definition: disk.h:80
#define CREATE_NEW
Definition: disk.h:69
#define ERROR_FILE_NOT_FOUND
Definition: disk.h:79
static PVOID ptr
Definition: dispmode.c:27
static void test_clear(void)
Definition: eventlog.c:598
static void test_oldest(void)
Definition: eventlog.c:246
static LPSTR
Definition: eventlog.c:38
static const char * two_strings[]
Definition: eventlog.c:706
WORD evt_cat
Definition: eventlog.c:711
const char * evt_src
Definition: eventlog.c:709
BOOL evt_sid
Definition: eventlog.c:713
static void test_backup(void)
Definition: eventlog.c:300
static void init_function_pointers(void)
Definition: eventlog.c:42
static DWORD *static DWORD
Definition: eventlog.c:36
static char eventlogfile[MAX_PATH]
Definition: eventlog.c:1050
static PSID
Definition: eventlog.c:35
static BOOL create_new_eventlog(void)
Definition: eventlog.c:655
static const char * one_string[]
Definition: eventlog.c:705
static const char eventsources[][11]
Definition: eventlog.c:653
static void test_readwrite(void)
Definition: eventlog.c:730
static void test_autocreation(void)
Definition: eventlog.c:1051
const char ** evt_strings
Definition: eventlog.c:715
static const char eventlogname[]
Definition: eventlog.c:652
WORD evt_numstrings
Definition: eventlog.c:714
WORD evt_type
Definition: eventlog.c:710
static void test_count(void)
Definition: eventlog.c:192
static void test_info(void)
Definition: eventlog.c:131
static const struct @1650 read_write[]
static void test_start_trace(void)
Definition: eventlog.c:1149
static const char eventlogsvc[]
Definition: eventlog.c:651
static DWORD *static LPDWORD
Definition: eventlog.c:36
static void test_read(void)
Definition: eventlog.c:363
DWORD evt_id
Definition: eventlog.c:712
static DWORD *static LPVOID
Definition: eventlog.c:36
static void cleanup_eventlog(void)
Definition: eventlog.c:1121
static void test_openbackup(void)
Definition: eventlog.c:511
static BOOL create_backup(const char *filename)
Definition: eventlog.c:55
static void test_open_close(void)
Definition: eventlog.c:78
static HINSTANCE hkernel32
Definition: process.c:66
#define todo_wine
Definition: custom.c:89
int k
Definition: mpi.c:3369
unsigned __int3264 UINT_PTR
Definition: mstsclib_h.h:274
#define BOOL
Definition: nt_native.h:43
#define REG_MULTI_SZ
Definition: nt_native.h:1501
#define GENERIC_WRITE
Definition: nt_native.h:90
long LONG
Definition: pedump.c:60
#define win_skip
Definition: test.h:163
#define memset(x, y, z)
Definition: compat.h:39
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
Definition: shimtest.c:21
WNODE_HEADER Wnode
Definition: evntrace.h:571
ULONG BufferSize
Definition: wmistr.h:6
GUID Guid
Definition: wmistr.h:23
ULONG Flags
Definition: wmistr.h:25
Definition: fci.c:127
Definition: copy.c:22
VOID WINAPI DECLSPEC_HOTPATCH Sleep(IN DWORD dwMilliseconds)
Definition: synch.c:790
unsigned char * LPBYTE
Definition: typedefs.h:53
void * PVOID
Definition: typedefs.h:50
PVOID HANDLE
Definition: typedefs.h:73
#define INVALID_FILE_ATTRIBUTES
Definition: vfdcmd.c:23
int ret
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define EVENTLOG_FULL_INFO
Definition: winbase.h:1179
#define MOVEFILE_DELAY_UNTIL_REBOOT
Definition: winbase.h:426
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:269
struct _EVENTLOG_FULL_INFORMATION EVENTLOG_FULL_INFORMATION
#define WINAPI
Definition: msvc.h:6
#define ERROR_INVALID_LEVEL
Definition: winerror.h:196
#define ERROR_SHARING_VIOLATION
Definition: winerror.h:135
#define ERROR_BAD_LENGTH
Definition: winerror.h:127
#define ERROR_BAD_PATHNAME
Definition: winerror.h:233
#define ERROR_HANDLE_EOF
Definition: winerror.h:140
#define RPC_X_NULL_REF_POINTER
Definition: winerror.h:1087
#define ERROR_EVENTLOG_FILE_CORRUPT
Definition: winerror.h:952
#define RPC_S_SERVER_UNAVAILABLE
Definition: winerror.h:1033
#define RPC_S_INVALID_NET_ADDR
Definition: winerror.h:1018
#define ERROR_CRC
Definition: winerror.h:126
#define ERROR_NOACCESS
Definition: winerror.h:578
#define ERROR_PRIVILEGE_NOT_HELD
Definition: winerror.h:796
#define EVENTLOG_ERROR_TYPE
Definition: winnt_old.h:2863
#define EVENTLOG_SEQUENTIAL_READ
Definition: winnt_old.h:2857
#define EVENTLOG_AUDIT_FAILURE
Definition: winnt_old.h:2867
#define EVENTLOG_INFORMATION_TYPE
Definition: winnt_old.h:2865
#define EVENTLOG_AUDIT_SUCCESS
Definition: winnt_old.h:2866
#define EVENTLOG_BACKWARDS_READ
Definition: winnt_old.h:2860
#define EVENTLOG_SUCCESS
Definition: winnt_old.h:2862
#define EVENTLOG_FORWARDS_READ
Definition: winnt_old.h:2859
struct _EVENTLOGRECORD EVENTLOGRECORD
#define EVENTLOG_WARNING_TYPE
Definition: winnt_old.h:2864
#define EVENTLOG_SEEK_READ
Definition: winnt_old.h:2858
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
#define WNODE_FLAG_TRACED_GUID
Definition: wmistr.h:43
WELL_KNOWN_SID_TYPE
Definition: setypes.h:455
#define SECURITY_MAX_SID_SIZE
Definition: setypes.h:486
unsigned char BYTE
Definition: xxhash.c:193