Author: ekohl Date: Sat Dec 17 23:47:28 2011 New Revision: 54678
URL: http://svn.reactos.org/svn/reactos?rev=54678&view=rev Log: [ADVAPI33/EVENTLOG] - Determine the event generation time in ReportEventA/W and use it. - Replace magic values by proper type size.
Modified: trunk/reactos/base/services/eventlog/eventlog.c trunk/reactos/base/services/eventlog/eventlog.h trunk/reactos/base/services/eventlog/file.c trunk/reactos/base/services/eventlog/logport.c trunk/reactos/base/services/eventlog/rpc.c trunk/reactos/dll/win32/advapi32/advapi32.h trunk/reactos/dll/win32/advapi32/service/eventlog.c
Modified: trunk/reactos/base/services/eventlog/eventlog.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/even... ============================================================================== --- trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] Sat Dec 17 23:47:28 2011 @@ -463,20 +463,6 @@ uUCT.ll = uUCT.ll * 10000000 + u1970.ll; FileTimeToLocalFileTime(&uUCT.ft, &ftLocal); FileTimeToSystemTime(&ftLocal, pSystemTime); -} - -VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, DWORD * pEventTime) -{ - SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 }; - union - { - FILETIME ft; - ULONGLONG ll; - } Time, u1970; - - SystemTimeToFileTime(pSystemTime, &Time.ft); - SystemTimeToFileTime(&st1970, &u1970.ft); - *pEventTime = (DWORD)((Time.ll - u1970.ll) / 10000000ull); }
VOID PRINT_HEADER(PEVENTLOGHEADER header)
Modified: trunk/reactos/base/services/eventlog/eventlog.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/even... ============================================================================== --- trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] Sat Dec 17 23:47:28 2011 @@ -16,6 +16,7 @@ #include <windows.h> #include <netevent.h> #include <lpctypes.h> +#include <kefuncs.h> #include <lpcfuncs.h> #include <rtlfuncs.h> #include <obfuncs.h> @@ -168,6 +169,7 @@
PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize, DWORD dwRecordNumber, + DWORD dwTime, WORD wType, WORD wCategory, DWORD dwEventId, @@ -199,9 +201,6 @@ VOID EventTimeToSystemTime(DWORD EventTime, SYSTEMTIME * SystemTime);
-VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, - DWORD * pEventTime); - /* eventsource.c */ VOID InitEventSourceList(VOID);
Modified: trunk/reactos/base/services/eventlog/file.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/file... ============================================================================== --- trunk/reactos/base/services/eventlog/file.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/file.c [iso-8859-1] Sat Dec 17 23:47:28 2011 @@ -870,18 +870,18 @@ { DWORD dwWritten; DWORD dwRead; - SYSTEMTIME st; EVENTLOGEOF EofRec; PEVENTLOGRECORD RecBuf; LARGE_INTEGER logFileSize; + LARGE_INTEGER SystemTime; ULONG RecOffSet; ULONG WriteOffSet;
if (!Buffer) return FALSE;
- GetSystemTime(&st); - SystemTimeToEventTime(&st, &((PEVENTLOGRECORD) Buffer)->TimeWritten); + NtQuerySystemTime(&SystemTime); + RtlTimeToSecondsSince1970(&SystemTime, &((PEVENTLOGRECORD) Buffer)->TimeWritten);
EnterCriticalSection(&LogFile->cs);
@@ -1125,6 +1125,7 @@
PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize, DWORD dwRecordNumber, + DWORD dwTime, WORD wType, WORD wCategory, DWORD dwEventId, @@ -1139,7 +1140,6 @@ { DWORD dwRecSize; PEVENTLOGRECORD pRec; - SYSTEMTIME SysTime; WCHAR *str; UINT i, pos; PBYTE Buffer; @@ -1148,8 +1148,8 @@ sizeof(EVENTLOGRECORD) + (lstrlenW(ComputerName) + lstrlenW(SourceName) + 2) * sizeof(WCHAR);
- if (dwRecSize % 4 != 0) - dwRecSize += 4 - (dwRecSize % 4); + if (dwRecSize % sizeof(DWORD) != 0) + dwRecSize += sizeof(DWORD) - (dwRecSize % sizeof(DWORD));
dwRecSize += dwSidLength;
@@ -1160,10 +1160,10 @@ }
dwRecSize += dwDataSize; - if (dwRecSize % 4 != 0) - dwRecSize += 4 - (dwRecSize % 4); - - dwRecSize += 4; + if (dwRecSize % sizeof(DWORD) != 0) + dwRecSize += sizeof(DWORD) - (dwRecSize % sizeof(DWORD)); + + dwRecSize += sizeof(DWORD);
Buffer = HeapAlloc(MyHeap, HEAP_ZERO_MEMORY, dwRecSize);
@@ -1178,9 +1178,8 @@ pRec->Reserved = LOGFILE_SIGNATURE; pRec->RecordNumber = dwRecordNumber;
- GetSystemTime(&SysTime); - SystemTimeToEventTime(&SysTime, &pRec->TimeGenerated); - SystemTimeToEventTime(&SysTime, &pRec->TimeWritten); + pRec->TimeGenerated = dwTime; + pRec->TimeWritten = dwTime;
pRec->EventID = dwEventId; pRec->EventType = wType; @@ -1195,8 +1194,8 @@
pRec->UserSidOffset = pos;
- if (pos % 4 != 0) - pos += 4 - (pos % 4); + if (pos % sizeof(DWORD) != 0) + pos += sizeof(DWORD) - (pos % sizeof(DWORD));
if (dwSidLength) { @@ -1223,8 +1222,8 @@ pos += dwDataSize; }
- if (pos % 4 != 0) - pos += 4 - (pos % 4); + if (pos % sizeof(DWORD) != 0) + pos += sizeof(DWORD) - (pos % sizeof(DWORD));
*((PDWORD) (Buffer + pos)) = dwRecSize;
@@ -1249,6 +1248,8 @@ DWORD lastRec; DWORD recSize; DWORD dwError; + DWORD dwTime; + LARGE_INTEGER SystemTime;
if (!GetComputerNameW(szComputerName, &dwComputerNameLength)) { @@ -1261,9 +1262,13 @@ return; }
+ NtQuerySystemTime(&SystemTime); + RtlTimeToSecondsSince1970(&SystemTime, &dwTime); + lastRec = LogfGetCurrentRecord(pEventSource->LogFile);
logBuffer = LogfAllocAndBuildNewRecord(&recSize, + dwTime, lastRec, wType, wCategory,
Modified: trunk/reactos/base/services/eventlog/logport.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/logp... ============================================================================== --- trunk/reactos/base/services/eventlog/logport.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/logport.c [iso-8859-1] Sat Dec 17 23:47:28 2011 @@ -109,6 +109,8 @@ DWORD dwRecSize; NTSTATUS Status; PLOGFILE SystemLog = NULL; + LARGE_INTEGER SystemTime; + ULONG Seconds;
DPRINT("ProcessPortMessage() called\n");
@@ -145,7 +147,10 @@ Message = (PIO_ERROR_LOG_MESSAGE) & Request.Message; ulRecNum = SystemLog ? SystemLog->Header.CurrentRecordNumber : 0;
- pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord(&dwRecSize, + NtQuerySystemTime(&SystemTime); + RtlTimeToSecondsSince1970(&SystemTime, &Seconds); + + pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord(&dwRecSize, Seconds, ulRecNum, Message->Type, Message->EntryData.EventCategory, Message->EntryData.ErrorCode, (WCHAR *) (((PBYTE) Message) + Message->DriverNameOffset),
Modified: trunk/reactos/base/services/eventlog/rpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/rpc.... ============================================================================== --- trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] Sat Dec 17 23:47:28 2011 @@ -496,6 +496,7 @@ if (UserSID) dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]); LogBuffer = LogfAllocAndBuildNewRecord(&recSize, + Time, lastRec, EventType, EventCategory,
Modified: trunk/reactos/dll/win32/advapi32/advapi32.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi32... ============================================================================== --- trunk/reactos/dll/win32/advapi32/advapi32.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/advapi32.h [iso-8859-1] Sat Dec 17 23:47:28 2011 @@ -28,6 +28,7 @@ #include <ndk/cmfuncs.h> #include <ndk/exfuncs.h> #include <ndk/iofuncs.h> +#include <ndk/kefuncs.h> #include <ndk/obfuncs.h> #include <ndk/psfuncs.h> #include <ndk/rtlfuncs.h>
Modified: trunk/reactos/dll/win32/advapi32/service/eventlog.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/service/... ============================================================================== --- trunk/reactos/dll/win32/advapi32/service/eventlog.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/service/eventlog.c [iso-8859-1] Sat Dec 17 23:47:28 2011 @@ -945,6 +945,8 @@ WORD i; CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1]; DWORD dwSize; + LARGE_INTEGER SystemTime; + ULONG Seconds;
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n", hEventLog, wType, wCategory, dwEventID, lpUserSid, @@ -974,10 +976,13 @@ GetComputerNameA(szComputerName, &dwSize); RtlInitAnsiString(&ComputerName, szComputerName);
+ NtQuerySystemTime(&SystemTime); + RtlTimeToSecondsSince1970(&SystemTime, &Seconds); + RpcTryExcept { Status = ElfrReportEventA(hEventLog, - 0, /* FIXME: Time */ + Seconds, wType, wCategory, dwEventID, @@ -1046,6 +1051,8 @@ WORD i; WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1]; DWORD dwSize; + LARGE_INTEGER SystemTime; + ULONG Seconds;
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n", hEventLog, wType, wCategory, dwEventID, lpUserSid, @@ -1075,10 +1082,13 @@ GetComputerNameW(szComputerName, &dwSize); RtlInitUnicodeString(&ComputerName, szComputerName);
+ NtQuerySystemTime(&SystemTime); + RtlTimeToSecondsSince1970(&SystemTime, &Seconds); + RpcTryExcept { Status = ElfrReportEventW(hEventLog, - 0, /* FIXME: Time */ + Seconds, wType, wCategory, dwEventID,