Saveliy Tretiakov <saveliyt@mail.ru>:
EventLog changes
- Implement basic file operations (WindowsNT compatible file format)
- Write events from lpc port to System Log
  (to read these events, open \ReactOS\system32\config\SysEvent.evt in Windows
  EventViewer)  
- RPC server (stubs)
Added: trunk/reactos/include/idl/eventlogrpc.idl
Modified: trunk/reactos/include/idl/idl.xml
Modified: trunk/reactos/services/eventlog/eventlog.c
Modified: trunk/reactos/services/eventlog/eventlog.h
Modified: trunk/reactos/services/eventlog/eventlog.xml
Added: trunk/reactos/services/eventlog/file.c
Modified: trunk/reactos/services/eventlog/logport.c
Added: trunk/reactos/services/eventlog/rpc.c

Added: trunk/reactos/include/idl/eventlogrpc.idl
--- trunk/reactos/include/idl/eventlogrpc.idl	2005-09-20 07:37:45 UTC (rev 17939)
+++ trunk/reactos/include/idl/eventlogrpc.idl	2005-09-20 07:58:28 UTC (rev 17940)
@@ -0,0 +1,237 @@
+/* 
+ *  Copyright (c) 2005 Saveliy Tretiakov (saveliyt@mail.ru)  
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+ 
+[
+	uuid(82273FDC-E32A-18C3-3F78-827929DC23EA),
+	version(0.0),
+	pointer_default(unique),
+	explicit_handle
+]
+
+interface eventlog
+{
+	/*
+	cpp_quote("#if 0")
+	typedef [handle, unique] wchar_t *LPWSTR;
+	typedef [handle, unique] char *LPSTR;
+	cpp_quote("#endif")
+	typedef [context_handle] void *LOGHANDLE;
+	typedef LOGHANDLE *PLOGHANDLE;
+	typedef unsigned int NTSTATUS;
+
+	typedef struct _UNICODE_STRING {
+		unsigned short Length;
+		unsigned short MaximumLength;
+		[size_is(MaximumLength)] wchar_t *Buffer;
+	} UNICODE_STRING, *PUNICODE_STRING;
+
+	typedef struct _ANSI_STRING {
+		unsigned short Length;
+		unsigned short MaximumLength;
+		[size_is(MaximumLength)] char *Buffer;
+	} ANSI_STRING, *PANSI_STRING;
+	*/
+	
+	#define LPWSTR wchar_t*
+	#define LPSTR char*
+	#define LOGHANDLE unsigned char*
+	#define PLOGHANDLE int* 
+	#define NTSTATUS long
+	
+	/* Function 0 */
+	NTSTATUS EventLogClearW(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] wchar_t *BackupName);
+
+	/* Function 1 */
+	NTSTATUS EventLogBackupW(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] wchar_t *FileName);
+	
+	/* Function 2 */
+	NTSTATUS EventLogClose(
+		handle_t BindingHandle,
+		[in,out] PLOGHANDLE Handle);   
+
+	/* Function 3 */
+	NTSTATUS EventLogUnregSrc(
+		handle_t BindingHandle,
+		[in,out] PLOGHANDLE Handle);
+
+	/* Function 4 */
+	NTSTATUS EventLogRecordsNumber(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[out] unsigned long *RecordsNumber);
+
+	/* Function 5 */
+	NTSTATUS EventLogGetOldestRec(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[out] unsigned long *OldestRecNumber);
+
+	/* FIXME */
+	NTSTATUS Unknown6(handle_t BindingHandle);
+
+	/* Function 7 */
+	NTSTATUS EventLogOpenW(
+		handle_t BindingHandle,
+		[in] LPWSTR ServerName,
+		[in] wchar_t *FileName, 
+		[in] wchar_t *NullStr, 
+		[in] unsigned long MajorVer,
+		[in] unsigned long MinorVer,
+		[out] PLOGHANDLE Handle );
+		
+	/* Function 8 */
+	NTSTATUS EventLogRegSrcW(
+		handle_t BindingHandle,
+		[in] LPWSTR ServerName,
+		[in] wchar_t *LogName, 
+		[in] wchar_t *NullStr, 
+		[in] unsigned long MajorVer,
+		[in] unsigned long MinorVer,
+		[out] PLOGHANDLE Handle);
+		
+	/* Function 9 */
+	NTSTATUS EventLogOpenBackupW(
+		handle_t BindingHandle,
+		[in] LPWSTR ServerName,
+		[in] wchar_t *BackupName, 
+		[in] unsigned long MajorVer,
+		[in] unsigned long MinorVer,
+		[out] PLOGHANDLE Handle);
+
+	/* Function 10 */
+	NTSTATUS EventLogReadW(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] unsigned long Flags,
+		[in] unsigned long Offset,
+		[in] unsigned long BufSize,
+		[out,size_is(BufSize)] unsigned char *Buffer,
+		[out] unsigned long *BytesRead,
+		[out] unsigned long *BytesNeeded);
+
+	/* Function 11 */
+	NTSTATUS EventLogReportEventW(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] unsigned long Time,
+		[in] unsigned short Type,
+		[in] unsigned short Category,
+		[in] unsigned long ID,
+		[in] unsigned short NumStrings,
+		[in] unsigned long DataSize,
+		[in] wchar_t *ComputerName,
+		[in] unsigned char *SID,
+		[in] wchar_t *Strings,
+		[in,size_is(DataSize)] unsigned char *Data,
+		[in] unsigned short Flags);
+		
+	/* Function 12 */
+	NTSTATUS EventLogClearA(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] char *BackupName);
+
+	/* Function 13 */
+	NTSTATUS EventLogBackupA(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] char *BackupName);
+
+	/* Function 14 */
+	NTSTATUS EventLogOpenA(
+		handle_t BindingHandle,
+		[in] LPSTR ServerName,
+		[in] char *LogName, 
+		[in] char *NullStr, 
+		[in] unsigned long MajorVer,
+		[in] unsigned long MinorVer,
+		[out] PLOGHANDLE Handle);
+
+	/* Function 15 */
+	NTSTATUS EventLogRegSrcA(
+		handle_t BindingHandle,
+		[in] LPSTR ServerName,
+		[in] char *LogName, 
+		[in] char *NullStr,
+		[in] unsigned long MajorVer,
+		[in] unsigned long MinorVer,
+		[out] PLOGHANDLE Handle);
+
+
+	/* Function 16 */
+	NTSTATUS EventLogOpenBackupA(
+		handle_t BindingHandle,
+		[in] LPSTR ServerName,
+		[in] char *BackupName, 
+		[in] unsigned long MajorVer,
+		[in] unsigned long MinorVer,
+		[out] PLOGHANDLE Handle);
+
+	/* Function 17 */
+	NTSTATUS EventLogReadA(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] unsigned long Flags,
+		[in] unsigned long Offset,
+		[in] unsigned long BufSize,
+		[out,size_is(BufSize)] unsigned char *Buffer,
+		[out] unsigned long *BytesRead,
+		[out] unsigned long *BytesNeeded);
+
+	/* Function 18 */
+	NTSTATUS EventLogReportEventA(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] unsigned long Time,
+		[in] unsigned short Type,
+		[in] unsigned short Category,
+		[in] unsigned long ID,
+		[in] unsigned short NumStrings,
+		[in] unsigned long DataSize,
+		[in] char *ComputerName,
+		[in] unsigned char *SID,
+		[in] char* Strings,
+		[in,size_is(DataSize)] unsigned char *Data,
+		[in] unsigned short Flags);
+		
+	/* FIXME */
+	NTSTATUS Unknown19(handle_t BindingHandle);
+	
+	/* FIXME */
+	NTSTATUS Unknown20(handle_t BindingHandle);
+
+	/* FIXME */
+	NTSTATUS Unknown21(handle_t BindingHandle);
+
+	/* Function 22 */
+	NTSTATUS EventLogGetInfo(
+		handle_t BindingHandle,
+		[in] LOGHANDLE Handle,
+		[in] unsigned long InfoLevel,
+		[out,size_is(BufSize)] unsigned char *Buffer,
+		[in] unsigned long BufSize,
+		[out] unsigned long *BytesNeeded);
+
+}
+

Modified: trunk/reactos/include/idl/idl.xml
--- trunk/reactos/include/idl/idl.xml	2005-09-20 07:37:45 UTC (rev 17939)
+++ trunk/reactos/include/idl/idl.xml	2005-09-20 07:58:28 UTC (rev 17940)
@@ -23,4 +23,16 @@
 	<define name="_X86_" />
 	<file switches="-o">svcctl.idl</file>
 </module>
+<module name="eventlog_server" type="rpcserver">
+	<include base="ReactOS">.</include>
+	<include base="ReactOS">w32api/include</include>
+	<define name="_X86_" />
+	<file switches="-o">eventlogrpc.idl</file>
+</module>
+<module name="eventlog_client" type="rpcclient">
+	<include base="ReactOS">.</include>
+	<include base="ReactOS">w32api/include</include>
+	<define name="_X86_" />
+	<file switches="-o">eventlogrpc.idl</file>
+</module>
 </group>

Modified: trunk/reactos/services/eventlog/eventlog.c
--- trunk/reactos/services/eventlog/eventlog.c	2005-09-20 07:37:45 UTC (rev 17939)
+++ trunk/reactos/services/eventlog/eventlog.c	2005-09-20 07:58:28 UTC (rev 17940)
@@ -1,83 +1,211 @@
 /*
- *  ReactOS kernel
- *  Copyright (C) 2002, 2005 ReactOS Team
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-/*
  * COPYRIGHT:        See COPYING in the top level directory
  * PROJECT:          ReactOS kernel
  * FILE:             services/eventlog/eventlog.c
  * PURPOSE:          Event logging service
- * PROGRAMMER:       Eric Kohl
+ * PROGRAMMERS:      Saveliy Tretiakov (saveliyt@mail.ru)
+ *                   Eric Kohl  
  */
 
-/* INCLUDES *****************************************************************/
 
-#include <windows.h>
-#define NTOS_MODE_USER
-#include <ndk/ntndk.h>
-
 #include "eventlog.h"
 
-#define NDEBUG
-#include <debug.h>
+VOID CALLBACK ServiceMain(DWORD argc, LPTSTR *argv);
 
-
-VOID CALLBACK
-ServiceMain(DWORD argc, LPTSTR *argv);
-
-
-/* GLOBALS ******************************************************************/
-
 SERVICE_TABLE_ENTRY ServiceTable[2] =
 {
   {L"EventLog", (LPSERVICE_MAIN_FUNCTION)ServiceMain},
   {NULL, NULL}
 };
 
+HANDLE MyHeap = NULL;
+PLOGFILE SystemLog = NULL;
 
-/* FUNCTIONS *****************************************************************/
+VOID CALLBACK ServiceMain(DWORD argc, LPTSTR *argv)
+{
+    HANDLE hThread;
 
+    hThread = CreateThread(NULL,
+                           0,
+                           (LPTHREAD_START_ROUTINE)
+                            PortThreadRoutine,
+                           NULL,
+                           0,
+                           NULL);
+    
+    if(!hThread) DPRINT("Can't create PortThread\n");
+    else CloseHandle(hThread);
+    
+    hThread = CreateThread(NULL,
+                           0,
+                           (LPTHREAD_START_ROUTINE)
+                            RpcThreadRoutine,
+                           NULL,
+                           0,
+                           NULL);
 
-VOID CALLBACK
-ServiceMain(DWORD argc, LPTSTR *argv)
+    if(!hThread) DPRINT("Can't create RpcThread\n");
+    else CloseHandle(hThread);
+}
+
+
+int main(int argc, char *argv[])
 {
-  DPRINT("ServiceMain() called\n");
+	WCHAR SysLogPath[MAX_PATH];
+	MyHeap = HeapCreate(0, 1024*256, 0);
 
-  if (StartPortThread() == FALSE)
-    {
-      DPRINT("StartPortThread() failed\n");
-    }
+	if(MyHeap==NULL)
+	{
+		DbgPrint("EventLog: FATAL ERROR, can't create heap.\n");
+		return 1;
+	}
+	
+	/*
+	This will be fixed in near future
+	 */
+	
+	GetWindowsDirectory(SysLogPath, MAX_PATH);
+	lstrcat(SysLogPath, L"\\system32\\config\\SysEvent.evt");
 
-  DPRINT("ServiceMain() done\n");
+	SystemLog = LogfCreate(L"System", SysLogPath);
+
+	if(SystemLog == NULL)
+	{
+		DbgPrint("EventLog: FATAL ERROR, can't create %S\n", SysLogPath);
+		HeapDestroy(MyHeap);
+		return 1;
+	}
+
+    StartServiceCtrlDispatcher(ServiceTable);
+
+	LogfClose(SystemLog);
+	HeapDestroy(MyHeap);
+
+    return 0;
 }
 
+VOID EventTimeToSystemTime(DWORD EventTime, 
+                           SYSTEMTIME *pSystemTime)
+{
+	SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
+	FILETIME ftLocal;
+	union {
+		FILETIME ft;
+		ULONGLONG ll;
+	} u1970, uUCT;
+	
+	uUCT.ft.dwHighDateTime = 0;
+	uUCT.ft.dwLowDateTime = EventTime;
+	SystemTimeToFileTime(&st1970, &u1970.ft);
+	uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
+	FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
+	FileTimeToSystemTime(&ftLocal, pSystemTime);
+}
 
-int
-main(int argc, char *argv[])
+VOID SystemTimeToEventTime(SYSTEMTIME *pSystemTime,
+						   DWORD *pEventTime)
 {
-  DPRINT("main() called\n");
+	SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
+	union {
+		FILETIME ft;
+		ULONGLONG ll;
+	} Time, u1970;
 
-  StartServiceCtrlDispatcher(ServiceTable);
+	SystemTimeToFileTime(pSystemTime, &Time.ft);
+	SystemTimeToFileTime(&st1970, &u1970.ft);
+	*pEventTime = (Time.ll - u1970.ll) / 10000000; 
+}
 
-  DPRINT("main() done\n");
+VOID PRINT_HEADER(PFILE_HEADER header)
+{
+	DPRINT("SizeOfHeader=%d\n",header->SizeOfHeader);
+	DPRINT("Signature=0x%x\n",header->Signature);
+	DPRINT("MajorVersion=%d\n",header->MajorVersion);
+	DPRINT("MinorVersion=%d\n",header->MinorVersion);
+	DPRINT("FirstRecordOffset=%d\n",header->FirstRecordOffset);
+	DPRINT("EofOffset=0x%x\n",header->EofOffset);
+	DPRINT("NextRecord=%d\n",header->NextRecord);
+	DPRINT("OldestRecord=%d\n",header->OldestRecord);
+	DPRINT("unknown1=0x%x\n",header->unknown1);
+	DPRINT("unknown2=0x%x\n",header->unknown2);
+	DPRINT("SizeOfHeader2=%d\n",header->SizeOfHeader2);
+	DPRINT("Flags: ");
+	if(header->Flags & LOGFILE_FLAG1)DPRINT("LOGFILE_FLAG1 ");
+	if(header->Flags & LOGFILE_FLAG2)DPRINT("| LOGFILE_FLAG2 ");
+	if(header->Flags & LOGFILE_FLAG3)DPRINT("| LOGFILE_FLAG3 ");
+	if(header->Flags & LOGFILE_FLAG4)DPRINT("| LOGFILE_FLAG4");
+	DPRINT("\n"); 
+}
 
-  ExitThread(0);
+VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
+{
+	UINT i;
+	WCHAR *str;
+	SYSTEMTIME time;
+	
+	DPRINT("Length=%d\n", pRec->Length );
+	DPRINT("Reserved=0x%x\n", pRec->Reserved );
+	DPRINT("RecordNumber=%d\n", pRec->RecordNumber );
+	
+	EventTimeToSystemTime(pRec->TimeGenerated, &time);
+	DPRINT("TimeGenerated=%d.%d.%d %d:%d:%d\n", 
+			time.wDay, time.wMonth, time.wYear,
+			time.wHour, time.wMinute, time.wSecond);
 
-  return 0;
+	EventTimeToSystemTime(pRec->TimeWritten, &time);  
+	DPRINT("TimeWritten=%d.%d.%d %d:%d:%d\n", 
+			time.wDay, time.wMonth, time.wYear,
+			time.wHour, time.wMinute, time.wSecond);
+
+	DPRINT("EventID=%d\n", pRec->EventID ); 
+
+	switch(pRec->EventType)
+	{
+		case EVENTLOG_ERROR_TYPE:
+			DPRINT("EventType = EVENTLOG_ERROR_TYPE\n");
+			break;
+		case EVENTLOG_WARNING_TYPE:
+			DPRINT("EventType = EVENTLOG_WARNING_TYPE\n");
+			break;
+		case EVENTLOG_INFORMATION_TYPE:
+			DPRINT("EventType = EVENTLOG_INFORMATION_TYPE\n");
+ 			break;
+		case EVENTLOG_AUDIT_SUCCESS:
+			DPRINT("EventType = EVENTLOG_AUDIT_SUCCESS\n");
+			break;
+		case EVENTLOG_AUDIT_FAILURE:
+			DPRINT("EventType = EVENTLOG_AUDIT_FAILURE\n");
+			break;
+		default:
+			DPRINT("EventType = %x\n");
+	}	
+
+	DPRINT("NumStrings=%d\n",  pRec->NumStrings );
+	DPRINT("EventCategory=%d\n",  pRec->EventCategory); 
+	DPRINT("ReservedFlags=0x%x\n", pRec->ReservedFlags);
+	DPRINT("ClosingRecordNumber=%d\n", pRec->ClosingRecordNumber);
+	DPRINT("StringOffset=%d\n", pRec->StringOffset); 
+	DPRINT("UserSidLength=%d\n", pRec->UserSidLength);  
+	DPRINT("UserSidOffset=%d\n", pRec->UserSidOffset); 
+	DPRINT("DataLength=%d\n", pRec->DataLength); 
+	DPRINT("DataOffset=%d\n", pRec->DataOffset); 
+
+	DPRINT("SourceName: %S\n", (WCHAR *)(((PBYTE)pRec)+sizeof(EVENTLOGRECORD)));
+	i = (lstrlenW((WCHAR *)(((PBYTE)pRec)+sizeof(EVENTLOGRECORD)))+1)*sizeof(WCHAR);
+	DPRINT("ComputerName: %S\n", (WCHAR *)(((PBYTE)pRec)+sizeof(EVENTLOGRECORD)+i));
+	
+	if(pRec->StringOffset < pRec->Length && pRec->NumStrings){
+		DPRINT("Strings:\n");
+		str = (WCHAR*)(((PBYTE)pRec)+pRec->StringOffset);
+		for(i = 0; i < pRec->NumStrings; i++)
+		{
+			DPRINT("[%d] %S\n", i, str);
+			str = str+lstrlenW(str)+1;
+		}
+	}
+
+	DPRINT("Length2=%d\n", *(PDWORD)(((PBYTE)pRec)+pRec->Length-4));
 }
 
-/* EOF */
+
+

Modified: trunk/reactos/services/eventlog/eventlog.h
--- trunk/reactos/services/eventlog/eventlog.h	2005-09-20 07:37:45 UTC (rev 17939)
+++ trunk/reactos/services/eventlog/eventlog.h	2005-09-20 07:58:28 UTC (rev 17940)
@@ -1,17 +1,329 @@
-
+/*
+ * COPYRIGHT:   See COPYING in the top level directory
+ * PROJECT:     ReactOS
+ * FILE:        eventlog.h
+ * PURPOSE:     Event logging service
+ * PROGRAMMER:  Saveliy Tretiakov (saveliyt@mail.ru)
+ */
+ 
 #ifndef __EVENTLOG_H__
 #define __EVENTLOG_H__
 
+#include <windows.h>
+#define NTOS_MODE_USER
+#include <ndk/ntndk.h>
+#include <debug.h>
+#include "eventlogrpc_s.h"
+
 typedef struct _IO_ERROR_LPC
 {
     PORT_MESSAGE Header;
     IO_ERROR_LOG_MESSAGE Message;
 } IO_ERROR_LPC, *PIO_ERROR_LPC;
 
-BOOL
-StartPortThread(VOID);
+#define LOGHANDLE unsigned char*
+#define PLOGHANDLE int* 
 
+#define MAJORVER 1
+#define MINORVER 1
 
+/*
+ *  Our file format will be compatible with NT's
+ */
+
+#define LOGFILE_SIGNATURE 0x654c664c 
+
+/*  
+ *  FIXME
+ *  Flags used in logfile header
+ */
+#define LOGFILE_FLAG1 1
+#define LOGFILE_FLAG2 2
+#define LOGFILE_FLAG3 4
+#define LOGFILE_FLAG4 8
+
+typedef struct {
+	DWORD SizeOfHeader;
+	DWORD Signature;
+	DWORD MajorVersion;
+	DWORD MinorVersion;
+	DWORD FirstRecordOffset;
+	DWORD EofOffset;
+	DWORD NextRecord;
+	DWORD OldestRecord;
+	DWORD unknown1;
+	DWORD Flags;
+	DWORD unknown2; 
+	DWORD SizeOfHeader2; 
+} FILE_HEADER, *PFILE_HEADER;
+
+typedef struct {
+	DWORD Size1;
+	DWORD Ones; // Must be 0x11111111
+	DWORD Twos; // Must be 0x22222222
+	DWORD Threes; // Must be 0x33333333
+	DWORD Fours; // Must be 0x44444444
+	DWORD StartOffset;
+	DWORD EndOffset;
+	DWORD NextRecordNumber;
+	DWORD OldestRecordNumber;
+	DWORD Size2;
+} EOF_RECORD, *PEOF_RECORD;
+
+typedef struct {
+	ULONG EventNumber;
+	ULONG EventOffset;
+} EVENT_OFFSET_INFO, *PEVENT_OFFSET_INFO;
+
+typedef struct {
+	HANDLE hFile;
+	FILE_HEADER Header;
+	WCHAR *LogName;
+	WCHAR *FileName;
+    CRITICAL_SECTION cs;
+	PEVENT_OFFSET_INFO OffsetInfo;
+	ULONG OffsetInfoSize;
+	ULONG OffsetInfoNext;
+	PVOID Next;
+	PVOID Prev;
+} LOGFILE, *PLOGFILE;
+
+
+/* file.c */
+PLOGFILE LogfListHead();
+
+INT LogfListItemCount();
+
+PLOGFILE LogfListItemByIndex(INT Index);
+
+PLOGFILE LogfListItemByName(WCHAR *Name);
+
+VOID LogfListAddItem(PLOGFILE Item);
+
+VOID LogfListRemoveItem(PLOGFILE Item);
+
+BOOL LogfReadEvent(PLOGFILE LogFile,
+                   DWORD Flags,
+                   DWORD RecordNumber,
+                   DWORD BufSize,
+                   PBYTE Buffer,
+                   DWORD *BytesRead,
+                   DWORD *BytesNeeded);
+
+BOOL LogfWriteData(PLOGFILE LogFile,
+                    DWORD BufSize,
+                    PBYTE Buffer);
+
+PLOGFILE LogfCreate(WCHAR *LogName, 
+                    WCHAR *FileName);
+
+VOID LogfClose(PLOGFILE LogFile);
+
+BOOL LogfInitializeNew(PLOGFILE LogFile);
+
+BOOL LogfInitializeExisting(PLOGFILE LogFile);
+
+DWORD LogfGetOldestRecord(PLOGFILE LogFile);
+
+ULONG LogfOffsetByNumber(PLOGFILE LogFile,
+						 DWORD RecordNumber);
+
+BOOL LogfAddOffsetInformation(PLOGFILE LogFile, 
+							  ULONG ulNumber,
+							  ULONG ulOffset);
+
+DWORD LogfBuildNewRecord(PBYTE Buffer, 
+						 DWORD dwRecordNumber,
+						 WORD wType,
+						 WORD wCategory,
+						 DWORD dwEventId,
+						 LPCWSTR SourceName,
+						 LPCWSTR ComputerName,
+						 DWORD dwSidLength,
+						 PSID lpUserSid,
+						 WORD wNumStrings,
+						 WCHAR *lpStrings,
+						 DWORD dwDataSize,
+						 LPVOID lpRawData);
+
+/* eventlog.c */
+VOID PRINT_HEADER(PFILE_HEADER header);
+
+VOID PRINT_RECORD(PEVENTLOGRECORD pRec);
+
+VOID EventTimeToSystemTime(DWORD EventTime, 
+						   SYSTEMTIME *SystemTime);
+
+VOID SystemTimeToEventTime(SYSTEMTIME *pSystemTime,
+						   DWORD *pEventTime);
+
+/* logport.c */
+NTSTATUS STDCALL PortThreadRoutine(PVOID Param);
+
+NTSTATUS InitLogPort(VOID);
+
+NTSTATUS ProcessPortMessage(VOID);
+
+/* rpc.c */
+DWORD STDCALL RpcThreadRoutine(LPVOID lpParameter);
+
+NTSTATUS EventLogClearW(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	wchar_t *BackupName);
+
+NTSTATUS EventLogBackupW(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	wchar_t *FileName);
+
+NTSTATUS EventLogClose(
+	handle_t BindingHandle,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogUnregSrc(
+	handle_t BindingHandle,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogRecordsNumber(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	unsigned long *RecordsNumber);
+
+NTSTATUS EventLogGetOldestRec(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	unsigned long *OldestRecNumber);
+
+NTSTATUS Unknown6(handle_t BindingHandle);
+
+NTSTATUS EventLogOpenW(
+	handle_t BindingHandle,
+	LPWSTR ServerName,
+	wchar_t *FileName, 
+	wchar_t *NullStr, 
+	unsigned long MajorVer,
+	unsigned long MinorVer,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogRegSrcW(
+	handle_t BindingHandle,
+	LPWSTR ServerName,
+	wchar_t *LogName, 
+	wchar_t *NullStr, 
+	unsigned long MajorVer,
+	unsigned long MinorVer,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogOpenBackupW(
+	handle_t BindingHandle,
+	LPWSTR ServerName,
+	wchar_t *BackupName, 
+	unsigned long MajorVer,
+	unsigned long MinorVer,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogReadW(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	unsigned long Flags,
+	unsigned long Offset,
+	unsigned long BufSize,
+	unsigned char *Buffer,
+	unsigned long *BytesRead,
+	unsigned long *BytesNeeded);
+
+NTSTATUS EventLogReportEventW(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	unsigned long Time,
+	unsigned short Type,
+	unsigned short Category,
+	unsigned long ID,
+	unsigned short NumStrings,
+	unsigned long DataSize,
+	wchar_t *ComputerName,
+	unsigned char *SID,
+	wchar_t *Strings,
+	unsigned char *Data,
+	unsigned short Flags);
+
+NTSTATUS EventLogClearA(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	char *BackupName);
+
+NTSTATUS EventLogBackupA(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	char *BackupName);
+
+NTSTATUS EventLogOpenA(
+	handle_t BindingHandle,
+	LPSTR ServerName,
+	char *LogName, 
+	char *NullStr, 
+	unsigned long MajorVer,
+	unsigned long MinorVer,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogRegSrcA(
+	handle_t BindingHandle,
+	LPSTR ServerName,
+	char *LogName, 
+	char *NullStr,
+	unsigned long MajorVer,
+	unsigned long MinorVer,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogOpenBackupA(
+	handle_t BindingHandle,
+	LPSTR ServerName,
+	char *BackupName, 
+	unsigned long MajorVer,
+	unsigned long MinorVer,
+	PLOGHANDLE Handle);
+
+NTSTATUS EventLogReadA(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	unsigned long Flags,
+	unsigned long Offset,
+	unsigned long BufSize,
+	unsigned char *Buffer,
+	unsigned long *BytesRead,
+	unsigned long *BytesNeeded);
+
+NTSTATUS EventLogReportEventA(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	unsigned long Time,
+	unsigned short Type,
+	unsigned short Category,
+	unsigned long ID,
+	unsigned short NumStrings,
+	unsigned long DataSize,
+	char *ComputerName,
+	unsigned char *SID,
+	char* Strings,
+	unsigned char *Data,
+	unsigned short Flags);
+
+NTSTATUS Unknown19(handle_t BindingHandle);
+
+NTSTATUS Unknown20(handle_t BindingHandle);
+
+NTSTATUS Unknown21(handle_t BindingHandle);
+
+NTSTATUS EventLogGetInfo(
+	handle_t BindingHandle,
+	LOGHANDLE Handle,
+	unsigned long InfoLevel,
+	unsigned char *Buffer,
+	unsigned long BufSize,
+	unsigned long *BytesNeeded);
+
+
+
 #endif /* __EVENTLOG_H__ */
 
-/* EOF */

Modified: trunk/reactos/services/eventlog/eventlog.xml
--- trunk/reactos/services/eventlog/eventlog.xml	2005-09-20 07:37:45 UTC (rev 17939)
+++ trunk/reactos/services/eventlog/eventlog.xml	2005-09-20 07:58:28 UTC (rev 17940)
@@ -1,12 +1,17 @@
 <module name="eventlog" type="win32cui" installbase="system32" installname="eventlog.exe">
 	<include base="eventlog">.</include>
+	<include base="eventlog_server">.</include>
 	<define name="UNICODE" />
 	<define name="_UNICODE" />
 	<define name="__USE_W32API" />
 	<library>ntdll</library>
 	<library>kernel32</library>
 	<library>advapi32</library>
+	<library>eventlog_server</library>
+	<library>rpcrt4</library>
 	<file>eventlog.c</file>
 	<file>logport.c</file>
 	<file>eventlog.rc</file>
+	<file>rpc.c</file>
+	<file>file.c</file>
 </module>

Added: trunk/reactos/services/eventlog/file.c
--- trunk/reactos/services/eventlog/file.c	2005-09-20 07:37:45 UTC (rev 17939)
+++ trunk/reactos/services/eventlog/file.c	2005-09-20 07:58:28 UTC (rev 17940)
@@ -0,0 +1,684 @@
+/*
+ * COPYRIGHT:        See COPYING in the top level directory
+ * PROJECT:          ReactOS
+ * FILE:             services/eventlog/file.c
+ * PURPOSE:          Event logging service
+ * PROGRAMMER:       Saveliy Tretiakov (saveliyt@mail.ru)
+ */
+ 
+#include "eventlog.h"
+
+PLOGFILE _LogListHead = NULL;
+extern HANDLE MyHeap;
+
+BOOL LogfInitializeNew(PLOGFILE LogFile)
+{
+    DWORD dwWritten;
+	EOF_RECORD EofRec;
+    
+    ZeroMemory(&LogFile->Header, sizeof(FILE_HEADER));
+	SetFilePointer(LogFile->hFile, 0, NULL, FILE_BEGIN);
+	SetEndOfFile(LogFile->hFile);
+	
+	LogFile->Header.SizeOfHeader = sizeof(FILE_HEADER);
+	LogFile->Header.SizeOfHeader2 = sizeof(FILE_HEADER);
+	LogFile->Header.FirstRecordOffset = sizeof(FILE_HEADER);
+	LogFile->Header.EofOffset = sizeof(FILE_HEADER);
+	LogFile->Header.MajorVersion = MAJORVER;
+	LogFile->Header.MinorVersion = MINORVER;
+	LogFile->Header.NextRecord = 1;
+
+	LogFile->Header.Signature = LOGFILE_SIGNATURE;
+	WriteFile(LogFile->hFile,
+			  &LogFile->Header,
+			  sizeof(FILE_HEADER),
+			  &dwWritten,
+			  NULL);
+
+	EofRec.Ones = 0x11111111;
+	EofRec.Twos = 0x22222222;
+	EofRec.Threes = 0x33333333;
+	EofRec.Fours = 0x44444444;
+	EofRec.Size1 = sizeof(EOF_RECORD);
+	EofRec.Size2 = sizeof(EOF_RECORD);
+	EofRec.NextRecordNumber = LogFile->Header.NextRecord;
+	EofRec.OldestRecordNumber = LogFile->Header.OldestRecord;
+	EofRec.StartOffset = LogFile->Header.FirstRecordOffset;
+	EofRec.EndOffset = LogFile->Header.EofOffset;
+
+	WriteFile(LogFile->hFile, &EofRec, sizeof(EOF_RECORD), &dwWritten, NULL);
+
+	FlushFileBuffers(LogFile->hFile);
+      
+    return TRUE;
+}
+
+BOOL LogfInitializeExisting(PLOGFILE LogFile)
+{
+	DWORD dwRead;
+	DWORD dwRecordsNumber = 0;
+	DWORD dwRecSize, dwRecSign, dwFilePointer;
+	PDWORD pdwRecSize2;
+	PEVENTLOGRECORD RecBuf;
+
+	SetFilePointer(LogFile->hFile, 0, NULL, FILE_BEGIN);
+	ReadFile(LogFile->hFile, 
+             &LogFile->Header, 
+             sizeof(FILE_HEADER), 
+             &dwRead, NULL);
+             
+	if(dwRead != sizeof(FILE_HEADER))
+	{
+		DPRINT("EventLog: Invalid file %S.\n", LogFile->FileName);
+		return LogfInitializeNew(LogFile);
+    }
+    
+	if(LogFile->Header.SizeOfHeader != sizeof(FILE_HEADER) ||
+		LogFile->Header.SizeOfHeader2 != sizeof(FILE_HEADER))
+	{
+		DPRINT("EventLog: Invalid header size in %S.\n", LogFile->FileName);
+		return LogfInitializeNew(LogFile);
+    }
+    
+    if(LogFile->Header.Signature != LOGFILE_SIGNATURE)
+    {
+        DPRINT("EventLog: Invalid signature %x in %S.\n", 
+               LogFile->Header.Signature,
+               LogFile->FileName);
+        return LogfInitializeNew(LogFile);
+    }
+
+	if(LogFile->Header.EofOffset > GetFileSize(LogFile->hFile, NULL)+1)
+	{
+        DPRINT("EventLog: Invalid eof offset %x in %S.\n", 
+               LogFile->Header.EofOffset,
+               LogFile->FileName);
+        return LogfInitializeNew(LogFile);
+	}
+
+	for(;;)
+	{
+		dwFilePointer = SetFilePointer(LogFile->hFile, 
+									   0, 
+									   NULL, 
+									   FILE_CURRENT);
+
+		ReadFile(LogFile->hFile, 
[truncated at 1000 lines; 1352 more skipped]