[ekohl] 54678: [ADVAPI33/EVENTLOG] - Determine the event generation time in ReportEventA/W and use it. - Replace magic values by proper type size.
17 Dec
2011
17 Dec
'11
11:47 p.m.
Author: ekohl
Date: Sat Dec 17 23:47:28 2011
New Revision: 54678
URL: http://svn.reactos.org/svn/reactos?rev=54678&view=rev
Log:
[ADVAPI33/EVENTLOG]
- Determine the event generation time in ReportEventA/W and use it.
- Replace magic values by proper type size.
Modified:
trunk/reactos/base/services/eventlog/eventlog.c
trunk/reactos/base/services/eventlog/eventlog.h
trunk/reactos/base/services/eventlog/file.c
trunk/reactos/base/services/eventlog/logport.c
trunk/reactos/base/services/eventlog/rpc.c
trunk/reactos/dll/win32/advapi32/advapi32.h
trunk/reactos/dll/win32/advapi32/service/eventlog.c
Modified: trunk/reactos/base/services/eventlog/eventlog.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/eve…
==============================================================================
--- trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] (original)
+++ trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] Sat Dec 17 23:47:28 2011
@@ -463,20 +463,6 @@
uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
FileTimeToSystemTime(&ftLocal, pSystemTime);
-}
-
-VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, DWORD * pEventTime)
-{
- SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
- union
- {
- FILETIME ft;
- ULONGLONG ll;
- } Time, u1970;
-
- SystemTimeToFileTime(pSystemTime, &Time.ft);
- SystemTimeToFileTime(&st1970, &u1970.ft);
- *pEventTime = (DWORD)((Time.ll - u1970.ll) / 10000000ull);
}
VOID PRINT_HEADER(PEVENTLOGHEADER header)
Modified: trunk/reactos/base/services/eventlog/eventlog.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/eve…
==============================================================================
--- trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] (original)
+++ trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] Sat Dec 17 23:47:28 2011
@@ -16,6 +16,7 @@
#include <windows.h>
#include <netevent.h>
#include <lpctypes.h>
+#include <kefuncs.h>
#include <lpcfuncs.h>
#include <rtlfuncs.h>
#include <obfuncs.h>
@@ -168,6 +169,7 @@
PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
DWORD dwRecordNumber,
+ DWORD dwTime,
WORD wType,
WORD wCategory,
DWORD dwEventId,
@@ -199,9 +201,6 @@
VOID EventTimeToSystemTime(DWORD EventTime,
SYSTEMTIME * SystemTime);
-VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime,
- DWORD * pEventTime);
-
/* eventsource.c */
VOID InitEventSourceList(VOID);
Modified: trunk/reactos/base/services/eventlog/file.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/fil…
==============================================================================
--- trunk/reactos/base/services/eventlog/file.c [iso-8859-1] (original)
+++ trunk/reactos/base/services/eventlog/file.c [iso-8859-1] Sat Dec 17 23:47:28 2011
@@ -870,18 +870,18 @@
{
DWORD dwWritten;
DWORD dwRead;
- SYSTEMTIME st;
EVENTLOGEOF EofRec;
PEVENTLOGRECORD RecBuf;
LARGE_INTEGER logFileSize;
+ LARGE_INTEGER SystemTime;
ULONG RecOffSet;
ULONG WriteOffSet;
if (!Buffer)
return FALSE;
- GetSystemTime(&st);
- SystemTimeToEventTime(&st, &((PEVENTLOGRECORD) Buffer)->TimeWritten);
+ NtQuerySystemTime(&SystemTime);
+ RtlTimeToSecondsSince1970(&SystemTime, &((PEVENTLOGRECORD)
Buffer)->TimeWritten);
EnterCriticalSection(&LogFile->cs);
@@ -1125,6 +1125,7 @@
PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
DWORD dwRecordNumber,
+ DWORD dwTime,
WORD wType,
WORD wCategory,
DWORD dwEventId,
@@ -1139,7 +1140,6 @@
{
DWORD dwRecSize;
PEVENTLOGRECORD pRec;
- SYSTEMTIME SysTime;
WCHAR *str;
UINT i, pos;
PBYTE Buffer;
@@ -1148,8 +1148,8 @@
sizeof(EVENTLOGRECORD) + (lstrlenW(ComputerName) +
lstrlenW(SourceName) + 2) * sizeof(WCHAR);
- if (dwRecSize % 4 != 0)
- dwRecSize += 4 - (dwRecSize % 4);
+ if (dwRecSize % sizeof(DWORD) != 0)
+ dwRecSize += sizeof(DWORD) - (dwRecSize % sizeof(DWORD));
dwRecSize += dwSidLength;
@@ -1160,10 +1160,10 @@
}
dwRecSize += dwDataSize;
- if (dwRecSize % 4 != 0)
- dwRecSize += 4 - (dwRecSize % 4);
-
- dwRecSize += 4;
+ if (dwRecSize % sizeof(DWORD) != 0)
+ dwRecSize += sizeof(DWORD) - (dwRecSize % sizeof(DWORD));
+
+ dwRecSize += sizeof(DWORD);
Buffer = HeapAlloc(MyHeap, HEAP_ZERO_MEMORY, dwRecSize);
@@ -1178,9 +1178,8 @@
pRec->Reserved = LOGFILE_SIGNATURE;
pRec->RecordNumber = dwRecordNumber;
- GetSystemTime(&SysTime);
- SystemTimeToEventTime(&SysTime, &pRec->TimeGenerated);
- SystemTimeToEventTime(&SysTime, &pRec->TimeWritten);
+ pRec->TimeGenerated = dwTime;
+ pRec->TimeWritten = dwTime;
pRec->EventID = dwEventId;
pRec->EventType = wType;
@@ -1195,8 +1194,8 @@
pRec->UserSidOffset = pos;
- if (pos % 4 != 0)
- pos += 4 - (pos % 4);
+ if (pos % sizeof(DWORD) != 0)
+ pos += sizeof(DWORD) - (pos % sizeof(DWORD));
if (dwSidLength)
{
@@ -1223,8 +1222,8 @@
pos += dwDataSize;
}
- if (pos % 4 != 0)
- pos += 4 - (pos % 4);
+ if (pos % sizeof(DWORD) != 0)
+ pos += sizeof(DWORD) - (pos % sizeof(DWORD));
*((PDWORD) (Buffer + pos)) = dwRecSize;
@@ -1249,6 +1248,8 @@
DWORD lastRec;
DWORD recSize;
DWORD dwError;
+ DWORD dwTime;
+ LARGE_INTEGER SystemTime;
if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
{
@@ -1261,9 +1262,13 @@
return;
}
+ NtQuerySystemTime(&SystemTime);
+ RtlTimeToSecondsSince1970(&SystemTime, &dwTime);
+
lastRec = LogfGetCurrentRecord(pEventSource->LogFile);
logBuffer = LogfAllocAndBuildNewRecord(&recSize,
+ dwTime,
lastRec,
wType,
wCategory,
Modified: trunk/reactos/base/services/eventlog/logport.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/log…
==============================================================================
--- trunk/reactos/base/services/eventlog/logport.c [iso-8859-1] (original)
+++ trunk/reactos/base/services/eventlog/logport.c [iso-8859-1] Sat Dec 17 23:47:28 2011
@@ -109,6 +109,8 @@
DWORD dwRecSize;
NTSTATUS Status;
PLOGFILE SystemLog = NULL;
+ LARGE_INTEGER SystemTime;
+ ULONG Seconds;
DPRINT("ProcessPortMessage() called\n");
@@ -145,7 +147,10 @@
Message = (PIO_ERROR_LOG_MESSAGE) & Request.Message;
ulRecNum = SystemLog ? SystemLog->Header.CurrentRecordNumber : 0;
- pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord(&dwRecSize,
+ NtQuerySystemTime(&SystemTime);
+ RtlTimeToSecondsSince1970(&SystemTime, &Seconds);
+
+ pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord(&dwRecSize, Seconds,
ulRecNum, Message->Type, Message->EntryData.EventCategory,
Message->EntryData.ErrorCode,
(WCHAR *) (((PBYTE) Message) + Message->DriverNameOffset),
Modified: trunk/reactos/base/services/eventlog/rpc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/rpc…
==============================================================================
--- trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] (original)
+++ trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] Sat Dec 17 23:47:28 2011
@@ -496,6 +496,7 @@
if (UserSID)
dwUserSidLength = FIELD_OFFSET(SID,
SubAuthority[UserSID->SubAuthorityCount]);
LogBuffer = LogfAllocAndBuildNewRecord(&recSize,
+ Time,
lastRec,
EventType,
EventCategory,
Modified: trunk/reactos/dll/win32/advapi32/advapi32.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi3…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/advapi32.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/advapi32.h [iso-8859-1] Sat Dec 17 23:47:28 2011
@@ -28,6 +28,7 @@
#include <ndk/cmfuncs.h>
#include <ndk/exfuncs.h>
#include <ndk/iofuncs.h>
+#include <ndk/kefuncs.h>
#include <ndk/obfuncs.h>
#include <ndk/psfuncs.h>
#include <ndk/rtlfuncs.h>
Modified: trunk/reactos/dll/win32/advapi32/service/eventlog.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/service…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/service/eventlog.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/service/eventlog.c [iso-8859-1] Sat Dec 17 23:47:28
2011
@@ -945,6 +945,8 @@
WORD i;
CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
DWORD dwSize;
+ LARGE_INTEGER SystemTime;
+ ULONG Seconds;
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
hEventLog, wType, wCategory, dwEventID, lpUserSid,
@@ -974,10 +976,13 @@
GetComputerNameA(szComputerName, &dwSize);
RtlInitAnsiString(&ComputerName, szComputerName);
+ NtQuerySystemTime(&SystemTime);
+ RtlTimeToSecondsSince1970(&SystemTime, &Seconds);
+
RpcTryExcept
{
Status = ElfrReportEventA(hEventLog,
- 0, /* FIXME: Time */
+ Seconds,
wType,
wCategory,
dwEventID,
@@ -1046,6 +1051,8 @@
WORD i;
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
DWORD dwSize;
+ LARGE_INTEGER SystemTime;
+ ULONG Seconds;
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
hEventLog, wType, wCategory, dwEventID, lpUserSid,
@@ -1075,10 +1082,13 @@
GetComputerNameW(szComputerName, &dwSize);
RtlInitUnicodeString(&ComputerName, szComputerName);
+ NtQuerySystemTime(&SystemTime);
+ RtlTimeToSecondsSince1970(&SystemTime, &Seconds);
+
RpcTryExcept
{
Status = ElfrReportEventW(hEventLog,
- 0, /* FIXME: Time */
+ Seconds,
wType,
wCategory,
dwEventID,
4758
days inactive
4758
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org