20 Sep
2005
20 Sep
'05
7:58 a.m.
Saveliy Tretiakov <saveliyt(a)mail.ru>ru>:
EventLog changes
- Implement basic file operations (WindowsNT compatible file format)
- Write events from lpc port to System Log
(to read these events, open \ReactOS\system32\config\SysEvent.evt in
Windows
EventViewer)
- RPC server (stubs)
Added: trunk/reactos/include/idl/eventlogrpc.idl
Modified: trunk/reactos/include/idl/idl.xml
Modified: trunk/reactos/services/eventlog/eventlog.c
Modified: trunk/reactos/services/eventlog/eventlog.h
Modified: trunk/reactos/services/eventlog/eventlog.xml
Added: trunk/reactos/services/eventlog/file.c
Modified: trunk/reactos/services/eventlog/logport.c
Added: trunk/reactos/services/eventlog/rpc.c
_____
Added: trunk/reactos/include/idl/eventlogrpc.idl
--- trunk/reactos/include/idl/eventlogrpc.idl 2005-09-20 07:37:45 UTC
(rev 17939)
+++ trunk/reactos/include/idl/eventlogrpc.idl 2005-09-20 07:58:28 UTC
(rev 17940)
@@ -0,0 +1,237 @@
+/*
+ * Copyright (c) 2005 Saveliy Tretiakov (saveliyt(a)mail.ru)
+ *
+ * This program is free software; you can redistribute it and/or
modify
+ * it under the terms of the GNU General Public License as published
by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+[
+ uuid(82273FDC-E32A-18C3-3F78-827929DC23EA),
+ version(0.0),
+ pointer_default(unique),
+ explicit_handle
+]
+
+interface eventlog
+{
+ /*
+ cpp_quote("#if 0")
+ typedef [handle, unique] wchar_t *LPWSTR;
+ typedef [handle, unique] char *LPSTR;
+ cpp_quote("#endif")
+ typedef [context_handle] void *LOGHANDLE;
+ typedef LOGHANDLE *PLOGHANDLE;
+ typedef unsigned int NTSTATUS;
+
+ typedef struct _UNICODE_STRING {
+ unsigned short Length;
+ unsigned short MaximumLength;
+ [size_is(MaximumLength)] wchar_t *Buffer;
+ } UNICODE_STRING, *PUNICODE_STRING;
+
+ typedef struct _ANSI_STRING {
+ unsigned short Length;
+ unsigned short MaximumLength;
+ [size_is(MaximumLength)] char *Buffer;
+ } ANSI_STRING, *PANSI_STRING;
+ */
+
+ #define LPWSTR wchar_t*
+ #define LPSTR char*
+ #define LOGHANDLE unsigned char*
+ #define PLOGHANDLE int*
+ #define NTSTATUS long
+
+ /* Function 0 */
+ NTSTATUS EventLogClearW(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] wchar_t *BackupName);
+
+ /* Function 1 */
+ NTSTATUS EventLogBackupW(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] wchar_t *FileName);
+
+ /* Function 2 */
+ NTSTATUS EventLogClose(
+ handle_t BindingHandle,
+ [in,out] PLOGHANDLE Handle);
+
+ /* Function 3 */
+ NTSTATUS EventLogUnregSrc(
+ handle_t BindingHandle,
+ [in,out] PLOGHANDLE Handle);
+
+ /* Function 4 */
+ NTSTATUS EventLogRecordsNumber(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [out] unsigned long *RecordsNumber);
+
+ /* Function 5 */
+ NTSTATUS EventLogGetOldestRec(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [out] unsigned long *OldestRecNumber);
+
+ /* FIXME */
+ NTSTATUS Unknown6(handle_t BindingHandle);
+
+ /* Function 7 */
+ NTSTATUS EventLogOpenW(
+ handle_t BindingHandle,
+ [in] LPWSTR ServerName,
+ [in] wchar_t *FileName,
+ [in] wchar_t *NullStr,
+ [in] unsigned long MajorVer,
+ [in] unsigned long MinorVer,
+ [out] PLOGHANDLE Handle );
+
+ /* Function 8 */
+ NTSTATUS EventLogRegSrcW(
+ handle_t BindingHandle,
+ [in] LPWSTR ServerName,
+ [in] wchar_t *LogName,
+ [in] wchar_t *NullStr,
+ [in] unsigned long MajorVer,
+ [in] unsigned long MinorVer,
+ [out] PLOGHANDLE Handle);
+
+ /* Function 9 */
+ NTSTATUS EventLogOpenBackupW(
+ handle_t BindingHandle,
+ [in] LPWSTR ServerName,
+ [in] wchar_t *BackupName,
+ [in] unsigned long MajorVer,
+ [in] unsigned long MinorVer,
+ [out] PLOGHANDLE Handle);
+
+ /* Function 10 */
+ NTSTATUS EventLogReadW(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] unsigned long Flags,
+ [in] unsigned long Offset,
+ [in] unsigned long BufSize,
+ [out,size_is(BufSize)] unsigned char *Buffer,
+ [out] unsigned long *BytesRead,
+ [out] unsigned long *BytesNeeded);
+
+ /* Function 11 */
+ NTSTATUS EventLogReportEventW(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] unsigned long Time,
+ [in] unsigned short Type,
+ [in] unsigned short Category,
+ [in] unsigned long ID,
+ [in] unsigned short NumStrings,
+ [in] unsigned long DataSize,
+ [in] wchar_t *ComputerName,
+ [in] unsigned char *SID,
+ [in] wchar_t *Strings,
+ [in,size_is(DataSize)] unsigned char *Data,
+ [in] unsigned short Flags);
+
+ /* Function 12 */
+ NTSTATUS EventLogClearA(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] char *BackupName);
+
+ /* Function 13 */
+ NTSTATUS EventLogBackupA(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] char *BackupName);
+
+ /* Function 14 */
+ NTSTATUS EventLogOpenA(
+ handle_t BindingHandle,
+ [in] LPSTR ServerName,
+ [in] char *LogName,
+ [in] char *NullStr,
+ [in] unsigned long MajorVer,
+ [in] unsigned long MinorVer,
+ [out] PLOGHANDLE Handle);
+
+ /* Function 15 */
+ NTSTATUS EventLogRegSrcA(
+ handle_t BindingHandle,
+ [in] LPSTR ServerName,
+ [in] char *LogName,
+ [in] char *NullStr,
+ [in] unsigned long MajorVer,
+ [in] unsigned long MinorVer,
+ [out] PLOGHANDLE Handle);
+
+
+ /* Function 16 */
+ NTSTATUS EventLogOpenBackupA(
+ handle_t BindingHandle,
+ [in] LPSTR ServerName,
+ [in] char *BackupName,
+ [in] unsigned long MajorVer,
+ [in] unsigned long MinorVer,
+ [out] PLOGHANDLE Handle);
+
+ /* Function 17 */
+ NTSTATUS EventLogReadA(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] unsigned long Flags,
+ [in] unsigned long Offset,
+ [in] unsigned long BufSize,
+ [out,size_is(BufSize)] unsigned char *Buffer,
+ [out] unsigned long *BytesRead,
+ [out] unsigned long *BytesNeeded);
+
+ /* Function 18 */
+ NTSTATUS EventLogReportEventA(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] unsigned long Time,
+ [in] unsigned short Type,
+ [in] unsigned short Category,
+ [in] unsigned long ID,
+ [in] unsigned short NumStrings,
+ [in] unsigned long DataSize,
+ [in] char *ComputerName,
+ [in] unsigned char *SID,
+ [in] char* Strings,
+ [in,size_is(DataSize)] unsigned char *Data,
+ [in] unsigned short Flags);
+
+ /* FIXME */
+ NTSTATUS Unknown19(handle_t BindingHandle);
+
+ /* FIXME */
+ NTSTATUS Unknown20(handle_t BindingHandle);
+
+ /* FIXME */
+ NTSTATUS Unknown21(handle_t BindingHandle);
+
+ /* Function 22 */
+ NTSTATUS EventLogGetInfo(
+ handle_t BindingHandle,
+ [in] LOGHANDLE Handle,
+ [in] unsigned long InfoLevel,
+ [out,size_is(BufSize)] unsigned char *Buffer,
+ [in] unsigned long BufSize,
+ [out] unsigned long *BytesNeeded);
+
+}
+
_____
Modified: trunk/reactos/include/idl/idl.xml
--- trunk/reactos/include/idl/idl.xml 2005-09-20 07:37:45 UTC (rev
17939)
+++ trunk/reactos/include/idl/idl.xml 2005-09-20 07:58:28 UTC (rev
17940)
@@ -23,4 +23,16 @@
<define name="_X86_" />
<file switches="-o">svcctl.idl</file>
</module>
+<module name="eventlog_server" type="rpcserver">
+ <include base="ReactOS">.</include>
+ <include base="ReactOS">w32api/include</include>
+ <define name="_X86_" />
+ <file switches="-o">eventlogrpc.idl</file>
+</module>
+<module name="eventlog_client" type="rpcclient">
+ <include base="ReactOS">.</include>
+ <include base="ReactOS">w32api/include</include>
+ <define name="_X86_" />
+ <file switches="-o">eventlogrpc.idl</file>
+</module>
</group>
_____
Modified: trunk/reactos/services/eventlog/eventlog.c
--- trunk/reactos/services/eventlog/eventlog.c 2005-09-20 07:37:45 UTC
(rev 17939)
+++ trunk/reactos/services/eventlog/eventlog.c 2005-09-20 07:58:28 UTC
(rev 17940)
@@ -1,83 +1,211 @@
/*
- * ReactOS kernel
- * Copyright (C) 2002, 2005 ReactOS Team
- *
- * This program is free software; you can redistribute it and/or
modify
- * it under the terms of the GNU General Public License as published
by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: ReactOS kernel
* FILE: services/eventlog/eventlog.c
* PURPOSE: Event logging service
- * PROGRAMMER: Eric Kohl
+ * PROGRAMMERS: Saveliy Tretiakov (saveliyt(a)mail.ru)
+ * Eric Kohl
*/
-/* INCLUDES
*****************************************************************/
-#include <windows.h>
-#define NTOS_MODE_USER
-#include <ndk/ntndk.h>
-
#include "eventlog.h"
-#define NDEBUG
-#include <debug.h>
+VOID CALLBACK ServiceMain(DWORD argc, LPTSTR *argv);
-
-VOID CALLBACK
-ServiceMain(DWORD argc, LPTSTR *argv);
-
-
-/* GLOBALS
******************************************************************/
-
SERVICE_TABLE_ENTRY ServiceTable[2] =
{
{L"EventLog", (LPSERVICE_MAIN_FUNCTION)ServiceMain},
{NULL, NULL}
};
+HANDLE MyHeap = NULL;
+PLOGFILE SystemLog = NULL;
-/* FUNCTIONS
*****************************************************************/
+VOID CALLBACK ServiceMain(DWORD argc, LPTSTR *argv)
+{
+ HANDLE hThread;
+ hThread = CreateThread(NULL,
+ 0,
+ (LPTHREAD_START_ROUTINE)
+ PortThreadRoutine,
+ NULL,
+ 0,
+ NULL);
+
+ if(!hThread) DPRINT("Can't create PortThread\n");
+ else CloseHandle(hThread);
+
+ hThread = CreateThread(NULL,
+ 0,
+ (LPTHREAD_START_ROUTINE)
+ RpcThreadRoutine,
+ NULL,
+ 0,
+ NULL);
-VOID CALLBACK
-ServiceMain(DWORD argc, LPTSTR *argv)
+ if(!hThread) DPRINT("Can't create RpcThread\n");
+ else CloseHandle(hThread);
+}
+
+
+int main(int argc, char *argv[])
{
- DPRINT("ServiceMain() called\n");
+ WCHAR SysLogPath[MAX_PATH];
+ MyHeap = HeapCreate(0, 1024*256, 0);
- if (StartPortThread() == FALSE)
- {
- DPRINT("StartPortThread() failed\n");
- }
+ if(MyHeap==NULL)
+ {
+ DbgPrint("EventLog: FATAL ERROR, can't create heap.\n");
+ return 1;
+ }
+
+ /*
+ This will be fixed in near future
+ */
+
+ GetWindowsDirectory(SysLogPath, MAX_PATH);
+ lstrcat(SysLogPath, L"\\system32\\config\\SysEvent.evt");
- DPRINT("ServiceMain() done\n");
+ SystemLog = LogfCreate(L"System", SysLogPath);
+
+ if(SystemLog == NULL)
+ {
+ DbgPrint("EventLog: FATAL ERROR, can't create %S\n",
SysLogPath);
+ HeapDestroy(MyHeap);
+ return 1;
+ }
+
+ StartServiceCtrlDispatcher(ServiceTable);
+
+ LogfClose(SystemLog);
+ HeapDestroy(MyHeap);
+
+ return 0;
}
+VOID EventTimeToSystemTime(DWORD EventTime,
+ SYSTEMTIME *pSystemTime)
+{
+ SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
+ FILETIME ftLocal;
+ union {
+ FILETIME ft;
+ ULONGLONG ll;
+ } u1970, uUCT;
+
+ uUCT.ft.dwHighDateTime = 0;
+ uUCT.ft.dwLowDateTime = EventTime;
+ SystemTimeToFileTime(&st1970, &u1970.ft);
+ uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
+ FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
+ FileTimeToSystemTime(&ftLocal, pSystemTime);
+}
-int
-main(int argc, char *argv[])
+VOID SystemTimeToEventTime(SYSTEMTIME *pSystemTime,
+ DWORD *pEventTime)
{
- DPRINT("main() called\n");
+ SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
+ union {
+ FILETIME ft;
+ ULONGLONG ll;
+ } Time, u1970;
- StartServiceCtrlDispatcher(ServiceTable);
+ SystemTimeToFileTime(pSystemTime, &Time.ft);
+ SystemTimeToFileTime(&st1970, &u1970.ft);
+ *pEventTime = (Time.ll - u1970.ll) / 10000000;
+}
- DPRINT("main() done\n");
+VOID PRINT_HEADER(PFILE_HEADER header)
+{
+ DPRINT("SizeOfHeader=%d\n",header->SizeOfHeader);
+ DPRINT("Signature=0x%x\n",header->Signature);
+ DPRINT("MajorVersion=%d\n",header->MajorVersion);
+ DPRINT("MinorVersion=%d\n",header->MinorVersion);
+ DPRINT("FirstRecordOffset=%d\n",header->FirstRecordOffset);
+ DPRINT("EofOffset=0x%x\n",header->EofOffset);
+ DPRINT("NextRecord=%d\n",header->NextRecord);
+ DPRINT("OldestRecord=%d\n",header->OldestRecord);
+ DPRINT("unknown1=0x%x\n",header->unknown1);
+ DPRINT("unknown2=0x%x\n",header->unknown2);
+ DPRINT("SizeOfHeader2=%d\n",header->SizeOfHeader2);
+ DPRINT("Flags: ");
+ if(header->Flags & LOGFILE_FLAG1)DPRINT("LOGFILE_FLAG1 ");
+ if(header->Flags & LOGFILE_FLAG2)DPRINT("| LOGFILE_FLAG2 ");
+ if(header->Flags & LOGFILE_FLAG3)DPRINT("| LOGFILE_FLAG3 ");
+ if(header->Flags & LOGFILE_FLAG4)DPRINT("| LOGFILE_FLAG4");
+ DPRINT("\n");
+}
- ExitThread(0);
+VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
+{
+ UINT i;
+ WCHAR *str;
+ SYSTEMTIME time;
+
+ DPRINT("Length=%d\n", pRec->Length );
+ DPRINT("Reserved=0x%x\n", pRec->Reserved );
+ DPRINT("RecordNumber=%d\n", pRec->RecordNumber );
+
+ EventTimeToSystemTime(pRec->TimeGenerated, &time);
+ DPRINT("TimeGenerated=%d.%d.%d %d:%d:%d\n",
+ time.wDay, time.wMonth, time.wYear,
+ time.wHour, time.wMinute, time.wSecond);
- return 0;
+ EventTimeToSystemTime(pRec->TimeWritten, &time);
+ DPRINT("TimeWritten=%d.%d.%d %d:%d:%d\n",
+ time.wDay, time.wMonth, time.wYear,
+ time.wHour, time.wMinute, time.wSecond);
+
+ DPRINT("EventID=%d\n", pRec->EventID );
+
+ switch(pRec->EventType)
+ {
+ case EVENTLOG_ERROR_TYPE:
+ DPRINT("EventType = EVENTLOG_ERROR_TYPE\n");
+ break;
+ case EVENTLOG_WARNING_TYPE:
+ DPRINT("EventType = EVENTLOG_WARNING_TYPE\n");
+ break;
+ case EVENTLOG_INFORMATION_TYPE:
+ DPRINT("EventType =
EVENTLOG_INFORMATION_TYPE\n");
+ break;
+ case EVENTLOG_AUDIT_SUCCESS:
+ DPRINT("EventType = EVENTLOG_AUDIT_SUCCESS\n");
+ break;
+ case EVENTLOG_AUDIT_FAILURE:
+ DPRINT("EventType = EVENTLOG_AUDIT_FAILURE\n");
+ break;
+ default:
+ DPRINT("EventType = %x\n");
+ }
+
+ DPRINT("NumStrings=%d\n", pRec->NumStrings );
+ DPRINT("EventCategory=%d\n", pRec->EventCategory);
+ DPRINT("ReservedFlags=0x%x\n", pRec->ReservedFlags);
+ DPRINT("ClosingRecordNumber=%d\n", pRec->ClosingRecordNumber);
+ DPRINT("StringOffset=%d\n", pRec->StringOffset);
+ DPRINT("UserSidLength=%d\n", pRec->UserSidLength);
+ DPRINT("UserSidOffset=%d\n", pRec->UserSidOffset);
+ DPRINT("DataLength=%d\n", pRec->DataLength);
+ DPRINT("DataOffset=%d\n", pRec->DataOffset);
+
+ DPRINT("SourceName: %S\n", (WCHAR
*)(((PBYTE)pRec)+sizeof(EVENTLOGRECORD)));
+ i = (lstrlenW((WCHAR
*)(((PBYTE)pRec)+sizeof(EVENTLOGRECORD)))+1)*sizeof(WCHAR);
+ DPRINT("ComputerName: %S\n", (WCHAR
*)(((PBYTE)pRec)+sizeof(EVENTLOGRECORD)+i));
+
+ if(pRec->StringOffset < pRec->Length && pRec->NumStrings){
+ DPRINT("Strings:\n");
+ str = (WCHAR*)(((PBYTE)pRec)+pRec->StringOffset);
+ for(i = 0; i < pRec->NumStrings; i++)
+ {
+ DPRINT("[%d] %S\n", i, str);
+ str = str+lstrlenW(str)+1;
+ }
+ }
+
+ DPRINT("Length2=%d\n", *(PDWORD)(((PBYTE)pRec)+pRec->Length-4));
}
-/* EOF */
+
+
_____
Modified: trunk/reactos/services/eventlog/eventlog.h
--- trunk/reactos/services/eventlog/eventlog.h 2005-09-20 07:37:45 UTC
(rev 17939)
+++ trunk/reactos/services/eventlog/eventlog.h 2005-09-20 07:58:28 UTC
(rev 17940)
@@ -1,17 +1,329 @@
-
+/*
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS
+ * FILE: eventlog.h
+ * PURPOSE: Event logging service
+ * PROGRAMMER: Saveliy Tretiakov (saveliyt(a)mail.ru)
+ */
+
#ifndef __EVENTLOG_H__
#define __EVENTLOG_H__
+#include <windows.h>
+#define NTOS_MODE_USER
+#include <ndk/ntndk.h>
+#include <debug.h>
+#include "eventlogrpc_s.h"
+
typedef struct _IO_ERROR_LPC
{
PORT_MESSAGE Header;
IO_ERROR_LOG_MESSAGE Message;
} IO_ERROR_LPC, *PIO_ERROR_LPC;
-BOOL
-StartPortThread(VOID);
+#define LOGHANDLE unsigned char*
+#define PLOGHANDLE int*
+#define MAJORVER 1
+#define MINORVER 1
+/*
+ * Our file format will be compatible with NT's
+ */
+
+#define LOGFILE_SIGNATURE 0x654c664c
+
+/*
+ * FIXME
+ * Flags used in logfile header
+ */
+#define LOGFILE_FLAG1 1
+#define LOGFILE_FLAG2 2
+#define LOGFILE_FLAG3 4
+#define LOGFILE_FLAG4 8
+
+typedef struct {
+ DWORD SizeOfHeader;
+ DWORD Signature;
+ DWORD MajorVersion;
+ DWORD MinorVersion;
+ DWORD FirstRecordOffset;
+ DWORD EofOffset;
+ DWORD NextRecord;
+ DWORD OldestRecord;
+ DWORD unknown1;
+ DWORD Flags;
+ DWORD unknown2;
+ DWORD SizeOfHeader2;
+} FILE_HEADER, *PFILE_HEADER;
+
+typedef struct {
+ DWORD Size1;
+ DWORD Ones; // Must be 0x11111111
+ DWORD Twos; // Must be 0x22222222
+ DWORD Threes; // Must be 0x33333333
+ DWORD Fours; // Must be 0x44444444
+ DWORD StartOffset;
+ DWORD EndOffset;
+ DWORD NextRecordNumber;
+ DWORD OldestRecordNumber;
+ DWORD Size2;
+} EOF_RECORD, *PEOF_RECORD;
+
+typedef struct {
+ ULONG EventNumber;
+ ULONG EventOffset;
+} EVENT_OFFSET_INFO, *PEVENT_OFFSET_INFO;
+
+typedef struct {
+ HANDLE hFile;
+ FILE_HEADER Header;
+ WCHAR *LogName;
+ WCHAR *FileName;
+ CRITICAL_SECTION cs;
+ PEVENT_OFFSET_INFO OffsetInfo;
+ ULONG OffsetInfoSize;
+ ULONG OffsetInfoNext;
+ PVOID Next;
+ PVOID Prev;
+} LOGFILE, *PLOGFILE;
+
+
+/* file.c */
+PLOGFILE LogfListHead();
+
+INT LogfListItemCount();
+
+PLOGFILE LogfListItemByIndex(INT Index);
+
+PLOGFILE LogfListItemByName(WCHAR *Name);
+
+VOID LogfListAddItem(PLOGFILE Item);
+
+VOID LogfListRemoveItem(PLOGFILE Item);
+
+BOOL LogfReadEvent(PLOGFILE LogFile,
+ DWORD Flags,
+ DWORD RecordNumber,
+ DWORD BufSize,
+ PBYTE Buffer,
+ DWORD *BytesRead,
+ DWORD *BytesNeeded);
+
+BOOL LogfWriteData(PLOGFILE LogFile,
+ DWORD BufSize,
+ PBYTE Buffer);
+
+PLOGFILE LogfCreate(WCHAR *LogName,
+ WCHAR *FileName);
+
+VOID LogfClose(PLOGFILE LogFile);
+
+BOOL LogfInitializeNew(PLOGFILE LogFile);
+
+BOOL LogfInitializeExisting(PLOGFILE LogFile);
+
+DWORD LogfGetOldestRecord(PLOGFILE LogFile);
+
+ULONG LogfOffsetByNumber(PLOGFILE LogFile,
+ DWORD RecordNumber);
+
+BOOL LogfAddOffsetInformation(PLOGFILE LogFile,
+ ULONG
ulNumber,
+ ULONG
ulOffset);
+
+DWORD LogfBuildNewRecord(PBYTE Buffer,
+ DWORD dwRecordNumber,
+ WORD wType,
+ WORD wCategory,
+ DWORD dwEventId,
+ LPCWSTR SourceName,
+ LPCWSTR ComputerName,
+ DWORD dwSidLength,
+ PSID lpUserSid,
+ WORD wNumStrings,
+ WCHAR *lpStrings,
+ DWORD dwDataSize,
+ LPVOID lpRawData);
+
+/* eventlog.c */
+VOID PRINT_HEADER(PFILE_HEADER header);
+
+VOID PRINT_RECORD(PEVENTLOGRECORD pRec);
+
+VOID EventTimeToSystemTime(DWORD EventTime,
+ SYSTEMTIME
*SystemTime);
+
+VOID SystemTimeToEventTime(SYSTEMTIME *pSystemTime,
+ DWORD *pEventTime);
+
+/* logport.c */
+NTSTATUS STDCALL PortThreadRoutine(PVOID Param);
+
+NTSTATUS InitLogPort(VOID);
+
+NTSTATUS ProcessPortMessage(VOID);
+
+/* rpc.c */
+DWORD STDCALL RpcThreadRoutine(LPVOID lpParameter);
+
+NTSTATUS EventLogClearW(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ wchar_t *BackupName);
+
+NTSTATUS EventLogBackupW(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ wchar_t *FileName);
+
+NTSTATUS EventLogClose(
+ handle_t BindingHandle,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogUnregSrc(
+ handle_t BindingHandle,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogRecordsNumber(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ unsigned long *RecordsNumber);
+
+NTSTATUS EventLogGetOldestRec(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ unsigned long *OldestRecNumber);
+
+NTSTATUS Unknown6(handle_t BindingHandle);
+
+NTSTATUS EventLogOpenW(
+ handle_t BindingHandle,
+ LPWSTR ServerName,
+ wchar_t *FileName,
+ wchar_t *NullStr,
+ unsigned long MajorVer,
+ unsigned long MinorVer,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogRegSrcW(
+ handle_t BindingHandle,
+ LPWSTR ServerName,
+ wchar_t *LogName,
+ wchar_t *NullStr,
+ unsigned long MajorVer,
+ unsigned long MinorVer,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogOpenBackupW(
+ handle_t BindingHandle,
+ LPWSTR ServerName,
+ wchar_t *BackupName,
+ unsigned long MajorVer,
+ unsigned long MinorVer,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogReadW(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ unsigned long Flags,
+ unsigned long Offset,
+ unsigned long BufSize,
+ unsigned char *Buffer,
+ unsigned long *BytesRead,
+ unsigned long *BytesNeeded);
+
+NTSTATUS EventLogReportEventW(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ unsigned long Time,
+ unsigned short Type,
+ unsigned short Category,
+ unsigned long ID,
+ unsigned short NumStrings,
+ unsigned long DataSize,
+ wchar_t *ComputerName,
+ unsigned char *SID,
+ wchar_t *Strings,
+ unsigned char *Data,
+ unsigned short Flags);
+
+NTSTATUS EventLogClearA(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ char *BackupName);
+
+NTSTATUS EventLogBackupA(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ char *BackupName);
+
+NTSTATUS EventLogOpenA(
+ handle_t BindingHandle,
+ LPSTR ServerName,
+ char *LogName,
+ char *NullStr,
+ unsigned long MajorVer,
+ unsigned long MinorVer,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogRegSrcA(
+ handle_t BindingHandle,
+ LPSTR ServerName,
+ char *LogName,
+ char *NullStr,
+ unsigned long MajorVer,
+ unsigned long MinorVer,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogOpenBackupA(
+ handle_t BindingHandle,
+ LPSTR ServerName,
+ char *BackupName,
+ unsigned long MajorVer,
+ unsigned long MinorVer,
+ PLOGHANDLE Handle);
+
+NTSTATUS EventLogReadA(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ unsigned long Flags,
+ unsigned long Offset,
+ unsigned long BufSize,
+ unsigned char *Buffer,
+ unsigned long *BytesRead,
+ unsigned long *BytesNeeded);
+
+NTSTATUS EventLogReportEventA(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ unsigned long Time,
+ unsigned short Type,
+ unsigned short Category,
+ unsigned long ID,
+ unsigned short NumStrings,
+ unsigned long DataSize,
+ char *ComputerName,
+ unsigned char *SID,
+ char* Strings,
+ unsigned char *Data,
+ unsigned short Flags);
+
+NTSTATUS Unknown19(handle_t BindingHandle);
+
+NTSTATUS Unknown20(handle_t BindingHandle);
+
+NTSTATUS Unknown21(handle_t BindingHandle);
+
+NTSTATUS EventLogGetInfo(
+ handle_t BindingHandle,
+ LOGHANDLE Handle,
+ unsigned long InfoLevel,
+ unsigned char *Buffer,
+ unsigned long BufSize,
+ unsigned long *BytesNeeded);
+
+
+
#endif /* __EVENTLOG_H__ */
-/* EOF */
_____
Modified: trunk/reactos/services/eventlog/eventlog.xml
--- trunk/reactos/services/eventlog/eventlog.xml 2005-09-20
07:37:45 UTC (rev 17939)
+++ trunk/reactos/services/eventlog/eventlog.xml 2005-09-20
07:58:28 UTC (rev 17940)
@@ -1,12 +1,17 @@
<module name="eventlog" type="win32cui"
installbase="system32"
installname="eventlog.exe">
<include base="eventlog">.</include>
+ <include base="eventlog_server">.</include>
<define name="UNICODE" />
<define name="_UNICODE" />
<define name="__USE_W32API" />
<library>ntdll</library>
<library>kernel32</library>
<library>advapi32</library>
+ <library>eventlog_server</library>
+ <library>rpcrt4</library>
<file>eventlog.c</file>
<file>logport.c</file>
<file>eventlog.rc</file>
+ <file>rpc.c</file>
+ <file>file.c</file>
</module>
_____
Added: trunk/reactos/services/eventlog/file.c
--- trunk/reactos/services/eventlog/file.c 2005-09-20 07:37:45 UTC
(rev 17939)
+++ trunk/reactos/services/eventlog/file.c 2005-09-20 07:58:28 UTC
(rev 17940)
@@ -0,0 +1,684 @@
+/*
+ * COPYRIGHT: See COPYING in the top level directory
+ * PROJECT: ReactOS
+ * FILE: services/eventlog/file.c
+ * PURPOSE: Event logging service
+ * PROGRAMMER: Saveliy Tretiakov (saveliyt(a)mail.ru)
+ */
+
+#include "eventlog.h"
+
+PLOGFILE _LogListHead = NULL;
+extern HANDLE MyHeap;
+
+BOOL LogfInitializeNew(PLOGFILE LogFile)
+{
+ DWORD dwWritten;
+ EOF_RECORD EofRec;
+
+ ZeroMemory(&LogFile->Header, sizeof(FILE_HEADER));
+ SetFilePointer(LogFile->hFile, 0, NULL, FILE_BEGIN);
+ SetEndOfFile(LogFile->hFile);
+
+ LogFile->Header.SizeOfHeader = sizeof(FILE_HEADER);
+ LogFile->Header.SizeOfHeader2 = sizeof(FILE_HEADER);
+ LogFile->Header.FirstRecordOffset = sizeof(FILE_HEADER);
+ LogFile->Header.EofOffset = sizeof(FILE_HEADER);
+ LogFile->Header.MajorVersion = MAJORVER;
+ LogFile->Header.MinorVersion = MINORVER;
+ LogFile->Header.NextRecord = 1;
+
+ LogFile->Header.Signature = LOGFILE_SIGNATURE;
+ WriteFile(LogFile->hFile,
+ &LogFile->Header,
+ sizeof(FILE_HEADER),
+ &dwWritten,
+ NULL);
+
+ EofRec.Ones = 0x11111111;
+ EofRec.Twos = 0x22222222;
+ EofRec.Threes = 0x33333333;
+ EofRec.Fours = 0x44444444;
+ EofRec.Size1 = sizeof(EOF_RECORD);
+ EofRec.Size2 = sizeof(EOF_RECORD);
+ EofRec.NextRecordNumber = LogFile->Header.NextRecord;
+ EofRec.OldestRecordNumber = LogFile->Header.OldestRecord;
+ EofRec.StartOffset = LogFile->Header.FirstRecordOffset;
+ EofRec.EndOffset = LogFile->Header.EofOffset;
+
+ WriteFile(LogFile->hFile, &EofRec, sizeof(EOF_RECORD),
&dwWritten, NULL);
+
+ FlushFileBuffers(LogFile->hFile);
+
+ return TRUE;
+}
+
+BOOL LogfInitializeExisting(PLOGFILE LogFile)
+{
+ DWORD dwRead;
+ DWORD dwRecordsNumber = 0;
+ DWORD dwRecSize, dwRecSign, dwFilePointer;
+ PDWORD pdwRecSize2;
+ PEVENTLOGRECORD RecBuf;
+
+ SetFilePointer(LogFile->hFile, 0, NULL, FILE_BEGIN);
+ ReadFile(LogFile->hFile,
+ &LogFile->Header,
+ sizeof(FILE_HEADER),
+ &dwRead, NULL);
+
+ if(dwRead != sizeof(FILE_HEADER))
+ {
+ DPRINT("EventLog: Invalid file %S.\n",
LogFile->FileName);
+ return LogfInitializeNew(LogFile);
+ }
+
+ if(LogFile->Header.SizeOfHeader != sizeof(FILE_HEADER) ||
+ LogFile->Header.SizeOfHeader2 != sizeof(FILE_HEADER))
+ {
+ DPRINT("EventLog: Invalid header size in %S.\n",
LogFile->FileName);
+ return LogfInitializeNew(LogFile);
+ }
+
+ if(LogFile->Header.Signature != LOGFILE_SIGNATURE)
+ {
+ DPRINT("EventLog: Invalid signature %x in %S.\n",
+ LogFile->Header.Signature,
+ LogFile->FileName);
+ return LogfInitializeNew(LogFile);
+ }
+
+ if(LogFile->Header.EofOffset > GetFileSize(LogFile->hFile,
NULL)+1)
+ {
+ DPRINT("EventLog: Invalid eof offset %x in %S.\n",
+ LogFile->Header.EofOffset,
+ LogFile->FileName);
+ return LogfInitializeNew(LogFile);
+ }
+
+ for(;;)
+ {
+ dwFilePointer = SetFilePointer(LogFile->hFile,
+
0,
+
NULL,
+
FILE_CURRENT);
+
+ ReadFile(LogFile->hFile,
[truncated at 1000 lines; 1352 more skipped]
6940
days inactive
6940
days old
0 comments
1 participants
participants (1)
-
gvg@svn.reactos.com