[hbelusca] 72213: [EVENTLOG] - Use NT functions to retrieve timestamps for events. - Log kernel events with the current computer name. - Don't hardcode variables types for sizeofs. - Add type-check...
Author: hbelusca Date: Fri Aug 12 19:14:55 2016 New Revision: 72213
URL: http://svn.reactos.org/svn/reactos?rev=72213&view=rev Log: [EVENTLOG] - Use NT functions to retrieve timestamps for events. - Log kernel events with the current computer name. - Don't hardcode variables types for sizeofs. - Add type-checks for the data to be retrieved from the registry, and use default values in case the values do not exist or are invalid. - Use ULONG_PTR to perform pointer arithmetics. - Use string-safe functions for copy/concatenation. - Cache EventLog source for eventlog service self-logging. - Unlock the LogFile in LogfClearFile. - Fix rounding in LogfAllocAndBuildNewRecord. - Verify ELF handle validity in ElfrGetLogInformation. - Implement IELF_HANDLE_rundown to correctly cleanup ELF handles when client apps shut down. Adapt also the parameter of ElfDeleteEventLogHandle for reusing it there. - Update some code formatting. CORE-11842 #resolve
I don't completely touch file.c as it contains most of my upcoming eventlog fixes...
Modified: trunk/reactos/base/services/eventlog/eventlog.c trunk/reactos/base/services/eventlog/eventlog.h trunk/reactos/base/services/eventlog/eventsource.c trunk/reactos/base/services/eventlog/file.c trunk/reactos/base/services/eventlog/logport.c trunk/reactos/base/services/eventlog/rpc.c
Modified: trunk/reactos/base/services/eventlog/eventlog.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/even... ============================================================================== --- trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/eventlog.c [iso-8859-1] Fri Aug 12 19:14:55 2016 @@ -33,6 +33,8 @@ BOOL onLiveCD = FALSE; // On livecd events will go to debug output only HANDLE MyHeap = NULL;
+PEVENTSOURCE EventLogSource = NULL; + /* FUNCTIONS ****************************************************************/
static VOID @@ -74,7 +76,6 @@ 0, EVENT_EventlogStopped, 0, NULL, 0, NULL);
- /* Stop listening to incoming RPC messages */ RpcMgmtStopServerListening(NULL); UpdateServiceStatus(SERVICE_STOPPED); @@ -120,15 +121,13 @@
hThread = CreateThread(NULL, 0, - (LPTHREAD_START_ROUTINE) - PortThreadRoutine, + (LPTHREAD_START_ROUTINE)PortThreadRoutine, NULL, 0, NULL); - if (!hThread) { - DPRINT("Can't create PortThread\n"); + DPRINT("Cannot create PortThread\n"); return GetLastError(); } else @@ -136,15 +135,14 @@
hThread = CreateThread(NULL, 0, - (LPTHREAD_START_ROUTINE) - RpcThreadRoutine, + RpcThreadRoutine, NULL, 0, NULL);
if (!hThread) { - DPRINT("Can't create RpcThread\n"); + DPRINT("Cannot create RpcThread\n"); return GetLastError(); } else @@ -165,14 +163,14 @@ DWORD dwType; LONG lResult = ERROR_SUCCESS;
- ZeroMemory(&versionInfo, sizeof(OSVERSIONINFO)); - versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + ZeroMemory(&versionInfo, sizeof(versionInfo)); + versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
/* Get version information */ if (!GetVersionExW(&versionInfo)) return;
- ZeroMemory(szBuffer, 512 * sizeof(WCHAR)); + ZeroMemory(szBuffer, sizeof(szBuffer));
/* Write version into the buffer */ dwLength = swprintf(szBuffer, @@ -197,7 +195,7 @@ &hKey); if (lResult == ERROR_SUCCESS) { - dwValueLength = 512 - dwLength; + dwValueLength = ARRAYSIZE(szBuffer) - dwLength; lResult = RegQueryValueEx(hKey, L"CurrentType", NULL, @@ -268,7 +266,8 @@ }
-PLOGFILE LoadLogFile(HKEY hKey, WCHAR * LogName) +static PLOGFILE +LoadLogFile(HKEY hKey, WCHAR* LogName) { DWORD MaxValueLen, ValueLen, Type, ExpandedLen; WCHAR *Buf = NULL, *Expanded = NULL; @@ -280,58 +279,81 @@
DPRINT("LoadLogFile: %S\n", LogName);
- Result = RegQueryInfoKey(hKey, NULL, NULL, NULL, NULL, NULL, NULL, - NULL, NULL, &MaxValueLen, NULL, NULL); + Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, &MaxValueLen, NULL, NULL); if (Result != ERROR_SUCCESS) { - DPRINT1("RegQueryInfoKey failed: %lu\n", Result); + DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result); return NULL; }
+ MaxValueLen = ROUND_DOWN(MaxValueLen, sizeof(WCHAR)); Buf = HeapAlloc(MyHeap, 0, MaxValueLen); if (!Buf) { - DPRINT1("Can't allocate heap!\n"); + DPRINT1("Cannot allocate heap!\n"); return NULL; }
ValueLen = MaxValueLen; - - Result = RegQueryValueEx(hKey, - L"File", - NULL, - &Type, - (LPBYTE) Buf, - &ValueLen); - if (Result != ERROR_SUCCESS) - { - DPRINT1("RegQueryValueEx failed: %lu\n", Result); + Result = RegQueryValueExW(hKey, + L"File", + NULL, + &Type, + (LPBYTE)Buf, + &ValueLen); + /* + * If we failed, because the registry value was inexistent + * or the value type was incorrect, create a new "File" value + * that holds the default event log path. + */ + if ((Result != ERROR_SUCCESS) || (Type != REG_EXPAND_SZ && Type != REG_SZ)) + { + MaxValueLen = (wcslen(L"%SystemRoot%\System32\Config\") + + wcslen(LogName) + wcslen(L".evt") + 1) * sizeof(WCHAR); + + Expanded = HeapReAlloc(MyHeap, 0, Buf, MaxValueLen); + if (!Expanded) + { + DPRINT1("Cannot reallocate heap!\n"); + HeapFree(MyHeap, 0, Buf); + return NULL; + } + Buf = Expanded; + + StringCbCopyW(Buf, MaxValueLen, L"%SystemRoot%\System32\Config\"); + StringCbCatW(Buf, MaxValueLen, LogName); + StringCbCatW(Buf, MaxValueLen, L".evt"); + + ValueLen = MaxValueLen; + Result = RegSetValueExW(hKey, + L"File", + 0, + REG_EXPAND_SZ, + (LPBYTE)Buf, + ValueLen); + if (Result != ERROR_SUCCESS) + { + DPRINT1("RegSetValueEx failed: %lu\n", Result); + HeapFree(MyHeap, 0, Buf); + return NULL; + } + } + + ExpandedLen = ExpandEnvironmentStringsW(Buf, NULL, 0); + Expanded = HeapAlloc(MyHeap, 0, ExpandedLen * sizeof(WCHAR)); + if (!Expanded) + { + DPRINT1("Cannot allocate heap!\n"); HeapFree(MyHeap, 0, Buf); return NULL; }
- if (Type != REG_EXPAND_SZ && Type != REG_SZ) - { - DPRINT1("%S\File - value of wrong type %x.\n", LogName, Type); - HeapFree(MyHeap, 0, Buf); - return NULL; - } - - ExpandedLen = ExpandEnvironmentStrings(Buf, NULL, 0); - Expanded = HeapAlloc(MyHeap, 0, ExpandedLen * sizeof(WCHAR)); - if (!Expanded) - { - DPRINT1("Can't allocate heap!\n"); - HeapFree(MyHeap, 0, Buf); - return NULL; - } - - ExpandEnvironmentStrings(Buf, Expanded, ExpandedLen); - - if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName, - NULL, NULL)) - { - DPRINT1("Can't convert path!\n"); + ExpandEnvironmentStringsW(Buf, Expanded, ExpandedLen); + + if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName, NULL, NULL)) + { + DPRINT1("Cannot convert path!\n"); HeapFree(MyHeap, 0, Expanded); HeapFree(MyHeap, 0, Buf); return NULL; @@ -339,25 +361,47 @@
DPRINT("%S -> %S\n", Buf, Expanded);
- ValueLen = sizeof(ULONG); - Result = RegQueryValueEx(hKey, - L"MaxSize", - NULL, - &Type, - (LPBYTE)&ulMaxSize, - &ValueLen); - if (Result != ERROR_SUCCESS) + ValueLen = sizeof(ulMaxSize); + Result = RegQueryValueExW(hKey, + L"MaxSize", + NULL, + &Type, + (LPBYTE)&ulMaxSize, + &ValueLen); + if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD)) + { ulMaxSize = 512 * 1024; /* 512 kBytes */
- ValueLen = sizeof(ULONG); - Result = RegQueryValueEx(hKey, - L"Retention", - NULL, - &Type, - (LPBYTE)&ulRetention, - &ValueLen); - if (Result != ERROR_SUCCESS) + Result = RegSetValueExW(hKey, + L"MaxSize", + 0, + REG_DWORD, + (LPBYTE)&ulMaxSize, + sizeof(ulMaxSize)); + } + + ValueLen = sizeof(ulRetention); + Result = RegQueryValueExW(hKey, + L"Retention", + NULL, + &Type, + (LPBYTE)&ulRetention, + &ValueLen); + if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD)) + { + /* On Windows 2003 it is 604800 (secs) == 7 days */ ulRetention = 0; + + Result = RegSetValueExW(hKey, + L"Retention", + 0, + REG_DWORD, + (LPBYTE)&ulRetention, + sizeof(ulRetention)); + } + + // TODO: Add, or use, default values for "AutoBackupLogFiles" (REG_DWORD) + // and "CustomSD" (REG_SZ).
Status = LogfCreate(&pLogf, LogName, &FileName, ulMaxSize, ulRetention, TRUE, FALSE); if (!NT_SUCCESS(Status)) @@ -365,47 +409,44 @@ DPRINT1("Failed to create %S! (Status %08lx)\n", Expanded, Status); }
+ HeapFree(MyHeap, 0, Expanded); HeapFree(MyHeap, 0, Buf); - HeapFree(MyHeap, 0, Expanded); return pLogf; }
-BOOL LoadLogFiles(HKEY eventlogKey) +static BOOL +LoadLogFiles(HKEY eventlogKey) { LONG Result; DWORD MaxLognameLen, LognameLen; WCHAR *Buf = NULL; - INT i; + DWORD dwIndex; PLOGFILE pLogFile;
- Result = RegQueryInfoKey(eventlogKey, - NULL, NULL, NULL, NULL, - &MaxLognameLen, - NULL, NULL, NULL, NULL, NULL, NULL); + Result = RegQueryInfoKeyW(eventlogKey, NULL, NULL, NULL, NULL, &MaxLognameLen, + NULL, NULL, NULL, NULL, NULL, NULL); if (Result != ERROR_SUCCESS) { - DPRINT1("RegQueryInfoKey failed: %lu\n", Result); + DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result); return FALSE; }
MaxLognameLen++;
Buf = HeapAlloc(MyHeap, 0, MaxLognameLen * sizeof(WCHAR)); - if (!Buf) { - DPRINT1("Error: can't allocate heap!\n"); + DPRINT1("Error: cannot allocate heap!\n"); return FALSE; }
- i = 0; LognameLen = MaxLognameLen; - - while (RegEnumKeyEx(eventlogKey, - i, - Buf, - &LognameLen, - NULL, NULL, NULL, NULL) == ERROR_SUCCESS) + dwIndex = 0; + while (RegEnumKeyExW(eventlogKey, + dwIndex, + Buf, + &LognameLen, + NULL, NULL, NULL, NULL) == ERROR_SUCCESS) { HKEY SubKey;
@@ -431,15 +472,17 @@ }
RegCloseKey(SubKey); + LognameLen = MaxLognameLen; - i++; + dwIndex++; }
HeapFree(MyHeap, 0, Buf); return TRUE; }
-INT wmain() + +int wmain(int argc, WCHAR* argv[]) { WCHAR LogPath[MAX_PATH]; INT RetCode = 0; @@ -458,9 +501,9 @@ goto bye_bye; }
- GetWindowsDirectory(LogPath, MAX_PATH); - - if (GetDriveType(LogPath) == DRIVE_CDROM) + GetWindowsDirectoryW(LogPath, MAX_PATH); + + if (GetDriveTypeW(LogPath) == DRIVE_CDROM) { DPRINT("LiveCD detected\n"); onLiveCD = TRUE; @@ -475,7 +518,7 @@
if (Result != ERROR_SUCCESS) { - DPRINT1("Fatal error: can't open eventlog registry key.\n"); + DPRINT1("Fatal error: cannot open eventlog registry key.\n"); RetCode = 1; goto bye_bye; } @@ -483,9 +526,15 @@ LoadLogFiles(elogKey); }
+ EventLogSource = GetEventSourceByName(L"EventLog"); + if (!EventLogSource) + { + DPRINT1("No EventLog source available, the EventLog service will not be able to log its own events.\n"); + } + StartServiceCtrlDispatcher(ServiceTable);
- bye_bye: +bye_bye: LogfCloseAll();
if (MyHeap) @@ -494,40 +543,10 @@ return RetCode; }
-VOID EventTimeToSystemTime(DWORD EventTime, SYSTEMTIME * pSystemTime) -{ - SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 }; - FILETIME ftLocal; - union - { - FILETIME ft; - ULONGLONG ll; - } u1970, uUCT; - - uUCT.ft.dwHighDateTime = 0; - uUCT.ft.dwLowDateTime = EventTime; - SystemTimeToFileTime(&st1970, &u1970.ft); - uUCT.ll = uUCT.ll * 10000000 + u1970.ll; - FileTimeToLocalFileTime(&uUCT.ft, &ftLocal); - FileTimeToSystemTime(&ftLocal, pSystemTime); -} - -VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, DWORD * pEventTime) -{ - SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 }; - union - { - FILETIME ft; - ULONGLONG ll; - } Time, u1970; - - SystemTimeToFileTime(pSystemTime, &Time.ft); - SystemTimeToFileTime(&st1970, &u1970.ft); - *pEventTime = (DWORD)((Time.ll - u1970.ll) / 10000000ull); -} - VOID PRINT_HEADER(PEVENTLOGHEADER header) { + ULONG Flags = header->Flags; + DPRINT("HeaderSize = %lu\n", header->HeaderSize); DPRINT("Signature = 0x%x\n", header->Signature); DPRINT("MajorVersion = %lu\n", header->MajorVersion); @@ -540,10 +559,30 @@ DPRINT("Retention = 0x%x\n", header->Retention); DPRINT("EndHeaderSize = %lu\n", header->EndHeaderSize); DPRINT("Flags: "); - if (header->Flags & ELF_LOGFILE_HEADER_DIRTY) DPRINT("ELF_LOGFILE_HEADER_DIRTY"); - if (header->Flags & ELF_LOGFILE_HEADER_WRAP) DPRINT("| ELF_LOGFILE_HEADER_WRAP "); - if (header->Flags & ELF_LOGFILE_LOGFULL_WRITTEN) DPRINT("| ELF_LOGFILE_LOGFULL_WRITTEN "); - if (header->Flags & ELF_LOGFILE_ARCHIVE_SET) DPRINT("| ELF_LOGFILE_ARCHIVE_SET "); + if (Flags & ELF_LOGFILE_HEADER_DIRTY) + { + DPRINT("ELF_LOGFILE_HEADER_DIRTY"); + Flags &= ~ELF_LOGFILE_HEADER_DIRTY; + } + if (Flags) DPRINT(" | "); + if (Flags & ELF_LOGFILE_HEADER_WRAP) + { + DPRINT("ELF_LOGFILE_HEADER_WRAP"); + Flags &= ~ELF_LOGFILE_HEADER_WRAP; + } + if (Flags) DPRINT(" | "); + if (Flags & ELF_LOGFILE_LOGFULL_WRITTEN) + { + DPRINT("ELF_LOGFILE_LOGFULL_WRITTEN"); + Flags &= ~ELF_LOGFILE_LOGFULL_WRITTEN; + } + if (Flags) DPRINT(" | "); + if (Flags & ELF_LOGFILE_ARCHIVE_SET) + { + DPRINT("ELF_LOGFILE_ARCHIVE_SET"); + Flags &= ~ELF_LOGFILE_ARCHIVE_SET; + } + if (Flags) DPRINT(" | 0x%x", Flags); DPRINT("\n"); }
@@ -551,21 +590,24 @@ { UINT i; WCHAR *str; - SYSTEMTIME time; + LARGE_INTEGER SystemTime; + TIME_FIELDS Time;
DPRINT("Length = %lu\n", pRec->Length); DPRINT("Reserved = 0x%x\n", pRec->Reserved); DPRINT("RecordNumber = %lu\n", pRec->RecordNumber);
- EventTimeToSystemTime(pRec->TimeGenerated, &time); + RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime); + RtlTimeToTimeFields(&SystemTime, &Time); DPRINT("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n", - time.wDay, time.wMonth, time.wYear, - time.wHour, time.wMinute, time.wSecond); - - EventTimeToSystemTime(pRec->TimeWritten, &time); + Time.Day, Time.Month, Time.Year, + Time.Hour, Time.Minute, Time.Second); + + RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime); + RtlTimeToTimeFields(&SystemTime, &Time); DPRINT("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n", - time.wDay, time.wMonth, time.wYear, - time.wHour, time.wMinute, time.wSecond); + Time.Day, Time.Month, Time.Year, + Time.Hour, Time.Minute, Time.Second);
DPRINT("EventID = %lu\n", pRec->EventID);
@@ -600,17 +642,17 @@ DPRINT("DataLength = %lu\n", pRec->DataLength); DPRINT("DataOffset = %lu\n", pRec->DataOffset);
- DPRINT("SourceName: %S\n", (WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD))); - - i = (lstrlenW((WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD))) + 1) * + DPRINT("SourceName: %S\n", (WCHAR *) ((ULONG_PTR)pRec + sizeof(EVENTLOGRECORD))); + + i = (lstrlenW((WCHAR *) ((ULONG_PTR)pRec + sizeof(EVENTLOGRECORD))) + 1) * sizeof(WCHAR);
- DPRINT("ComputerName: %S\n", (WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD) + i)); + DPRINT("ComputerName: %S\n", (WCHAR *) ((ULONG_PTR)pRec + sizeof(EVENTLOGRECORD) + i));
if (pRec->StringOffset < pRec->Length && pRec->NumStrings) { DPRINT("Strings:\n"); - str = (WCHAR *) (((PBYTE) pRec) + pRec->StringOffset); + str = (WCHAR *) ((ULONG_PTR)pRec + pRec->StringOffset); for (i = 0; i < pRec->NumStrings; i++) { DPRINT("[%u] %S\n", i, str); @@ -618,5 +660,5 @@ } }
- DPRINT("Length2 = %lu\n", *(PDWORD) (((PBYTE) pRec) + pRec->Length - 4)); -} + DPRINT("Length2 = %lu\n", *(PDWORD) ((ULONG_PTR)pRec + pRec->Length - 4)); +}
Modified: trunk/reactos/base/services/eventlog/eventlog.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/even... ============================================================================== --- trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/eventlog.h [iso-8859-1] Fri Aug 12 19:14:55 2016 @@ -11,12 +11,18 @@
#include <stdarg.h>
+/* PSDK/NDK Headers */ #define WIN32_NO_STATUS - #include <windef.h> #include <winbase.h> + +#define NTOS_MODE_USER #include <ndk/rtlfuncs.h> #include <ndk/obfuncs.h> + +#define ROUND_DOWN(n, align) (((ULONG)n) & ~((align) - 1l)) +#define ROUND_UP(n, align) ROUND_DOWN(((ULONG)n) + (align) - 1, (align)) + #include <eventlogrpc_s.h> #include <strsafe.h>
@@ -26,21 +32,21 @@ IO_ERROR_LOG_MESSAGE Message; } IO_ERROR_LPC, *PIO_ERROR_LPC;
-#define MAJORVER 1 -#define MINORVER 1
/* * Our file format will be compatible with NT's */ +#define MAJORVER 1 +#define MINORVER 1 #define LOGFILE_SIGNATURE 0x654c664c
/* * Flags used in logfile header */ -#define ELF_LOGFILE_HEADER_DIRTY 1 -#define ELF_LOGFILE_HEADER_WRAP 2 +#define ELF_LOGFILE_HEADER_DIRTY 1 +#define ELF_LOGFILE_HEADER_WRAP 2 #define ELF_LOGFILE_LOGFULL_WRITTEN 4 -#define ELF_LOGFILE_ARCHIVE_SET 8 +#define ELF_LOGFILE_ARCHIVE_SET 8
/* FIXME: MSDN reads that the following two structs are in winnt.h. Are they? */ typedef struct _EVENTLOGHEADER @@ -114,22 +120,38 @@ WCHAR szName[1]; } LOGHANDLE, *PLOGHANDLE;
+ +/* eventlog.c */ +extern HANDLE MyHeap; +extern PEVENTSOURCE EventLogSource; + +VOID PRINT_HEADER(PEVENTLOGHEADER header); +VOID PRINT_RECORD(PEVENTLOGRECORD pRec); + + +/* eventsource.c */ +VOID InitEventSourceList(VOID); + +BOOL +LoadEventSources(HKEY hKey, + PLOGFILE pLogFile); + +PEVENTSOURCE +GetEventSourceByName(LPCWSTR Name); + + /* file.c */ VOID LogfListInitialize(VOID);
-PLOGFILE LogfListHead(VOID); - -INT LogfListItemCount(VOID); - -PLOGFILE LogfListItemByIndex(INT Index); - -PLOGFILE LogfListItemByName(WCHAR * Name); - -INT LogfListItemIndexByName(WCHAR * Name); - -VOID LogfListAddItem(PLOGFILE Item); - -VOID LogfListRemoveItem(PLOGFILE Item); +DWORD LogfListItemCount(VOID); + +PLOGFILE LogfListItemByIndex(DWORD Index); + +PLOGFILE LogfListItemByName(LPCWSTR Name); + +// DWORD LogfListItemIndexByName(WCHAR * Name); + +
DWORD LogfReadEvent(PLOGFILE LogFile, DWORD Flags, @@ -171,61 +193,34 @@
DWORD LogfGetCurrentRecord(PLOGFILE LogFile);
-ULONG LogfOffsetByNumber(PLOGFILE LogFile, - DWORD RecordNumber); - -BOOL LogfAddOffsetInformation(PLOGFILE LogFile, - ULONG ulNumber, - ULONG ulOffset); - -BOOL LogfDeleteOffsetInformation(PLOGFILE LogFile, - ULONG ulNumber); - -PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize, - DWORD dwRecordNumber, - WORD wType, - WORD wCategory, - DWORD dwEventId, - LPCWSTR SourceName, - LPCWSTR ComputerName, - DWORD dwSidLength, - PSID lpUserSid, - WORD wNumStrings, - WCHAR * lpStrings, - DWORD dwDataSize, - LPVOID lpRawData); +PBYTE +LogfAllocAndBuildNewRecord(PULONG lpRecSize, + ULONG dwRecordNumber, // FIXME! + USHORT wType, + USHORT wCategory, + ULONG dwEventId, + PCWSTR SourceName, + PCWSTR ComputerName, + ULONG dwSidLength, + PSID lpUserSid, + USHORT wNumStrings, + WCHAR* lpStrings, + ULONG dwDataSize, + PVOID lpRawData); + +static __inline void LogfFreeRecord(LPVOID Rec) +{ + HeapFree(MyHeap, 0, Rec); +}
VOID -LogfReportEvent(WORD wType, - WORD wCategory, - DWORD dwEventId, - WORD wNumStrings, - WCHAR *lpStrings, - DWORD dwDataSize, - LPVOID lpRawData); - -/* eventlog.c */ -extern HANDLE MyHeap; - -VOID PRINT_HEADER(PEVENTLOGHEADER header); - -VOID PRINT_RECORD(PEVENTLOGRECORD pRec); - -VOID EventTimeToSystemTime(DWORD EventTime, - SYSTEMTIME * SystemTime); - -VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, - DWORD * pEventTime); - -/* eventsource.c */ -VOID InitEventSourceList(VOID); - -BOOL -LoadEventSources(HKEY hKey, - PLOGFILE pLogFile); - -PEVENTSOURCE -GetEventSourceByName(LPCWSTR Name); +LogfReportEvent(USHORT wType, + USHORT wCategory, + ULONG dwEventId, + USHORT wNumStrings, + WCHAR* lpStrings, + ULONG dwDataSize, + PVOID lpRawData);
/* logport.c */ @@ -238,9 +233,4 @@ /* rpc.c */ DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter);
-static __inline void LogfFreeRecord(LPVOID Rec) -{ - HeapFree(MyHeap, 0, Rec); -} - #endif /* __EVENTLOG_H__ */
Modified: trunk/reactos/base/services/eventlog/eventsource.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/even... ============================================================================== --- trunk/reactos/base/services/eventlog/eventsource.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/eventsource.c [iso-8859-1] Fri Aug 12 19:14:55 2016 @@ -70,7 +70,7 @@ NULL, NULL, NULL, NULL, NULL); if (Result != ERROR_SUCCESS) { - DPRINT1("RegQueryInfoKey failed: %lu\n", Result); + DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result); return FALSE; }
@@ -81,12 +81,11 @@ Buf = HeapAlloc(MyHeap, 0, dwMaxSubKeyLength * sizeof(WCHAR)); if (!Buf) { - DPRINT1("Error: can't allocate heap!\n"); + DPRINT1("Error: cannot allocate heap!\n"); return FALSE; }
dwEventSourceNameLength = dwMaxSubKeyLength; - dwIndex = 0; while (RegEnumKeyExW(hKey, dwIndex, @@ -127,7 +126,7 @@ GetEventSourceByName(LPCWSTR Name) { PLIST_ENTRY CurrentEntry; - PEVENTSOURCE Result = NULL; + PEVENTSOURCE Item, Result = NULL;
DPRINT("GetEventSourceByName(%S)\n", Name); EnterCriticalSection(&EventSourceListCs); @@ -135,9 +134,9 @@ CurrentEntry = EventSourceListHead.Flink; while (CurrentEntry != &EventSourceListHead) { - PEVENTSOURCE Item = CONTAINING_RECORD(CurrentEntry, - EVENTSOURCE, - EventSourceListEntry); + Item = CONTAINING_RECORD(CurrentEntry, + EVENTSOURCE, + EventSourceListEntry);
DPRINT("Item->szName: %S\n", Item->szName); // if ((*(Item->szName) != 0) && !_wcsicmp(Item->szName, Name))
Modified: trunk/reactos/base/services/eventlog/file.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/file... ============================================================================== --- trunk/reactos/base/services/eventlog/file.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/file.c [iso-8859-1] Fri Aug 12 19:14:55 2016 @@ -4,24 +4,253 @@ * FILE: base/services/eventlog/file.c * PURPOSE: Event logging service * COPYRIGHT: Copyright 2005 Saveliy Tretiakov - Michael Martin + * Michael Martin */
-/* INCLUDES *****************************************************************/ +/* INCLUDES ******************************************************************/
#include "eventlog.h"
#include <ndk/iofuncs.h> +#include <ndk/kefuncs.h>
#define NDEBUG #include <debug.h>
-/* GLOBALS ******************************************************************/ +/* LOG FILE LIST - GLOBALS ***************************************************/
static LIST_ENTRY LogFileListHead; static CRITICAL_SECTION LogFileListCs;
-/* FUNCTIONS ****************************************************************/ +/* LOG FILE LIST - FUNCTIONS *************************************************/ + +VOID LogfCloseAll(VOID) +{ + EnterCriticalSection(&LogFileListCs); + + while (!IsListEmpty(&LogFileListHead)) + { + LogfClose(CONTAINING_RECORD(LogFileListHead.Flink, LOGFILE, ListEntry), TRUE); + } + + LeaveCriticalSection(&LogFileListCs); + + DeleteCriticalSection(&LogFileListCs); +} + +VOID LogfListInitialize(VOID) +{ + InitializeCriticalSection(&LogFileListCs); + InitializeListHead(&LogFileListHead); +} + +PLOGFILE LogfListItemByName(LPCWSTR Name) +{ + PLIST_ENTRY CurrentEntry; + PLOGFILE Item, Result = NULL; + + EnterCriticalSection(&LogFileListCs); + + CurrentEntry = LogFileListHead.Flink; + while (CurrentEntry != &LogFileListHead) + { + Item = CONTAINING_RECORD(CurrentEntry, + LOGFILE, + ListEntry); + + if (Item->LogName && !lstrcmpi(Item->LogName, Name)) + { + Result = Item; + break; + } + + CurrentEntry = CurrentEntry->Flink; + } + + LeaveCriticalSection(&LogFileListCs); + return Result; +} + +#if 0 +/* Index starting from 1 */ +DWORD LogfListItemIndexByName(WCHAR * Name) +{ + PLIST_ENTRY CurrentEntry; + DWORD Result = 0; + DWORD i = 1; + + EnterCriticalSection(&LogFileListCs); + + CurrentEntry = LogFileListHead.Flink; + while (CurrentEntry != &LogFileListHead) + { + PLOGFILE Item = CONTAINING_RECORD(CurrentEntry, + LOGFILE, + ListEntry); + + if (Item->LogName && !lstrcmpi(Item->LogName, Name)) + { + Result = i; + break; + } + + CurrentEntry = CurrentEntry->Flink; + i++; + } + + LeaveCriticalSection(&LogFileListCs); + return Result; +} +#endif + +/* Index starting from 1 */ +PLOGFILE LogfListItemByIndex(DWORD Index) +{ + PLIST_ENTRY CurrentEntry; + PLOGFILE Result = NULL; + DWORD i = 1; + + EnterCriticalSection(&LogFileListCs); + + CurrentEntry = LogFileListHead.Flink; + while (CurrentEntry != &LogFileListHead) + { + if (i == Index) + { + Result = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry); + break; + } + + CurrentEntry = CurrentEntry->Flink; + i++; + } + + LeaveCriticalSection(&LogFileListCs); + return Result; +} + +DWORD LogfListItemCount(VOID) +{ + PLIST_ENTRY CurrentEntry; + DWORD i = 0; + + EnterCriticalSection(&LogFileListCs); + + CurrentEntry = LogFileListHead.Flink; + while (CurrentEntry != &LogFileListHead) + { + CurrentEntry = CurrentEntry->Flink; + i++; + } + + LeaveCriticalSection(&LogFileListCs); + return i; +} + +static VOID +LogfListAddItem(PLOGFILE Item) +{ + EnterCriticalSection(&LogFileListCs); + InsertTailList(&LogFileListHead, &Item->ListEntry); + LeaveCriticalSection(&LogFileListCs); +} + +static VOID +LogfListRemoveItem(PLOGFILE Item) +{ + EnterCriticalSection(&LogFileListCs); + RemoveEntryList(&Item->ListEntry); + LeaveCriticalSection(&LogFileListCs); +} + + +/* FUNCTIONS *****************************************************************/ + +/* Returns 0 if nothing is found */ +static ULONG +LogfOffsetByNumber(PLOGFILE LogFile, + DWORD RecordNumber) +{ + DWORD i; + + for (i = 0; i < LogFile->OffsetInfoNext; i++) + { + if (LogFile->OffsetInfo[i].EventNumber == RecordNumber) + return LogFile->OffsetInfo[i].EventOffset; + } + return 0; +} + +DWORD LogfGetOldestRecord(PLOGFILE LogFile) +{ + return LogFile->Header.OldestRecordNumber; +} + +DWORD LogfGetCurrentRecord(PLOGFILE LogFile) +{ + return LogFile->Header.CurrentRecordNumber; +} + +static BOOL +LogfAddOffsetInformation(PLOGFILE LogFile, + ULONG ulNumber, + ULONG ulOffset) +{ + LPVOID NewOffsetInfo; + + if (LogFile->OffsetInfoNext == LogFile->OffsetInfoSize) + { + NewOffsetInfo = HeapReAlloc(MyHeap, + HEAP_ZERO_MEMORY, + LogFile->OffsetInfo, + (LogFile->OffsetInfoSize + 64) * + sizeof(EVENT_OFFSET_INFO)); + + if (!NewOffsetInfo) + { + DPRINT1("Cannot reallocate heap.\n"); + return FALSE; + } + + LogFile->OffsetInfo = (PEVENT_OFFSET_INFO)NewOffsetInfo; + LogFile->OffsetInfoSize += 64; + } + + LogFile->OffsetInfo[LogFile->OffsetInfoNext].EventNumber = ulNumber; + LogFile->OffsetInfo[LogFile->OffsetInfoNext].EventOffset = ulOffset; + LogFile->OffsetInfoNext++; + + return TRUE; +} + +static BOOL +LogfDeleteOffsetInformation(PLOGFILE LogFile, + ULONG ulNumber) +{ + DWORD i; + + /* + * As the offset information is listed in increasing order, and we want + * to keep the list without holes, we demand that ulNumber is the first + * element in the list. + */ + if (ulNumber != LogFile->OffsetInfo[0].EventNumber) + return FALSE; + + /* + * RtlMoveMemory(&LogFile->OffsetInfo[0], + * &LogFile->OffsetInfo[1], + * sizeof(EVENT_OFFSET_INFO) * (LogFile->OffsetInfoNext - 1)); + */ + for (i = 0; i < LogFile->OffsetInfoNext - 1; i++) + { + LogFile->OffsetInfo[i].EventNumber = LogFile->OffsetInfo[i + 1].EventNumber; + LogFile->OffsetInfo[i].EventOffset = LogFile->OffsetInfo[i + 1].EventOffset; + } + LogFile->OffsetInfoNext--; + + return TRUE; +}
static NTSTATUS LogfInitializeNew(PLOGFILE LogFile, @@ -466,141 +695,6 @@ return; }
-VOID LogfCloseAll(VOID) -{ - while (!IsListEmpty(&LogFileListHead)) - { - LogfClose(LogfListHead(), TRUE); - } - - DeleteCriticalSection(&LogFileListCs); -} - -VOID LogfListInitialize(VOID) -{ - InitializeCriticalSection(&LogFileListCs); - InitializeListHead(&LogFileListHead); -} - -PLOGFILE LogfListHead(VOID) -{ - return CONTAINING_RECORD(LogFileListHead.Flink, LOGFILE, ListEntry); -} - -PLOGFILE LogfListItemByName(WCHAR * Name) -{ - PLIST_ENTRY CurrentEntry; - PLOGFILE Result = NULL; - - EnterCriticalSection(&LogFileListCs); - - CurrentEntry = LogFileListHead.Flink; - while (CurrentEntry != &LogFileListHead) - { - PLOGFILE Item = CONTAINING_RECORD(CurrentEntry, - LOGFILE, - ListEntry); - - if (Item->LogName && !lstrcmpi(Item->LogName, Name)) - { - Result = Item; - break; - } - - CurrentEntry = CurrentEntry->Flink; - } - - LeaveCriticalSection(&LogFileListCs); - return Result; -} - -/* Index starting from 1 */ -INT LogfListItemIndexByName(WCHAR * Name) -{ - PLIST_ENTRY CurrentEntry; - INT Result = 0; - INT i = 1; - - EnterCriticalSection(&LogFileListCs); - - CurrentEntry = LogFileListHead.Flink; - while (CurrentEntry != &LogFileListHead) - { - PLOGFILE Item = CONTAINING_RECORD(CurrentEntry, - LOGFILE, - ListEntry); - - if (Item->LogName && !lstrcmpi(Item->LogName, Name)) - { - Result = i; - break; - } - - CurrentEntry = CurrentEntry->Flink; - i++; - } - - LeaveCriticalSection(&LogFileListCs); - return Result; -} - -/* Index starting from 1 */ -PLOGFILE LogfListItemByIndex(INT Index) -{ - PLIST_ENTRY CurrentEntry; - PLOGFILE Result = NULL; - INT i = 1; - - EnterCriticalSection(&LogFileListCs); - - CurrentEntry = LogFileListHead.Flink; - while (CurrentEntry != &LogFileListHead) - { - if (i == Index) - { - Result = CONTAINING_RECORD(CurrentEntry, LOGFILE, ListEntry); - break; - } - - CurrentEntry = CurrentEntry->Flink; - i++; - } - - LeaveCriticalSection(&LogFileListCs); - return Result; -} - -INT LogfListItemCount(VOID) -{ - PLIST_ENTRY CurrentEntry; - INT i = 0; - - EnterCriticalSection(&LogFileListCs); - - CurrentEntry = LogFileListHead.Flink; - while (CurrentEntry != &LogFileListHead) - { - CurrentEntry = CurrentEntry->Flink; - i++; - } - - LeaveCriticalSection(&LogFileListCs); - return i; -} - -VOID LogfListAddItem(PLOGFILE Item) -{ - EnterCriticalSection(&LogFileListCs); - InsertTailList(&LogFileListHead, &Item->ListEntry); - LeaveCriticalSection(&LogFileListCs); -} - -VOID LogfListRemoveItem(PLOGFILE Item) -{ - EnterCriticalSection(&LogFileListCs); - RemoveEntryList(&Item->ListEntry); - LeaveCriticalSection(&LogFileListCs); -}
static BOOL ReadAnsiLogEntry(HANDLE hFile, @@ -930,7 +1024,7 @@ { DWORD dwWritten; DWORD dwRead; - SYSTEMTIME st; + LARGE_INTEGER SystemTime; EVENTLOGEOF EofRec; PEVENTLOGRECORD RecBuf; LARGE_INTEGER logFileSize; @@ -940,10 +1034,10 @@ if (!Buffer) return FALSE;
- GetSystemTime(&st); - SystemTimeToEventTime(&st, &((PEVENTLOGRECORD) Buffer)->TimeWritten); - RtlAcquireResourceExclusive(&LogFile->Lock, TRUE); + + NtQuerySystemTime(&SystemTime); + RtlTimeToSecondsSince1970(&SystemTime, &((PEVENTLOGRECORD)Buffer)->TimeWritten);
if (!GetFileSizeEx(LogFile->hFile, &logFileSize)) { @@ -1111,7 +1205,6 @@ return TRUE; }
- NTSTATUS LogfClearFile(PLOGFILE LogFile, PUNICODE_STRING BackupFileName) @@ -1123,12 +1216,11 @@ if (BackupFileName->Length > 0) { /* Write a backup file */ - Status = LogfBackupFile(LogFile, - BackupFileName); + Status = LogfBackupFile(LogFile, BackupFileName); if (!NT_SUCCESS(Status)) { DPRINT1("LogfBackupFile failed (Status: 0x%08lx)\n", Status); - return Status; + goto Quit; } }
@@ -1140,11 +1232,10 @@ DPRINT1("LogfInitializeNew failed (Status: 0x%08lx)\n", Status); }
+Quit: RtlReleaseResource(&LogFile->Lock); - return Status; } -
NTSTATUS LogfBackupFile(PLOGFILE LogFile, @@ -1347,134 +1438,84 @@ }
-/* Returns 0 if nothing found. */ -ULONG LogfOffsetByNumber(PLOGFILE LogFile, DWORD RecordNumber) -{ - DWORD i; - - for (i = 0; i < LogFile->OffsetInfoNext; i++) - { - if (LogFile->OffsetInfo[i].EventNumber == RecordNumber) - return LogFile->OffsetInfo[i].EventOffset; - } - return 0; -} - -DWORD LogfGetOldestRecord(PLOGFILE LogFile) -{ - return LogFile->Header.OldestRecordNumber; -} - -DWORD LogfGetCurrentRecord(PLOGFILE LogFile) -{ - return LogFile->Header.CurrentRecordNumber; -} - -BOOL LogfDeleteOffsetInformation(PLOGFILE LogFile, ULONG ulNumber) -{ - DWORD i; - - if (ulNumber != LogFile->OffsetInfo[0].EventNumber) - { - return FALSE; - } - - for (i = 0; i < LogFile->OffsetInfoNext - 1; i++) - { - LogFile->OffsetInfo[i].EventNumber = LogFile->OffsetInfo[i + 1].EventNumber; - LogFile->OffsetInfo[i].EventOffset = LogFile->OffsetInfo[i + 1].EventOffset; - } - LogFile->OffsetInfoNext--; - return TRUE; -} - -BOOL LogfAddOffsetInformation(PLOGFILE LogFile, ULONG ulNumber, ULONG ulOffset) -{ - LPVOID NewOffsetInfo; - - if (LogFile->OffsetInfoNext == LogFile->OffsetInfoSize) - { - NewOffsetInfo = HeapReAlloc(MyHeap, - HEAP_ZERO_MEMORY, - LogFile->OffsetInfo, - (LogFile->OffsetInfoSize + 64) * - sizeof(EVENT_OFFSET_INFO)); - - if (!NewOffsetInfo) - { - DPRINT1("Can't reallocate heap.\n"); - return FALSE; - } - - LogFile->OffsetInfo = (PEVENT_OFFSET_INFO) NewOffsetInfo; - LogFile->OffsetInfoSize += 64; - } - - LogFile->OffsetInfo[LogFile->OffsetInfoNext].EventNumber = ulNumber; - LogFile->OffsetInfo[LogFile->OffsetInfoNext].EventOffset = ulOffset; - LogFile->OffsetInfoNext++; - - return TRUE; -} - -PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize, - DWORD dwRecordNumber, - WORD wType, - WORD wCategory, - DWORD dwEventId, - LPCWSTR SourceName, - LPCWSTR ComputerName, - DWORD dwSidLength, - PSID lpUserSid, - WORD wNumStrings, - WCHAR * lpStrings, - DWORD dwDataSize, - LPVOID lpRawData) +PBYTE +LogfAllocAndBuildNewRecord(PULONG lpRecSize, + ULONG dwRecordNumber, // FIXME! + USHORT wType, + USHORT wCategory, + ULONG dwEventId, + PCWSTR SourceName, + PCWSTR ComputerName, + ULONG dwSidLength, + PSID lpUserSid, + USHORT wNumStrings, + WCHAR* lpStrings, + ULONG dwDataSize, + PVOID lpRawData) { DWORD dwRecSize; PEVENTLOGRECORD pRec; - SYSTEMTIME SysTime; + LARGE_INTEGER SystemTime; WCHAR *str; UINT i, pos; PBYTE Buffer;
dwRecSize = - sizeof(EVENTLOGRECORD) + (lstrlenW(ComputerName) + - lstrlenW(SourceName) + 2) * sizeof(WCHAR); - - if (dwRecSize % 4 != 0) - dwRecSize += 4 - (dwRecSize % 4); + sizeof(EVENTLOGRECORD) + (lstrlenW(SourceName) + + lstrlenW(ComputerName) + 2) * sizeof(WCHAR); + + /* Align on DWORD boundary for the SID */ + dwRecSize = ROUND_UP(dwRecSize, sizeof(ULONG));
dwRecSize += dwSidLength;
+ /* Add the sizes for the strings array */ for (i = 0, str = lpStrings; i < wNumStrings; i++) { dwRecSize += (lstrlenW(str) + 1) * sizeof(WCHAR); str += lstrlenW(str) + 1; }
+ /* Add the data size */ dwRecSize += dwDataSize; - if (dwRecSize % 4 != 0) - dwRecSize += 4 - (dwRecSize % 4); - - dwRecSize += 4; + + /* Align on DWORD boundary for the full structure */ + dwRecSize = ROUND_UP(dwRecSize, sizeof(ULONG)); + + /* Size of the trailing 'Length' member */ + dwRecSize += sizeof(ULONG);
Buffer = HeapAlloc(MyHeap, HEAP_ZERO_MEMORY, dwRecSize); - if (!Buffer) { - DPRINT1("Can't allocate heap!\n"); + DPRINT1("Cannot allocate heap!\n"); return NULL; }
- pRec = (PEVENTLOGRECORD) Buffer; + pRec = (PEVENTLOGRECORD)Buffer; pRec->Length = dwRecSize; pRec->Reserved = LOGFILE_SIGNATURE; + + // FIXME: The problem with this technique is that it is possible + // to allocate different records with the same number. Suppose that + // two concurrent events writes happen for the same log, and the + // execution goes inside this function. The callers of this function + // have normally retrieved the 'CurrentRecordNumber' of this log, where + // the access to the log was non locked and no write operation happened + // in between. Then we have two different records for the same log with + // the very same record number, that will be written later. It is only in + // 'LogfWriteRecord' that the 'CurrentRecordNumber' is incremented!! + // + // Therefore we need to rewrite those functions. This function must + // not take any "precomputed" record number. It should attribute a new + // record number under lock, and then increment it atomically, so that + // all event records have unique record numbers. pRec->RecordNumber = dwRecordNumber;
- GetSystemTime(&SysTime); - SystemTimeToEventTime(&SysTime, &pRec->TimeGenerated); - SystemTimeToEventTime(&SysTime, &pRec->TimeWritten); + NtQuerySystemTime(&SystemTime); + RtlTimeToSecondsSince1970(&SystemTime, &pRec->TimeGenerated); + // FIXME: Already done in LogfWriteRecord. Is it needed to do that here first?? + RtlTimeToSecondsSince1970(&SystemTime, &pRec->TimeWritten);
pRec->EventID = dwEventId; pRec->EventType = wType; @@ -1487,11 +1528,10 @@ lstrcpyW((WCHAR *) (Buffer + pos), ComputerName); pos += (lstrlenW(ComputerName) + 1) * sizeof(WCHAR);
+ /* Align on DWORD boundary for the SID */ + pos = ROUND_UP(pos, sizeof(ULONG)); + pRec->UserSidOffset = pos; - - if (pos % 4 != 0) - pos += 4 - (pos % 4); - if (dwSidLength) { CopyMemory(Buffer + pos, lpUserSid, dwSidLength); @@ -1517,53 +1557,49 @@ pos += dwDataSize; }
- if (pos % 4 != 0) - pos += 4 - (pos % 4); - + /* Align on DWORD boundary for the full structure */ + pos = ROUND_UP(pos, sizeof(ULONG)); + + /* Initialize the trailing 'Length' member */ *((PDWORD) (Buffer + pos)) = dwRecSize;
*lpRecSize = dwRecSize; return Buffer; }
- VOID -LogfReportEvent(WORD wType, - WORD wCategory, - DWORD dwEventId, - WORD wNumStrings, - WCHAR *lpStrings, - DWORD dwDataSize, - LPVOID lpRawData) +LogfReportEvent(USHORT wType, + USHORT wCategory, + ULONG dwEventId, + USHORT wNumStrings, + WCHAR* lpStrings, + ULONG dwDataSize, + PVOID lpRawData) { WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1]; DWORD dwComputerNameLength = MAX_COMPUTERNAME_LENGTH + 1; - PEVENTSOURCE pEventSource = NULL; PBYTE logBuffer; DWORD lastRec; DWORD recSize; DWORD dwError;
+ if (!EventLogSource) + return; + if (!GetComputerNameW(szComputerName, &dwComputerNameLength)) { - szComputerName[0] = 0; - } - - pEventSource = GetEventSourceByName(L"EventLog"); - if (pEventSource == NULL) - { - return; - } - - lastRec = LogfGetCurrentRecord(pEventSource->LogFile); + szComputerName[0] = L'\0'; + } + + lastRec = LogfGetCurrentRecord(EventLogSource->LogFile);
logBuffer = LogfAllocAndBuildNewRecord(&recSize, - lastRec, + lastRec, // FIXME! wType, wCategory, dwEventId, - pEventSource->szName, - (LPCWSTR)szComputerName, + EventLogSource->szName, + szComputerName, 0, NULL, wNumStrings, @@ -1571,10 +1607,10 @@ dwDataSize, lpRawData);
- dwError = LogfWriteData(pEventSource->LogFile, recSize, logBuffer); + dwError = LogfWriteData(EventLogSource->LogFile, recSize, logBuffer); if (!dwError) { - DPRINT1("ERROR WRITING TO EventLog %S\n", pEventSource->LogFile->FileName); + DPRINT1("ERROR WRITING TO EventLog %S\n", EventLogSource->LogFile->FileName); }
LogfFreeRecord(logBuffer);
Modified: trunk/reactos/base/services/eventlog/logport.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/logp... ============================================================================== --- trunk/reactos/base/services/eventlog/logport.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/logport.c [iso-8859-1] Fri Aug 12 19:14:55 2016 @@ -18,8 +18,8 @@
/* GLOBALS ******************************************************************/
-HANDLE ConnectPortHandle = NULL; -HANDLE MessagePortHandle = NULL; +static HANDLE ConnectPortHandle = NULL; +static HANDLE MessagePortHandle = NULL; extern BOOL onLiveCD;
/* FUNCTIONS ****************************************************************/ @@ -70,7 +70,6 @@ }
Status = NtListenPort(ConnectPortHandle, &Request); - if (!NT_SUCCESS(Status)) { DPRINT1("NtListenPort() failed (Status %lx)\n", Status); @@ -79,7 +78,6 @@
Status = NtAcceptConnectPort(&MessagePortHandle, ConnectPortHandle, NULL, TRUE, NULL, NULL); - if (!NT_SUCCESS(Status)) { DPRINT1("NtAcceptConnectPort() failed (Status %lx)\n", Status); @@ -93,7 +91,7 @@ goto ByeBye; }
- ByeBye: +ByeBye: if (!NT_SUCCESS(Status)) { if (ConnectPortHandle != NULL) @@ -114,6 +112,8 @@ DWORD dwRecSize; NTSTATUS Status; PLOGFILE SystemLog = NULL; + WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1]; + DWORD dwComputerNameLength = MAX_COMPUTERNAME_LENGTH + 1;
DPRINT("ProcessPortMessage() called\n");
@@ -150,18 +150,27 @@ Message = (PIO_ERROR_LOG_MESSAGE) & Request.Message; ulRecNum = SystemLog ? SystemLog->Header.CurrentRecordNumber : 0;
- pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord(&dwRecSize, - ulRecNum, Message->Type, Message->EntryData.EventCategory, - Message->EntryData.ErrorCode, - (WCHAR *) (((PBYTE) Message) + Message->DriverNameOffset), - L"MyComputer", /* FIXME */ - 0, - NULL, - Message->EntryData.NumberOfStrings, - (WCHAR *) (((PBYTE) Message) + Message->EntryData.StringOffset), - Message->EntryData.DumpDataSize, - (LPVOID) (((PBYTE) Message) + sizeof(IO_ERROR_LOG_PACKET) - - sizeof(ULONG))); + if (!GetComputerNameW(szComputerName, &dwComputerNameLength)) + { + szComputerName[0] = L'\0'; + } + + // TODO: Log more information?? + + pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord( + &dwRecSize, + ulRecNum, // FIXME! + Message->Type, + Message->EntryData.EventCategory, + Message->EntryData.ErrorCode, + (WCHAR *) ((ULONG_PTR)Message + Message->DriverNameOffset), // FIXME: Use DriverNameLength too! + szComputerName, + 0, + NULL, + Message->EntryData.NumberOfStrings, + (WCHAR *) ((ULONG_PTR)Message + Message->EntryData.StringOffset), + Message->EntryData.DumpDataSize, + (LPVOID) ((ULONG_PTR)Message + FIELD_OFFSET(IO_ERROR_LOG_PACKET, DumpData)));
if (pRec == NULL) {
Modified: trunk/reactos/base/services/eventlog/rpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/services/eventlog/rpc.... ============================================================================== --- trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] (original) +++ trunk/reactos/base/services/eventlog/rpc.c [iso-8859-1] Fri Aug 12 19:14:55 2016 @@ -5,6 +5,7 @@ * PURPOSE: Event logging service * COPYRIGHT: Copyright 2005 Saveliy Tretiakov * Copyright 2008 Michael Martin + * Copyright 2010-2011 Eric Kohl */
/* INCLUDES *****************************************************************/ @@ -49,27 +50,31 @@
static NTSTATUS -ElfCreateEventLogHandle(PLOGHANDLE *LogHandle, - LPCWSTR Name, - BOOL Create) -{ +ElfCreateEventLogHandle(PLOGHANDLE* LogHandle, + PUNICODE_STRING LogName, + BOOLEAN Create) +{ + NTSTATUS Status = STATUS_SUCCESS; PLOGHANDLE lpLogHandle; PLOGFILE currentLogFile = NULL; - INT i, LogsActive; + DWORD i, LogsActive; PEVENTSOURCE pEventSource; - NTSTATUS Status = STATUS_SUCCESS; - - DPRINT("ElfCreateEventLogHandle(Name: %S)\n", Name); - - lpLogHandle = HeapAlloc(GetProcessHeap(), 0, sizeof(LOGHANDLE) - + ((wcslen(Name) + 1) * sizeof(WCHAR))); + + DPRINT("ElfCreateEventLogHandle(Name: %wZ)\n", LogName); + + *LogHandle = NULL; + + i = (LogName->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR); + lpLogHandle = HeapAlloc(GetProcessHeap(), + HEAP_ZERO_MEMORY, + FIELD_OFFSET(LOGHANDLE, szName[i])); if (!lpLogHandle) { DPRINT1("Failed to allocate Heap!\n"); return STATUS_NO_MEMORY; }
- wcscpy(lpLogHandle->szName, Name); + StringCchCopy(lpLogHandle->szName, i, LogName->Buffer);
/* Get the number of Log Files the EventLog service found */ LogsActive = LogfListItemCount(); @@ -81,9 +86,9 @@ }
/* If Creating, default to the Application Log in case we fail, as documented on MSDN */ - if (Create == TRUE) - { - pEventSource = GetEventSourceByName(Name); + if (Create) + { + pEventSource = GetEventSourceByName(LogName->Buffer); DPRINT("EventSource: %p\n", pEventSource); if (pEventSource) { @@ -106,9 +111,9 @@ { currentLogFile = LogfListItemByIndex(i);
- if (_wcsicmp(Name, currentLogFile->LogName) == 0) + if (_wcsicmp(LogName->Buffer, currentLogFile->LogName) == 0) { - lpLogHandle->LogFile = LogfListItemByIndex(i); + lpLogHandle->LogFile = currentLogFile; lpLogHandle->CurrentRecord = LogfGetOldestRecord(lpLogHandle->LogFile); break; } @@ -150,14 +155,15 @@
static NTSTATUS -ElfCreateBackupLogHandle(PLOGHANDLE *LogHandle, +ElfCreateBackupLogHandle(PLOGHANDLE* LogHandle, PUNICODE_STRING FileName) { + NTSTATUS Status = STATUS_SUCCESS; PLOGHANDLE lpLogHandle;
- NTSTATUS Status = STATUS_SUCCESS; - DPRINT("ElfCreateBackupLogHandle(FileName: %wZ)\n", FileName); + + *LogHandle = NULL;
lpLogHandle = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(LOGHANDLE)); if (lpLogHandle == NULL) @@ -202,7 +208,8 @@ }
-PLOGHANDLE ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle) +static PLOGHANDLE +ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle) { PLIST_ENTRY CurrentEntry; PLOGHANDLE lpLogHandle; @@ -224,38 +231,38 @@
static NTSTATUS -ElfDeleteEventLogHandle(IELF_HANDLE LogHandle) +ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle) { PLOGHANDLE lpLogHandle; + + lpLogHandle = ElfGetLogHandleEntryByHandle(*LogHandle); + if (!lpLogHandle) + return STATUS_INVALID_HANDLE; + + RemoveEntryList(&lpLogHandle->LogHandleListEntry); + LogfClose(lpLogHandle->LogFile, FALSE); + + HeapFree(GetProcessHeap(), 0, lpLogHandle); + + *LogHandle = NULL; + + return STATUS_SUCCESS; +} + + +/* Function 0 */ +NTSTATUS +ElfrClearELFW( + IELF_HANDLE LogHandle, + PRPC_UNICODE_STRING BackupFileName) +{ + PLOGHANDLE lpLogHandle; + + DPRINT("ElfrClearELFW()\n");
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) - { return STATUS_INVALID_HANDLE; - } - - RemoveEntryList(&lpLogHandle->LogHandleListEntry); - LogfClose(lpLogHandle->LogFile, FALSE); - - HeapFree(GetProcessHeap(), 0, lpLogHandle); - - return STATUS_SUCCESS; -} - -/* Function 0 */ -NTSTATUS ElfrClearELFW( - IELF_HANDLE LogHandle, - PRPC_UNICODE_STRING BackupFileName) -{ - PLOGHANDLE lpLogHandle; - - DPRINT("ElfrClearELFW()\n"); - - lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); - if (!lpLogHandle) - { - return STATUS_INVALID_HANDLE; - }
/* Fail, if the log file is a backup file */ if (lpLogHandle->Flags & LOG_HANDLE_BACKUP_FILE) @@ -267,7 +274,8 @@
/* Function 1 */ -NTSTATUS ElfrBackupELFW( +NTSTATUS +ElfrBackupELFW( IELF_HANDLE LogHandle, PRPC_UNICODE_STRING BackupFileName) { @@ -277,9 +285,7 @@
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) - { return STATUS_INVALID_HANDLE; - }
return LogfBackupFile(lpLogHandle->LogFile, (PUNICODE_STRING)BackupFileName); @@ -287,25 +293,28 @@
/* Function 2 */ -NTSTATUS ElfrCloseEL( - IELF_HANDLE *LogHandle) -{ - return ElfDeleteEventLogHandle(*LogHandle); +NTSTATUS +ElfrCloseEL( + PIELF_HANDLE LogHandle) +{ + return ElfDeleteEventLogHandle(LogHandle); }
/* Function 3 */ -NTSTATUS ElfrDeregisterEventSource( - IELF_HANDLE *LogHandle) -{ - return ElfDeleteEventLogHandle(*LogHandle); +NTSTATUS +ElfrDeregisterEventSource( + PIELF_HANDLE LogHandle) +{ + return ElfDeleteEventLogHandle(LogHandle); }
/* Function 4 */ -NTSTATUS ElfrNumberOfRecords( - IELF_HANDLE LogHandle, - DWORD *NumberOfRecords) +NTSTATUS +ElfrNumberOfRecords( + IELF_HANDLE LogHandle, + PULONG NumberOfRecords) { PLOGHANDLE lpLogHandle; PLOGFILE lpLogFile; @@ -314,9 +323,10 @@
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) - { return STATUS_INVALID_HANDLE; - } + + if (!NumberOfRecords) + return STATUS_INVALID_PARAMETER;
lpLogFile = lpLogHandle->LogFile;
@@ -332,22 +342,19 @@
/* Function 5 */ -NTSTATUS ElfrOldestRecord( - IELF_HANDLE LogHandle, - DWORD *OldestRecordNumber) +NTSTATUS +ElfrOldestRecord( + IELF_HANDLE LogHandle, + PULONG OldestRecordNumber) { PLOGHANDLE lpLogHandle;
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) - { return STATUS_INVALID_HANDLE; - }
if (!OldestRecordNumber) - { - return STATUS_INVALID_PARAMETER; - } + return STATUS_INVALID_PARAMETER;
*OldestRecordNumber = LogfGetOldestRecord(lpLogHandle->LogFile);
@@ -356,26 +363,26 @@
/* Function 6 */ -NTSTATUS ElfrChangeNotify( +NTSTATUS +ElfrChangeNotify( IELF_HANDLE LogHandle, RPC_CLIENT_ID ClientId, - DWORD Event) -{ - DPRINT("ElfrChangeNotify()"); - + ULONG Event) +{ UNIMPLEMENTED; return STATUS_NOT_IMPLEMENTED; }
/* Function 7 */ -NTSTATUS ElfrOpenELW( +NTSTATUS +ElfrOpenELW( EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, - DWORD MajorVersion, - DWORD MinorVersion, - IELF_HANDLE *LogHandle) + ULONG MajorVersion, + ULONG MinorVersion, + PIELF_HANDLE LogHandle) { if ((MajorVersion != 1) || (MinorVersion != 1)) return STATUS_INVALID_PARAMETER; @@ -384,24 +391,25 @@ if (RegModuleName->Length > 0) return STATUS_INVALID_PARAMETER;
- /*FIXME: UNCServerName must specify the server */ - - /*FIXME: Must verify that caller has read access */ - - return ElfCreateEventLogHandle((PLOGHANDLE *)LogHandle, - ModuleName->Buffer, + /* FIXME: UNCServerName must specify the server */ + + /* FIXME: Must verify that caller has read access */ + + return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle, + (PUNICODE_STRING)ModuleName, FALSE); }
/* Function 8 */ -NTSTATUS ElfrRegisterEventSourceW( +NTSTATUS +ElfrRegisterEventSourceW( EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING ModuleName, PRPC_UNICODE_STRING RegModuleName, - DWORD MajorVersion, - DWORD MinorVersion, - IELF_HANDLE *LogHandle) + ULONG MajorVersion, + ULONG MinorVersion, + PIELF_HANDLE LogHandle) { DPRINT("ElfrRegisterEventSourceW()\n");
@@ -412,49 +420,51 @@ if (RegModuleName->Length > 0) return STATUS_INVALID_PARAMETER;
- DPRINT("ModuleName: %S\n", ModuleName->Buffer); - - /*FIXME: UNCServerName must specify the server or empty for local */ - - /*FIXME: Must verify that caller has write access */ - - return ElfCreateEventLogHandle((PLOGHANDLE *)LogHandle, - ModuleName->Buffer, + DPRINT("ModuleName: %wZ\n", ModuleName); + + /* FIXME: UNCServerName must specify the server or empty for local */ + + /* FIXME: Must verify that caller has write access */ + + return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle, + (PUNICODE_STRING)ModuleName, TRUE); }
/* Function 9 */ -NTSTATUS ElfrOpenBELW( +NTSTATUS +ElfrOpenBELW( EVENTLOG_HANDLE_W UNCServerName, PRPC_UNICODE_STRING BackupFileName, - DWORD MajorVersion, - DWORD MinorVersion, - IELF_HANDLE *LogHandle) + ULONG MajorVersion, + ULONG MinorVersion, + PIELF_HANDLE LogHandle) { DPRINT("ElfrOpenBELW(%wZ)\n", BackupFileName);
if ((MajorVersion != 1) || (MinorVersion != 1)) return STATUS_INVALID_PARAMETER;
- /*FIXME: UNCServerName must specify the server */ - - /*FIXME: Must verify that caller has read access */ - - return ElfCreateBackupLogHandle((PLOGHANDLE *)LogHandle, + /* FIXME: UNCServerName must specify the server */ + + /* FIXME: Must verify that caller has read access */ + + return ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle, (PUNICODE_STRING)BackupFileName); }
/* Function 10 */ -NTSTATUS ElfrReadELW( - IELF_HANDLE LogHandle, - DWORD ReadFlags, - DWORD RecordOffset, +NTSTATUS +ElfrReadELW( + IELF_HANDLE LogHandle, + ULONG ReadFlags, + ULONG RecordOffset, RULONG NumberOfBytesToRead, - BYTE *Buffer, - DWORD *NumberOfBytesRead, - DWORD *MinNumberOfBytesNeeded) + PBYTE Buffer, + PULONG NumberOfBytesRead, + PULONG MinNumberOfBytesNeeded) { PLOGHANDLE lpLogHandle; DWORD dwError; @@ -462,9 +472,7 @@
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) - { return STATUS_INVALID_HANDLE; - }
if (!Buffer) return STATUS_INVALID_PARAMETER; @@ -479,11 +487,16 @@ RecordNumber = RecordOffset; }
- dwError = LogfReadEvent(lpLogHandle->LogFile, ReadFlags, &RecordNumber, - NumberOfBytesToRead, Buffer, NumberOfBytesRead, MinNumberOfBytesNeeded, + dwError = LogfReadEvent(lpLogHandle->LogFile, + ReadFlags, + &RecordNumber, + NumberOfBytesToRead, + Buffer, + NumberOfBytesRead, + MinNumberOfBytesNeeded, FALSE);
- /* Update the handles CurrentRecord if success*/ + /* Update the handle's CurrentRecord if success */ if (dwError == ERROR_SUCCESS) { lpLogHandle->CurrentRecord = RecordNumber; @@ -498,21 +511,22 @@
/* Function 11 */ -NTSTATUS ElfrReportEventW( - IELF_HANDLE LogHandle, - DWORD Time, +NTSTATUS +ElfrReportEventW( + IELF_HANDLE LogHandle, + ULONG Time, USHORT EventType, USHORT EventCategory, - DWORD EventID, + ULONG EventID, USHORT NumStrings, - DWORD DataSize, + ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], - BYTE *Data, + PBYTE Data, USHORT Flags, - DWORD *RecordNumber, - DWORD *TimeWritten) + PULONG RecordNumber, + PULONG TimeWritten) { USHORT i; PBYTE LogBuffer; @@ -527,15 +541,11 @@
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) - { return STATUS_INVALID_HANDLE; - }
/* Flags must be 0 */ if (Flags) - { - return STATUS_INVALID_PARAMETER; - } + return STATUS_INVALID_PARAMETER;
lastRec = LogfGetCurrentRecord(lpLogHandle->LogFile);
@@ -571,7 +581,7 @@ DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]); break; } - dwStringsSize += Strings[i]->Length + sizeof UNICODE_NULL; + dwStringsSize += Strings[i]->Length + sizeof(UNICODE_NULL); }
lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize); @@ -583,16 +593,16 @@
for (i = 0; i < NumStrings; i++) { - CopyMemory(lpStrings + pos, Strings[i]->Buffer, Strings[i]->Length); + RtlCopyMemory(lpStrings + pos, Strings[i]->Buffer, Strings[i]->Length); pos += Strings[i]->Length / sizeof(WCHAR); lpStrings[pos] = UNICODE_NULL; - pos += sizeof UNICODE_NULL / sizeof(WCHAR); + pos += sizeof(UNICODE_NULL) / sizeof(WCHAR); }
if (UserSID) dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]); LogBuffer = LogfAllocAndBuildNewRecord(&recSize, - lastRec, + lastRec, // FIXME! EventType, EventCategory, EventID, @@ -620,7 +630,8 @@
/* Function 12 */ -NTSTATUS ElfrClearELFA( +NTSTATUS +ElfrClearELFA( IELF_HANDLE LogHandle, PRPC_STRING BackupFileName) { @@ -643,7 +654,8 @@
/* Function 13 */ -NTSTATUS ElfrBackupELFA( +NTSTATUS +ElfrBackupELFA( IELF_HANDLE LogHandle, PRPC_STRING BackupFileName) { @@ -666,13 +678,14 @@
/* Function 14 */ -NTSTATUS ElfrOpenELA( +NTSTATUS +ElfrOpenELA( EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, - DWORD MajorVersion, - DWORD MinorVersion, - IELF_HANDLE *LogHandle) + ULONG MajorVersion, + ULONG MinorVersion, + PIELF_HANDLE LogHandle) { UNICODE_STRING ModuleNameW; NTSTATUS Status; @@ -690,8 +703,8 @@
/* FIXME: Must verify that caller has read access */
- Status = ElfCreateEventLogHandle((PLOGHANDLE *)LogHandle, - ModuleNameW.Buffer, + Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle, + &ModuleNameW, FALSE);
RtlFreeUnicodeString(&ModuleNameW); @@ -701,13 +714,14 @@
/* Function 15 */ -NTSTATUS ElfrRegisterEventSourceA( +NTSTATUS +ElfrRegisterEventSourceA( EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING ModuleName, PRPC_STRING RegModuleName, - DWORD MajorVersion, - DWORD MinorVersion, - IELF_HANDLE *LogHandle) + ULONG MajorVersion, + ULONG MinorVersion, + PIELF_HANDLE LogHandle) { UNICODE_STRING ModuleNameW; NTSTATUS Status; @@ -736,8 +750,8 @@
/* FIXME: Must verify that caller has write access */
- Status = ElfCreateEventLogHandle((PLOGHANDLE *)LogHandle, - ModuleNameW.Buffer, + Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle, + &ModuleNameW, TRUE);
RtlFreeUnicodeString(&ModuleNameW); @@ -747,12 +761,13 @@
/* Function 16 */ -NTSTATUS ElfrOpenBELA( +NTSTATUS +ElfrOpenBELA( EVENTLOG_HANDLE_A UNCServerName, PRPC_STRING BackupFileName, - DWORD MajorVersion, - DWORD MinorVersion, - IELF_HANDLE *LogHandle) + ULONG MajorVersion, + ULONG MinorVersion, + PIELF_HANDLE LogHandle) { UNICODE_STRING BackupFileNameW; NTSTATUS Status; @@ -774,11 +789,11 @@ return STATUS_INVALID_PARAMETER; }
- /*FIXME: UNCServerName must specify the server */ - - /*FIXME: Must verify that caller has read access */ - - Status = ElfCreateBackupLogHandle((PLOGHANDLE *)LogHandle, + /* FIXME: UNCServerName must specify the server */ + + /* FIXME: Must verify that caller has read access */ + + Status = ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle, &BackupFileNameW);
RtlFreeUnicodeString(&BackupFileNameW); @@ -788,14 +803,15 @@
/* Function 17 */ -NTSTATUS ElfrReadELA( - IELF_HANDLE LogHandle, - DWORD ReadFlags, - DWORD RecordOffset, +NTSTATUS +ElfrReadELA( + IELF_HANDLE LogHandle, + ULONG ReadFlags, + ULONG RecordOffset, RULONG NumberOfBytesToRead, - BYTE *Buffer, - DWORD *NumberOfBytesRead, - DWORD *MinNumberOfBytesNeeded) + PBYTE Buffer, + PULONG NumberOfBytesRead, + PULONG MinNumberOfBytesNeeded) { PLOGHANDLE lpLogHandle; DWORD dwError; @@ -803,9 +819,7 @@
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) - { return STATUS_INVALID_HANDLE; - }
if (!Buffer) return STATUS_INVALID_PARAMETER; @@ -829,7 +843,7 @@ MinNumberOfBytesNeeded, TRUE);
- /* Update the handles CurrentRecord if success*/ + /* Update the handle's CurrentRecord if success */ if (dwError == ERROR_SUCCESS) { lpLogHandle->CurrentRecord = RecordNumber; @@ -844,21 +858,22 @@
/* Function 18 */ -NTSTATUS ElfrReportEventA( - IELF_HANDLE LogHandle, - DWORD Time, +NTSTATUS +ElfrReportEventA( + IELF_HANDLE LogHandle, + ULONG Time, USHORT EventType, USHORT EventCategory, - DWORD EventID, + ULONG EventID, USHORT NumStrings, - DWORD DataSize, + ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], - BYTE *Data, + PBYTE Data, USHORT Flags, - DWORD *RecordNumber, - DWORD *TimeWritten) + PULONG RecordNumber, + PULONG TimeWritten) { UNICODE_STRING ComputerNameW; PUNICODE_STRING *StringsArrayW = NULL; @@ -891,7 +906,7 @@ { StringsArrayW = HeapAlloc(MyHeap, HEAP_ZERO_MEMORY, - NumStrings * sizeof (PUNICODE_STRING)); + NumStrings * sizeof(PUNICODE_STRING)); if (StringsArrayW == NULL) { Status = STATUS_NO_MEMORY; @@ -964,7 +979,8 @@
/* Function 19 */ -NTSTATUS ElfrRegisterClusterSvc( +NTSTATUS +ElfrRegisterClusterSvc( handle_t BindingHandle) { UNIMPLEMENTED; @@ -973,7 +989,8 @@
/* Function 20 */ -NTSTATUS ElfrDeregisterClusterSvc( +NTSTATUS +ElfrDeregisterClusterSvc( handle_t BindingHandle) { UNIMPLEMENTED; @@ -982,7 +999,8 @@
/* Function 21 */ -NTSTATUS ElfrWriteClusterEvents( +NTSTATUS +ElfrWriteClusterEvents( handle_t BindingHandle) { UNIMPLEMENTED; @@ -991,16 +1009,20 @@
/* Function 22 */ -NTSTATUS ElfrGetLogInformation( - IELF_HANDLE LogHandle, - DWORD InfoLevel, - BYTE *Buffer, - DWORD cbBufSize, - DWORD *pcbBytesNeeded) +NTSTATUS +ElfrGetLogInformation( + IELF_HANDLE LogHandle, + ULONG InfoLevel, + PBYTE Buffer, + ULONG cbBufSize, + PULONG pcbBytesNeeded) { NTSTATUS Status = STATUS_SUCCESS; - - /* FIXME: check handle first */ + PLOGHANDLE lpLogHandle; + + lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); + if (!lpLogHandle) + return STATUS_INVALID_HANDLE;
switch (InfoLevel) { @@ -1011,10 +1033,16 @@ *pcbBytesNeeded = sizeof(EVENTLOG_FULL_INFORMATION); if (cbBufSize < sizeof(EVENTLOG_FULL_INFORMATION)) { - return STATUS_BUFFER_TOO_SMALL; + Status = STATUS_BUFFER_TOO_SMALL; + break; }
- efi->dwFull = 0; /* FIXME */ + /* + * FIXME. To check whether an event log is "full" one needs + * to compare its current size with respect to the maximum + * size threshold "MaxSize" contained in its header. + */ + efi->dwFull = 0; } break;
@@ -1028,7 +1056,8 @@
/* Function 23 */ -NTSTATUS ElfrFlushEL( +NTSTATUS +ElfrFlushEL( IELF_HANDLE LogHandle) { UNIMPLEMENTED; @@ -1037,22 +1066,23 @@
/* Function 24 */ -NTSTATUS ElfrReportEventAndSourceW( - IELF_HANDLE LogHandle, - DWORD Time, +NTSTATUS +ElfrReportEventAndSourceW( + IELF_HANDLE LogHandle, + ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, PRPC_UNICODE_STRING SourceName, USHORT NumStrings, - DWORD DataSize, + ULONG DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], - BYTE *Data, + PBYTE Data, USHORT Flags, - DWORD *RecordNumber, - DWORD *TimeWritten) + PULONG RecordNumber, + PULONG TimeWritten) { UNIMPLEMENTED; return STATUS_NOT_IMPLEMENTED; @@ -1073,4 +1103,6 @@
void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle) { -} + /* Close the handle */ + ElfDeleteEventLogHandle(&LogHandle); // ElfrCloseEL(&LogHandle); +}
-
hbelusca@svn.reactos.org