2005-09-20 07:58:28 +00:00
|
|
|
/*
|
2006-03-04 17:04:42 +00:00
|
|
|
* PROJECT: ReactOS kernel
|
|
|
|
|
* LICENSE: GPL - See COPYING in the top level directory
|
2015-09-12 10:58:07 +00:00
|
|
|
* FILE: base/services/eventlog/rpc.c
|
2005-09-20 07:58:28 +00:00
|
|
|
* PURPOSE: Event logging service
|
2007-10-19 23:21:45 +00:00
|
|
|
* COPYRIGHT: Copyright 2005 Saveliy Tretiakov
|
2009-05-30 01:08:56 +00:00
|
|
|
* Copyright 2008 Michael Martin
|
2016-08-12 19:14:55 +00:00
|
|
|
* Copyright 2010-2011 Eric Kohl
|
2005-09-20 07:58:28 +00:00
|
|
|
*/
|
2007-05-03 07:47:12 +00:00
|
|
|
|
|
|
|
|
/* INCLUDES *****************************************************************/
|
|
|
|
|
|
2005-09-20 07:58:28 +00:00
|
|
|
#include "eventlog.h"
|
2007-08-14 08:48:02 +00:00
|
|
|
|
2013-12-21 13:45:16 +00:00
|
|
|
#define NDEBUG
|
|
|
|
|
#include <debug.h>
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
static LIST_ENTRY LogHandleListHead;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2007-05-03 07:47:12 +00:00
|
|
|
/* FUNCTIONS ****************************************************************/
|
|
|
|
|
|
2008-11-30 11:16:55 +00:00
|
|
|
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
|
|
|
|
RPC_STATUS Status;
|
|
|
|
|
|
2010-10-08 18:48:54 +00:00
|
|
|
InitializeListHead(&LogHandleListHead);
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2007-05-03 07:47:12 +00:00
|
|
|
Status = RpcServerUseProtseqEpW(L"ncacn_np", 20, L"\\pipe\\EventLog", NULL);
|
|
|
|
|
if (Status != RPC_S_OK)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
|
|
|
|
DPRINT("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2007-05-03 07:47:12 +00:00
|
|
|
|
2006-12-09 09:07:15 +00:00
|
|
|
Status = RpcServerRegisterIf(eventlog_v0_0_s_ifspec, NULL, NULL);
|
2007-05-03 07:47:12 +00:00
|
|
|
if (Status != RPC_S_OK)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
|
|
|
|
DPRINT("RpcServerRegisterIf() failed (Status %lx)\n", Status);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status = RpcServerListen(1, RPC_C_LISTEN_MAX_CALLS_DEFAULT, FALSE);
|
2007-05-03 07:47:12 +00:00
|
|
|
if (Status != RPC_S_OK)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
|
|
|
|
DPRINT("RpcServerListen() failed (Status %lx)\n", Status);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
|
|
|
|
|
static NTSTATUS
|
2016-08-12 19:14:55 +00:00
|
|
|
ElfCreateEventLogHandle(PLOGHANDLE* LogHandle,
|
|
|
|
|
PUNICODE_STRING LogName,
|
|
|
|
|
BOOLEAN Create)
|
2008-11-21 15:40:47 +00:00
|
|
|
{
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
2010-10-08 18:48:54 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2008-11-21 15:40:47 +00:00
|
|
|
PLOGFILE currentLogFile = NULL;
|
2016-08-12 19:14:55 +00:00
|
|
|
DWORD i, LogsActive;
|
2011-04-30 22:33:53 +00:00
|
|
|
PEVENTSOURCE pEventSource;
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
DPRINT("ElfCreateEventLogHandle(Name: %wZ)\n", LogName);
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
*LogHandle = NULL;
|
|
|
|
|
|
|
|
|
|
i = (LogName->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR);
|
|
|
|
|
lpLogHandle = HeapAlloc(GetProcessHeap(),
|
|
|
|
|
HEAP_ZERO_MEMORY,
|
|
|
|
|
FIELD_OFFSET(LOGHANDLE, szName[i]));
|
2010-10-08 18:48:54 +00:00
|
|
|
if (!lpLogHandle)
|
2008-11-21 15:40:47 +00:00
|
|
|
{
|
|
|
|
|
DPRINT1("Failed to allocate Heap!\n");
|
2012-01-08 23:03:23 +00:00
|
|
|
return STATUS_NO_MEMORY;
|
2008-11-21 15:40:47 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
StringCchCopy(lpLogHandle->szName, i, LogName->Buffer);
|
2008-11-21 15:40:47 +00:00
|
|
|
|
|
|
|
|
/* Get the number of Log Files the EventLog service found */
|
2016-08-16 21:08:15 +00:00
|
|
|
// NOTE: We could just as well loop only once within the list of logs
|
|
|
|
|
// and retrieve what the code below that calls LogfListItemByIndex, does!!
|
2008-11-21 15:40:47 +00:00
|
|
|
LogsActive = LogfListItemCount();
|
|
|
|
|
if (LogsActive == 0)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("EventLog service reports no log files!\n");
|
2012-01-08 23:03:23 +00:00
|
|
|
Status = STATUS_UNSUCCESSFUL;
|
|
|
|
|
goto Done;
|
2008-11-21 15:40:47 +00:00
|
|
|
}
|
|
|
|
|
|
2009-05-30 01:08:56 +00:00
|
|
|
/* If Creating, default to the Application Log in case we fail, as documented on MSDN */
|
2016-08-12 19:14:55 +00:00
|
|
|
if (Create)
|
2011-04-30 22:33:53 +00:00
|
|
|
{
|
2016-08-12 19:14:55 +00:00
|
|
|
pEventSource = GetEventSourceByName(LogName->Buffer);
|
2011-04-30 22:33:53 +00:00
|
|
|
DPRINT("EventSource: %p\n", pEventSource);
|
|
|
|
|
if (pEventSource)
|
|
|
|
|
{
|
|
|
|
|
DPRINT("EventSource LogFile: %p\n", pEventSource->LogFile);
|
|
|
|
|
lpLogHandle->LogFile = pEventSource->LogFile;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
DPRINT("EventSource LogFile: Application log file\n");
|
|
|
|
|
lpLogHandle->LogFile = LogfListItemByName(L"Application");
|
|
|
|
|
}
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2011-04-30 22:33:53 +00:00
|
|
|
DPRINT("LogHandle LogFile: %p\n", lpLogHandle->LogFile);
|
|
|
|
|
}
|
|
|
|
|
else
|
2008-11-21 15:40:47 +00:00
|
|
|
{
|
2011-04-30 22:33:53 +00:00
|
|
|
lpLogHandle->LogFile = NULL;
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2011-04-30 22:33:53 +00:00
|
|
|
for (i = 1; i <= LogsActive; i++)
|
2008-11-21 15:40:47 +00:00
|
|
|
{
|
2011-04-30 22:33:53 +00:00
|
|
|
currentLogFile = LogfListItemByIndex(i);
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
if (_wcsicmp(LogName->Buffer, currentLogFile->LogName) == 0)
|
2011-04-30 22:33:53 +00:00
|
|
|
{
|
2016-08-12 19:14:55 +00:00
|
|
|
lpLogHandle->LogFile = currentLogFile;
|
2011-04-30 22:33:53 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2008-11-21 15:40:47 +00:00
|
|
|
}
|
2011-12-04 10:53:43 +00:00
|
|
|
|
|
|
|
|
/* Use the application log if the desired log does not exist */
|
|
|
|
|
if (lpLogHandle->LogFile == NULL)
|
|
|
|
|
{
|
|
|
|
|
lpLogHandle->LogFile = LogfListItemByName(L"Application");
|
2014-10-31 22:39:19 +00:00
|
|
|
if (lpLogHandle->LogFile == NULL)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Application log is missing!\n");
|
|
|
|
|
Status = STATUS_UNSUCCESSFUL;
|
|
|
|
|
goto Done;
|
|
|
|
|
}
|
2011-12-04 10:53:43 +00:00
|
|
|
}
|
2016-08-16 21:08:15 +00:00
|
|
|
|
|
|
|
|
/* Reset the current record */
|
|
|
|
|
lpLogHandle->CurrentRecord = 0;
|
2008-11-21 15:40:47 +00:00
|
|
|
}
|
|
|
|
|
|
2010-10-08 18:48:54 +00:00
|
|
|
if (!lpLogHandle->LogFile)
|
2012-01-08 23:03:23 +00:00
|
|
|
Status = STATUS_UNSUCCESSFUL;
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
Done:
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Append log handle */
|
|
|
|
|
InsertTailList(&LogHandleListHead, &lpLogHandle->LogHandleListEntry);
|
|
|
|
|
*LogHandle = lpLogHandle;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
HeapFree(GetProcessHeap(), 0, lpLogHandle);
|
|
|
|
|
}
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
static NTSTATUS
|
2016-08-12 19:14:55 +00:00
|
|
|
ElfCreateBackupLogHandle(PLOGHANDLE* LogHandle,
|
2012-01-08 23:03:23 +00:00
|
|
|
PUNICODE_STRING FileName)
|
|
|
|
|
{
|
2012-01-16 23:23:29 +00:00
|
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
2016-08-12 19:14:55 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2012-01-16 23:23:29 +00:00
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
DPRINT("ElfCreateBackupLogHandle(FileName: %wZ)\n", FileName);
|
2012-01-16 23:23:29 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
*LogHandle = NULL;
|
|
|
|
|
|
2012-01-16 23:23:29 +00:00
|
|
|
lpLogHandle = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(LOGHANDLE));
|
|
|
|
|
if (lpLogHandle == NULL)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Failed to allocate Heap!\n");
|
|
|
|
|
return STATUS_NO_MEMORY;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Create the log file */
|
|
|
|
|
Status = LogfCreate(&lpLogHandle->LogFile,
|
|
|
|
|
NULL,
|
2012-01-28 20:15:41 +00:00
|
|
|
FileName,
|
2014-09-15 12:16:46 +00:00
|
|
|
0,
|
|
|
|
|
0,
|
2012-01-28 20:15:41 +00:00
|
|
|
FALSE,
|
|
|
|
|
TRUE);
|
2012-01-16 23:23:29 +00:00
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Failed to create the log file! (Status 0x%08lx)\n", Status);
|
|
|
|
|
goto Done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Set the backup flag */
|
|
|
|
|
lpLogHandle->Flags |= LOG_HANDLE_BACKUP_FILE;
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
/* Reset the current record */
|
|
|
|
|
lpLogHandle->CurrentRecord = 0;
|
2012-01-16 23:23:29 +00:00
|
|
|
|
|
|
|
|
Done:
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Append log handle */
|
|
|
|
|
InsertTailList(&LogHandleListHead, &lpLogHandle->LogHandleListEntry);
|
|
|
|
|
*LogHandle = lpLogHandle;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
HeapFree(GetProcessHeap(), 0, lpLogHandle);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Status;
|
2008-11-21 15:40:47 +00:00
|
|
|
}
|
|
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
static PLOGHANDLE
|
|
|
|
|
ElfGetLogHandleEntryByHandle(IELF_HANDLE EventLogHandle)
|
2008-11-21 15:40:47 +00:00
|
|
|
{
|
2014-10-12 11:23:05 +00:00
|
|
|
PLIST_ENTRY CurrentEntry;
|
2010-10-08 18:48:54 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2014-10-12 11:23:05 +00:00
|
|
|
CurrentEntry = LogHandleListHead.Flink;
|
|
|
|
|
while (CurrentEntry != &LogHandleListHead)
|
2009-05-30 01:08:56 +00:00
|
|
|
{
|
2014-10-12 11:23:05 +00:00
|
|
|
lpLogHandle = CONTAINING_RECORD(CurrentEntry,
|
|
|
|
|
LOGHANDLE,
|
|
|
|
|
LogHandleListEntry);
|
|
|
|
|
CurrentEntry = CurrentEntry->Flink;
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2014-10-12 11:23:05 +00:00
|
|
|
if (lpLogHandle == EventLogHandle)
|
|
|
|
|
return lpLogHandle;
|
|
|
|
|
}
|
2010-10-08 18:48:54 +00:00
|
|
|
|
2014-10-12 11:23:05 +00:00
|
|
|
return NULL;
|
2009-05-30 01:08:56 +00:00
|
|
|
}
|
|
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
|
|
|
|
|
static NTSTATUS
|
2016-08-12 19:14:55 +00:00
|
|
|
ElfDeleteEventLogHandle(PIELF_HANDLE LogHandle)
|
2009-05-30 01:08:56 +00:00
|
|
|
{
|
2014-10-12 11:23:05 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2012-01-08 23:03:23 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(*LogHandle);
|
2014-10-12 11:23:05 +00:00
|
|
|
if (!lpLogHandle)
|
2012-01-08 23:03:23 +00:00
|
|
|
return STATUS_INVALID_HANDLE;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2014-09-03 23:07:47 +00:00
|
|
|
RemoveEntryList(&lpLogHandle->LogHandleListEntry);
|
2012-01-28 20:15:41 +00:00
|
|
|
LogfClose(lpLogHandle->LogFile, FALSE);
|
2012-01-16 23:23:29 +00:00
|
|
|
|
2014-10-12 11:23:05 +00:00
|
|
|
HeapFree(GetProcessHeap(), 0, lpLogHandle);
|
2008-11-21 15:40:47 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
*LogHandle = NULL;
|
|
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
return STATUS_SUCCESS;
|
2008-11-21 15:40:47 +00:00
|
|
|
}
|
2008-05-18 15:29:53 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 0 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrClearELFW(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
|
|
|
|
PRPC_UNICODE_STRING BackupFileName)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2011-12-15 21:33:46 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2011-12-26 13:54:05 +00:00
|
|
|
|
|
|
|
|
DPRINT("ElfrClearELFW()\n");
|
2011-12-15 21:33:46 +00:00
|
|
|
|
|
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
|
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
2013-11-18 22:16:16 +00:00
|
|
|
/* Fail, if the log file is a backup file */
|
|
|
|
|
if (lpLogHandle->Flags & LOG_HANDLE_BACKUP_FILE)
|
|
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
2011-12-26 13:54:05 +00:00
|
|
|
return LogfClearFile(lpLogHandle->LogFile,
|
|
|
|
|
(PUNICODE_STRING)BackupFileName);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
|
|
|
|
|
/* Function 1 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrBackupELFW(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
|
|
|
|
PRPC_UNICODE_STRING BackupFileName)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2011-12-26 13:54:05 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
|
|
|
|
|
|
|
|
|
DPRINT("ElfrBackupELFW()\n");
|
|
|
|
|
|
|
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
|
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
|
|
|
|
return LogfBackupFile(lpLogHandle->LogFile,
|
|
|
|
|
(PUNICODE_STRING)BackupFileName);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
2011-12-26 13:54:05 +00:00
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 2 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrCloseEL(
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2016-08-12 19:14:55 +00:00
|
|
|
return ElfDeleteEventLogHandle(LogHandle);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
2007-05-03 07:47:12 +00:00
|
|
|
|
2005-09-20 07:58:28 +00:00
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 3 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrDeregisterEventSource(
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2016-08-12 19:14:55 +00:00
|
|
|
return ElfDeleteEventLogHandle(LogHandle);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 4 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrNumberOfRecords(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
PULONG NumberOfRecords)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2010-10-08 18:48:54 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2011-05-05 20:27:05 +00:00
|
|
|
PLOGFILE lpLogFile;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2014-09-03 23:07:47 +00:00
|
|
|
DPRINT("ElfrNumberOfRecords()\n");
|
2011-12-17 13:22:10 +00:00
|
|
|
|
2010-10-08 18:48:54 +00:00
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
2009-05-30 01:08:56 +00:00
|
|
|
return STATUS_INVALID_HANDLE;
|
2016-08-12 19:14:55 +00:00
|
|
|
|
|
|
|
|
if (!NumberOfRecords)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2011-05-05 20:27:05 +00:00
|
|
|
lpLogFile = lpLogHandle->LogFile;
|
2011-05-02 19:38:23 +00:00
|
|
|
|
2011-12-17 13:22:10 +00:00
|
|
|
DPRINT("Oldest: %lu Current: %lu\n",
|
|
|
|
|
lpLogFile->Header.OldestRecordNumber,
|
|
|
|
|
lpLogFile->Header.CurrentRecordNumber);
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
if (lpLogFile->Header.OldestRecordNumber == 0)
|
|
|
|
|
{
|
|
|
|
|
/* OldestRecordNumber == 0 when the log is empty */
|
|
|
|
|
*NumberOfRecords = 0;
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* The log contains events */
|
|
|
|
|
*NumberOfRecords = lpLogFile->Header.CurrentRecordNumber -
|
|
|
|
|
lpLogFile->Header.OldestRecordNumber;
|
|
|
|
|
}
|
2009-05-30 01:08:56 +00:00
|
|
|
|
|
|
|
|
return STATUS_SUCCESS;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 5 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrOldestRecord(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
PULONG OldestRecordNumber)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2010-10-08 18:48:54 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2010-10-08 18:48:54 +00:00
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
2009-05-30 01:08:56 +00:00
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
|
|
|
|
if (!OldestRecordNumber)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
*OldestRecordNumber = lpLogHandle->LogFile->Header.OldestRecordNumber;
|
2011-12-31 15:23:59 +00:00
|
|
|
|
2009-05-30 01:08:56 +00:00
|
|
|
return STATUS_SUCCESS;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 6 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrChangeNotify(
|
2016-08-12 17:25:36 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2008-05-18 15:29:53 +00:00
|
|
|
RPC_CLIENT_ID ClientId,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG Event)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2007-08-14 08:48:02 +00:00
|
|
|
UNIMPLEMENTED;
|
2005-09-20 07:58:28 +00:00
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 7 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrOpenELW(
|
2008-05-18 15:29:53 +00:00
|
|
|
EVENTLOG_HANDLE_W UNCServerName,
|
|
|
|
|
PRPC_UNICODE_STRING ModuleName,
|
|
|
|
|
PRPC_UNICODE_STRING RegModuleName,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG MajorVersion,
|
|
|
|
|
ULONG MinorVersion,
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2009-05-30 01:08:56 +00:00
|
|
|
if ((MajorVersion != 1) || (MinorVersion != 1))
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
|
|
|
|
/* RegModuleName must be an empty string */
|
|
|
|
|
if (RegModuleName->Length > 0)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: UNCServerName must specify the server */
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: Must verify that caller has read access */
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
|
|
|
|
|
(PUNICODE_STRING)ModuleName,
|
2012-01-08 23:03:23 +00:00
|
|
|
FALSE);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
2007-05-03 07:47:12 +00:00
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 8 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrRegisterEventSourceW(
|
2008-05-18 15:29:53 +00:00
|
|
|
EVENTLOG_HANDLE_W UNCServerName,
|
|
|
|
|
PRPC_UNICODE_STRING ModuleName,
|
|
|
|
|
PRPC_UNICODE_STRING RegModuleName,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG MajorVersion,
|
|
|
|
|
ULONG MinorVersion,
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2011-12-15 21:33:46 +00:00
|
|
|
DPRINT("ElfrRegisterEventSourceW()\n");
|
2011-04-30 22:33:53 +00:00
|
|
|
|
2009-05-30 01:08:56 +00:00
|
|
|
if ((MajorVersion != 1) || (MinorVersion != 1))
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
|
|
|
|
/* RegModuleName must be an empty string */
|
|
|
|
|
if (RegModuleName->Length > 0)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
DPRINT("ModuleName: %wZ\n", ModuleName);
|
2011-04-30 22:33:53 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: UNCServerName must specify the server or empty for local */
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: Must verify that caller has write access */
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
return ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
|
|
|
|
|
(PUNICODE_STRING)ModuleName,
|
2012-01-08 23:03:23 +00:00
|
|
|
TRUE);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
2007-05-03 07:47:12 +00:00
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 9 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrOpenBELW(
|
2008-05-18 15:29:53 +00:00
|
|
|
EVENTLOG_HANDLE_W UNCServerName,
|
|
|
|
|
PRPC_UNICODE_STRING BackupFileName,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG MajorVersion,
|
|
|
|
|
ULONG MinorVersion,
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2012-01-08 23:03:23 +00:00
|
|
|
DPRINT("ElfrOpenBELW(%wZ)\n", BackupFileName);
|
|
|
|
|
|
|
|
|
|
if ((MajorVersion != 1) || (MinorVersion != 1))
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: UNCServerName must specify the server */
|
2012-01-08 23:03:23 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: Must verify that caller has read access */
|
2012-01-08 23:03:23 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
return ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
|
2012-01-08 23:03:23 +00:00
|
|
|
(PUNICODE_STRING)BackupFileName);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 10 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrReadELW(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG ReadFlags,
|
|
|
|
|
ULONG RecordOffset,
|
2008-05-18 15:29:53 +00:00
|
|
|
RULONG NumberOfBytesToRead,
|
2016-08-12 19:14:55 +00:00
|
|
|
PBYTE Buffer,
|
|
|
|
|
PULONG NumberOfBytesRead,
|
|
|
|
|
PULONG MinNumberOfBytesNeeded)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
NTSTATUS Status;
|
2010-10-08 18:48:54 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2016-08-16 21:08:15 +00:00
|
|
|
ULONG RecordNumber;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2010-10-08 18:48:54 +00:00
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
2009-05-30 01:08:56 +00:00
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
2011-12-17 13:22:10 +00:00
|
|
|
if (!Buffer)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
|
|
|
|
/* If sequential read, retrieve the CurrentRecord from this log handle */
|
|
|
|
|
if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
|
|
|
|
|
{
|
2010-10-08 18:48:54 +00:00
|
|
|
RecordNumber = lpLogHandle->CurrentRecord;
|
2009-05-30 01:08:56 +00:00
|
|
|
}
|
2016-08-16 21:08:15 +00:00
|
|
|
else // (ReadFlags & EVENTLOG_SEEK_READ)
|
2009-05-30 01:08:56 +00:00
|
|
|
{
|
|
|
|
|
RecordNumber = RecordOffset;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
Status = LogfReadEvents(lpLogHandle->LogFile,
|
2016-08-12 19:14:55 +00:00
|
|
|
ReadFlags,
|
|
|
|
|
&RecordNumber,
|
|
|
|
|
NumberOfBytesToRead,
|
|
|
|
|
Buffer,
|
|
|
|
|
NumberOfBytesRead,
|
|
|
|
|
MinNumberOfBytesNeeded,
|
2011-12-17 13:22:10 +00:00
|
|
|
FALSE);
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* Update the handle's CurrentRecord if success */
|
2016-08-16 21:08:15 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
2009-05-30 01:08:56 +00:00
|
|
|
{
|
2010-10-08 18:48:54 +00:00
|
|
|
lpLogHandle->CurrentRecord = RecordNumber;
|
2009-05-30 01:08:56 +00:00
|
|
|
}
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
/* Helper function for ElfrReportEventW/A and ElfrReportEventAndSourceW */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
2016-08-16 21:08:15 +00:00
|
|
|
ElfrIntReportEventW(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG Time,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT EventType,
|
|
|
|
|
USHORT EventCategory,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG EventID,
|
2016-08-16 21:08:15 +00:00
|
|
|
PRPC_UNICODE_STRING SourceName OPTIONAL,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT NumStrings,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG DataSize,
|
2008-05-18 15:29:53 +00:00
|
|
|
PRPC_UNICODE_STRING ComputerName,
|
|
|
|
|
PRPC_SID UserSID,
|
|
|
|
|
PRPC_UNICODE_STRING Strings[],
|
2016-08-12 19:14:55 +00:00
|
|
|
PBYTE Data,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT Flags,
|
2016-08-12 19:14:55 +00:00
|
|
|
PULONG RecordNumber,
|
|
|
|
|
PULONG TimeWritten)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
NTSTATUS Status;
|
2010-10-08 18:48:54 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2016-08-16 21:08:15 +00:00
|
|
|
PEVENTLOGRECORD LogBuffer;
|
|
|
|
|
USHORT i;
|
|
|
|
|
ULONG recSize;
|
|
|
|
|
ULONG dwStringsSize = 0;
|
|
|
|
|
ULONG dwUserSidLength = 0;
|
|
|
|
|
PWSTR lpStrings, str;
|
2009-05-30 01:08:56 +00:00
|
|
|
|
2010-10-08 18:48:54 +00:00
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
2009-05-30 01:08:56 +00:00
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
|
|
|
|
/* Flags must be 0 */
|
|
|
|
|
if (Flags)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
2007-10-31 09:33:16 +00:00
|
|
|
for (i = 0; i < NumStrings; i++)
|
|
|
|
|
{
|
2008-05-18 15:29:53 +00:00
|
|
|
switch (EventType)
|
2007-10-31 09:33:16 +00:00
|
|
|
{
|
|
|
|
|
case EVENTLOG_SUCCESS:
|
2009-06-08 02:32:48 +00:00
|
|
|
DPRINT("Success: %wZ\n", Strings[i]);
|
2007-10-31 09:33:16 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EVENTLOG_ERROR_TYPE:
|
2009-06-08 02:32:48 +00:00
|
|
|
DPRINT("Error: %wZ\n", Strings[i]);
|
2007-10-31 09:33:16 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EVENTLOG_WARNING_TYPE:
|
2009-06-08 02:32:48 +00:00
|
|
|
DPRINT("Warning: %wZ\n", Strings[i]);
|
2007-10-31 09:33:16 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EVENTLOG_INFORMATION_TYPE:
|
2009-06-08 02:32:48 +00:00
|
|
|
DPRINT("Info: %wZ\n", Strings[i]);
|
2007-10-31 09:33:16 +00:00
|
|
|
break;
|
|
|
|
|
|
2012-01-05 23:03:40 +00:00
|
|
|
case EVENTLOG_AUDIT_SUCCESS:
|
|
|
|
|
DPRINT("Audit Success: %wZ\n", Strings[i]);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case EVENTLOG_AUDIT_FAILURE:
|
|
|
|
|
DPRINT("Audit Failure: %wZ\n", Strings[i]);
|
|
|
|
|
break;
|
|
|
|
|
|
2007-10-31 09:33:16 +00:00
|
|
|
default:
|
2008-11-10 10:21:00 +00:00
|
|
|
DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
|
2007-10-31 09:33:16 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2016-08-12 19:14:55 +00:00
|
|
|
dwStringsSize += Strings[i]->Length + sizeof(UNICODE_NULL);
|
2007-10-31 09:33:16 +00:00
|
|
|
}
|
|
|
|
|
|
2011-08-24 09:45:50 +00:00
|
|
|
lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
|
2009-05-30 01:08:56 +00:00
|
|
|
if (!lpStrings)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("Failed to allocate heap\n");
|
|
|
|
|
return STATUS_NO_MEMORY;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
str = lpStrings;
|
2009-05-30 01:08:56 +00:00
|
|
|
for (i = 0; i < NumStrings; i++)
|
|
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
RtlCopyMemory(str, Strings[i]->Buffer, Strings[i]->Length);
|
|
|
|
|
str += Strings[i]->Length / sizeof(WCHAR);
|
|
|
|
|
*str = UNICODE_NULL;
|
|
|
|
|
str++;
|
2009-05-30 01:08:56 +00:00
|
|
|
}
|
|
|
|
|
|
2011-08-24 09:45:50 +00:00
|
|
|
if (UserSID)
|
|
|
|
|
dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
|
2016-08-16 21:08:15 +00:00
|
|
|
|
2009-05-30 01:08:56 +00:00
|
|
|
LogBuffer = LogfAllocAndBuildNewRecord(&recSize,
|
2016-08-16 21:08:15 +00:00
|
|
|
Time,
|
2009-05-30 01:08:56 +00:00
|
|
|
EventType,
|
|
|
|
|
EventCategory,
|
|
|
|
|
EventID,
|
2016-08-16 21:08:15 +00:00
|
|
|
(SourceName && SourceName->Buffer)
|
|
|
|
|
? SourceName->Buffer
|
|
|
|
|
: lpLogHandle->szName,
|
2009-05-30 01:08:56 +00:00
|
|
|
ComputerName->Buffer,
|
2011-08-24 09:45:50 +00:00
|
|
|
dwUserSidLength,
|
|
|
|
|
UserSID,
|
2009-05-30 01:08:56 +00:00
|
|
|
NumStrings,
|
2011-08-24 09:45:50 +00:00
|
|
|
lpStrings,
|
2009-05-30 01:08:56 +00:00
|
|
|
DataSize,
|
|
|
|
|
Data);
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
Status = LogfWriteRecord(lpLogHandle->LogFile, recSize, LogBuffer);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
2009-05-30 01:08:56 +00:00
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
DPRINT1("ERROR WRITING TO EventLog %S (Status 0x%08lx)\n",
|
|
|
|
|
lpLogHandle->LogFile->FileName, Status);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
/* Retrieve the two fields that were set by LogfWriteRecord into the record */
|
|
|
|
|
if (RecordNumber)
|
|
|
|
|
*RecordNumber = LogBuffer->RecordNumber;
|
|
|
|
|
if (TimeWritten)
|
|
|
|
|
*TimeWritten = LogBuffer->TimeWritten;
|
2009-05-30 01:08:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
LogfFreeRecord(LogBuffer);
|
|
|
|
|
|
|
|
|
|
HeapFree(GetProcessHeap(), 0, lpStrings);
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Function 11 */
|
|
|
|
|
NTSTATUS
|
|
|
|
|
ElfrReportEventW(
|
|
|
|
|
IELF_HANDLE LogHandle,
|
|
|
|
|
ULONG Time,
|
|
|
|
|
USHORT EventType,
|
|
|
|
|
USHORT EventCategory,
|
|
|
|
|
ULONG EventID,
|
|
|
|
|
USHORT NumStrings,
|
|
|
|
|
ULONG DataSize,
|
|
|
|
|
PRPC_UNICODE_STRING ComputerName,
|
|
|
|
|
PRPC_SID UserSID,
|
|
|
|
|
PRPC_UNICODE_STRING Strings[],
|
|
|
|
|
PBYTE Data,
|
|
|
|
|
USHORT Flags,
|
|
|
|
|
PULONG RecordNumber,
|
|
|
|
|
PULONG TimeWritten)
|
|
|
|
|
{
|
|
|
|
|
/* Call the helper function. The event source is provided via the log handle. */
|
|
|
|
|
return ElfrIntReportEventW(LogHandle,
|
|
|
|
|
Time,
|
|
|
|
|
EventType,
|
|
|
|
|
EventCategory,
|
|
|
|
|
EventID,
|
|
|
|
|
NULL,
|
|
|
|
|
NumStrings,
|
|
|
|
|
DataSize,
|
|
|
|
|
ComputerName,
|
|
|
|
|
UserSID,
|
|
|
|
|
Strings,
|
|
|
|
|
Data,
|
|
|
|
|
Flags,
|
|
|
|
|
RecordNumber,
|
|
|
|
|
TimeWritten);
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
2007-05-03 07:47:12 +00:00
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 12 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrClearELFA(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
|
|
|
|
PRPC_STRING BackupFileName)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2011-12-15 21:33:46 +00:00
|
|
|
UNICODE_STRING BackupFileNameW;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
|
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
|
|
|
|
|
(PANSI_STRING)BackupFileName,
|
|
|
|
|
TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
return Status;
|
|
|
|
|
|
|
|
|
|
Status = ElfrClearELFW(LogHandle,
|
|
|
|
|
(PRPC_UNICODE_STRING)&BackupFileNameW);
|
|
|
|
|
|
|
|
|
|
RtlFreeUnicodeString(&BackupFileNameW);
|
|
|
|
|
|
|
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 13 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrBackupELFA(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
|
|
|
|
PRPC_STRING BackupFileName)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2011-12-16 18:18:20 +00:00
|
|
|
UNICODE_STRING BackupFileNameW;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
|
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
|
|
|
|
|
(PANSI_STRING)BackupFileName,
|
|
|
|
|
TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
return Status;
|
|
|
|
|
|
|
|
|
|
Status = ElfrBackupELFW(LogHandle,
|
|
|
|
|
(PRPC_UNICODE_STRING)&BackupFileNameW);
|
|
|
|
|
|
|
|
|
|
RtlFreeUnicodeString(&BackupFileNameW);
|
|
|
|
|
|
|
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 14 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrOpenELA(
|
2008-05-18 15:29:53 +00:00
|
|
|
EVENTLOG_HANDLE_A UNCServerName,
|
|
|
|
|
PRPC_STRING ModuleName,
|
|
|
|
|
PRPC_STRING RegModuleName,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG MajorVersion,
|
|
|
|
|
ULONG MinorVersion,
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2010-03-14 12:26:49 +00:00
|
|
|
UNICODE_STRING ModuleNameW;
|
2011-12-15 21:33:46 +00:00
|
|
|
NTSTATUS Status;
|
2006-03-04 17:04:42 +00:00
|
|
|
|
2010-03-14 12:26:49 +00:00
|
|
|
if ((MajorVersion != 1) || (MinorVersion != 1))
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
2006-03-04 17:04:42 +00:00
|
|
|
|
2010-03-14 12:26:49 +00:00
|
|
|
/* RegModuleName must be an empty string */
|
|
|
|
|
if (RegModuleName->Length > 0)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
2006-03-04 17:04:42 +00:00
|
|
|
|
2011-12-15 21:33:46 +00:00
|
|
|
Status = RtlAnsiStringToUnicodeString(&ModuleNameW, (PANSI_STRING)ModuleName, TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
return Status;
|
2010-03-14 12:26:49 +00:00
|
|
|
|
|
|
|
|
/* FIXME: Must verify that caller has read access */
|
2006-03-04 17:04:42 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
|
|
|
|
|
&ModuleNameW,
|
2012-01-08 23:03:23 +00:00
|
|
|
FALSE);
|
2006-03-04 17:04:42 +00:00
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
RtlFreeUnicodeString(&ModuleNameW);
|
|
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 15 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrRegisterEventSourceA(
|
2008-05-18 15:29:53 +00:00
|
|
|
EVENTLOG_HANDLE_A UNCServerName,
|
|
|
|
|
PRPC_STRING ModuleName,
|
|
|
|
|
PRPC_STRING RegModuleName,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG MajorVersion,
|
|
|
|
|
ULONG MinorVersion,
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2011-12-15 21:33:46 +00:00
|
|
|
UNICODE_STRING ModuleNameW;
|
|
|
|
|
NTSTATUS Status;
|
2010-01-17 15:16:26 +00:00
|
|
|
|
2011-12-15 21:33:46 +00:00
|
|
|
Status = RtlAnsiStringToUnicodeString(&ModuleNameW,
|
|
|
|
|
(PANSI_STRING)ModuleName,
|
|
|
|
|
TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
2010-01-17 15:16:26 +00:00
|
|
|
{
|
2011-12-15 21:33:46 +00:00
|
|
|
DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
|
|
|
|
|
return Status;
|
2010-01-17 15:16:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* RegModuleName must be an empty string */
|
|
|
|
|
if (RegModuleName->Length > 0)
|
|
|
|
|
{
|
|
|
|
|
RtlFreeUnicodeString(&ModuleNameW);
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((MajorVersion != 1) || (MinorVersion != 1))
|
|
|
|
|
{
|
|
|
|
|
RtlFreeUnicodeString(&ModuleNameW);
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-14 12:26:49 +00:00
|
|
|
/* FIXME: Must verify that caller has write access */
|
2010-01-17 15:16:26 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
Status = ElfCreateEventLogHandle((PLOGHANDLE*)LogHandle,
|
|
|
|
|
&ModuleNameW,
|
2012-01-08 23:03:23 +00:00
|
|
|
TRUE);
|
2010-01-17 15:16:26 +00:00
|
|
|
|
|
|
|
|
RtlFreeUnicodeString(&ModuleNameW);
|
|
|
|
|
|
2012-01-08 23:03:23 +00:00
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 16 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrOpenBELA(
|
2008-05-18 15:29:53 +00:00
|
|
|
EVENTLOG_HANDLE_A UNCServerName,
|
|
|
|
|
PRPC_STRING BackupFileName,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG MajorVersion,
|
|
|
|
|
ULONG MinorVersion,
|
|
|
|
|
PIELF_HANDLE LogHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2012-01-08 23:03:23 +00:00
|
|
|
UNICODE_STRING BackupFileNameW;
|
|
|
|
|
NTSTATUS Status;
|
|
|
|
|
|
|
|
|
|
DPRINT("ElfrOpenBELA(%Z)\n", BackupFileName);
|
|
|
|
|
|
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
|
|
|
|
|
(PANSI_STRING)BackupFileName,
|
|
|
|
|
TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("RtlAnsiStringToUnicodeString failed (Status 0x%08lx)\n", Status);
|
|
|
|
|
return Status;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((MajorVersion != 1) || (MinorVersion != 1))
|
|
|
|
|
{
|
|
|
|
|
RtlFreeUnicodeString(&BackupFileNameW);
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: UNCServerName must specify the server */
|
2012-01-08 23:03:23 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* FIXME: Must verify that caller has read access */
|
2012-01-08 23:03:23 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
Status = ElfCreateBackupLogHandle((PLOGHANDLE*)LogHandle,
|
2012-01-08 23:03:23 +00:00
|
|
|
&BackupFileNameW);
|
|
|
|
|
|
|
|
|
|
RtlFreeUnicodeString(&BackupFileNameW);
|
|
|
|
|
|
|
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 17 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrReadELA(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG ReadFlags,
|
|
|
|
|
ULONG RecordOffset,
|
2008-05-18 15:29:53 +00:00
|
|
|
RULONG NumberOfBytesToRead,
|
2016-08-12 19:14:55 +00:00
|
|
|
PBYTE Buffer,
|
|
|
|
|
PULONG NumberOfBytesRead,
|
|
|
|
|
PULONG MinNumberOfBytesNeeded)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
NTSTATUS Status;
|
2011-12-17 13:22:10 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2016-08-16 21:08:15 +00:00
|
|
|
ULONG RecordNumber;
|
2011-12-17 13:22:10 +00:00
|
|
|
|
|
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
|
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
|
|
|
|
if (!Buffer)
|
|
|
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
|
|
|
|
|
|
/* If sequential read, retrieve the CurrentRecord from this log handle */
|
|
|
|
|
if (ReadFlags & EVENTLOG_SEQUENTIAL_READ)
|
|
|
|
|
{
|
|
|
|
|
RecordNumber = lpLogHandle->CurrentRecord;
|
|
|
|
|
}
|
2016-08-16 21:08:15 +00:00
|
|
|
else // (ReadFlags & EVENTLOG_SEEK_READ)
|
2011-12-17 13:22:10 +00:00
|
|
|
{
|
|
|
|
|
RecordNumber = RecordOffset;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
Status = LogfReadEvents(lpLogHandle->LogFile,
|
2011-12-17 13:22:10 +00:00
|
|
|
ReadFlags,
|
|
|
|
|
&RecordNumber,
|
|
|
|
|
NumberOfBytesToRead,
|
|
|
|
|
Buffer,
|
|
|
|
|
NumberOfBytesRead,
|
|
|
|
|
MinNumberOfBytesNeeded,
|
|
|
|
|
TRUE);
|
|
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
/* Update the handle's CurrentRecord if success */
|
2016-08-16 21:08:15 +00:00
|
|
|
if (NT_SUCCESS(Status))
|
2011-12-17 13:22:10 +00:00
|
|
|
{
|
|
|
|
|
lpLogHandle->CurrentRecord = RecordNumber;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 18 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrReportEventA(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG Time,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT EventType,
|
|
|
|
|
USHORT EventCategory,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG EventID,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT NumStrings,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG DataSize,
|
2008-05-18 15:29:53 +00:00
|
|
|
PRPC_STRING ComputerName,
|
|
|
|
|
PRPC_SID UserSID,
|
|
|
|
|
PRPC_STRING Strings[],
|
2016-08-12 19:14:55 +00:00
|
|
|
PBYTE Data,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT Flags,
|
2016-08-12 19:14:55 +00:00
|
|
|
PULONG RecordNumber,
|
|
|
|
|
PULONG TimeWritten)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2011-12-16 18:18:20 +00:00
|
|
|
UNICODE_STRING ComputerNameW;
|
|
|
|
|
PUNICODE_STRING *StringsArrayW = NULL;
|
|
|
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
|
|
|
USHORT i;
|
|
|
|
|
|
|
|
|
|
DPRINT("ElfrReportEventA(%hu)\n", NumStrings);
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
for (i = 0; i < NumStrings; i++)
|
|
|
|
|
{
|
|
|
|
|
if (Strings[i] == NULL)
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("String %hu is null\n", i);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
DPRINT1("String %hu: %Z\n", i, Strings[i]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
Status = RtlAnsiStringToUnicodeString((PUNICODE_STRING)&ComputerNameW,
|
|
|
|
|
(PANSI_STRING)ComputerName,
|
|
|
|
|
TRUE);
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
return Status;
|
|
|
|
|
|
|
|
|
|
if (NumStrings != 0)
|
|
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
StringsArrayW = HeapAlloc(GetProcessHeap(),
|
2011-12-16 18:18:20 +00:00
|
|
|
HEAP_ZERO_MEMORY,
|
2016-08-12 19:14:55 +00:00
|
|
|
NumStrings * sizeof(PUNICODE_STRING));
|
2011-12-16 18:18:20 +00:00
|
|
|
if (StringsArrayW == NULL)
|
|
|
|
|
{
|
|
|
|
|
Status = STATUS_NO_MEMORY;
|
|
|
|
|
goto Done;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < NumStrings; i++)
|
|
|
|
|
{
|
|
|
|
|
if (Strings[i] != NULL)
|
|
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
StringsArrayW[i] = HeapAlloc(GetProcessHeap(),
|
2011-12-16 18:18:20 +00:00
|
|
|
HEAP_ZERO_MEMORY,
|
|
|
|
|
sizeof(UNICODE_STRING));
|
|
|
|
|
if (StringsArrayW[i] == NULL)
|
|
|
|
|
{
|
|
|
|
|
Status = STATUS_NO_MEMORY;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Status = RtlAnsiStringToUnicodeString(StringsArrayW[i],
|
|
|
|
|
(PANSI_STRING)Strings[i],
|
|
|
|
|
TRUE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (NT_SUCCESS(Status))
|
|
|
|
|
{
|
|
|
|
|
Status = ElfrReportEventW(LogHandle,
|
|
|
|
|
Time,
|
|
|
|
|
EventType,
|
|
|
|
|
EventCategory,
|
|
|
|
|
EventID,
|
|
|
|
|
NumStrings,
|
|
|
|
|
DataSize,
|
|
|
|
|
(PRPC_UNICODE_STRING)&ComputerNameW,
|
|
|
|
|
UserSID,
|
|
|
|
|
(PRPC_UNICODE_STRING*)StringsArrayW,
|
|
|
|
|
Data,
|
|
|
|
|
Flags,
|
|
|
|
|
RecordNumber,
|
|
|
|
|
TimeWritten);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Done:
|
2014-04-06 12:35:54 +00:00
|
|
|
if (StringsArrayW != NULL)
|
2011-12-16 18:18:20 +00:00
|
|
|
{
|
2014-04-06 12:35:54 +00:00
|
|
|
for (i = 0; i < NumStrings; i++)
|
2011-12-16 18:18:20 +00:00
|
|
|
{
|
2014-04-06 12:35:54 +00:00
|
|
|
if (StringsArrayW[i] != NULL)
|
2011-12-16 18:18:20 +00:00
|
|
|
{
|
2014-04-06 12:35:54 +00:00
|
|
|
if (StringsArrayW[i]->Buffer)
|
|
|
|
|
{
|
|
|
|
|
RtlFreeUnicodeString(StringsArrayW[i]);
|
2016-08-16 21:08:15 +00:00
|
|
|
HeapFree(GetProcessHeap(), 0, StringsArrayW[i]);
|
2014-04-06 12:35:54 +00:00
|
|
|
}
|
2011-12-16 18:18:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
HeapFree(GetProcessHeap(), 0, StringsArrayW);
|
2014-04-06 12:35:54 +00:00
|
|
|
}
|
2011-12-16 18:18:20 +00:00
|
|
|
|
|
|
|
|
RtlFreeUnicodeString(&ComputerNameW);
|
|
|
|
|
|
|
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 19 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrRegisterClusterSvc(
|
2008-05-18 15:29:53 +00:00
|
|
|
handle_t BindingHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2007-08-14 08:48:02 +00:00
|
|
|
UNIMPLEMENTED;
|
2005-09-20 07:58:28 +00:00
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
|
}
|
2007-05-03 07:47:12 +00:00
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 20 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrDeregisterClusterSvc(
|
2008-05-18 15:29:53 +00:00
|
|
|
handle_t BindingHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2007-08-14 08:48:02 +00:00
|
|
|
UNIMPLEMENTED;
|
2005-09-20 07:58:28 +00:00
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 21 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrWriteClusterEvents(
|
2008-05-18 15:29:53 +00:00
|
|
|
handle_t BindingHandle)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2007-08-14 08:48:02 +00:00
|
|
|
UNIMPLEMENTED;
|
2005-09-20 07:58:28 +00:00
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 22 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrGetLogInformation(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG InfoLevel,
|
|
|
|
|
PBYTE Buffer,
|
|
|
|
|
ULONG cbBufSize,
|
|
|
|
|
PULONG pcbBytesNeeded)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
2010-03-14 12:26:49 +00:00
|
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
2016-08-12 19:14:55 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
2010-03-14 12:26:49 +00:00
|
|
|
|
2016-08-12 19:14:55 +00:00
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
|
|
|
|
return STATUS_INVALID_HANDLE;
|
2010-03-14 12:26:49 +00:00
|
|
|
|
|
|
|
|
switch (InfoLevel)
|
|
|
|
|
{
|
|
|
|
|
case EVENTLOG_FULL_INFO:
|
2016-08-16 21:08:15 +00:00
|
|
|
{
|
|
|
|
|
LPEVENTLOG_FULL_INFORMATION efi = (LPEVENTLOG_FULL_INFORMATION)Buffer;
|
2010-03-14 12:26:49 +00:00
|
|
|
|
2016-08-16 21:08:15 +00:00
|
|
|
*pcbBytesNeeded = sizeof(EVENTLOG_FULL_INFORMATION);
|
|
|
|
|
if (cbBufSize < sizeof(EVENTLOG_FULL_INFORMATION))
|
|
|
|
|
{
|
|
|
|
|
Status = STATUS_BUFFER_TOO_SMALL;
|
|
|
|
|
break;
|
2010-03-14 12:26:49 +00:00
|
|
|
}
|
2016-08-16 21:08:15 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* FIXME. To check whether an event log is "full" one needs
|
|
|
|
|
* to compare its current size with respect to the maximum
|
|
|
|
|
* size threshold "MaxSize" contained in its header.
|
|
|
|
|
*/
|
|
|
|
|
efi->dwFull = 0;
|
2010-03-14 12:26:49 +00:00
|
|
|
break;
|
2016-08-16 21:08:15 +00:00
|
|
|
}
|
2010-03-14 12:26:49 +00:00
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
Status = STATUS_INVALID_LEVEL;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return Status;
|
2005-09-20 07:58:28 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
/* Function 23 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrFlushEL(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle)
|
2006-03-04 17:04:42 +00:00
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
PLOGHANDLE lpLogHandle;
|
|
|
|
|
|
|
|
|
|
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
|
|
|
|
|
if (!lpLogHandle)
|
|
|
|
|
return STATUS_INVALID_HANDLE;
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
UNIMPLEMENTED;
|
2006-03-04 17:04:42 +00:00
|
|
|
return STATUS_NOT_IMPLEMENTED;
|
|
|
|
|
}
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
|
|
|
|
|
/* Function 24 */
|
2016-08-12 19:14:55 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
ElfrReportEventAndSourceW(
|
2008-05-18 15:29:53 +00:00
|
|
|
IELF_HANDLE LogHandle,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG Time,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT EventType,
|
|
|
|
|
USHORT EventCategory,
|
|
|
|
|
ULONG EventID,
|
|
|
|
|
PRPC_UNICODE_STRING SourceName,
|
|
|
|
|
USHORT NumStrings,
|
2016-08-12 19:14:55 +00:00
|
|
|
ULONG DataSize,
|
2008-05-18 15:29:53 +00:00
|
|
|
PRPC_UNICODE_STRING ComputerName,
|
|
|
|
|
PRPC_SID UserSID,
|
|
|
|
|
PRPC_UNICODE_STRING Strings[],
|
2016-08-12 19:14:55 +00:00
|
|
|
PBYTE Data,
|
2008-05-18 15:29:53 +00:00
|
|
|
USHORT Flags,
|
2016-08-12 19:14:55 +00:00
|
|
|
PULONG RecordNumber,
|
|
|
|
|
PULONG TimeWritten)
|
2008-05-18 15:29:53 +00:00
|
|
|
{
|
2016-08-16 21:08:15 +00:00
|
|
|
/* Call the helper function. The event source is specified by the caller. */
|
|
|
|
|
return ElfrIntReportEventW(LogHandle,
|
|
|
|
|
Time,
|
|
|
|
|
EventType,
|
|
|
|
|
EventCategory,
|
|
|
|
|
EventID,
|
|
|
|
|
SourceName,
|
|
|
|
|
NumStrings,
|
|
|
|
|
DataSize,
|
|
|
|
|
ComputerName,
|
|
|
|
|
UserSID,
|
|
|
|
|
Strings,
|
|
|
|
|
Data,
|
|
|
|
|
Flags,
|
|
|
|
|
RecordNumber,
|
|
|
|
|
TimeWritten);
|
2008-05-18 15:29:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-08-07 20:15:12 +00:00
|
|
|
void __RPC_FAR *__RPC_USER midl_user_allocate(SIZE_T len)
|
2005-09-20 07:58:28 +00:00
|
|
|
{
|
|
|
|
|
return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);
|
|
|
|
|
}
|
|
|
|
|
|
2008-05-18 15:29:53 +00:00
|
|
|
|
2005-09-20 07:58:28 +00:00
|
|
|
void __RPC_USER midl_user_free(void __RPC_FAR * ptr)
|
|
|
|
|
{
|
|
|
|
|
HeapFree(GetProcessHeap(), 0, ptr);
|
|
|
|
|
}
|
2008-05-18 15:29:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
void __RPC_USER IELF_HANDLE_rundown(IELF_HANDLE LogHandle)
|
|
|
|
|
{
|
2016-08-12 19:14:55 +00:00
|
|
|
/* Close the handle */
|
|
|
|
|
ElfDeleteEventLogHandle(&LogHandle); // ElfrCloseEL(&LogHandle);
|
2008-05-18 15:29:53 +00:00
|
|
|
}
|
