mirror of
https://github.com/reactos/reactos.git
synced 2024-11-20 06:15:26 +00:00
1648 lines
42 KiB
C
1648 lines
42 KiB
C
/*
|
|
* Win32 advapi functions
|
|
*
|
|
* Copyright 1995 Sven Verdoolaege
|
|
* Copyright 1998 Juergen Schmied
|
|
* Copyright 2003 Mike Hearn
|
|
* Copyright 2007 Hervé Poussineau
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
/* INCLUDES ******************************************************************/
|
|
|
|
#include <advapi32.h>
|
|
|
|
#include <ndk/kefuncs.h>
|
|
#include <eventlogrpc_c.h>
|
|
|
|
WINE_DEFAULT_DEBUG_CHANNEL(advapi);
|
|
|
|
static RPC_UNICODE_STRING EmptyStringU = { 0, 0, L"" };
|
|
static RPC_STRING EmptyStringA = { 0, 0, "" };
|
|
|
|
|
|
/* FUNCTIONS *****************************************************************/
|
|
|
|
handle_t __RPC_USER
|
|
EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName)
|
|
{
|
|
handle_t hBinding = NULL;
|
|
RPC_CSTR pszStringBinding;
|
|
RPC_STATUS status;
|
|
|
|
TRACE("EVENTLOG_HANDLE_A_bind() called\n");
|
|
|
|
status = RpcStringBindingComposeA(NULL,
|
|
(RPC_CSTR)"ncacn_np",
|
|
(RPC_CSTR)UNCServerName,
|
|
(RPC_CSTR)"\\pipe\\EventLog",
|
|
NULL,
|
|
&pszStringBinding);
|
|
if (status)
|
|
{
|
|
ERR("RpcStringBindingCompose returned 0x%x\n", status);
|
|
return NULL;
|
|
}
|
|
|
|
/* Set the binding handle that will be used to bind to the server. */
|
|
status = RpcBindingFromStringBindingA(pszStringBinding,
|
|
&hBinding);
|
|
if (status != RPC_S_OK)
|
|
{
|
|
ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
|
|
}
|
|
|
|
status = RpcStringFreeA(&pszStringBinding);
|
|
if (status != RPC_S_OK)
|
|
{
|
|
ERR("RpcStringFree returned 0x%x\n", status);
|
|
}
|
|
|
|
return hBinding;
|
|
}
|
|
|
|
|
|
void __RPC_USER
|
|
EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName,
|
|
handle_t hBinding)
|
|
{
|
|
RPC_STATUS status;
|
|
|
|
TRACE("EVENTLOG_HANDLE_A_unbind() called\n");
|
|
|
|
status = RpcBindingFree(&hBinding);
|
|
if (status != RPC_S_OK)
|
|
{
|
|
ERR("RpcBindingFree returned 0x%x\n", status);
|
|
}
|
|
}
|
|
|
|
|
|
handle_t __RPC_USER
|
|
EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName)
|
|
{
|
|
handle_t hBinding = NULL;
|
|
RPC_WSTR pszStringBinding;
|
|
RPC_STATUS status;
|
|
|
|
TRACE("EVENTLOG_HANDLE_W_bind() called\n");
|
|
|
|
status = RpcStringBindingComposeW(NULL,
|
|
L"ncacn_np",
|
|
UNCServerName,
|
|
L"\\pipe\\EventLog",
|
|
NULL,
|
|
&pszStringBinding);
|
|
if (status != RPC_S_OK)
|
|
{
|
|
ERR("RpcStringBindingCompose returned 0x%x\n", status);
|
|
return NULL;
|
|
}
|
|
|
|
/* Set the binding handle that will be used to bind to the server. */
|
|
status = RpcBindingFromStringBindingW(pszStringBinding,
|
|
&hBinding);
|
|
if (status != RPC_S_OK)
|
|
{
|
|
ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
|
|
}
|
|
|
|
status = RpcStringFreeW(&pszStringBinding);
|
|
if (status != RPC_S_OK)
|
|
{
|
|
ERR("RpcStringFree returned 0x%x\n", status);
|
|
}
|
|
|
|
return hBinding;
|
|
}
|
|
|
|
|
|
void __RPC_USER
|
|
EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName,
|
|
handle_t hBinding)
|
|
{
|
|
RPC_STATUS status;
|
|
|
|
TRACE("EVENTLOG_HANDLE_W_unbind() called\n");
|
|
|
|
status = RpcBindingFree(&hBinding);
|
|
if (status != RPC_S_OK)
|
|
{
|
|
ERR("RpcBindingFree returned 0x%x\n", status);
|
|
}
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* BackupEventLogA [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfBackupEventLogFileA(IN HANDLE hEventLog,
|
|
IN PANSI_STRING BackupFileNameA)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
if (!BackupFileNameA || (BackupFileNameA->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrBackupELFA(hEventLog,
|
|
(PRPC_STRING)BackupFileNameA);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
BackupEventLogA(IN HANDLE hEventLog,
|
|
IN LPCSTR lpBackupFileName)
|
|
{
|
|
BOOL Success;
|
|
NTSTATUS Status;
|
|
ANSI_STRING BackupFileNameA;
|
|
UNICODE_STRING BackupFileNameW;
|
|
|
|
TRACE("%p, %s\n", hEventLog, lpBackupFileName);
|
|
|
|
if (lpBackupFileName == NULL)
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return FALSE;
|
|
}
|
|
|
|
RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
|
|
&BackupFileNameA,
|
|
TRUE);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
Success = BackupEventLogW(hEventLog,
|
|
BackupFileNameW.Buffer);
|
|
|
|
RtlFreeUnicodeString(&BackupFileNameW);
|
|
|
|
return Success;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* BackupEventLogW [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* hEventLog []
|
|
* lpBackupFileName []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfBackupEventLogFileW(IN HANDLE hEventLog,
|
|
IN PUNICODE_STRING BackupFileNameU)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
if (!BackupFileNameU || (BackupFileNameU->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrBackupELFW(hEventLog,
|
|
(PRPC_UNICODE_STRING)BackupFileNameU);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
BackupEventLogW(IN HANDLE hEventLog,
|
|
IN LPCWSTR lpBackupFileName)
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING BackupFileName;
|
|
|
|
TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
|
|
|
|
if (lpBackupFileName == NULL)
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return FALSE;
|
|
}
|
|
|
|
if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
|
|
NULL, NULL))
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return FALSE;
|
|
}
|
|
|
|
Status = ElfBackupEventLogFileW(hEventLog, &BackupFileName);
|
|
|
|
RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* ClearEventLogA [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfClearEventLogFileA(IN HANDLE hEventLog,
|
|
IN PANSI_STRING BackupFileNameA)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrClearELFA(hEventLog,
|
|
(PRPC_STRING)BackupFileNameA);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
ClearEventLogA(IN HANDLE hEventLog,
|
|
IN LPCSTR lpBackupFileName)
|
|
{
|
|
BOOL Success;
|
|
NTSTATUS Status;
|
|
ANSI_STRING BackupFileNameA;
|
|
UNICODE_STRING BackupFileNameW;
|
|
|
|
TRACE("%p, %s\n", hEventLog, lpBackupFileName);
|
|
|
|
if (lpBackupFileName == NULL)
|
|
{
|
|
RtlInitUnicodeString(&BackupFileNameW, NULL);
|
|
}
|
|
else
|
|
{
|
|
RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
|
|
&BackupFileNameA,
|
|
TRUE);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
Success = ClearEventLogW(hEventLog,
|
|
BackupFileNameW.Buffer);
|
|
|
|
RtlFreeUnicodeString(&BackupFileNameW);
|
|
|
|
return Success;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* ClearEventLogW [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfClearEventLogFileW(IN HANDLE hEventLog,
|
|
IN PUNICODE_STRING BackupFileNameU)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrClearELFW(hEventLog,
|
|
(PRPC_UNICODE_STRING)BackupFileNameU);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
ClearEventLogW(IN HANDLE hEventLog,
|
|
IN LPCWSTR lpBackupFileName)
|
|
{
|
|
NTSTATUS Status;
|
|
UNICODE_STRING BackupFileName;
|
|
|
|
TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
|
|
|
|
if (lpBackupFileName == NULL)
|
|
{
|
|
RtlInitUnicodeString(&BackupFileName, NULL);
|
|
}
|
|
else
|
|
{
|
|
if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
|
|
NULL, NULL))
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
Status = ElfClearEventLogFileW(hEventLog, &BackupFileName);
|
|
|
|
if (lpBackupFileName != NULL)
|
|
RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* CloseEventLog [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfCloseEventLog(IN HANDLE hEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrCloseEL(&hEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
CloseEventLog(IN HANDLE hEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
TRACE("%p\n", hEventLog);
|
|
|
|
Status = ElfCloseEventLog(hEventLog);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* DeregisterEventSource [ADVAPI32.@]
|
|
* Closes a handle to the specified event log
|
|
*
|
|
* PARAMS
|
|
* hEventLog [I] Handle to event log
|
|
*
|
|
* RETURNS STD
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfDeregisterEventSource(IN HANDLE hEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrDeregisterEventSource(&hEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
DeregisterEventSource(IN HANDLE hEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
TRACE("%p\n", hEventLog);
|
|
|
|
Status = ElfDeregisterEventSource(hEventLog);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* GetEventLogInformation [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* hEventLog [I] Handle to event log
|
|
* dwInfoLevel [I] Level of event log information to return
|
|
* lpBuffer [O] Buffer that receives the event log information
|
|
* cbBufSize [I] Size of the lpBuffer buffer
|
|
* pcbBytesNeeded [O] Required buffer size
|
|
*/
|
|
BOOL WINAPI
|
|
GetEventLogInformation(IN HANDLE hEventLog,
|
|
IN DWORD dwInfoLevel,
|
|
OUT LPVOID lpBuffer,
|
|
IN DWORD cbBufSize,
|
|
OUT LPDWORD pcbBytesNeeded)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
if (dwInfoLevel != EVENTLOG_FULL_INFO)
|
|
{
|
|
SetLastError(ERROR_INVALID_LEVEL);
|
|
return FALSE;
|
|
}
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrGetLogInformation(hEventLog,
|
|
dwInfoLevel,
|
|
(LPBYTE)lpBuffer,
|
|
cbBufSize,
|
|
pcbBytesNeeded);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* GetNumberOfEventLogRecords [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* hEventLog []
|
|
* NumberOfRecords []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfNumberOfRecords(IN HANDLE hEventLog,
|
|
OUT PULONG NumberOfRecords)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
if (!NumberOfRecords)
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrNumberOfRecords(hEventLog, NumberOfRecords);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
GetNumberOfEventLogRecords(IN HANDLE hEventLog,
|
|
OUT PDWORD NumberOfRecords)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
TRACE("%p, %p\n", hEventLog, NumberOfRecords);
|
|
|
|
Status = ElfNumberOfRecords(hEventLog, NumberOfRecords);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* GetOldestEventLogRecord [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* hEventLog []
|
|
* OldestRecord []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfOldestRecord(IN HANDLE hEventLog,
|
|
OUT PULONG OldestRecordNumber)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
if (!OldestRecordNumber)
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrOldestRecord(hEventLog, OldestRecordNumber);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
GetOldestEventLogRecord(IN HANDLE hEventLog,
|
|
OUT PDWORD OldestRecord)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
TRACE("%p, %p\n", hEventLog, OldestRecord);
|
|
|
|
Status = ElfOldestRecord(hEventLog, OldestRecord);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* NotifyChangeEventLog [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* hEventLog []
|
|
* hEvent []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfChangeNotify(IN HANDLE hEventLog,
|
|
IN HANDLE hEvent)
|
|
{
|
|
NTSTATUS Status;
|
|
CLIENT_ID ClientId = NtCurrentTeb()->ClientId;
|
|
RPC_CLIENT_ID RpcClientId;
|
|
|
|
RpcClientId.UniqueProcess = HandleToUlong(ClientId.UniqueProcess);
|
|
RpcClientId.UniqueThread = HandleToUlong(ClientId.UniqueThread);
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrChangeNotify(hEventLog, RpcClientId, (DWORD)hEvent);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
NotifyChangeEventLog(IN HANDLE hEventLog,
|
|
IN HANDLE hEvent)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
TRACE("%p, %p\n", hEventLog, hEvent);
|
|
|
|
Status = ElfChangeNotify(hEventLog, hEvent);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* OpenBackupEventLogA [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA,
|
|
IN PANSI_STRING BackupFileNameA,
|
|
OUT PHANDLE phEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
PSTR pUNCServerName = NULL;
|
|
|
|
if (!phEventLog || !BackupFileNameA || (BackupFileNameA->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
if (UNCServerNameA && (UNCServerNameA->Length != 0))
|
|
pUNCServerName = UNCServerNameA->Buffer;
|
|
|
|
*phEventLog = NULL;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrOpenBELA(pUNCServerName,
|
|
(PRPC_STRING)BackupFileNameA,
|
|
1, 1,
|
|
(IELF_HANDLE*)phEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
HANDLE WINAPI
|
|
OpenBackupEventLogA(IN LPCSTR lpUNCServerName,
|
|
IN LPCSTR lpFileName)
|
|
{
|
|
NTSTATUS Status;
|
|
HANDLE LogHandle;
|
|
ANSI_STRING UNCServerNameA;
|
|
UNICODE_STRING UNCServerNameW;
|
|
ANSI_STRING FileNameA;
|
|
UNICODE_STRING FileNameW;
|
|
|
|
TRACE("%s, %s\n", lpUNCServerName, lpFileName);
|
|
|
|
/* Convert the server name to unicode */
|
|
if (lpUNCServerName == NULL)
|
|
{
|
|
RtlInitUnicodeString(&UNCServerNameW, NULL);
|
|
}
|
|
else
|
|
{
|
|
RtlInitAnsiString(&UNCServerNameA, lpUNCServerName);
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&UNCServerNameW,
|
|
&UNCServerNameA,
|
|
TRUE);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
/* Convert the file name to unicode */
|
|
if (lpFileName == NULL)
|
|
{
|
|
RtlInitUnicodeString(&FileNameW, NULL);
|
|
}
|
|
else
|
|
{
|
|
RtlInitAnsiString(&FileNameA, lpFileName);
|
|
|
|
Status = RtlAnsiStringToUnicodeString(&FileNameW,
|
|
&FileNameA,
|
|
TRUE);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
RtlFreeUnicodeString(&UNCServerNameW);
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
/* Call the unicode function */
|
|
LogHandle = OpenBackupEventLogW(UNCServerNameW.Buffer,
|
|
FileNameW.Buffer);
|
|
|
|
/* Free the unicode strings */
|
|
RtlFreeUnicodeString(&UNCServerNameW);
|
|
RtlFreeUnicodeString(&FileNameW);
|
|
|
|
return LogHandle;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* OpenBackupEventLogW [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* lpUNCServerName []
|
|
* lpFileName []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU,
|
|
IN PUNICODE_STRING BackupFileNameU,
|
|
OUT PHANDLE phEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
PWSTR pUNCServerName = NULL;
|
|
|
|
if (!phEventLog || !BackupFileNameU || (BackupFileNameU->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
if (UNCServerNameU && (UNCServerNameU->Length != 0))
|
|
pUNCServerName = UNCServerNameU->Buffer;
|
|
|
|
*phEventLog = NULL;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrOpenBELW(pUNCServerName,
|
|
(PRPC_UNICODE_STRING)BackupFileNameU,
|
|
1,
|
|
1,
|
|
(IELF_HANDLE*)phEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
HANDLE WINAPI
|
|
OpenBackupEventLogW(IN LPCWSTR lpUNCServerName,
|
|
IN LPCWSTR lpFileName)
|
|
{
|
|
NTSTATUS Status;
|
|
HANDLE hEventLog;
|
|
UNICODE_STRING UNCServerName, FileName;
|
|
|
|
TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpFileName));
|
|
|
|
if (lpFileName == NULL)
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return NULL;
|
|
}
|
|
|
|
if (!RtlDosPathNameToNtPathName_U(lpFileName, &FileName,
|
|
NULL, NULL))
|
|
{
|
|
SetLastError(ERROR_INVALID_PARAMETER);
|
|
return NULL;
|
|
}
|
|
|
|
RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
|
|
|
|
Status = ElfOpenBackupEventLogW(&UNCServerName, &FileName, &hEventLog);
|
|
|
|
if (FileName.Buffer != NULL)
|
|
RtlFreeHeap(RtlGetProcessHeap(), 0, FileName.Buffer);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return NULL;
|
|
}
|
|
|
|
return hEventLog;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* OpenEventLogA [ADVAPI32.@]
|
|
*
|
|
* Opens a handle to the specified event log.
|
|
*
|
|
* PARAMS
|
|
* lpUNCServerName [I] UNC name of the server on which the event log is
|
|
* opened.
|
|
* lpSourceName [I] Name of the log.
|
|
*
|
|
* RETURNS
|
|
* Success: Handle to an event log.
|
|
* Failure: NULL
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA,
|
|
IN PANSI_STRING SourceNameA,
|
|
OUT PHANDLE phEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
PSTR pUNCServerName = NULL;
|
|
|
|
if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
if (UNCServerNameA && (UNCServerNameA->Length != 0))
|
|
pUNCServerName = UNCServerNameA->Buffer;
|
|
|
|
*phEventLog = NULL;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrOpenELA(pUNCServerName,
|
|
(PRPC_STRING)SourceNameA,
|
|
&EmptyStringA,
|
|
1,
|
|
1,
|
|
(IELF_HANDLE*)phEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
HANDLE WINAPI
|
|
OpenEventLogA(IN LPCSTR lpUNCServerName,
|
|
IN LPCSTR lpSourceName)
|
|
{
|
|
NTSTATUS Status;
|
|
HANDLE hEventLog;
|
|
ANSI_STRING UNCServerName, SourceName;
|
|
|
|
TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
|
|
|
|
RtlInitAnsiString(&UNCServerName, lpUNCServerName);
|
|
RtlInitAnsiString(&SourceName, lpSourceName);
|
|
|
|
Status = ElfOpenEventLogA(&UNCServerName, &SourceName, &hEventLog);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return NULL;
|
|
}
|
|
|
|
return hEventLog;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* OpenEventLogW [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* lpUNCServerName []
|
|
* lpSourceName []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU,
|
|
IN PUNICODE_STRING SourceNameU,
|
|
OUT PHANDLE phEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
PWSTR pUNCServerName = NULL;
|
|
|
|
if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
if (UNCServerNameU && (UNCServerNameU->Length != 0))
|
|
pUNCServerName = UNCServerNameU->Buffer;
|
|
|
|
*phEventLog = NULL;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrOpenELW(pUNCServerName,
|
|
(PRPC_UNICODE_STRING)SourceNameU,
|
|
&EmptyStringU,
|
|
1,
|
|
1,
|
|
(IELF_HANDLE*)phEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
HANDLE WINAPI
|
|
OpenEventLogW(IN LPCWSTR lpUNCServerName,
|
|
IN LPCWSTR lpSourceName)
|
|
{
|
|
NTSTATUS Status;
|
|
HANDLE hEventLog;
|
|
UNICODE_STRING UNCServerName, SourceName;
|
|
|
|
TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
|
|
|
|
RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
|
|
RtlInitUnicodeString(&SourceName, lpSourceName);
|
|
|
|
Status = ElfOpenEventLogW(&UNCServerName, &SourceName, &hEventLog);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return NULL;
|
|
}
|
|
|
|
return hEventLog;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* ReadEventLogA [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfReadEventLogA(IN HANDLE hEventLog,
|
|
IN ULONG ReadFlags,
|
|
IN ULONG RecordOffset,
|
|
OUT LPVOID Buffer,
|
|
IN ULONG NumberOfBytesToRead,
|
|
OUT PULONG NumberOfBytesRead,
|
|
OUT PULONG MinNumberOfBytesNeeded)
|
|
{
|
|
NTSTATUS Status;
|
|
ULONG Flags;
|
|
|
|
if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
|
|
if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
|
|
if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrReadELA(hEventLog,
|
|
ReadFlags,
|
|
RecordOffset,
|
|
NumberOfBytesToRead,
|
|
Buffer,
|
|
NumberOfBytesRead,
|
|
MinNumberOfBytesNeeded);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
ReadEventLogA(IN HANDLE hEventLog,
|
|
IN DWORD dwReadFlags,
|
|
IN DWORD dwRecordOffset,
|
|
OUT LPVOID lpBuffer,
|
|
IN DWORD nNumberOfBytesToRead,
|
|
OUT DWORD *pnBytesRead,
|
|
OUT DWORD *pnMinNumberOfBytesNeeded)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
|
|
hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
|
|
nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
|
|
|
|
Status = ElfReadEventLogA(hEventLog,
|
|
dwReadFlags,
|
|
dwRecordOffset,
|
|
lpBuffer,
|
|
nNumberOfBytesToRead,
|
|
pnBytesRead,
|
|
pnMinNumberOfBytesNeeded);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* ReadEventLogW [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* hEventLog []
|
|
* dwReadFlags []
|
|
* dwRecordOffset []
|
|
* lpBuffer []
|
|
* nNumberOfBytesToRead []
|
|
* pnBytesRead []
|
|
* pnMinNumberOfBytesNeeded []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfReadEventLogW(IN HANDLE hEventLog,
|
|
IN ULONG ReadFlags,
|
|
IN ULONG RecordOffset,
|
|
OUT LPVOID Buffer,
|
|
IN ULONG NumberOfBytesToRead,
|
|
OUT PULONG NumberOfBytesRead,
|
|
OUT PULONG MinNumberOfBytesNeeded)
|
|
{
|
|
NTSTATUS Status;
|
|
ULONG Flags;
|
|
|
|
if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
|
|
if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
|
|
if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
|
|
{
|
|
return STATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrReadELW(hEventLog,
|
|
ReadFlags,
|
|
RecordOffset,
|
|
NumberOfBytesToRead,
|
|
Buffer,
|
|
NumberOfBytesRead,
|
|
MinNumberOfBytesNeeded);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
ReadEventLogW(IN HANDLE hEventLog,
|
|
IN DWORD dwReadFlags,
|
|
IN DWORD dwRecordOffset,
|
|
OUT LPVOID lpBuffer,
|
|
IN DWORD nNumberOfBytesToRead,
|
|
OUT DWORD *pnBytesRead,
|
|
OUT DWORD *pnMinNumberOfBytesNeeded)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
|
|
hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
|
|
nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
|
|
|
|
Status = ElfReadEventLogW(hEventLog,
|
|
dwReadFlags,
|
|
dwRecordOffset,
|
|
lpBuffer,
|
|
nNumberOfBytesToRead,
|
|
pnBytesRead,
|
|
pnMinNumberOfBytesNeeded);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* RegisterEventSourceA [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA,
|
|
IN PANSI_STRING SourceNameA,
|
|
OUT PHANDLE phEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
PSTR pUNCServerName = NULL;
|
|
|
|
if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
if (UNCServerNameA && (UNCServerNameA->Length != 0))
|
|
pUNCServerName = UNCServerNameA->Buffer;
|
|
|
|
*phEventLog = NULL;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrRegisterEventSourceA(pUNCServerName,
|
|
(PRPC_STRING)SourceNameA,
|
|
&EmptyStringA,
|
|
1,
|
|
1,
|
|
(IELF_HANDLE*)phEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
HANDLE WINAPI
|
|
RegisterEventSourceA(IN LPCSTR lpUNCServerName,
|
|
IN LPCSTR lpSourceName)
|
|
{
|
|
NTSTATUS Status;
|
|
HANDLE hEventLog;
|
|
ANSI_STRING UNCServerName, SourceName;
|
|
|
|
TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
|
|
|
|
RtlInitAnsiString(&UNCServerName, lpUNCServerName);
|
|
RtlInitAnsiString(&SourceName, lpSourceName);
|
|
|
|
Status = ElfRegisterEventSourceA(&UNCServerName, &SourceName, &hEventLog);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return NULL;
|
|
}
|
|
|
|
return hEventLog;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* RegisterEventSourceW [ADVAPI32.@]
|
|
* Returns a registered handle to an event log
|
|
*
|
|
* PARAMS
|
|
* lpUNCServerName [I] Server name for source
|
|
* lpSourceName [I] Source name for registered handle
|
|
*
|
|
* RETURNS
|
|
* Success: Handle
|
|
* Failure: NULL
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU,
|
|
IN PUNICODE_STRING SourceNameU,
|
|
OUT PHANDLE phEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
PWSTR pUNCServerName = NULL;
|
|
|
|
if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
|
|
return STATUS_INVALID_PARAMETER;
|
|
|
|
if (UNCServerNameU && (UNCServerNameU->Length != 0))
|
|
pUNCServerName = UNCServerNameU->Buffer;
|
|
|
|
*phEventLog = NULL;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrRegisterEventSourceW(pUNCServerName,
|
|
(PRPC_UNICODE_STRING)SourceNameU,
|
|
&EmptyStringU,
|
|
1,
|
|
1,
|
|
(IELF_HANDLE*)phEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
HANDLE WINAPI
|
|
RegisterEventSourceW(IN LPCWSTR lpUNCServerName,
|
|
IN LPCWSTR lpSourceName)
|
|
{
|
|
NTSTATUS Status;
|
|
HANDLE hEventLog;
|
|
UNICODE_STRING UNCServerName, SourceName;
|
|
|
|
TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
|
|
|
|
RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
|
|
RtlInitUnicodeString(&SourceName, lpSourceName);
|
|
|
|
Status = ElfRegisterEventSourceW(&UNCServerName, &SourceName, &hEventLog);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return NULL;
|
|
}
|
|
|
|
return hEventLog;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* ReportEventA [ADVAPI32.@]
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfReportEventA(IN HANDLE hEventLog,
|
|
IN USHORT EventType,
|
|
IN USHORT EventCategory,
|
|
IN ULONG EventID,
|
|
IN PSID UserSID,
|
|
IN USHORT NumStrings,
|
|
IN ULONG DataSize,
|
|
IN PANSI_STRING* Strings,
|
|
IN PVOID Data,
|
|
IN USHORT Flags,
|
|
IN OUT PULONG RecordNumber,
|
|
IN OUT PULONG TimeWritten)
|
|
{
|
|
NTSTATUS Status;
|
|
LARGE_INTEGER SystemTime;
|
|
ULONG Time;
|
|
ULONG dwSize;
|
|
ANSI_STRING ComputerName;
|
|
CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
|
|
|
|
dwSize = ARRAYSIZE(szComputerName);
|
|
GetComputerNameA(szComputerName, &dwSize);
|
|
RtlInitAnsiString(&ComputerName, szComputerName);
|
|
|
|
NtQuerySystemTime(&SystemTime);
|
|
RtlTimeToSecondsSince1970(&SystemTime, &Time);
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrReportEventA(hEventLog,
|
|
Time,
|
|
EventType,
|
|
EventCategory,
|
|
EventID,
|
|
NumStrings,
|
|
DataSize,
|
|
(PRPC_STRING)&ComputerName,
|
|
(PRPC_SID)UserSID,
|
|
(PRPC_STRING*)Strings,
|
|
Data,
|
|
Flags,
|
|
RecordNumber,
|
|
TimeWritten);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
ReportEventA(IN HANDLE hEventLog,
|
|
IN WORD wType,
|
|
IN WORD wCategory,
|
|
IN DWORD dwEventID,
|
|
IN PSID lpUserSid,
|
|
IN WORD wNumStrings,
|
|
IN DWORD dwDataSize,
|
|
IN LPCSTR *lpStrings,
|
|
IN LPVOID lpRawData)
|
|
{
|
|
NTSTATUS Status;
|
|
PANSI_STRING *Strings;
|
|
WORD i;
|
|
|
|
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
|
|
hEventLog, wType, wCategory, dwEventID, lpUserSid,
|
|
wNumStrings, dwDataSize, lpStrings, lpRawData);
|
|
|
|
Strings = HeapAlloc(GetProcessHeap(),
|
|
HEAP_ZERO_MEMORY,
|
|
wNumStrings * sizeof(PANSI_STRING));
|
|
if (!Strings)
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
return FALSE;
|
|
}
|
|
|
|
for (i = 0; i < wNumStrings; i++)
|
|
{
|
|
Strings[i] = HeapAlloc(GetProcessHeap(),
|
|
HEAP_ZERO_MEMORY,
|
|
sizeof(ANSI_STRING));
|
|
if (Strings[i])
|
|
{
|
|
RtlInitAnsiString(Strings[i], lpStrings[i]);
|
|
}
|
|
}
|
|
|
|
Status = ElfReportEventA(hEventLog,
|
|
wType,
|
|
wCategory,
|
|
dwEventID,
|
|
lpUserSid,
|
|
wNumStrings,
|
|
dwDataSize,
|
|
Strings,
|
|
lpRawData,
|
|
0,
|
|
NULL,
|
|
NULL);
|
|
|
|
for (i = 0; i < wNumStrings; i++)
|
|
{
|
|
if (Strings[i] != NULL)
|
|
HeapFree(GetProcessHeap(), 0, Strings[i]);
|
|
}
|
|
|
|
HeapFree(GetProcessHeap(), 0, Strings);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
/******************************************************************************
|
|
* ReportEventW [ADVAPI32.@]
|
|
*
|
|
* PARAMS
|
|
* hEventLog []
|
|
* wType []
|
|
* wCategory []
|
|
* dwEventID []
|
|
* lpUserSid []
|
|
* wNumStrings []
|
|
* dwDataSize []
|
|
* lpStrings []
|
|
* lpRawData []
|
|
*/
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfReportEventW(IN HANDLE hEventLog,
|
|
IN USHORT EventType,
|
|
IN USHORT EventCategory,
|
|
IN ULONG EventID,
|
|
IN PSID UserSID,
|
|
IN USHORT NumStrings,
|
|
IN ULONG DataSize,
|
|
IN PUNICODE_STRING* Strings,
|
|
IN PVOID Data,
|
|
IN USHORT Flags,
|
|
IN OUT PULONG RecordNumber,
|
|
IN OUT PULONG TimeWritten)
|
|
{
|
|
NTSTATUS Status;
|
|
LARGE_INTEGER SystemTime;
|
|
ULONG Time;
|
|
ULONG dwSize;
|
|
UNICODE_STRING ComputerName;
|
|
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
|
|
|
|
dwSize = ARRAYSIZE(szComputerName);
|
|
GetComputerNameW(szComputerName, &dwSize);
|
|
RtlInitUnicodeString(&ComputerName, szComputerName);
|
|
|
|
NtQuerySystemTime(&SystemTime);
|
|
RtlTimeToSecondsSince1970(&SystemTime, &Time);
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrReportEventW(hEventLog,
|
|
Time,
|
|
EventType,
|
|
EventCategory,
|
|
EventID,
|
|
NumStrings,
|
|
DataSize,
|
|
(PRPC_UNICODE_STRING)&ComputerName,
|
|
(PRPC_SID)UserSID,
|
|
(PRPC_UNICODE_STRING*)Strings,
|
|
Data,
|
|
Flags,
|
|
RecordNumber,
|
|
TimeWritten);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
BOOL WINAPI
|
|
ReportEventW(IN HANDLE hEventLog,
|
|
IN WORD wType,
|
|
IN WORD wCategory,
|
|
IN DWORD dwEventID,
|
|
IN PSID lpUserSid,
|
|
IN WORD wNumStrings,
|
|
IN DWORD dwDataSize,
|
|
IN LPCWSTR *lpStrings,
|
|
IN LPVOID lpRawData)
|
|
{
|
|
NTSTATUS Status;
|
|
PUNICODE_STRING *Strings;
|
|
WORD i;
|
|
|
|
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
|
|
hEventLog, wType, wCategory, dwEventID, lpUserSid,
|
|
wNumStrings, dwDataSize, lpStrings, lpRawData);
|
|
|
|
Strings = HeapAlloc(GetProcessHeap(),
|
|
HEAP_ZERO_MEMORY,
|
|
wNumStrings * sizeof(PUNICODE_STRING));
|
|
if (!Strings)
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
return FALSE;
|
|
}
|
|
|
|
for (i = 0; i < wNumStrings; i++)
|
|
{
|
|
Strings[i] = HeapAlloc(GetProcessHeap(),
|
|
HEAP_ZERO_MEMORY,
|
|
sizeof(UNICODE_STRING));
|
|
if (Strings[i])
|
|
{
|
|
RtlInitUnicodeString(Strings[i], lpStrings[i]);
|
|
}
|
|
}
|
|
|
|
Status = ElfReportEventW(hEventLog,
|
|
wType,
|
|
wCategory,
|
|
dwEventID,
|
|
lpUserSid,
|
|
wNumStrings,
|
|
dwDataSize,
|
|
Strings,
|
|
lpRawData,
|
|
0,
|
|
NULL,
|
|
NULL);
|
|
|
|
for (i = 0; i < wNumStrings; i++)
|
|
{
|
|
if (Strings[i] != NULL)
|
|
HeapFree(GetProcessHeap(), 0, Strings[i]);
|
|
}
|
|
|
|
HeapFree(GetProcessHeap(), 0, Strings);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
SetLastError(RtlNtStatusToDosError(Status));
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfReportEventAndSourceW(IN HANDLE hEventLog,
|
|
IN ULONG Time,
|
|
IN PUNICODE_STRING ComputerName,
|
|
IN USHORT EventType,
|
|
IN USHORT EventCategory,
|
|
IN ULONG EventID,
|
|
IN PSID UserSID,
|
|
IN PUNICODE_STRING SourceName,
|
|
IN USHORT NumStrings,
|
|
IN ULONG DataSize,
|
|
IN PUNICODE_STRING* Strings,
|
|
IN PVOID Data,
|
|
IN USHORT Flags,
|
|
IN OUT PULONG RecordNumber,
|
|
IN OUT PULONG TimeWritten)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrReportEventAndSourceW(hEventLog,
|
|
Time,
|
|
EventType,
|
|
EventCategory,
|
|
EventID,
|
|
(PRPC_UNICODE_STRING)SourceName,
|
|
NumStrings,
|
|
DataSize,
|
|
(PRPC_UNICODE_STRING)ComputerName,
|
|
(PRPC_SID)UserSID,
|
|
(PRPC_UNICODE_STRING*)Strings,
|
|
(PBYTE)Data,
|
|
Flags,
|
|
RecordNumber,
|
|
TimeWritten);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
ElfFlushEventLog(IN HANDLE hEventLog)
|
|
{
|
|
NTSTATUS Status;
|
|
|
|
RpcTryExcept
|
|
{
|
|
Status = ElfrFlushEL(hEventLog);
|
|
}
|
|
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
|
}
|
|
RpcEndExcept;
|
|
|
|
return Status;
|
|
}
|