Ejemplo n.º 1
0
/*
 * Log to the NT Event Log
 */
void
syslog(int priority, const char *message, ...) {
	va_list ap;
	char buf[1024];
	LPCSTR str[1];

	str[0] = buf;

	va_start(ap, message);
	vsprintf(buf, message, ap);
	va_end(ap);

	/* Make sure that the channel is open to write the event */
	if (hEventLog == NULL) {
		openlog("SoftHSM", 0, 0);
	}
	if (hEventLog != NULL) {
		switch (priority) {
		case LOG_INFO:
		case LOG_NOTICE:
		case LOG_DEBUG:
			ReportEventA(hEventLog, EVENTLOG_INFORMATION_TYPE, 0,
				     0x40000003, NULL, 1, 0, str, NULL);
			break;
		case LOG_WARNING:
			ReportEventA(hEventLog, EVENTLOG_WARNING_TYPE, 0,
				     0x80000002, NULL, 1, 0, str, NULL);
			break;
		default:
			ReportEventA(hEventLog, EVENTLOG_ERROR_TYPE, 0,
				     0xc0000001, NULL, 1, 0, str, NULL);
			break;
		}
	}
}
Ejemplo n.º 2
0
void ReportError(BOOL bError, LPCSTR szError, ...)
{
	static BOOL bEventSourceAdded = FALSE;
	char buf[512];
	const char *bufp = buf;
	va_list va;

	va_start(va,szError);
	vsprintf(buf,szError,va);
	va_end(va);
	if(g_bTestMode)
	{
		printf("%s%s\n",bError?"Error: ":"",buf);
	}
	else
	{
		if(!bEventSourceAdded)
		{
			TCHAR szModule[MAX_PATH];
			GetModuleFileName(NULL,szModule,MAX_PATH);
			AddEventSource(SERVICE_NAME,szModule);
			bEventSourceAdded=TRUE;
		}

		HANDLE hEvent = RegisterEventSource(NULL,  SERVICE_NAME);
		ReportEventA(hEvent,bError?EVENTLOG_ERROR_TYPE:EVENTLOG_INFORMATION_TYPE,0,MSG_STRING,NULL,1,0,&bufp,NULL);
		DeregisterEventSource(hEvent);
	}
}
Ejemplo n.º 3
0
void KDSystemLogDevice::doLogEncoded( KDLog::Severity severity, const QByteArray & msg ) {
    const char* strarray[1];
    strarray[0] = msg.constData();
    if ( ReportEventA( d->internal,
                       severityToEventLogType( severity ),
                       0, // category?
                       0, // Event ID
                       NULL, // user security identifier (optional)
                       1, // number of strings to merge with message
                       0, // size of raw (binary) data (in bytes)
                       strarray, // array of strings to merge with message
                       NULL ) )
        return;

    // error:

    char* lpMsgBuf;
    const int err = GetLastError();
    FormatMessageA( FORMAT_MESSAGE_ALLOCATE_BUFFER|
                    FORMAT_MESSAGE_FROM_SYSTEM|
                    FORMAT_MESSAGE_IGNORE_INSERTS,
                    NULL,
                    err,
                    MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT ),
                    (LPSTR)(&lpMsgBuf),
                    0,
                    NULL);
    fprintf( stderr, "ReportEventA() failed: %u=\"%s\" Message was \"%s\"\n",
             err, lpMsgBuf, msg.constData() );
}
Ejemplo n.º 4
0
void IupLogV(const char* type, const char* format, va_list arglist)
{
  HANDLE EventSource;
  WORD wtype = 0;

  int size;
  char* value = iupStrGetLargeMem(&size);
  vsnprintf(value, size, format, arglist);

  if (iupStrEqualNoCase(type, "DEBUG"))
  {
    OutputDebugStringA(value);
    return;
  }
  else if (iupStrEqualNoCase(type, "ERROR"))
    wtype = EVENTLOG_ERROR_TYPE;
  else if (iupStrEqualNoCase(type, "WARNING"))
    wtype = EVENTLOG_WARNING_TYPE;
  else if (iupStrEqualNoCase(type, "INFO"))
    wtype = EVENTLOG_INFORMATION_TYPE;

  EventSource = RegisterEventSourceA(NULL, "Application");
  if (EventSource)
  {
    ReportEventA(EventSource, wtype, 0, 0, NULL, 1, 0, &value, NULL);
    DeregisterEventSource(EventSource);
  }
}
Ejemplo n.º 5
0
void Log::DefaultLogOutput(const char* formattedText, LogMessageType messageType, int bufferSize)
{
    bool debug = IsDebugMessage(messageType);
    OVR_UNUSED(bufferSize);

#if defined(OVR_OS_WIN32)
    // Under Win32, output regular messages to console if it exists; debug window otherwise.
    static DWORD dummyMode;
    static bool  hasConsole = (GetStdHandle(STD_OUTPUT_HANDLE) != INVALID_HANDLE_VALUE) &&
                              (GetConsoleMode(GetStdHandle(STD_OUTPUT_HANDLE), &dummyMode));

    if (!hasConsole || debug)
    {
        ::OutputDebugStringA(formattedText);
    }

    fputs(formattedText, stdout);

#elif defined(OVR_OS_MS) // Any other Microsoft OSs

    ::OutputDebugStringA(formattedText);

#elif defined(OVR_OS_ANDROID)
    // To do: use bufferSize to deal with the case that Android has a limited output length.
    __android_log_write(ANDROID_LOG_INFO, "OVR", formattedText);

#else
    fputs(formattedText, stdout);

#endif

    if (messageType == Log_Error)
    {
#if defined(OVR_OS_WIN32)
        if (!ReportEventA(hEventSource, EVENTLOG_ERROR_TYPE, 0, 0, NULL, 1, 0, &formattedText, NULL))
        {
            OVR_ASSERT(false);
        }
#elif defined(OVR_OS_MS) // Any other Microsoft OSs
        // TBD
#elif defined(OVR_OS_ANDROID)
        // TBD
#elif defined(OVR_OS_MAC) || defined(OVR_OS_LINUX)
        syslog(LOG_ERR, "%s", formattedText);
#else
        // TBD
#endif
    }

    // Just in case.
    OVR_UNUSED2(formattedText, debug);
}
Ejemplo n.º 6
0
static void gkrellmd_syslog_log(GLogLevelFlags log_level, const gchar *message)
	{
#if defined(WIN32)
	WORD event_type;
	const char *p_buf[1];

	// Abort if event source is missing
	if (h_event_log == NULL)
		return;

	event_type = EVENTLOG_INFORMATION_TYPE;
	if (log_level & G_LOG_LEVEL_WARNING)
		event_type = EVENTLOG_WARNING_TYPE;
	if (log_level & G_LOG_LEVEL_CRITICAL || log_level & G_LOG_LEVEL_ERROR)
		event_type = EVENTLOG_ERROR_TYPE;

	p_buf[0] = message;

	ReportEventA(
		h_event_log,  // Event source handle (HANDLE)
		event_type,   // Event type (WORD)
		0,            // Event category (WORD)
		0,            // Event identifier (DWORD)
		NULL,         // user security identifier (PSID)
		1,            // Number of substitution strings (WORD)
		0,            // Data Size (DWORD)
		p_buf,        // Pointer to strings
		NULL          // Pointer to Data
		);
#else
	int facility_priority;

	// default to info and override with other states if they are more important
	facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_INFO);
	if (log_level & G_LOG_LEVEL_DEBUG)
		facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG);
	if (log_level & G_LOG_LEVEL_WARNING)
		facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_WARNING);
	if (log_level & G_LOG_LEVEL_ERROR)
		facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_ERR);
	if (log_level & G_LOG_LEVEL_CRITICAL)
		facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_CRIT);

	syslog(facility_priority, message);
#endif // defined(WIN32)
	} // gkrellmd_syslog_log()
Ejemplo n.º 7
0
/*
** Name: WriteToEventLog
**
** Description:
**      Write the message string to the specified event source in the Event Log.
**
*/
void WriteToEventLog(LPCSTR pszSrcName, LPCSTR message)
{
    HANDLE hEventLog;

    hEventLog = RegisterEventSourceA(NULL, pszSrcName);  /* register on local machine */
    if (hEventLog == NULL)  /* could not register the event source for some reason */
        return;

    ReportEventA(hEventLog,    /* event log handle */
        EVENTLOG_ERROR_TYPE,   /* event type */
        0,                     /* event category */
        0,                     /* event identifier */
        NULL,                  /* no security identifier */
        1,                     /* number of substitution strings */
        0,                     /* no raw data */
        &message,              /* message strings */
        NULL);                 /* no raw data */

    DeregisterEventSource(hEventLog);
}
Ejemplo n.º 8
0
void __lio_winev_output(IN tt_logio_t *lio,
                        IN const tt_char_t *data,
                        IN tt_u32_t data_len)
{
    tt_logio_winev_t *lio_winev = TT_LOGIO_CAST(lio, tt_logio_winev_t);

#ifdef TT_HAVE_WINDOWS_EVENT_LOG
    if (!ReportEventA(lio_winev->source,
                      lio_winev->type,
                      lio_winev->category,
                      lio_winev->ev_id,
                      NULL,
                      1,
                      0,
                      &data,
                      NULL)) {
        TT_ERROR_NTV("fail to report event: %s", data);
    }
#endif
}
Ejemplo n.º 9
0
void Log::DefaultLogOutput(const char* formattedText, LogMessageType messageType, int bufferSize)
{
    OVR_UNUSED2(bufferSize, formattedText);

#if defined(OVR_OS_WIN32)

    ::OutputDebugStringA(formattedText);
    fputs(formattedText, stdout);

#elif defined(OVR_OS_MS) // Any other Microsoft OSs

    ::OutputDebugStringA(formattedText);

#elif defined(OVR_OS_ANDROID)
    // To do: use bufferSize to deal with the case that Android has a limited output length.
    __android_log_write(ANDROID_LOG_INFO, "OVR", formattedText);

#else
    fputs(formattedText, stdout);

#endif

    if (messageType == Log_Error)
    {
#if defined(OVR_OS_WIN32)
        if (!ReportEventA(hEventSource, EVENTLOG_ERROR_TYPE, 0, 0, NULL, 1, 0, &formattedText, NULL))
        {
            OVR_ASSERT(false);
        }
#elif defined(OVR_OS_MS) // Any other Microsoft OSs
        // TBD
#elif defined(OVR_OS_ANDROID)
        // TBD
#elif defined(OVR_OS_MAC) || defined(OVR_OS_LINUX)
        syslog(LOG_ERR, "%s", formattedText);
#else
        // TBD
#endif
    }
}
Ejemplo n.º 10
0
static void xsyslog(BIO *bp, int priority, const char *string)
{
    LPCSTR lpszStrings[2];
    WORD evtype = EVENTLOG_ERROR_TYPE;
    char pidbuf[DECIMAL_SIZE(DWORD) + 4];

    if (bp->ptr == NULL)
        return;

    switch (priority) {
    case LOG_EMERG:
    case LOG_ALERT:
    case LOG_CRIT:
    case LOG_ERR:
        evtype = EVENTLOG_ERROR_TYPE;
        break;
    case LOG_WARNING:
        evtype = EVENTLOG_WARNING_TYPE;
        break;
    case LOG_NOTICE:
    case LOG_INFO:
    case LOG_DEBUG:
        evtype = EVENTLOG_INFORMATION_TYPE;
        break;
    default:
        /*
         * Should never happen, but set it
         * as error anyway.
         */
        evtype = EVENTLOG_ERROR_TYPE;
        break;
    }

    sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
    lpszStrings[0] = pidbuf;
    lpszStrings[1] = string;

    ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
}
Ejemplo n.º 11
0
XCONTRACT_CALL(void) xContract_violationReport( char const*                 file
                                            ,   unsigned                    line
                                            ,   char const*                 function
                                            ,   char const*                 expression
                                            ,   char const*                 message
                                            ,   char const*                 qualifier
                                            ,   xContract_violation_type_t  type
                                            ,   int                         level)
{
    /* 1. formulate the termination messages */

    char        sz[2001];
    size_t      type_len = 0;
    char const* type_str = xcontract_lookup_violation_type_string_(type, &type_len);
    int         cch;

    STLSOFT_SUPPRESS_UNUSED(level);

#ifdef XCONTRACT_USING_SAFE_STR_FUNCTIONS
    cch = sprintf_s(
#else /* ? XCONTRACT_USING_SAFE_STR_FUNCTIONS */
    cch = snprintf(
#endif /* XCONTRACT_USING_SAFE_STR_FUNCTIONS */
                    &sz[0]
                ,   STLSOFT_NUM_ELEMENTS(sz) - 2
                ,   "Contract violation: %s at %s(%d)%s%s: %s%s%s%s%s"
                /* %s */
                ,   type_str
                /* %s(%d)%s%s */
                ,   file
                ,   line
                ,   (NULL == function) ? "" : " in function "
                ,   stlsoft_ns_qual(c_str_ptr_a)(function)
                /* %s%s%s */
                ,   message
                ,   (NULL == expression) ? "" : " - failed expression: "
                ,   stlsoft_ns_qual(c_str_ptr_a)(expression)
                /* %s%s */
                ,   (NULL == qualifier || '\0' == 0[qualifier]) ? "" : ": "
                ,   stlsoft_ns_qual(c_str_ptr_a)(qualifier)
                );

    if(cch < 0)
    {
        cch = STLSOFT_NUM_ELEMENTS(sz) - 2;
    }

    sz[cch]     = '\n';
    sz[cch + 1] = '\0';

    /* 2. write out the termination messages */

    fputs(sz, stderr);

#ifdef XCONTRACT_USE_WIN_OUTPUTDEBUGSTRING
    OutputDebugStringA(sz);
#endif /* XCONTRACT_USE_WIN_OUTPUTDEBUGSTRING */

    sz[cch] = '\0';

#ifdef XCONTRACT_USE_WIN_EVENTLOG
    {
        HANDLE hEvLog = RegisterEventSource(NULL, "xContract");

        if(NULL != hEvLog)
        {
            WORD        wType       =   EVENTLOG_ERROR_TYPE;
            WORD        category    =   XCONTRACT_WIN_EVENTLOG_CATEGORY;
            DWORD       eventId     =   XCONTRACT_WIN_EVENTLOG_EVENTID;
            PSID        lpUserSid   =   NULL;
            WORD        wNumStrings =   1;
            LPCSTR      entry       =   &sz[0];
            LPCSTR*     lpStrings   =   &entry;
            DWORD       dwDataSize  =   0;
            LPVOID      lpRawData   =   NULL;

            ReportEventA(   hEvLog
                        ,   wType
                        ,   category
                        ,   eventId
                        ,   lpUserSid
                        ,   wNumStrings
                        ,   dwDataSize
                        ,   lpStrings
                        ,   lpRawData);

            DeregisterEventSource(hEvLog);
        }
    }
#endif /* XCONTRACT_USE_WIN_EVENTLOG */

#ifdef XCONTRACT_USE_SYSLOG
    syslog(XCONTRACT_SYSLOG_FLAGS, "%s", sz);
#endif /* XCONTRACT_USE_SYSLOG */
}
Ejemplo n.º 12
0
static void test_readwrite(void)
{
    HANDLE handle;
    PSID user;
    DWORD sidsize, count;
    BOOL ret, sidavailable;
    BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
    DWORD i;
    char *localcomputer = NULL;
    DWORD size;

    if (pCreateWellKnownSid)
    {
        sidsize = SECURITY_MAX_SID_SIZE;
        user = HeapAlloc(GetProcessHeap(), 0, sidsize);
        SetLastError(0xdeadbeef);
        pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
        sidavailable = TRUE;
    }
    else
    {
        win_skip("Skipping some SID related tests\n");
        sidavailable = FALSE;
        user = NULL;
    }

    /* Write an event with an incorrect event type. This will fail on Windows 7
     * but succeed on all others, hence it's not part of the struct.
     */
    handle = OpenEventLogA(NULL, eventlogname);
    if (!handle)
    {
        /* Intermittently seen on NT4 when tests are run immediately after boot */
        win_skip("Could not get a handle to the eventlog\n");
        goto cleanup;
    }

    count = 0xdeadbeef;
    GetNumberOfEventLogRecords(handle, &count);
    if (count != 0)
    {
        /* Needed for W2K3 without a service pack */
        win_skip("We most likely opened the Application eventlog\n");
        CloseEventLog(handle);
        Sleep(2000);

        handle = OpenEventLogA(NULL, eventlogname);
        count = 0xdeadbeef;
        GetNumberOfEventLogRecords(handle, &count);
        if (count != 0)
        {
            win_skip("We didn't open our new eventlog\n");
            CloseEventLog(handle);
            goto cleanup;
        }
    }

    SetLastError(0xdeadbeef);
    ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
    if (!ret && GetLastError() == ERROR_CRC)
    {
        win_skip("Win7 fails when using incorrect event types\n");
        ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
        ok(ret, "Expected success : %d\n", GetLastError());
    }
    else
    {
        void *buf;
        DWORD read, needed = 0;
        EVENTLOGRECORD *record;

        ok(ret, "Expected success : %d\n", GetLastError());

        /* Needed to catch earlier Vista (with no ServicePack for example) */
        buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
        if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
                                  0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
            GetLastError() == ERROR_INSUFFICIENT_BUFFER)
        {
            buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
            ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
                                0, buf, needed, &read, &needed);
        }
        if (ret)
        {
            record = (EVENTLOGRECORD *)buf;

            /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
             * the written eventtype (0x20 in this case).
             */
            if (record->EventType == EVENTLOG_SUCCESS)
                on_vista = TRUE;
        }
        HeapFree(GetProcessHeap(), 0, buf);
    }

    /* This will clear the eventlog. The record numbering for new
     * events however differs on Vista SP1+. Before Vista the first
     * event would be numbered 1, on Vista SP1+ it's higher as we already
     * had at least one event (more in case of multiple test runs without
     * a reboot).
     */
    ClearEventLogA(handle, NULL);
    CloseEventLog(handle);

    /* Write a bunch of events while using different event sources */
    for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
    {
        DWORD oldest;
        BOOL run_sidtests = read_write[i].evt_sid & sidavailable;

        /* We don't need to use RegisterEventSource to report events */
        if (i % 2)
            handle = OpenEventLogA(NULL, read_write[i].evt_src);
        else
            handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
        ok(handle != NULL, "Expected a handle\n");

        SetLastError(0xdeadbeef);
        ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat,
                           read_write[i].evt_id, run_sidtests ? user : NULL,
                           read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
        ok(ret, "Expected ReportEvent success : %d\n", GetLastError());

        count = 0xdeadbeef;
        SetLastError(0xdeadbeef);
        ret = GetNumberOfEventLogRecords(handle, &count);
        ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
        todo_wine
        ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);

        oldest = 0xdeadbeef;
        ret = GetOldestEventLogRecord(handle, &oldest);
        ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
        todo_wine
        ok(oldest == 1 ||
           (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
           "Expected oldest to be 1 or higher, got %d\n", oldest);
        if (oldest > 1 && oldest != 0xdeadbeef)
            on_vista = TRUE;

        SetLastError(0xdeadbeef);
        if (i % 2)
            ret = CloseEventLog(handle);
        else
            ret = DeregisterEventSource(handle);
        ok(ret, "Expected success : %d\n", GetLastError());
    }

    handle = OpenEventLogA(NULL, eventlogname);
    count = 0xdeadbeef;
    ret = GetNumberOfEventLogRecords(handle, &count);
    ok(ret, "Expected success\n");
    todo_wine
    ok(count == i, "Expected %d records, got %d\n", i, count);
    CloseEventLog(handle);

    if (count == 0)
    {
        skip("No events were written to the eventlog\n");
        goto cleanup;
    }

    /* Report only once */
    if (on_vista)
        skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");

    if (on_vista && pGetComputerNameExA)
    {
        /* New Vista+ behavior */
        size = 0;
        SetLastError(0xdeadbeef);
        pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
        localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
        pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
    }
    else
    {
        size = MAX_COMPUTERNAME_LENGTH + 1;
        localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
        GetComputerNameA(localcomputer, &size);
    }

    /* Read all events from our created eventlog, one by one */
    handle = OpenEventLogA(NULL, eventlogname);
    ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
    i = 0;
    for (;;)
    {
        void *buf;
        DWORD read, needed;
        EVENTLOGRECORD *record;
        char *sourcename, *computername;
        int k;
        char *ptr;
        BOOL run_sidtests = read_write[i].evt_sid & sidavailable;

        buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
        SetLastError(0xdeadbeef);
        ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
                            0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
        ok(!ret, "Expected failure\n");
        if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
        {
            HeapFree(GetProcessHeap(), 0, buf);
            ok(GetLastError() == ERROR_HANDLE_EOF, "record %d, got %d\n", i, GetLastError());
            break;
        }

        buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
        ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
                            0, buf, needed, &read, &needed);
        ok(ret, "Expected success: %d\n", GetLastError());

        record = (EVENTLOGRECORD *)buf;

        ok(record->Length == read,
           "Expected %d, got %d\n", read, record->Length);
        ok(record->Reserved == 0x654c664c,
           "Expected 0x654c664c, got %d\n", record->Reserved);
        ok(record->RecordNumber == i + 1 ||
           (on_vista && (record->RecordNumber > i + 1)),
           "Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
        ok(record->EventID == read_write[i].evt_id,
           "Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
        ok(record->EventType == read_write[i].evt_type,
           "Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
        ok(record->NumStrings == read_write[i].evt_numstrings,
           "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
        ok(record->EventCategory == read_write[i].evt_cat,
           "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);

        sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
        ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
           read_write[i].evt_src, sourcename);

        computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
        ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
           localcomputer, computername);

        /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
         * no padding was actually required a 0 DWORD was still used for padding. No
         * application should be relying on the padding as we are working with offsets
         * anyway.
         */

        if (!on_vista)
        {
            DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;

            /* We are already DWORD aligned, there should still be some padding */
            if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
                ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");

            ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
        }

        if (run_sidtests)
        {
            ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
        }
        else
        {
            ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
            ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
        }

        ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);

        ptr = (char *)((BYTE *)buf + record->StringOffset);
        for (k = 0; k < record->NumStrings; k++)
        {
            ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
            ptr += lstrlenA(ptr) + 1;
        }

        ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
           "Expected the closing DWORD to contain the length of the record\n");

        HeapFree(GetProcessHeap(), 0, buf);
        i++;
    }
    CloseEventLog(handle);

    /* Test clearing a real eventlog */
    handle = OpenEventLogA(NULL, eventlogname);
    ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());

    SetLastError(0xdeadbeef);
    ret = ClearEventLogA(handle, NULL);
    ok(ret, "Expected success\n");

    count = 0xdeadbeef;
    ret = GetNumberOfEventLogRecords(handle, &count);
    ok(ret, "Expected success\n");
    ok(count == 0, "Expected an empty eventlog, got %d records\n", count);

    CloseEventLog(handle);

cleanup:
    HeapFree(GetProcessHeap(), 0, localcomputer);
    HeapFree(GetProcessHeap(), 0, user);
}
Ejemplo n.º 13
0
  //http://www.netikus.net/products_downloads.html, nttoolkit helps find messages
  void writeLine(const std::string &line,logPrio prio) {
	const CHAR * str0 = line.c_str();
	DWORD evtid = 512;
	ReportEventA(evtSource,EVENTLOG_INFORMATION_TYPE,0,evtid,NULL,1,0,&str0,NULL);
    }
Ejemplo n.º 14
0
void winEventHandler(enum a6o_log_domain domain, enum a6o_log_level log_level, const char *message, void *user_data){

	HANDLE hevent = NULL;
	char ** msg[1];
	int numMsg = 1;
	WORD eventCategory = 0;
	//WORD eventType = 0;
	DWORD eventId = 0;
	WORD eventLogType = 0;


	hevent = RegisterEventSourceA(NULL, "Armadito-av" );
	if (hevent == NULL) {
		printf("[-] Error :: SvcReportEvent!RegisterEventSourceA() failed with error :: %d\n", GetLastError( ));
		return;
	}

	//printf("[+] Debug :: Event Log Registered successfully\n" );
	if (message != NULL)
		msg[0] = message;

	// Define Log Category
	switch(domain) {
		case ARMADITO_LOG_LIB:
			eventCategory = LIBARMADITO_CATEGORY;
			break;
		case ARMADITO_LOG_MODULE:
			eventCategory = MODULES_CATEGORY;
			break;
		case ARMADITO_LOG_SERVICE:
			eventCategory = SERVICE_CATEGORY;
			break;
		default:
			eventCategory = 0;
			break;
	}

	// Define log event type.
	// TODO :: add event type :: EVENTLOG_SUCCESS - EVENTLOG_AUDIT_FAILURE - EVENTLOG_AUDIT_SUCCESS
	switch (log_level) {

		case ARMADITO_LOG_LEVEL_ERROR:
			eventLogType = EVENTLOG_ERROR_TYPE;
			eventId = MSG_ERROR;
			break;
		case ARMADITO_LOG_LEVEL_WARNING:
			eventLogType = EVENTLOG_WARNING_TYPE;
			eventId = MSG_WARNING;
			break;
		case ARMADITO_LOG_LEVEL_INFO:
			eventLogType = EVENTLOG_INFORMATION_TYPE;
			eventId = MSG_INFO;
			break;
		case ARMADITO_LOG_LEVEL_DEBUG:
			eventLogType = EVENTLOG_INFORMATION_TYPE;
			eventId = MSG_INFO;
			break;
		case ARMADITO_LOG_LEVEL_NONE:
			eventLogType = EVENTLOG_INFORMATION_TYPE;
			eventId = MSG_INFO;
			break;
		default:
			eventLogType = EVENTLOG_INFORMATION_TYPE;
			eventId = MSG_INFO;
			break;
	}

	if (ReportEventA(hevent,	// Event log handle
		eventLogType,			// Event type
		eventCategory,			// Event category
		eventId,				// Event identifier
		NULL,					// Security identifier
		numMsg,					// Size of the string array
		0,						// Binary data
		msg,					// Array of strings
		NULL					// Binary data
		) == FALSE) {
		printf("[-] Error :: SvcReportEvent!ReportEventA() failed with error :: %d\n",GetLastError());
	}
	else {
		//printf("[+] Debug :: Report Event executed successfully\n" );
	}

	DeregisterEventSource(hevent);

	return;
}