/*
* Log to the NT Event Log
*/
void
syslog(int priority, const char *message, ...) {
va_list ap;
char buf[1024];
LPCSTR str[1];
str[0] = buf;
va_start(ap, message);
vsprintf(buf, message, ap);
va_end(ap);
/* Make sure that the channel is open to write the event */
if (hEventLog == NULL) {
openlog("SoftHSM", 0, 0);
}
if (hEventLog != NULL) {
switch (priority) {
case LOG_INFO:
case LOG_NOTICE:
case LOG_DEBUG:
ReportEventA(hEventLog, EVENTLOG_INFORMATION_TYPE, 0,
0x40000003, NULL, 1, 0, str, NULL);
break;
case LOG_WARNING:
ReportEventA(hEventLog, EVENTLOG_WARNING_TYPE, 0,
0x80000002, NULL, 1, 0, str, NULL);
break;
default:
ReportEventA(hEventLog, EVENTLOG_ERROR_TYPE, 0,
0xc0000001, NULL, 1, 0, str, NULL);
break;
}
}
}
void ReportError(BOOL bError, LPCSTR szError, ...)
{
static BOOL bEventSourceAdded = FALSE;
char buf[512];
const char *bufp = buf;
va_list va;
va_start(va,szError);
vsprintf(buf,szError,va);
va_end(va);
if(g_bTestMode)
{
printf("%s%s\n",bError?"Error: ":"",buf);
}
else
{
if(!bEventSourceAdded)
{
TCHAR szModule[MAX_PATH];
GetModuleFileName(NULL,szModule,MAX_PATH);
AddEventSource(SERVICE_NAME,szModule);
bEventSourceAdded=TRUE;
}
HANDLE hEvent = RegisterEventSource(NULL, SERVICE_NAME);
ReportEventA(hEvent,bError?EVENTLOG_ERROR_TYPE:EVENTLOG_INFORMATION_TYPE,0,MSG_STRING,NULL,1,0,&bufp,NULL);
DeregisterEventSource(hEvent);
}
}
void KDSystemLogDevice::doLogEncoded( KDLog::Severity severity, const QByteArray & msg ) {
const char* strarray[1];
strarray[0] = msg.constData();
if ( ReportEventA( d->internal,
severityToEventLogType( severity ),
0, // category?
0, // Event ID
NULL, // user security identifier (optional)
1, // number of strings to merge with message
0, // size of raw (binary) data (in bytes)
strarray, // array of strings to merge with message
NULL ) )
return;
// error:
char* lpMsgBuf;
const int err = GetLastError();
FormatMessageA( FORMAT_MESSAGE_ALLOCATE_BUFFER|
FORMAT_MESSAGE_FROM_SYSTEM|
FORMAT_MESSAGE_IGNORE_INSERTS,
NULL,
err,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT ),
(LPSTR)(&lpMsgBuf),
0,
NULL);
fprintf( stderr, "ReportEventA() failed: %u=\"%s\" Message was \"%s\"\n",
err, lpMsgBuf, msg.constData() );
}
void IupLogV(const char* type, const char* format, va_list arglist)
{
HANDLE EventSource;
WORD wtype = 0;
int size;
char* value = iupStrGetLargeMem(&size);
vsnprintf(value, size, format, arglist);
if (iupStrEqualNoCase(type, "DEBUG"))
{
OutputDebugStringA(value);
return;
}
else if (iupStrEqualNoCase(type, "ERROR"))
wtype = EVENTLOG_ERROR_TYPE;
else if (iupStrEqualNoCase(type, "WARNING"))
wtype = EVENTLOG_WARNING_TYPE;
else if (iupStrEqualNoCase(type, "INFO"))
wtype = EVENTLOG_INFORMATION_TYPE;
EventSource = RegisterEventSourceA(NULL, "Application");
if (EventSource)
{
ReportEventA(EventSource, wtype, 0, 0, NULL, 1, 0, &value, NULL);
DeregisterEventSource(EventSource);
}
}
void Log::DefaultLogOutput(const char* formattedText, LogMessageType messageType, int bufferSize)
{
bool debug = IsDebugMessage(messageType);
OVR_UNUSED(bufferSize);
#if defined(OVR_OS_WIN32)
// Under Win32, output regular messages to console if it exists; debug window otherwise.
static DWORD dummyMode;
static bool hasConsole = (GetStdHandle(STD_OUTPUT_HANDLE) != INVALID_HANDLE_VALUE) &&
(GetConsoleMode(GetStdHandle(STD_OUTPUT_HANDLE), &dummyMode));
if (!hasConsole || debug)
{
::OutputDebugStringA(formattedText);
}
fputs(formattedText, stdout);
#elif defined(OVR_OS_MS) // Any other Microsoft OSs
::OutputDebugStringA(formattedText);
#elif defined(OVR_OS_ANDROID)
// To do: use bufferSize to deal with the case that Android has a limited output length.
__android_log_write(ANDROID_LOG_INFO, "OVR", formattedText);
#else
fputs(formattedText, stdout);
#endif
if (messageType == Log_Error)
{
#if defined(OVR_OS_WIN32)
if (!ReportEventA(hEventSource, EVENTLOG_ERROR_TYPE, 0, 0, NULL, 1, 0, &formattedText, NULL))
{
OVR_ASSERT(false);
}
#elif defined(OVR_OS_MS) // Any other Microsoft OSs
// TBD
#elif defined(OVR_OS_ANDROID)
// TBD
#elif defined(OVR_OS_MAC) || defined(OVR_OS_LINUX)
syslog(LOG_ERR, "%s", formattedText);
#else
// TBD
#endif
}
// Just in case.
OVR_UNUSED2(formattedText, debug);
}
static void gkrellmd_syslog_log(GLogLevelFlags log_level, const gchar *message)
{
#if defined(WIN32)
WORD event_type;
const char *p_buf[1];
// Abort if event source is missing
if (h_event_log == NULL)
return;
event_type = EVENTLOG_INFORMATION_TYPE;
if (log_level & G_LOG_LEVEL_WARNING)
event_type = EVENTLOG_WARNING_TYPE;
if (log_level & G_LOG_LEVEL_CRITICAL || log_level & G_LOG_LEVEL_ERROR)
event_type = EVENTLOG_ERROR_TYPE;
p_buf[0] = message;
ReportEventA(
h_event_log, // Event source handle (HANDLE)
event_type, // Event type (WORD)
0, // Event category (WORD)
0, // Event identifier (DWORD)
NULL, // user security identifier (PSID)
1, // Number of substitution strings (WORD)
0, // Data Size (DWORD)
p_buf, // Pointer to strings
NULL // Pointer to Data
);
#else
int facility_priority;
// default to info and override with other states if they are more important
facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_INFO);
if (log_level & G_LOG_LEVEL_DEBUG)
facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG);
if (log_level & G_LOG_LEVEL_WARNING)
facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_WARNING);
if (log_level & G_LOG_LEVEL_ERROR)
facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_ERR);
if (log_level & G_LOG_LEVEL_CRITICAL)
facility_priority = LOG_MAKEPRI(LOG_DAEMON, LOG_CRIT);
syslog(facility_priority, message);
#endif // defined(WIN32)
} // gkrellmd_syslog_log()
/*
** Name: WriteToEventLog
**
** Description:
** Write the message string to the specified event source in the Event Log.
**
*/
void WriteToEventLog(LPCSTR pszSrcName, LPCSTR message)
{
HANDLE hEventLog;
hEventLog = RegisterEventSourceA(NULL, pszSrcName); /* register on local machine */
if (hEventLog == NULL) /* could not register the event source for some reason */
return;
ReportEventA(hEventLog, /* event log handle */
EVENTLOG_ERROR_TYPE, /* event type */
0, /* event category */
0, /* event identifier */
NULL, /* no security identifier */
1, /* number of substitution strings */
0, /* no raw data */
&message, /* message strings */
NULL); /* no raw data */
DeregisterEventSource(hEventLog);
}
void __lio_winev_output(IN tt_logio_t *lio,
IN const tt_char_t *data,
IN tt_u32_t data_len)
{
tt_logio_winev_t *lio_winev = TT_LOGIO_CAST(lio, tt_logio_winev_t);
#ifdef TT_HAVE_WINDOWS_EVENT_LOG
if (!ReportEventA(lio_winev->source,
lio_winev->type,
lio_winev->category,
lio_winev->ev_id,
NULL,
1,
0,
&data,
NULL)) {
TT_ERROR_NTV("fail to report event: %s", data);
}
#endif
}
void Log::DefaultLogOutput(const char* formattedText, LogMessageType messageType, int bufferSize)
{
OVR_UNUSED2(bufferSize, formattedText);
#if defined(OVR_OS_WIN32)
::OutputDebugStringA(formattedText);
fputs(formattedText, stdout);
#elif defined(OVR_OS_MS) // Any other Microsoft OSs
::OutputDebugStringA(formattedText);
#elif defined(OVR_OS_ANDROID)
// To do: use bufferSize to deal with the case that Android has a limited output length.
__android_log_write(ANDROID_LOG_INFO, "OVR", formattedText);
#else
fputs(formattedText, stdout);
#endif
if (messageType == Log_Error)
{
#if defined(OVR_OS_WIN32)
if (!ReportEventA(hEventSource, EVENTLOG_ERROR_TYPE, 0, 0, NULL, 1, 0, &formattedText, NULL))
{
OVR_ASSERT(false);
}
#elif defined(OVR_OS_MS) // Any other Microsoft OSs
// TBD
#elif defined(OVR_OS_ANDROID)
// TBD
#elif defined(OVR_OS_MAC) || defined(OVR_OS_LINUX)
syslog(LOG_ERR, "%s", formattedText);
#else
// TBD
#endif
}
}
static void xsyslog(BIO *bp, int priority, const char *string)
{
LPCSTR lpszStrings[2];
WORD evtype = EVENTLOG_ERROR_TYPE;
char pidbuf[DECIMAL_SIZE(DWORD) + 4];
if (bp->ptr == NULL)
return;
switch (priority) {
case LOG_EMERG:
case LOG_ALERT:
case LOG_CRIT:
case LOG_ERR:
evtype = EVENTLOG_ERROR_TYPE;
break;
case LOG_WARNING:
evtype = EVENTLOG_WARNING_TYPE;
break;
case LOG_NOTICE:
case LOG_INFO:
case LOG_DEBUG:
evtype = EVENTLOG_INFORMATION_TYPE;
break;
default:
/*
* Should never happen, but set it
* as error anyway.
*/
evtype = EVENTLOG_ERROR_TYPE;
break;
}
sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
lpszStrings[0] = pidbuf;
lpszStrings[1] = string;
ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
}
XCONTRACT_CALL(void) xContract_violationReport( char const* file
, unsigned line
, char const* function
, char const* expression
, char const* message
, char const* qualifier
, xContract_violation_type_t type
, int level)
{
/* 1. formulate the termination messages */
char sz[2001];
size_t type_len = 0;
char const* type_str = xcontract_lookup_violation_type_string_(type, &type_len);
int cch;
STLSOFT_SUPPRESS_UNUSED(level);
#ifdef XCONTRACT_USING_SAFE_STR_FUNCTIONS
cch = sprintf_s(
#else /* ? XCONTRACT_USING_SAFE_STR_FUNCTIONS */
cch = snprintf(
#endif /* XCONTRACT_USING_SAFE_STR_FUNCTIONS */
&sz[0]
, STLSOFT_NUM_ELEMENTS(sz) - 2
, "Contract violation: %s at %s(%d)%s%s: %s%s%s%s%s"
/* %s */
, type_str
/* %s(%d)%s%s */
, file
, line
, (NULL == function) ? "" : " in function "
, stlsoft_ns_qual(c_str_ptr_a)(function)
/* %s%s%s */
, message
, (NULL == expression) ? "" : " - failed expression: "
, stlsoft_ns_qual(c_str_ptr_a)(expression)
/* %s%s */
, (NULL == qualifier || '\0' == 0[qualifier]) ? "" : ": "
, stlsoft_ns_qual(c_str_ptr_a)(qualifier)
);
if(cch < 0)
{
cch = STLSOFT_NUM_ELEMENTS(sz) - 2;
}
sz[cch] = '\n';
sz[cch + 1] = '\0';
/* 2. write out the termination messages */
fputs(sz, stderr);
#ifdef XCONTRACT_USE_WIN_OUTPUTDEBUGSTRING
OutputDebugStringA(sz);
#endif /* XCONTRACT_USE_WIN_OUTPUTDEBUGSTRING */
sz[cch] = '\0';
#ifdef XCONTRACT_USE_WIN_EVENTLOG
{
HANDLE hEvLog = RegisterEventSource(NULL, "xContract");
if(NULL != hEvLog)
{
WORD wType = EVENTLOG_ERROR_TYPE;
WORD category = XCONTRACT_WIN_EVENTLOG_CATEGORY;
DWORD eventId = XCONTRACT_WIN_EVENTLOG_EVENTID;
PSID lpUserSid = NULL;
WORD wNumStrings = 1;
LPCSTR entry = &sz[0];
LPCSTR* lpStrings = &entry;
DWORD dwDataSize = 0;
LPVOID lpRawData = NULL;
ReportEventA( hEvLog
, wType
, category
, eventId
, lpUserSid
, wNumStrings
, dwDataSize
, lpStrings
, lpRawData);
DeregisterEventSource(hEvLog);
}
}
#endif /* XCONTRACT_USE_WIN_EVENTLOG */
#ifdef XCONTRACT_USE_SYSLOG
syslog(XCONTRACT_SYSLOG_FLAGS, "%s", sz);
#endif /* XCONTRACT_USE_SYSLOG */
}
static void test_readwrite(void)
{
HANDLE handle;
PSID user;
DWORD sidsize, count;
BOOL ret, sidavailable;
BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
DWORD i;
char *localcomputer = NULL;
DWORD size;
if (pCreateWellKnownSid)
{
sidsize = SECURITY_MAX_SID_SIZE;
user = HeapAlloc(GetProcessHeap(), 0, sidsize);
SetLastError(0xdeadbeef);
pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
sidavailable = TRUE;
}
else
{
win_skip("Skipping some SID related tests\n");
sidavailable = FALSE;
user = NULL;
}
/* Write an event with an incorrect event type. This will fail on Windows 7
* but succeed on all others, hence it's not part of the struct.
*/
handle = OpenEventLogA(NULL, eventlogname);
if (!handle)
{
/* Intermittently seen on NT4 when tests are run immediately after boot */
win_skip("Could not get a handle to the eventlog\n");
goto cleanup;
}
count = 0xdeadbeef;
GetNumberOfEventLogRecords(handle, &count);
if (count != 0)
{
/* Needed for W2K3 without a service pack */
win_skip("We most likely opened the Application eventlog\n");
CloseEventLog(handle);
Sleep(2000);
handle = OpenEventLogA(NULL, eventlogname);
count = 0xdeadbeef;
GetNumberOfEventLogRecords(handle, &count);
if (count != 0)
{
win_skip("We didn't open our new eventlog\n");
CloseEventLog(handle);
goto cleanup;
}
}
SetLastError(0xdeadbeef);
ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
if (!ret && GetLastError() == ERROR_CRC)
{
win_skip("Win7 fails when using incorrect event types\n");
ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
ok(ret, "Expected success : %d\n", GetLastError());
}
else
{
void *buf;
DWORD read, needed = 0;
EVENTLOGRECORD *record;
ok(ret, "Expected success : %d\n", GetLastError());
/* Needed to catch earlier Vista (with no ServicePack for example) */
buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, needed, &read, &needed);
}
if (ret)
{
record = (EVENTLOGRECORD *)buf;
/* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
* the written eventtype (0x20 in this case).
*/
if (record->EventType == EVENTLOG_SUCCESS)
on_vista = TRUE;
}
HeapFree(GetProcessHeap(), 0, buf);
}
/* This will clear the eventlog. The record numbering for new
* events however differs on Vista SP1+. Before Vista the first
* event would be numbered 1, on Vista SP1+ it's higher as we already
* had at least one event (more in case of multiple test runs without
* a reboot).
*/
ClearEventLogA(handle, NULL);
CloseEventLog(handle);
/* Write a bunch of events while using different event sources */
for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
{
DWORD oldest;
BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
/* We don't need to use RegisterEventSource to report events */
if (i % 2)
handle = OpenEventLogA(NULL, read_write[i].evt_src);
else
handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
ok(handle != NULL, "Expected a handle\n");
SetLastError(0xdeadbeef);
ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat,
read_write[i].evt_id, run_sidtests ? user : NULL,
read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
count = 0xdeadbeef;
SetLastError(0xdeadbeef);
ret = GetNumberOfEventLogRecords(handle, &count);
ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
todo_wine
ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
oldest = 0xdeadbeef;
ret = GetOldestEventLogRecord(handle, &oldest);
ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
todo_wine
ok(oldest == 1 ||
(oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
"Expected oldest to be 1 or higher, got %d\n", oldest);
if (oldest > 1 && oldest != 0xdeadbeef)
on_vista = TRUE;
SetLastError(0xdeadbeef);
if (i % 2)
ret = CloseEventLog(handle);
else
ret = DeregisterEventSource(handle);
ok(ret, "Expected success : %d\n", GetLastError());
}
handle = OpenEventLogA(NULL, eventlogname);
count = 0xdeadbeef;
ret = GetNumberOfEventLogRecords(handle, &count);
ok(ret, "Expected success\n");
todo_wine
ok(count == i, "Expected %d records, got %d\n", i, count);
CloseEventLog(handle);
if (count == 0)
{
skip("No events were written to the eventlog\n");
goto cleanup;
}
/* Report only once */
if (on_vista)
skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
if (on_vista && pGetComputerNameExA)
{
/* New Vista+ behavior */
size = 0;
SetLastError(0xdeadbeef);
pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
}
else
{
size = MAX_COMPUTERNAME_LENGTH + 1;
localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
GetComputerNameA(localcomputer, &size);
}
/* Read all events from our created eventlog, one by one */
handle = OpenEventLogA(NULL, eventlogname);
ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
i = 0;
for (;;)
{
void *buf;
DWORD read, needed;
EVENTLOGRECORD *record;
char *sourcename, *computername;
int k;
char *ptr;
BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
SetLastError(0xdeadbeef);
ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
ok(!ret, "Expected failure\n");
if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
HeapFree(GetProcessHeap(), 0, buf);
ok(GetLastError() == ERROR_HANDLE_EOF, "record %d, got %d\n", i, GetLastError());
break;
}
buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, needed, &read, &needed);
ok(ret, "Expected success: %d\n", GetLastError());
record = (EVENTLOGRECORD *)buf;
ok(record->Length == read,
"Expected %d, got %d\n", read, record->Length);
ok(record->Reserved == 0x654c664c,
"Expected 0x654c664c, got %d\n", record->Reserved);
ok(record->RecordNumber == i + 1 ||
(on_vista && (record->RecordNumber > i + 1)),
"Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
ok(record->EventID == read_write[i].evt_id,
"Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
ok(record->EventType == read_write[i].evt_type,
"Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
ok(record->NumStrings == read_write[i].evt_numstrings,
"Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
ok(record->EventCategory == read_write[i].evt_cat,
"Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
read_write[i].evt_src, sourcename);
computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
localcomputer, computername);
/* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
* no padding was actually required a 0 DWORD was still used for padding. No
* application should be relying on the padding as we are working with offsets
* anyway.
*/
if (!on_vista)
{
DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
/* We are already DWORD aligned, there should still be some padding */
if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
}
if (run_sidtests)
{
ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
}
else
{
ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
}
ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
ptr = (char *)((BYTE *)buf + record->StringOffset);
for (k = 0; k < record->NumStrings; k++)
{
ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
ptr += lstrlenA(ptr) + 1;
}
ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
"Expected the closing DWORD to contain the length of the record\n");
HeapFree(GetProcessHeap(), 0, buf);
i++;
}
CloseEventLog(handle);
/* Test clearing a real eventlog */
handle = OpenEventLogA(NULL, eventlogname);
ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = ClearEventLogA(handle, NULL);
ok(ret, "Expected success\n");
count = 0xdeadbeef;
ret = GetNumberOfEventLogRecords(handle, &count);
ok(ret, "Expected success\n");
ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
CloseEventLog(handle);
cleanup:
HeapFree(GetProcessHeap(), 0, localcomputer);
HeapFree(GetProcessHeap(), 0, user);
}
//http://www.netikus.net/products_downloads.html, nttoolkit helps find messages
void writeLine(const std::string &line,logPrio prio) {
const CHAR * str0 = line.c_str();
DWORD evtid = 512;
ReportEventA(evtSource,EVENTLOG_INFORMATION_TYPE,0,evtid,NULL,1,0,&str0,NULL);
}
void winEventHandler(enum a6o_log_domain domain, enum a6o_log_level log_level, const char *message, void *user_data){
HANDLE hevent = NULL;
char ** msg[1];
int numMsg = 1;
WORD eventCategory = 0;
//WORD eventType = 0;
DWORD eventId = 0;
WORD eventLogType = 0;
hevent = RegisterEventSourceA(NULL, "Armadito-av" );
if (hevent == NULL) {
printf("[-] Error :: SvcReportEvent!RegisterEventSourceA() failed with error :: %d\n", GetLastError( ));
return;
}
//printf("[+] Debug :: Event Log Registered successfully\n" );
if (message != NULL)
msg[0] = message;
// Define Log Category
switch(domain) {
case ARMADITO_LOG_LIB:
eventCategory = LIBARMADITO_CATEGORY;
break;
case ARMADITO_LOG_MODULE:
eventCategory = MODULES_CATEGORY;
break;
case ARMADITO_LOG_SERVICE:
eventCategory = SERVICE_CATEGORY;
break;
default:
eventCategory = 0;
break;
}
// Define log event type.
// TODO :: add event type :: EVENTLOG_SUCCESS - EVENTLOG_AUDIT_FAILURE - EVENTLOG_AUDIT_SUCCESS
switch (log_level) {
case ARMADITO_LOG_LEVEL_ERROR:
eventLogType = EVENTLOG_ERROR_TYPE;
eventId = MSG_ERROR;
break;
case ARMADITO_LOG_LEVEL_WARNING:
eventLogType = EVENTLOG_WARNING_TYPE;
eventId = MSG_WARNING;
break;
case ARMADITO_LOG_LEVEL_INFO:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
case ARMADITO_LOG_LEVEL_DEBUG:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
case ARMADITO_LOG_LEVEL_NONE:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
default:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
}
if (ReportEventA(hevent, // Event log handle
eventLogType, // Event type
eventCategory, // Event category
eventId, // Event identifier
NULL, // Security identifier
numMsg, // Size of the string array
0, // Binary data
msg, // Array of strings
NULL // Binary data
) == FALSE) {
printf("[-] Error :: SvcReportEvent!ReportEventA() failed with error :: %d\n",GetLastError());
}
else {
//printf("[+] Debug :: Report Event executed successfully\n" );
}
DeregisterEventSource(hevent);
return;
}
