logger::logger()
{
if (EventRegister(&event_provider_guid, NULL, NULL, &g_event_provider_handle) != ERROR_SUCCESS)
{
g_event_provider_handle = NULL;
}
}
ETWLogger::ETWLogger() {
m_registration_handle = 0;
auto status = EventRegister(
&ProviderGuid, // GUID that identifies the provider
nullptr, // Callback not used
nullptr, // Context noot used
&m_registration_handle // Used when calling EventWrite and EventUnregister
);
}
Status WindowsEventLoggerPlugin::acquireHandle(REGHANDLE& registration_handle) {
auto status = EventRegister(
&OsqueryWindowsEventLogProvider, nullptr, nullptr, ®istration_handle);
if (status != ERROR_SUCCESS) {
registration_handle = 0;
return Status(1, "Failed to register the Windows Event Log provider");
}
return Status();
}
void EtwInitProvider()
{
if (0 != RegistrationHandle)
return;
EventRegister(
&ProviderGuid, // GUID that identifies the provider
NULL, // Callback not used
NULL, // Context noot used
&RegistrationHandle // Used when calling EventWrite and EventUnregister
);
}
int
CcpsInit(void)
{
char name[NG_NODESIZ];
/* Create a netgraph socket node */
snprintf(name, sizeof(name), "mpd%d-cso", gPid);
if (NgMkSockNode(name, &gCcpCsock, &gCcpDsock) < 0) {
Perror("CcpsInit(): can't create %s node", NG_SOCKET_NODE_TYPE);
return(-1);
}
(void) fcntl(gCcpCsock, F_SETFD, 1);
(void) fcntl(gCcpDsock, F_SETFD, 1);
/* Listen for happenings on our node */
EventRegister(&gCcpCtrlEvent, EVENT_READ,
gCcpCsock, EVENT_RECURRING, CcpNgCtrlEvent, NULL);
EventRegister(&gCcpDataEvent, EVENT_READ,
gCcpDsock, EVENT_RECURRING, CcpNgDataEvent, NULL);
return (0);
}
ETWHandler(const wchar_t *guid_str)
: m_bUseFormatter(DISPATCHER_LOG_USE_FORMATING), m_EventHandle(),
m_bProviderEnable()
{
GUID rguid = GUID_NULL;
if (FAILED(CLSIDFromString(guid_str, &rguid))) {
return;
}
EventRegister(&rguid, NULL, NULL, &m_EventHandle);
m_bProviderEnable = 0 != EventProviderEnabled(m_EventHandle, 1, 0);
}
/*++
Routine Description:
Sets up logging.
Arguments:
VOID
Return Value:
VOID
--*/
VOID
SetupEvents()
{
NTSTATUS status = EventRegister(&SERVICE_PROVIDER_GUID,
nullptr,
nullptr,
&m_etwRegHandle);
if (status != ERROR_SUCCESS)
{
wprintf(L"Provider not registered. EventRegister failed with error: 0x%08X\n", status);
}
}
//
// FUNCTION: CServiceBase::CServiceBase(PWSTR, BOOL, BOOL, BOOL)
//
// PURPOSE: The constructor of CServiceBase. It initializes a new instance
// of the CServiceBase class. The optional parameters (fCanStop,
/// fCanShutdown and fCanPauseContinue) allow you to specify whether the
// service can be stopped, paused and continued, or be notified when system
// shutdown occurs.
//
// PARAMETERS:
// * pszServiceName - the name of the service
// * fCanStop - the service can be stopped
// * fCanShutdown - the service is notified when system shutdown occurs
// * fCanPauseContinue - the service can be paused and continued
//
CServiceBase::CServiceBase(
PWSTR pszServiceName,
BOOL fCanStop,
BOOL fCanShutdown,
BOOL fCanPauseContinue)
{
// Service name must be a valid string and cannot be NULL.
m_name = (pszServiceName == nullptr) ? L"" : pszServiceName;
m_statusHandle = nullptr;
// The service runs in its own process.
m_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS;
// The service is starting.
m_status.dwCurrentState = SERVICE_START_PENDING;
// The accepted commands of the service.
DWORD dwControlsAccepted = 0;
if (fCanStop)
dwControlsAccepted |= SERVICE_ACCEPT_STOP;
if (fCanShutdown)
dwControlsAccepted |= SERVICE_ACCEPT_SHUTDOWN;
if (fCanPauseContinue)
dwControlsAccepted |= SERVICE_ACCEPT_PAUSE_CONTINUE;
m_status.dwControlsAccepted = dwControlsAccepted;
m_status.dwWin32ExitCode = NO_ERROR;
m_status.dwServiceSpecificExitCode = 0;
m_status.dwCheckPoint = 0;
m_status.dwWaitHint = 0;
NTSTATUS status = EventRegister(&SERVICE_STATUS_SERVICE_PROVIDER_GUID,
nullptr,
nullptr,
&m_etwRegHandle);
if (ERROR_SUCCESS != status)
{
wprintf(L"Provider not registered. EventRegister failed with %d\n", status);
}
}
basic_simple_nt6_event_log_backend< CharT >::basic_simple_nt6_event_log_backend(GUID const& provider_id) :
m_pImpl(boost::make_shared< implementation >())
{
if (EventRegister(&provider_id, NULL, NULL, &m_pImpl->m_ProviderHandle) != ERROR_SUCCESS)
boost::throw_exception(std::runtime_error("Could not register event provider"));
}
