VOID
SaveProtocol(VOID)
{
HANDLE hEventLog;
WCHAR szFileName[MAX_PATH];
ZeroMemory(szFileName, sizeof(szFileName));
sfn.lpstrFile = szFileName;
sfn.nMaxFile = MAX_PATH;
if (!GetSaveFileNameW(&sfn))
{
return;
}
hEventLog = OpenEventLogW(lpComputerName, lpSourceLogName);
if (!hEventLog)
{
ShowLastWin32Error();
return;
}
if (!BackupEventLogW(hEventLog, szFileName))
{
ShowLastWin32Error();
}
CloseEventLog(hEventLog);
}
BOOL My_OpenEventLogW()
{
LPCWSTR lpUNCServerName=NULL;
LPCWSTR lpSourceName=NULL;
HANDLE returnVal_Real = NULL;
HANDLE returnVal_Intercepted = NULL;
DWORD error_Real = 0;
DWORD error_Intercepted = 0;
disableInterception();
returnVal_Real = OpenEventLogW (lpUNCServerName,lpSourceName);
error_Real = GetLastError();
enableInterception();
returnVal_Intercepted = OpenEventLogW (lpUNCServerName,lpSourceName);
error_Intercepted = GetLastError();
return ((returnVal_Real == returnVal_Intercepted) && (error_Real == error_Intercepted));
}
BOOL
ClearEvents(VOID)
{
HANDLE hEventLog;
WCHAR szFileName[MAX_PATH];
WCHAR szMessage[MAX_LOADSTRING];
ZeroMemory(szFileName, sizeof(szFileName));
ZeroMemory(szMessage, sizeof(szMessage));
LoadStringW(hInst, IDS_CLEAREVENTS_MSG, szMessage, MAX_LOADSTRING);
sfn.lpstrFile = szFileName;
sfn.nMaxFile = MAX_PATH;
switch (MessageBoxW(hwndMainWindow, szMessage, szTitle, MB_YESNOCANCEL | MB_ICONINFORMATION))
{
case IDCANCEL:
{
return FALSE;
}
case IDNO:
{
sfn.lpstrFile = NULL;
break;
}
case IDYES:
{
if (!GetSaveFileNameW(&sfn))
{
return FALSE;
}
break;
}
}
hEventLog = OpenEventLogW(lpComputerName, lpSourceLogName);
if (!hEventLog)
{
ShowLastWin32Error();
return FALSE;
}
if (!ClearEventLogW(hEventLog, sfn.lpstrFile))
{
ShowLastWin32Error();
CloseEventLog(hEventLog);
return FALSE;
}
CloseEventLog(hEventLog);
return TRUE;
}
void LogChannelSyslog::init()
{
AutoWString appname( m_identity );
m_sysdata = (void*) OpenEventLogW( NULL, appname.w_str() );
if ( m_sysdata == 0 )
{
throw new IoError( ErrorParam( FALCON_LOGGING_ERROR_OPEN, __LINE__ )
.origin( e_orig_runtime )
.sysError( GetLastError() ) );
}
}
/******************************************************************************
* OpenEventLogA [ADVAPI32.@]
*
* Opens a handle to the specified event log.
*
* PARAMS
* lpUNCServerName [I] UNC name of the server on which the event log is
* opened.
* lpSourceName [I] Name of the log.
*
* RETURNS
* Success: Handle to an event log.
* Failure: NULL
*/
HANDLE WINAPI OpenEventLogA( LPCSTR uncname, LPCSTR source )
{
LPWSTR uncnameW, sourceW;
HANDLE handle;
uncnameW = SERV_dup(uncname);
sourceW = SERV_dup(source);
handle = OpenEventLogW(uncnameW, sourceW);
heap_free(uncnameW);
heap_free(sourceW);
return handle;
}
/******************************************************************************
* OpenEventLogA [ADVAPI32.@]
*
* Opens a handle to the specified event log.
*
* PARAMS
* lpUNCServerName [I] UNC name of the server on which the event log is
* opened.
* lpSourceName [I] Name of the log.
*
* RETURNS
* Success: Handle to an event log.
* Failure: NULL
*/
HANDLE WINAPI OpenEventLogA( LPCSTR uncname, LPCSTR source )
{
LPWSTR uncnameW, sourceW;
HANDLE handle;
uncnameW = SERV_dup(uncname);
sourceW = SERV_dup(source);
handle = OpenEventLogW(uncnameW, sourceW);
HeapFree(GetProcessHeap(), 0, uncnameW);
HeapFree(GetProcessHeap(), 0, sourceW);
return handle;
}
BOOL
QueryEventMessages(LPWSTR lpMachineName,
LPWSTR lpLogName)
{
HWND hwndDlg = NULL;
HANDLE hEventLog;
EVENTLOGRECORD *pevlr;
DWORD dwRead, dwNeeded, dwThisRecord, dwTotalRecords = 0, dwCurrentRecord = 0, dwRecordsToRead = 0, dwFlags, dwMaxLength;
size_t cchRemaining;
LPWSTR lpSourceName;
LPWSTR lpComputerName;
LPSTR lpData;
BOOL bResult = TRUE; /* Read succeeded. */
WCHAR szWindowTitle[MAX_PATH];
WCHAR szStatusText[MAX_PATH];
WCHAR szLocalDate[MAX_PATH];
WCHAR szLocalTime[MAX_PATH];
WCHAR szEventID[MAX_PATH];
WCHAR szEventTypeText[MAX_LOADSTRING];
WCHAR szCategoryID[MAX_PATH];
WCHAR szUsername[MAX_PATH];
WCHAR szEventText[EVENT_MESSAGE_FILE_BUFFER];
WCHAR szCategory[MAX_PATH];
WCHAR szData[MAX_PATH];
PWCHAR lpTitleTemplateEnd;
SYSTEMTIME time;
LVITEMW lviEventItem;
dwFlags = EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ;
/* Open the event log. */
hEventLog = OpenEventLogW(lpMachineName,
lpLogName);
if (hEventLog == NULL)
{
ShowLastWin32Error();
return FALSE;
}
lpSourceLogName = lpLogName;
lpComputerName = lpMachineName;
/* Disable listview redraw */
SendMessage(hwndListView, WM_SETREDRAW, FALSE, 0);
/* Clear the list view */
(void)ListView_DeleteAllItems (hwndListView);
FreeRecords();
GetOldestEventLogRecord(hEventLog, &dwThisRecord);
/* Get the total number of event log records. */
GetNumberOfEventLogRecords (hEventLog , &dwTotalRecords);
g_TotalRecords = dwTotalRecords;
if (dwTotalRecords > 0)
{
EnableMenuItem(hMainMenu, IDM_CLEAR_EVENTS, MF_BYCOMMAND | MF_ENABLED);
EnableMenuItem(hMainMenu, IDM_SAVE_PROTOCOL, MF_BYCOMMAND | MF_ENABLED);
}
else
{
EnableMenuItem(hMainMenu, IDM_CLEAR_EVENTS, MF_BYCOMMAND | MF_GRAYED);
EnableMenuItem(hMainMenu, IDM_SAVE_PROTOCOL, MF_BYCOMMAND | MF_GRAYED);
}
g_RecordPtrs = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwTotalRecords * sizeof(PVOID));
/* If we have at least 1000 records show the waiting dialog */
if (dwTotalRecords > 1000)
{
CloseHandle(CreateThread(NULL,
0,
ShowStatusMessageThread,
(LPVOID)&hwndDlg,
0,
NULL));
}
while (dwCurrentRecord < dwTotalRecords)
{
pevlr = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
g_RecordPtrs[dwCurrentRecord] = pevlr;
bResult = ReadEventLog(hEventLog, // Event log handle
dwFlags, // Sequential read
0, // Ignored for sequential read
pevlr, // Pointer to buffer
sizeof(EVENTLOGRECORD), // Size of buffer
&dwRead, // Number of bytes read
&dwNeeded); // Bytes in the next record
if((!bResult) && (GetLastError () == ERROR_INSUFFICIENT_BUFFER))
{
HeapFree(GetProcessHeap(), 0, pevlr);
pevlr = HeapAlloc(GetProcessHeap(), 0, dwNeeded);
g_RecordPtrs[dwCurrentRecord] = pevlr;
ReadEventLogW(hEventLog, // event log handle
dwFlags, // read flags
0, // offset; default is 0
pevlr, // pointer to buffer
dwNeeded, // size of buffer
&dwRead, // number of bytes read
&dwNeeded); // bytes in next record
}
while (dwRead > 0)
{
LoadStringW(hInst, IDS_NOT_AVAILABLE, szUsername, MAX_PATH);
LoadStringW(hInst, IDS_NOT_AVAILABLE, szEventText, MAX_PATH);
LoadStringW(hInst, IDS_NONE, szCategory, MAX_PATH);
// Get the event source name.
lpSourceName = (LPWSTR)((LPBYTE)pevlr + sizeof(EVENTLOGRECORD));
// Get the computer name
lpComputerName = (LPWSTR)((LPBYTE)pevlr + sizeof(EVENTLOGRECORD) + (wcslen(lpSourceName) + 1) * sizeof(WCHAR));
// This ist the data section of the current event
lpData = (LPSTR)((LPBYTE)pevlr + pevlr->DataOffset);
// Compute the event type
EventTimeToSystemTime(pevlr->TimeWritten, &time);
// Get the username that generated the event
GetEventUserName(pevlr, szUsername);
GetDateFormatW(LOCALE_USER_DEFAULT, DATE_SHORTDATE, &time, NULL, szLocalDate, MAX_PATH);
GetTimeFormatW(LOCALE_USER_DEFAULT, 0, &time, NULL, szLocalTime, MAX_PATH);
GetEventType(pevlr->EventType, szEventTypeText);
GetEventCategory(lpLogName, lpSourceName, pevlr, szCategory);
StringCbPrintfW(szEventID, sizeof(szEventID), L"%u", (pevlr->EventID & 0xFFFF));
StringCbPrintfW(szCategoryID, sizeof(szCategoryID), L"%u", pevlr->EventCategory);
lviEventItem.mask = LVIF_IMAGE | LVIF_TEXT | LVIF_PARAM;
lviEventItem.iItem = 0;
lviEventItem.iSubItem = 0;
lviEventItem.lParam = (LPARAM)pevlr;
lviEventItem.pszText = szEventTypeText;
switch (pevlr->EventType)
{
case EVENTLOG_ERROR_TYPE:
lviEventItem.iImage = 2;
break;
case EVENTLOG_AUDIT_FAILURE:
lviEventItem.iImage = 2;
break;
case EVENTLOG_WARNING_TYPE:
lviEventItem.iImage = 1;
break;
case EVENTLOG_INFORMATION_TYPE:
lviEventItem.iImage = 0;
break;
case EVENTLOG_AUDIT_SUCCESS:
lviEventItem.iImage = 0;
break;
case EVENTLOG_SUCCESS:
lviEventItem.iImage = 0;
break;
}
lviEventItem.iItem = ListView_InsertItem(hwndListView, &lviEventItem);
ListView_SetItemText(hwndListView, lviEventItem.iItem, 1, szLocalDate);
ListView_SetItemText(hwndListView, lviEventItem.iItem, 2, szLocalTime);
ListView_SetItemText(hwndListView, lviEventItem.iItem, 3, lpSourceName);
ListView_SetItemText(hwndListView, lviEventItem.iItem, 4, szCategory);
ListView_SetItemText(hwndListView, lviEventItem.iItem, 5, szEventID);
ListView_SetItemText(hwndListView, lviEventItem.iItem, 6, szUsername); //User
ListView_SetItemText(hwndListView, lviEventItem.iItem, 7, lpComputerName); //Computer
MultiByteToWideChar(CP_ACP,
0,
lpData,
pevlr->DataLength,
szData,
MAX_PATH);
ListView_SetItemText(hwndListView, lviEventItem.iItem, 8, szData); //Event Text
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)((LPBYTE) pevlr + pevlr->Length);
}
dwRecordsToRead--;
dwCurrentRecord++;
}
// All events loaded
if(hwndDlg)
EndDialog(hwndDlg, 0);
StringCchPrintfExW(szWindowTitle,
sizeof(szWindowTitle) / sizeof(WCHAR),
&lpTitleTemplateEnd,
&cchRemaining,
0,
szTitleTemplate, szTitle, lpLogName); /* i = number of characters written */
/* lpComputerName can be NULL here if no records was read */
dwMaxLength = (DWORD)cchRemaining;
if (!lpComputerName)
GetComputerNameW(lpTitleTemplateEnd, &dwMaxLength);
else
StringCchCopyW(lpTitleTemplateEnd, dwMaxLength, lpComputerName);
StringCbPrintfW(szStatusText, sizeof(szStatusText), szStatusBarTemplate, lpLogName, dwTotalRecords);
// Update the status bar
SendMessageW(hwndStatus, SB_SETTEXT, (WPARAM)0, (LPARAM)szStatusText);
// Set the window title
SetWindowTextW(hwndMainWindow, szWindowTitle);
// Resume list view redraw
SendMessageW(hwndListView, WM_SETREDRAW, TRUE, 0);
// Close the event log.
CloseEventLog(hEventLog);
return TRUE;
}
