logger::logger() { if (EventRegister(&event_provider_guid, NULL, NULL, &g_event_provider_handle) != ERROR_SUCCESS) { g_event_provider_handle = NULL; } }
ETWLogger::ETWLogger() { m_registration_handle = 0; auto status = EventRegister( &ProviderGuid, // GUID that identifies the provider nullptr, // Callback not used nullptr, // Context noot used &m_registration_handle // Used when calling EventWrite and EventUnregister ); }
Status WindowsEventLoggerPlugin::acquireHandle(REGHANDLE& registration_handle) { auto status = EventRegister( &OsqueryWindowsEventLogProvider, nullptr, nullptr, ®istration_handle); if (status != ERROR_SUCCESS) { registration_handle = 0; return Status(1, "Failed to register the Windows Event Log provider"); } return Status(); }
void EtwInitProvider() { if (0 != RegistrationHandle) return; EventRegister( &ProviderGuid, // GUID that identifies the provider NULL, // Callback not used NULL, // Context noot used &RegistrationHandle // Used when calling EventWrite and EventUnregister ); }
int CcpsInit(void) { char name[NG_NODESIZ]; /* Create a netgraph socket node */ snprintf(name, sizeof(name), "mpd%d-cso", gPid); if (NgMkSockNode(name, &gCcpCsock, &gCcpDsock) < 0) { Perror("CcpsInit(): can't create %s node", NG_SOCKET_NODE_TYPE); return(-1); } (void) fcntl(gCcpCsock, F_SETFD, 1); (void) fcntl(gCcpDsock, F_SETFD, 1); /* Listen for happenings on our node */ EventRegister(&gCcpCtrlEvent, EVENT_READ, gCcpCsock, EVENT_RECURRING, CcpNgCtrlEvent, NULL); EventRegister(&gCcpDataEvent, EVENT_READ, gCcpDsock, EVENT_RECURRING, CcpNgDataEvent, NULL); return (0); }
ETWHandler(const wchar_t *guid_str) : m_bUseFormatter(DISPATCHER_LOG_USE_FORMATING), m_EventHandle(), m_bProviderEnable() { GUID rguid = GUID_NULL; if (FAILED(CLSIDFromString(guid_str, &rguid))) { return; } EventRegister(&rguid, NULL, NULL, &m_EventHandle); m_bProviderEnable = 0 != EventProviderEnabled(m_EventHandle, 1, 0); }
/*++ Routine Description: Sets up logging. Arguments: VOID Return Value: VOID --*/ VOID SetupEvents() { NTSTATUS status = EventRegister(&SERVICE_PROVIDER_GUID, nullptr, nullptr, &m_etwRegHandle); if (status != ERROR_SUCCESS) { wprintf(L"Provider not registered. EventRegister failed with error: 0x%08X\n", status); } }
// // FUNCTION: CServiceBase::CServiceBase(PWSTR, BOOL, BOOL, BOOL) // // PURPOSE: The constructor of CServiceBase. It initializes a new instance // of the CServiceBase class. The optional parameters (fCanStop, /// fCanShutdown and fCanPauseContinue) allow you to specify whether the // service can be stopped, paused and continued, or be notified when system // shutdown occurs. // // PARAMETERS: // * pszServiceName - the name of the service // * fCanStop - the service can be stopped // * fCanShutdown - the service is notified when system shutdown occurs // * fCanPauseContinue - the service can be paused and continued // CServiceBase::CServiceBase( PWSTR pszServiceName, BOOL fCanStop, BOOL fCanShutdown, BOOL fCanPauseContinue) { // Service name must be a valid string and cannot be NULL. m_name = (pszServiceName == nullptr) ? L"" : pszServiceName; m_statusHandle = nullptr; // The service runs in its own process. m_status.dwServiceType = SERVICE_WIN32_OWN_PROCESS; // The service is starting. m_status.dwCurrentState = SERVICE_START_PENDING; // The accepted commands of the service. DWORD dwControlsAccepted = 0; if (fCanStop) dwControlsAccepted |= SERVICE_ACCEPT_STOP; if (fCanShutdown) dwControlsAccepted |= SERVICE_ACCEPT_SHUTDOWN; if (fCanPauseContinue) dwControlsAccepted |= SERVICE_ACCEPT_PAUSE_CONTINUE; m_status.dwControlsAccepted = dwControlsAccepted; m_status.dwWin32ExitCode = NO_ERROR; m_status.dwServiceSpecificExitCode = 0; m_status.dwCheckPoint = 0; m_status.dwWaitHint = 0; NTSTATUS status = EventRegister(&SERVICE_STATUS_SERVICE_PROVIDER_GUID, nullptr, nullptr, &m_etwRegHandle); if (ERROR_SUCCESS != status) { wprintf(L"Provider not registered. EventRegister failed with %d\n", status); } }
basic_simple_nt6_event_log_backend< CharT >::basic_simple_nt6_event_log_backend(GUID const& provider_id) : m_pImpl(boost::make_shared< implementation >()) { if (EventRegister(&provider_id, NULL, NULL, &m_pImpl->m_ProviderHandle) != ERROR_SUCCESS) boost::throw_exception(std::runtime_error("Could not register event provider")); }