VOID LogfReportEvent(WORD wType, WORD wCategory, DWORD dwEventId, WORD wNumStrings, WCHAR *lpStrings, DWORD dwDataSize, LPVOID lpRawData) { WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1]; DWORD dwComputerNameLength = MAX_COMPUTERNAME_LENGTH + 1; PEVENTSOURCE pEventSource = NULL; PBYTE logBuffer; DWORD lastRec; DWORD recSize; DWORD dwError; if (!GetComputerNameW(szComputerName, &dwComputerNameLength)) { szComputerName[0] = 0; } pEventSource = GetEventSourceByName(L"EventLog"); if (pEventSource == NULL) { return; } lastRec = LogfGetCurrentRecord(pEventSource->LogFile); logBuffer = LogfAllocAndBuildNewRecord(&recSize, lastRec, wType, wCategory, dwEventId, pEventSource->szName, (LPCWSTR)szComputerName, 0, NULL, wNumStrings, lpStrings, dwDataSize, lpRawData); dwError = LogfWriteData(pEventSource->LogFile, recSize, logBuffer); if (!dwError) { DPRINT1("ERROR WRITING TO EventLog %S\n", pEventSource->LogFile->FileName); } LogfFreeRecord(logBuffer); }
/* Function 11 */ NTSTATUS ElfrReportEventW( IELF_HANDLE LogHandle, DWORD Time, USHORT EventType, USHORT EventCategory, DWORD EventID, USHORT NumStrings, DWORD DataSize, PRPC_UNICODE_STRING ComputerName, PRPC_SID UserSID, PRPC_UNICODE_STRING Strings[], BYTE *Data, USHORT Flags, DWORD *RecordNumber, DWORD *TimeWritten) { USHORT i; PBYTE LogBuffer; PLOGHANDLE lpLogHandle; DWORD lastRec; DWORD recSize; DWORD dwStringsSize = 0; DWORD dwUserSidLength = 0; DWORD dwError = ERROR_SUCCESS; WCHAR *lpStrings; int pos = 0; lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle); if (!lpLogHandle) { return STATUS_INVALID_HANDLE; } /* Flags must be 0 */ if (Flags) { return STATUS_INVALID_PARAMETER; } lastRec = LogfGetCurrentRecord(lpLogHandle->LogFile); for (i = 0; i < NumStrings; i++) { switch (EventType) { case EVENTLOG_SUCCESS: DPRINT("Success: %wZ\n", Strings[i]); break; case EVENTLOG_ERROR_TYPE: DPRINT("Error: %wZ\n", Strings[i]); break; case EVENTLOG_WARNING_TYPE: DPRINT("Warning: %wZ\n", Strings[i]); break; case EVENTLOG_INFORMATION_TYPE: DPRINT("Info: %wZ\n", Strings[i]); break; default: DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]); break; } dwStringsSize += Strings[i]->Length + sizeof UNICODE_NULL; } lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize); if (!lpStrings) { DPRINT1("Failed to allocate heap\n"); return STATUS_NO_MEMORY; } for (i = 0; i < NumStrings; i++) { CopyMemory(lpStrings + pos, Strings[i]->Buffer, Strings[i]->Length); pos += Strings[i]->Length / sizeof(WCHAR); lpStrings[pos] = UNICODE_NULL; pos += sizeof UNICODE_NULL / sizeof(WCHAR); } if (UserSID) dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]); LogBuffer = LogfAllocAndBuildNewRecord(&recSize, lastRec, EventType, EventCategory, EventID, lpLogHandle->szName, ComputerName->Buffer, dwUserSidLength, UserSID, NumStrings, lpStrings, DataSize, Data); dwError = LogfWriteData(lpLogHandle->LogFile, recSize, LogBuffer); if (!dwError) { DPRINT1("ERROR WRITING TO EventLog %S\n", lpLogHandle->LogFile->FileName); } LogfFreeRecord(LogBuffer); HeapFree(GetProcessHeap(), 0, lpStrings); return I_RpcMapWin32Status(dwError); }