VOID
LogfReportEvent(WORD wType,
WORD wCategory,
DWORD dwEventId,
WORD wNumStrings,
WCHAR *lpStrings,
DWORD dwDataSize,
LPVOID lpRawData)
{
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
DWORD dwComputerNameLength = MAX_COMPUTERNAME_LENGTH + 1;
PEVENTSOURCE pEventSource = NULL;
PBYTE logBuffer;
DWORD lastRec;
DWORD recSize;
DWORD dwError;
if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
{
szComputerName[0] = 0;
}
pEventSource = GetEventSourceByName(L"EventLog");
if (pEventSource == NULL)
{
return;
}
lastRec = LogfGetCurrentRecord(pEventSource->LogFile);
logBuffer = LogfAllocAndBuildNewRecord(&recSize,
lastRec,
wType,
wCategory,
dwEventId,
pEventSource->szName,
(LPCWSTR)szComputerName,
0,
NULL,
wNumStrings,
lpStrings,
dwDataSize,
lpRawData);
dwError = LogfWriteData(pEventSource->LogFile, recSize, logBuffer);
if (!dwError)
{
DPRINT1("ERROR WRITING TO EventLog %S\n", pEventSource->LogFile->FileName);
}
LogfFreeRecord(logBuffer);
}
/* Function 11 */
NTSTATUS ElfrReportEventW(
IELF_HANDLE LogHandle,
DWORD Time,
USHORT EventType,
USHORT EventCategory,
DWORD EventID,
USHORT NumStrings,
DWORD DataSize,
PRPC_UNICODE_STRING ComputerName,
PRPC_SID UserSID,
PRPC_UNICODE_STRING Strings[],
BYTE *Data,
USHORT Flags,
DWORD *RecordNumber,
DWORD *TimeWritten)
{
USHORT i;
PBYTE LogBuffer;
PLOGHANDLE lpLogHandle;
DWORD lastRec;
DWORD recSize;
DWORD dwStringsSize = 0;
DWORD dwUserSidLength = 0;
DWORD dwError = ERROR_SUCCESS;
WCHAR *lpStrings;
int pos = 0;
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
if (!lpLogHandle)
{
return STATUS_INVALID_HANDLE;
}
/* Flags must be 0 */
if (Flags)
{
return STATUS_INVALID_PARAMETER;
}
lastRec = LogfGetCurrentRecord(lpLogHandle->LogFile);
for (i = 0; i < NumStrings; i++)
{
switch (EventType)
{
case EVENTLOG_SUCCESS:
DPRINT("Success: %wZ\n", Strings[i]);
break;
case EVENTLOG_ERROR_TYPE:
DPRINT("Error: %wZ\n", Strings[i]);
break;
case EVENTLOG_WARNING_TYPE:
DPRINT("Warning: %wZ\n", Strings[i]);
break;
case EVENTLOG_INFORMATION_TYPE:
DPRINT("Info: %wZ\n", Strings[i]);
break;
default:
DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
break;
}
dwStringsSize += Strings[i]->Length + sizeof UNICODE_NULL;
}
lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
if (!lpStrings)
{
DPRINT1("Failed to allocate heap\n");
return STATUS_NO_MEMORY;
}
for (i = 0; i < NumStrings; i++)
{
CopyMemory(lpStrings + pos, Strings[i]->Buffer, Strings[i]->Length);
pos += Strings[i]->Length / sizeof(WCHAR);
lpStrings[pos] = UNICODE_NULL;
pos += sizeof UNICODE_NULL / sizeof(WCHAR);
}
if (UserSID)
dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
LogBuffer = LogfAllocAndBuildNewRecord(&recSize,
lastRec,
EventType,
EventCategory,
EventID,
lpLogHandle->szName,
ComputerName->Buffer,
dwUserSidLength,
UserSID,
NumStrings,
lpStrings,
DataSize,
Data);
dwError = LogfWriteData(lpLogHandle->LogFile, recSize, LogBuffer);
if (!dwError)
{
DPRINT1("ERROR WRITING TO EventLog %S\n", lpLogHandle->LogFile->FileName);
}
LogfFreeRecord(LogBuffer);
HeapFree(GetProcessHeap(), 0, lpStrings);
return I_RpcMapWin32Status(dwError);
}
