static void test_info(void) { HANDLE handle; BOOL ret; DWORD needed; BYTE buffer[2 * sizeof(EVENTLOG_FULL_INFORMATION)]; EVENTLOG_FULL_INFORMATION *efi = (void *)buffer; if (!pGetEventLogInformation) { /* NT4 */ win_skip("GetEventLogInformation is not available\n"); return; } SetLastError(0xdeadbeef); ret = pGetEventLogInformation(NULL, 1, NULL, 0, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_LEVEL, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pGetEventLogInformation(NULL, EVENTLOG_FULL_INFO, NULL, 0, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError()); handle = OpenEventLogA(NULL, "Application"); SetLastError(0xdeadbeef); ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, NULL, 0, &needed); ok(!ret, "Expected failure\n"); ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == RPC_X_NULL_REF_POINTER, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); needed = 0xdeadbeef; efi->dwFull = 0xdeadbeef; ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, 0, &needed); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError()); ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed); ok(efi->dwFull == 0xdeadbeef, "Expected no change to the dwFull member\n"); /* Not that we care, but on success last error is set to ERROR_IO_PENDING */ efi->dwFull = 0xdeadbeef; needed = sizeof(buffer); ret = pGetEventLogInformation(handle, EVENTLOG_FULL_INFO, efi, needed, &needed); ok(ret, "Expected success\n"); ok(needed == sizeof(EVENTLOG_FULL_INFORMATION), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed); ok(efi->dwFull == 0 || efi->dwFull == 1, "Expected 0 (not full) or 1 (full), got %d\n", efi->dwFull); CloseEventLog(handle); }
BOOL My_OpenEventLogA() { LPCSTR lpUNCServerName=NULL; LPCSTR lpSourceName=NULL; HANDLE returnVal_Real = NULL; HANDLE returnVal_Intercepted = NULL; DWORD error_Real = 0; DWORD error_Intercepted = 0; disableInterception(); returnVal_Real = OpenEventLogA (lpUNCServerName,lpSourceName); error_Real = GetLastError(); enableInterception(); returnVal_Intercepted = OpenEventLogA (lpUNCServerName,lpSourceName); error_Intercepted = GetLastError(); return ((returnVal_Real == returnVal_Intercepted) && (error_Real == error_Intercepted)); }
static void test_oldest(void) { HANDLE handle; BOOL ret; DWORD oldest; const char backup[] = "backup.evt"; SetLastError(0xdeadbeef); ret = GetOldestEventLogRecord(NULL, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); oldest = 0xdeadbeef; ret = GetOldestEventLogRecord(NULL, &oldest); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError()); ok(oldest == 0xdeadbeef, "Expected oldest to stay unchanged\n"); handle = OpenEventLogA(NULL, "Application"); SetLastError(0xdeadbeef); ret = GetOldestEventLogRecord(handle, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); oldest = 0xdeadbeef; ret = GetOldestEventLogRecord(handle, &oldest); ok(ret, "Expected success\n"); ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n"); CloseEventLog(handle); /* Make a backup eventlog to work with */ if (create_backup(backup)) { handle = OpenBackupEventLogA(NULL, backup); todo_wine ok(handle != NULL, "Expected a handle\n"); /* Does GetOldestEventLogRecord work with backup eventlogs? */ oldest = 0xdeadbeef; ret = GetOldestEventLogRecord(handle, &oldest); todo_wine { ok(ret, "Expected success\n"); ok(oldest != 0xdeadbeef, "Expected the number of the oldest record\n"); } CloseEventLog(handle); DeleteFileA(backup); } }
static void test_open_close(void) { HANDLE handle; BOOL ret; SetLastError(0xdeadbeef); ret = CloseEventLog(NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_HANDLE || GetLastError() == ERROR_NOACCESS, /* W2K */ "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError()); SetLastError(0xdeadbeef); handle = OpenEventLogA(NULL, NULL); ok(handle == NULL, "Didn't expect a handle\n"); ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); handle = OpenEventLogA("IDontExist", NULL); ok(handle == NULL, "Didn't expect a handle\n"); ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); handle = OpenEventLogA("IDontExist", "deadbeef"); ok(handle == NULL, "Didn't expect a handle\n"); ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE || GetLastError() == RPC_S_INVALID_NET_ADDR, /* Some Vista and Win7 */ "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError()); /* This one opens the Application log */ handle = OpenEventLogA(NULL, "deadbeef"); ok(handle != NULL, "Expected a handle\n"); ret = CloseEventLog(handle); ok(ret, "Expected success\n"); /* Close a second time */ SetLastError(0xdeadbeef); ret = CloseEventLog(handle); todo_wine { ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError()); } /* Empty servername should be read as local server */ handle = OpenEventLogA("", "Application"); ok(handle != NULL, "Expected a handle\n"); CloseEventLog(handle); handle = OpenEventLogA(NULL, "Application"); ok(handle != NULL, "Expected a handle\n"); CloseEventLog(handle); }
static BOOL create_backup(const char *filename) { HANDLE handle; DWORD rc, attribs; DeleteFileA(filename); handle = OpenEventLogA(NULL, "Application"); rc = BackupEventLogA(handle, filename); if (!rc && GetLastError() == ERROR_PRIVILEGE_NOT_HELD) { skip("insufficient privileges to backup the eventlog\n"); CloseEventLog(handle); return FALSE; } ok(rc, "BackupEventLogA failed, le=%u\n", GetLastError()); CloseEventLog(handle); attribs = GetFileAttributesA(filename); todo_wine ok(attribs != INVALID_FILE_ATTRIBUTES, "Expected a backup file attribs=%#x le=%u\n", attribs, GetLastError()); return TRUE; }
static void test_readwrite(void) { HANDLE handle; PSID user; DWORD sidsize, count; BOOL ret, sidavailable; BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */ DWORD i; char *localcomputer = NULL; DWORD size; if (pCreateWellKnownSid) { sidsize = SECURITY_MAX_SID_SIZE; user = HeapAlloc(GetProcessHeap(), 0, sidsize); SetLastError(0xdeadbeef); pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize); sidavailable = TRUE; } else { win_skip("Skipping some SID related tests\n"); sidavailable = FALSE; user = NULL; } /* Write an event with an incorrect event type. This will fail on Windows 7 * but succeed on all others, hence it's not part of the struct. */ handle = OpenEventLogA(NULL, eventlogname); if (!handle) { /* Intermittently seen on NT4 when tests are run immediately after boot */ win_skip("Could not get a handle to the eventlog\n"); goto cleanup; } count = 0xdeadbeef; GetNumberOfEventLogRecords(handle, &count); if (count != 0) { /* Needed for W2K3 without a service pack */ win_skip("We most likely opened the Application eventlog\n"); CloseEventLog(handle); Sleep(2000); handle = OpenEventLogA(NULL, eventlogname); count = 0xdeadbeef; GetNumberOfEventLogRecords(handle, &count); if (count != 0) { win_skip("We didn't open our new eventlog\n"); CloseEventLog(handle); goto cleanup; } } SetLastError(0xdeadbeef); ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL); if (!ret && GetLastError() == ERROR_CRC) { win_skip("Win7 fails when using incorrect event types\n"); ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL); ok(ret, "Expected success : %d\n", GetLastError()); } else { void *buf; DWORD read, needed = 0; EVENTLOGRECORD *record; ok(ret, "Expected success : %d\n", GetLastError()); /* Needed to catch earlier Vista (with no ServicePack for example) */ buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD)); if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) && GetLastError() == ERROR_INSUFFICIENT_BUFFER) { buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed); ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, needed, &read, &needed); } if (ret) { record = (EVENTLOGRECORD *)buf; /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return * the written eventtype (0x20 in this case). */ if (record->EventType == EVENTLOG_SUCCESS) on_vista = TRUE; } HeapFree(GetProcessHeap(), 0, buf); } /* This will clear the eventlog. The record numbering for new * events however differs on Vista SP1+. Before Vista the first * event would be numbered 1, on Vista SP1+ it's higher as we already * had at least one event (more in case of multiple test runs without * a reboot). */ ClearEventLogA(handle, NULL); CloseEventLog(handle); /* Write a bunch of events while using different event sources */ for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++) { DWORD oldest; BOOL run_sidtests = read_write[i].evt_sid & sidavailable; /* We don't need to use RegisterEventSource to report events */ if (i % 2) handle = OpenEventLogA(NULL, read_write[i].evt_src); else handle = RegisterEventSourceA(NULL, read_write[i].evt_src); ok(handle != NULL, "Expected a handle\n"); SetLastError(0xdeadbeef); ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat, read_write[i].evt_id, run_sidtests ? user : NULL, read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL); ok(ret, "Expected ReportEvent success : %d\n", GetLastError()); count = 0xdeadbeef; SetLastError(0xdeadbeef); ret = GetNumberOfEventLogRecords(handle, &count); ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError()); todo_wine ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count); oldest = 0xdeadbeef; ret = GetOldestEventLogRecord(handle, &oldest); ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError()); todo_wine ok(oldest == 1 || (oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */ "Expected oldest to be 1 or higher, got %d\n", oldest); if (oldest > 1 && oldest != 0xdeadbeef) on_vista = TRUE; SetLastError(0xdeadbeef); if (i % 2) ret = CloseEventLog(handle); else ret = DeregisterEventSource(handle); ok(ret, "Expected success : %d\n", GetLastError()); } handle = OpenEventLogA(NULL, eventlogname); count = 0xdeadbeef; ret = GetNumberOfEventLogRecords(handle, &count); ok(ret, "Expected success\n"); todo_wine ok(count == i, "Expected %d records, got %d\n", i, count); CloseEventLog(handle); if (count == 0) { skip("No events were written to the eventlog\n"); goto cleanup; } /* Report only once */ if (on_vista) skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n"); if (on_vista && pGetComputerNameExA) { /* New Vista+ behavior */ size = 0; SetLastError(0xdeadbeef); pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size); localcomputer = HeapAlloc(GetProcessHeap(), 0, size); pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size); } else { size = MAX_COMPUTERNAME_LENGTH + 1; localcomputer = HeapAlloc(GetProcessHeap(), 0, size); GetComputerNameA(localcomputer, &size); } /* Read all events from our created eventlog, one by one */ handle = OpenEventLogA(NULL, eventlogname); ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError()); i = 0; for (;;) { void *buf; DWORD read, needed; EVENTLOGRECORD *record; char *sourcename, *computername; int k; char *ptr; BOOL run_sidtests = read_write[i].evt_sid & sidavailable; buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD)); SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER) { HeapFree(GetProcessHeap(), 0, buf); ok(GetLastError() == ERROR_HANDLE_EOF, "record %d, got %d\n", i, GetLastError()); break; } buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed); ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, needed, &read, &needed); ok(ret, "Expected success: %d\n", GetLastError()); record = (EVENTLOGRECORD *)buf; ok(record->Length == read, "Expected %d, got %d\n", read, record->Length); ok(record->Reserved == 0x654c664c, "Expected 0x654c664c, got %d\n", record->Reserved); ok(record->RecordNumber == i + 1 || (on_vista && (record->RecordNumber > i + 1)), "Expected %d or higher, got %d\n", i + 1, record->RecordNumber); ok(record->EventID == read_write[i].evt_id, "Expected %d, got %d\n", read_write[i].evt_id, record->EventID); ok(record->EventType == read_write[i].evt_type, "Expected %d, got %d\n", read_write[i].evt_type, record->EventType); ok(record->NumStrings == read_write[i].evt_numstrings, "Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings); ok(record->EventCategory == read_write[i].evt_cat, "Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory); sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD)); ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n", read_write[i].evt_src, sourcename); computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1); ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n", localcomputer, computername); /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if * no padding was actually required a 0 DWORD was still used for padding. No * application should be relying on the padding as we are working with offsets * anyway. */ if (!on_vista) { DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1; /* We are already DWORD aligned, there should still be some padding */ if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0) ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n"); ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n"); } if (run_sidtests) { ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength); } else { ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n"); ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength); } ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength); ptr = (char *)((BYTE *)buf + record->StringOffset); for (k = 0; k < record->NumStrings; k++) { ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr); ptr += lstrlenA(ptr) + 1; } ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)), "Expected the closing DWORD to contain the length of the record\n"); HeapFree(GetProcessHeap(), 0, buf); i++; } CloseEventLog(handle); /* Test clearing a real eventlog */ handle = OpenEventLogA(NULL, eventlogname); ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ClearEventLogA(handle, NULL); ok(ret, "Expected success\n"); count = 0xdeadbeef; ret = GetNumberOfEventLogRecords(handle, &count); ok(ret, "Expected success\n"); ok(count == 0, "Expected an empty eventlog, got %d records\n", count); CloseEventLog(handle); cleanup: HeapFree(GetProcessHeap(), 0, localcomputer); HeapFree(GetProcessHeap(), 0, user); }
static void test_read(void) { HANDLE handle; BOOL ret; DWORD count, toread, read, needed; void *buf; SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, NULL); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); read = 0xdeadbeef; SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, NULL); ok(!ret, "Expected failure\n"); ok(read == 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); needed = 0xdeadbeef; SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, 0, 0, NULL, 0, NULL, &needed); ok(!ret, "Expected failure\n"); ok(needed == 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */ SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, 0, 0, NULL, 0, &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, NULL, NULL); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, NULL, 0, &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); buf = NULL; SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD)); SetLastError(0xdeadbeef); ret = ReadEventLogA(NULL, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_HANDLE, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError()); HeapFree(GetProcessHeap(), 0, buf); handle = OpenEventLogA(NULL, "Application"); /* Show that we need the proper dwFlags with a (for the rest) proper call */ buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD)); SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, 0, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEEK_READ | EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); todo_wine ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); HeapFree(GetProcessHeap(), 0, buf); /* First check if there are any records (in practice only on Wine: FIXME) */ count = 0; GetNumberOfEventLogRecords(handle, &count); if (!count) { skip("No records in the 'Application' log\n"); CloseEventLog(handle); return; } /* Get the buffer size for the first record */ buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD)); read = needed = 0xdeadbeef; SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, sizeof(EVENTLOGRECORD), &read, &needed); ok(!ret, "Expected failure\n"); ok(read == 0, "Expected no bytes read\n"); ok(needed > sizeof(EVENTLOGRECORD), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n"); ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError()); /* Read the first record */ toread = needed; buf = HeapReAlloc(GetProcessHeap(), 0, buf, toread); read = needed = 0xdeadbeef; SetLastError(0xdeadbeef); ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ, 0, buf, toread, &read, &needed); ok(ret, "Expected success\n"); ok(read == toread || broken(read < toread), /* NT4 wants a buffer size way bigger than just 1 record */ "Expected the requested size to be read\n"); ok(needed == 0, "Expected no extra bytes to be read\n"); HeapFree(GetProcessHeap(), 0, buf); CloseEventLog(handle); }
static void test_backup(void) { HANDLE handle; BOOL ret; const char backup[] = "backup.evt"; const char backup2[] = "backup2.evt"; SetLastError(0xdeadbeef); ret = BackupEventLogA(NULL, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); SetLastError(0xdeadbeef); ret = BackupEventLogA(NULL, backup); ok(!ret, "Expected failure\n"); ok(GetFileAttributesA(backup) == INVALID_FILE_ATTRIBUTES, "Expected no backup file\n"); handle = OpenEventLogA(NULL, "Application"); SetLastError(0xdeadbeef); ret = BackupEventLogA(handle, NULL); ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_INVALID_PARAMETER, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError()); ret = BackupEventLogA(handle, backup); if (!ret && GetLastError() == ERROR_PRIVILEGE_NOT_HELD) { skip("insufficient privileges for backup tests\n"); CloseEventLog(handle); return; } ok(ret, "Expected success\n"); todo_wine ok(GetFileAttributesA(backup) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n"); /* Try to overwrite */ SetLastError(0xdeadbeef); ret = BackupEventLogA(handle, backup); todo_wine { ok(!ret, "Expected failure\n"); ok(GetLastError() == ERROR_ALREADY_EXISTS, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError()); } CloseEventLog(handle); /* Can we make a backup of a backup? */ handle = OpenBackupEventLogA(NULL, backup); todo_wine ok(handle != NULL, "Expected a handle\n"); ret = BackupEventLogA(handle, backup2); todo_wine { ok(ret, "Expected success\n"); ok(GetFileAttributesA(backup2) != INVALID_FILE_ATTRIBUTES, "Expected a backup file\n"); } CloseEventLog(handle); DeleteFileA(backup); DeleteFileA(backup2); }