static void xopenlog(BIO* bp, char* name, int level)
{
if (GetVersion() < 0x80000000)
bp->ptr = RegisterEventSourceA(NULL,name);
else
bp->ptr = NULL;
}
///////////////////////////////////////////////////////////////////////////////////////
// Logging functions
int CServiceModule::LogEvent(WORD wType, int id, ...)
{
CHAR chMsg[256];
HANDLE hEventSource;
LPSTR lpszStrings[1];
va_list pArg;
va_start(pArg, id);
_vsnprintf(chMsg, sizeof(chMsg), g_rgszLobbyEvents[id], pArg);
va_end(pArg);
lpszStrings[0] = chMsg;
debugf("%s\n", lpszStrings[0]);
if (m_bService)
{
/* Get a handle to use with ReportEvent(). */
hEventSource = RegisterEventSourceA(NULL, m_szServiceName);
if (hEventSource != NULL)
{
/* Write to event log. */
ReportEvent(hEventSource, wType, 0, LobbyEventBaseID + id, NULL, 1, 0, (LPCTSTR*) &lpszStrings[0], NULL);
DeregisterEventSource(hEventSource);
}
}
else
{
// As we are not running as a service, just write the error to the console.
puts(chMsg);
}
return 0;
}
static void xopenlog(BIO *bp, char *name, int level)
{
if (check_winnt())
bp->ptr = RegisterEventSourceA(NULL, name);
else
bp->ptr = NULL;
}
void IupLogV(const char* type, const char* format, va_list arglist)
{
HANDLE EventSource;
WORD wtype = 0;
int size;
char* value = iupStrGetLargeMem(&size);
vsnprintf(value, size, format, arglist);
if (iupStrEqualNoCase(type, "DEBUG"))
{
OutputDebugStringA(value);
return;
}
else if (iupStrEqualNoCase(type, "ERROR"))
wtype = EVENTLOG_ERROR_TYPE;
else if (iupStrEqualNoCase(type, "WARNING"))
wtype = EVENTLOG_WARNING_TYPE;
else if (iupStrEqualNoCase(type, "INFO"))
wtype = EVENTLOG_INFORMATION_TYPE;
EventSource = RegisterEventSourceA(NULL, "Application");
if (EventSource)
{
ReportEventA(EventSource, wtype, 0, 0, NULL, 1, 0, &value, NULL);
DeregisterEventSource(EventSource);
}
}
void
sbWindowsEventLogInitialize()
{
// Do nothing if already initialized.
if (gSBWindowsEventLogInitialized)
return;
// Set up to finalize on exit.
atexit(sbWindowsEventLogFinalize);
// Register the event source.
gSBWindowsEventLogEventSource = RegisterEventSourceA
(NULL,
SB_WINDOWS_EVENT_LOG_EVENT_SOURCE_NAME);
// Service is initialized.
gSBWindowsEventLogInitialized = TRUE;
}
/*
** Name: WriteToEventLog
**
** Description:
** Write the message string to the specified event source in the Event Log.
**
*/
void WriteToEventLog(LPCSTR pszSrcName, LPCSTR message)
{
HANDLE hEventLog;
hEventLog = RegisterEventSourceA(NULL, pszSrcName); /* register on local machine */
if (hEventLog == NULL) /* could not register the event source for some reason */
return;
ReportEventA(hEventLog, /* event log handle */
EVENTLOG_ERROR_TYPE, /* event type */
0, /* event category */
0, /* event identifier */
NULL, /* no security identifier */
1, /* number of substitution strings */
0, /* no raw data */
&message, /* message strings */
NULL); /* no raw data */
DeregisterEventSource(hEventLog);
}
tt_logio_t *tt_logio_winev_create(IN const tt_char_t *source,
IN tt_winev_type_t type,
IN tt_u32_t category,
IN tt_u32_t ev_id,
IN OPT tt_logio_winev_attr_t *attr)
{
tt_logio_winev_attr_t __attr;
tt_logio_t *lio;
tt_logio_winev_t *lio_winev;
if (attr == NULL) {
tt_logio_winev_attr_default(&__attr);
attr = &__attr;
}
lio = tt_logio_create(sizeof(tt_logio_winev_t), &tt_s_logio_winev_itf);
if (lio == NULL) {
return NULL;
}
lio_winev = TT_LOGIO_CAST(lio, tt_logio_winev_t);
#ifdef TT_HAVE_WINDOWS_EVENT_LOG
lio_winev->source = RegisterEventSourceA(attr->server, source);
if (lio_winev->source == NULL) {
TT_ERROR_NTV("fail to reg ev source: %s", source);
tt_free(lio);
return NULL;
}
#endif
lio_winev->type = type;
lio_winev->category = category;
lio_winev->ev_id = ev_id;
return lio;
}
static void
windows_event_logger_log(grn_ctx *ctx, grn_log_level level,
const char *timestamp, const char *title,
const char *message, const char *location,
void *user_data)
{
grn_windows_event_logger_data *data = user_data;
WORD type;
WORD category = 0;
DWORD event_id = 0;
PSID user_sid = NULL;
WORD n_strings = 1;
DWORD event_data_size = 0;
const WCHAR *strings[1];
LPVOID event_data = NULL;
const char level_marks[] = " EACewnid-";
grn_obj formatted_buffer;
UINT code_page;
DWORD convert_flags = 0;
int n_converted_chars;
switch (level) {
case GRN_LOG_NONE :
return;
break;
case GRN_LOG_EMERG :
case GRN_LOG_ALERT :
case GRN_LOG_CRIT :
case GRN_LOG_ERROR :
type = EVENTLOG_ERROR_TYPE;
break;
case GRN_LOG_WARNING :
type = EVENTLOG_WARNING_TYPE;
break;
case GRN_LOG_NOTICE :
case GRN_LOG_INFO :
case GRN_LOG_DEBUG :
case GRN_LOG_DUMP :
type = EVENTLOG_INFORMATION_TYPE;
break;
default :
type = EVENTLOG_ERROR_TYPE;
break;
}
if (data->event_source == INVALID_HANDLE_VALUE) {
data->event_source = RegisterEventSourceA(NULL, data->event_source_name);
if (data->event_source == INVALID_HANDLE_VALUE) {
return;
}
}
GRN_TEXT_INIT(&formatted_buffer, 0);
if (location && location[0]) {
grn_text_printf(ctx, &formatted_buffer, "%s|%c|%s %s %s",
timestamp, level_marks[level], title, message, location);
} else {
grn_text_printf(ctx, &formatted_buffer, "%s|%c|%s %s",
timestamp, level_marks[level], title, message);
}
code_page = grn_windows_encoding_to_code_page(ctx->encoding);
n_converted_chars = MultiByteToWideChar(code_page,
convert_flags,
GRN_TEXT_VALUE(&formatted_buffer),
GRN_TEXT_LEN(&formatted_buffer),
NULL,
0);
#define CONVERTED_BUFFER_SIZE 512
if (n_converted_chars < CONVERTED_BUFFER_SIZE) {
WCHAR converted_buffer[CONVERTED_BUFFER_SIZE];
n_converted_chars = MultiByteToWideChar(code_page,
convert_flags,
GRN_TEXT_VALUE(&formatted_buffer),
GRN_TEXT_LEN(&formatted_buffer),
converted_buffer,
CONVERTED_BUFFER_SIZE);
converted_buffer[n_converted_chars] = L'\0';
strings[0] = converted_buffer;
ReportEventW(data->event_source, type, category, event_id, user_sid,
n_strings, event_data_size,
strings, event_data);
#undef CONVERTED_BUFFER_SIZE
} else {
WCHAR *converted;
converted = GRN_MALLOCN(WCHAR, n_converted_chars);
n_converted_chars = MultiByteToWideChar(code_page,
convert_flags,
GRN_TEXT_VALUE(&formatted_buffer),
GRN_TEXT_LEN(&formatted_buffer),
converted,
n_converted_chars);
converted[n_converted_chars] = L'\0';
strings[0] = converted;
ReportEventW(data->event_source, type, category, event_id, user_sid,
n_strings, event_data_size,
strings, event_data);
GRN_FREE(converted);
}
GRN_OBJ_FIN(ctx, &formatted_buffer);
}
static void test_readwrite(void)
{
HANDLE handle;
PSID user;
DWORD sidsize, count;
BOOL ret, sidavailable;
BOOL on_vista = FALSE; /* Used to indicate Vista, W2K8 or Win7 */
DWORD i;
char *localcomputer = NULL;
DWORD size;
if (pCreateWellKnownSid)
{
sidsize = SECURITY_MAX_SID_SIZE;
user = HeapAlloc(GetProcessHeap(), 0, sidsize);
SetLastError(0xdeadbeef);
pCreateWellKnownSid(WinInteractiveSid, NULL, user, &sidsize);
sidavailable = TRUE;
}
else
{
win_skip("Skipping some SID related tests\n");
sidavailable = FALSE;
user = NULL;
}
/* Write an event with an incorrect event type. This will fail on Windows 7
* but succeed on all others, hence it's not part of the struct.
*/
handle = OpenEventLogA(NULL, eventlogname);
if (!handle)
{
/* Intermittently seen on NT4 when tests are run immediately after boot */
win_skip("Could not get a handle to the eventlog\n");
goto cleanup;
}
count = 0xdeadbeef;
GetNumberOfEventLogRecords(handle, &count);
if (count != 0)
{
/* Needed for W2K3 without a service pack */
win_skip("We most likely opened the Application eventlog\n");
CloseEventLog(handle);
Sleep(2000);
handle = OpenEventLogA(NULL, eventlogname);
count = 0xdeadbeef;
GetNumberOfEventLogRecords(handle, &count);
if (count != 0)
{
win_skip("We didn't open our new eventlog\n");
CloseEventLog(handle);
goto cleanup;
}
}
SetLastError(0xdeadbeef);
ret = ReportEventA(handle, 0x20, 0, 0, NULL, 0, 0, NULL, NULL);
if (!ret && GetLastError() == ERROR_CRC)
{
win_skip("Win7 fails when using incorrect event types\n");
ret = ReportEventA(handle, 0, 0, 0, NULL, 0, 0, NULL, NULL);
ok(ret, "Expected success : %d\n", GetLastError());
}
else
{
void *buf;
DWORD read, needed = 0;
EVENTLOGRECORD *record;
ok(ret, "Expected success : %d\n", GetLastError());
/* Needed to catch earlier Vista (with no ServicePack for example) */
buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
if (!(ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, sizeof(EVENTLOGRECORD), &read, &needed)) &&
GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, needed, &read, &needed);
}
if (ret)
{
record = (EVENTLOGRECORD *)buf;
/* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
* the written eventtype (0x20 in this case).
*/
if (record->EventType == EVENTLOG_SUCCESS)
on_vista = TRUE;
}
HeapFree(GetProcessHeap(), 0, buf);
}
/* This will clear the eventlog. The record numbering for new
* events however differs on Vista SP1+. Before Vista the first
* event would be numbered 1, on Vista SP1+ it's higher as we already
* had at least one event (more in case of multiple test runs without
* a reboot).
*/
ClearEventLogA(handle, NULL);
CloseEventLog(handle);
/* Write a bunch of events while using different event sources */
for (i = 0; i < sizeof(read_write)/sizeof(read_write[0]); i++)
{
DWORD oldest;
BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
/* We don't need to use RegisterEventSource to report events */
if (i % 2)
handle = OpenEventLogA(NULL, read_write[i].evt_src);
else
handle = RegisterEventSourceA(NULL, read_write[i].evt_src);
ok(handle != NULL, "Expected a handle\n");
SetLastError(0xdeadbeef);
ret = ReportEventA(handle, read_write[i].evt_type, read_write[i].evt_cat,
read_write[i].evt_id, run_sidtests ? user : NULL,
read_write[i].evt_numstrings, 0, read_write[i].evt_strings, NULL);
ok(ret, "Expected ReportEvent success : %d\n", GetLastError());
count = 0xdeadbeef;
SetLastError(0xdeadbeef);
ret = GetNumberOfEventLogRecords(handle, &count);
ok(ret, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
todo_wine
ok(count == (i + 1), "Expected %d records, got %d\n", i + 1, count);
oldest = 0xdeadbeef;
ret = GetOldestEventLogRecord(handle, &oldest);
ok(ret, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
todo_wine
ok(oldest == 1 ||
(oldest > 1 && oldest != 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
"Expected oldest to be 1 or higher, got %d\n", oldest);
if (oldest > 1 && oldest != 0xdeadbeef)
on_vista = TRUE;
SetLastError(0xdeadbeef);
if (i % 2)
ret = CloseEventLog(handle);
else
ret = DeregisterEventSource(handle);
ok(ret, "Expected success : %d\n", GetLastError());
}
handle = OpenEventLogA(NULL, eventlogname);
count = 0xdeadbeef;
ret = GetNumberOfEventLogRecords(handle, &count);
ok(ret, "Expected success\n");
todo_wine
ok(count == i, "Expected %d records, got %d\n", i, count);
CloseEventLog(handle);
if (count == 0)
{
skip("No events were written to the eventlog\n");
goto cleanup;
}
/* Report only once */
if (on_vista)
skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
if (on_vista && pGetComputerNameExA)
{
/* New Vista+ behavior */
size = 0;
SetLastError(0xdeadbeef);
pGetComputerNameExA(ComputerNameDnsFullyQualified, NULL, &size);
localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
pGetComputerNameExA(ComputerNameDnsFullyQualified, localcomputer, &size);
}
else
{
size = MAX_COMPUTERNAME_LENGTH + 1;
localcomputer = HeapAlloc(GetProcessHeap(), 0, size);
GetComputerNameA(localcomputer, &size);
}
/* Read all events from our created eventlog, one by one */
handle = OpenEventLogA(NULL, eventlogname);
ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
i = 0;
for (;;)
{
void *buf;
DWORD read, needed;
EVENTLOGRECORD *record;
char *sourcename, *computername;
int k;
char *ptr;
BOOL run_sidtests = read_write[i].evt_sid & sidavailable;
buf = HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD));
SetLastError(0xdeadbeef);
ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, sizeof(EVENTLOGRECORD), &read, &needed);
ok(!ret, "Expected failure\n");
if (!ret && GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
HeapFree(GetProcessHeap(), 0, buf);
ok(GetLastError() == ERROR_HANDLE_EOF, "record %d, got %d\n", i, GetLastError());
break;
}
buf = HeapReAlloc(GetProcessHeap(), 0, buf, needed);
ret = ReadEventLogA(handle, EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ,
0, buf, needed, &read, &needed);
ok(ret, "Expected success: %d\n", GetLastError());
record = (EVENTLOGRECORD *)buf;
ok(record->Length == read,
"Expected %d, got %d\n", read, record->Length);
ok(record->Reserved == 0x654c664c,
"Expected 0x654c664c, got %d\n", record->Reserved);
ok(record->RecordNumber == i + 1 ||
(on_vista && (record->RecordNumber > i + 1)),
"Expected %d or higher, got %d\n", i + 1, record->RecordNumber);
ok(record->EventID == read_write[i].evt_id,
"Expected %d, got %d\n", read_write[i].evt_id, record->EventID);
ok(record->EventType == read_write[i].evt_type,
"Expected %d, got %d\n", read_write[i].evt_type, record->EventType);
ok(record->NumStrings == read_write[i].evt_numstrings,
"Expected %d, got %d\n", read_write[i].evt_numstrings, record->NumStrings);
ok(record->EventCategory == read_write[i].evt_cat,
"Expected %d, got %d\n", read_write[i].evt_cat, record->EventCategory);
sourcename = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD));
ok(!lstrcmpA(sourcename, read_write[i].evt_src), "Expected '%s', got '%s'\n",
read_write[i].evt_src, sourcename);
computername = (char *)((BYTE *)buf + sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1);
ok(!lstrcmpiA(computername, localcomputer), "Expected '%s', got '%s'\n",
localcomputer, computername);
/* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
* no padding was actually required a 0 DWORD was still used for padding. No
* application should be relying on the padding as we are working with offsets
* anyway.
*/
if (!on_vista)
{
DWORD calculated_sidoffset = sizeof(EVENTLOGRECORD) + lstrlenA(sourcename) + 1 + lstrlenA(computername) + 1;
/* We are already DWORD aligned, there should still be some padding */
if ((((UINT_PTR)buf + calculated_sidoffset) % sizeof(DWORD)) == 0)
ok(*(DWORD *)((BYTE *)buf + calculated_sidoffset) == 0, "Expected 0\n");
ok((((UINT_PTR)buf + record->UserSidOffset) % sizeof(DWORD)) == 0, "Expected DWORD alignment\n");
}
if (run_sidtests)
{
ok(record->UserSidLength == sidsize, "Expected %d, got %d\n", sidsize, record->UserSidLength);
}
else
{
ok(record->StringOffset == record->UserSidOffset, "Expected offsets to be the same\n");
ok(record->UserSidLength == 0, "Expected 0, got %d\n", record->UserSidLength);
}
ok(record->DataLength == 0, "Expected 0, got %d\n", record->DataLength);
ptr = (char *)((BYTE *)buf + record->StringOffset);
for (k = 0; k < record->NumStrings; k++)
{
ok(!lstrcmpA(ptr, two_strings[k]), "Expected '%s', got '%s'\n", two_strings[k], ptr);
ptr += lstrlenA(ptr) + 1;
}
ok(record->Length == *(DWORD *)((BYTE *)buf + record->Length - sizeof(DWORD)),
"Expected the closing DWORD to contain the length of the record\n");
HeapFree(GetProcessHeap(), 0, buf);
i++;
}
CloseEventLog(handle);
/* Test clearing a real eventlog */
handle = OpenEventLogA(NULL, eventlogname);
ok(handle != NULL, "Failed to open Event Log, got %d\n", GetLastError());
SetLastError(0xdeadbeef);
ret = ClearEventLogA(handle, NULL);
ok(ret, "Expected success\n");
count = 0xdeadbeef;
ret = GetNumberOfEventLogRecords(handle, &count);
ok(ret, "Expected success\n");
ok(count == 0, "Expected an empty eventlog, got %d records\n", count);
CloseEventLog(handle);
cleanup:
HeapFree(GetProcessHeap(), 0, localcomputer);
HeapFree(GetProcessHeap(), 0, user);
}
/*
* Initialize event logging
*/
void
openlog(const char *ident, int logopt, int facility) {
/* Get a handle to the Application event log */
hEventLog = RegisterEventSourceA(NULL, ident);
}
system_log_target(const std::string &name) : log_target(name) {
evtSource = RegisterEventSourceA(NULL,"EventSystem");
}
void winEventHandler(enum a6o_log_domain domain, enum a6o_log_level log_level, const char *message, void *user_data){
HANDLE hevent = NULL;
char ** msg[1];
int numMsg = 1;
WORD eventCategory = 0;
//WORD eventType = 0;
DWORD eventId = 0;
WORD eventLogType = 0;
hevent = RegisterEventSourceA(NULL, "Armadito-av" );
if (hevent == NULL) {
printf("[-] Error :: SvcReportEvent!RegisterEventSourceA() failed with error :: %d\n", GetLastError( ));
return;
}
//printf("[+] Debug :: Event Log Registered successfully\n" );
if (message != NULL)
msg[0] = message;
// Define Log Category
switch(domain) {
case ARMADITO_LOG_LIB:
eventCategory = LIBARMADITO_CATEGORY;
break;
case ARMADITO_LOG_MODULE:
eventCategory = MODULES_CATEGORY;
break;
case ARMADITO_LOG_SERVICE:
eventCategory = SERVICE_CATEGORY;
break;
default:
eventCategory = 0;
break;
}
// Define log event type.
// TODO :: add event type :: EVENTLOG_SUCCESS - EVENTLOG_AUDIT_FAILURE - EVENTLOG_AUDIT_SUCCESS
switch (log_level) {
case ARMADITO_LOG_LEVEL_ERROR:
eventLogType = EVENTLOG_ERROR_TYPE;
eventId = MSG_ERROR;
break;
case ARMADITO_LOG_LEVEL_WARNING:
eventLogType = EVENTLOG_WARNING_TYPE;
eventId = MSG_WARNING;
break;
case ARMADITO_LOG_LEVEL_INFO:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
case ARMADITO_LOG_LEVEL_DEBUG:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
case ARMADITO_LOG_LEVEL_NONE:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
default:
eventLogType = EVENTLOG_INFORMATION_TYPE;
eventId = MSG_INFO;
break;
}
if (ReportEventA(hevent, // Event log handle
eventLogType, // Event type
eventCategory, // Event category
eventId, // Event identifier
NULL, // Security identifier
numMsg, // Size of the string array
0, // Binary data
msg, // Array of strings
NULL // Binary data
) == FALSE) {
printf("[-] Error :: SvcReportEvent!ReportEventA() failed with error :: %d\n",GetLastError());
}
else {
//printf("[+] Debug :: Report Event executed successfully\n" );
}
DeregisterEventSource(hevent);
return;
}