/******************************************************************************
* ReportEventW [ADVAPI32.@]
*
* PARAMS
* hEventLog []
* wType []
* wCategory []
* dwEventID []
* lpUserSid []
* wNumStrings []
* dwDataSize []
* lpStrings []
* lpRawData []
*/
BOOL WINAPI
ReportEventW(IN HANDLE hEventLog,
IN WORD wType,
IN WORD wCategory,
IN DWORD dwEventID,
IN PSID lpUserSid,
IN WORD wNumStrings,
IN DWORD dwDataSize,
IN LPCWSTR *lpStrings,
IN LPVOID lpRawData)
{
NTSTATUS Status;
PUNICODE_STRING *Strings;
UNICODE_STRING ComputerName;
WORD i;
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
DWORD dwSize;
LARGE_INTEGER SystemTime;
ULONG Seconds;
TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
hEventLog, wType, wCategory, dwEventID, lpUserSid,
wNumStrings, dwDataSize, lpStrings, lpRawData);
Strings = HeapAlloc(GetProcessHeap(),
0,
wNumStrings * sizeof(PUNICODE_STRING));
if (!Strings)
{
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
return FALSE;
}
for (i = 0; i < wNumStrings; i++)
{
Strings[i] = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
sizeof(ANSI_STRING));
if (Strings[i])
{
RtlInitUnicodeString(Strings[i], lpStrings[i]);
}
}
dwSize = MAX_COMPUTERNAME_LENGTH + 1;
GetComputerNameW(szComputerName, &dwSize);
RtlInitUnicodeString(&ComputerName, szComputerName);
NtQuerySystemTime(&SystemTime);
RtlTimeToSecondsSince1970(&SystemTime, &Seconds);
RpcTryExcept
{
Status = ElfrReportEventW(hEventLog,
Seconds,
wType,
wCategory,
dwEventID,
wNumStrings,
dwDataSize,
(PRPC_UNICODE_STRING)&ComputerName,
lpUserSid,
(PRPC_UNICODE_STRING*)Strings,
lpRawData,
0,
NULL,
NULL);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
for (i = 0; i < wNumStrings; i++)
{
if (Strings[i] != NULL)
HeapFree(GetProcessHeap(), 0, Strings[i]);
}
HeapFree(GetProcessHeap(), 0, Strings);
if (!NT_SUCCESS(Status))
{
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
/* Function 18 */
NTSTATUS
ElfrReportEventA(
IELF_HANDLE LogHandle,
ULONG Time,
USHORT EventType,
USHORT EventCategory,
ULONG EventID,
USHORT NumStrings,
ULONG DataSize,
PRPC_STRING ComputerName,
PRPC_SID UserSID,
PRPC_STRING Strings[],
PBYTE Data,
USHORT Flags,
PULONG RecordNumber,
PULONG TimeWritten)
{
NTSTATUS Status = STATUS_SUCCESS;
UNICODE_STRING ComputerNameW;
PUNICODE_STRING *StringsArrayW = NULL;
USHORT i;
DPRINT("ElfrReportEventA(%hu)\n", NumStrings);
#if 0
for (i = 0; i < NumStrings; i++)
{
if (Strings[i] == NULL)
{
DPRINT1("String %hu is null\n", i);
}
else
{
DPRINT1("String %hu: %Z\n", i, Strings[i]);
}
}
#endif
Status = RtlAnsiStringToUnicodeString((PUNICODE_STRING)&ComputerNameW,
(PANSI_STRING)ComputerName,
TRUE);
if (!NT_SUCCESS(Status))
return Status;
if (NumStrings != 0)
{
StringsArrayW = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
NumStrings * sizeof(PUNICODE_STRING));
if (StringsArrayW == NULL)
{
Status = STATUS_NO_MEMORY;
goto Done;
}
for (i = 0; i < NumStrings; i++)
{
if (Strings[i] != NULL)
{
StringsArrayW[i] = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY,
sizeof(UNICODE_STRING));
if (StringsArrayW[i] == NULL)
{
Status = STATUS_NO_MEMORY;
break;
}
Status = RtlAnsiStringToUnicodeString(StringsArrayW[i],
(PANSI_STRING)Strings[i],
TRUE);
}
if (!NT_SUCCESS(Status))
break;
}
}
if (NT_SUCCESS(Status))
{
Status = ElfrReportEventW(LogHandle,
Time,
EventType,
EventCategory,
EventID,
NumStrings,
DataSize,
(PRPC_UNICODE_STRING)&ComputerNameW,
UserSID,
(PRPC_UNICODE_STRING*)StringsArrayW,
Data,
Flags,
RecordNumber,
TimeWritten);
}
Done:
if (StringsArrayW != NULL)
{
for (i = 0; i < NumStrings; i++)
{
if ((StringsArrayW[i] != NULL) && (StringsArrayW[i]->Buffer))
{
RtlFreeUnicodeString(StringsArrayW[i]);
HeapFree(GetProcessHeap(), 0, StringsArrayW[i]);
}
}
HeapFree(GetProcessHeap(), 0, StringsArrayW);
}
RtlFreeUnicodeString(&ComputerNameW);
return Status;
}
