/****************************************************************************** * ReportEventW [ADVAPI32.@] * * PARAMS * hEventLog [] * wType [] * wCategory [] * dwEventID [] * lpUserSid [] * wNumStrings [] * dwDataSize [] * lpStrings [] * lpRawData [] */ BOOL WINAPI ReportEventW(IN HANDLE hEventLog, IN WORD wType, IN WORD wCategory, IN DWORD dwEventID, IN PSID lpUserSid, IN WORD wNumStrings, IN DWORD dwDataSize, IN LPCWSTR *lpStrings, IN LPVOID lpRawData) { NTSTATUS Status; PUNICODE_STRING *Strings; UNICODE_STRING ComputerName; WORD i; WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1]; DWORD dwSize; LARGE_INTEGER SystemTime; ULONG Seconds; TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n", hEventLog, wType, wCategory, dwEventID, lpUserSid, wNumStrings, dwDataSize, lpStrings, lpRawData); Strings = HeapAlloc(GetProcessHeap(), 0, wNumStrings * sizeof(PUNICODE_STRING)); if (!Strings) { SetLastError(ERROR_NOT_ENOUGH_MEMORY); return FALSE; } for (i = 0; i < wNumStrings; i++) { Strings[i] = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(ANSI_STRING)); if (Strings[i]) { RtlInitUnicodeString(Strings[i], lpStrings[i]); } } dwSize = MAX_COMPUTERNAME_LENGTH + 1; GetComputerNameW(szComputerName, &dwSize); RtlInitUnicodeString(&ComputerName, szComputerName); NtQuerySystemTime(&SystemTime); RtlTimeToSecondsSince1970(&SystemTime, &Seconds); RpcTryExcept { Status = ElfrReportEventW(hEventLog, Seconds, wType, wCategory, dwEventID, wNumStrings, dwDataSize, (PRPC_UNICODE_STRING)&ComputerName, lpUserSid, (PRPC_UNICODE_STRING*)Strings, lpRawData, 0, NULL, NULL); } RpcExcept(EXCEPTION_EXECUTE_HANDLER) { Status = I_RpcMapWin32Status(RpcExceptionCode()); } RpcEndExcept; for (i = 0; i < wNumStrings; i++) { if (Strings[i] != NULL) HeapFree(GetProcessHeap(), 0, Strings[i]); } HeapFree(GetProcessHeap(), 0, Strings); if (!NT_SUCCESS(Status)) { SetLastError(RtlNtStatusToDosError(Status)); return FALSE; } return TRUE; }
/* Function 18 */ NTSTATUS ElfrReportEventA( IELF_HANDLE LogHandle, ULONG Time, USHORT EventType, USHORT EventCategory, ULONG EventID, USHORT NumStrings, ULONG DataSize, PRPC_STRING ComputerName, PRPC_SID UserSID, PRPC_STRING Strings[], PBYTE Data, USHORT Flags, PULONG RecordNumber, PULONG TimeWritten) { NTSTATUS Status = STATUS_SUCCESS; UNICODE_STRING ComputerNameW; PUNICODE_STRING *StringsArrayW = NULL; USHORT i; DPRINT("ElfrReportEventA(%hu)\n", NumStrings); #if 0 for (i = 0; i < NumStrings; i++) { if (Strings[i] == NULL) { DPRINT1("String %hu is null\n", i); } else { DPRINT1("String %hu: %Z\n", i, Strings[i]); } } #endif Status = RtlAnsiStringToUnicodeString((PUNICODE_STRING)&ComputerNameW, (PANSI_STRING)ComputerName, TRUE); if (!NT_SUCCESS(Status)) return Status; if (NumStrings != 0) { StringsArrayW = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, NumStrings * sizeof(PUNICODE_STRING)); if (StringsArrayW == NULL) { Status = STATUS_NO_MEMORY; goto Done; } for (i = 0; i < NumStrings; i++) { if (Strings[i] != NULL) { StringsArrayW[i] = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(UNICODE_STRING)); if (StringsArrayW[i] == NULL) { Status = STATUS_NO_MEMORY; break; } Status = RtlAnsiStringToUnicodeString(StringsArrayW[i], (PANSI_STRING)Strings[i], TRUE); } if (!NT_SUCCESS(Status)) break; } } if (NT_SUCCESS(Status)) { Status = ElfrReportEventW(LogHandle, Time, EventType, EventCategory, EventID, NumStrings, DataSize, (PRPC_UNICODE_STRING)&ComputerNameW, UserSID, (PRPC_UNICODE_STRING*)StringsArrayW, Data, Flags, RecordNumber, TimeWritten); } Done: if (StringsArrayW != NULL) { for (i = 0; i < NumStrings; i++) { if ((StringsArrayW[i] != NULL) && (StringsArrayW[i]->Buffer)) { RtlFreeUnicodeString(StringsArrayW[i]); HeapFree(GetProcessHeap(), 0, StringsArrayW[i]); } } HeapFree(GetProcessHeap(), 0, StringsArrayW); } RtlFreeUnicodeString(&ComputerNameW); return Status; }