VOID
LogfReportEvent(USHORT wType,
USHORT wCategory,
ULONG dwEventId,
USHORT wNumStrings,
PWSTR pStrings,
ULONG dwDataSize,
PVOID pRawData)
{
NTSTATUS Status;
UNICODE_STRING SourceName, ComputerName;
PEVENTLOGRECORD LogBuffer;
LARGE_INTEGER SystemTime;
ULONG Time;
SIZE_T RecSize;
DWORD dwComputerNameLength;
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
if (!EventLogSource)
return;
RtlInitUnicodeString(&SourceName, EventLogSource->szName);
dwComputerNameLength = ARRAYSIZE(szComputerName);
if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
szComputerName[0] = L'\0';
RtlInitUnicodeString(&ComputerName, szComputerName);
NtQuerySystemTime(&SystemTime);
RtlTimeToSecondsSince1970(&SystemTime, &Time);
LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
Time,
wType,
wCategory,
dwEventId,
&SourceName,
&ComputerName,
0,
NULL,
wNumStrings,
pStrings,
dwDataSize,
pRawData);
if (LogBuffer == NULL)
{
DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
return;
}
Status = LogfWriteRecord(EventLogSource->LogFile, LogBuffer, RecSize);
if (!NT_SUCCESS(Status))
{
DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
EventLogSource->LogFile->LogName, Status);
}
LogfFreeRecord(LogBuffer);
}
VOID
LogfReportEvent(WORD wType,
WORD wCategory,
DWORD dwEventId,
WORD wNumStrings,
WCHAR *lpStrings,
DWORD dwDataSize,
LPVOID lpRawData)
{
WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
DWORD dwComputerNameLength = MAX_COMPUTERNAME_LENGTH + 1;
PEVENTSOURCE pEventSource = NULL;
PBYTE logBuffer;
DWORD lastRec;
DWORD recSize;
DWORD dwError;
if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
{
szComputerName[0] = 0;
}
pEventSource = GetEventSourceByName(L"EventLog");
if (pEventSource == NULL)
{
return;
}
lastRec = LogfGetCurrentRecord(pEventSource->LogFile);
logBuffer = LogfAllocAndBuildNewRecord(&recSize,
lastRec,
wType,
wCategory,
dwEventId,
pEventSource->szName,
(LPCWSTR)szComputerName,
0,
NULL,
wNumStrings,
lpStrings,
dwDataSize,
lpRawData);
dwError = LogfWriteData(pEventSource->LogFile, recSize, logBuffer);
if (!dwError)
{
DPRINT1("ERROR WRITING TO EventLog %S\n", pEventSource->LogFile->FileName);
}
LogfFreeRecord(logBuffer);
}
/* Function 11 */
NTSTATUS ElfrReportEventW(
IELF_HANDLE LogHandle,
DWORD Time,
USHORT EventType,
USHORT EventCategory,
DWORD EventID,
USHORT NumStrings,
DWORD DataSize,
PRPC_UNICODE_STRING ComputerName,
PRPC_SID UserSID,
PRPC_UNICODE_STRING Strings[],
BYTE *Data,
USHORT Flags,
DWORD *RecordNumber,
DWORD *TimeWritten)
{
USHORT i;
PBYTE LogBuffer;
PLOGHANDLE lpLogHandle;
DWORD lastRec;
DWORD recSize;
DWORD dwStringsSize = 0;
DWORD dwUserSidLength = 0;
DWORD dwError = ERROR_SUCCESS;
WCHAR *lpStrings;
int pos = 0;
lpLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
if (!lpLogHandle)
{
return STATUS_INVALID_HANDLE;
}
/* Flags must be 0 */
if (Flags)
{
return STATUS_INVALID_PARAMETER;
}
lastRec = LogfGetCurrentRecord(lpLogHandle->LogFile);
for (i = 0; i < NumStrings; i++)
{
switch (EventType)
{
case EVENTLOG_SUCCESS:
DPRINT("Success: %wZ\n", Strings[i]);
break;
case EVENTLOG_ERROR_TYPE:
DPRINT("Error: %wZ\n", Strings[i]);
break;
case EVENTLOG_WARNING_TYPE:
DPRINT("Warning: %wZ\n", Strings[i]);
break;
case EVENTLOG_INFORMATION_TYPE:
DPRINT("Info: %wZ\n", Strings[i]);
break;
default:
DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
break;
}
dwStringsSize += Strings[i]->Length + sizeof UNICODE_NULL;
}
lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
if (!lpStrings)
{
DPRINT1("Failed to allocate heap\n");
return STATUS_NO_MEMORY;
}
for (i = 0; i < NumStrings; i++)
{
CopyMemory(lpStrings + pos, Strings[i]->Buffer, Strings[i]->Length);
pos += Strings[i]->Length / sizeof(WCHAR);
lpStrings[pos] = UNICODE_NULL;
pos += sizeof UNICODE_NULL / sizeof(WCHAR);
}
if (UserSID)
dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
LogBuffer = LogfAllocAndBuildNewRecord(&recSize,
lastRec,
EventType,
EventCategory,
EventID,
lpLogHandle->szName,
ComputerName->Buffer,
dwUserSidLength,
UserSID,
NumStrings,
lpStrings,
DataSize,
Data);
dwError = LogfWriteData(lpLogHandle->LogFile, recSize, LogBuffer);
if (!dwError)
{
DPRINT1("ERROR WRITING TO EventLog %S\n", lpLogHandle->LogFile->FileName);
}
LogfFreeRecord(LogBuffer);
HeapFree(GetProcessHeap(), 0, lpStrings);
return I_RpcMapWin32Status(dwError);
}
/* Helper function for ElfrReportEventW/A and ElfrReportEventAndSourceW */
NTSTATUS
ElfrIntReportEventW(
IELF_HANDLE LogHandle,
ULONG Time,
USHORT EventType,
USHORT EventCategory,
ULONG EventID,
PRPC_UNICODE_STRING SourceName OPTIONAL,
USHORT NumStrings,
ULONG DataSize,
PRPC_UNICODE_STRING ComputerName,
PRPC_SID UserSID,
PRPC_UNICODE_STRING Strings[],
PBYTE Data,
USHORT Flags,
PULONG RecordNumber,
PULONG TimeWritten)
{
NTSTATUS Status;
PLOGHANDLE pLogHandle;
UNICODE_STRING LocalSourceName, LocalComputerName;
PEVENTLOGRECORD LogBuffer;
USHORT i;
SIZE_T RecSize;
ULONG dwStringsSize = 0;
ULONG dwUserSidLength = 0;
PWSTR lpStrings, str;
pLogHandle = ElfGetLogHandleEntryByHandle(LogHandle);
if (!pLogHandle)
return STATUS_INVALID_HANDLE;
/* Flags must be 0 */
if (Flags)
return STATUS_INVALID_PARAMETER;
for (i = 0; i < NumStrings; i++)
{
switch (EventType)
{
case EVENTLOG_SUCCESS:
DPRINT("Success: %wZ\n", Strings[i]);
break;
case EVENTLOG_ERROR_TYPE:
DPRINT("Error: %wZ\n", Strings[i]);
break;
case EVENTLOG_WARNING_TYPE:
DPRINT("Warning: %wZ\n", Strings[i]);
break;
case EVENTLOG_INFORMATION_TYPE:
DPRINT("Info: %wZ\n", Strings[i]);
break;
case EVENTLOG_AUDIT_SUCCESS:
DPRINT("Audit Success: %wZ\n", Strings[i]);
break;
case EVENTLOG_AUDIT_FAILURE:
DPRINT("Audit Failure: %wZ\n", Strings[i]);
break;
default:
DPRINT1("Type %hu: %wZ\n", EventType, Strings[i]);
break;
}
dwStringsSize += Strings[i]->Length + sizeof(UNICODE_NULL);
}
lpStrings = HeapAlloc(GetProcessHeap(), 0, dwStringsSize);
if (!lpStrings)
{
DPRINT1("Failed to allocate heap\n");
return STATUS_NO_MEMORY;
}
str = lpStrings;
for (i = 0; i < NumStrings; i++)
{
RtlCopyMemory(str, Strings[i]->Buffer, Strings[i]->Length);
str += Strings[i]->Length / sizeof(WCHAR);
*str = UNICODE_NULL;
str++;
}
if (UserSID)
dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
if (SourceName && SourceName->Buffer)
LocalSourceName = *(PUNICODE_STRING)SourceName;
else
RtlInitUnicodeString(&LocalSourceName, pLogHandle->szName);
LocalComputerName = *(PUNICODE_STRING)ComputerName;
LogBuffer = LogfAllocAndBuildNewRecord(&RecSize,
Time,
EventType,
EventCategory,
EventID,
&LocalSourceName,
&LocalComputerName,
dwUserSidLength,
UserSID,
NumStrings,
lpStrings,
DataSize,
Data);
if (LogBuffer == NULL)
{
DPRINT1("LogfAllocAndBuildNewRecord failed!\n");
HeapFree(GetProcessHeap(), 0, lpStrings);
return STATUS_NO_MEMORY;
}
Status = LogfWriteRecord(pLogHandle->LogFile, LogBuffer, RecSize);
if (!NT_SUCCESS(Status))
{
DPRINT1("ERROR writing to event log `%S' (Status 0x%08lx)\n",
pLogHandle->LogFile->LogName, Status);
}
if (NT_SUCCESS(Status))
{
/* Retrieve the two fields that were set by LogfWriteRecord into the record */
if (RecordNumber)
*RecordNumber = LogBuffer->RecordNumber;
if (TimeWritten)
*TimeWritten = LogBuffer->TimeWritten;
}
LogfFreeRecord(LogBuffer);
HeapFree(GetProcessHeap(), 0, lpStrings);
return Status;
}
