projects / reactos.git / blob
? search:


fcf1000405243903d87f6782039868f32312fb5e
[reactos.git] / dll / win32 / advapi32 / service / eventlog.c
1 /*
2 * Win32 advapi functions
3 *
4 * Copyright 1995 Sven Verdoolaege
5 * Copyright 1998 Juergen Schmied
6 * Copyright 2003 Mike Hearn
7 * Copyright 2007 Hervé Poussineau
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 /* INCLUDES ******************************************************************/
25
26 #include <advapi32.h>
27
28 #include <ndk/kefuncs.h>
29 #include <eventlogrpc_c.h>
30
31 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
32
33 static RPC_UNICODE_STRING EmptyStringU = { 0, 0, L"" };
34 static RPC_STRING EmptyStringA = { 0, 0, "" };
35
36
37 /* FUNCTIONS *****************************************************************/
38
39 handle_t __RPC_USER
40 EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName)
41 {
42 handle_t hBinding = NULL;
43 UCHAR *pszStringBinding;
44 RPC_STATUS status;
45
46 TRACE("EVENTLOG_HANDLE_A_bind() called\n");
47
48 status = RpcStringBindingComposeA(NULL,
49 (UCHAR *)"ncacn_np",
50 (UCHAR *)UNCServerName,
51 (UCHAR *)"\\pipe\\EventLog",
52 NULL,
53 (UCHAR **)&pszStringBinding);
54 if (status)
55 {
56 ERR("RpcStringBindingCompose returned 0x%x\n", status);
57 return NULL;
58 }
59
60 /* Set the binding handle that will be used to bind to the server. */
61 status = RpcBindingFromStringBindingA(pszStringBinding,
62 &hBinding);
63 if (status != RPC_S_OK)
64 {
65 ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
66 }
67
68 status = RpcStringFreeA(&pszStringBinding);
69 if (status != RPC_S_OK)
70 {
71 ERR("RpcStringFree returned 0x%x\n", status);
72 }
73
74 return hBinding;
75 }
76
77
78 void __RPC_USER
79 EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName,
80 handle_t hBinding)
81 {
82 RPC_STATUS status;
83
84 TRACE("EVENTLOG_HANDLE_A_unbind() called\n");
85
86 status = RpcBindingFree(&hBinding);
87 if (status != RPC_S_OK)
88 {
89 ERR("RpcBindingFree returned 0x%x\n", status);
90 }
91 }
92
93
94 handle_t __RPC_USER
95 EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName)
96 {
97 handle_t hBinding = NULL;
98 LPWSTR pszStringBinding;
99 RPC_STATUS status;
100
101 TRACE("EVENTLOG_HANDLE_W_bind() called\n");
102
103 status = RpcStringBindingComposeW(NULL,
104 L"ncacn_np",
105 UNCServerName,
106 L"\\pipe\\EventLog",
107 NULL,
108 &pszStringBinding);
109 if (status != RPC_S_OK)
110 {
111 ERR("RpcStringBindingCompose returned 0x%x\n", status);
112 return NULL;
113 }
114
115 /* Set the binding handle that will be used to bind to the server. */
116 status = RpcBindingFromStringBindingW(pszStringBinding,
117 &hBinding);
118 if (status != RPC_S_OK)
119 {
120 ERR("RpcBindingFromStringBinding returned 0x%x\n", status);
121 }
122
123 status = RpcStringFreeW(&pszStringBinding);
124 if (status != RPC_S_OK)
125 {
126 ERR("RpcStringFree returned 0x%x\n", status);
127 }
128
129 return hBinding;
130 }
131
132
133 void __RPC_USER
134 EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName,
135 handle_t hBinding)
136 {
137 RPC_STATUS status;
138
139 TRACE("EVENTLOG_HANDLE_W_unbind() called\n");
140
141 status = RpcBindingFree(&hBinding);
142 if (status != RPC_S_OK)
143 {
144 ERR("RpcBindingFree returned 0x%x\n", status);
145 }
146 }
147
148
149 /******************************************************************************
150 * BackupEventLogA [ADVAPI32.@]
151 */
152 NTSTATUS
153 NTAPI
154 ElfBackupEventLogFileA(IN HANDLE hEventLog,
155 IN PANSI_STRING BackupFileNameA)
156 {
157 NTSTATUS Status;
158
159 if (!BackupFileNameA || (BackupFileNameA->Length == 0))
160 return STATUS_INVALID_PARAMETER;
161
162 RpcTryExcept
163 {
164 Status = ElfrBackupELFA(hEventLog,
165 (PRPC_STRING)BackupFileNameA);
166 }
167 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
168 {
169 Status = I_RpcMapWin32Status(RpcExceptionCode());
170 }
171 RpcEndExcept;
172
173 return Status;
174 }
175
176 BOOL WINAPI
177 BackupEventLogA(IN HANDLE hEventLog,
178 IN LPCSTR lpBackupFileName)
179 {
180 BOOL Success;
181 NTSTATUS Status;
182 ANSI_STRING BackupFileNameA;
183 UNICODE_STRING BackupFileNameW;
184
185 TRACE("%p, %s\n", hEventLog, lpBackupFileName);
186
187 if (lpBackupFileName == NULL)
188 {
189 SetLastError(ERROR_INVALID_PARAMETER);
190 return FALSE;
191 }
192
193 RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
194
195 Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
196 &BackupFileNameA,
197 TRUE);
198 if (!NT_SUCCESS(Status))
199 {
200 SetLastError(RtlNtStatusToDosError(Status));
201 return FALSE;
202 }
203
204 Success = BackupEventLogW(hEventLog,
205 BackupFileNameW.Buffer);
206
207 RtlFreeUnicodeString(&BackupFileNameW);
208
209 return Success;
210 }
211
212
213 /******************************************************************************
214 * BackupEventLogW [ADVAPI32.@]
215 *
216 * PARAMS
217 * hEventLog []
218 * lpBackupFileName []
219 */
220 NTSTATUS
221 NTAPI
222 ElfBackupEventLogFileW(IN HANDLE hEventLog,
223 IN PUNICODE_STRING BackupFileNameU)
224 {
225 NTSTATUS Status;
226
227 if (!BackupFileNameU || (BackupFileNameU->Length == 0))
228 return STATUS_INVALID_PARAMETER;
229
230 RpcTryExcept
231 {
232 Status = ElfrBackupELFW(hEventLog,
233 (PRPC_UNICODE_STRING)BackupFileNameU);
234 }
235 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
236 {
237 Status = I_RpcMapWin32Status(RpcExceptionCode());
238 }
239 RpcEndExcept;
240
241 return Status;
242 }
243
244 BOOL WINAPI
245 BackupEventLogW(IN HANDLE hEventLog,
246 IN LPCWSTR lpBackupFileName)
247 {
248 NTSTATUS Status;
249 UNICODE_STRING BackupFileName;
250
251 TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
252
253 if (lpBackupFileName == NULL)
254 {
255 SetLastError(ERROR_INVALID_PARAMETER);
256 return FALSE;
257 }
258
259 if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
260 NULL, NULL))
261 {
262 SetLastError(ERROR_INVALID_PARAMETER);
263 return FALSE;
264 }
265
266 Status = ElfBackupEventLogFileW(hEventLog, &BackupFileName);
267
268 RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
269
270 if (!NT_SUCCESS(Status))
271 {
272 SetLastError(RtlNtStatusToDosError(Status));
273 return FALSE;
274 }
275
276 return TRUE;
277 }
278
279
280 /******************************************************************************
281 * ClearEventLogA [ADVAPI32.@]
282 */
283 NTSTATUS
284 NTAPI
285 ElfClearEventLogFileA(IN HANDLE hEventLog,
286 IN PANSI_STRING BackupFileNameA)
287 {
288 NTSTATUS Status;
289
290 RpcTryExcept
291 {
292 Status = ElfrClearELFA(hEventLog,
293 (PRPC_STRING)BackupFileNameA);
294 }
295 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
296 {
297 Status = I_RpcMapWin32Status(RpcExceptionCode());
298 }
299 RpcEndExcept;
300
301 return Status;
302 }
303
304 BOOL WINAPI
305 ClearEventLogA(IN HANDLE hEventLog,
306 IN LPCSTR lpBackupFileName)
307 {
308 BOOL Success;
309 NTSTATUS Status;
310 ANSI_STRING BackupFileNameA;
311 UNICODE_STRING BackupFileNameW;
312
313 TRACE("%p, %s\n", hEventLog, lpBackupFileName);
314
315 if (lpBackupFileName == NULL)
316 {
317 RtlInitUnicodeString(&BackupFileNameW, NULL);
318 }
319 else
320 {
321 RtlInitAnsiString(&BackupFileNameA, lpBackupFileName);
322
323 Status = RtlAnsiStringToUnicodeString(&BackupFileNameW,
324 &BackupFileNameA,
325 TRUE);
326 if (!NT_SUCCESS(Status))
327 {
328 SetLastError(RtlNtStatusToDosError(Status));
329 return FALSE;
330 }
331 }
332
333 Success = ClearEventLogW(hEventLog,
334 BackupFileNameW.Buffer);
335
336 RtlFreeUnicodeString(&BackupFileNameW);
337
338 return Success;
339 }
340
341
342 /******************************************************************************
343 * ClearEventLogW [ADVAPI32.@]
344 */
345 NTSTATUS
346 NTAPI
347 ElfClearEventLogFileW(IN HANDLE hEventLog,
348 IN PUNICODE_STRING BackupFileNameU)
349 {
350 NTSTATUS Status;
351
352 RpcTryExcept
353 {
354 Status = ElfrClearELFW(hEventLog,
355 (PRPC_UNICODE_STRING)BackupFileNameU);
356 }
357 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
358 {
359 Status = I_RpcMapWin32Status(RpcExceptionCode());
360 }
361 RpcEndExcept;
362
363 return Status;
364 }
365
366 BOOL WINAPI
367 ClearEventLogW(IN HANDLE hEventLog,
368 IN LPCWSTR lpBackupFileName)
369 {
370 NTSTATUS Status;
371 UNICODE_STRING BackupFileName;
372
373 TRACE("%p, %s\n", hEventLog, debugstr_w(lpBackupFileName));
374
375 if (lpBackupFileName == NULL)
376 {
377 RtlInitUnicodeString(&BackupFileName, NULL);
378 }
379 else
380 {
381 if (!RtlDosPathNameToNtPathName_U(lpBackupFileName, &BackupFileName,
382 NULL, NULL))
383 {
384 SetLastError(ERROR_INVALID_PARAMETER);
385 return FALSE;
386 }
387 }
388
389 Status = ElfClearEventLogFileW(hEventLog, &BackupFileName);
390
391 if (lpBackupFileName != NULL)
392 RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName.Buffer);
393
394 if (!NT_SUCCESS(Status))
395 {
396 SetLastError(RtlNtStatusToDosError(Status));
397 return FALSE;
398 }
399
400 return TRUE;
401 }
402
403
404 /******************************************************************************
405 * CloseEventLog [ADVAPI32.@]
406 */
407 NTSTATUS
408 NTAPI
409 ElfCloseEventLog(IN HANDLE hEventLog)
410 {
411 NTSTATUS Status;
412
413 RpcTryExcept
414 {
415 Status = ElfrCloseEL(&hEventLog);
416 }
417 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
418 {
419 Status = I_RpcMapWin32Status(RpcExceptionCode());
420 }
421 RpcEndExcept;
422
423 return Status;
424 }
425
426 BOOL WINAPI
427 CloseEventLog(IN HANDLE hEventLog)
428 {
429 NTSTATUS Status;
430
431 TRACE("%p\n", hEventLog);
432
433 Status = ElfCloseEventLog(hEventLog);
434 if (!NT_SUCCESS(Status))
435 {
436 SetLastError(RtlNtStatusToDosError(Status));
437 return FALSE;
438 }
439
440 return TRUE;
441 }
442
443
444 /******************************************************************************
445 * DeregisterEventSource [ADVAPI32.@]
446 * Closes a handle to the specified event log
447 *
448 * PARAMS
449 * hEventLog [I] Handle to event log
450 *
451 * RETURNS STD
452 */
453 NTSTATUS
454 NTAPI
455 ElfDeregisterEventSource(IN HANDLE hEventLog)
456 {
457 NTSTATUS Status;
458
459 RpcTryExcept
460 {
461 Status = ElfrDeregisterEventSource(&hEventLog);
462 }
463 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
464 {
465 Status = I_RpcMapWin32Status(RpcExceptionCode());
466 }
467 RpcEndExcept;
468
469 return Status;
470 }
471
472 BOOL WINAPI
473 DeregisterEventSource(IN HANDLE hEventLog)
474 {
475 NTSTATUS Status;
476
477 TRACE("%p\n", hEventLog);
478
479 Status = ElfDeregisterEventSource(hEventLog);
480 if (!NT_SUCCESS(Status))
481 {
482 SetLastError(RtlNtStatusToDosError(Status));
483 return FALSE;
484 }
485
486 return TRUE;
487 }
488
489
490 /******************************************************************************
491 * GetEventLogInformation [ADVAPI32.@]
492 *
493 * PARAMS
494 * hEventLog [I] Handle to event log
495 * dwInfoLevel [I] Level of event log information to return
496 * lpBuffer [O] Buffer that receives the event log information
497 * cbBufSize [I] Size of the lpBuffer buffer
498 * pcbBytesNeeded [O] Required buffer size
499 */
500 BOOL WINAPI
501 GetEventLogInformation(IN HANDLE hEventLog,
502 IN DWORD dwInfoLevel,
503 OUT LPVOID lpBuffer,
504 IN DWORD cbBufSize,
505 OUT LPDWORD pcbBytesNeeded)
506 {
507 NTSTATUS Status;
508
509 if (dwInfoLevel != EVENTLOG_FULL_INFO)
510 {
511 SetLastError(ERROR_INVALID_LEVEL);
512 return FALSE;
513 }
514
515 RpcTryExcept
516 {
517 Status = ElfrGetLogInformation(hEventLog,
518 dwInfoLevel,
519 (LPBYTE)lpBuffer,
520 cbBufSize,
521 pcbBytesNeeded);
522 }
523 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
524 {
525 Status = I_RpcMapWin32Status(RpcExceptionCode());
526 }
527 RpcEndExcept;
528
529 if (!NT_SUCCESS(Status))
530 {
531 SetLastError(RtlNtStatusToDosError(Status));
532 return FALSE;
533 }
534
535 return TRUE;
536 }
537
538
539 /******************************************************************************
540 * GetNumberOfEventLogRecords [ADVAPI32.@]
541 *
542 * PARAMS
543 * hEventLog []
544 * NumberOfRecords []
545 */
546 NTSTATUS
547 NTAPI
548 ElfNumberOfRecords(IN HANDLE hEventLog,
549 OUT PULONG NumberOfRecords)
550 {
551 NTSTATUS Status;
552
553 if (!NumberOfRecords)
554 return STATUS_INVALID_PARAMETER;
555
556 RpcTryExcept
557 {
558 Status = ElfrNumberOfRecords(hEventLog, NumberOfRecords);
559 }
560 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
561 {
562 Status = I_RpcMapWin32Status(RpcExceptionCode());
563 }
564 RpcEndExcept;
565
566 return Status;
567 }
568
569 BOOL WINAPI
570 GetNumberOfEventLogRecords(IN HANDLE hEventLog,
571 OUT PDWORD NumberOfRecords)
572 {
573 NTSTATUS Status;
574
575 TRACE("%p, %p\n", hEventLog, NumberOfRecords);
576
577 Status = ElfNumberOfRecords(hEventLog, NumberOfRecords);
578 if (!NT_SUCCESS(Status))
579 {
580 SetLastError(RtlNtStatusToDosError(Status));
581 return FALSE;
582 }
583
584 return TRUE;
585 }
586
587
588 /******************************************************************************
589 * GetOldestEventLogRecord [ADVAPI32.@]
590 *
591 * PARAMS
592 * hEventLog []
593 * OldestRecord []
594 */
595 NTSTATUS
596 NTAPI
597 ElfOldestRecord(IN HANDLE hEventLog,
598 OUT PULONG OldestRecordNumber)
599 {
600 NTSTATUS Status;
601
602 if (!OldestRecordNumber)
603 return STATUS_INVALID_PARAMETER;
604
605 RpcTryExcept
606 {
607 Status = ElfrOldestRecord(hEventLog, OldestRecordNumber);
608 }
609 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
610 {
611 Status = I_RpcMapWin32Status(RpcExceptionCode());
612 }
613 RpcEndExcept;
614
615 return Status;
616 }
617
618 BOOL WINAPI
619 GetOldestEventLogRecord(IN HANDLE hEventLog,
620 OUT PDWORD OldestRecord)
621 {
622 NTSTATUS Status;
623
624 TRACE("%p, %p\n", hEventLog, OldestRecord);
625
626 Status = ElfOldestRecord(hEventLog, OldestRecord);
627 if (!NT_SUCCESS(Status))
628 {
629 SetLastError(RtlNtStatusToDosError(Status));
630 return FALSE;
631 }
632
633 return TRUE;
634 }
635
636
637 /******************************************************************************
638 * NotifyChangeEventLog [ADVAPI32.@]
639 *
640 * PARAMS
641 * hEventLog []
642 * hEvent []
643 */
644 NTSTATUS
645 NTAPI
646 ElfChangeNotify(IN HANDLE hEventLog,
647 IN HANDLE hEvent)
648 {
649 NTSTATUS Status;
650 CLIENT_ID ClientId = NtCurrentTeb()->ClientId;
651 RPC_CLIENT_ID RpcClientId;
652
653 RpcClientId.UniqueProcess = HandleToUlong(ClientId.UniqueProcess);
654 RpcClientId.UniqueThread = HandleToUlong(ClientId.UniqueThread);
655
656 RpcTryExcept
657 {
658 Status = ElfrChangeNotify(hEventLog, RpcClientId, (DWORD)hEvent);
659 }
660 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
661 {
662 Status = I_RpcMapWin32Status(RpcExceptionCode());
663 }
664 RpcEndExcept;
665
666 return Status;
667 }
668
669 BOOL WINAPI
670 NotifyChangeEventLog(IN HANDLE hEventLog,
671 IN HANDLE hEvent)
672 {
673 NTSTATUS Status;
674
675 TRACE("%p, %p\n", hEventLog, hEvent);
676
677 Status = ElfChangeNotify(hEventLog, hEvent);
678 if (!NT_SUCCESS(Status))
679 {
680 SetLastError(RtlNtStatusToDosError(Status));
681 return FALSE;
682 }
683
684 return TRUE;
685 }
686
687
688 /******************************************************************************
689 * OpenBackupEventLogA [ADVAPI32.@]
690 */
691 NTSTATUS
692 NTAPI
693 ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA,
694 IN PANSI_STRING BackupFileNameA,
695 OUT PHANDLE phEventLog)
696 {
697 NTSTATUS Status;
698 PSTR pUNCServerName = NULL;
699
700 if (!phEventLog || !BackupFileNameA || (BackupFileNameA->Length == 0))
701 return STATUS_INVALID_PARAMETER;
702
703 if (UNCServerNameA && (UNCServerNameA->Length != 0))
704 pUNCServerName = UNCServerNameA->Buffer;
705
706 *phEventLog = NULL;
707
708 RpcTryExcept
709 {
710 Status = ElfrOpenBELA(pUNCServerName,
711 (PRPC_STRING)BackupFileNameA,
712 1, 1,
713 (IELF_HANDLE*)phEventLog);
714 }
715 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
716 {
717 Status = I_RpcMapWin32Status(RpcExceptionCode());
718 }
719 RpcEndExcept;
720
721 return Status;
722 }
723
724 HANDLE WINAPI
725 OpenBackupEventLogA(IN LPCSTR lpUNCServerName,
726 IN LPCSTR lpFileName)
727 {
728 NTSTATUS Status;
729 HANDLE LogHandle;
730 ANSI_STRING UNCServerNameA;
731 UNICODE_STRING UNCServerNameW;
732 ANSI_STRING FileNameA;
733 UNICODE_STRING FileNameW;
734
735 TRACE("%s, %s\n", lpUNCServerName, lpFileName);
736
737 /* Convert the server name to unicode */
738 if (lpUNCServerName == NULL)
739 {
740 RtlInitUnicodeString(&UNCServerNameW, NULL);
741 }
742 else
743 {
744 RtlInitAnsiString(&UNCServerNameA, lpUNCServerName);
745
746 Status = RtlAnsiStringToUnicodeString(&UNCServerNameW,
747 &UNCServerNameA,
748 TRUE);
749 if (!NT_SUCCESS(Status))
750 {
751 SetLastError(RtlNtStatusToDosError(Status));
752 return NULL;
753 }
754 }
755
756 /* Convert the file name to unicode */
757 if (lpFileName == NULL)
758 {
759 RtlInitUnicodeString(&FileNameW, NULL);
760 }
761 else
762 {
763 RtlInitAnsiString(&FileNameA, lpFileName);
764
765 Status = RtlAnsiStringToUnicodeString(&FileNameW,
766 &FileNameA,
767 TRUE);
768 if (!NT_SUCCESS(Status))
769 {
770 RtlFreeUnicodeString(&UNCServerNameW);
771 SetLastError(RtlNtStatusToDosError(Status));
772 return NULL;
773 }
774 }
775
776 /* Call the unicode function */
777 LogHandle = OpenBackupEventLogW(UNCServerNameW.Buffer,
778 FileNameW.Buffer);
779
780 /* Free the unicode strings */
781 RtlFreeUnicodeString(&UNCServerNameW);
782 RtlFreeUnicodeString(&FileNameW);
783
784 return LogHandle;
785 }
786
787
788 /******************************************************************************
789 * OpenBackupEventLogW [ADVAPI32.@]
790 *
791 * PARAMS
792 * lpUNCServerName []
793 * lpFileName []
794 */
795 NTSTATUS
796 NTAPI
797 ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU,
798 IN PUNICODE_STRING BackupFileNameU,
799 OUT PHANDLE phEventLog)
800 {
801 NTSTATUS Status;
802 PWSTR pUNCServerName = NULL;
803
804 if (!phEventLog || !BackupFileNameU || (BackupFileNameU->Length == 0))
805 return STATUS_INVALID_PARAMETER;
806
807 if (UNCServerNameU && (UNCServerNameU->Length != 0))
808 pUNCServerName = UNCServerNameU->Buffer;
809
810 *phEventLog = NULL;
811
812 RpcTryExcept
813 {
814 Status = ElfrOpenBELW(pUNCServerName,
815 (PRPC_UNICODE_STRING)BackupFileNameU,
816 1, 1,
817 (IELF_HANDLE*)phEventLog);
818 }
819 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
820 {
821 Status = I_RpcMapWin32Status(RpcExceptionCode());
822 }
823 RpcEndExcept;
824
825 return Status;
826 }
827
828 HANDLE WINAPI
829 OpenBackupEventLogW(IN LPCWSTR lpUNCServerName,
830 IN LPCWSTR lpFileName)
831 {
832 NTSTATUS Status;
833 HANDLE hEventLog;
834 UNICODE_STRING UNCServerName, FileName;
835
836 TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpFileName));
837
838 if (lpFileName == NULL)
839 {
840 SetLastError(ERROR_INVALID_PARAMETER);
841 return NULL;
842 }
843
844 if (!RtlDosPathNameToNtPathName_U(lpFileName, &FileName,
845 NULL, NULL))
846 {
847 SetLastError(ERROR_INVALID_PARAMETER);
848 return NULL;
849 }
850
851 RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
852
853 Status = ElfOpenBackupEventLogW(&UNCServerName, &FileName, &hEventLog);
854
855 if (FileName.Buffer != NULL)
856 RtlFreeHeap(RtlGetProcessHeap(), 0, FileName.Buffer);
857
858 if (!NT_SUCCESS(Status))
859 {
860 SetLastError(RtlNtStatusToDosError(Status));
861 return NULL;
862 }
863
864 return hEventLog;
865 }
866
867
868 /******************************************************************************
869 * OpenEventLogA [ADVAPI32.@]
870 *
871 * Opens a handle to the specified event log.
872 *
873 * PARAMS
874 * lpUNCServerName [I] UNC name of the server on which the event log is
875 * opened.
876 * lpSourceName [I] Name of the log.
877 *
878 * RETURNS
879 * Success: Handle to an event log.
880 * Failure: NULL
881 */
882 NTSTATUS
883 NTAPI
884 ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA,
885 IN PANSI_STRING SourceNameA,
886 OUT PHANDLE phEventLog)
887 {
888 NTSTATUS Status;
889 PSTR pUNCServerName = NULL;
890
891 if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
892 return STATUS_INVALID_PARAMETER;
893
894 if (UNCServerNameA && (UNCServerNameA->Length != 0))
895 pUNCServerName = UNCServerNameA->Buffer;
896
897 *phEventLog = NULL;
898
899 RpcTryExcept
900 {
901 Status = ElfrOpenELA(pUNCServerName,
902 (PRPC_STRING)SourceNameA,
903 &EmptyStringA,
904 1, 1,
905 (IELF_HANDLE*)phEventLog);
906 }
907 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
908 {
909 Status = I_RpcMapWin32Status(RpcExceptionCode());
910 }
911 RpcEndExcept;
912
913 return Status;
914 }
915
916 HANDLE WINAPI
917 OpenEventLogA(IN LPCSTR lpUNCServerName,
918 IN LPCSTR lpSourceName)
919 {
920 NTSTATUS Status;
921 HANDLE hEventLog;
922 ANSI_STRING UNCServerName, SourceName;
923
924 TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
925
926 RtlInitAnsiString(&UNCServerName, lpUNCServerName);
927 RtlInitAnsiString(&SourceName, lpSourceName);
928
929 Status = ElfOpenEventLogA(&UNCServerName, &SourceName, &hEventLog);
930 if (!NT_SUCCESS(Status))
931 {
932 SetLastError(RtlNtStatusToDosError(Status));
933 return NULL;
934 }
935
936 return hEventLog;
937 }
938
939
940 /******************************************************************************
941 * OpenEventLogW [ADVAPI32.@]
942 *
943 * PARAMS
944 * lpUNCServerName []
945 * lpSourceName []
946 */
947 NTSTATUS
948 NTAPI
949 ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU,
950 IN PUNICODE_STRING SourceNameU,
951 OUT PHANDLE phEventLog)
952 {
953 NTSTATUS Status;
954 PWSTR pUNCServerName = NULL;
955
956 if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
957 return STATUS_INVALID_PARAMETER;
958
959 if (UNCServerNameU && (UNCServerNameU->Length != 0))
960 pUNCServerName = UNCServerNameU->Buffer;
961
962 *phEventLog = NULL;
963
964 RpcTryExcept
965 {
966 Status = ElfrOpenELW(pUNCServerName,
967 (PRPC_UNICODE_STRING)SourceNameU,
968 &EmptyStringU,
969 1, 1,
970 (IELF_HANDLE*)phEventLog);
971 }
972 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
973 {
974 Status = I_RpcMapWin32Status(RpcExceptionCode());
975 }
976 RpcEndExcept;
977
978 return Status;
979 }
980
981 HANDLE WINAPI
982 OpenEventLogW(IN LPCWSTR lpUNCServerName,
983 IN LPCWSTR lpSourceName)
984 {
985 NTSTATUS Status;
986 HANDLE hEventLog;
987 UNICODE_STRING UNCServerName, SourceName;
988
989 TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
990
991 RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
992 RtlInitUnicodeString(&SourceName, lpSourceName);
993
994 Status = ElfOpenEventLogW(&UNCServerName, &SourceName, &hEventLog);
995 if (!NT_SUCCESS(Status))
996 {
997 SetLastError(RtlNtStatusToDosError(Status));
998 return NULL;
999 }
1000
1001 return hEventLog;
1002 }
1003
1004
1005 /******************************************************************************
1006 * ReadEventLogA [ADVAPI32.@]
1007 */
1008 NTSTATUS
1009 NTAPI
1010 ElfReadEventLogA(IN HANDLE hEventLog,
1011 IN ULONG ReadFlags,
1012 IN ULONG RecordOffset,
1013 OUT LPVOID Buffer,
1014 IN ULONG NumberOfBytesToRead,
1015 OUT PULONG NumberOfBytesRead,
1016 OUT PULONG MinNumberOfBytesNeeded)
1017 {
1018 NTSTATUS Status;
1019 ULONG Flags;
1020
1021 if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1022 {
1023 return STATUS_INVALID_PARAMETER;
1024 }
1025
1026 Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1027 if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1028 {
1029 return STATUS_INVALID_PARAMETER;
1030 }
1031
1032 Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1033 if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1034 {
1035 return STATUS_INVALID_PARAMETER;
1036 }
1037
1038 RpcTryExcept
1039 {
1040 Status = ElfrReadELA(hEventLog,
1041 ReadFlags,
1042 RecordOffset,
1043 NumberOfBytesToRead,
1044 Buffer,
1045 NumberOfBytesRead,
1046 MinNumberOfBytesNeeded);
1047 }
1048 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1049 {
1050 Status = I_RpcMapWin32Status(RpcExceptionCode());
1051 }
1052 RpcEndExcept;
1053
1054 return Status;
1055 }
1056
1057 BOOL WINAPI
1058 ReadEventLogA(IN HANDLE hEventLog,
1059 IN DWORD dwReadFlags,
1060 IN DWORD dwRecordOffset,
1061 OUT LPVOID lpBuffer,
1062 IN DWORD nNumberOfBytesToRead,
1063 OUT DWORD *pnBytesRead,
1064 OUT DWORD *pnMinNumberOfBytesNeeded)
1065 {
1066 NTSTATUS Status;
1067
1068 TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1069 hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
1070 nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
1071
1072 Status = ElfReadEventLogA(hEventLog,
1073 dwReadFlags,
1074 dwRecordOffset,
1075 lpBuffer,
1076 nNumberOfBytesToRead,
1077 pnBytesRead,
1078 pnMinNumberOfBytesNeeded);
1079 if (!NT_SUCCESS(Status))
1080 {
1081 SetLastError(RtlNtStatusToDosError(Status));
1082 return FALSE;
1083 }
1084
1085 return TRUE;
1086 }
1087
1088
1089 /******************************************************************************
1090 * ReadEventLogW [ADVAPI32.@]
1091 *
1092 * PARAMS
1093 * hEventLog []
1094 * dwReadFlags []
1095 * dwRecordOffset []
1096 * lpBuffer []
1097 * nNumberOfBytesToRead []
1098 * pnBytesRead []
1099 * pnMinNumberOfBytesNeeded []
1100 */
1101 NTSTATUS
1102 NTAPI
1103 ElfReadEventLogW(IN HANDLE hEventLog,
1104 IN ULONG ReadFlags,
1105 IN ULONG RecordOffset,
1106 OUT LPVOID Buffer,
1107 IN ULONG NumberOfBytesToRead,
1108 OUT PULONG NumberOfBytesRead,
1109 OUT PULONG MinNumberOfBytesNeeded)
1110 {
1111 NTSTATUS Status;
1112 ULONG Flags;
1113
1114 if (!Buffer || !NumberOfBytesRead || !MinNumberOfBytesNeeded)
1115 {
1116 return STATUS_INVALID_PARAMETER;
1117 }
1118
1119 Flags = ReadFlags & (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ);
1120 if (Flags == (EVENTLOG_SEQUENTIAL_READ | EVENTLOG_SEEK_READ))
1121 {
1122 return STATUS_INVALID_PARAMETER;
1123 }
1124
1125 Flags = ReadFlags & (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ);
1126 if (Flags == (EVENTLOG_FORWARDS_READ | EVENTLOG_BACKWARDS_READ))
1127 {
1128 return STATUS_INVALID_PARAMETER;
1129 }
1130
1131 RpcTryExcept
1132 {
1133 Status = ElfrReadELW(hEventLog,
1134 ReadFlags,
1135 RecordOffset,
1136 NumberOfBytesToRead,
1137 Buffer,
1138 NumberOfBytesRead,
1139 MinNumberOfBytesNeeded);
1140 }
1141 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1142 {
1143 Status = I_RpcMapWin32Status(RpcExceptionCode());
1144 }
1145 RpcEndExcept;
1146
1147 return Status;
1148 }
1149
1150 BOOL WINAPI
1151 ReadEventLogW(IN HANDLE hEventLog,
1152 IN DWORD dwReadFlags,
1153 IN DWORD dwRecordOffset,
1154 OUT LPVOID lpBuffer,
1155 IN DWORD nNumberOfBytesToRead,
1156 OUT DWORD *pnBytesRead,
1157 OUT DWORD *pnMinNumberOfBytesNeeded)
1158 {
1159 NTSTATUS Status;
1160
1161 TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1162 hEventLog, dwReadFlags, dwRecordOffset, lpBuffer,
1163 nNumberOfBytesToRead, pnBytesRead, pnMinNumberOfBytesNeeded);
1164
1165 Status = ElfReadEventLogW(hEventLog,
1166 dwReadFlags,
1167 dwRecordOffset,
1168 lpBuffer,
1169 nNumberOfBytesToRead,
1170 pnBytesRead,
1171 pnMinNumberOfBytesNeeded);
1172 if (!NT_SUCCESS(Status))
1173 {
1174 SetLastError(RtlNtStatusToDosError(Status));
1175 return FALSE;
1176 }
1177
1178 return TRUE;
1179 }
1180
1181
1182 /******************************************************************************
1183 * RegisterEventSourceA [ADVAPI32.@]
1184 */
1185 NTSTATUS
1186 NTAPI
1187 ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA,
1188 IN PANSI_STRING SourceNameA,
1189 OUT PHANDLE phEventLog)
1190 {
1191 NTSTATUS Status;
1192 PSTR pUNCServerName = NULL;
1193
1194 if (!phEventLog || !SourceNameA || (SourceNameA->Length == 0))
1195 return STATUS_INVALID_PARAMETER;
1196
1197 if (UNCServerNameA && (UNCServerNameA->Length != 0))
1198 pUNCServerName = UNCServerNameA->Buffer;
1199
1200 *phEventLog = NULL;
1201
1202 RpcTryExcept
1203 {
1204 Status = ElfrRegisterEventSourceA(pUNCServerName,
1205 (PRPC_STRING)SourceNameA,
1206 &EmptyStringA,
1207 1, 1,
1208 (IELF_HANDLE*)phEventLog);
1209 }
1210 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1211 {
1212 Status = I_RpcMapWin32Status(RpcExceptionCode());
1213 }
1214 RpcEndExcept;
1215
1216 return Status;
1217 }
1218
1219 HANDLE WINAPI
1220 RegisterEventSourceA(IN LPCSTR lpUNCServerName,
1221 IN LPCSTR lpSourceName)
1222 {
1223 NTSTATUS Status;
1224 HANDLE hEventLog;
1225 ANSI_STRING UNCServerName, SourceName;
1226
1227 TRACE("%s, %s\n", lpUNCServerName, lpSourceName);
1228
1229 RtlInitAnsiString(&UNCServerName, lpUNCServerName);
1230 RtlInitAnsiString(&SourceName, lpSourceName);
1231
1232 Status = ElfRegisterEventSourceA(&UNCServerName, &SourceName, &hEventLog);
1233 if (!NT_SUCCESS(Status))
1234 {
1235 SetLastError(RtlNtStatusToDosError(Status));
1236 return NULL;
1237 }
1238
1239 return hEventLog;
1240 }
1241
1242
1243 /******************************************************************************
1244 * RegisterEventSourceW [ADVAPI32.@]
1245 * Returns a registered handle to an event log
1246 *
1247 * PARAMS
1248 * lpUNCServerName [I] Server name for source
1249 * lpSourceName [I] Source name for registered handle
1250 *
1251 * RETURNS
1252 * Success: Handle
1253 * Failure: NULL
1254 */
1255 NTSTATUS
1256 NTAPI
1257 ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU,
1258 IN PUNICODE_STRING SourceNameU,
1259 OUT PHANDLE phEventLog)
1260 {
1261 NTSTATUS Status;
1262 PWSTR pUNCServerName = NULL;
1263
1264 if (!phEventLog || !SourceNameU || (SourceNameU->Length == 0))
1265 return STATUS_INVALID_PARAMETER;
1266
1267 if (UNCServerNameU && (UNCServerNameU->Length != 0))
1268 pUNCServerName = UNCServerNameU->Buffer;
1269
1270 *phEventLog = NULL;
1271
1272 RpcTryExcept
1273 {
1274 Status = ElfrRegisterEventSourceW(pUNCServerName,
1275 (PRPC_UNICODE_STRING)SourceNameU,
1276 &EmptyStringU,
1277 1, 1,
1278 (IELF_HANDLE*)phEventLog);
1279 }
1280 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1281 {
1282 Status = I_RpcMapWin32Status(RpcExceptionCode());
1283 }
1284 RpcEndExcept;
1285
1286 return Status;
1287 }
1288
1289 HANDLE WINAPI
1290 RegisterEventSourceW(IN LPCWSTR lpUNCServerName,
1291 IN LPCWSTR lpSourceName)
1292 {
1293 NTSTATUS Status;
1294 HANDLE hEventLog;
1295 UNICODE_STRING UNCServerName, SourceName;
1296
1297 TRACE("%s, %s\n", debugstr_w(lpUNCServerName), debugstr_w(lpSourceName));
1298
1299 RtlInitUnicodeString(&UNCServerName, lpUNCServerName);
1300 RtlInitUnicodeString(&SourceName, lpSourceName);
1301
1302 Status = ElfRegisterEventSourceW(&UNCServerName, &SourceName, &hEventLog);
1303 if (!NT_SUCCESS(Status))
1304 {
1305 SetLastError(RtlNtStatusToDosError(Status));
1306 return NULL;
1307 }
1308
1309 return hEventLog;
1310 }
1311
1312
1313 /******************************************************************************
1314 * ReportEventA [ADVAPI32.@]
1315 */
1316 NTSTATUS
1317 NTAPI
1318 ElfReportEventA(IN HANDLE hEventLog,
1319 IN USHORT EventType,
1320 IN USHORT EventCategory,
1321 IN ULONG EventID,
1322 IN PSID UserSID,
1323 IN USHORT NumStrings,
1324 IN ULONG DataSize,
1325 IN PANSI_STRING* Strings,
1326 IN PVOID Data,
1327 IN USHORT Flags,
1328 IN OUT PULONG RecordNumber,
1329 IN OUT PULONG TimeWritten)
1330 {
1331 NTSTATUS Status;
1332 LARGE_INTEGER SystemTime;
1333 ULONG Time;
1334 ULONG dwSize;
1335 ANSI_STRING ComputerName;
1336 CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1337
1338 dwSize = ARRAYSIZE(szComputerName);
1339 GetComputerNameA(szComputerName, &dwSize);
1340 RtlInitAnsiString(&ComputerName, szComputerName);
1341
1342 NtQuerySystemTime(&SystemTime);
1343 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1344
1345 RpcTryExcept
1346 {
1347 Status = ElfrReportEventA(hEventLog,
1348 Time,
1349 EventType,
1350 EventCategory,
1351 EventID,
1352 NumStrings,
1353 DataSize,
1354 (PRPC_STRING)&ComputerName,
1355 UserSID,
1356 (PRPC_STRING*)Strings,
1357 Data,
1358 Flags,
1359 RecordNumber,
1360 TimeWritten);
1361 }
1362 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1363 {
1364 Status = I_RpcMapWin32Status(RpcExceptionCode());
1365 }
1366 RpcEndExcept;
1367
1368 return Status;
1369 }
1370
1371 BOOL WINAPI
1372 ReportEventA(IN HANDLE hEventLog,
1373 IN WORD wType,
1374 IN WORD wCategory,
1375 IN DWORD dwEventID,
1376 IN PSID lpUserSid,
1377 IN WORD wNumStrings,
1378 IN DWORD dwDataSize,
1379 IN LPCSTR *lpStrings,
1380 IN LPVOID lpRawData)
1381 {
1382 NTSTATUS Status;
1383 PANSI_STRING *Strings;
1384 WORD i;
1385
1386 TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1387 hEventLog, wType, wCategory, dwEventID, lpUserSid,
1388 wNumStrings, dwDataSize, lpStrings, lpRawData);
1389
1390 Strings = HeapAlloc(GetProcessHeap(),
1391 HEAP_ZERO_MEMORY,
1392 wNumStrings * sizeof(PANSI_STRING));
1393 if (!Strings)
1394 {
1395 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1396 return FALSE;
1397 }
1398
1399 for (i = 0; i < wNumStrings; i++)
1400 {
1401 Strings[i] = HeapAlloc(GetProcessHeap(),
1402 HEAP_ZERO_MEMORY,
1403 sizeof(ANSI_STRING));
1404 if (Strings[i])
1405 {
1406 RtlInitAnsiString(Strings[i], lpStrings[i]);
1407 }
1408 }
1409
1410 Status = ElfReportEventA(hEventLog,
1411 wType,
1412 wCategory,
1413 dwEventID,
1414 lpUserSid,
1415 wNumStrings,
1416 dwDataSize,
1417 Strings,
1418 lpRawData,
1419 0,
1420 NULL,
1421 NULL);
1422
1423 for (i = 0; i < wNumStrings; i++)
1424 {
1425 if (Strings[i] != NULL)
1426 HeapFree(GetProcessHeap(), 0, Strings[i]);
1427 }
1428
1429 HeapFree(GetProcessHeap(), 0, Strings);
1430
1431 if (!NT_SUCCESS(Status))
1432 {
1433 SetLastError(RtlNtStatusToDosError(Status));
1434 return FALSE;
1435 }
1436
1437 return TRUE;
1438 }
1439
1440
1441 /******************************************************************************
1442 * ReportEventW [ADVAPI32.@]
1443 *
1444 * PARAMS
1445 * hEventLog []
1446 * wType []
1447 * wCategory []
1448 * dwEventID []
1449 * lpUserSid []
1450 * wNumStrings []
1451 * dwDataSize []
1452 * lpStrings []
1453 * lpRawData []
1454 */
1455 NTSTATUS
1456 NTAPI
1457 ElfReportEventW(IN HANDLE hEventLog,
1458 IN USHORT EventType,
1459 IN USHORT EventCategory,
1460 IN ULONG EventID,
1461 IN PSID UserSID,
1462 IN USHORT NumStrings,
1463 IN ULONG DataSize,
1464 IN PUNICODE_STRING* Strings,
1465 IN PVOID Data,
1466 IN USHORT Flags,
1467 IN OUT PULONG RecordNumber,
1468 IN OUT PULONG TimeWritten)
1469 {
1470 NTSTATUS Status;
1471 LARGE_INTEGER SystemTime;
1472 ULONG Time;
1473 ULONG dwSize;
1474 UNICODE_STRING ComputerName;
1475 WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1476
1477 dwSize = ARRAYSIZE(szComputerName);
1478 GetComputerNameW(szComputerName, &dwSize);
1479 RtlInitUnicodeString(&ComputerName, szComputerName);
1480
1481 NtQuerySystemTime(&SystemTime);
1482 RtlTimeToSecondsSince1970(&SystemTime, &Time);
1483
1484 RpcTryExcept
1485 {
1486 Status = ElfrReportEventW(hEventLog,
1487 Time,
1488 EventType,
1489 EventCategory,
1490 EventID,
1491 NumStrings,
1492 DataSize,
1493 (PRPC_UNICODE_STRING)&ComputerName,
1494 UserSID,
1495 (PRPC_UNICODE_STRING*)Strings,
1496 Data,
1497 Flags,
1498 RecordNumber,
1499 TimeWritten);
1500 }
1501 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1502 {
1503 Status = I_RpcMapWin32Status(RpcExceptionCode());
1504 }
1505 RpcEndExcept;
1506
1507 return Status;
1508 }
1509
1510 BOOL WINAPI
1511 ReportEventW(IN HANDLE hEventLog,
1512 IN WORD wType,
1513 IN WORD wCategory,
1514 IN DWORD dwEventID,
1515 IN PSID lpUserSid,
1516 IN WORD wNumStrings,
1517 IN DWORD dwDataSize,
1518 IN LPCWSTR *lpStrings,
1519 IN LPVOID lpRawData)
1520 {
1521 NTSTATUS Status;
1522 PUNICODE_STRING *Strings;
1523 WORD i;
1524
1525 TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1526 hEventLog, wType, wCategory, dwEventID, lpUserSid,
1527 wNumStrings, dwDataSize, lpStrings, lpRawData);
1528
1529 Strings = HeapAlloc(GetProcessHeap(),
1530 HEAP_ZERO_MEMORY,
1531 wNumStrings * sizeof(PUNICODE_STRING));
1532 if (!Strings)
1533 {
1534 SetLastError(ERROR_NOT_ENOUGH_MEMORY);
1535 return FALSE;
1536 }
1537
1538 for (i = 0; i < wNumStrings; i++)
1539 {
1540 Strings[i] = HeapAlloc(GetProcessHeap(),
1541 HEAP_ZERO_MEMORY,
1542 sizeof(UNICODE_STRING));
1543 if (Strings[i])
1544 {
1545 RtlInitUnicodeString(Strings[i], lpStrings[i]);
1546 }
1547 }
1548
1549 Status = ElfReportEventW(hEventLog,
1550 wType,
1551 wCategory,
1552 dwEventID,
1553 lpUserSid,
1554 wNumStrings,
1555 dwDataSize,
1556 Strings,
1557 lpRawData,
1558 0,
1559 NULL,
1560 NULL);
1561
1562 for (i = 0; i < wNumStrings; i++)
1563 {
1564 if (Strings[i] != NULL)
1565 HeapFree(GetProcessHeap(), 0, Strings[i]);
1566 }
1567
1568 HeapFree(GetProcessHeap(), 0, Strings);
1569
1570 if (!NT_SUCCESS(Status))
1571 {
1572 SetLastError(RtlNtStatusToDosError(Status));
1573 return FALSE;
1574 }
1575
1576 return TRUE;
1577 }
1578
1579 NTSTATUS
1580 NTAPI
1581 ElfReportEventAndSourceW(IN HANDLE hEventLog,
1582 IN ULONG Time,
1583 IN PUNICODE_STRING ComputerName,
1584 IN USHORT EventType,
1585 IN USHORT EventCategory,
1586 IN ULONG EventID,
1587 IN PSID UserSID,
1588 IN PUNICODE_STRING SourceName,
1589 IN USHORT NumStrings,
1590 IN ULONG DataSize,
1591 IN PUNICODE_STRING* Strings,
1592 IN PVOID Data,
1593 IN USHORT Flags,
1594 IN OUT PULONG RecordNumber,
1595 IN OUT PULONG TimeWritten)
1596 {
1597 NTSTATUS Status;
1598
1599 RpcTryExcept
1600 {
1601 Status = ElfrReportEventAndSourceW(hEventLog,
1602 Time,
1603 EventType,
1604 EventCategory,
1605 EventID,
1606 (PRPC_UNICODE_STRING)SourceName,
1607 NumStrings,
1608 DataSize,
1609 (PRPC_UNICODE_STRING)ComputerName,
1610 (PRPC_SID)UserSID,
1611 (PRPC_UNICODE_STRING*)Strings,
1612 (PBYTE)Data,
1613 Flags,
1614 RecordNumber,
1615 TimeWritten);
1616 }
1617 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1618 {
1619 Status = I_RpcMapWin32Status(RpcExceptionCode());
1620 }
1621 RpcEndExcept;
1622
1623 return Status;
1624 }
1625
1626 NTSTATUS
1627 NTAPI
1628 ElfFlushEventLog(IN HANDLE hEventLog)
1629 {
1630 NTSTATUS Status;
1631
1632 RpcTryExcept
1633 {
1634 Status = ElfrFlushEL(hEventLog);
1635 }
1636 RpcExcept(EXCEPTION_EXECUTE_HANDLER)
1637 {
1638 Status = I_RpcMapWin32Status(RpcExceptionCode());
1639 }
1640 RpcEndExcept;
1641
1642 return Status;
1643 }
A free Windows-compatible Operating System