2 * Win32 advapi functions
4 * Copyright 1995 Sven Verdoolaege
5 * Copyright 1998 Juergen Schmied
6 * Copyright 2003 Mike Hearn
7 * Copyright 2007 Hervé Poussineau
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
24 /* INCLUDES ******************************************************************/
28 #include <ndk/kefuncs.h>
29 #include <eventlogrpc_c.h>
31 WINE_DEFAULT_DEBUG_CHANNEL(advapi
);
33 static RPC_UNICODE_STRING EmptyStringU
= { 0, 0, L
"" };
34 static RPC_STRING EmptyStringA
= { 0, 0, "" };
37 /* FUNCTIONS *****************************************************************/
40 EVENTLOG_HANDLE_A_bind(EVENTLOG_HANDLE_A UNCServerName
)
42 handle_t hBinding
= NULL
;
43 UCHAR
*pszStringBinding
;
46 TRACE("EVENTLOG_HANDLE_A_bind() called\n");
48 status
= RpcStringBindingComposeA(NULL
,
50 (UCHAR
*)UNCServerName
,
51 (UCHAR
*)"\\pipe\\EventLog",
53 (UCHAR
**)&pszStringBinding
);
56 ERR("RpcStringBindingCompose returned 0x%x\n", status
);
60 /* Set the binding handle that will be used to bind to the server. */
61 status
= RpcBindingFromStringBindingA(pszStringBinding
,
63 if (status
!= RPC_S_OK
)
65 ERR("RpcBindingFromStringBinding returned 0x%x\n", status
);
68 status
= RpcStringFreeA(&pszStringBinding
);
69 if (status
!= RPC_S_OK
)
71 ERR("RpcStringFree returned 0x%x\n", status
);
79 EVENTLOG_HANDLE_A_unbind(EVENTLOG_HANDLE_A UNCServerName
,
84 TRACE("EVENTLOG_HANDLE_A_unbind() called\n");
86 status
= RpcBindingFree(&hBinding
);
87 if (status
!= RPC_S_OK
)
89 ERR("RpcBindingFree returned 0x%x\n", status
);
95 EVENTLOG_HANDLE_W_bind(EVENTLOG_HANDLE_W UNCServerName
)
97 handle_t hBinding
= NULL
;
98 LPWSTR pszStringBinding
;
101 TRACE("EVENTLOG_HANDLE_W_bind() called\n");
103 status
= RpcStringBindingComposeW(NULL
,
109 if (status
!= RPC_S_OK
)
111 ERR("RpcStringBindingCompose returned 0x%x\n", status
);
115 /* Set the binding handle that will be used to bind to the server. */
116 status
= RpcBindingFromStringBindingW(pszStringBinding
,
118 if (status
!= RPC_S_OK
)
120 ERR("RpcBindingFromStringBinding returned 0x%x\n", status
);
123 status
= RpcStringFreeW(&pszStringBinding
);
124 if (status
!= RPC_S_OK
)
126 ERR("RpcStringFree returned 0x%x\n", status
);
134 EVENTLOG_HANDLE_W_unbind(EVENTLOG_HANDLE_W UNCServerName
,
139 TRACE("EVENTLOG_HANDLE_W_unbind() called\n");
141 status
= RpcBindingFree(&hBinding
);
142 if (status
!= RPC_S_OK
)
144 ERR("RpcBindingFree returned 0x%x\n", status
);
149 /******************************************************************************
150 * BackupEventLogA [ADVAPI32.@]
154 ElfBackupEventLogFileA(IN HANDLE hEventLog
,
155 IN PANSI_STRING BackupFileNameA
)
159 if (!BackupFileNameA
|| (BackupFileNameA
->Length
== 0))
160 return STATUS_INVALID_PARAMETER
;
164 Status
= ElfrBackupELFA(hEventLog
,
165 (PRPC_STRING
)BackupFileNameA
);
167 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
169 Status
= I_RpcMapWin32Status(RpcExceptionCode());
177 BackupEventLogA(IN HANDLE hEventLog
,
178 IN LPCSTR lpBackupFileName
)
182 ANSI_STRING BackupFileNameA
;
183 UNICODE_STRING BackupFileNameW
;
185 TRACE("%p, %s\n", hEventLog
, lpBackupFileName
);
187 if (lpBackupFileName
== NULL
)
189 SetLastError(ERROR_INVALID_PARAMETER
);
193 RtlInitAnsiString(&BackupFileNameA
, lpBackupFileName
);
195 Status
= RtlAnsiStringToUnicodeString(&BackupFileNameW
,
198 if (!NT_SUCCESS(Status
))
200 SetLastError(RtlNtStatusToDosError(Status
));
204 Success
= BackupEventLogW(hEventLog
,
205 BackupFileNameW
.Buffer
);
207 RtlFreeUnicodeString(&BackupFileNameW
);
213 /******************************************************************************
214 * BackupEventLogW [ADVAPI32.@]
218 * lpBackupFileName []
222 ElfBackupEventLogFileW(IN HANDLE hEventLog
,
223 IN PUNICODE_STRING BackupFileNameU
)
227 if (!BackupFileNameU
|| (BackupFileNameU
->Length
== 0))
228 return STATUS_INVALID_PARAMETER
;
232 Status
= ElfrBackupELFW(hEventLog
,
233 (PRPC_UNICODE_STRING
)BackupFileNameU
);
235 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
237 Status
= I_RpcMapWin32Status(RpcExceptionCode());
245 BackupEventLogW(IN HANDLE hEventLog
,
246 IN LPCWSTR lpBackupFileName
)
249 UNICODE_STRING BackupFileName
;
251 TRACE("%p, %s\n", hEventLog
, debugstr_w(lpBackupFileName
));
253 if (lpBackupFileName
== NULL
)
255 SetLastError(ERROR_INVALID_PARAMETER
);
259 if (!RtlDosPathNameToNtPathName_U(lpBackupFileName
, &BackupFileName
,
262 SetLastError(ERROR_INVALID_PARAMETER
);
266 Status
= ElfBackupEventLogFileW(hEventLog
, &BackupFileName
);
268 RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName
.Buffer
);
270 if (!NT_SUCCESS(Status
))
272 SetLastError(RtlNtStatusToDosError(Status
));
280 /******************************************************************************
281 * ClearEventLogA [ADVAPI32.@]
285 ElfClearEventLogFileA(IN HANDLE hEventLog
,
286 IN PANSI_STRING BackupFileNameA
)
292 Status
= ElfrClearELFA(hEventLog
,
293 (PRPC_STRING
)BackupFileNameA
);
295 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
297 Status
= I_RpcMapWin32Status(RpcExceptionCode());
305 ClearEventLogA(IN HANDLE hEventLog
,
306 IN LPCSTR lpBackupFileName
)
310 ANSI_STRING BackupFileNameA
;
311 UNICODE_STRING BackupFileNameW
;
313 TRACE("%p, %s\n", hEventLog
, lpBackupFileName
);
315 if (lpBackupFileName
== NULL
)
317 RtlInitUnicodeString(&BackupFileNameW
, NULL
);
321 RtlInitAnsiString(&BackupFileNameA
, lpBackupFileName
);
323 Status
= RtlAnsiStringToUnicodeString(&BackupFileNameW
,
326 if (!NT_SUCCESS(Status
))
328 SetLastError(RtlNtStatusToDosError(Status
));
333 Success
= ClearEventLogW(hEventLog
,
334 BackupFileNameW
.Buffer
);
336 RtlFreeUnicodeString(&BackupFileNameW
);
342 /******************************************************************************
343 * ClearEventLogW [ADVAPI32.@]
347 ElfClearEventLogFileW(IN HANDLE hEventLog
,
348 IN PUNICODE_STRING BackupFileNameU
)
354 Status
= ElfrClearELFW(hEventLog
,
355 (PRPC_UNICODE_STRING
)BackupFileNameU
);
357 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
359 Status
= I_RpcMapWin32Status(RpcExceptionCode());
367 ClearEventLogW(IN HANDLE hEventLog
,
368 IN LPCWSTR lpBackupFileName
)
371 UNICODE_STRING BackupFileName
;
373 TRACE("%p, %s\n", hEventLog
, debugstr_w(lpBackupFileName
));
375 if (lpBackupFileName
== NULL
)
377 RtlInitUnicodeString(&BackupFileName
, NULL
);
381 if (!RtlDosPathNameToNtPathName_U(lpBackupFileName
, &BackupFileName
,
384 SetLastError(ERROR_INVALID_PARAMETER
);
389 Status
= ElfClearEventLogFileW(hEventLog
, &BackupFileName
);
391 if (lpBackupFileName
!= NULL
)
392 RtlFreeHeap(RtlGetProcessHeap(), 0, BackupFileName
.Buffer
);
394 if (!NT_SUCCESS(Status
))
396 SetLastError(RtlNtStatusToDosError(Status
));
404 /******************************************************************************
405 * CloseEventLog [ADVAPI32.@]
409 ElfCloseEventLog(IN HANDLE hEventLog
)
415 Status
= ElfrCloseEL(&hEventLog
);
417 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
419 Status
= I_RpcMapWin32Status(RpcExceptionCode());
427 CloseEventLog(IN HANDLE hEventLog
)
431 TRACE("%p\n", hEventLog
);
433 Status
= ElfCloseEventLog(hEventLog
);
434 if (!NT_SUCCESS(Status
))
436 SetLastError(RtlNtStatusToDosError(Status
));
444 /******************************************************************************
445 * DeregisterEventSource [ADVAPI32.@]
446 * Closes a handle to the specified event log
449 * hEventLog [I] Handle to event log
455 ElfDeregisterEventSource(IN HANDLE hEventLog
)
461 Status
= ElfrDeregisterEventSource(&hEventLog
);
463 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
465 Status
= I_RpcMapWin32Status(RpcExceptionCode());
473 DeregisterEventSource(IN HANDLE hEventLog
)
477 TRACE("%p\n", hEventLog
);
479 Status
= ElfDeregisterEventSource(hEventLog
);
480 if (!NT_SUCCESS(Status
))
482 SetLastError(RtlNtStatusToDosError(Status
));
490 /******************************************************************************
491 * GetEventLogInformation [ADVAPI32.@]
494 * hEventLog [I] Handle to event log
495 * dwInfoLevel [I] Level of event log information to return
496 * lpBuffer [O] Buffer that receives the event log information
497 * cbBufSize [I] Size of the lpBuffer buffer
498 * pcbBytesNeeded [O] Required buffer size
501 GetEventLogInformation(IN HANDLE hEventLog
,
502 IN DWORD dwInfoLevel
,
505 OUT LPDWORD pcbBytesNeeded
)
509 if (dwInfoLevel
!= EVENTLOG_FULL_INFO
)
511 SetLastError(ERROR_INVALID_LEVEL
);
517 Status
= ElfrGetLogInformation(hEventLog
,
523 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
525 Status
= I_RpcMapWin32Status(RpcExceptionCode());
529 if (!NT_SUCCESS(Status
))
531 SetLastError(RtlNtStatusToDosError(Status
));
539 /******************************************************************************
540 * GetNumberOfEventLogRecords [ADVAPI32.@]
548 ElfNumberOfRecords(IN HANDLE hEventLog
,
549 OUT PULONG NumberOfRecords
)
553 if (!NumberOfRecords
)
554 return STATUS_INVALID_PARAMETER
;
558 Status
= ElfrNumberOfRecords(hEventLog
, NumberOfRecords
);
560 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
562 Status
= I_RpcMapWin32Status(RpcExceptionCode());
570 GetNumberOfEventLogRecords(IN HANDLE hEventLog
,
571 OUT PDWORD NumberOfRecords
)
575 TRACE("%p, %p\n", hEventLog
, NumberOfRecords
);
577 Status
= ElfNumberOfRecords(hEventLog
, NumberOfRecords
);
578 if (!NT_SUCCESS(Status
))
580 SetLastError(RtlNtStatusToDosError(Status
));
588 /******************************************************************************
589 * GetOldestEventLogRecord [ADVAPI32.@]
597 ElfOldestRecord(IN HANDLE hEventLog
,
598 OUT PULONG OldestRecordNumber
)
602 if (!OldestRecordNumber
)
603 return STATUS_INVALID_PARAMETER
;
607 Status
= ElfrOldestRecord(hEventLog
, OldestRecordNumber
);
609 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
611 Status
= I_RpcMapWin32Status(RpcExceptionCode());
619 GetOldestEventLogRecord(IN HANDLE hEventLog
,
620 OUT PDWORD OldestRecord
)
624 TRACE("%p, %p\n", hEventLog
, OldestRecord
);
626 Status
= ElfOldestRecord(hEventLog
, OldestRecord
);
627 if (!NT_SUCCESS(Status
))
629 SetLastError(RtlNtStatusToDosError(Status
));
637 /******************************************************************************
638 * NotifyChangeEventLog [ADVAPI32.@]
646 ElfChangeNotify(IN HANDLE hEventLog
,
650 CLIENT_ID ClientId
= NtCurrentTeb()->ClientId
;
651 RPC_CLIENT_ID RpcClientId
;
653 RpcClientId
.UniqueProcess
= HandleToUlong(ClientId
.UniqueProcess
);
654 RpcClientId
.UniqueThread
= HandleToUlong(ClientId
.UniqueThread
);
658 Status
= ElfrChangeNotify(hEventLog
, RpcClientId
, (DWORD
)hEvent
);
660 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
662 Status
= I_RpcMapWin32Status(RpcExceptionCode());
670 NotifyChangeEventLog(IN HANDLE hEventLog
,
675 TRACE("%p, %p\n", hEventLog
, hEvent
);
677 Status
= ElfChangeNotify(hEventLog
, hEvent
);
678 if (!NT_SUCCESS(Status
))
680 SetLastError(RtlNtStatusToDosError(Status
));
688 /******************************************************************************
689 * OpenBackupEventLogA [ADVAPI32.@]
693 ElfOpenBackupEventLogA(IN PANSI_STRING UNCServerNameA
,
694 IN PANSI_STRING BackupFileNameA
,
695 OUT PHANDLE phEventLog
)
698 PSTR pUNCServerName
= NULL
;
700 if (!phEventLog
|| !BackupFileNameA
|| (BackupFileNameA
->Length
== 0))
701 return STATUS_INVALID_PARAMETER
;
703 if (UNCServerNameA
&& (UNCServerNameA
->Length
!= 0))
704 pUNCServerName
= UNCServerNameA
->Buffer
;
710 Status
= ElfrOpenBELA(pUNCServerName
,
711 (PRPC_STRING
)BackupFileNameA
,
713 (IELF_HANDLE
*)phEventLog
);
715 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
717 Status
= I_RpcMapWin32Status(RpcExceptionCode());
725 OpenBackupEventLogA(IN LPCSTR lpUNCServerName
,
726 IN LPCSTR lpFileName
)
730 ANSI_STRING UNCServerNameA
;
731 UNICODE_STRING UNCServerNameW
;
732 ANSI_STRING FileNameA
;
733 UNICODE_STRING FileNameW
;
735 TRACE("%s, %s\n", lpUNCServerName
, lpFileName
);
737 /* Convert the server name to unicode */
738 if (lpUNCServerName
== NULL
)
740 RtlInitUnicodeString(&UNCServerNameW
, NULL
);
744 RtlInitAnsiString(&UNCServerNameA
, lpUNCServerName
);
746 Status
= RtlAnsiStringToUnicodeString(&UNCServerNameW
,
749 if (!NT_SUCCESS(Status
))
751 SetLastError(RtlNtStatusToDosError(Status
));
756 /* Convert the file name to unicode */
757 if (lpFileName
== NULL
)
759 RtlInitUnicodeString(&FileNameW
, NULL
);
763 RtlInitAnsiString(&FileNameA
, lpFileName
);
765 Status
= RtlAnsiStringToUnicodeString(&FileNameW
,
768 if (!NT_SUCCESS(Status
))
770 RtlFreeUnicodeString(&UNCServerNameW
);
771 SetLastError(RtlNtStatusToDosError(Status
));
776 /* Call the unicode function */
777 LogHandle
= OpenBackupEventLogW(UNCServerNameW
.Buffer
,
780 /* Free the unicode strings */
781 RtlFreeUnicodeString(&UNCServerNameW
);
782 RtlFreeUnicodeString(&FileNameW
);
788 /******************************************************************************
789 * OpenBackupEventLogW [ADVAPI32.@]
797 ElfOpenBackupEventLogW(IN PUNICODE_STRING UNCServerNameU
,
798 IN PUNICODE_STRING BackupFileNameU
,
799 OUT PHANDLE phEventLog
)
802 PWSTR pUNCServerName
= NULL
;
804 if (!phEventLog
|| !BackupFileNameU
|| (BackupFileNameU
->Length
== 0))
805 return STATUS_INVALID_PARAMETER
;
807 if (UNCServerNameU
&& (UNCServerNameU
->Length
!= 0))
808 pUNCServerName
= UNCServerNameU
->Buffer
;
814 Status
= ElfrOpenBELW(pUNCServerName
,
815 (PRPC_UNICODE_STRING
)BackupFileNameU
,
817 (IELF_HANDLE
*)phEventLog
);
819 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
821 Status
= I_RpcMapWin32Status(RpcExceptionCode());
829 OpenBackupEventLogW(IN LPCWSTR lpUNCServerName
,
830 IN LPCWSTR lpFileName
)
834 UNICODE_STRING UNCServerName
, FileName
;
836 TRACE("%s, %s\n", debugstr_w(lpUNCServerName
), debugstr_w(lpFileName
));
838 if (lpFileName
== NULL
)
840 SetLastError(ERROR_INVALID_PARAMETER
);
844 if (!RtlDosPathNameToNtPathName_U(lpFileName
, &FileName
,
847 SetLastError(ERROR_INVALID_PARAMETER
);
851 RtlInitUnicodeString(&UNCServerName
, lpUNCServerName
);
853 Status
= ElfOpenBackupEventLogW(&UNCServerName
, &FileName
, &hEventLog
);
855 if (FileName
.Buffer
!= NULL
)
856 RtlFreeHeap(RtlGetProcessHeap(), 0, FileName
.Buffer
);
858 if (!NT_SUCCESS(Status
))
860 SetLastError(RtlNtStatusToDosError(Status
));
868 /******************************************************************************
869 * OpenEventLogA [ADVAPI32.@]
871 * Opens a handle to the specified event log.
874 * lpUNCServerName [I] UNC name of the server on which the event log is
876 * lpSourceName [I] Name of the log.
879 * Success: Handle to an event log.
884 ElfOpenEventLogA(IN PANSI_STRING UNCServerNameA
,
885 IN PANSI_STRING SourceNameA
,
886 OUT PHANDLE phEventLog
)
889 PSTR pUNCServerName
= NULL
;
891 if (!phEventLog
|| !SourceNameA
|| (SourceNameA
->Length
== 0))
892 return STATUS_INVALID_PARAMETER
;
894 if (UNCServerNameA
&& (UNCServerNameA
->Length
!= 0))
895 pUNCServerName
= UNCServerNameA
->Buffer
;
901 Status
= ElfrOpenELA(pUNCServerName
,
902 (PRPC_STRING
)SourceNameA
,
905 (IELF_HANDLE
*)phEventLog
);
907 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
909 Status
= I_RpcMapWin32Status(RpcExceptionCode());
917 OpenEventLogA(IN LPCSTR lpUNCServerName
,
918 IN LPCSTR lpSourceName
)
922 ANSI_STRING UNCServerName
, SourceName
;
924 TRACE("%s, %s\n", lpUNCServerName
, lpSourceName
);
926 RtlInitAnsiString(&UNCServerName
, lpUNCServerName
);
927 RtlInitAnsiString(&SourceName
, lpSourceName
);
929 Status
= ElfOpenEventLogA(&UNCServerName
, &SourceName
, &hEventLog
);
930 if (!NT_SUCCESS(Status
))
932 SetLastError(RtlNtStatusToDosError(Status
));
940 /******************************************************************************
941 * OpenEventLogW [ADVAPI32.@]
949 ElfOpenEventLogW(IN PUNICODE_STRING UNCServerNameU
,
950 IN PUNICODE_STRING SourceNameU
,
951 OUT PHANDLE phEventLog
)
954 PWSTR pUNCServerName
= NULL
;
956 if (!phEventLog
|| !SourceNameU
|| (SourceNameU
->Length
== 0))
957 return STATUS_INVALID_PARAMETER
;
959 if (UNCServerNameU
&& (UNCServerNameU
->Length
!= 0))
960 pUNCServerName
= UNCServerNameU
->Buffer
;
966 Status
= ElfrOpenELW(pUNCServerName
,
967 (PRPC_UNICODE_STRING
)SourceNameU
,
970 (IELF_HANDLE
*)phEventLog
);
972 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
974 Status
= I_RpcMapWin32Status(RpcExceptionCode());
982 OpenEventLogW(IN LPCWSTR lpUNCServerName
,
983 IN LPCWSTR lpSourceName
)
987 UNICODE_STRING UNCServerName
, SourceName
;
989 TRACE("%s, %s\n", debugstr_w(lpUNCServerName
), debugstr_w(lpSourceName
));
991 RtlInitUnicodeString(&UNCServerName
, lpUNCServerName
);
992 RtlInitUnicodeString(&SourceName
, lpSourceName
);
994 Status
= ElfOpenEventLogW(&UNCServerName
, &SourceName
, &hEventLog
);
995 if (!NT_SUCCESS(Status
))
997 SetLastError(RtlNtStatusToDosError(Status
));
1005 /******************************************************************************
1006 * ReadEventLogA [ADVAPI32.@]
1010 ElfReadEventLogA(IN HANDLE hEventLog
,
1012 IN ULONG RecordOffset
,
1014 IN ULONG NumberOfBytesToRead
,
1015 OUT PULONG NumberOfBytesRead
,
1016 OUT PULONG MinNumberOfBytesNeeded
)
1021 if (!Buffer
|| !NumberOfBytesRead
|| !MinNumberOfBytesNeeded
)
1023 return STATUS_INVALID_PARAMETER
;
1026 Flags
= ReadFlags
& (EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_SEEK_READ
);
1027 if (Flags
== (EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_SEEK_READ
))
1029 return STATUS_INVALID_PARAMETER
;
1032 Flags
= ReadFlags
& (EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
);
1033 if (Flags
== (EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
))
1035 return STATUS_INVALID_PARAMETER
;
1040 Status
= ElfrReadELA(hEventLog
,
1043 NumberOfBytesToRead
,
1046 MinNumberOfBytesNeeded
);
1048 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1050 Status
= I_RpcMapWin32Status(RpcExceptionCode());
1058 ReadEventLogA(IN HANDLE hEventLog
,
1059 IN DWORD dwReadFlags
,
1060 IN DWORD dwRecordOffset
,
1061 OUT LPVOID lpBuffer
,
1062 IN DWORD nNumberOfBytesToRead
,
1063 OUT DWORD
*pnBytesRead
,
1064 OUT DWORD
*pnMinNumberOfBytesNeeded
)
1068 TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1069 hEventLog
, dwReadFlags
, dwRecordOffset
, lpBuffer
,
1070 nNumberOfBytesToRead
, pnBytesRead
, pnMinNumberOfBytesNeeded
);
1072 Status
= ElfReadEventLogA(hEventLog
,
1076 nNumberOfBytesToRead
,
1078 pnMinNumberOfBytesNeeded
);
1079 if (!NT_SUCCESS(Status
))
1081 SetLastError(RtlNtStatusToDosError(Status
));
1089 /******************************************************************************
1090 * ReadEventLogW [ADVAPI32.@]
1097 * nNumberOfBytesToRead []
1099 * pnMinNumberOfBytesNeeded []
1103 ElfReadEventLogW(IN HANDLE hEventLog
,
1105 IN ULONG RecordOffset
,
1107 IN ULONG NumberOfBytesToRead
,
1108 OUT PULONG NumberOfBytesRead
,
1109 OUT PULONG MinNumberOfBytesNeeded
)
1114 if (!Buffer
|| !NumberOfBytesRead
|| !MinNumberOfBytesNeeded
)
1116 return STATUS_INVALID_PARAMETER
;
1119 Flags
= ReadFlags
& (EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_SEEK_READ
);
1120 if (Flags
== (EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_SEEK_READ
))
1122 return STATUS_INVALID_PARAMETER
;
1125 Flags
= ReadFlags
& (EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
);
1126 if (Flags
== (EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
))
1128 return STATUS_INVALID_PARAMETER
;
1133 Status
= ElfrReadELW(hEventLog
,
1136 NumberOfBytesToRead
,
1139 MinNumberOfBytesNeeded
);
1141 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1143 Status
= I_RpcMapWin32Status(RpcExceptionCode());
1151 ReadEventLogW(IN HANDLE hEventLog
,
1152 IN DWORD dwReadFlags
,
1153 IN DWORD dwRecordOffset
,
1154 OUT LPVOID lpBuffer
,
1155 IN DWORD nNumberOfBytesToRead
,
1156 OUT DWORD
*pnBytesRead
,
1157 OUT DWORD
*pnMinNumberOfBytesNeeded
)
1161 TRACE("%p, %lu, %lu, %p, %lu, %p, %p\n",
1162 hEventLog
, dwReadFlags
, dwRecordOffset
, lpBuffer
,
1163 nNumberOfBytesToRead
, pnBytesRead
, pnMinNumberOfBytesNeeded
);
1165 Status
= ElfReadEventLogW(hEventLog
,
1169 nNumberOfBytesToRead
,
1171 pnMinNumberOfBytesNeeded
);
1172 if (!NT_SUCCESS(Status
))
1174 SetLastError(RtlNtStatusToDosError(Status
));
1182 /******************************************************************************
1183 * RegisterEventSourceA [ADVAPI32.@]
1187 ElfRegisterEventSourceA(IN PANSI_STRING UNCServerNameA
,
1188 IN PANSI_STRING SourceNameA
,
1189 OUT PHANDLE phEventLog
)
1192 PSTR pUNCServerName
= NULL
;
1194 if (!phEventLog
|| !SourceNameA
|| (SourceNameA
->Length
== 0))
1195 return STATUS_INVALID_PARAMETER
;
1197 if (UNCServerNameA
&& (UNCServerNameA
->Length
!= 0))
1198 pUNCServerName
= UNCServerNameA
->Buffer
;
1204 Status
= ElfrRegisterEventSourceA(pUNCServerName
,
1205 (PRPC_STRING
)SourceNameA
,
1208 (IELF_HANDLE
*)phEventLog
);
1210 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1212 Status
= I_RpcMapWin32Status(RpcExceptionCode());
1220 RegisterEventSourceA(IN LPCSTR lpUNCServerName
,
1221 IN LPCSTR lpSourceName
)
1225 ANSI_STRING UNCServerName
, SourceName
;
1227 TRACE("%s, %s\n", lpUNCServerName
, lpSourceName
);
1229 RtlInitAnsiString(&UNCServerName
, lpUNCServerName
);
1230 RtlInitAnsiString(&SourceName
, lpSourceName
);
1232 Status
= ElfRegisterEventSourceA(&UNCServerName
, &SourceName
, &hEventLog
);
1233 if (!NT_SUCCESS(Status
))
1235 SetLastError(RtlNtStatusToDosError(Status
));
1243 /******************************************************************************
1244 * RegisterEventSourceW [ADVAPI32.@]
1245 * Returns a registered handle to an event log
1248 * lpUNCServerName [I] Server name for source
1249 * lpSourceName [I] Source name for registered handle
1257 ElfRegisterEventSourceW(IN PUNICODE_STRING UNCServerNameU
,
1258 IN PUNICODE_STRING SourceNameU
,
1259 OUT PHANDLE phEventLog
)
1262 PWSTR pUNCServerName
= NULL
;
1264 if (!phEventLog
|| !SourceNameU
|| (SourceNameU
->Length
== 0))
1265 return STATUS_INVALID_PARAMETER
;
1267 if (UNCServerNameU
&& (UNCServerNameU
->Length
!= 0))
1268 pUNCServerName
= UNCServerNameU
->Buffer
;
1274 Status
= ElfrRegisterEventSourceW(pUNCServerName
,
1275 (PRPC_UNICODE_STRING
)SourceNameU
,
1278 (IELF_HANDLE
*)phEventLog
);
1280 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1282 Status
= I_RpcMapWin32Status(RpcExceptionCode());
1290 RegisterEventSourceW(IN LPCWSTR lpUNCServerName
,
1291 IN LPCWSTR lpSourceName
)
1295 UNICODE_STRING UNCServerName
, SourceName
;
1297 TRACE("%s, %s\n", debugstr_w(lpUNCServerName
), debugstr_w(lpSourceName
));
1299 RtlInitUnicodeString(&UNCServerName
, lpUNCServerName
);
1300 RtlInitUnicodeString(&SourceName
, lpSourceName
);
1302 Status
= ElfRegisterEventSourceW(&UNCServerName
, &SourceName
, &hEventLog
);
1303 if (!NT_SUCCESS(Status
))
1305 SetLastError(RtlNtStatusToDosError(Status
));
1313 /******************************************************************************
1314 * ReportEventA [ADVAPI32.@]
1318 ElfReportEventA(IN HANDLE hEventLog
,
1319 IN USHORT EventType
,
1320 IN USHORT EventCategory
,
1323 IN USHORT NumStrings
,
1325 IN PANSI_STRING
* Strings
,
1328 IN OUT PULONG RecordNumber
,
1329 IN OUT PULONG TimeWritten
)
1332 LARGE_INTEGER SystemTime
;
1335 ANSI_STRING ComputerName
;
1336 CHAR szComputerName
[MAX_COMPUTERNAME_LENGTH
+ 1];
1338 dwSize
= ARRAYSIZE(szComputerName
);
1339 GetComputerNameA(szComputerName
, &dwSize
);
1340 RtlInitAnsiString(&ComputerName
, szComputerName
);
1342 NtQuerySystemTime(&SystemTime
);
1343 RtlTimeToSecondsSince1970(&SystemTime
, &Time
);
1347 Status
= ElfrReportEventA(hEventLog
,
1354 (PRPC_STRING
)&ComputerName
,
1356 (PRPC_STRING
*)Strings
,
1362 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1364 Status
= I_RpcMapWin32Status(RpcExceptionCode());
1372 ReportEventA(IN HANDLE hEventLog
,
1377 IN WORD wNumStrings
,
1378 IN DWORD dwDataSize
,
1379 IN LPCSTR
*lpStrings
,
1380 IN LPVOID lpRawData
)
1383 PANSI_STRING
*Strings
;
1386 TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1387 hEventLog
, wType
, wCategory
, dwEventID
, lpUserSid
,
1388 wNumStrings
, dwDataSize
, lpStrings
, lpRawData
);
1390 Strings
= HeapAlloc(GetProcessHeap(),
1392 wNumStrings
* sizeof(PANSI_STRING
));
1395 SetLastError(ERROR_NOT_ENOUGH_MEMORY
);
1399 for (i
= 0; i
< wNumStrings
; i
++)
1401 Strings
[i
] = HeapAlloc(GetProcessHeap(),
1403 sizeof(ANSI_STRING
));
1406 RtlInitAnsiString(Strings
[i
], lpStrings
[i
]);
1410 Status
= ElfReportEventA(hEventLog
,
1423 for (i
= 0; i
< wNumStrings
; i
++)
1425 if (Strings
[i
] != NULL
)
1426 HeapFree(GetProcessHeap(), 0, Strings
[i
]);
1429 HeapFree(GetProcessHeap(), 0, Strings
);
1431 if (!NT_SUCCESS(Status
))
1433 SetLastError(RtlNtStatusToDosError(Status
));
1441 /******************************************************************************
1442 * ReportEventW [ADVAPI32.@]
1457 ElfReportEventW(IN HANDLE hEventLog
,
1458 IN USHORT EventType
,
1459 IN USHORT EventCategory
,
1462 IN USHORT NumStrings
,
1464 IN PUNICODE_STRING
* Strings
,
1467 IN OUT PULONG RecordNumber
,
1468 IN OUT PULONG TimeWritten
)
1471 LARGE_INTEGER SystemTime
;
1474 UNICODE_STRING ComputerName
;
1475 WCHAR szComputerName
[MAX_COMPUTERNAME_LENGTH
+ 1];
1477 dwSize
= ARRAYSIZE(szComputerName
);
1478 GetComputerNameW(szComputerName
, &dwSize
);
1479 RtlInitUnicodeString(&ComputerName
, szComputerName
);
1481 NtQuerySystemTime(&SystemTime
);
1482 RtlTimeToSecondsSince1970(&SystemTime
, &Time
);
1486 Status
= ElfrReportEventW(hEventLog
,
1493 (PRPC_UNICODE_STRING
)&ComputerName
,
1495 (PRPC_UNICODE_STRING
*)Strings
,
1501 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1503 Status
= I_RpcMapWin32Status(RpcExceptionCode());
1511 ReportEventW(IN HANDLE hEventLog
,
1516 IN WORD wNumStrings
,
1517 IN DWORD dwDataSize
,
1518 IN LPCWSTR
*lpStrings
,
1519 IN LPVOID lpRawData
)
1522 PUNICODE_STRING
*Strings
;
1525 TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
1526 hEventLog
, wType
, wCategory
, dwEventID
, lpUserSid
,
1527 wNumStrings
, dwDataSize
, lpStrings
, lpRawData
);
1529 Strings
= HeapAlloc(GetProcessHeap(),
1531 wNumStrings
* sizeof(PUNICODE_STRING
));
1534 SetLastError(ERROR_NOT_ENOUGH_MEMORY
);
1538 for (i
= 0; i
< wNumStrings
; i
++)
1540 Strings
[i
] = HeapAlloc(GetProcessHeap(),
1542 sizeof(UNICODE_STRING
));
1545 RtlInitUnicodeString(Strings
[i
], lpStrings
[i
]);
1549 Status
= ElfReportEventW(hEventLog
,
1562 for (i
= 0; i
< wNumStrings
; i
++)
1564 if (Strings
[i
] != NULL
)
1565 HeapFree(GetProcessHeap(), 0, Strings
[i
]);
1568 HeapFree(GetProcessHeap(), 0, Strings
);
1570 if (!NT_SUCCESS(Status
))
1572 SetLastError(RtlNtStatusToDosError(Status
));
1581 ElfReportEventAndSourceW(IN HANDLE hEventLog
,
1583 IN PUNICODE_STRING ComputerName
,
1584 IN USHORT EventType
,
1585 IN USHORT EventCategory
,
1588 IN PUNICODE_STRING SourceName
,
1589 IN USHORT NumStrings
,
1591 IN PUNICODE_STRING
* Strings
,
1594 IN OUT PULONG RecordNumber
,
1595 IN OUT PULONG TimeWritten
)
1601 Status
= ElfrReportEventAndSourceW(hEventLog
,
1606 (PRPC_UNICODE_STRING
)SourceName
,
1609 (PRPC_UNICODE_STRING
)ComputerName
,
1611 (PRPC_UNICODE_STRING
*)Strings
,
1617 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1619 Status
= I_RpcMapWin32Status(RpcExceptionCode());
1628 ElfFlushEventLog(IN HANDLE hEventLog
)
1634 Status
= ElfrFlushEL(hEventLog
);
1636 RpcExcept(EXCEPTION_EXECUTE_HANDLER
)
1638 Status
= I_RpcMapWin32Status(RpcExceptionCode());