2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: ReactOS kernel
4 * FILE: services/eventlog/eventlog.c
5 * PURPOSE: Event logging service
6 * PROGRAMMERS: Saveliy Tretiakov (saveliyt@mail.ru)
13 VOID CALLBACK
ServiceMain(DWORD argc
, LPTSTR
*argv
);
15 SERVICE_TABLE_ENTRY ServiceTable
[2] =
17 {L
"EventLog", (LPSERVICE_MAIN_FUNCTION
)ServiceMain
},
22 PLOGFILE SystemLog
= NULL
;
24 VOID CALLBACK
ServiceMain(DWORD argc
, LPTSTR
*argv
)
28 hThread
= CreateThread(NULL
,
30 (LPTHREAD_START_ROUTINE
)
36 if(!hThread
) DPRINT("Can't create PortThread\n");
37 else CloseHandle(hThread
);
39 hThread
= CreateThread(NULL
,
41 (LPTHREAD_START_ROUTINE
)
47 if(!hThread
) DPRINT("Can't create RpcThread\n");
48 else CloseHandle(hThread
);
52 int main(int argc
, char *argv
[])
54 WCHAR SysLogPath
[MAX_PATH
];
55 MyHeap
= HeapCreate(0, 1024*256, 0);
59 DbgPrint("EventLog: FATAL ERROR, can't create heap.\n");
64 This will be fixed in near future
67 GetWindowsDirectory(SysLogPath
, MAX_PATH
);
68 lstrcat(SysLogPath
, L
"\\system32\\config\\SysEvent.evt");
70 SystemLog
= LogfCreate(L
"System", SysLogPath
);
74 DbgPrint("EventLog: FATAL ERROR, can't create %S\n", SysLogPath
);
79 StartServiceCtrlDispatcher(ServiceTable
);
87 VOID
EventTimeToSystemTime(DWORD EventTime
,
88 SYSTEMTIME
*pSystemTime
)
90 SYSTEMTIME st1970
= { 1970, 1, 0, 1, 0, 0, 0, 0 };
97 uUCT
.ft
.dwHighDateTime
= 0;
98 uUCT
.ft
.dwLowDateTime
= EventTime
;
99 SystemTimeToFileTime(&st1970
, &u1970
.ft
);
100 uUCT
.ll
= uUCT
.ll
* 10000000 + u1970
.ll
;
101 FileTimeToLocalFileTime(&uUCT
.ft
, &ftLocal
);
102 FileTimeToSystemTime(&ftLocal
, pSystemTime
);
105 VOID
SystemTimeToEventTime(SYSTEMTIME
*pSystemTime
,
108 SYSTEMTIME st1970
= { 1970, 1, 0, 1, 0, 0, 0, 0 };
114 SystemTimeToFileTime(pSystemTime
, &Time
.ft
);
115 SystemTimeToFileTime(&st1970
, &u1970
.ft
);
116 *pEventTime
= (Time
.ll
- u1970
.ll
) / 10000000;
119 VOID
PRINT_HEADER(PFILE_HEADER header
)
121 DPRINT("SizeOfHeader=%d\n",header
->SizeOfHeader
);
122 DPRINT("Signature=0x%x\n",header
->Signature
);
123 DPRINT("MajorVersion=%d\n",header
->MajorVersion
);
124 DPRINT("MinorVersion=%d\n",header
->MinorVersion
);
125 DPRINT("FirstRecordOffset=%d\n",header
->FirstRecordOffset
);
126 DPRINT("EofOffset=0x%x\n",header
->EofOffset
);
127 DPRINT("NextRecord=%d\n",header
->NextRecord
);
128 DPRINT("OldestRecord=%d\n",header
->OldestRecord
);
129 DPRINT("unknown1=0x%x\n",header
->unknown1
);
130 DPRINT("unknown2=0x%x\n",header
->unknown2
);
131 DPRINT("SizeOfHeader2=%d\n",header
->SizeOfHeader2
);
133 if(header
->Flags
& LOGFILE_FLAG1
)DPRINT("LOGFILE_FLAG1 ");
134 if(header
->Flags
& LOGFILE_FLAG2
)DPRINT("| LOGFILE_FLAG2 ");
135 if(header
->Flags
& LOGFILE_FLAG3
)DPRINT("| LOGFILE_FLAG3 ");
136 if(header
->Flags
& LOGFILE_FLAG4
)DPRINT("| LOGFILE_FLAG4");
140 VOID
PRINT_RECORD(PEVENTLOGRECORD pRec
)
146 DPRINT("Length=%d\n", pRec
->Length
);
147 DPRINT("Reserved=0x%x\n", pRec
->Reserved
);
148 DPRINT("RecordNumber=%d\n", pRec
->RecordNumber
);
150 EventTimeToSystemTime(pRec
->TimeGenerated
, &time
);
151 DPRINT("TimeGenerated=%d.%d.%d %d:%d:%d\n",
152 time
.wDay
, time
.wMonth
, time
.wYear
,
153 time
.wHour
, time
.wMinute
, time
.wSecond
);
155 EventTimeToSystemTime(pRec
->TimeWritten
, &time
);
156 DPRINT("TimeWritten=%d.%d.%d %d:%d:%d\n",
157 time
.wDay
, time
.wMonth
, time
.wYear
,
158 time
.wHour
, time
.wMinute
, time
.wSecond
);
160 DPRINT("EventID=%d\n", pRec
->EventID
);
162 switch(pRec
->EventType
)
164 case EVENTLOG_ERROR_TYPE
:
165 DPRINT("EventType = EVENTLOG_ERROR_TYPE\n");
167 case EVENTLOG_WARNING_TYPE
:
168 DPRINT("EventType = EVENTLOG_WARNING_TYPE\n");
170 case EVENTLOG_INFORMATION_TYPE
:
171 DPRINT("EventType = EVENTLOG_INFORMATION_TYPE\n");
173 case EVENTLOG_AUDIT_SUCCESS
:
174 DPRINT("EventType = EVENTLOG_AUDIT_SUCCESS\n");
176 case EVENTLOG_AUDIT_FAILURE
:
177 DPRINT("EventType = EVENTLOG_AUDIT_FAILURE\n");
180 DPRINT("EventType = %x\n");
183 DPRINT("NumStrings=%d\n", pRec
->NumStrings
);
184 DPRINT("EventCategory=%d\n", pRec
->EventCategory
);
185 DPRINT("ReservedFlags=0x%x\n", pRec
->ReservedFlags
);
186 DPRINT("ClosingRecordNumber=%d\n", pRec
->ClosingRecordNumber
);
187 DPRINT("StringOffset=%d\n", pRec
->StringOffset
);
188 DPRINT("UserSidLength=%d\n", pRec
->UserSidLength
);
189 DPRINT("UserSidOffset=%d\n", pRec
->UserSidOffset
);
190 DPRINT("DataLength=%d\n", pRec
->DataLength
);
191 DPRINT("DataOffset=%d\n", pRec
->DataOffset
);
193 DPRINT("SourceName: %S\n", (WCHAR
*)(((PBYTE
)pRec
)+sizeof(EVENTLOGRECORD
)));
194 i
= (lstrlenW((WCHAR
*)(((PBYTE
)pRec
)+sizeof(EVENTLOGRECORD
)))+1)*sizeof(WCHAR
);
195 DPRINT("ComputerName: %S\n", (WCHAR
*)(((PBYTE
)pRec
)+sizeof(EVENTLOGRECORD
)+i
));
197 if(pRec
->StringOffset
< pRec
->Length
&& pRec
->NumStrings
){
198 DPRINT("Strings:\n");
199 str
= (WCHAR
*)(((PBYTE
)pRec
)+pRec
->StringOffset
);
200 for(i
= 0; i
< pRec
->NumStrings
; i
++)
202 DPRINT("[%d] %S\n", i
, str
);
203 str
= str
+lstrlenW(str
)+1;
207 DPRINT("Length2=%d\n", *(PDWORD
)(((PBYTE
)pRec
)+pRec
->Length
-4));