2 * Unit tests for Event Logging functions
4 * Copyright (c) 2009 Paul Vriens
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
30 #include "wine/test.h"
32 static BOOL (WINAPI
*pCreateWellKnownSid
)(WELL_KNOWN_SID_TYPE
,PSID
,PSID
,DWORD
*);
33 static BOOL (WINAPI
*pGetEventLogInformation
)(HANDLE
,DWORD
,LPVOID
,DWORD
,LPDWORD
);
35 static BOOL (WINAPI
*pGetComputerNameExA
)(COMPUTER_NAME_FORMAT
,LPSTR
,LPDWORD
);
36 static BOOL (WINAPI
*pWow64DisableWow64FsRedirection
)(PVOID
*);
37 static BOOL (WINAPI
*pWow64RevertWow64FsRedirection
)(PVOID
);
39 static void init_function_pointers(void)
41 HMODULE hadvapi32
= GetModuleHandleA("advapi32.dll");
42 HMODULE hkernel32
= GetModuleHandleA("kernel32.dll");
44 pCreateWellKnownSid
= (void*)GetProcAddress(hadvapi32
, "CreateWellKnownSid");
45 pGetEventLogInformation
= (void*)GetProcAddress(hadvapi32
, "GetEventLogInformation");
47 pGetComputerNameExA
= (void*)GetProcAddress(hkernel32
, "GetComputerNameExA");
48 pWow64DisableWow64FsRedirection
= (void*)GetProcAddress(hkernel32
, "Wow64DisableWow64FsRedirection");
49 pWow64RevertWow64FsRedirection
= (void*)GetProcAddress(hkernel32
, "Wow64RevertWow64FsRedirection");
52 static BOOL
create_backup(const char *filename
)
57 DeleteFileA(filename
);
58 handle
= OpenEventLogA(NULL
, "Application");
59 rc
= BackupEventLogA(handle
, filename
);
60 if (!rc
&& GetLastError() == ERROR_PRIVILEGE_NOT_HELD
)
62 skip("insufficient privileges to backup the eventlog\n");
63 CloseEventLog(handle
);
66 ok(rc
, "BackupEventLogA failed, le=%u\n", GetLastError());
67 CloseEventLog(handle
);
69 attribs
= GetFileAttributesA(filename
);
71 ok(attribs
!= INVALID_FILE_ATTRIBUTES
, "Expected a backup file attribs=%#x le=%u\n", attribs
, GetLastError());
75 static void test_open_close(void)
80 SetLastError(0xdeadbeef);
81 ret
= CloseEventLog(NULL
);
82 ok(!ret
, "Expected failure\n");
83 ok(GetLastError() == ERROR_INVALID_HANDLE
||
84 GetLastError() == ERROR_NOACCESS
, /* W2K */
85 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
87 SetLastError(0xdeadbeef);
88 handle
= OpenEventLogA(NULL
, NULL
);
89 ok(handle
== NULL
, "Didn't expect a handle\n");
90 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
92 SetLastError(0xdeadbeef);
93 handle
= OpenEventLogA("IDontExist", NULL
);
94 ok(handle
== NULL
, "Didn't expect a handle\n");
95 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
97 SetLastError(0xdeadbeef);
98 handle
= OpenEventLogA("IDontExist", "deadbeef");
99 ok(handle
== NULL
, "Didn't expect a handle\n");
100 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE
||
101 GetLastError() == RPC_S_INVALID_NET_ADDR
, /* Some Vista and Win7 */
102 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
104 /* This one opens the Application log */
105 handle
= OpenEventLogA(NULL
, "deadbeef");
106 ok(handle
!= NULL
, "Expected a handle\n");
107 ret
= CloseEventLog(handle
);
108 ok(ret
, "Expected success\n");
109 /* Close a second time */
110 SetLastError(0xdeadbeef);
111 ret
= CloseEventLog(handle
);
114 ok(!ret
, "Expected failure\n");
115 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
118 /* Empty servername should be read as local server */
119 handle
= OpenEventLogA("", "Application");
120 ok(handle
!= NULL
, "Expected a handle\n");
121 CloseEventLog(handle
);
123 handle
= OpenEventLogA(NULL
, "Application");
124 ok(handle
!= NULL
, "Expected a handle\n");
125 CloseEventLog(handle
);
128 static void test_info(void)
133 BYTE buffer
[2 * sizeof(EVENTLOG_FULL_INFORMATION
)];
134 EVENTLOG_FULL_INFORMATION
*efi
= (void *)buffer
;
136 if (!pGetEventLogInformation
)
139 win_skip("GetEventLogInformation is not available\n");
142 SetLastError(0xdeadbeef);
143 ret
= pGetEventLogInformation(NULL
, 1, NULL
, 0, NULL
);
144 ok(!ret
, "Expected failure\n");
145 ok(GetLastError() == ERROR_INVALID_LEVEL
, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
147 SetLastError(0xdeadbeef);
148 ret
= pGetEventLogInformation(NULL
, EVENTLOG_FULL_INFO
, NULL
, 0, NULL
);
149 ok(!ret
, "Expected failure\n");
150 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
152 handle
= OpenEventLogA(NULL
, "Application");
154 SetLastError(0xdeadbeef);
155 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, NULL
, 0, NULL
);
156 ok(!ret
, "Expected failure\n");
157 ok(GetLastError() == RPC_X_NULL_REF_POINTER
, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
159 SetLastError(0xdeadbeef);
160 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, NULL
, 0, &needed
);
161 ok(!ret
, "Expected failure\n");
162 ok(GetLastError() == RPC_X_NULL_REF_POINTER
, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
164 SetLastError(0xdeadbeef);
165 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, efi
, 0, NULL
);
166 ok(!ret
, "Expected failure\n");
167 ok(GetLastError() == RPC_X_NULL_REF_POINTER
, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
169 SetLastError(0xdeadbeef);
171 efi
->dwFull
= 0xdeadbeef;
172 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, efi
, 0, &needed
);
173 ok(!ret
, "Expected failure\n");
174 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER
, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
175 ok(needed
== sizeof(EVENTLOG_FULL_INFORMATION
), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed
);
176 ok(efi
->dwFull
== 0xdeadbeef, "Expected no change to the dwFull member\n");
178 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
179 efi
->dwFull
= 0xdeadbeef;
180 needed
= sizeof(buffer
);
181 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, efi
, needed
, &needed
);
182 ok(ret
, "Expected success\n");
183 ok(needed
== sizeof(EVENTLOG_FULL_INFORMATION
), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed
);
184 ok(efi
->dwFull
== 0 || efi
->dwFull
== 1, "Expected 0 (not full) or 1 (full), got %d\n", efi
->dwFull
);
186 CloseEventLog(handle
);
189 static void test_count(void)
194 const char backup
[] = "backup.evt";
196 SetLastError(0xdeadbeef);
197 ret
= GetNumberOfEventLogRecords(NULL
, NULL
);
198 ok(!ret
, "Expected failure\n");
199 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
201 SetLastError(0xdeadbeef);
203 ret
= GetNumberOfEventLogRecords(NULL
, &count
);
204 ok(!ret
, "Expected failure\n");
205 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
206 ok(count
== 0xdeadbeef, "Expected count to stay unchanged\n");
208 handle
= OpenEventLogA(NULL
, "Application");
210 SetLastError(0xdeadbeef);
211 ret
= GetNumberOfEventLogRecords(handle
, NULL
);
212 ok(!ret
, "Expected failure\n");
213 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
216 ret
= GetNumberOfEventLogRecords(handle
, &count
);
217 ok(ret
, "Expected success\n");
218 ok(count
!= 0xdeadbeef, "Expected the number of records\n");
220 CloseEventLog(handle
);
222 /* Make a backup eventlog to work with */
223 if (create_backup(backup
))
225 handle
= OpenBackupEventLogA(NULL
, backup
);
227 ok(handle
!= NULL
, "Expected a handle, le=%d\n", GetLastError());
229 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
231 ret
= GetNumberOfEventLogRecords(handle
, &count
);
234 ok(ret
, "Expected success\n");
235 ok(count
!= 0xdeadbeef, "Expected the number of records\n");
238 CloseEventLog(handle
);
243 static void test_oldest(void)
248 const char backup
[] = "backup.evt";
250 SetLastError(0xdeadbeef);
251 ret
= GetOldestEventLogRecord(NULL
, NULL
);
252 ok(!ret
, "Expected failure\n");
253 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
255 SetLastError(0xdeadbeef);
257 ret
= GetOldestEventLogRecord(NULL
, &oldest
);
258 ok(!ret
, "Expected failure\n");
259 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
260 ok(oldest
== 0xdeadbeef, "Expected oldest to stay unchanged\n");
262 handle
= OpenEventLogA(NULL
, "Application");
264 SetLastError(0xdeadbeef);
265 ret
= GetOldestEventLogRecord(handle
, NULL
);
266 ok(!ret
, "Expected failure\n");
267 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
270 ret
= GetOldestEventLogRecord(handle
, &oldest
);
271 ok(ret
, "Expected success\n");
272 ok(oldest
!= 0xdeadbeef, "Expected the number of the oldest record\n");
274 CloseEventLog(handle
);
276 /* Make a backup eventlog to work with */
277 if (create_backup(backup
))
279 handle
= OpenBackupEventLogA(NULL
, backup
);
281 ok(handle
!= NULL
, "Expected a handle\n");
283 /* Does GetOldestEventLogRecord work with backup eventlogs? */
285 ret
= GetOldestEventLogRecord(handle
, &oldest
);
288 ok(ret
, "Expected success\n");
289 ok(oldest
!= 0xdeadbeef, "Expected the number of the oldest record\n");
292 CloseEventLog(handle
);
297 static void test_backup(void)
301 const char backup
[] = "backup.evt";
302 const char backup2
[] = "backup2.evt";
304 SetLastError(0xdeadbeef);
305 ret
= BackupEventLogA(NULL
, NULL
);
306 ok(!ret
, "Expected failure\n");
307 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
309 SetLastError(0xdeadbeef);
310 ret
= BackupEventLogA(NULL
, backup
);
311 ok(!ret
, "Expected failure\n");
312 ok(GetFileAttributesA(backup
) == INVALID_FILE_ATTRIBUTES
, "Expected no backup file\n");
314 handle
= OpenEventLogA(NULL
, "Application");
316 SetLastError(0xdeadbeef);
317 ret
= BackupEventLogA(handle
, NULL
);
318 ok(!ret
, "Expected failure\n");
319 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
321 ret
= BackupEventLogA(handle
, backup
);
322 if (!ret
&& GetLastError() == ERROR_PRIVILEGE_NOT_HELD
)
324 skip("insufficient privileges for backup tests\n");
325 CloseEventLog(handle
);
328 ok(ret
, "Expected success\n");
330 ok(GetFileAttributesA(backup
) != INVALID_FILE_ATTRIBUTES
, "Expected a backup file\n");
332 /* Try to overwrite */
333 SetLastError(0xdeadbeef);
334 ret
= BackupEventLogA(handle
, backup
);
337 ok(!ret
, "Expected failure\n");
338 ok(GetLastError() == ERROR_ALREADY_EXISTS
, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
341 CloseEventLog(handle
);
343 /* Can we make a backup of a backup? */
344 handle
= OpenBackupEventLogA(NULL
, backup
);
346 ok(handle
!= NULL
, "Expected a handle\n");
348 ret
= BackupEventLogA(handle
, backup2
);
351 ok(ret
, "Expected success\n");
352 ok(GetFileAttributesA(backup2
) != INVALID_FILE_ATTRIBUTES
, "Expected a backup file\n");
355 CloseEventLog(handle
);
357 DeleteFileA(backup2
);
360 static void test_read(void)
364 DWORD count
, toread
, read
, needed
;
367 SetLastError(0xdeadbeef);
368 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, NULL
, NULL
);
369 ok(!ret
, "Expected failure\n");
371 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
374 SetLastError(0xdeadbeef);
375 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, &read
, NULL
);
376 ok(!ret
, "Expected failure\n");
377 ok(read
== 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
379 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
382 SetLastError(0xdeadbeef);
383 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, NULL
, &needed
);
384 ok(!ret
, "Expected failure\n");
385 ok(needed
== 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
387 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
389 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
390 SetLastError(0xdeadbeef);
391 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, &read
, &needed
);
392 ok(!ret
, "Expected failure\n");
394 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
396 SetLastError(0xdeadbeef);
397 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
, 0, NULL
, 0, NULL
, NULL
);
398 ok(!ret
, "Expected failure\n");
400 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
402 SetLastError(0xdeadbeef);
403 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
, 0, NULL
, 0, &read
, &needed
);
404 ok(!ret
, "Expected failure\n");
406 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
409 SetLastError(0xdeadbeef);
410 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
411 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
412 ok(!ret
, "Expected failure\n");
414 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
416 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
417 SetLastError(0xdeadbeef);
418 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
419 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
420 ok(!ret
, "Expected failure\n");
422 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
423 HeapFree(GetProcessHeap(), 0, buf
);
425 handle
= OpenEventLogA(NULL
, "Application");
427 /* Show that we need the proper dwFlags with a (for the rest) proper call */
428 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
430 SetLastError(0xdeadbeef);
431 ret
= ReadEventLogA(handle
, 0, 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
432 ok(!ret
, "Expected failure\n");
434 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
436 SetLastError(0xdeadbeef);
437 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
, 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
438 ok(!ret
, "Expected failure\n");
440 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
442 SetLastError(0xdeadbeef);
443 ret
= ReadEventLogA(handle
, EVENTLOG_SEEK_READ
, 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
444 ok(!ret
, "Expected failure\n");
446 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
448 SetLastError(0xdeadbeef);
449 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
,
450 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
451 ok(!ret
, "Expected failure\n");
453 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
455 SetLastError(0xdeadbeef);
456 ret
= ReadEventLogA(handle
, EVENTLOG_SEEK_READ
| EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
,
457 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
458 ok(!ret
, "Expected failure\n");
460 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
462 SetLastError(0xdeadbeef);
463 ret
= ReadEventLogA(handle
, EVENTLOG_SEEK_READ
| EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
464 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
465 ok(!ret
, "Expected failure\n");
467 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
469 HeapFree(GetProcessHeap(), 0, buf
);
471 /* First check if there are any records (in practice only on Wine: FIXME) */
473 GetNumberOfEventLogRecords(handle
, &count
);
476 skip("No records in the 'Application' log\n");
477 CloseEventLog(handle
);
481 /* Get the buffer size for the first record */
482 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
483 read
= needed
= 0xdeadbeef;
484 SetLastError(0xdeadbeef);
485 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
486 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
487 ok(!ret
, "Expected failure\n");
488 ok(read
== 0, "Expected no bytes read\n");
489 ok(needed
> sizeof(EVENTLOGRECORD
), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
490 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
492 /* Read the first record */
494 buf
= HeapReAlloc(GetProcessHeap(), 0, buf
, toread
);
495 read
= needed
= 0xdeadbeef;
496 SetLastError(0xdeadbeef);
497 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
, 0, buf
, toread
, &read
, &needed
);
498 ok(ret
, "Expected success\n");
500 broken(read
< toread
), /* NT4 wants a buffer size way bigger than just 1 record */
501 "Expected the requested size to be read\n");
502 ok(needed
== 0, "Expected no extra bytes to be read\n");
503 HeapFree(GetProcessHeap(), 0, buf
);
505 CloseEventLog(handle
);
508 static void test_openbackup(void)
510 HANDLE handle
, handle2
, file
;
512 const char backup
[] = "backup.evt";
513 const char text
[] = "Just some text";
515 SetLastError(0xdeadbeef);
516 handle
= OpenBackupEventLogA(NULL
, NULL
);
517 ok(handle
== NULL
, "Didn't expect a handle\n");
518 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
520 SetLastError(0xdeadbeef);
521 handle
= OpenBackupEventLogA(NULL
, "idontexist.evt");
522 ok(handle
== NULL
, "Didn't expect a handle\n");
523 ok(GetLastError() == ERROR_FILE_NOT_FOUND
, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
525 SetLastError(0xdeadbeef);
526 handle
= OpenBackupEventLogA("IDontExist", NULL
);
527 ok(handle
== NULL
, "Didn't expect a handle\n");
528 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
530 SetLastError(0xdeadbeef);
531 handle
= OpenBackupEventLogA("IDontExist", "idontexist.evt");
532 ok(handle
== NULL
, "Didn't expect a handle\n");
533 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE
||
534 GetLastError() == RPC_S_INVALID_NET_ADDR
, /* Some Vista and Win7 */
535 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
537 /* Make a backup eventlog to work with */
538 if (create_backup(backup
))
540 /* FIXME: Wine stops here */
541 if (GetFileAttributesA(backup
) == INVALID_FILE_ATTRIBUTES
)
543 skip("We don't have a backup eventlog to work with\n");
547 SetLastError(0xdeadbeef);
548 handle
= OpenBackupEventLogA("IDontExist", backup
);
549 ok(handle
== NULL
, "Didn't expect a handle\n");
550 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE
||
551 GetLastError() == RPC_S_INVALID_NET_ADDR
, /* Some Vista and Win7 */
552 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
554 /* Empty servername should be read as local server */
555 handle
= OpenBackupEventLogA("", backup
);
556 ok(handle
!= NULL
, "Expected a handle\n");
557 CloseEventLog(handle
);
559 handle
= OpenBackupEventLogA(NULL
, backup
);
560 ok(handle
!= NULL
, "Expected a handle\n");
562 /* Can we open that same backup eventlog more than once? */
563 handle2
= OpenBackupEventLogA(NULL
, backup
);
564 ok(handle2
!= NULL
, "Expected a handle\n");
565 ok(handle2
!= handle
, "Didn't expect the same handle\n");
566 CloseEventLog(handle2
);
568 CloseEventLog(handle
);
572 /* Is there any content checking done? */
573 file
= CreateFileA(backup
, GENERIC_WRITE
, 0, NULL
, CREATE_NEW
, 0, NULL
);
575 SetLastError(0xdeadbeef);
576 handle
= OpenBackupEventLogA(NULL
, backup
);
577 ok(handle
== NULL
, "Didn't expect a handle\n");
578 ok(GetLastError() == ERROR_NOT_ENOUGH_MEMORY
||
579 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT
, /* Vista and Win7 */
580 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
581 CloseEventLog(handle
);
584 file
= CreateFileA(backup
, GENERIC_WRITE
, 0, NULL
, CREATE_NEW
, 0, NULL
);
585 WriteFile(file
, text
, sizeof(text
), &written
, NULL
);
587 SetLastError(0xdeadbeef);
588 handle
= OpenBackupEventLogA(NULL
, backup
);
589 ok(handle
== NULL
, "Didn't expect a handle\n");
590 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT
, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
591 CloseEventLog(handle
);
595 static void test_clear(void)
599 const char backup
[] = "backup.evt";
600 const char backup2
[] = "backup2.evt";
602 SetLastError(0xdeadbeef);
603 ret
= ClearEventLogA(NULL
, NULL
);
604 ok(!ret
, "Expected failure\n");
605 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
607 /* Make a backup eventlog to work with */
608 if (!create_backup(backup
))
611 SetLastError(0xdeadbeef);
612 ret
= ClearEventLogA(NULL
, backup
);
613 ok(!ret
, "Expected failure\n");
614 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
616 handle
= OpenBackupEventLogA(NULL
, backup
);
618 ok(handle
!= NULL
, "Expected a handle\n");
620 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
621 SetLastError(0xdeadbeef);
622 ret
= ClearEventLogA(handle
, backup
);
623 ok(!ret
, "Expected failure\n");
624 /* The eventlog service runs under an account that doesn't have the necessary
625 * permissions on the users home directory on a default Vista+ system.
627 ok(GetLastError() == ERROR_INVALID_HANDLE
||
628 GetLastError() == ERROR_ACCESS_DENIED
, /* Vista+ */
629 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
631 /* Show that ClearEventLog only works for real eventlogs. */
632 SetLastError(0xdeadbeef);
633 ret
= ClearEventLogA(handle
, backup2
);
634 ok(!ret
, "Expected failure\n");
635 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
636 ok(GetFileAttributesA(backup2
) == INVALID_FILE_ATTRIBUTES
, "Expected no backup file\n");
638 SetLastError(0xdeadbeef);
639 ret
= ClearEventLogA(handle
, NULL
);
640 ok(!ret
, "Expected failure\n");
641 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
643 CloseEventLog(handle
);
645 ok(DeleteFileA(backup
), "Could not delete the backup file\n");
648 static const char eventlogsvc
[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
649 static const char eventlogname
[] = "Wine";
650 static const char eventsources
[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
652 static BOOL
create_new_eventlog(void)
659 /* First create our eventlog */
660 lret
= RegOpenKeyA(HKEY_LOCAL_MACHINE
, eventlogsvc
, &key
);
661 if (lret
!= ERROR_SUCCESS
)
663 skip("Could not open the EventLog service registry key\n");
666 lret
= RegCreateKeyA(key
, eventlogname
, &eventkey
);
667 if (lret
!= ERROR_SUCCESS
)
669 skip("Could not create the eventlog '%s' registry key\n", eventlogname
);
673 /* Create some event sources, the registry value 'Sources' is updated automatically */
674 for (i
= 0; i
< sizeof(eventsources
)/sizeof(eventsources
[0]); i
++)
678 lret
= RegCreateKeyA(eventkey
, eventsources
[i
], &srckey
);
679 if (lret
!= ERROR_SUCCESS
)
681 skip("Could not create the eventsource '%s' registry key\n", eventsources
[i
]);
690 /* The flushing of the registry (here and above) gives us some assurance
691 * that we are not to quickly writing events as 'Sources' could still be
694 RegFlushKey(eventkey
);
696 RegCloseKey(eventkey
);
702 static const char *one_string
[] = { "First string" };
703 static const char *two_strings
[] = { "First string", "Second string" };
712 const char **evt_strings
;
715 { eventlogname
, EVENTLOG_INFORMATION_TYPE
, 1, 1, FALSE
, 1, one_string
},
716 { eventsources
[0], EVENTLOG_WARNING_TYPE
, 1, 2, FALSE
, 0, NULL
},
717 { eventsources
[1], EVENTLOG_AUDIT_FAILURE
, 1, 3, FALSE
, 2, two_strings
},
718 { eventsources
[2], EVENTLOG_ERROR_TYPE
, 1, 4, FALSE
, 0, NULL
},
719 { eventsources
[3], EVENTLOG_WARNING_TYPE
, 1, 5, FALSE
, 1, one_string
},
720 { eventlogname
, EVENTLOG_SUCCESS
, 2, 6, TRUE
, 2, two_strings
},
721 { eventsources
[0], EVENTLOG_AUDIT_FAILURE
, 2, 7, TRUE
, 0, NULL
},
722 { eventsources
[1], EVENTLOG_AUDIT_SUCCESS
, 2, 8, TRUE
, 2, two_strings
},
723 { eventsources
[2], EVENTLOG_WARNING_TYPE
, 2, 9, TRUE
, 0, NULL
},
724 { eventsources
[3], EVENTLOG_ERROR_TYPE
, 2, 10, TRUE
, 1, one_string
}
727 static void test_readwrite(void)
731 DWORD sidsize
, count
;
732 BOOL ret
, sidavailable
;
733 BOOL on_vista
= FALSE
; /* Used to indicate Vista, W2K8 or Win7 */
735 char *localcomputer
= NULL
;
738 if (pCreateWellKnownSid
)
740 sidsize
= SECURITY_MAX_SID_SIZE
;
741 user
= HeapAlloc(GetProcessHeap(), 0, sidsize
);
742 SetLastError(0xdeadbeef);
743 pCreateWellKnownSid(WinInteractiveSid
, NULL
, user
, &sidsize
);
748 win_skip("Skipping some SID related tests\n");
749 sidavailable
= FALSE
;
753 /* Write an event with an incorrect event type. This will fail on Windows 7
754 * but succeed on all others, hence it's not part of the struct.
756 handle
= OpenEventLogA(NULL
, eventlogname
);
759 /* Intermittently seen on NT4 when tests are run immediately after boot */
760 win_skip("Could not get a handle to the eventlog\n");
765 GetNumberOfEventLogRecords(handle
, &count
);
768 /* Needed for W2K3 without a service pack */
769 win_skip("We most likely opened the Application eventlog\n");
770 CloseEventLog(handle
);
773 handle
= OpenEventLogA(NULL
, eventlogname
);
775 GetNumberOfEventLogRecords(handle
, &count
);
778 win_skip("We didn't open our new eventlog\n");
779 CloseEventLog(handle
);
784 SetLastError(0xdeadbeef);
785 ret
= ReportEventA(handle
, 0x20, 0, 0, NULL
, 0, 0, NULL
, NULL
);
786 if (!ret
&& GetLastError() == ERROR_CRC
)
788 win_skip("Win7 fails when using incorrect event types\n");
789 ret
= ReportEventA(handle
, 0, 0, 0, NULL
, 0, 0, NULL
, NULL
);
790 ok(ret
, "Expected success : %d\n", GetLastError());
795 DWORD read
, needed
= 0;
796 EVENTLOGRECORD
*record
;
798 ok(ret
, "Expected success : %d\n", GetLastError());
800 /* Needed to catch earlier Vista (with no ServicePack for example) */
801 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
802 if (!(ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
803 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
)) &&
804 GetLastError() == ERROR_INSUFFICIENT_BUFFER
)
806 buf
= HeapReAlloc(GetProcessHeap(), 0, buf
, needed
);
807 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
808 0, buf
, needed
, &read
, &needed
);
812 record
= (EVENTLOGRECORD
*)buf
;
814 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
815 * the written eventtype (0x20 in this case).
817 if (record
->EventType
== EVENTLOG_SUCCESS
)
820 HeapFree(GetProcessHeap(), 0, buf
);
823 /* This will clear the eventlog. The record numbering for new
824 * events however differs on Vista SP1+. Before Vista the first
825 * event would be numbered 1, on Vista SP1+ it's higher as we already
826 * had at least one event (more in case of multiple test runs without
829 ClearEventLogA(handle
, NULL
);
830 CloseEventLog(handle
);
832 /* Write a bunch of events while using different event sources */
833 for (i
= 0; i
< sizeof(read_write
)/sizeof(read_write
[0]); i
++)
836 BOOL run_sidtests
= read_write
[i
].evt_sid
& sidavailable
;
838 /* We don't need to use RegisterEventSource to report events */
840 handle
= OpenEventLogA(NULL
, read_write
[i
].evt_src
);
842 handle
= RegisterEventSourceA(NULL
, read_write
[i
].evt_src
);
843 ok(handle
!= NULL
, "Expected a handle\n");
845 SetLastError(0xdeadbeef);
846 ret
= ReportEventA(handle
, read_write
[i
].evt_type
, read_write
[i
].evt_cat
,
847 read_write
[i
].evt_id
, run_sidtests
? user
: NULL
,
848 read_write
[i
].evt_numstrings
, 0, read_write
[i
].evt_strings
, NULL
);
849 ok(ret
, "Expected ReportEvent success : %d\n", GetLastError());
852 SetLastError(0xdeadbeef);
853 ret
= GetNumberOfEventLogRecords(handle
, &count
);
854 ok(ret
, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
856 ok(count
== (i
+ 1), "Expected %d records, got %d\n", i
+ 1, count
);
859 ret
= GetOldestEventLogRecord(handle
, &oldest
);
860 ok(ret
, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
863 (oldest
> 1 && oldest
!= 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
864 "Expected oldest to be 1 or higher, got %d\n", oldest
);
865 if (oldest
> 1 && oldest
!= 0xdeadbeef)
868 SetLastError(0xdeadbeef);
870 ret
= CloseEventLog(handle
);
872 ret
= DeregisterEventSource(handle
);
873 ok(ret
, "Expected success : %d\n", GetLastError());
876 handle
= OpenEventLogA(NULL
, eventlogname
);
878 ret
= GetNumberOfEventLogRecords(handle
, &count
);
879 ok(ret
, "Expected success\n");
881 ok(count
== i
, "Expected %d records, got %d\n", i
, count
);
882 CloseEventLog(handle
);
886 skip("No events were written to the eventlog\n");
890 /* Report only once */
892 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
894 if (on_vista
&& pGetComputerNameExA
)
896 /* New Vista+ behavior */
898 SetLastError(0xdeadbeef);
899 pGetComputerNameExA(ComputerNameDnsFullyQualified
, NULL
, &size
);
900 localcomputer
= HeapAlloc(GetProcessHeap(), 0, size
);
901 pGetComputerNameExA(ComputerNameDnsFullyQualified
, localcomputer
, &size
);
905 size
= MAX_COMPUTERNAME_LENGTH
+ 1;
906 localcomputer
= HeapAlloc(GetProcessHeap(), 0, size
);
907 GetComputerNameA(localcomputer
, &size
);
910 /* Read all events from our created eventlog, one by one */
911 handle
= OpenEventLogA(NULL
, eventlogname
);
917 EVENTLOGRECORD
*record
;
918 char *sourcename
, *computername
;
921 BOOL run_sidtests
= read_write
[i
].evt_sid
& sidavailable
;
923 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
924 SetLastError(0xdeadbeef);
925 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
926 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
927 if (!ret
&& GetLastError() == ERROR_HANDLE_EOF
)
929 HeapFree(GetProcessHeap(), 0, buf
);
932 ok(!ret
, "Expected failure\n");
933 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER
,
934 "Expected ERROR_INVALID_PARAMETER, got %d\n",GetLastError());
936 buf
= HeapReAlloc(GetProcessHeap(), 0, buf
, needed
);
937 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
938 0, buf
, needed
, &read
, &needed
);
939 ok(ret
, "Expected success: %d\n", GetLastError());
941 record
= (EVENTLOGRECORD
*)buf
;
943 ok(record
->Length
== read
,
944 "Expected %d, got %d\n", read
, record
->Length
);
945 ok(record
->Reserved
== 0x654c664c,
946 "Expected 0x654c664c, got %d\n", record
->Reserved
);
947 ok(record
->RecordNumber
== i
+ 1 ||
948 (on_vista
&& (record
->RecordNumber
> i
+ 1)),
949 "Expected %d or higher, got %d\n", i
+ 1, record
->RecordNumber
);
950 ok(record
->EventID
== read_write
[i
].evt_id
,
951 "Expected %d, got %d\n", read_write
[i
].evt_id
, record
->EventID
);
952 ok(record
->EventType
== read_write
[i
].evt_type
,
953 "Expected %d, got %d\n", read_write
[i
].evt_type
, record
->EventType
);
954 ok(record
->NumStrings
== read_write
[i
].evt_numstrings
,
955 "Expected %d, got %d\n", read_write
[i
].evt_numstrings
, record
->NumStrings
);
956 ok(record
->EventCategory
== read_write
[i
].evt_cat
,
957 "Expected %d, got %d\n", read_write
[i
].evt_cat
, record
->EventCategory
);
959 sourcename
= (char *)((BYTE
*)buf
+ sizeof(EVENTLOGRECORD
));
960 ok(!lstrcmpA(sourcename
, read_write
[i
].evt_src
), "Expected '%s', got '%s'\n",
961 read_write
[i
].evt_src
, sourcename
);
963 computername
= (char *)((BYTE
*)buf
+ sizeof(EVENTLOGRECORD
) + lstrlenA(sourcename
) + 1);
964 ok(!lstrcmpiA(computername
, localcomputer
), "Expected '%s', got '%s'\n",
965 localcomputer
, computername
);
967 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
968 * no padding was actually required a 0 DWORD was still used for padding. No
969 * application should be relying on the padding as we are working with offsets
975 DWORD calculated_sidoffset
= sizeof(EVENTLOGRECORD
) + lstrlenA(sourcename
) + 1 + lstrlenA(computername
) + 1;
977 /* We are already DWORD aligned, there should still be some padding */
978 if ((((UINT_PTR
)buf
+ calculated_sidoffset
) % sizeof(DWORD
)) == 0)
979 ok(*(DWORD
*)((BYTE
*)buf
+ calculated_sidoffset
) == 0, "Expected 0\n");
981 ok((((UINT_PTR
)buf
+ record
->UserSidOffset
) % sizeof(DWORD
)) == 0, "Expected DWORD alignment\n");
986 ok(record
->UserSidLength
== sidsize
, "Expected %d, got %d\n", sidsize
, record
->UserSidLength
);
990 ok(record
->StringOffset
== record
->UserSidOffset
, "Expected offsets to be the same\n");
991 ok(record
->UserSidLength
== 0, "Expected 0, got %d\n", record
->UserSidLength
);
994 ok(record
->DataLength
== 0, "Expected 0, got %d\n", record
->DataLength
);
996 ptr
= (char *)((BYTE
*)buf
+ record
->StringOffset
);
997 for (k
= 0; k
< record
->NumStrings
; k
++)
999 ok(!lstrcmpA(ptr
, two_strings
[k
]), "Expected '%s', got '%s'\n", two_strings
[k
], ptr
);
1000 ptr
+= lstrlenA(ptr
) + 1;
1003 ok(record
->Length
== *(DWORD
*)((BYTE
*)buf
+ record
->Length
- sizeof(DWORD
)),
1004 "Expected the closing DWORD to contain the length of the record\n");
1006 HeapFree(GetProcessHeap(), 0, buf
);
1009 CloseEventLog(handle
);
1011 /* Test clearing a real eventlog */
1012 handle
= OpenEventLogA(NULL
, eventlogname
);
1014 SetLastError(0xdeadbeef);
1015 ret
= ClearEventLogA(handle
, NULL
);
1016 ok(ret
, "Expected success\n");
1019 ret
= GetNumberOfEventLogRecords(handle
, &count
);
1020 ok(ret
, "Expected success\n");
1021 ok(count
== 0, "Expected an empty eventlog, got %d records\n", count
);
1023 CloseEventLog(handle
);
1026 HeapFree(GetProcessHeap(), 0, localcomputer
);
1027 HeapFree(GetProcessHeap(), 0, user
);
1032 * Creating an eventlog on Windows (via the registry) automatically leads
1033 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1034 * potential event sources for this eventlog. 'Sources' is automatically
1035 * updated when a new key (aka event source) is created.
1037 * Although the updating of registry keys is almost instantaneously, we
1038 * check it after some other tests to assure we are not querying the
1039 * registry or file system to quickly.
1043 * The eventlog file itself is also automatically created, even before we
1044 * start writing events.
1046 static char eventlogfile
[MAX_PATH
];
1047 static void test_autocreation(void)
1054 char sources
[sizeof(eventsources
)];
1055 char sysdir
[MAX_PATH
];
1058 RegOpenKeyA(HKEY_LOCAL_MACHINE
, eventlogsvc
, &key
);
1059 RegOpenKeyA(key
, eventlogname
, &eventkey
);
1061 size
= sizeof(sources
);
1063 ret
= RegQueryValueExA(eventkey
, "Sources", NULL
, &type
, (LPBYTE
)sources
, &size
);
1064 if (ret
== ERROR_SUCCESS
)
1066 char sources_verify
[sizeof(eventsources
)];
1068 ok(type
== REG_MULTI_SZ
, "Expected a REG_MULTI_SZ, got %d\n", type
);
1070 /* Build the expected string */
1071 memset(sources_verify
, 0, sizeof(sources_verify
));
1073 for (i
= sizeof(eventsources
)/sizeof(eventsources
[0]); i
> 0; i
--)
1075 lstrcpyA(p
, eventsources
[i
- 1]);
1076 p
+= (lstrlenA(eventsources
[i
- 1]) + 1);
1078 lstrcpyA(p
, eventlogname
);
1080 ok(!memcmp(sources
, sources_verify
, size
),
1081 "Expected a correct 'Sources' value (size : %d)\n", size
);
1084 RegCloseKey(eventkey
);
1087 /* The directory that holds the eventlog files could be redirected */
1088 if (pWow64DisableWow64FsRedirection
)
1089 pWow64DisableWow64FsRedirection(&redir
);
1091 /* On Windows we also automatically get an eventlog file */
1092 GetSystemDirectoryA(sysdir
, sizeof(sysdir
));
1095 lstrcpyA(eventlogfile
, sysdir
);
1096 lstrcatA(eventlogfile
, "\\config\\");
1097 lstrcatA(eventlogfile
, eventlogname
);
1098 lstrcatA(eventlogfile
, ".evt");
1100 if (GetFileAttributesA(eventlogfile
) == INVALID_FILE_ATTRIBUTES
)
1103 lstrcpyA(eventlogfile
, sysdir
);
1104 lstrcatA(eventlogfile
, "\\winevt\\Logs\\");
1105 lstrcatA(eventlogfile
, eventlogname
);
1106 lstrcatA(eventlogfile
, ".evtx");
1110 ok(GetFileAttributesA(eventlogfile
) != INVALID_FILE_ATTRIBUTES
,
1111 "Expected an eventlog file\n");
1113 if (pWow64RevertWow64FsRedirection
)
1114 pWow64RevertWow64FsRedirection(redir
);
1117 static void cleanup_eventlog(void)
1123 char winesvc
[MAX_PATH
];
1125 /* Delete the registry tree */
1126 lstrcpyA(winesvc
, eventlogsvc
);
1127 lstrcatA(winesvc
, "\\");
1128 lstrcatA(winesvc
, eventlogname
);
1130 RegOpenKeyA(HKEY_LOCAL_MACHINE
, winesvc
, &key
);
1131 for (i
= 0; i
< sizeof(eventsources
)/sizeof(eventsources
[0]); i
++)
1132 RegDeleteKeyA(key
, eventsources
[i
]);
1133 RegDeleteValueA(key
, "Sources");
1135 lret
= RegDeleteKeyA(HKEY_LOCAL_MACHINE
, winesvc
);
1136 ok(lret
== ERROR_SUCCESS
, "Could not delete the registry tree : %d\n", lret
);
1138 /* A handle to the eventlog is locked by services.exe. We can only
1139 * delete the eventlog file after reboot.
1141 bret
= MoveFileExA(eventlogfile
, NULL
, MOVEFILE_DELAY_UNTIL_REBOOT
);
1142 ok(bret
, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1145 START_TEST(eventlog
)
1147 SetLastError(0xdeadbeef);
1148 CloseEventLog(NULL
);
1149 if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED
)
1151 win_skip("Event log functions are not implemented\n");
1155 init_function_pointers();
1157 /* Parameters only */
1167 /* Functional tests */
1168 if (create_new_eventlog())
1171 test_autocreation();