projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[DELAYIMP] Fix 2 Clang-Cl warnings about __pfnDliNotifyHook2Default and __pfnDliFailu...
[reactos.git] / sdk / lib / evtlib / evtlib.h
1 /*
2 * PROJECT: ReactOS EventLog File Library
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: sdk/lib/evtlib/evtlib.h
5 * PURPOSE: Provides functionality for reading and writing
6 * EventLog files in the NT <= 5.2 (.evt) format.
7 * PROGRAMMERS: Copyright 2005 Saveliy Tretiakov
8 * Michael Martin
9 * Hermes Belusca-Maito
10 */
11
12 #ifndef __EVTLIB_H__
13 #define __EVTLIB_H__
14
15 #pragma once
16
17 #ifdef __cplusplus
18 extern "C" {
19 #endif
20
21 /* PSDK/NDK Headers */
22 // #define WIN32_NO_STATUS
23 // #include <windef.h>
24 // #include <winbase.h>
25 // #include <winnt.h>
26
27 #define NTOS_MODE_USER
28 #include <ndk/rtlfuncs.h>
29
30 #ifndef ROUND_DOWN
31 #define ROUND_DOWN(n, align) (((ULONG)n) & ~((align) - 1l))
32 #endif
33
34 #ifndef ROUND_UP
35 #define ROUND_UP(n, align) ROUND_DOWN(((ULONG)n) + (align) - 1, (align))
36 #endif
37
38 /*
39 * Our file format will be compatible with NT's
40 */
41 #define MAJORVER 1
42 #define MINORVER 1
43 #define LOGFILE_SIGNATURE 0x654c664c // "LfLe"
44
45 /*
46 * Flags used in the logfile header
47 */
48 #define ELF_LOGFILE_HEADER_DIRTY 1
49 #define ELF_LOGFILE_HEADER_WRAP 2
50 #define ELF_LOGFILE_LOGFULL_WRITTEN 4
51 #define ELF_LOGFILE_ARCHIVE_SET 8
52
53 /*
54 * On-disk event log structures (log file header, event record and EOF record).
55 * NOTE: Contrary to what MSDN claims, both the EVENTLOGHEADER and EVENTLOGEOF
56 * structures are absent from winnt.h .
57 */
58
59 #include <pshpack4.h> // pshpack1
60
61 // ELF_LOGFILE_HEADER
62 typedef struct _EVENTLOGHEADER
63 {
64 ULONG HeaderSize;
65 ULONG Signature;
66 ULONG MajorVersion;
67 ULONG MinorVersion;
68 ULONG StartOffset;
69 ULONG EndOffset;
70 ULONG CurrentRecordNumber;
71 ULONG OldestRecordNumber;
72 ULONG MaxSize;
73 ULONG Flags;
74 ULONG Retention;
75 ULONG EndHeaderSize;
76 } EVENTLOGHEADER, *PEVENTLOGHEADER;
77
78
79 /* Those flags and structure are defined in winnt.h */
80 #ifndef _WINNT_
81
82 /* EventType flags */
83 #define EVENTLOG_SUCCESS 0
84 #define EVENTLOG_ERROR_TYPE 1
85 #define EVENTLOG_WARNING_TYPE 2
86 #define EVENTLOG_INFORMATION_TYPE 4
87 #define EVENTLOG_AUDIT_SUCCESS 8
88 #define EVENTLOG_AUDIT_FAILURE 16
89
90 typedef struct _EVENTLOGRECORD
91 {
92 ULONG Length; /* Length of full record, including the data portion */
93 ULONG Reserved;
94 ULONG RecordNumber;
95 ULONG TimeGenerated;
96 ULONG TimeWritten;
97 ULONG EventID;
98 USHORT EventType;
99 USHORT NumStrings; /* Number of strings in the 'Strings' array */
100 USHORT EventCategory;
101 USHORT ReservedFlags;
102 ULONG ClosingRecordNumber;
103 ULONG StringOffset;
104 ULONG UserSidLength;
105 ULONG UserSidOffset;
106 ULONG DataLength; /* Length of the data portion */
107 ULONG DataOffset; /* Offset from beginning of record */
108 /*
109 * Length-varying data:
110 *
111 * WCHAR SourceName[];
112 * WCHAR ComputerName[];
113 * SID UserSid; // Must be aligned on a DWORD boundary
114 * WCHAR Strings[];
115 * BYTE Data[];
116 * CHAR Pad[]; // Padding for DWORD boundary
117 * ULONG Length; // Same as the first 'Length' member at the beginning
118 */
119 } EVENTLOGRECORD, *PEVENTLOGRECORD;
120
121 #endif // _WINNT_
122
123
124 // ELF_EOF_RECORD
125 typedef struct _EVENTLOGEOF
126 {
127 ULONG RecordSizeBeginning;
128 ULONG Ones;
129 ULONG Twos;
130 ULONG Threes;
131 ULONG Fours;
132 ULONG BeginRecord;
133 ULONG EndRecord;
134 ULONG CurrentRecordNumber;
135 ULONG OldestRecordNumber;
136 ULONG RecordSizeEnd;
137 } EVENTLOGEOF, *PEVENTLOGEOF;
138
139 #define EVENTLOGEOF_SIZE_FIXED (5 * sizeof(ULONG))
140 C_ASSERT(EVENTLOGEOF_SIZE_FIXED == FIELD_OFFSET(EVENTLOGEOF, BeginRecord));
141
142 #include <poppack.h>
143
144
145 typedef struct _EVENT_OFFSET_INFO
146 {
147 ULONG EventNumber;
148 ULONG EventOffset;
149 } EVENT_OFFSET_INFO, *PEVENT_OFFSET_INFO;
150
151 #define TAG_ELF ' flE'
152 #define TAG_ELF_BUF 'BflE'
153
154 struct _EVTLOGFILE;
155
156 typedef PVOID
157 (NTAPI *PELF_ALLOCATE_ROUTINE)(
158 IN SIZE_T Size,
159 IN ULONG Flags,
160 IN ULONG Tag
161 );
162
163 typedef VOID
164 (NTAPI *PELF_FREE_ROUTINE)(
165 IN PVOID Ptr,
166 IN ULONG Flags,
167 IN ULONG Tag
168 );
169
170 typedef NTSTATUS
171 (NTAPI *PELF_FILE_READ_ROUTINE)(
172 IN struct _EVTLOGFILE* LogFile,
173 IN PLARGE_INTEGER FileOffset,
174 OUT PVOID Buffer,
175 IN SIZE_T Length,
176 OUT PSIZE_T ReadLength OPTIONAL
177 );
178
179 typedef NTSTATUS
180 (NTAPI *PELF_FILE_WRITE_ROUTINE)(
181 IN struct _EVTLOGFILE* LogFile,
182 IN PLARGE_INTEGER FileOffset,
183 IN PVOID Buffer,
184 IN SIZE_T Length,
185 OUT PSIZE_T WrittenLength OPTIONAL
186 );
187
188 typedef NTSTATUS
189 (NTAPI *PELF_FILE_SET_SIZE_ROUTINE)(
190 IN struct _EVTLOGFILE* LogFile,
191 IN ULONG FileSize,
192 IN ULONG OldFileSize
193 );
194
195 typedef NTSTATUS
196 (NTAPI *PELF_FILE_FLUSH_ROUTINE)(
197 IN struct _EVTLOGFILE* LogFile,
198 IN PLARGE_INTEGER FileOffset,
199 IN ULONG Length
200 );
201
202 typedef struct _EVTLOGFILE
203 {
204 PELF_ALLOCATE_ROUTINE Allocate;
205 PELF_FREE_ROUTINE Free;
206 PELF_FILE_SET_SIZE_ROUTINE FileSetSize;
207 PELF_FILE_WRITE_ROUTINE FileWrite;
208 PELF_FILE_READ_ROUTINE FileRead;
209 PELF_FILE_FLUSH_ROUTINE FileFlush;
210
211 EVENTLOGHEADER Header;
212 ULONG CurrentSize; /* Equivalent to the file size, is <= MaxSize and can be extended to MaxSize if needed */
213 UNICODE_STRING FileName;
214 PEVENT_OFFSET_INFO OffsetInfo;
215 ULONG OffsetInfoSize;
216 ULONG OffsetInfoNext;
217 BOOLEAN ReadOnly;
218 } EVTLOGFILE, *PEVTLOGFILE;
219
220
221 NTSTATUS
222 NTAPI
223 ElfCreateFile(
224 IN OUT PEVTLOGFILE LogFile,
225 IN PUNICODE_STRING FileName OPTIONAL,
226 IN ULONG FileSize,
227 IN ULONG MaxSize,
228 IN ULONG Retention,
229 IN BOOLEAN CreateNew,
230 IN BOOLEAN ReadOnly,
231 IN PELF_ALLOCATE_ROUTINE Allocate,
232 IN PELF_FREE_ROUTINE Free,
233 IN PELF_FILE_SET_SIZE_ROUTINE FileSetSize,
234 IN PELF_FILE_WRITE_ROUTINE FileWrite,
235 IN PELF_FILE_READ_ROUTINE FileRead,
236 IN PELF_FILE_FLUSH_ROUTINE FileFlush); // What about Seek ??
237
238 NTSTATUS
239 NTAPI
240 ElfReCreateFile(
241 IN PEVTLOGFILE LogFile);
242
243 // NTSTATUS
244 // ElfClearFile(PEVTLOGFILE LogFile);
245
246 NTSTATUS
247 NTAPI
248 ElfBackupFile(
249 IN PEVTLOGFILE LogFile,
250 IN PEVTLOGFILE BackupLogFile);
251
252 NTSTATUS
253 NTAPI
254 ElfFlushFile(
255 IN PEVTLOGFILE LogFile);
256
257 VOID
258 NTAPI
259 ElfCloseFile( // ElfFree
260 IN PEVTLOGFILE LogFile);
261
262 NTSTATUS
263 NTAPI
264 ElfReadRecord(
265 IN PEVTLOGFILE LogFile,
266 IN ULONG RecordNumber,
267 OUT PEVENTLOGRECORD Record,
268 IN SIZE_T BufSize, // Length
269 OUT PSIZE_T BytesRead OPTIONAL,
270 OUT PSIZE_T BytesNeeded OPTIONAL);
271
272 NTSTATUS
273 NTAPI
274 ElfWriteRecord(
275 IN PEVTLOGFILE LogFile,
276 IN PEVENTLOGRECORD Record,
277 IN SIZE_T BufSize);
278
279 ULONG
280 NTAPI
281 ElfGetOldestRecord(
282 IN PEVTLOGFILE LogFile);
283
284 ULONG
285 NTAPI
286 ElfGetCurrentRecord(
287 IN PEVTLOGFILE LogFile);
288
289 ULONG
290 NTAPI
291 ElfGetFlags(
292 IN PEVTLOGFILE LogFile);
293
294 #if DBG
295 VOID PRINT_HEADER(PEVENTLOGHEADER Header);
296 #endif
297
298 #ifdef __cplusplus
299 }
300 #endif
301 #endif /* __EVTLIB_H__ */
A free Windows-compatible Operating System