projects / reactos.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[TFTPD] Fix compilation, and use the #define MAX_SERVERS where needed instead of...
[reactos.git] / base / services / eventlog / eventlog.c
diff --git a/base/services/eventlog/eventlog.c b/base/services/eventlog/eventlog.c
index d6ce730..4e29c2e 100644 (file)
--- a/base/services/eventlog/eventlog.c
+++ b/base/services/eventlog/eventlog.c
@@ -1,16 +1,16 @@
 /*
- * PROJECT:          ReactOS kernel
- * LICENSE:          GPL - See COPYING in the top level directory
- * FILE:             services/eventlog/eventlog.c
- * PURPOSE:          Event logging service
- * COPYRIGHT:        Copyright 2002 Eric Kohl
- *                   Copyright 2005 Saveliy Tretiakov
+ * PROJECT:         ReactOS EventLog Service
+ * LICENSE:         GPL - See COPYING in the top level directory
+ * FILE:            base/services/eventlog/eventlog.c
+ * PURPOSE:         Event logging service
+ * COPYRIGHT:       Copyright 2002 Eric Kohl
+ *                  Copyright 2005 Saveliy Tretiakov
+ *                  Hermes Belusca-Maito
  */
 
 /* INCLUDES *****************************************************************/
 
 #include "eventlog.h"
-
 #include <stdio.h>
 #include <netevent.h>
 
@@ -19,7 +19,7 @@
 
 /* GLOBALS ******************************************************************/
 
-static VOID CALLBACK ServiceMain(DWORD, LPWSTR *);
+static VOID CALLBACK ServiceMain(DWORD, LPWSTR*);
 static WCHAR ServiceName[] = L"EventLog";
 static SERVICE_TABLE_ENTRYW ServiceTable[2] =
 {
@@ -30,8 +30,9 @@ static SERVICE_TABLE_ENTRYW ServiceTable[2] =
 SERVICE_STATUS ServiceStatus;
 SERVICE_STATUS_HANDLE ServiceStatusHandle;
 
-BOOL onLiveCD = FALSE;  // On livecd events will go to debug output only
-HANDLE MyHeap = NULL;
+BOOL onLiveCD = FALSE;  // On LiveCD events will go to debug output only
+
+PEVENTSOURCE EventLogSource = NULL;
 
 /* FUNCTIONS ****************************************************************/
 
@@ -74,7 +75,6 @@ ServiceControlHandler(DWORD dwControl,
                             0,
                             EVENT_EventlogStopped, 0, NULL, 0, NULL);
 
-
             /* Stop listening to incoming RPC messages */
             RpcMgmtStopServerListening(NULL);
             UpdateServiceStatus(SERVICE_STOPPED);
@@ -120,15 +120,13 @@ ServiceInit(VOID)
 
     hThread = CreateThread(NULL,
                            0,
-                           (LPTHREAD_START_ROUTINE)
-                            PortThreadRoutine,
+                           (LPTHREAD_START_ROUTINE)PortThreadRoutine,
                            NULL,
                            0,
                            NULL);
-
     if (!hThread)
     {
-        DPRINT("Can't create PortThread\n");
+        DPRINT("Cannot create PortThread\n");
         return GetLastError();
     }
     else
@@ -136,15 +134,14 @@ ServiceInit(VOID)
 
     hThread = CreateThread(NULL,
                            0,
-                           (LPTHREAD_START_ROUTINE)
-                            RpcThreadRoutine,
+                           RpcThreadRoutine,
                            NULL,
                            0,
                            NULL);
 
     if (!hThread)
     {
-        DPRINT("Can't create RpcThread\n");
+        DPRINT("Cannot create RpcThread\n");
         return GetLastError();
     }
     else
@@ -159,51 +156,63 @@ ReportProductInfoEvent(VOID)
 {
     OSVERSIONINFOW versionInfo;
     WCHAR szBuffer[512];
-    DWORD dwLength;
+    PWSTR str;
+    size_t cchRemain;
     HKEY hKey;
     DWORD dwValueLength;
     DWORD dwType;
     LONG lResult = ERROR_SUCCESS;
 
-    ZeroMemory(&versionInfo, sizeof(OSVERSIONINFO));
-    versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+    ZeroMemory(&versionInfo, sizeof(versionInfo));
+    versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
 
     /* Get version information */
     if (!GetVersionExW(&versionInfo))
         return;
 
-    ZeroMemory(szBuffer, 512 * sizeof(WCHAR));
-
-    /* Write version into the buffer */
-    dwLength = swprintf(szBuffer,
-                        L"%lu.%lu",
-                        versionInfo.dwMajorVersion,
-                        versionInfo.dwMinorVersion) + 1;
-
-    /* Write build number into the buffer */
-    dwLength += swprintf(&szBuffer[dwLength],
-                         L"%lu",
-                         versionInfo.dwBuildNumber) + 1;
-
-    /* Write service pack info into the buffer */
-    wcscpy(&szBuffer[dwLength], versionInfo.szCSDVersion);
-    dwLength += wcslen(versionInfo.szCSDVersion) + 1;
+    ZeroMemory(szBuffer, sizeof(szBuffer));
+    str = szBuffer;
+    cchRemain = ARRAYSIZE(szBuffer);
+
+    /* Write the version number into the buffer */
+    StringCchPrintfExW(str, cchRemain,
+                       &str, &cchRemain, 0,
+                       L"%lu.%lu",
+                       versionInfo.dwMajorVersion,
+                       versionInfo.dwMinorVersion);
+    str++;
+    cchRemain++;
+
+    /* Write the build number into the buffer */
+    StringCchPrintfExW(str, cchRemain,
+                       &str, &cchRemain, 0,
+                       L"%lu",
+                       versionInfo.dwBuildNumber);
+    str++;
+    cchRemain++;
+
+    /* Write the service pack info into the buffer */
+    StringCchCopyExW(str, cchRemain,
+                     versionInfo.szCSDVersion,
+                     &str, &cchRemain, 0);
+    str++;
+    cchRemain++;
 
     /* Read 'CurrentType' from the registry and write it into the buffer */
-    lResult = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
-                           L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
-                           0,
-                           KEY_QUERY_VALUE,
-                           &hKey);
+    lResult = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
+                            L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
+                            0,
+                            KEY_QUERY_VALUE,
+                            &hKey);
     if (lResult == ERROR_SUCCESS)
     {
-        dwValueLength = 512 - dwLength;
-        lResult = RegQueryValueEx(hKey,
-                                  L"CurrentType",
-                                  NULL,
-                                  &dwType,
-                                  (LPBYTE)&szBuffer[dwLength],
-                                  &dwValueLength);
+        dwValueLength = cchRemain;
+        lResult = RegQueryValueExW(hKey,
+                                   L"CurrentType",
+                                   NULL,
+                                   &dwType,
+                                   (LPBYTE)str,
+                                   &dwValueLength);
 
         RegCloseKey(hKey);
     }
@@ -221,7 +230,7 @@ ReportProductInfoEvent(VOID)
 
 static VOID CALLBACK
 ServiceMain(DWORD argc,
-            LPWSTR *argv)
+            LPWSTRargv)
 {
     DWORD dwError;
 
@@ -268,144 +277,197 @@ ServiceMain(DWORD argc,
 }
 
 
-PLOGFILE LoadLogFile(HKEY hKey, WCHAR * LogName)
+static PLOGFILE
+LoadLogFile(HKEY hKey, PWSTR LogName)
 {
     DWORD MaxValueLen, ValueLen, Type, ExpandedLen;
-    WCHAR *Buf = NULL, *Expanded = NULL;
+    PWSTR Buf = NULL, Expanded = NULL;
     LONG Result;
     PLOGFILE pLogf = NULL;
     UNICODE_STRING FileName;
     ULONG ulMaxSize, ulRetention;
     NTSTATUS Status;
 
-    DPRINT("LoadLogFile: %S\n", LogName);
+    DPRINT("LoadLogFile: `%S'\n", LogName);
 
-    RegQueryInfoKey(hKey, NULL, NULL, NULL, NULL, NULL, NULL,
-                    NULL, NULL, &MaxValueLen, NULL, NULL);
-
-    Buf = HeapAlloc(MyHeap, 0, MaxValueLen);
-    if (!Buf)
+    Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, NULL, NULL, NULL,
+                              NULL, NULL, &MaxValueLen, NULL, NULL);
+    if (Result != ERROR_SUCCESS)
     {
-        DPRINT1("Can't allocate heap!\n");
+        DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
         return NULL;
     }
 
-    ValueLen = MaxValueLen;
-
-    Result = RegQueryValueEx(hKey,
-                             L"File",
-                             NULL,
-                             &Type,
-                             (LPBYTE) Buf,
-                             &ValueLen);
-    if (Result != ERROR_SUCCESS)
+    MaxValueLen = ROUND_DOWN(MaxValueLen, sizeof(WCHAR));
+    Buf = HeapAlloc(GetProcessHeap(), 0, MaxValueLen);
+    if (!Buf)
     {
-        DPRINT1("RegQueryValueEx failed: %lu\n", GetLastError());
-        HeapFree(MyHeap, 0, Buf);
+        DPRINT1("Cannot allocate heap!\n");
         return NULL;
     }
 
-    if (Type != REG_EXPAND_SZ && Type != REG_SZ)
+    ValueLen = MaxValueLen;
+    Result = RegQueryValueExW(hKey,
+                              L"File",
+                              NULL,
+                              &Type,
+                              (LPBYTE)Buf,
+                              &ValueLen);
+    /*
+     * If we failed, because the registry value was inexistent
+     * or the value type was incorrect, create a new "File" value
+     * that holds the default event log path.
+     */
+    if ((Result != ERROR_SUCCESS) || (Type != REG_EXPAND_SZ && Type != REG_SZ))
     {
-        DPRINT1("%S\\File - value of wrong type %x.\n", LogName, Type);
-        HeapFree(MyHeap, 0, Buf);
-        return NULL;
+        MaxValueLen = (wcslen(L"%SystemRoot%\\System32\\Config\\") +
+                       wcslen(LogName) + wcslen(L".evt") + 1) * sizeof(WCHAR);
+
+        Expanded = HeapReAlloc(GetProcessHeap(), 0, Buf, MaxValueLen);
+        if (!Expanded)
+        {
+            DPRINT1("Cannot reallocate heap!\n");
+            HeapFree(GetProcessHeap(), 0, Buf);
+            return NULL;
+        }
+        Buf = Expanded;
+
+        StringCbCopyW(Buf, MaxValueLen, L"%SystemRoot%\\System32\\Config\\");
+        StringCbCatW(Buf, MaxValueLen, LogName);
+        StringCbCatW(Buf, MaxValueLen, L".evt");
+
+        ValueLen = MaxValueLen;
+        Result = RegSetValueExW(hKey,
+                                L"File",
+                                0,
+                                REG_EXPAND_SZ,
+                                (LPBYTE)Buf,
+                                ValueLen);
+        if (Result != ERROR_SUCCESS)
+        {
+            DPRINT1("RegSetValueExW failed: %lu\n", Result);
+            HeapFree(GetProcessHeap(), 0, Buf);
+            return NULL;
+        }
     }
 
-    ExpandedLen = ExpandEnvironmentStrings(Buf, NULL, 0);
-    Expanded = HeapAlloc(MyHeap, 0, ExpandedLen * sizeof(WCHAR));
+    ExpandedLen = ExpandEnvironmentStringsW(Buf, NULL, 0);
+    Expanded = HeapAlloc(GetProcessHeap(), 0, ExpandedLen * sizeof(WCHAR));
     if (!Expanded)
     {
-        DPRINT1("Can't allocate heap!\n");
-        HeapFree(MyHeap, 0, Buf);
+        DPRINT1("Cannot allocate heap!\n");
+        HeapFree(GetProcessHeap(), 0, Buf);
         return NULL;
     }
 
-    ExpandEnvironmentStrings(Buf, Expanded, ExpandedLen);
+    ExpandEnvironmentStringsW(Buf, Expanded, ExpandedLen);
 
-    if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName,
-                                      NULL, NULL))
+    if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName, NULL, NULL))
     {
-        DPRINT1("Can't convert path!\n");
-        HeapFree(MyHeap, 0, Expanded);
-        HeapFree(MyHeap, 0, Buf);
+        DPRINT1("Cannot convert path!\n");
+        HeapFree(GetProcessHeap(), 0, Expanded);
+        HeapFree(GetProcessHeap(), 0, Buf);
         return NULL;
     }
 
     DPRINT("%S -> %S\n", Buf, Expanded);
 
-    ValueLen = sizeof(ULONG);
-    Result = RegQueryValueEx(hKey,
-                             L"MaxSize",
-                             NULL,
-                             &Type,
-                             (LPBYTE)&ulMaxSize,
-                             &ValueLen);
-    if (Result != ERROR_SUCCESS)
+    ValueLen = sizeof(ulMaxSize);
+    Result = RegQueryValueExW(hKey,
+                              L"MaxSize",
+                              NULL,
+                              &Type,
+                              (LPBYTE)&ulMaxSize,
+                              &ValueLen);
+    if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
+    {
         ulMaxSize = 512 * 1024; /* 512 kBytes */
 
-    ValueLen = sizeof(ULONG);
-    Result = RegQueryValueEx(hKey,
-                             L"Retention",
-                             NULL,
-                             &Type,
-                             (LPBYTE)&ulRetention,
-                             &ValueLen);
-    if (Result != ERROR_SUCCESS)
+        Result = RegSetValueExW(hKey,
+                                L"MaxSize",
+                                0,
+                                REG_DWORD,
+                                (LPBYTE)&ulMaxSize,
+                                sizeof(ulMaxSize));
+    }
+
+    ValueLen = sizeof(ulRetention);
+    Result = RegQueryValueExW(hKey,
+                              L"Retention",
+                              NULL,
+                              &Type,
+                              (LPBYTE)&ulRetention,
+                              &ValueLen);
+    if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
+    {
+        /* On Windows 2003 it is 604800 (secs) == 7 days */
         ulRetention = 0;
 
+        Result = RegSetValueExW(hKey,
+                                L"Retention",
+                                0,
+                                REG_DWORD,
+                                (LPBYTE)&ulRetention,
+                                sizeof(ulRetention));
+    }
+
+    // TODO: Add, or use, default values for "AutoBackupLogFiles" (REG_DWORD)
+    // and "CustomSD" (REG_SZ).
+
     Status = LogfCreate(&pLogf, LogName, &FileName, ulMaxSize, ulRetention, TRUE, FALSE);
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("Failed to create %S! (Status %08lx)\n", Expanded, Status);
     }
 
-    HeapFree(MyHeap, 0, Buf);
-    HeapFree(MyHeap, 0, Expanded);
+    HeapFree(GetProcessHeap(), 0, Expanded);
+    HeapFree(GetProcessHeap(), 0, Buf);
     return pLogf;
 }
 
-BOOL LoadLogFiles(HKEY eventlogKey)
+static BOOL
+LoadLogFiles(HKEY eventlogKey)
 {
-    LONG result;
+    LONG Result;
     DWORD MaxLognameLen, LognameLen;
-    WCHAR *Buf = NULL;
-    INT i;
+    DWORD dwIndex;
+    PWSTR Buf = NULL;
     PLOGFILE pLogFile;
 
-    RegQueryInfoKey(eventlogKey,
-                    NULL, NULL, NULL, NULL,
-                    &MaxLognameLen,
-                    NULL, NULL, NULL, NULL, NULL, NULL);
+    Result = RegQueryInfoKeyW(eventlogKey, NULL, NULL, NULL, NULL, &MaxLognameLen,
+                              NULL, NULL, NULL, NULL, NULL, NULL);
+    if (Result != ERROR_SUCCESS)
+    {
+        DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
+        return FALSE;
+    }
 
     MaxLognameLen++;
 
-    Buf = HeapAlloc(MyHeap, 0, MaxLognameLen * sizeof(WCHAR));
-
+    Buf = HeapAlloc(GetProcessHeap(), 0, MaxLognameLen * sizeof(WCHAR));
     if (!Buf)
     {
-        DPRINT1("Error: can't allocate heap!\n");
+        DPRINT1("Error: cannot allocate heap!\n");
         return FALSE;
     }
 
-    i = 0;
     LognameLen = MaxLognameLen;
-
-    while (RegEnumKeyEx(eventlogKey,
-                        i,
-                        Buf,
-                        &LognameLen,
-                        NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
+    dwIndex = 0;
+    while (RegEnumKeyExW(eventlogKey,
+                         dwIndex,
+                         Buf,
+                         &LognameLen,
+                         NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
     {
         HKEY SubKey;
 
         DPRINT("%S\n", Buf);
 
-        result = RegOpenKeyEx(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
-        if (result != ERROR_SUCCESS)
+        Result = RegOpenKeyExW(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
+        if (Result != ERROR_SUCCESS)
         {
             DPRINT1("Failed to open %S key.\n", Buf);
-            HeapFree(MyHeap, 0, Buf);
+            HeapFree(GetProcessHeap(), 0, Buf);
             return FALSE;
         }
 
@@ -421,51 +483,43 @@ BOOL LoadLogFiles(HKEY eventlogKey)
         }
 
         RegCloseKey(SubKey);
+
         LognameLen = MaxLognameLen;
-        i++;
+        dwIndex++;
     }
 
-    HeapFree(MyHeap, 0, Buf);
+    HeapFree(GetProcessHeap(), 0, Buf);
     return TRUE;
 }
 
-INT wmain()
+
+int wmain(int argc, WCHAR* argv[])
 {
-    WCHAR LogPath[MAX_PATH];
     INT RetCode = 0;
-    LONG result;
+    LONG Result;
     HKEY elogKey;
+    WCHAR LogPath[MAX_PATH];
 
     LogfListInitialize();
     InitEventSourceList();
 
-    MyHeap = HeapCreate(0, 1024 * 256, 0);
-
-    if (!MyHeap)
-    {
-        DPRINT1("FATAL ERROR, can't create heap.\n");
-        RetCode = 1;
-        goto bye_bye;
-    }
-
-    GetWindowsDirectory(LogPath, MAX_PATH);
+    GetSystemWindowsDirectoryW(LogPath, ARRAYSIZE(LogPath));
 
-    if (GetDriveType(LogPath) == DRIVE_CDROM)
+    if (GetDriveTypeW(LogPath) == DRIVE_CDROM)
     {
         DPRINT("LiveCD detected\n");
         onLiveCD = TRUE;
     }
     else
     {
-        result = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
-                              L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
-                              0,
-                              KEY_ALL_ACCESS,
-                              &elogKey);
-
-        if (result != ERROR_SUCCESS)
+        Result = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
+                               L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
+                               0,
+                               KEY_ALL_ACCESS,
+                               &elogKey);
+        if (Result != ERROR_SUCCESS)
         {
-            DPRINT1("Fatal error: can't open eventlog registry key.\n");
+            DPRINT1("Fatal error: cannot open eventlog registry key.\n");
             RetCode = 1;
             goto bye_bye;
         }
@@ -473,140 +527,94 @@ INT wmain()
         LoadLogFiles(elogKey);
     }
 
+    EventLogSource = GetEventSourceByName(L"EventLog");
+    if (!EventLogSource)
+    {
+        DPRINT1("The 'EventLog' source is unavailable. The EventLog service will not be able to log its own events.\n");
+    }
+
     StartServiceCtrlDispatcher(ServiceTable);
 
-  bye_bye:
+bye_bye:
     LogfCloseAll();
 
-    if (MyHeap)
-        HeapDestroy(MyHeap);
-
     return RetCode;
 }
 
-VOID EventTimeToSystemTime(DWORD EventTime, SYSTEMTIME * pSystemTime)
-{
-    SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
-    FILETIME ftLocal;
-    union
-    {
-        FILETIME ft;
-        ULONGLONG ll;
-    } u1970, uUCT;
-
-    uUCT.ft.dwHighDateTime = 0;
-    uUCT.ft.dwLowDateTime = EventTime;
-    SystemTimeToFileTime(&st1970, &u1970.ft);
-    uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
-    FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
-    FileTimeToSystemTime(&ftLocal, pSystemTime);
-}
-
-VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, DWORD * pEventTime)
-{
-    SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
-    union
-    {
-        FILETIME ft;
-        ULONGLONG ll;
-    } Time, u1970;
-
-    SystemTimeToFileTime(pSystemTime, &Time.ft);
-    SystemTimeToFileTime(&st1970, &u1970.ft);
-    *pEventTime = (DWORD)((Time.ll - u1970.ll) / 10000000ull);
-}
-
-VOID PRINT_HEADER(PEVENTLOGHEADER header)
-{
-    DPRINT("HeaderSize = %lu\n", header->HeaderSize);
-    DPRINT("Signature = 0x%x\n", header->Signature);
-    DPRINT("MajorVersion = %lu\n", header->MajorVersion);
-    DPRINT("MinorVersion = %lu\n", header->MinorVersion);
-    DPRINT("StartOffset = %lu\n", header->StartOffset);
-    DPRINT("EndOffset = 0x%x\n", header->EndOffset);
-    DPRINT("CurrentRecordNumber = %lu\n", header->CurrentRecordNumber);
-    DPRINT("OldestRecordNumber = %lu\n", header->OldestRecordNumber);
-    DPRINT("MaxSize = 0x%x\n", header->MaxSize);
-    DPRINT("Retention = 0x%x\n", header->Retention);
-    DPRINT("EndHeaderSize = %lu\n", header->EndHeaderSize);
-    DPRINT("Flags: ");
-    if (header->Flags & ELF_LOGFILE_HEADER_DIRTY)  DPRINT("ELF_LOGFILE_HEADER_DIRTY");
-    if (header->Flags & ELF_LOGFILE_HEADER_WRAP)  DPRINT("| ELF_LOGFILE_HEADER_WRAP ");
-    if (header->Flags & ELF_LOGFILE_LOGFULL_WRITTEN)  DPRINT("| ELF_LOGFILE_LOGFULL_WRITTEN ");
-    if (header->Flags & ELF_LOGFILE_ARCHIVE_SET)  DPRINT("| ELF_LOGFILE_ARCHIVE_SET ");
-    DPRINT("\n");
-}
-
 VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
 {
     UINT i;
-    WCHAR *str;
-    SYSTEMTIME time;
+    PWSTR str;
+    LARGE_INTEGER SystemTime;
+    TIME_FIELDS Time;
 
-    DPRINT("Length = %lu\n", pRec->Length);
-    DPRINT("Reserved = 0x%x\n", pRec->Reserved);
-    DPRINT("RecordNumber = %lu\n", pRec->RecordNumber);
+    DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
 
-    EventTimeToSystemTime(pRec->TimeGenerated, &time);
-    DPRINT("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
-           time.wDay, time.wMonth, time.wYear,
-           time.wHour, time.wMinute, time.wSecond);
+    DbgPrint("Length = %lu\n", pRec->Length);
+    DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
+    DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
 
-    EventTimeToSystemTime(pRec->TimeWritten, &time);
-    DPRINT("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
-           time.wDay, time.wMonth, time.wYear,
-           time.wHour, time.wMinute, time.wSecond);
+    RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
+    RtlTimeToTimeFields(&SystemTime, &Time);
+    DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
+             Time.Day, Time.Month, Time.Year,
+             Time.Hour, Time.Minute, Time.Second);
 
-    DPRINT("EventID = %lu\n", pRec->EventID);
+    RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
+    RtlTimeToTimeFields(&SystemTime, &Time);
+    DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
+             Time.Day, Time.Month, Time.Year,
+             Time.Hour, Time.Minute, Time.Second);
+
+    DbgPrint("EventID = %lu\n", pRec->EventID);
 
     switch (pRec->EventType)
     {
         case EVENTLOG_ERROR_TYPE:
-            DPRINT("EventType = EVENTLOG_ERROR_TYPE\n");
+            DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
             break;
         case EVENTLOG_WARNING_TYPE:
-            DPRINT("EventType = EVENTLOG_WARNING_TYPE\n");
+            DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
             break;
         case EVENTLOG_INFORMATION_TYPE:
-            DPRINT("EventType = EVENTLOG_INFORMATION_TYPE\n");
+            DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
             break;
         case EVENTLOG_AUDIT_SUCCESS:
-            DPRINT("EventType = EVENTLOG_AUDIT_SUCCESS\n");
+            DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
             break;
         case EVENTLOG_AUDIT_FAILURE:
-            DPRINT("EventType = EVENTLOG_AUDIT_FAILURE\n");
+            DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
             break;
         default:
-            DPRINT("EventType = %hu\n", pRec->EventType);
+            DbgPrint("EventType = %hu\n", pRec->EventType);
     }
 
-    DPRINT("NumStrings = %hu\n", pRec->NumStrings);
-    DPRINT("EventCategory = %hu\n", pRec->EventCategory);
-    DPRINT("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
-    DPRINT("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
-    DPRINT("StringOffset = %lu\n", pRec->StringOffset);
-    DPRINT("UserSidLength = %lu\n", pRec->UserSidLength);
-    DPRINT("UserSidOffset = %lu\n", pRec->UserSidOffset);
-    DPRINT("DataLength = %lu\n", pRec->DataLength);
-    DPRINT("DataOffset = %lu\n", pRec->DataOffset);
-
-    DPRINT("SourceName: %S\n", (WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD)));
+    DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
+    DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
+    DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
+    DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
+    DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
+    DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
+    DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
+    DbgPrint("DataLength = %lu\n", pRec->DataLength);
+    DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
 
-    i = (lstrlenW((WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD))) + 1) *
-        sizeof(WCHAR);
+    i = sizeof(EVENTLOGRECORD);
+    DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
 
-    DPRINT("ComputerName: %S\n", (WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD) + i));
+    i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
+    DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
 
     if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
     {
-        DPRINT("Strings:\n");
-        str = (WCHAR *) (((PBYTE) pRec) + pRec->StringOffset);
+        DbgPrint("Strings:\n");
+        str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
         for (i = 0; i < pRec->NumStrings; i++)
         {
-            DPRINT("[%u] %S\n", i, str);
-            str = str + lstrlenW(str) + 1;
+            DbgPrint("[%u] %S\n", i, str);
+            str += wcslen(str) + 1;
         }
     }
 
-    DPRINT("Length2 = %lu\n", *(PDWORD) (((PBYTE) pRec) + pRec->Length - 4));
+    DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
 }
A free Windows-compatible Operating System