/*
- * PROJECT: ReactOS kernel
- * LICENSE: GPL - See COPYING in the top level directory
- * FILE: services/eventlog/eventlog.c
- * PURPOSE: Event logging service
- * COPYRIGHT: Copyright 2002 Eric Kohl
- * Copyright 2005 Saveliy Tretiakov
+ * PROJECT: ReactOS EventLog Service
+ * LICENSE: GPL - See COPYING in the top level directory
+ * FILE: base/services/eventlog/eventlog.c
+ * PURPOSE: Event logging service
+ * COPYRIGHT: Copyright 2002 Eric Kohl
+ * Copyright 2005 Saveliy Tretiakov
+ * Hermes Belusca-Maito
*/
/* INCLUDES *****************************************************************/
#include "eventlog.h"
-
#include <stdio.h>
#include <netevent.h>
/* GLOBALS ******************************************************************/
-static VOID CALLBACK ServiceMain(DWORD, LPWSTR *);
+static VOID CALLBACK ServiceMain(DWORD, LPWSTR*);
static WCHAR ServiceName[] = L"EventLog";
static SERVICE_TABLE_ENTRYW ServiceTable[2] =
{
SERVICE_STATUS ServiceStatus;
SERVICE_STATUS_HANDLE ServiceStatusHandle;
-BOOL onLiveCD = FALSE; // On livecd events will go to debug output only
-HANDLE MyHeap = NULL;
+BOOL onLiveCD = FALSE; // On LiveCD events will go to debug output only
+
+PEVENTSOURCE EventLogSource = NULL;
/* FUNCTIONS ****************************************************************/
0,
EVENT_EventlogStopped, 0, NULL, 0, NULL);
-
/* Stop listening to incoming RPC messages */
RpcMgmtStopServerListening(NULL);
UpdateServiceStatus(SERVICE_STOPPED);
hThread = CreateThread(NULL,
0,
- (LPTHREAD_START_ROUTINE)
- PortThreadRoutine,
+ (LPTHREAD_START_ROUTINE)PortThreadRoutine,
NULL,
0,
NULL);
-
if (!hThread)
{
- DPRINT("Can't create PortThread\n");
+ DPRINT("Cannot create PortThread\n");
return GetLastError();
}
else
hThread = CreateThread(NULL,
0,
- (LPTHREAD_START_ROUTINE)
- RpcThreadRoutine,
+ RpcThreadRoutine,
NULL,
0,
NULL);
if (!hThread)
{
- DPRINT("Can't create RpcThread\n");
+ DPRINT("Cannot create RpcThread\n");
return GetLastError();
}
else
{
OSVERSIONINFOW versionInfo;
WCHAR szBuffer[512];
- DWORD dwLength;
+ PWSTR str;
+ size_t cchRemain;
HKEY hKey;
DWORD dwValueLength;
DWORD dwType;
LONG lResult = ERROR_SUCCESS;
- ZeroMemory(&versionInfo, sizeof(OSVERSIONINFO));
- versionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+ ZeroMemory(&versionInfo, sizeof(versionInfo));
+ versionInfo.dwOSVersionInfoSize = sizeof(versionInfo);
/* Get version information */
if (!GetVersionExW(&versionInfo))
return;
- ZeroMemory(szBuffer, 512 * sizeof(WCHAR));
-
- /* Write version into the buffer */
- dwLength = swprintf(szBuffer,
- L"%lu.%lu",
- versionInfo.dwMajorVersion,
- versionInfo.dwMinorVersion) + 1;
-
- /* Write build number into the buffer */
- dwLength += swprintf(&szBuffer[dwLength],
- L"%lu",
- versionInfo.dwBuildNumber) + 1;
-
- /* Write service pack info into the buffer */
- wcscpy(&szBuffer[dwLength], versionInfo.szCSDVersion);
- dwLength += wcslen(versionInfo.szCSDVersion) + 1;
+ ZeroMemory(szBuffer, sizeof(szBuffer));
+ str = szBuffer;
+ cchRemain = ARRAYSIZE(szBuffer);
+
+ /* Write the version number into the buffer */
+ StringCchPrintfExW(str, cchRemain,
+ &str, &cchRemain, 0,
+ L"%lu.%lu",
+ versionInfo.dwMajorVersion,
+ versionInfo.dwMinorVersion);
+ str++;
+ cchRemain++;
+
+ /* Write the build number into the buffer */
+ StringCchPrintfExW(str, cchRemain,
+ &str, &cchRemain, 0,
+ L"%lu",
+ versionInfo.dwBuildNumber);
+ str++;
+ cchRemain++;
+
+ /* Write the service pack info into the buffer */
+ StringCchCopyExW(str, cchRemain,
+ versionInfo.szCSDVersion,
+ &str, &cchRemain, 0);
+ str++;
+ cchRemain++;
/* Read 'CurrentType' from the registry and write it into the buffer */
- lResult = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
- L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
- 0,
- KEY_QUERY_VALUE,
- &hKey);
+ lResult = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
+ L"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
+ 0,
+ KEY_QUERY_VALUE,
+ &hKey);
if (lResult == ERROR_SUCCESS)
{
- dwValueLength = 512 - dwLength;
- lResult = RegQueryValueEx(hKey,
- L"CurrentType",
- NULL,
- &dwType,
- (LPBYTE)&szBuffer[dwLength],
- &dwValueLength);
+ dwValueLength = cchRemain;
+ lResult = RegQueryValueExW(hKey,
+ L"CurrentType",
+ NULL,
+ &dwType,
+ (LPBYTE)str,
+ &dwValueLength);
RegCloseKey(hKey);
}
static VOID CALLBACK
ServiceMain(DWORD argc,
- LPWSTR *argv)
+ LPWSTR* argv)
{
DWORD dwError;
}
-PLOGFILE LoadLogFile(HKEY hKey, WCHAR * LogName)
+static PLOGFILE
+LoadLogFile(HKEY hKey, PWSTR LogName)
{
DWORD MaxValueLen, ValueLen, Type, ExpandedLen;
- WCHAR *Buf = NULL, *Expanded = NULL;
+ PWSTR Buf = NULL, Expanded = NULL;
LONG Result;
PLOGFILE pLogf = NULL;
UNICODE_STRING FileName;
ULONG ulMaxSize, ulRetention;
NTSTATUS Status;
- DPRINT("LoadLogFile: %S\n", LogName);
+ DPRINT("LoadLogFile: `%S'\n", LogName);
- RegQueryInfoKey(hKey, NULL, NULL, NULL, NULL, NULL, NULL,
- NULL, NULL, &MaxValueLen, NULL, NULL);
-
- Buf = HeapAlloc(MyHeap, 0, MaxValueLen);
- if (!Buf)
+ Result = RegQueryInfoKeyW(hKey, NULL, NULL, NULL, NULL, NULL, NULL,
+ NULL, NULL, &MaxValueLen, NULL, NULL);
+ if (Result != ERROR_SUCCESS)
{
- DPRINT1("Can't allocate heap!\n");
+ DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
return NULL;
}
- ValueLen = MaxValueLen;
-
- Result = RegQueryValueEx(hKey,
- L"File",
- NULL,
- &Type,
- (LPBYTE) Buf,
- &ValueLen);
- if (Result != ERROR_SUCCESS)
+ MaxValueLen = ROUND_DOWN(MaxValueLen, sizeof(WCHAR));
+ Buf = HeapAlloc(GetProcessHeap(), 0, MaxValueLen);
+ if (!Buf)
{
- DPRINT1("RegQueryValueEx failed: %lu\n", GetLastError());
- HeapFree(MyHeap, 0, Buf);
+ DPRINT1("Cannot allocate heap!\n");
return NULL;
}
- if (Type != REG_EXPAND_SZ && Type != REG_SZ)
+ ValueLen = MaxValueLen;
+ Result = RegQueryValueExW(hKey,
+ L"File",
+ NULL,
+ &Type,
+ (LPBYTE)Buf,
+ &ValueLen);
+ /*
+ * If we failed, because the registry value was inexistent
+ * or the value type was incorrect, create a new "File" value
+ * that holds the default event log path.
+ */
+ if ((Result != ERROR_SUCCESS) || (Type != REG_EXPAND_SZ && Type != REG_SZ))
{
- DPRINT1("%S\\File - value of wrong type %x.\n", LogName, Type);
- HeapFree(MyHeap, 0, Buf);
- return NULL;
+ MaxValueLen = (wcslen(L"%SystemRoot%\\System32\\Config\\") +
+ wcslen(LogName) + wcslen(L".evt") + 1) * sizeof(WCHAR);
+
+ Expanded = HeapReAlloc(GetProcessHeap(), 0, Buf, MaxValueLen);
+ if (!Expanded)
+ {
+ DPRINT1("Cannot reallocate heap!\n");
+ HeapFree(GetProcessHeap(), 0, Buf);
+ return NULL;
+ }
+ Buf = Expanded;
+
+ StringCbCopyW(Buf, MaxValueLen, L"%SystemRoot%\\System32\\Config\\");
+ StringCbCatW(Buf, MaxValueLen, LogName);
+ StringCbCatW(Buf, MaxValueLen, L".evt");
+
+ ValueLen = MaxValueLen;
+ Result = RegSetValueExW(hKey,
+ L"File",
+ 0,
+ REG_EXPAND_SZ,
+ (LPBYTE)Buf,
+ ValueLen);
+ if (Result != ERROR_SUCCESS)
+ {
+ DPRINT1("RegSetValueExW failed: %lu\n", Result);
+ HeapFree(GetProcessHeap(), 0, Buf);
+ return NULL;
+ }
}
- ExpandedLen = ExpandEnvironmentStrings(Buf, NULL, 0);
- Expanded = HeapAlloc(MyHeap, 0, ExpandedLen * sizeof(WCHAR));
+ ExpandedLen = ExpandEnvironmentStringsW(Buf, NULL, 0);
+ Expanded = HeapAlloc(GetProcessHeap(), 0, ExpandedLen * sizeof(WCHAR));
if (!Expanded)
{
- DPRINT1("Can't allocate heap!\n");
- HeapFree(MyHeap, 0, Buf);
+ DPRINT1("Cannot allocate heap!\n");
+ HeapFree(GetProcessHeap(), 0, Buf);
return NULL;
}
- ExpandEnvironmentStrings(Buf, Expanded, ExpandedLen);
+ ExpandEnvironmentStringsW(Buf, Expanded, ExpandedLen);
- if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName,
- NULL, NULL))
+ if (!RtlDosPathNameToNtPathName_U(Expanded, &FileName, NULL, NULL))
{
- DPRINT1("Can't convert path!\n");
- HeapFree(MyHeap, 0, Expanded);
- HeapFree(MyHeap, 0, Buf);
+ DPRINT1("Cannot convert path!\n");
+ HeapFree(GetProcessHeap(), 0, Expanded);
+ HeapFree(GetProcessHeap(), 0, Buf);
return NULL;
}
DPRINT("%S -> %S\n", Buf, Expanded);
- ValueLen = sizeof(ULONG);
- Result = RegQueryValueEx(hKey,
- L"MaxSize",
- NULL,
- &Type,
- (LPBYTE)&ulMaxSize,
- &ValueLen);
- if (Result != ERROR_SUCCESS)
+ ValueLen = sizeof(ulMaxSize);
+ Result = RegQueryValueExW(hKey,
+ L"MaxSize",
+ NULL,
+ &Type,
+ (LPBYTE)&ulMaxSize,
+ &ValueLen);
+ if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
+ {
ulMaxSize = 512 * 1024; /* 512 kBytes */
- ValueLen = sizeof(ULONG);
- Result = RegQueryValueEx(hKey,
- L"Retention",
- NULL,
- &Type,
- (LPBYTE)&ulRetention,
- &ValueLen);
- if (Result != ERROR_SUCCESS)
+ Result = RegSetValueExW(hKey,
+ L"MaxSize",
+ 0,
+ REG_DWORD,
+ (LPBYTE)&ulMaxSize,
+ sizeof(ulMaxSize));
+ }
+
+ ValueLen = sizeof(ulRetention);
+ Result = RegQueryValueExW(hKey,
+ L"Retention",
+ NULL,
+ &Type,
+ (LPBYTE)&ulRetention,
+ &ValueLen);
+ if ((Result != ERROR_SUCCESS) || (Type != REG_DWORD))
+ {
+ /* On Windows 2003 it is 604800 (secs) == 7 days */
ulRetention = 0;
+ Result = RegSetValueExW(hKey,
+ L"Retention",
+ 0,
+ REG_DWORD,
+ (LPBYTE)&ulRetention,
+ sizeof(ulRetention));
+ }
+
+ // TODO: Add, or use, default values for "AutoBackupLogFiles" (REG_DWORD)
+ // and "CustomSD" (REG_SZ).
+
Status = LogfCreate(&pLogf, LogName, &FileName, ulMaxSize, ulRetention, TRUE, FALSE);
if (!NT_SUCCESS(Status))
{
DPRINT1("Failed to create %S! (Status %08lx)\n", Expanded, Status);
}
- HeapFree(MyHeap, 0, Buf);
- HeapFree(MyHeap, 0, Expanded);
+ HeapFree(GetProcessHeap(), 0, Expanded);
+ HeapFree(GetProcessHeap(), 0, Buf);
return pLogf;
}
-BOOL LoadLogFiles(HKEY eventlogKey)
+static BOOL
+LoadLogFiles(HKEY eventlogKey)
{
- LONG result;
+ LONG Result;
DWORD MaxLognameLen, LognameLen;
- WCHAR *Buf = NULL;
- INT i;
+ DWORD dwIndex;
+ PWSTR Buf = NULL;
PLOGFILE pLogFile;
- RegQueryInfoKey(eventlogKey,
- NULL, NULL, NULL, NULL,
- &MaxLognameLen,
- NULL, NULL, NULL, NULL, NULL, NULL);
+ Result = RegQueryInfoKeyW(eventlogKey, NULL, NULL, NULL, NULL, &MaxLognameLen,
+ NULL, NULL, NULL, NULL, NULL, NULL);
+ if (Result != ERROR_SUCCESS)
+ {
+ DPRINT1("RegQueryInfoKeyW failed: %lu\n", Result);
+ return FALSE;
+ }
MaxLognameLen++;
- Buf = HeapAlloc(MyHeap, 0, MaxLognameLen * sizeof(WCHAR));
-
+ Buf = HeapAlloc(GetProcessHeap(), 0, MaxLognameLen * sizeof(WCHAR));
if (!Buf)
{
- DPRINT1("Error: can't allocate heap!\n");
+ DPRINT1("Error: cannot allocate heap!\n");
return FALSE;
}
- i = 0;
LognameLen = MaxLognameLen;
-
- while (RegEnumKeyEx(eventlogKey,
- i,
- Buf,
- &LognameLen,
- NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
+ dwIndex = 0;
+ while (RegEnumKeyExW(eventlogKey,
+ dwIndex,
+ Buf,
+ &LognameLen,
+ NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
HKEY SubKey;
DPRINT("%S\n", Buf);
- result = RegOpenKeyEx(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
- if (result != ERROR_SUCCESS)
+ Result = RegOpenKeyExW(eventlogKey, Buf, 0, KEY_ALL_ACCESS, &SubKey);
+ if (Result != ERROR_SUCCESS)
{
DPRINT1("Failed to open %S key.\n", Buf);
- HeapFree(MyHeap, 0, Buf);
+ HeapFree(GetProcessHeap(), 0, Buf);
return FALSE;
}
}
RegCloseKey(SubKey);
+
LognameLen = MaxLognameLen;
- i++;
+ dwIndex++;
}
- HeapFree(MyHeap, 0, Buf);
+ HeapFree(GetProcessHeap(), 0, Buf);
return TRUE;
}
-INT wmain()
+
+int wmain(int argc, WCHAR* argv[])
{
- WCHAR LogPath[MAX_PATH];
INT RetCode = 0;
- LONG result;
+ LONG Result;
HKEY elogKey;
+ WCHAR LogPath[MAX_PATH];
LogfListInitialize();
InitEventSourceList();
- MyHeap = HeapCreate(0, 1024 * 256, 0);
-
- if (!MyHeap)
- {
- DPRINT1("FATAL ERROR, can't create heap.\n");
- RetCode = 1;
- goto bye_bye;
- }
-
- GetWindowsDirectory(LogPath, MAX_PATH);
+ GetSystemWindowsDirectoryW(LogPath, ARRAYSIZE(LogPath));
- if (GetDriveType(LogPath) == DRIVE_CDROM)
+ if (GetDriveTypeW(LogPath) == DRIVE_CDROM)
{
DPRINT("LiveCD detected\n");
onLiveCD = TRUE;
}
else
{
- result = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
- L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
- 0,
- KEY_ALL_ACCESS,
- &elogKey);
-
- if (result != ERROR_SUCCESS)
+ Result = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
+ L"SYSTEM\\CurrentControlSet\\Services\\EventLog",
+ 0,
+ KEY_ALL_ACCESS,
+ &elogKey);
+ if (Result != ERROR_SUCCESS)
{
- DPRINT1("Fatal error: can't open eventlog registry key.\n");
+ DPRINT1("Fatal error: cannot open eventlog registry key.\n");
RetCode = 1;
goto bye_bye;
}
LoadLogFiles(elogKey);
}
+ EventLogSource = GetEventSourceByName(L"EventLog");
+ if (!EventLogSource)
+ {
+ DPRINT1("The 'EventLog' source is unavailable. The EventLog service will not be able to log its own events.\n");
+ }
+
StartServiceCtrlDispatcher(ServiceTable);
- bye_bye:
+bye_bye:
LogfCloseAll();
- if (MyHeap)
- HeapDestroy(MyHeap);
-
return RetCode;
}
-VOID EventTimeToSystemTime(DWORD EventTime, SYSTEMTIME * pSystemTime)
-{
- SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
- FILETIME ftLocal;
- union
- {
- FILETIME ft;
- ULONGLONG ll;
- } u1970, uUCT;
-
- uUCT.ft.dwHighDateTime = 0;
- uUCT.ft.dwLowDateTime = EventTime;
- SystemTimeToFileTime(&st1970, &u1970.ft);
- uUCT.ll = uUCT.ll * 10000000 + u1970.ll;
- FileTimeToLocalFileTime(&uUCT.ft, &ftLocal);
- FileTimeToSystemTime(&ftLocal, pSystemTime);
-}
-
-VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, DWORD * pEventTime)
-{
- SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
- union
- {
- FILETIME ft;
- ULONGLONG ll;
- } Time, u1970;
-
- SystemTimeToFileTime(pSystemTime, &Time.ft);
- SystemTimeToFileTime(&st1970, &u1970.ft);
- *pEventTime = (DWORD)((Time.ll - u1970.ll) / 10000000ull);
-}
-
-VOID PRINT_HEADER(PEVENTLOGHEADER header)
-{
- DPRINT("HeaderSize = %lu\n", header->HeaderSize);
- DPRINT("Signature = 0x%x\n", header->Signature);
- DPRINT("MajorVersion = %lu\n", header->MajorVersion);
- DPRINT("MinorVersion = %lu\n", header->MinorVersion);
- DPRINT("StartOffset = %lu\n", header->StartOffset);
- DPRINT("EndOffset = 0x%x\n", header->EndOffset);
- DPRINT("CurrentRecordNumber = %lu\n", header->CurrentRecordNumber);
- DPRINT("OldestRecordNumber = %lu\n", header->OldestRecordNumber);
- DPRINT("MaxSize = 0x%x\n", header->MaxSize);
- DPRINT("Retention = 0x%x\n", header->Retention);
- DPRINT("EndHeaderSize = %lu\n", header->EndHeaderSize);
- DPRINT("Flags: ");
- if (header->Flags & ELF_LOGFILE_HEADER_DIRTY) DPRINT("ELF_LOGFILE_HEADER_DIRTY");
- if (header->Flags & ELF_LOGFILE_HEADER_WRAP) DPRINT("| ELF_LOGFILE_HEADER_WRAP ");
- if (header->Flags & ELF_LOGFILE_LOGFULL_WRITTEN) DPRINT("| ELF_LOGFILE_LOGFULL_WRITTEN ");
- if (header->Flags & ELF_LOGFILE_ARCHIVE_SET) DPRINT("| ELF_LOGFILE_ARCHIVE_SET ");
- DPRINT("\n");
-}
-
VOID PRINT_RECORD(PEVENTLOGRECORD pRec)
{
UINT i;
- WCHAR *str;
- SYSTEMTIME time;
+ PWSTR str;
+ LARGE_INTEGER SystemTime;
+ TIME_FIELDS Time;
- DPRINT("Length = %lu\n", pRec->Length);
- DPRINT("Reserved = 0x%x\n", pRec->Reserved);
- DPRINT("RecordNumber = %lu\n", pRec->RecordNumber);
+ DPRINT1("PRINT_RECORD(0x%p)\n", pRec);
- EventTimeToSystemTime(pRec->TimeGenerated, &time);
- DPRINT("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
- time.wDay, time.wMonth, time.wYear,
- time.wHour, time.wMinute, time.wSecond);
+ DbgPrint("Length = %lu\n", pRec->Length);
+ DbgPrint("Reserved = 0x%x\n", pRec->Reserved);
+ DbgPrint("RecordNumber = %lu\n", pRec->RecordNumber);
- EventTimeToSystemTime(pRec->TimeWritten, &time);
- DPRINT("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
- time.wDay, time.wMonth, time.wYear,
- time.wHour, time.wMinute, time.wSecond);
+ RtlSecondsSince1970ToTime(pRec->TimeGenerated, &SystemTime);
+ RtlTimeToTimeFields(&SystemTime, &Time);
+ DbgPrint("TimeGenerated = %hu.%hu.%hu %hu:%hu:%hu\n",
+ Time.Day, Time.Month, Time.Year,
+ Time.Hour, Time.Minute, Time.Second);
- DPRINT("EventID = %lu\n", pRec->EventID);
+ RtlSecondsSince1970ToTime(pRec->TimeWritten, &SystemTime);
+ RtlTimeToTimeFields(&SystemTime, &Time);
+ DbgPrint("TimeWritten = %hu.%hu.%hu %hu:%hu:%hu\n",
+ Time.Day, Time.Month, Time.Year,
+ Time.Hour, Time.Minute, Time.Second);
+
+ DbgPrint("EventID = %lu\n", pRec->EventID);
switch (pRec->EventType)
{
case EVENTLOG_ERROR_TYPE:
- DPRINT("EventType = EVENTLOG_ERROR_TYPE\n");
+ DbgPrint("EventType = EVENTLOG_ERROR_TYPE\n");
break;
case EVENTLOG_WARNING_TYPE:
- DPRINT("EventType = EVENTLOG_WARNING_TYPE\n");
+ DbgPrint("EventType = EVENTLOG_WARNING_TYPE\n");
break;
case EVENTLOG_INFORMATION_TYPE:
- DPRINT("EventType = EVENTLOG_INFORMATION_TYPE\n");
+ DbgPrint("EventType = EVENTLOG_INFORMATION_TYPE\n");
break;
case EVENTLOG_AUDIT_SUCCESS:
- DPRINT("EventType = EVENTLOG_AUDIT_SUCCESS\n");
+ DbgPrint("EventType = EVENTLOG_AUDIT_SUCCESS\n");
break;
case EVENTLOG_AUDIT_FAILURE:
- DPRINT("EventType = EVENTLOG_AUDIT_FAILURE\n");
+ DbgPrint("EventType = EVENTLOG_AUDIT_FAILURE\n");
break;
default:
- DPRINT("EventType = %hu\n", pRec->EventType);
+ DbgPrint("EventType = %hu\n", pRec->EventType);
}
- DPRINT("NumStrings = %hu\n", pRec->NumStrings);
- DPRINT("EventCategory = %hu\n", pRec->EventCategory);
- DPRINT("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
- DPRINT("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
- DPRINT("StringOffset = %lu\n", pRec->StringOffset);
- DPRINT("UserSidLength = %lu\n", pRec->UserSidLength);
- DPRINT("UserSidOffset = %lu\n", pRec->UserSidOffset);
- DPRINT("DataLength = %lu\n", pRec->DataLength);
- DPRINT("DataOffset = %lu\n", pRec->DataOffset);
-
- DPRINT("SourceName: %S\n", (WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD)));
+ DbgPrint("NumStrings = %hu\n", pRec->NumStrings);
+ DbgPrint("EventCategory = %hu\n", pRec->EventCategory);
+ DbgPrint("ReservedFlags = 0x%x\n", pRec->ReservedFlags);
+ DbgPrint("ClosingRecordNumber = %lu\n", pRec->ClosingRecordNumber);
+ DbgPrint("StringOffset = %lu\n", pRec->StringOffset);
+ DbgPrint("UserSidLength = %lu\n", pRec->UserSidLength);
+ DbgPrint("UserSidOffset = %lu\n", pRec->UserSidOffset);
+ DbgPrint("DataLength = %lu\n", pRec->DataLength);
+ DbgPrint("DataOffset = %lu\n", pRec->DataOffset);
- i = (lstrlenW((WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD))) + 1) *
- sizeof(WCHAR);
+ i = sizeof(EVENTLOGRECORD);
+ DbgPrint("SourceName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
- DPRINT("ComputerName: %S\n", (WCHAR *) (((PBYTE) pRec) + sizeof(EVENTLOGRECORD) + i));
+ i += (wcslen((PWSTR)((ULONG_PTR)pRec + i)) + 1) * sizeof(WCHAR);
+ DbgPrint("ComputerName: %S\n", (PWSTR)((ULONG_PTR)pRec + i));
if (pRec->StringOffset < pRec->Length && pRec->NumStrings)
{
- DPRINT("Strings:\n");
- str = (WCHAR *) (((PBYTE) pRec) + pRec->StringOffset);
+ DbgPrint("Strings:\n");
+ str = (PWSTR)((ULONG_PTR)pRec + pRec->StringOffset);
for (i = 0; i < pRec->NumStrings; i++)
{
- DPRINT("[%u] %S\n", i, str);
- str = str + lstrlenW(str) + 1;
+ DbgPrint("[%u] %S\n", i, str);
+ str += wcslen(str) + 1;
}
}
- DPRINT("Length2 = %lu\n", *(PDWORD) (((PBYTE) pRec) + pRec->Length - 4));
+ DbgPrint("Length2 = %lu\n", *(PULONG)((ULONG_PTR)pRec + pRec->Length - 4));
}