#define WIN32_NO_STATUS
#include <windows.h>
+#include <netevent.h>
#include <lpctypes.h>
#include <lpcfuncs.h>
#include <rtlfuncs.h>
#include <obfuncs.h>
#include <iotypes.h>
#include <debug.h>
-#include <pseh/pseh.h>
#include "eventlogrpc_s.h"
typedef struct _IO_ERROR_LPC
#define LOGFILE_SIGNATURE 0x654c664c
/*
- * FIXME
* Flags used in logfile header
*/
-#define LOGFILE_FLAG1 1
-#define LOGFILE_FLAG2 2
-#define LOGFILE_FLAG3 4
-#define LOGFILE_FLAG4 8
+#define ELF_LOGFILE_HEADER_DIRTY 1
+#define ELF_LOGFILE_HEADER_WRAP 2
+#define ELF_LOGGFILE_LOGFULL_WRITTEN 4
+#define ELF_LOGFILE_ARCHIVE_SET 8
-typedef struct
+/* FIXME: MSDN reads that the following two structs are in winnt.h. Are they? */
+typedef struct _EVENTLOGHEADER
{
- DWORD SizeOfHeader;
- DWORD Signature;
- DWORD MajorVersion;
- DWORD MinorVersion;
- DWORD FirstRecordOffset;
- DWORD EofOffset;
- DWORD NextRecord;
- DWORD OldestRecord;
- DWORD unknown1;
- DWORD Flags;
- DWORD unknown2;
- DWORD SizeOfHeader2;
-} FILE_HEADER, *PFILE_HEADER;
-
-typedef struct
+ ULONG HeaderSize;
+ ULONG Signature;
+ ULONG MajorVersion;
+ ULONG MinorVersion;
+ ULONG StartOffset;
+ ULONG EndOffset;
+ ULONG CurrentRecordNumber;
+ ULONG OldestRecordNumber;
+ ULONG MaxSize;
+ ULONG Flags;
+ ULONG Retention;
+ ULONG EndHeaderSize;
+} EVENTLOGHEADER, *PEVENTLOGHEADER;
+
+typedef struct _EVENTLOGEOF
{
- DWORD Size1;
- DWORD Ones; // Must be 0x11111111
- DWORD Twos; // Must be 0x22222222
- DWORD Threes; // Must be 0x33333333
- DWORD Fours; // Must be 0x44444444
- DWORD StartOffset;
- DWORD EndOffset;
- DWORD NextRecordNumber;
- DWORD OldestRecordNumber;
- DWORD Size2;
-} EOF_RECORD, *PEOF_RECORD;
-
-typedef struct
+ ULONG RecordSizeBeginning;
+ ULONG Ones;
+ ULONG Twos;
+ ULONG Threes;
+ ULONG Fours;
+ ULONG BeginRecord;
+ ULONG EndRecord;
+ ULONG CurrentRecordNumber;
+ ULONG OldestRecordNumber;
+ ULONG RecordSizeEnd;
+} EVENTLOGEOF, *PEVENTLOGEOF;
+
+typedef struct _EVENT_OFFSET_INFO
{
ULONG EventNumber;
ULONG EventOffset;
} EVENT_OFFSET_INFO, *PEVENT_OFFSET_INFO;
-typedef struct
+typedef struct _LOGFILE
{
HANDLE hFile;
- FILE_HEADER Header;
+ EVENTLOGHEADER Header;
WCHAR *LogName;
WCHAR *FileName;
CRITICAL_SECTION cs;
LIST_ENTRY ListEntry;
} LOGFILE, *PLOGFILE;
-typedef struct
+typedef struct _EVENTSOURCE
{
+ LIST_ENTRY EventSourceListEntry;
PLOGFILE LogFile;
- WCHAR *Name;
+ WCHAR szName[1];
} EVENTSOURCE, *PEVENTSOURCE;
+typedef struct _LOGHANDLE
+{
+ LIST_ENTRY LogHandleListEntry;
+ PEVENTSOURCE EventSource;
+ PLOGFILE LogFile;
+ ULONG CurrentRecord;
+ WCHAR szName[1];
+} LOGHANDLE, *PLOGHANDLE;
+
/* file.c */
VOID LogfListInitialize(VOID);
VOID LogfListRemoveItem(PLOGFILE Item);
-BOOL LogfReadEvent(PLOGFILE LogFile,
+DWORD LogfReadEvent(PLOGFILE LogFile,
DWORD Flags,
- DWORD RecordNumber,
+ DWORD * RecordNumber,
DWORD BufSize,
PBYTE Buffer,
DWORD * BytesRead,
DWORD LogfGetOldestRecord(PLOGFILE LogFile);
+DWORD LogfGetCurrentRecord(PLOGFILE LogFile);
+
ULONG LogfOffsetByNumber(PLOGFILE LogFile,
DWORD RecordNumber);
ULONG ulNumber,
ULONG ulOffset);
+BOOL LogfDeleteOffsetInformation(PLOGFILE LogFile,
+ ULONG ulNumber);
+
PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
DWORD dwRecordNumber,
WORD wType,
DWORD dwDataSize,
LPVOID lpRawData);
-void __inline LogfFreeRecord(LPVOID Rec);
+VOID
+LogfReportEvent(WORD wType,
+ WORD wCategory,
+ DWORD dwEventId);
/* eventlog.c */
-VOID PRINT_HEADER(PFILE_HEADER header);
+extern HANDLE MyHeap;
+
+VOID PRINT_HEADER(PEVENTLOGHEADER header);
VOID PRINT_RECORD(PEVENTLOGRECORD pRec);
VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime,
DWORD * pEventTime);
+/* eventsource.c */
+VOID InitEventSourceList(VOID);
+
+BOOL
+LoadEventSources(HKEY hKey,
+ PLOGFILE pLogFile);
+
+PEVENTSOURCE
+GetEventSourceByName(LPCWSTR Name);
+
+
/* logport.c */
NTSTATUS WINAPI PortThreadRoutine(PVOID Param);
/* rpc.c */
DWORD WINAPI RpcThreadRoutine(LPVOID lpParameter);
+static __inline void LogfFreeRecord(LPVOID Rec)
+{
+ HeapFree(MyHeap, 0, Rec);
+}
+
#endif /* __EVENTLOG_H__ */