[ADVAPI33/EVENTLOG]
authorEric Kohl <eric.kohl@reactos.org>
Sat, 17 Dec 2011 23:47:28 +0000 (23:47 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Sat, 17 Dec 2011 23:47:28 +0000 (23:47 +0000)
- Determine the event generation time in ReportEventA/W and use it.
- Replace magic values by proper type size.

svn path=/trunk/; revision=54678

reactos/base/services/eventlog/eventlog.c
reactos/base/services/eventlog/eventlog.h
reactos/base/services/eventlog/file.c
reactos/base/services/eventlog/logport.c
reactos/base/services/eventlog/rpc.c
reactos/dll/win32/advapi32/advapi32.h
reactos/dll/win32/advapi32/service/eventlog.c

index aebcc8a..872ea2c 100644 (file)
@@ -465,20 +465,6 @@ VOID EventTimeToSystemTime(DWORD EventTime, SYSTEMTIME * pSystemTime)
     FileTimeToSystemTime(&ftLocal, pSystemTime);
 }
 
-VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime, DWORD * pEventTime)
-{
-    SYSTEMTIME st1970 = { 1970, 1, 0, 1, 0, 0, 0, 0 };
-    union
-    {
-        FILETIME ft;
-        ULONGLONG ll;
-    } Time, u1970;
-
-    SystemTimeToFileTime(pSystemTime, &Time.ft);
-    SystemTimeToFileTime(&st1970, &u1970.ft);
-    *pEventTime = (DWORD)((Time.ll - u1970.ll) / 10000000ull);
-}
-
 VOID PRINT_HEADER(PEVENTLOGHEADER header)
 {
     DPRINT("HeaderSize = %d\n", header->HeaderSize);
index 0de6c87..5298a24 100644 (file)
@@ -16,6 +16,7 @@
 #include <windows.h>
 #include <netevent.h>
 #include <lpctypes.h>
+#include <kefuncs.h>
 #include <lpcfuncs.h>
 #include <rtlfuncs.h>
 #include <obfuncs.h>
@@ -168,6 +169,7 @@ BOOL LogfDeleteOffsetInformation(PLOGFILE LogFile,
 
 PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
                                  DWORD dwRecordNumber,
+                                 DWORD dwTime,
                                  WORD wType,
                                  WORD wCategory,
                                  DWORD dwEventId,
@@ -199,9 +201,6 @@ VOID PRINT_RECORD(PEVENTLOGRECORD pRec);
 VOID EventTimeToSystemTime(DWORD EventTime,
                            SYSTEMTIME * SystemTime);
 
-VOID SystemTimeToEventTime(SYSTEMTIME * pSystemTime,
-                           DWORD * pEventTime);
-
 /* eventsource.c */
 VOID InitEventSourceList(VOID);
 
index 245bb6b..ce80163 100644 (file)
@@ -870,18 +870,18 @@ BOOL LogfWriteData(PLOGFILE LogFile, DWORD BufSize, PBYTE Buffer)
 {
     DWORD dwWritten;
     DWORD dwRead;
-    SYSTEMTIME st;
     EVENTLOGEOF EofRec;
     PEVENTLOGRECORD RecBuf;
     LARGE_INTEGER logFileSize;
+    LARGE_INTEGER SystemTime;
     ULONG RecOffSet;
     ULONG WriteOffSet;
 
     if (!Buffer)
         return FALSE;
 
-    GetSystemTime(&st);
-    SystemTimeToEventTime(&st, &((PEVENTLOGRECORD) Buffer)->TimeWritten);
+    NtQuerySystemTime(&SystemTime);
+    RtlTimeToSecondsSince1970(&SystemTime, &((PEVENTLOGRECORD) Buffer)->TimeWritten);
 
     EnterCriticalSection(&LogFile->cs);
 
@@ -1125,6 +1125,7 @@ BOOL LogfAddOffsetInformation(PLOGFILE LogFile, ULONG ulNumber, ULONG ulOffset)
 
 PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
                                  DWORD   dwRecordNumber,
+                                 DWORD   dwTime,
                                  WORD    wType,
                                  WORD    wCategory,
                                  DWORD   dwEventId,
@@ -1139,7 +1140,6 @@ PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
 {
     DWORD dwRecSize;
     PEVENTLOGRECORD pRec;
-    SYSTEMTIME SysTime;
     WCHAR *str;
     UINT i, pos;
     PBYTE Buffer;
@@ -1148,8 +1148,8 @@ PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
         sizeof(EVENTLOGRECORD) + (lstrlenW(ComputerName) +
                                   lstrlenW(SourceName) + 2) * sizeof(WCHAR);
 
-    if (dwRecSize % 4 != 0)
-        dwRecSize += 4 - (dwRecSize % 4);
+    if (dwRecSize % sizeof(DWORD) != 0)
+        dwRecSize += sizeof(DWORD) - (dwRecSize % sizeof(DWORD));
 
     dwRecSize += dwSidLength;
 
@@ -1160,10 +1160,10 @@ PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
     }
 
     dwRecSize += dwDataSize;
-    if (dwRecSize % 4 != 0)
-        dwRecSize += 4 - (dwRecSize % 4);
+    if (dwRecSize % sizeof(DWORD) != 0)
+        dwRecSize += sizeof(DWORD) - (dwRecSize % sizeof(DWORD));
 
-    dwRecSize += 4;
+    dwRecSize += sizeof(DWORD);
 
     Buffer = HeapAlloc(MyHeap, HEAP_ZERO_MEMORY, dwRecSize);
 
@@ -1178,9 +1178,8 @@ PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
     pRec->Reserved = LOGFILE_SIGNATURE;
     pRec->RecordNumber = dwRecordNumber;
 
-    GetSystemTime(&SysTime);
-    SystemTimeToEventTime(&SysTime, &pRec->TimeGenerated);
-    SystemTimeToEventTime(&SysTime, &pRec->TimeWritten);
+    pRec->TimeGenerated = dwTime;
+    pRec->TimeWritten = dwTime;
 
     pRec->EventID = dwEventId;
     pRec->EventType = wType;
@@ -1195,8 +1194,8 @@ PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
 
     pRec->UserSidOffset = pos;
 
-    if (pos % 4 != 0)
-        pos += 4 - (pos % 4);
+    if (pos % sizeof(DWORD) != 0)
+        pos += sizeof(DWORD) - (pos % sizeof(DWORD));
 
     if (dwSidLength)
     {
@@ -1223,8 +1222,8 @@ PBYTE LogfAllocAndBuildNewRecord(LPDWORD lpRecSize,
         pos += dwDataSize;
     }
 
-    if (pos % 4 != 0)
-        pos += 4 - (pos % 4);
+    if (pos % sizeof(DWORD) != 0)
+        pos += sizeof(DWORD) - (pos % sizeof(DWORD));
 
     *((PDWORD) (Buffer + pos)) = dwRecSize;
 
@@ -1249,6 +1248,8 @@ LogfReportEvent(WORD wType,
     DWORD lastRec;
     DWORD recSize;
     DWORD dwError;
+    DWORD dwTime;
+    LARGE_INTEGER SystemTime;
 
     if (!GetComputerNameW(szComputerName, &dwComputerNameLength))
     {
@@ -1261,9 +1262,13 @@ LogfReportEvent(WORD wType,
         return;
     }
 
+    NtQuerySystemTime(&SystemTime);
+    RtlTimeToSecondsSince1970(&SystemTime, &dwTime);
+
     lastRec = LogfGetCurrentRecord(pEventSource->LogFile);
 
     logBuffer = LogfAllocAndBuildNewRecord(&recSize,
+                                           dwTime,
                                            lastRec,
                                            wType,
                                            wCategory,
index d82cf4c..683513e 100644 (file)
@@ -109,6 +109,8 @@ NTSTATUS ProcessPortMessage(VOID)
     DWORD dwRecSize;
     NTSTATUS Status;
     PLOGFILE SystemLog = NULL;
+    LARGE_INTEGER SystemTime;
+    ULONG Seconds;
 
     DPRINT("ProcessPortMessage() called\n");
 
@@ -145,7 +147,10 @@ NTSTATUS ProcessPortMessage(VOID)
             Message = (PIO_ERROR_LOG_MESSAGE) & Request.Message;
             ulRecNum = SystemLog ? SystemLog->Header.CurrentRecordNumber : 0;
 
-            pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord(&dwRecSize,
+            NtQuerySystemTime(&SystemTime);
+            RtlTimeToSecondsSince1970(&SystemTime, &Seconds);
+
+            pRec = (PEVENTLOGRECORD) LogfAllocAndBuildNewRecord(&dwRecSize, Seconds,
                     ulRecNum, Message->Type, Message->EntryData.EventCategory,
                     Message->EntryData.ErrorCode,
                     (WCHAR *) (((PBYTE) Message) + Message->DriverNameOffset),
index 91a0f77..682b554 100644 (file)
@@ -496,6 +496,7 @@ NTSTATUS ElfrReportEventW(
     if (UserSID)
         dwUserSidLength = FIELD_OFFSET(SID, SubAuthority[UserSID->SubAuthorityCount]);
     LogBuffer = LogfAllocAndBuildNewRecord(&recSize,
+                                           Time,
                                            lastRec,
                                            EventType,
                                            EventCategory,
index eb11386..3c7d2a9 100644 (file)
@@ -28,6 +28,7 @@
 #include <ndk/cmfuncs.h>
 #include <ndk/exfuncs.h>
 #include <ndk/iofuncs.h>
+#include <ndk/kefuncs.h>
 #include <ndk/obfuncs.h>
 #include <ndk/psfuncs.h>
 #include <ndk/rtlfuncs.h>
index e2e895e..76f2479 100644 (file)
@@ -945,6 +945,8 @@ ReportEventA(IN HANDLE hEventLog,
     WORD i;
     CHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
     DWORD dwSize;
+    LARGE_INTEGER SystemTime;
+    ULONG Seconds;
 
     TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
           hEventLog, wType, wCategory, dwEventID, lpUserSid,
@@ -974,10 +976,13 @@ ReportEventA(IN HANDLE hEventLog,
     GetComputerNameA(szComputerName, &dwSize);
     RtlInitAnsiString(&ComputerName, szComputerName);
 
+    NtQuerySystemTime(&SystemTime);
+    RtlTimeToSecondsSince1970(&SystemTime, &Seconds);
+
     RpcTryExcept
     {
         Status = ElfrReportEventA(hEventLog,
-                                  0, /* FIXME: Time */
+                                  Seconds,
                                   wType,
                                   wCategory,
                                   dwEventID,
@@ -1046,6 +1051,8 @@ ReportEventW(IN HANDLE hEventLog,
     WORD i;
     WCHAR szComputerName[MAX_COMPUTERNAME_LENGTH + 1];
     DWORD dwSize;
+    LARGE_INTEGER SystemTime;
+    ULONG Seconds;
 
     TRACE("%p, %u, %u, %lu, %p, %u, %lu, %p, %p\n",
           hEventLog, wType, wCategory, dwEventID, lpUserSid,
@@ -1075,10 +1082,13 @@ ReportEventW(IN HANDLE hEventLog,
     GetComputerNameW(szComputerName, &dwSize);
     RtlInitUnicodeString(&ComputerName, szComputerName);
 
+    NtQuerySystemTime(&SystemTime);
+    RtlTimeToSecondsSince1970(&SystemTime, &Seconds);
+
     RpcTryExcept
     {
         Status = ElfrReportEventW(hEventLog,
-                                  0, /* FIXME: Time */
+                                  Seconds,
                                   wType,
                                   wCategory,
                                   dwEventID,