archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/pchealth/sr/nttest/srdiag2/getsrevent.cxx

393 lines
10 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1999-2001.
  5. //
  6. // File: GetSREvent.cxx
  7. //
  8. // Contents: Gets SR related system events
  9. //
  10. // Classes: n/a
  11. //
  12. // Coupling:
  13. //
  14. // Notes:
  15. //
  16. // History: 20-04-2001 weiyouc Created
  17. //
  18. //----------------------------------------------------------------------------
  20. //--------------------------------------------------------------------------
  21. // Headers
  22. //--------------------------------------------------------------------------
  24. #include "SrHeader.hxx"
  26. //--------------------------------------------------------------------------
  27. // Defines
  28. //--------------------------------------------------------------------------
  30. #define MAX_BUF_SIZE 1000
  31. #define SR_SERVICE_SRC TEXT("SrService")
  32. #define SR_FILTER_SRC TEXT("sr")
  33. #define SR_SERVICE_EVENTID_BASE 0x00000067
  34. #define SR_FILTER_EVENTID_BASE 0x00000001
  36. //--------------------------------------------------------------------------
  37. // Function prototypes
  38. //--------------------------------------------------------------------------
  40. HRESULT DumpSREvent(LPTSTR ptszLog, EVENTLOGRECORD* pEvent);
  42. HRESULT DumpSREventMsg(FILE* fpLog, EVENTLOGRECORD* pEvent);
  44. LPCTSTR GetSrEventStr(WORD wEventType);
  46. //--------------------------------------------------------------------------
  47. // Some global variables
  48. //--------------------------------------------------------------------------
  50. LPCTSTR g_tszEventType[] =
  51. {
  52. TEXT("UNKNOWN_EVENT"),
  53. TEXT("EVENTLOG_ERROR_TYPE"),
  54. TEXT("EVENTLOG_WARNING_TYPE"),
  55. TEXT("EVENTLOG_INFORMATION_TYPE"),
  56. TEXT("EVENTLOG_AUDIT_SUCCESS"),
  57. TEXT("EVENTLOG_AUDIT_FAILURE")
  58. };
  60. LPCSTR g_szSrServiceEventMsg[] =
  61. {
  62. "The System Restore control handler could not be installed.",
  64. "The System Restore initialization process failed.",
  66. "The System Restore service received an unsupported request.",
  68. "The System Restore service was started.",
  70. "The System Restore service has been suspended because there is not "
  71. "enough disk space available on the drive %S. System Restore will "
  72. "automatically resume service once at least %S MB of free disk space "
  73. "is available on the system drive.",
  75. "The System Restore service has resumed monitoring due to space freed "
  76. "on the system drive.",
  78. "The System Restore service was stopped.",
  80. "A restoration to \"%S\" restore point occurred successfully.",
  82. "A restoration to \"%S\" restore point failed. "
  83. "No changes have been made to the system.",
  85. "A restoration to \"%S\" restore point was incomplete due to an "
  86. "improper shutdown.",
  88. "System Restore monitoring was enabled on drive %S.",
  90. "System Restore monitoring was disabled on drive %S.",
  92. "System Restore monitoring was enabled on all drives.",
  94. "System Restore monitoring was disabled on all drives.",
  95. };
  97. //+---------------------------------------------------------------------------
  98. //
  99. // Function: GetSREvents
  100. //
  101. // Synopsis: Get SR related event to a log file
  102. //
  103. // Arguments: ptszLogFile -- log file name
  104. //
  105. // Returns: HRESULT
  106. //
  107. // History: 20-04-2001 weiyouc Created
  108. //
  109. // Notes:
  110. //
  111. //----------------------------------------------------------------------------
  113. HRESULT GetSREvents(LPTSTR ptszLogFile)
  114. {
  115. HRESULT hr = S_OK;
  116. HANDLE hEventLog = NULL;
  117. EVENTLOGRECORD* pelrEvent = NULL;
  118. FILE* fpLog = NULL;
  119. BOOL fOK = FALSE;
  120. DWORD dwBytesRead = 0;
  121. DWORD dwBytesNeeded = 0;
  122. LPTSTR ptszSrcName = NULL;
  123. BYTE bEventBuf[MAX_BUF_SIZE];
  125. DH_VDATEPTRIN(ptszLogFile, TCHAR);
  127. hEventLog = OpenEventLog(NULL, TEXT("System"));
  128. DH_ABORTIF(NULL == hEventLog,
  129. HRESULT_FROM_WIN32(GetLastError()),
  130. TEXT("OpenEventLog"));
  132. ZeroMemory(&bEventBuf, MAX_BUF_SIZE);
  133. pelrEvent = (EVENTLOGRECORD *) &bEventBuf;
  134. while (ReadEventLog(hEventLog,
  135. EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
  136. 0,
  137. pelrEvent,
  138. MAX_BUF_SIZE,
  139. &dwBytesRead,
  140. &dwBytesNeeded))
  141. {
  142. //
  143. // Since there might be multiple logs packed in the buffer,
  144. // we need to unpack them.
  145. //
  147. while (dwBytesRead > 0)
  148. {
  149. //
  150. // If the source name is what we are interested,
  151. // we dump the event log
  152. //
  154. ptszSrcName = (LPTSTR)((LPBYTE) pelrEvent + sizeof(EVENTLOGRECORD));
  155. if ((0 == _tcsicmp(ptszSrcName, SR_SERVICE_SRC)) ||
  156. (0 == _tcsicmp(ptszSrcName, SR_FILTER_SRC)))
  157. {
  158. hr = DumpSREvent(ptszLogFile, pelrEvent);
  159. DH_HRCHECK_ABORT(hr, TEXT("DumpSREvent"));
  160. }
  162. dwBytesRead -= pelrEvent->Length;
  163. pelrEvent = (EVENTLOGRECORD*)((LPBYTE) pelrEvent + pelrEvent->Length);
  164. }
  166. ZeroMemory(&bEventBuf, MAX_BUF_SIZE);
  167. pelrEvent = (EVENTLOGRECORD *) &bEventBuf;
  168. }
  170. ErrReturn:
  171. if (NULL != hEventLog)
  172. {
  173. CloseEventLog(hEventLog);
  174. }
  175. if (NULL != fpLog)
  176. {
  177. fclose(fpLog);
  178. }
  180. return hr;
  181. }
  183. //+---------------------------------------------------------------------------
  184. //
  185. // Function: DumpSREvent
  186. //
  187. // Synopsis: Dump an SR-related event to the log file
  188. //
  189. // Arguments: ptszLogFile -- log file name
  190. // pEvent -- pointer to a system event
  191. //
  192. // Returns: HRESULT
  193. //
  194. // History: 20-04-2001 weiyouc Created
  195. //
  196. // Notes:
  197. //
  198. //----------------------------------------------------------------------------
  200. HRESULT DumpSREvent(LPTSTR ptszLog,
  201. EVENTLOGRECORD* pEvent)
  202. {
  203. HRESULT hr = S_OK;
  204. FILE* fpLog = NULL;
  205. WORD wEventType = 0;
  206. __int64 llTemp = 0;
  207. __int64 llSecsTo1970 = 116444736000000000;
  208. FILETIME FileTime;
  209. FILETIME LocalFileTime;
  210. SYSTEMTIME SysTime;
  212. DH_VDATEPTRIN(ptszLog, TCHAR);
  213. DH_VDATEPTRIN(pEvent, EVENTLOGRECORD);
  215. fpLog = _tfopen(ptszLog, TEXT("a"));
  216. DH_ABORTIF(NULL == fpLog,
  217. E_FAIL,
  218. TEXT("_tfopen"));
  220. //
  221. // Dump the event source
  222. //
  224. fprintf(fpLog,
  225. "Event Source: %S \n",
  226. (LPTSTR)((LPBYTE) pEvent + sizeof(EVENTLOGRECORD)));
  228. //
  229. // Dump the event number
  230. //
  232. fprintf(fpLog, "Event Number: %u \n", pEvent->RecordNumber);
  234. //
  235. // Dump the event ID
  236. //
  238. fprintf(fpLog, "Event ID: %x \n", (0xFFFF & pEvent->EventID));
  240. //
  241. // Dump the event
  242. //
  244. wEventType = pEvent->EventType;
  245. if ((wEventType >= EVENTLOG_ERROR_TYPE) &&
  246. (wEventType <= EVENTLOG_AUDIT_FAILURE))
  247. {
  248. fprintf(fpLog,
  249. "Event Type: %S \n",
  250. GetSrEventStr(wEventType));
  251. }
  253. //
  254. // Now dump the event message
  255. //
  257. hr = DumpSREventMsg(fpLog, pEvent);
  258. DH_HRCHECK_ABORT(hr, TEXT("DumpSREventMsg"));
  260. //
  261. // Dump the event time
  262. //
  264. llTemp = Int32x32To64(pEvent->TimeGenerated, 10000000) + llSecsTo1970;
  266. FileTime.dwLowDateTime = (DWORD) llTemp;
  267. FileTime.dwHighDateTime = (DWORD)(llTemp >> 32);
  269. FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
  270. FileTimeToSystemTime(&LocalFileTime, &SysTime);
  272. fprintf(fpLog,
  273. "Time Generated: %02d/%02d/%02d %02d:%02d:%02d\n",
  274. SysTime.wMonth,
  275. SysTime.wDay,
  276. SysTime.wYear,
  277. SysTime.wHour,
  278. SysTime.wMinute,
  279. SysTime.wSecond);
  281. //
  282. // Finally we put an extra line break
  283. //
  285. fprintf(fpLog, "\n");
  287. ErrReturn:
  289. if (NULL != fpLog)
  290. {
  291. fclose(fpLog);
  292. }
  294. return hr;
  295. }
  297. //+---------------------------------------------------------------------------
  298. //
  299. // Function: DumpSREventMsg
  300. //
  301. // Synopsis: Dump an SR-related event message to the log file
  302. //
  303. // Arguments: fpLog -- file pointer to the log file
  304. // pEvent -- pointer to a system event
  305. //
  306. // Returns: HRESULT
  307. //
  308. // History: 20-04-2001 weiyouc Created
  309. //
  310. // Notes:
  311. //
  312. //----------------------------------------------------------------------------
  314. HRESULT DumpSREventMsg(FILE* fpLog,
  315. EVENTLOGRECORD* pEvent)
  316. {
  317. HRESULT hr = S_OK;
  318. DWORD dwEventID = 0;
  320. DH_VDATEPTRIN(fpLog, FILE);
  321. DH_VDATEPTRIN(pEvent, EVENTLOGRECORD);
  323. fprintf(fpLog, "Message: ");
  325. //
  326. // If this is a filter type event log
  327. //
  329. dwEventID = 0xFFFF & pEvent->EventID;
  330. if (dwEventID == SR_FILTER_EVENTID_BASE)
  331. {
  332. fprintf(fpLog, "SR filter has encountered a volume error");
  333. }
  334. else
  335. {
  336. fprintf(fpLog,
  337. g_szSrServiceEventMsg[dwEventID - SR_SERVICE_EVENTID_BASE],
  338. (LPTSTR)(pEvent->StringOffset + (LPBYTE) pEvent));
  339. }
  341. fprintf(fpLog, "\n");
  343. return hr;
  344. }
  346. //+---------------------------------------------------------------------------
  347. //
  348. // Function: GetSrEventStr
  349. //
  350. // Synopsis: Translate an event to an event string
  351. //
  352. // Arguments: wEventType -- event type
  353. //
  354. // Returns: HRESULT
  355. //
  356. // History: 20-04-2001 weiyouc Created
  357. //
  358. // Notes:
  359. //
  360. //----------------------------------------------------------------------------
  362. LPCTSTR GetSrEventStr(WORD wEventType)
  363. {
  364. WORD wIndex = 0;
  366. switch (wEventType)
  367. {
  368. case EVENTLOG_ERROR_TYPE:
  369. wIndex = 1;
  370. break;
  372. case EVENTLOG_WARNING_TYPE:
  373. wIndex = 2;
  374. break;
  376. case EVENTLOG_INFORMATION_TYPE:
  377. wIndex = 3;
  378. break;
  380. case EVENTLOG_AUDIT_SUCCESS:
  381. wIndex = 4;
  382. break;
  384. case EVENTLOG_AUDIT_FAILURE:
  385. wIndex = 5;
  386. break;
  388. default:
  389. break;
  390. }
  392. return g_tszEventType[wIndex];
  393. }