|
|
#include "stdafx.h"
#include "CertObj.h"
#include "common.h"
#include "certobjlog.h"
#include <strsafe.h>
HANDLE g_hEventLog = NULL;
// #define EVENTLOG_SUCCESS 0x0000
// #define EVENTLOG_ERROR_TYPE 0x0001
// #define EVENTLOG_WARNING_TYPE 0x0002
// #define EVENTLOG_INFORMATION_TYPE 0x0004
// #define EVENTLOG_AUDIT_SUCCESS 0x0008
// #define EVENTLOG_AUDIT_FAILURE 0x0010
void EventlogReportEvent( WORD wType, DWORD dwEventID, LPCTSTR pFormat, ...){ TCHAR chMsg[256]; HANDLE hEventSource; LPTSTR lpszStrings[1]; va_list pArg;
va_start(pArg, pFormat); //_vstprintf(chMsg, pFormat, pArg);
StringCbVPrintf(chMsg,sizeof(chMsg),pFormat, pArg); va_end(pArg);
lpszStrings[0] = chMsg;
if (g_hEventLog != NULL) { ReportEvent(g_hEventLog, wType, 0, dwEventID, NULL, 1, 0, (LPCTSTR*) &lpszStrings[0], NULL); }}
BOOL EventlogRegistryInstall(void){ HKEY hKey; int err; DWORD disp;
//
// Create registry entries, whether event logging is currently
// enabled or not.
//
err = RegCreateKeyEx( HKEY_LOCAL_MACHINE, TEXT("System\\CurrentControlSet\\Services\\EventLog\\System\\CertObj"), 0, TEXT(""), REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, &disp); if (err) { return(FALSE); }
if (disp == REG_CREATED_NEW_KEY) { RegSetValueEx( hKey, TEXT("EventMessageFile"), 0, REG_EXPAND_SZ, (PBYTE) TEXT("%SystemRoot%\\system32\\inetsrv\\certobj.dll"), sizeof(TEXT("%SystemRoot%\\system32\\inetsrv\\certobj.dll")));
// disp = 7;
disp = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE ; RegSetValueEx( hKey, TEXT("TypesSupported"), 0, REG_DWORD, (PBYTE) &disp, sizeof(DWORD) );
RegFlushKey(hKey); }
RegCloseKey(hKey);
return(TRUE);}
void EventlogRegistryUnInstall(void){ HKEY hKey; DWORD dwStatus; TCHAR szBuf[MAX_PATH*2+1];
// remove event source out of application and system
StringCbPrintf(szBuf,sizeof(szBuf),_TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application")); if((dwStatus=RegOpenKeyEx(HKEY_LOCAL_MACHINE, szBuf, 0, KEY_ALL_ACCESS, &hKey)) != ERROR_SUCCESS) { return; }
RegDeleteKey(hKey, _T("CertObj")); RegCloseKey(hKey);
StringCbPrintf(szBuf,sizeof(szBuf),_TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\System")); if((dwStatus=RegOpenKeyEx(HKEY_LOCAL_MACHINE, szBuf, 0, KEY_ALL_ACCESS, &hKey)) != ERROR_SUCCESS) { return; }
RegDeleteKey(hKey, _T("CertObj")); RegCloseKey(hKey);
return;}
void EventLogInit(void){ g_hEventLog = RegisterEventSource( NULL, L"CertObj" ); return;}
void EventLogCleanup(void){ if ( g_hEventLog != NULL ) { DeregisterEventSource( g_hEventLog ); g_hEventLog = NULL; } return;}
void ReportIt(DWORD dwEventID, LPCTSTR szMetabasePath){ if (!g_hEventLog){EventLogInit();}
switch (dwEventID) { case CERTOBJ_CERT_EXPORT_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_EXPORT_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break;
case CERTOBJ_CERT_IMPORT_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_IMPORT_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break;
case CERTOBJ_CERT_IMPORT_CERT_STORE_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_IMPORT_CERT_STORE_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break;
case CERTOBJ_CERT_REMOVE_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_REMOVE_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break;
default: break;
} if (g_hEventLog) {EventLogCleanup();} return;}
|
