archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/base/eventlog/ntsdexts/elfexts.c

727 lines
21 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1990 Microsoft Corporation
  5. Module Name:
  7. elfexts.c
  9. Abstract:
  11. This function contains the eventlog ntsd debugger extensions
  13. Author:
  15. Dan Hinsley (DanHi) 22-May-1993
  16. IvanBrug 06 21 2001 converted to the latest debugger
  18. Revision History:
  20. --*/
  23. #include <elfmain.h>
  24. #include <stdio.h>
  25. #include <stdlib.h>
  26. #include <string.h>
  27. #include <malloc.h>
  28. #include <time.h>
  29. #include <elf.h>
  30. #include <elfdef.h>
  31. #include <elfcommn.h>
  32. #include <elfproto.h>
  33. #include <svcsp.h>
  34. #include <elfextrn.h>
  37. #define DbgPrint(_x_)
  38. #define MAX_NAME 256
  39. #define GET_DATA(DebugeeAddr, LocalAddr, Length) \
  40. Status = ReadMemory( \
  41. (MEMORY_ADDRESS)DebugeeAddr, \
  42. (PVOID)LocalAddr, \
  43. (ULONG)(Length), \
  44. NULL \
  45. );
  47. HANDLE GlobalhCurrentProcess;
  48. BOOL Status;
  50. LPWSTR
  51. GetUnicodeString(
  52. PUNICODE_STRING pUnicodeString
  53. )
  54. {
  55. MEMORY_ADDRESS Pointer;
  56. UNICODE_STRING UnicodeString;
  58. GET_DATA(pUnicodeString, &UnicodeString, sizeof(UNICODE_STRING))
  59. Pointer = (MEMORY_ADDRESS) UnicodeString.Buffer;
  60. UnicodeString.Buffer = (LPWSTR) LocalAlloc(LMEM_ZEROINIT,
  61. UnicodeString.Length + sizeof(WCHAR));
  62. GET_DATA(Pointer, UnicodeString.Buffer, UnicodeString.Length)
  64. return(UnicodeString.Buffer);
  65. }
  67. MEMORY_ADDRESS
  68. GetLogFileAddress(
  69. LPSTR LogFileName,
  70. PLOGFILE LogFile
  71. )
  72. {
  73. ANSI_STRING AnsiString;
  74. UNICODE_STRING UnicodeString;
  75. MEMORY_ADDRESS Pointer = 0;
  76. MEMORY_ADDRESS LogFileAnchor = 0;
  77. LPWSTR ModuleName = 0;
  79. //
  80. // Convert the string to UNICODE
  81. //
  83. RtlInitAnsiString(&AnsiString, LogFileName);
  84. RtlAnsiStringToUnicodeString(&UnicodeString, &AnsiString, TRUE);
  86. //
  87. // Walk the logfile list looking for a match
  88. //
  90. LogFileAnchor = (MEMORY_ADDRESS)GetExpression("eventlog!LogFilesHead");
  92. if (LogFileAnchor) {
  93. GET_DATA(LogFileAnchor, &Pointer, sizeof(MEMORY_ADDRESS));
  95. while (Pointer != LogFileAnchor) {
  96. GET_DATA(Pointer, LogFile, sizeof(LOGFILE))
  97. ModuleName = GetUnicodeString(LogFile->LogModuleName);
  98. if (!_wcsicmp(ModuleName, UnicodeString.Buffer)) {
  99. break;
  100. }
  101. LocalFree(ModuleName);
  102. Pointer = (MEMORY_ADDRESS) LogFile->FileList.Flink;
  103. }
  104. } else {
  105. dprintf("unable to resolve %s\n","eventlog!LogFilesHead");
  106. }
  108. RtlFreeUnicodeString(&UnicodeString);
  110. if (Pointer == LogFileAnchor) {
  111. return(0);
  112. }
  113. else {
  114. LocalFree(ModuleName);
  115. return(Pointer);
  116. }
  117. }
  119. //
  120. // Dump an individual record
  121. //
  123. MEMORY_ADDRESS
  124. DumpRecord(
  125. MEMORY_ADDRESS Record,
  126. DWORD RecordNumber,
  127. MEMORY_ADDRESS StartOfFile,
  128. MEMORY_ADDRESS EndOfFile
  129. )
  130. {
  131. MEMORY_ADDRESS BufferLen = 0;
  132. PCHAR TimeBuffer;
  133. PEVENTLOGRECORD EventLogRecord;
  134. LPWSTR Module;
  135. LPWSTR Computer;
  136. MEMORY_ADDRESS FirstPiece = 0;
  137. time_t TempAligned;
  139. GET_DATA(Record, &BufferLen, sizeof(DWORD));
  141. //
  142. // See if it's a ELF_SKIP_DWORD, and if it is, return the top of the
  143. // file
  144. //
  146. if (BufferLen == ELF_SKIP_DWORD) {
  147. return(StartOfFile + sizeof(ELF_LOGFILE_HEADER));
  148. }
  150. //
  151. // See if it's the EOF record
  152. //
  154. if (BufferLen == ELFEOFRECORDSIZE) {
  155. return(0);
  156. }
  158. BufferLen += sizeof(DWORD); // get room for length of next record
  159. EventLogRecord = (PEVENTLOGRECORD) LocalAlloc(LMEM_ZEROINIT, BufferLen);
  161. //
  162. // If the record wraps, grab it piecemeal
  163. //
  165. if (EndOfFile && BufferLen + Record > EndOfFile) {
  166. FirstPiece = EndOfFile - Record;
  167. GET_DATA(Record, EventLogRecord, FirstPiece);
  168. GET_DATA((StartOfFile + sizeof(ELF_LOGFILE_HEADER)),
  169. ((PBYTE) EventLogRecord + FirstPiece), BufferLen - FirstPiece);
  170. }
  171. else {
  172. GET_DATA(Record, EventLogRecord, BufferLen);
  173. }
  175. //
  176. // If it's greater than the starting record, print it out
  177. //
  179. if (EventLogRecord->RecordNumber >= RecordNumber) {
  180. dprintf("\nRecord %d is %d [0x%X] bytes long starting at %p\n",
  181. EventLogRecord->RecordNumber, EventLogRecord->Length,
  182. EventLogRecord->Length, Record);
  183. Module = (LPWSTR)(EventLogRecord+1);
  184. Computer = (LPWSTR)((PBYTE) Module + ((wcslen(Module) + 1) * sizeof(WCHAR)));
  185. dprintf("\tGenerated by %ws from system %ws\n", Module, Computer);
  188. TempAligned = EventLogRecord->TimeGenerated;
  189. TimeBuffer = ctime(&TempAligned);
  190. if (TimeBuffer) {
  191. dprintf("\tGenerated at %s", TimeBuffer);
  192. }
  193. else {
  194. dprintf("\tGenerated time field is blank\n");
  195. }
  196. TempAligned = EventLogRecord->TimeWritten;
  197. TimeBuffer = ctime(&TempAligned);
  198. if (TimeBuffer) {
  199. dprintf("\tWritten at %s", TimeBuffer);
  200. }
  201. else {
  202. dprintf("\tTime written field is blank\n");
  203. }
  205. dprintf("\tEvent Id = %d\n", EventLogRecord->EventID);
  206. dprintf("\tEventType = ");
  207. switch (EventLogRecord->EventType) {
  208. case EVENTLOG_SUCCESS:
  209. dprintf("Success\n");
  210. break;
  211. case EVENTLOG_ERROR_TYPE:
  212. dprintf("Error\n");
  213. break;
  214. case EVENTLOG_WARNING_TYPE:
  215. dprintf("Warning\n");
  216. break;
  217. case EVENTLOG_INFORMATION_TYPE:
  218. dprintf("Information\n");
  219. break;
  220. case EVENTLOG_AUDIT_SUCCESS:
  221. dprintf("Audit Success\n");
  222. break;
  223. case EVENTLOG_AUDIT_FAILURE:
  224. dprintf("Audit Failure\n");
  225. break;
  226. default:
  227. dprintf("Invalid value 0x%X\n", EventLogRecord->EventType);
  228. }
  229. dprintf("\t%d strings at offset 0x%X\n", EventLogRecord->NumStrings,
  230. EventLogRecord->StringOffset);
  231. dprintf("\t%d bytes of data at offset 0x%X\n", EventLogRecord->DataLength,
  232. EventLogRecord->DataOffset);
  233. }
  235. if (FirstPiece) {
  236. Record = StartOfFile + sizeof(ELF_LOGFILE_HEADER) + BufferLen -FirstPiece;
  237. }
  238. else {
  239. Record += EventLogRecord->Length;
  240. }
  242. LocalFree(EventLogRecord);
  243. return(Record);
  244. }
  246. //
  247. // Dump a record, or all records, or n records
  248. //
  251. DECLARE_API(record)
  252. {
  253. MEMORY_ADDRESS Pointer = 0;
  254. LOGFILE LogFile;
  255. MEMORY_ADDRESS StartOfFile;
  256. MEMORY_ADDRESS EndOfFile = 0;
  257. DWORD RecordNumber = 0;
  259. INIT_API();
  261. //
  262. // Evaluate the argument string to get the address of
  263. // the record to dump.
  264. //
  266. while (isspace(*lpArgumentString)) lpArgumentString++;
  268. if (lpArgumentString && *lpArgumentString) {
  269. if (*lpArgumentString == '.') {
  270. if (GetLogFileAddress(lpArgumentString+1, &LogFile) == 0) {
  271. dprintf("Logfile %s not found\n", lpArgumentString+1);
  272. return;
  273. }
  274. Pointer = ((MEMORY_ADDRESS ) (LogFile.BaseAddress)) + LogFile.BeginRecord;
  275. }
  276. else if (*lpArgumentString == '#') {
  277. RecordNumber = atoi(lpArgumentString + 1);
  278. dprintf("Dumping records starting at record #%d\n", RecordNumber);
  279. lpArgumentString = NULL;
  280. }
  281. else if (*lpArgumentString) {
  282. Pointer = GetExpression(lpArgumentString);
  283. }
  284. else {
  285. dprintf("Invalid lead character 0x%02X\n", *lpArgumentString);
  286. return;
  287. }
  288. }
  290. //if (!lpArgumentString || *lpArgumentString) {
  291. if (0 == Pointer){
  292. if (GetLogFileAddress("system", &LogFile) == 0) {
  293. dprintf("System Logfile not found\n");
  294. return;
  295. }
  296. Pointer = ((MEMORY_ADDRESS ) (LogFile.BaseAddress)) + LogFile.BeginRecord;
  297. }
  299. StartOfFile = (MEMORY_ADDRESS ) LogFile.BaseAddress;
  300. EndOfFile = (MEMORY_ADDRESS ) LogFile.BaseAddress + LogFile.ActualMaxFileSize;
  302. dprintf("%p %p %p\n",Pointer,StartOfFile,EndOfFile );
  303. //
  304. // Dump records starting wherever they told us to
  305. //
  307. while (Pointer < EndOfFile && Pointer && !CheckControlC()) {
  308. Pointer = DumpRecord(Pointer, RecordNumber, StartOfFile, EndOfFile);
  309. }
  312. return;
  313. }
  315. //
  316. // Dump a single LogModule structure if it matches MatchName (NULL matches
  317. // all)
  318. //
  320. PLIST_ENTRY
  321. DumpLogModule(
  322. MEMORY_ADDRESS pLogModule,
  323. LPWSTR MatchName
  324. )
  325. {
  326. LOGMODULE LogModule;
  327. WCHAR ModuleName[MAX_NAME / sizeof(WCHAR)];
  329. GET_DATA(pLogModule, &LogModule, sizeof(LogModule));
  330. GET_DATA(LogModule.ModuleName, &ModuleName, MAX_NAME);
  332. if (!MatchName || !_wcsicmp(MatchName, ModuleName)) {
  333. dprintf("\tModule Name %S\n", ModuleName);
  334. dprintf("\tModule Atom 0x%2x\n", LogModule.ModuleAtom);
  335. dprintf("\tPointer to LogFile %p\n", LogModule.LogFile);
  336. }
  338. return (LogModule.ModuleList.Flink);
  339. }
  341. //
  342. // Dump selected, or all, LogModule structures
  343. //
  346. DECLARE_API(logmodule)
  347. {
  349. MEMORY_ADDRESS pLogModule = 0;
  350. MEMORY_ADDRESS LogModuleAnchor = 0;
  351. LPWSTR wArgumentString = NULL;
  352. ANSI_STRING AnsiString;
  353. UNICODE_STRING UnicodeString;
  355. INIT_API();
  357. UnicodeString.Buffer = NULL;
  359. //
  360. // Evaluate the argument string to get the address of
  361. // the logmodule to dump. If no parm, dump them all.
  362. //
  363. while (isspace(*lpArgumentString)) lpArgumentString++;
  365. if (lpArgumentString && *lpArgumentString == '.') {
  366. lpArgumentString++;
  367. RtlInitAnsiString(&AnsiString, lpArgumentString);
  368. RtlAnsiStringToUnicodeString(&UnicodeString, &AnsiString, TRUE);
  369. }
  370. else if (lpArgumentString && *lpArgumentString) {
  371. pLogModule = GetExpression(lpArgumentString);
  372. DumpLogModule( pLogModule, NULL);
  373. return;
  374. }
  376. LogModuleAnchor = GetExpression("eventlog!LogModuleHead");
  378. if (LogModuleAnchor)
  379. {
  380. GET_DATA(LogModuleAnchor, &pLogModule, sizeof(MEMORY_ADDRESS));
  382. while (pLogModule != LogModuleAnchor && !CheckControlC()) {
  383. pLogModule =
  384. (MEMORY_ADDRESS) DumpLogModule( pLogModule,
  385. UnicodeString.Buffer);
  386. if (!UnicodeString.Buffer) {
  387. dprintf("\n");
  388. }
  389. }
  390. }
  391. else
  392. {
  393. dprintf("Unable ro resolve %s\n","eventlog!LogModuleHead");
  394. }
  395. if (UnicodeString.Buffer) {
  396. RtlFreeUnicodeString(&UnicodeString);
  397. }
  399. return;
  400. }
  402. //
  403. // Dump a single LogFile structure if it matches MatchName (NULL matches
  404. // all)
  405. //
  407. PLIST_ENTRY
  408. DumpLogFile(
  409. HANDLE hCurrentProcess,
  410. MEMORY_ADDRESS pLogFile,
  411. LPWSTR MatchName
  412. )
  413. {
  414. LOGFILE LogFile;
  415. LPWSTR UnicodeName;
  417. //
  418. // Get the fixed part of the structure
  419. //
  421. GET_DATA(pLogFile, &LogFile, sizeof(LogFile))
  423. //
  424. // Get the Default module name
  425. //
  427. UnicodeName = GetUnicodeString(LogFile.LogModuleName);
  429. //
  430. // See if we're just looking for a particular one. If we are and
  431. // this isn't it, bail out.
  432. //
  434. if (MatchName && _wcsicmp(MatchName, UnicodeName)) {
  435. LocalFree(UnicodeName);
  436. return (LogFile.FileList.Flink);
  437. }
  439. //
  440. // Otherwise print it out
  441. //
  443. dprintf("%ws", UnicodeName);
  444. LocalFree(UnicodeName);
  446. //
  447. // Now the file name of this logfile
  448. //
  450. UnicodeName = GetUnicodeString(LogFile.LogFileName);
  451. dprintf(" : %ws\n", UnicodeName);
  452. LocalFree(UnicodeName);
  454. if (LogFile.Notifiees.Flink == LogFile.Notifiees.Blink) {
  455. dprintf("\tNo active ChangeNotifies on this log\n");
  456. }
  457. else {
  458. dprintf("\tActive Change Notify! Dump of this list not implemented\n");
  459. }
  461. dprintf("\tReference Count: %d\n\tFlags: ", LogFile.RefCount);
  462. if (LogFile.Flags == 0) {
  463. dprintf("No flags set ");
  464. }
  465. else {
  466. if (LogFile.Flags & ELF_LOGFILE_HEADER_DIRTY) {
  467. dprintf("Dirty ");
  468. }
  469. if (LogFile.Flags & ELF_LOGFILE_HEADER_WRAP) {
  470. dprintf("Wrapped ");
  471. }
  472. if (LogFile.Flags & ELF_LOGFILE_LOGFULL_WRITTEN) {
  473. dprintf("Logfull Written ");
  474. }
  475. }
  476. dprintf("\n");
  478. dprintf("\tMax Files Sizes [Cfg:Curr:Next] 0x%X : 0x%X : 0x%X\n",
  479. LogFile.ConfigMaxFileSize, LogFile.ActualMaxFileSize,
  480. LogFile.NextClearMaxFileSize);
  482. dprintf("\tRecord Numbers [Oldest:Curr] %d : %d\n",
  483. LogFile.OldestRecordNumber, LogFile.CurrentRecordNumber);
  485. dprintf("\tRetention period in days: %d\n", LogFile.Retention / 86400);
  487. dprintf("\tBase Address: 0x%X\n", LogFile.BaseAddress);
  489. dprintf("\tView size: 0x%X\n", LogFile.ViewSize);
  491. dprintf("\tOffset of beginning record: 0x%X\n", LogFile.BeginRecord);
  493. dprintf("\tOffset of ending record: 0x%X\n", LogFile.EndRecord);
  495. return (LogFile.FileList.Flink);
  496. }
  498. //
  499. // Dump selected, or all, LogFile structures
  500. //
  503. DECLARE_API(logfile)
  504. {
  506. MEMORY_ADDRESS pLogFile;
  507. MEMORY_ADDRESS LogFileAnchor;
  508. LPWSTR wArgumentString = NULL;
  509. ANSI_STRING AnsiString;
  510. UNICODE_STRING UnicodeString;
  511. BOOL AllocateString = FALSE;
  513. INIT_API();
  515. UnicodeString.Buffer = NULL;
  517. //
  518. // Evaluate the argument string to get the address of
  519. // the logfile to dump. If no parm, dump them all.
  520. //
  521. while (isspace(*lpArgumentString)) lpArgumentString++;
  523. if (lpArgumentString && *lpArgumentString) {
  524. if(*lpArgumentString == '.') {
  525. lpArgumentString++;
  526. RtlInitAnsiString(&AnsiString, lpArgumentString);
  527. RtlAnsiStringToUnicodeString(&UnicodeString, &AnsiString, TRUE);
  528. }
  529. else {
  530. pLogFile = GetExpression(lpArgumentString);
  531. DumpLogFile(hCurrentProcess, pLogFile, NULL);
  532. return;
  533. }
  534. }
  536. LogFileAnchor = GetExpression("eventlog!LogFilesHead");
  538. GET_DATA(LogFileAnchor, &pLogFile, sizeof(MEMORY_ADDRESS))
  540. while (pLogFile != LogFileAnchor) {
  541. pLogFile =
  542. (MEMORY_ADDRESS) DumpLogFile(hCurrentProcess, pLogFile,
  543. UnicodeString.Buffer);
  544. if (!UnicodeString.Buffer) {
  545. dprintf("\n");
  546. }
  547. }
  549. if (UnicodeString.Buffer) {
  550. RtlFreeUnicodeString(&UnicodeString);
  551. }
  553. return;
  554. }
  556. //
  557. // Dump a request packet structure
  558. //
  561. DECLARE_API(request)
  562. {
  563. ELF_REQUEST_RECORD Request;
  564. MEMORY_ADDRESS Pointer;
  565. DWORD RecordSize;
  566. WRITE_PKT WritePkt;
  567. READ_PKT ReadPkt;
  568. CLEAR_PKT ClearPkt;
  569. BACKUP_PKT BackupPkt;
  570. LPWSTR FileName;
  571. CHAR Address[32];
  573. INIT_API();
  575. //
  576. // Evaluate the argument string to get the address of
  577. // the request packet to dump.
  578. //
  579. while (isspace(*lpArgumentString)) lpArgumentString++;
  581. if (lpArgumentString && *lpArgumentString) {
  582. Pointer = GetExpression(lpArgumentString);
  583. }
  584. else {
  585. dprintf("Must supply a request packet address\n");
  586. return;
  587. }
  589. GET_DATA(Pointer, &Request, sizeof(ELF_REQUEST_RECORD))
  591. switch (Request.Command ) {
  592. case ELF_COMMAND_READ:
  593. dprintf("\nRead packet\n");
  594. GET_DATA(Request.Pkt.ReadPkt, &ReadPkt, sizeof(READ_PKT))
  595. dprintf("\tLast Seek Position = %d\n", ReadPkt.LastSeekPos);
  596. dprintf("\tLast Seek Record = %d\n", ReadPkt.LastSeekRecord);
  597. dprintf("\tStart at record number %d\n", ReadPkt.RecordNumber);
  598. dprintf("\tRead %d bytes into buffer at 0x%X\n",
  599. ReadPkt.BufferSize, ReadPkt.Buffer);
  600. if (ReadPkt.Flags & ELF_IREAD_UNICODE) {
  601. dprintf("\tReturn in ANSI\n");
  602. }
  603. else {
  604. dprintf("\tReturn in UNICODE\n");
  605. }
  606. dprintf("\tRead flags: ");
  607. if (ReadPkt.ReadFlags & EVENTLOG_SEQUENTIAL_READ) {
  608. dprintf("Sequential ");
  609. }
  610. if (ReadPkt.ReadFlags & EVENTLOG_SEEK_READ) {
  611. dprintf("Seek ");
  612. }
  613. if (ReadPkt.ReadFlags & EVENTLOG_FORWARDS_READ) {
  614. dprintf("Forward ");
  615. }
  616. if (ReadPkt.ReadFlags & EVENTLOG_BACKWARDS_READ) {
  617. dprintf("Backwards ");
  618. }
  619. dprintf("\n");
  620. break;
  622. case ELF_COMMAND_WRITE:
  623. dprintf("\nWrite packet\n");
  624. if (Request.Flags == ELF_FORCE_OVERWRITE) {
  625. dprintf("with ELF_FORCE_OVERWRITE enabled\n");
  626. }
  627. else {
  628. dprintf("\n");
  629. }
  630. GET_DATA(Request.Pkt.WritePkt, &WritePkt, sizeof(WRITE_PKT))
  631. RecordSize = (WritePkt.Datasize);
  632. DumpRecord((MEMORY_ADDRESS)WritePkt.Buffer, 0, 0, 0);
  633. break;
  635. case ELF_COMMAND_CLEAR:
  636. dprintf("\nClear packet\n");
  637. GET_DATA(Request.Pkt.ClearPkt, &ClearPkt, sizeof(CLEAR_PKT))
  638. FileName = GetUnicodeString(ClearPkt.BackupFileName);
  639. dprintf("Backup filename = %ws\n", FileName);
  640. LocalFree(FileName);
  641. break;
  643. case ELF_COMMAND_BACKUP:
  644. dprintf("\nBackup packet\n");
  645. GET_DATA(Request.Pkt.BackupPkt, &BackupPkt, sizeof(BACKUP_PKT))
  646. FileName = GetUnicodeString(BackupPkt.BackupFileName);
  647. dprintf("Backup filename = %ws\n", FileName);
  648. LocalFree(FileName);
  649. break;
  651. case ELF_COMMAND_WRITE_QUEUED:
  652. dprintf("\nQueued Write packet\n");
  653. if (Request.Flags == ELF_FORCE_OVERWRITE) {
  654. dprintf("with ELF_FORCE_OVERWRITE enabled\n");
  655. }
  656. else {
  657. dprintf("\n");
  658. }
  659. dprintf("NtStatus = 0x%X\n", Request.Status);
  660. break;
  662. default:
  663. dprintf("\nInvalid packet\n");
  664. }
  666. dprintf("\nLogFile for this packet:\n\n");
  667. sprintf(Address,"%p",Request.LogFile);
  668. logfile(hCurrentProcess,
  669. hCurrentThread, dwCurrentPc, dwProcessor,
  670. Address);
  672. dprintf("\nLogModule for this packet:\n\n");
  673. sprintf(Address,"%p",Request.Module);
  674. logmodule(hCurrentProcess, hCurrentThread, dwCurrentPc, dwProcessor,
  675. Address);
  677. return;
  678. }
  680. //
  681. // Online help
  682. //
  685. DECLARE_API(help)
  686. {
  687. INIT_API();
  689. dprintf("\nEventlog debugger Extensions\n");
  691. if (!lpArgumentString || *lpArgumentString == '\0' ||
  692. *lpArgumentString == '\n' || *lpArgumentString == '\r') {
  693. dprintf("\tlogmodule - dump a logmodule structure\n");
  694. dprintf("\tlogfile - dump a logfile structure\n");
  695. dprintf("\trequest - dump a request record\n");
  696. dprintf("\trecord - dump a eventlog record\n");
  697. dprintf("\n\tEnter help <cmd> for detailed help on a command\n");
  698. }
  699. else {
  700. if (!_stricmp(lpArgumentString, "logmodule")) {
  701. dprintf("\tlogmodule <arg>, where <arg> can be one of:\n");
  702. dprintf("\t\tno argument - dump all logmodule structures\n");
  703. dprintf("\t\taddress - dump the logmodule at specified address\n");
  704. dprintf("\t\t.string - dump the logmodule with name string\n");
  705. }
  706. else if (!_stricmp(lpArgumentString, "logfile")) {
  707. dprintf("\tlogfile <arg>, where <arg> can be one of:\n");
  708. dprintf("\t\tno argument - dump all logfile structures\n");
  709. dprintf("\t\taddress - dump the logfile at specified address\n");
  710. dprintf("\t\t.string - dump the logfile with name string\n");
  711. }
  712. else if (!_stricmp(lpArgumentString, "record")) {
  713. dprintf("\trecord <arg>, where <arg> can be one of:\n");
  714. dprintf("\t\tno argument - dump all records in system log\n");
  715. dprintf("\t\taddress - dump records starting at specified address\n");
  716. dprintf("\t\t.string - dump all records in the <string> log\n");
  717. dprintf("\t\t#<nnn> - dumps records starting at nnn in system log\n");
  718. dprintf("\t\t#<nnn> .string - dumps records starting at nnn in <string> log\n");
  719. }
  720. else if (!_stricmp(lpArgumentString, "request")) {
  721. dprintf("\trequest - dump the request record at specified address\n");
  722. }
  723. else {
  724. dprintf("\tInvalid command [%s]\n", lpArgumentString);
  725. }
  726. }
  727. }