#include "stdafx.h" #include "CertObj.h" #include "common.h" #include "certobjlog.h" #include HANDLE g_hEventLog = NULL; // #define EVENTLOG_SUCCESS 0x0000 // #define EVENTLOG_ERROR_TYPE 0x0001 // #define EVENTLOG_WARNING_TYPE 0x0002 // #define EVENTLOG_INFORMATION_TYPE 0x0004 // #define EVENTLOG_AUDIT_SUCCESS 0x0008 // #define EVENTLOG_AUDIT_FAILURE 0x0010 void EventlogReportEvent ( WORD wType, DWORD dwEventID, LPCTSTR pFormat, ... ) { TCHAR chMsg[256]; HANDLE hEventSource; LPTSTR lpszStrings[1]; va_list pArg; va_start(pArg, pFormat); //_vstprintf(chMsg, pFormat, pArg); StringCbVPrintf(chMsg,sizeof(chMsg),pFormat, pArg); va_end(pArg); lpszStrings[0] = chMsg; if (g_hEventLog != NULL) { ReportEvent(g_hEventLog, wType, 0, dwEventID, NULL, 1, 0, (LPCTSTR*) &lpszStrings[0], NULL); } } BOOL EventlogRegistryInstall(void) { HKEY hKey; int err; DWORD disp; // // Create registry entries, whether event logging is currently // enabled or not. // err = RegCreateKeyEx( HKEY_LOCAL_MACHINE, TEXT("System\\CurrentControlSet\\Services\\EventLog\\System\\CertObj"), 0, TEXT(""), REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, &hKey, &disp); if (err) { return(FALSE); } if (disp == REG_CREATED_NEW_KEY) { RegSetValueEx( hKey, TEXT("EventMessageFile"), 0, REG_EXPAND_SZ, (PBYTE) TEXT("%SystemRoot%\\system32\\inetsrv\\certobj.dll"), sizeof(TEXT("%SystemRoot%\\system32\\inetsrv\\certobj.dll"))); // disp = 7; disp = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE ; RegSetValueEx( hKey, TEXT("TypesSupported"), 0, REG_DWORD, (PBYTE) &disp, sizeof(DWORD) ); RegFlushKey(hKey); } RegCloseKey(hKey); return(TRUE); } void EventlogRegistryUnInstall(void) { HKEY hKey; DWORD dwStatus; TCHAR szBuf[MAX_PATH*2+1]; // remove event source out of application and system StringCbPrintf(szBuf,sizeof(szBuf),_TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application")); if((dwStatus=RegOpenKeyEx(HKEY_LOCAL_MACHINE, szBuf, 0, KEY_ALL_ACCESS, &hKey)) != ERROR_SUCCESS) { return; } RegDeleteKey(hKey, _T("CertObj")); RegCloseKey(hKey); StringCbPrintf(szBuf,sizeof(szBuf),_TEXT("SYSTEM\\CurrentControlSet\\Services\\EventLog\\System")); if((dwStatus=RegOpenKeyEx(HKEY_LOCAL_MACHINE, szBuf, 0, KEY_ALL_ACCESS, &hKey)) != ERROR_SUCCESS) { return; } RegDeleteKey(hKey, _T("CertObj")); RegCloseKey(hKey); return; } void EventLogInit(void) { g_hEventLog = RegisterEventSource( NULL, L"CertObj" ); return; } void EventLogCleanup(void) { if ( g_hEventLog != NULL ) { DeregisterEventSource( g_hEventLog ); g_hEventLog = NULL; } return; } void ReportIt(DWORD dwEventID, LPCTSTR szMetabasePath) { if (!g_hEventLog){EventLogInit();} switch (dwEventID) { case CERTOBJ_CERT_EXPORT_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_EXPORT_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_IMPORT_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_IMPORT_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_IMPORT_CERT_STORE_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_IMPORT_CERT_STORE_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_REMOVE_SUCCEED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; case CERTOBJ_CERT_REMOVE_FAILED: EventlogReportEvent(EVENTLOG_INFORMATION_TYPE, dwEventID, szMetabasePath); break; default: break; } if (g_hEventLog) {EventLogCleanup();} return; }