archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/wmi/wbem/providers/nteventprovider/include/ntevtlogf.h

125 lines
3.2 KiB
Raw Permalink Blame History

//***************************************************************************
//
// NTEVTLOGF.H
//
// Module: WBEM NT EVENT PROVIDER
//
// Copyright (c) 1996-2001 Microsoft Corporation, All Rights Reserved
//
//***************************************************************************
#ifndef _NT_EVT_PROV_EVTLOGF_H
#define _NT_EVT_PROV_EVTLOGF_H
class CEventlogFileAttributes
{
protected:
CStringW m_logname;
CStringW m_logpath;
DWORD m_retention;
DWORD m_fileSz;
CArray<CStringW*, CStringW*> m_sources;
DWORD ReadRegistry();
void SetRetentionStr(IWbemClassObject *pClassObj, IWbemClassObject *pInstObj, DWORD dwVal);
BOOL SetSuperClassProperties(IWbemClassObject *pInst);
static ULONG GetIndex(wchar_t *indexStr, BOOL *bError);
public:
CEventlogFileAttributes(const wchar_t *log);
DWORD UpdateRegistry(IWbemClassObject *pInst);
DWORD EventLogOperation(const wchar_t *archive, BOOL bClear,
WbemProvErrorObject &a_ErrorObject, BOOL &bSuccess);
BOOL GenerateInstance(IWbemClassObject *pClassObj, IWbemClassObject* pAClassObj, IWbemClassObject **ppInst);
~CEventlogFileAttributes();
};
class CEventLogFile
{
private:
static CStringW ExpandFileName ( const wchar_t *filepath ) ;
static BOOL QueryRegForFileName(HKEY hk_Log, const wchar_t *valname, wchar_t **res, DWORD *dwType);
protected:
HANDLE m_hEvtLog;
CStringW m_EvtLogName;
BOOL m_bValid;
BOOL m_bBuffer;
DWORD m_BuffLen;
DWORD m_Reason;
BYTE *m_Buffer;
CCriticalSection m_LogLock;
public:
CEventLogFile(const WCHAR *logname, BOOL bVerify);
void ReadLastRecord();
BOOL GetLastRecordID(DWORD &rec, DWORD &numrecs);
DWORD ReadRecord(DWORD recID, DWORD *dwBytesRead = NULL, BOOL b_Back = FALSE);
BOOL IsValid() {return m_bValid;}
BOOL IsValidBuffer() {return m_bBuffer;}
DWORD ReadFirstRecord();
CStringW GetLogName() { return m_EvtLogName; }
DWORD FindOldEvent(DWORD evtID, const wchar_t *source, DWORD *recID,time_t offset = 0);
BYTE* GetBuffer() { return m_Buffer; }
DWORD GetBufferLen() { return m_BuffLen; }
DWORD GetReason() { return m_Reason; }
virtual void RefreshHandle();
static CStringW GetLogName(const wchar_t *file_name);
static CStringW GetFileName(HKEY hk_Log, const wchar_t *valname = EVTLOG_REG_FILE_VALUE);
static DWORD GetFileNames(HKEY hk_Log, CStringW **names, const wchar_t *valname = MSG_MODULE);
static BOOL ms_bSetPrivilege;
static BOOL SetSecurityLogPrivilege(BOOL bProcess = FALSE, LPCWSTR privName = SE_SECURITY_NAME);
static HANDLE OpenLocalEventLog(LPCWSTR a_log, DWORD *a_Reason);
virtual ~CEventLogFile();
};
class CMonitoredEventLogFile : public CEventLogFile, public ProvTaskObject
{
private:
CEventProviderManager *m_parent;
IWbemClassObject *m_Class;
DWORD m_RecID;
VARIANT m_VpsdSelfRel;
BOOL SetEventDescriptor();
public:
CMonitoredEventLogFile(CEventProviderManager *parent, const wchar_t *logname);
void SetProcessRecord(DWORD recID) { m_RecID = recID; }
void Process();
void RefreshHandle();
BOOL GenerateInstance(IWbemClassObject **ppEvtInst, IWbemClassObject *pEmbedObj);
~CMonitoredEventLogFile();
};
#endif //_NT_EVT_PROV_EVTLOGF_H