archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/subsys/sm/sfc/dll/eventlog.c

379 lines
10 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1998 Microsoft Corporation
  5. Module Name:
  7. eventlog.c
  9. Abstract:
  11. Implementation of event logging.
  13. Author:
  15. Wesley Witt (wesw) 18-Dec-1998
  17. Revision History:
  19. Andrew Ritz (andrewr) 7-Jul-1999
  21. --*/
  23. #include "sfcp.h"
  24. #pragma hdrstop
  27. typedef BOOL (WINAPI *PPSETUPLOGSFCERROR)(PCWSTR,DWORD);
  29. //
  30. // global handle to eventlog
  31. //
  32. HANDLE hEventSrc;
  34. //
  35. // pointer to gui-setup eventlog function
  36. //
  37. PPSETUPLOGSFCERROR pSetuplogSfcError;
  39. BOOL
  40. pSfcGetSetuplogSfcError(
  41. VOID
  42. )
  43. /*++
  45. Routine Description:
  47. Routine retreives a function pointer to the error logging entrypoint in
  48. syssetup.dll
  50. Arguments:
  52. None.
  54. Return Value:
  56. TRUE for success, FALSE for failure.
  58. --*/
  59. {
  60. HMODULE hMod;
  62. if (NULL == pSetuplogSfcError) {
  63. hMod = GetModuleHandle( L"syssetup.dll" );
  65. if (hMod) {
  66. pSetuplogSfcError = (PPSETUPLOGSFCERROR)SfcGetProcAddress( hMod, "pSetuplogSfcError" );
  67. } else {
  68. DebugPrint1(LVL_MINIMAL, L"GetModuleHandle on syssetup.dll failed, ec=0x%08x",GetLastError());
  69. }
  70. }
  72. return pSetuplogSfcError != NULL;
  73. }
  75. BOOL
  76. SfcReportEvent(
  77. IN ULONG EventId,
  78. IN PCWSTR FileName,
  79. IN PCOMPLETE_VALIDATION_DATA ImageValData,
  80. IN DWORD LastError OPTIONAL
  81. )
  82. /*++
  84. Routine Description:
  86. Routine logs an event into the eventlog. Also contains a hack for logging
  87. data into the GUI-setup error log as well. we typically log unsigned files
  88. or the user tht cancelled the replacement of the signed files.
  90. Arguments:
  92. EventId - id of the eventlog error
  93. FileName - null terminated unicode string indicating the file that was
  94. unsigned, etc.
  95. ImageValData - pointer to file data for unsigned file
  96. LastError - contains an optional last error code for logging
  98. Return Value:
  100. TRUE for success, FALSE for failure.
  102. --*/
  103. {
  104. PFILE_VERSION_INFO FileVer;
  105. WCHAR SysVer[64];
  106. WCHAR BadVer[64];
  107. PCWSTR s[3];
  108. WORD Count = 0;
  109. WCHAR LastErrorText[MAX_PATH];
  110. PVOID ErrText = NULL;
  111. WORD wEventType;
  113. //
  114. // if we're in gui-mode setup, we take a special path to log into
  115. // gui-setup's logfile instead of the eventlog
  116. //
  117. if (SFCDisable == SFC_DISABLE_SETUP) {
  118. if(!pSfcGetSetuplogSfcError()) {
  119. return FALSE;
  120. }
  122. switch (EventId){
  124. case MSG_DLL_CHANGE: //fall through
  125. case MSG_SCAN_FOUND_BAD_FILE:
  126. pSetuplogSfcError( FileName,0 );
  127. break;
  129. case MSG_COPY_CANCEL_NOUI:
  130. case MSG_RESTORE_FAILURE:
  131. pSetuplogSfcError( FileName, 1 );
  132. break;
  134. case MSG_CACHE_COPY_ERROR:
  135. pSetuplogSfcError( FileName, 2 );
  136. break;
  138. default:
  139. DebugPrint1(
  140. LVL_MINIMAL,
  141. L"unexpected EventId 0x%08x in GUI Setup, ",
  142. EventId);
  144. return FALSE;
  145. //ASSERT( FALSE && L"Unexpected EventId in SfcReportEvent");
  146. }
  148. return(TRUE);
  149. }
  151. //
  152. // we're outside of GUI-setup so we really want to log to the eventlog
  153. //
  155. if (EventId == 0) {
  156. ASSERT( FALSE && L"Unexpected EventId in SfcReportEvent");
  157. return(FALSE);
  158. }
  160. //
  161. // if we don't have a handle to the eventlog, create one.
  162. //
  163. if (hEventSrc == NULL) {
  164. hEventSrc = RegisterEventSource( NULL, L"Windows File Protection" );
  165. if (hEventSrc == NULL) {
  166. DebugPrint1(LVL_MINIMAL, L"RegisterEventSource failed, ec=0x%08x",GetLastError());
  167. return(FALSE);
  168. }
  169. }
  171. ASSERT(hEventSrc != NULL);
  174. FormatMessage(
  175. FORMAT_MESSAGE_ALLOCATE_BUFFER |
  176. FORMAT_MESSAGE_FROM_SYSTEM |
  177. FORMAT_MESSAGE_IGNORE_INSERTS,
  178. NULL,
  179. LastError,
  180. 0,
  181. (PWSTR) &ErrText,
  182. 0,
  183. NULL
  184. );
  186. if (ErrText) {
  187. wsprintf(LastErrorText,L"0x%08x [%ws]",LastError,ErrText);
  188. LocalFree( ErrText );
  189. } else {
  190. wsprintf(LastErrorText,L"0x%08x",LastError);
  191. }
  194. //
  195. // pick out the appropriate message to log
  196. // the default event type is "information"
  197. //
  198. wEventType = EVENTLOG_INFORMATION_TYPE;
  200. switch (EventId) {
  201. case MSG_DLL_CHANGE:
  202. ASSERT(FileName != NULL);
  203. s[0] = FileName;
  205. //
  206. // we prefer a message that is most informative message with
  207. // version information for both dlls to the least informative
  208. // message with no version information
  209. //
  210. //
  211. if (ImageValData->New.DllVersion && ImageValData->Original.DllVersion) {
  212. FileVer = (PFILE_VERSION_INFO)&ImageValData->New.DllVersion;
  213. swprintf( SysVer, L"%d.%d.%d.%d", FileVer->VersionHigh, FileVer->VersionLow, FileVer->BuildNumber, FileVer->Revision );
  214. FileVer = (PFILE_VERSION_INFO)&ImageValData->Original.DllVersion;
  215. swprintf( BadVer, L"%d.%d.%d.%d", FileVer->VersionHigh, FileVer->VersionLow, FileVer->BuildNumber, FileVer->Revision );
  216. s[1] = BadVer;
  217. s[2] = SysVer;
  218. Count = 3;
  219. EventId = MSG_DLL_CHANGE2;
  220. } else if (ImageValData->New.DllVersion) {
  221. FileVer = (PFILE_VERSION_INFO)&ImageValData->New.DllVersion;
  222. swprintf( SysVer, L"%d.%d.%d.%d", FileVer->VersionHigh, FileVer->VersionLow, FileVer->BuildNumber, FileVer->Revision );
  223. s[1] = SysVer;
  224. Count = 2;
  225. EventId = MSG_DLL_CHANGE3;
  226. } else if (ImageValData->Original.DllVersion) {
  227. FileVer = (PFILE_VERSION_INFO)&ImageValData->Original.DllVersion;
  228. swprintf( BadVer, L"%d.%d.%d.%d", FileVer->VersionHigh, FileVer->VersionLow, FileVer->BuildNumber, FileVer->Revision );
  229. s[1] = BadVer;
  230. Count = 2;
  231. EventId = MSG_DLL_CHANGE;
  232. } else {
  233. //
  234. // we have to protect some things without version information,
  235. // so we just log an error that doesn't mention version
  236. // information. If we stop protecting files like this, this
  237. // should be an assert in prerelease versions of the code
  238. //
  239. Count = 1;
  240. EventId = MSG_DLL_CHANGE_NOVERSION;
  241. DebugPrint1( LVL_MINIMAL, L"TskTsk...the protected OS file %ws does not have any version information", FileName);
  242. }
  243. break;
  245. case MSG_SCAN_FOUND_BAD_FILE:
  246. ASSERT(FileName != NULL);
  247. s[0] = FileName;
  249. //
  250. // if we found a bad file, we only want the version of the restored file
  251. //
  252. if (ImageValData->New.DllVersion) {
  253. FileVer = (PFILE_VERSION_INFO)&ImageValData->New.DllVersion;
  254. swprintf( SysVer, L"%d.%d.%d.%d", FileVer->VersionHigh, FileVer->VersionLow, FileVer->BuildNumber, FileVer->Revision );
  255. s[1] = SysVer;
  256. Count = 2;
  257. } else {
  258. DebugPrint1( LVL_MINIMAL, L"TskTsk...the protected OS file %ws does not have any version information", FileName);
  259. EventId = MSG_SCAN_FOUND_BAD_FILE_NOVERSION;
  260. Count = 1;
  261. break;
  262. }
  263. break;
  265. case MSG_RESTORE_FAILURE:
  266. Count = 3;
  267. s[0] = FileName;
  268. s[1] = BadVer;
  269. s[2] = (PCWSTR)LastErrorText;
  271. if (ImageValData->Original.DllVersion) {
  272. FileVer = (PFILE_VERSION_INFO)&ImageValData->Original.DllVersion;
  273. swprintf( BadVer,
  274. L"%d.%d.%d.%d",
  275. FileVer->VersionHigh,
  276. FileVer->VersionLow,
  277. FileVer->BuildNumber,
  278. FileVer->Revision );
  279. } else {
  280. LoadString( SfcInstanceHandle,IDS_UNKNOWN,BadVer,UnicodeChars(BadVer));
  281. }
  284. break;
  286. case MSG_CACHE_COPY_ERROR:
  287. Count = 2;
  288. s[0] = FileName;
  289. s[1] = (PCWSTR)LastErrorText;
  290. break;
  292. case MSG_COPY_CANCEL_NOUI:
  293. //fall through
  294. case MSG_COPY_CANCEL:
  295. Count = 3;
  296. s[0] = FileName;
  297. s[1] = LoggedOnUserName;
  298. s[2] = BadVer;
  300. if (ImageValData->Original.DllVersion) {
  301. FileVer = (PFILE_VERSION_INFO)&ImageValData->Original.DllVersion;
  302. swprintf( BadVer,
  303. L"%d.%d.%d.%d",
  304. FileVer->VersionHigh,
  305. FileVer->VersionLow,
  306. FileVer->BuildNumber,
  307. FileVer->Revision );
  308. } else {
  309. LoadString( SfcInstanceHandle,IDS_UNKNOWN,BadVer,UnicodeChars(BadVer));
  310. }
  313. break;
  315. case MSG_DLL_NOVALIDATION_TERMINATION:
  316. wEventType = EVENTLOG_WARNING_TYPE;
  317. s[0] = FileName;
  318. Count = 1;
  319. break;
  321. case MSG_RESTORE_FAILURE_MAX_RETRIES:
  322. s[0] = FileName;
  323. Count = 1;
  324. break;
  326. case MSG_SCAN_STARTED:
  327. Count = 0;
  328. break;
  330. case MSG_SCAN_COMPLETED:
  331. Count = 0;
  332. break;
  334. case MSG_SCAN_CANCELLED:
  335. s[0] = LoggedOnUserName;
  336. Count = 1;
  337. break;
  339. case MSG_DISABLE:
  340. Count = 0;
  341. break;
  343. case MSG_DLLCACHE_INVALID:
  344. Count = 0;
  345. break;
  347. case MSG_SXS_INITIALIZATION_FAILED:
  348. Count = 1;
  349. s[0] = LastErrorText;
  350. break;
  353. case MSG_INITIALIZATION_FAILED:
  354. Count = 1;
  355. s[0] = LastErrorText;
  356. break;
  358. case MSG_CATALOG_RESTORE_FAILURE:
  359. Count = 2;
  360. s[0] = FileName;
  361. s[1] = LastErrorText;
  362. break;
  363. default:
  364. ASSERT( FALSE && L"Unknown EventId in SfcReportEvent");
  365. return FALSE;
  366. }
  368. return ReportEvent(
  369. hEventSrc,
  370. wEventType,
  371. 0,
  372. EventId,
  373. NULL,
  374. Count,
  375. 0,
  376. s,
  377. NULL
  378. );
  379. }