|
|
// logman.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "strings.h"
#include "unihelpr.h"
#include "utils.h"
#include "proputil.h"
#include "propbag.h"
#include "logman.h"
#include "resource.h"
#include "varg.c"
//
// Forward routines:
//
ARG_RECORD Commands[] = {
IDS_HELP_DEBUG, IDS_ARG1_DEBUG, NULL, IDS_ARG2_DEBUG, NULL, IDS_PARAM_DEFAULT, NULL, ARG_TYPE_DEBUG, ARG_FLAG_OPTIONAL|ARG_FLAG_HIDDEN, (CMD_TYPE)0, 0, NULL,
IDS_HELP_HELP, IDS_ARG1_HELP, NULL, IDS_ARG2_HELP, NULL, 0, NULL, ARG_TYPE_HELP, ARG_FLAG_OPTIONAL, (CMD_TYPE)FALSE, 0, NULL,
IDS_HELP_COMPUTER, IDS_ARG1_COMPUTER, NULL, IDS_ARG2_COMPUTER, NULL, IDS_ARG1_COMPUTER, NULL, ARG_TYPE_STR, ARG_FLAG_OPTIONAL, (CMD_TYPE)NULL, 0, NULL,
IDS_HELP_NAME, IDS_ARG1_NAME, NULL, IDS_ARG2_NAME, NULL, IDS_ARG1_NAME, NULL, ARG_TYPE_STR, ARG_FLAG_CONDITIONAL|ARG_FLAG_NOFLAG, (CMD_TYPE)NULL, 0, NULL,
IDS_HELP_START, IDS_ARG1_START, NULL, IDS_ARG2_START, NULL, 0, NULL, ARG_TYPE_BOOL, ARG_FLAG_OPTIONAL, (CMD_TYPE)NULL, 0, NULL,
IDS_HELP_STOP, IDS_ARG1_STOP, NULL, IDS_ARG2_STOP, NULL, 0,NULL, ARG_TYPE_BOOL, ARG_FLAG_OPTIONAL, (CMD_TYPE)NULL, 0, NULL,
IDS_HELP_SETTINGS, IDS_ARG1_SETTINGS, NULL, IDS_ARG2_SETTINGS, NULL, IDS_PARAM_FILENAME, NULL, ARG_TYPE_STR, ARG_FLAG_CONDITIONAL, (CMD_TYPE)NULL, 0, NULL,
IDS_HELP_OVER, IDS_ARG1_OVER, NULL, IDS_ARG2_OVER, NULL, 0, NULL, ARG_TYPE_BOOL, ARG_FLAG_OPTIONAL, (CMD_TYPE)NULL, 0, NULL,
ARG_TERMINATOR};
enum _Commands { eDebug, eHelp, eComputer, eName, eStart, eStop, eSettings, eOverwrite};
DWORD _stdcallValidateComputerName ( LPCTSTR szComputerName );
DWORD _stdcallLoadSettingsFile ( LPCTSTR szFileName, LPTSTR& szFileBuffer );
DWORD _stdcallDeleteQuery ( HKEY hkeyLogQueries, LPCWSTR szQueryName );
DWORD _stdcallInitializeNewQuery ( HKEY hkeyLogQueries, HKEY& rhKeyQuery, LPCWSTR szQueryName );
DWORD _stdcall CreateDefaultLogQueries ( HKEY hkeyLogQueries );
DWORD _stdcall Install ( HKEY hkeyMachine, HKEY& rhkeyLogQueries );
DWORD _stdcallConnectToRegistry ( LPCTSTR szComputerName, HKEY& rhkeyLogQueries );
DWORD _stdcall WriteRegistryLastModified ( HKEY hkeyQuery );
DWORD _stdcallWriteToRegistry ( HKEY hkeyLogQueries, CPropertyBag* pPropBag, LPWSTR szQueryName, DWORD& rdwLogType );
DWORD _stdcallValidateProperties ( HKEY hkeyLogQueries, CPropertyBag* pPropBag, DWORD* pdwLogType, LPWSTR szQueryName, DWORD* pdwNameBufLen );
DWORD _stdcallProcessSettingsObject ( HKEY hkeyLogQueries, CPropertyBag* pPropBag );
DWORD _stdcallProcessSettingsFile ( LPCTSTR szComputerName, LPCTSTR szFileName );
DWORD _stdcallStartQuery ( LPCTSTR szComputerName, LPCTSTR szQueryName );
DWORD _stdcallStopQuery ( LPCTSTR szComputerName, LPCTSTR szQueryName );
DWORD _stdcallConnectToQuery ( LPCTSTR szComputerName, LPCTSTR szQueryName, HKEY* phkeyQuery );
DWORD _stdcallGetState ( LPCTSTR szComputerName, DWORD& rdwState );
DWORD _stdcallSynchronize ( LPCTSTR szComputerName );
//
// Routines
//
DWORD _stdcallValidateComputerName ( LPCTSTR szComputerName ){ DWORD dwStatus = ERROR_SUCCESS;
if ( NULL != szComputerName ) { if ( ! ( MAX_COMPUTERNAME_LENGTH < lstrlen ( szComputerName ) ) ) { } else { dwStatus = ERROR_INVALID_COMPUTERNAME; } } return dwStatus;}
DWORD _stdcallLoadSettingsFile ( LPCTSTR szFileName, LPTSTR& szFileBuffer ){ DWORD dwStatus = ERROR_SUCCESS; DWORD dwLogManStatus = ERROR_SUCCESS; HANDLE hOpenFile = NULL; TCHAR szLocalName [MAX_PATH]; // Todo: Allocate
LPTSTR pFileNameStart = NULL; HANDLE hFindFile = NULL; LPTSTR szData = NULL; WIN32_FIND_DATA FindFileInfo; INT iNameOffset;
USES_CONVERSION;
lstrcpy ( szLocalName, szFileName ); // Todo: Handle error
szFileBuffer = NULL;
pFileNameStart = ExtractFileName (szLocalName) ; iNameOffset = (INT)(pFileNameStart - szLocalName);
// convert short filename to long NTFS filename if necessary
hFindFile = FindFirstFile ( szLocalName, &FindFileInfo) ; if (hFindFile && hFindFile != INVALID_HANDLE_VALUE) {
// append the file name back to the path name
lstrcpy (&szLocalName[iNameOffset], FindFileInfo.cFileName) ; FindClose (hFindFile) ; // Open the file
hOpenFile = CreateFile ( szLocalName, GENERIC_READ, 0, // Not shared
NULL, // Security attributes
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL );
if ( hOpenFile && hOpenFile != INVALID_HANDLE_VALUE ) { DWORD dwFileSize; DWORD dwFileSizeHigh; // Read the file contents into a memory buffer.
dwFileSize = GetFileSize ( hOpenFile, &dwFileSizeHigh );
assert ( 0 == dwFileSizeHigh ); // Todo: Handle non-zero file size high
szData = new TCHAR[(dwFileSize + sizeof(TCHAR))/sizeof(TCHAR)];
if ( NULL != szData ) { if ( FileRead ( hOpenFile, szData, dwFileSize ) ) { szFileBuffer = szData; } else { dwLogManStatus = LOGMAN_SETTINGS_FILE_NOT_LOADED; dwStatus = GetLastError(); } } else { dwLogManStatus = LOGMAN_SETTINGS_FILE_NOT_LOADED; dwStatus = ERROR_OUTOFMEMORY; } CloseHandle ( hOpenFile ); } else { dwLogManStatus = LOGMAN_SETTINGS_FILE_NOT_OPEN; dwStatus = GetLastError(); } } else { dwLogManStatus = LOGMAN_SETTINGS_FILE_NOT_OPEN; dwStatus = GetLastError(); }
if ( ERROR_SUCCESS != dwLogManStatus ) { DisplayErrorMessage ( dwLogManStatus, T2W(szFileName) ); }
if ( ERROR_SUCCESS != dwStatus ) { DisplayErrorMessage ( dwStatus ); }
dwStatus = dwLogManStatus;
return dwStatus;}
DWORD _stdcallDeleteQuery ( HKEY hkeyLogQueries, LPCWSTR szQueryName ){ DWORD dwStatus = ERROR_SUCCESS;
// Delete in the registry
dwStatus = RegDeleteKeyW ( hkeyLogQueries, szQueryName );
return dwStatus;}
DWORD _stdcallInitializeNewQuery ( HKEY hkeyLogQueries, HKEY& rhKeyQuery, LPCWSTR szQueryName ){ DWORD dwStatus = ERROR_SUCCESS; DWORD dwDisposition = 0;
// Create the query specified, checking for duplicate query.
dwStatus = RegCreateKeyExW ( hkeyLogQueries, szQueryName, 0, NULL, 0, KEY_ALL_ACCESS, NULL, &rhKeyQuery, &dwDisposition);
if ( ERROR_SUCCESS == dwStatus ) { if ( REG_OPENED_EXISTING_KEY == dwDisposition && !Commands[eOverwrite].bValue ) { dwStatus = LOGMAN_DUP_QUERY_NAME; } else { DWORD dwRegValue; // Initialize the current state value. After it is
// initialized, it is only modified when:
// 1) Set to Stopped or Started by the service
// 2) Set to Start Pending by the config snapin.
dwRegValue = SLQ_QUERY_STOPPED; dwStatus = WriteRegistryDwordValue ( rhKeyQuery, cwszRegCurrentState, &dwRegValue );
if ( ERROR_SUCCESS == dwStatus ) { // Initialize the log type to "new" to indicate partially created logs
dwRegValue = SLQ_NEW_LOG; dwStatus = WriteRegistryDwordValue ( rhKeyQuery, cwszRegLogType, &dwRegValue ); } } }
return dwStatus;}
DWORD _stdcall CreateDefaultLogQueries ( HKEY hkeyLogQueries ){ DWORD dwStatus = ERROR_SUCCESS; HRESULT hr = NOERROR; LPWSTR szPropValue; HKEY hkeyQuery = NULL; LPWSTR szMszBuf = NULL; DWORD dwMszBufLen = 0; DWORD dwMszStringLen = 0;
// Create default "System Overview" counter log query
// Todo: check and translate HRESULT failures
szPropValue = ResourceString ( IDS_DEFAULT_CTRLOG_QUERY_NAME ); if ( ERROR_SUCCESS == dwStatus ) { //Todo: ResourceString return failure how?
dwStatus = InitializeNewQuery ( hkeyLogQueries, hkeyQuery, szPropValue ); } if ( ERROR_SUCCESS == dwStatus ) { szPropValue = ResourceString ( IDS_DEFAULT_CTRLOG_CPU_PATH );
hr = AddStringToMszBufferAlloc ( szPropValue, &szMszBuf, &dwMszBufLen, &dwMszStringLen );
if ( SUCCEEDED ( hr ) ) {
szPropValue = ResourceString ( IDS_DEFAULT_CTRLOG_MEMORY_PATH );
hr = AddStringToMszBufferAlloc ( szPropValue, &szMszBuf, &dwMszBufLen, &dwMszStringLen );
if ( SUCCEEDED ( hr ) ) {
szPropValue = ResourceString ( IDS_DEFAULT_CTRLOG_DISK_PATH );
hr = AddStringToMszBufferAlloc ( szPropValue, &szMszBuf, &dwMszBufLen, &dwMszStringLen ); } }
if ( SUCCEEDED ( hr ) ) { dwStatus = WriteRegistryStringValue ( hkeyQuery, cwszRegCounterList, REG_MULTI_SZ, szMszBuf, dwMszStringLen ); if ( ERROR_SUCCESS != dwStatus ) { hr = HRESULT_FROM_WIN32 ( dwStatus ); } }
if ( NULL != szMszBuf ) { delete szMszBuf; } } // Counter strings are required fields.
if ( SUCCEEDED ( hr ) && ERROR_SUCCESS == dwStatus ) { DWORD dwTemp; SLQ_TIME_INFO stiData; szPropValue = ResourceString ( IDS_DEFAULT_CTRLOG_COMMENT );
dwStatus = WriteRegistryStringValue ( hkeyQuery, cwszRegComment, REG_SZ, szPropValue, lstrlenW ( szPropValue ) );
dwTemp = SLF_NAME_NONE; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegLogFileAutoFormat, &dwTemp );
// Start mode and time set to manual
memset (&stiData, 0, sizeof(stiData)); stiData.wTimeType = SLQ_TT_TTYPE_START; stiData.wDataType = SLQ_TT_DTYPE_DATETIME; stiData.dwAutoMode = SLQ_AUTO_MODE_NONE; stiData.llDateTime = MAX_TIME_VALUE;
dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegStartTime, &stiData );
// Stop and Sample time fields are defaults, but Smlogsvc generates
// warning events if fields are missing.
InitDefaultSlqTimeInfo ( SLQ_COUNTER_LOG, SLQ_TT_TTYPE_STOP, &stiData ); dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegStopTime, &stiData ); InitDefaultSlqTimeInfo ( SLQ_COUNTER_LOG, SLQ_TT_TTYPE_SAMPLE, &stiData ); dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegSampleInterval, &stiData ); // The following file fields are defaults, but Smlogsvc generates
// warning events if fields are missing.
dwStatus = WriteRegistryStringValue ( hkeyQuery, cwszRegLogFileFolder, REG_SZ, cwszDefaultLogFileFolder, lstrlenW ( cwszDefaultLogFileFolder ) );
dwTemp = DEFAULT_LOG_FILE_SERIAL_NUMBER; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegLogFileSerialNumber, &dwTemp ); dwTemp = DEFAULT_LOG_FILE_MAX_SIZE; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegLogFileMaxSize, &dwTemp ); dwTemp = SLF_BIN_FILE; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegLogFileType, &dwTemp ); szPropValue = ResourceString ( IDS_DEFAULT_CTRLOG_QUERY_NAME ); dwStatus = WriteRegistryStringValue ( hkeyQuery, cwszRegLogFileBaseName, REG_SZ, szPropValue, lstrlenW ( szPropValue ) );
// The sample query is "ExecuteOnly"
dwTemp = 1; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegExecuteOnly, &dwTemp );
// Reset the log type from "new" to real type
dwTemp = SLQ_COUNTER_LOG; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegLogType, &dwTemp );
dwStatus = WriteRegistryLastModified ( hkeyQuery ); dwStatus = ERROR_SUCCESS; // Non-required fields.
} else { // Todo: Translate status, display message re: default log not installed
if ( ERROR_SUCCESS == dwStatus ) { dwStatus = (DWORD) hr; } szPropValue = ResourceString ( IDS_DEFAULT_CTRLOG_QUERY_NAME );
if ( NULL != hkeyQuery ) { RegCloseKey ( hkeyQuery ); hkeyQuery = NULL; } DeleteQuery ( hkeyLogQueries, szPropValue ); }
if ( NULL != hkeyQuery ) { RegCloseKey ( hkeyQuery ); }
return dwStatus;}
DWORD _stdcall Install ( HKEY hkeyMachine, HKEY& rhkeyLogQueries ){ DWORD dwStatus = ERROR_SUCCESS; HKEY hkeySysmonLog; DWORD dwDisposition; assert ( NULL != hkeyMachine );
rhkeyLogQueries = NULL;
dwStatus = RegOpenKeyExW ( hkeyMachine, cwszRegKeySysmonLog, 0, KEY_READ | KEY_WRITE, &hkeySysmonLog); if ( ERROR_SUCCESS == dwStatus ) { // Create registry subkey for Log Queries
dwStatus = RegCreateKeyExW ( hkeySysmonLog, cwszRegKeyLogQueries, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_READ | KEY_WRITE, NULL, &rhkeyLogQueries, &dwDisposition); } if ( ERROR_ACCESS_DENIED == dwStatus ) { dwStatus = LOGMAN_INSTALL_ACCESS_DENIED; DisplayErrorMessage ( dwStatus ); } else if ( ERROR_SUCCESS == dwStatus ) { dwStatus = CreateDefaultLogQueries( rhkeyLogQueries ); // Todo: Handle failure
}
return dwStatus;} DWORD _stdcallConnectToRegistry ( LPCTSTR szComputerName, HKEY& rhkeyLogQueries ){ DWORD dwStatus = ERROR_SUCCESS; HKEY hkeyMachine = HKEY_LOCAL_MACHINE; WCHAR wszComputerName[MAX_COMPUTERNAME_LENGTH+1];
USES_CONVERSION; wszComputerName[0] = NULL_W;
// Connect to registry on specified machine.
if ( NULL != szComputerName ) { if ( NULL_T != szComputerName[0] ) { lstrcpyW ( wszComputerName, T2W ( szComputerName ) );
dwStatus = RegConnectRegistryW ( wszComputerName, HKEY_LOCAL_MACHINE, &hkeyMachine ); } else { hkeyMachine = HKEY_LOCAL_MACHINE; } } else { hkeyMachine = HKEY_LOCAL_MACHINE; }
if ( ERROR_SUCCESS == dwStatus ) { assert ( NULL != hkeyMachine ); dwStatus = RegOpenKeyExW ( hkeyMachine, cwszRegKeyFullLogQueries, 0, KEY_ALL_ACCESS, &rhkeyLogQueries ); if ( ERROR_ACCESS_DENIED == dwStatus ) { dwStatus = IDS_LOGMAN_REG_ACCESS_DENIED; } else if ( ERROR_SUCCESS != dwStatus ) { // Install displays error messages
dwStatus = Install ( hkeyMachine, rhkeyLogQueries ); } } else { if ( 0 == lstrlenW ( wszComputerName ) ) { lstrcpyW ( wszComputerName, cwszLocalComputer ); }
DisplayErrorMessage ( LOGMAN_NO_COMPUTER_CONNECT, wszComputerName ); DisplayErrorMessage ( dwStatus ); dwStatus = LOGMAN_NO_COMPUTER_CONNECT; }
if ( NULL != hkeyMachine ) { RegCloseKey ( hkeyMachine ); }
return dwStatus;} //
// WriteRegistryLastModified function.
// Copies the current "last modified date" to the registry where
// it is read by the log service.
//
DWORD _stdcall WriteRegistryLastModified ( HKEY hkeyQuery ){ LONG dwStatus = ERROR_SUCCESS;
SLQ_TIME_INFO plqLastModified; SYSTEMTIME stLocalTime; FILETIME ftLocalTime;
// Get local time for last modified value.
GetLocalTime (&stLocalTime); SystemTimeToFileTime (&stLocalTime, &ftLocalTime); plqLastModified.wDataType = SLQ_TT_DTYPE_DATETIME; plqLastModified.wTimeType = SLQ_TT_TTYPE_LAST_MODIFIED; plqLastModified.dwAutoMode = SLQ_AUTO_MODE_NONE; // not used.
plqLastModified.llDateTime = *(LONGLONG *)&ftLocalTime;
dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegLastModified, &plqLastModified);
return dwStatus;}
DWORD _stdcallValidateProperties ( HKEY hkeyLogQueries, CPropertyBag* pPropBag, DWORD* pdwLogType, LPWSTR szQueryName, DWORD* pdwNameBufLen ){ DWORD dwStatus = ERROR_SUCCESS; HRESULT hr = NOERROR; LPWSTR szPropBagBuf = NULL; DWORD dwPropBagBufLen = 0; DWORD dwPropBagStringLen = 0; DWORD dwLocalLogType;
// Query key is not necessary for validation, so set it to NULL.
CPropertyUtils cPropertyUtils ( Commands[eComputer].strValue, NULL, pPropBag, NULL, hkeyLogQueries );
USES_CONVERSION;
*pdwLogType = 0; szQueryName[0] = NULL_W;
// Todo: Version info
// Query type and name are required properties.
hr = DwordFromPropertyBag ( pPropBag, cwszHtmlLogType, dwLocalLogType ); if ( SUCCEEDED ( hr ) ) { if ( SLQ_ALERT != dwLocalLogType ) { hr = StringFromPropBagAlloc ( pPropBag, cwszHtmlLogName, &szPropBagBuf, &dwPropBagBufLen, &dwPropBagStringLen ); } else { hr = StringFromPropBagAlloc ( pPropBag, cwszHtmlAlertName, &szPropBagBuf, &dwPropBagBufLen, &dwPropBagStringLen ); }
if ( FAILED ( hr ) ) { dwStatus = LOGMAN_NO_OBJECT_NAME;/* } else {
// Validate query name.
// Todo: Length check. Must be <= MAX_PATH;
lstrcpynW ( szTempCheck, szPropBagBuf, MAX_PATH ); szTokenCheck = _tcstok ( szTempCheck, cwszInvalidLogNameChars ); if ( 0 != lstrcmpi (szTempCheck, szTokenCheck ) ) { dwStatus = LOGMAN_INVALID_QUERY_NAME; }*/ } } else { dwStatus = LOGMAN_NO_OBJECT_LOGTYPE; }
// At this point, any hr failure is reflected in dwStatus.
if ( ERROR_SUCCESS == dwStatus ) { if ( NULL == szQueryName || ( *pdwNameBufLen < ( dwPropBagStringLen + 1 ) ) ) { dwStatus = ERROR_INSUFFICIENT_BUFFER; } else { lstrcpyW ( szQueryName, szPropBagBuf ) ; } *pdwNameBufLen = dwPropBagStringLen + 1; // Room for NULL.
*pdwLogType = dwLocalLogType; } // If required query type and name exist, then validate all other properties
if ( ERROR_SUCCESS != dwStatus ) { // Todo: Error message re: Validation failure -or print that and write success messages
// in the "Process object" method.
// Todo: Handle "invalid query name" elsewhere.
if ( LOGMAN_INVALID_QUERY_NAME == dwStatus ) { DisplayErrorMessage ( dwStatus, szQueryName ); } else { DisplayErrorMessage ( dwStatus ); } } else {
// Initialize the query name string in CPropertyUtils, for error message display.
cPropertyUtils.SetQueryName ( szQueryName );
// Validate required parameters first:
if ( SLQ_TRACE_LOG == dwLocalLogType ) { //DWORD dwKernelValid;
dwStatus = cPropertyUtils.Validate ( IdGuidListProp, dwLocalLogType );
// Todo: Check for kernel flags. Must have Guids or Kernel, cannot have both.
} else { assert ( SLQ_COUNTER_LOG == dwLocalLogType || SLQ_ALERT == dwLocalLogType ); dwStatus = cPropertyUtils.Validate ( IdCounterListProp, dwLocalLogType );
// Todo: Validate Alert action flags here. If all subfields are messed up,
// do not continue processing (?)
}
// All other fields are non-required
if ( ERROR_SUCCESS == dwStatus ) {
// Handle failures individually? Use exception handling?
if ( SLQ_TRACE_LOG == dwLocalLogType ) { dwStatus = cPropertyUtils.Validate ( IdTraceBufferSizeProp ); dwStatus = cPropertyUtils.Validate ( IdTraceBufferMinCountProp ); dwStatus = cPropertyUtils.Validate ( IdTraceBufferMaxCountProp ); dwStatus = cPropertyUtils.Validate ( IdTraceBufferFlushIntProp ); } else if ( SLQ_ALERT == dwLocalLogType ) {
dwStatus = cPropertyUtils.Validate ( IdActionFlagsProp ); dwStatus = cPropertyUtils.Validate ( IdCommandFileProp );// Validated as part of action flags validation dwStatus = cPropertyUtils.Validate ( IdNetworkNameProp );
dwStatus = cPropertyUtils.Validate ( IdUserTextProp ); dwStatus = cPropertyUtils.Validate ( IdPerfLogNameProp ); }
// Properties common to counter and trace logs
if ( SLQ_COUNTER_LOG == dwLocalLogType || SLQ_TRACE_LOG == dwLocalLogType ) {
dwStatus = cPropertyUtils.Validate ( IdLogFileTypeProp ); dwStatus = cPropertyUtils.Validate ( IdLogFileAutoFormatProp ); dwStatus = cPropertyUtils.Validate ( IdLogFileSerialNumberProp ); dwStatus = cPropertyUtils.Validate ( IdLogFileBaseNameProp ); dwStatus = cPropertyUtils.Validate ( IdLogFileMaxSizeProp ); dwStatus = cPropertyUtils.Validate ( IdLogFileFolderProp ); dwStatus = cPropertyUtils.Validate ( IdEofCommandFileProp ); }
// Properties common to alerts and counter logs
if ( SLQ_COUNTER_LOG == dwLocalLogType || SLQ_ALERT == dwLocalLogType ) { dwStatus = cPropertyUtils.Validate ( IdSampleProp ); }
// Properties common to all query types
dwStatus = cPropertyUtils.Validate ( IdCommentProp ); dwStatus = cPropertyUtils.Validate ( IdRestartProp, dwLocalLogType );
dwStatus = cPropertyUtils.Validate ( IdStartProp, dwLocalLogType ); dwStatus = cPropertyUtils.Validate ( IdStopProp, dwLocalLogType ); // Todo: Validation is currently ignored until fully implemented
dwStatus = ERROR_SUCCESS;
} else { // Display error message re: missing required property.
// Need log-type specific message.
if ( SLQ_COUNTER_LOG == dwLocalLogType ) { // DisplayErrorMessage ( dwStatus );
} else if ( SLQ_TRACE_LOG == dwLocalLogType ) { // Attempt to load kernel trace flags
// dwStatus = cPropertyUtils.Validate ( IdTraceFlagsProp );
if ( ERROR_SUCCESS == dwStatus ) { // Todo: Check for kernel flag. Need either Kernel flag OR provider GUIDs
// and NOT both.
} } else if ( SLQ_ALERT == dwLocalLogType ) { }
// Todo: Need status processing method to determine if any required subfields are incorrect.
// If so, then stop processing this HTML file.
// Todo: Validation is currently ignored until fully implemented
dwStatus = ERROR_SUCCESS; } } // Todo: Validation is currently ignored until fully implemented
dwStatus = ERROR_SUCCESS; return dwStatus;} DWORD _stdcallWriteToRegistry ( HKEY hkeyLogQueries, CPropertyBag* pPropBag, LPWSTR szQueryName, DWORD& rdwLogType ){ DWORD dwStatus = ERROR_SUCCESS; HRESULT hr = NOERROR; HKEY hkeyQuery = NULL; CPropertyUtils cPropertyUtils ( Commands[eComputer].strValue );
USES_CONVERSION; // Write all properties to the registry.
// All errors are displayed as messages within this
// routine or its subroutines.
// Create log key
dwStatus = InitializeNewQuery ( hkeyLogQueries, hkeyQuery, szQueryName ); if ( ERROR_SUCCESS != dwStatus ) { if ( LOGMAN_DUP_QUERY_NAME == dwStatus ) { if ( Commands[eOverwrite].bValue ) { // If Overwrite option specified, overwrite after displaying warning.
DisplayErrorMessage ( LOGMAN_OVERWRITE_DUP_QUERY, szQueryName ); dwStatus = DeleteQuery ( hkeyLogQueries, szQueryName ); if ( ERROR_SUCCESS == dwStatus ) { dwStatus = InitializeNewQuery ( hkeyLogQueries, hkeyQuery, szQueryName ); if ( ERROR_SUCCESS != dwStatus ) { DisplayErrorMessage ( dwStatus ); } } } else { DisplayErrorMessage ( dwStatus, szQueryName ); } } else { DisplayErrorMessage ( dwStatus ); } } // If failed before this point, do not continue loading.
if ( ERROR_SUCCESS == dwStatus ) { // Use log key to write properties to the registry.
// When loading properties, continue even if errors.
//
// On error, nothing is written to the registry.
// In this case, the default value will
// be read in by the log service.
// Note: StringFromPropBagAlloc and AddStringToMszBuffer
// allocate data buffers that must be deleted by the caller.
// These methods also indicate length of string returned
// vs. length of buffer returned.
// hkeyQueryList is not required for writing to the the registry,
// so leave it NULL.
// Todo: Some fields will require validation in this method,
// to ensure that default values are used instead of incorrect values.
cPropertyUtils.SetQueryName ( szQueryName ); cPropertyUtils.SetPropertyBag ( pPropBag ); cPropertyUtils.SetQueryKey ( hkeyQuery );
// Required properties: Counter list for counter logs and alerts,
// provider guid list or kernel flags for trace logs.
if ( SLQ_TRACE_LOG == rdwLogType ) { hr = cPropertyUtils.BagToRegistry ( IdGuidListProp, rdwLogType ); } else { assert ( SLQ_COUNTER_LOG == rdwLogType || SLQ_ALERT == rdwLogType ); hr = cPropertyUtils.BagToRegistry ( IdCounterListProp, rdwLogType ); }
if ( FAILED ( hr ) ) { // Todo: At this point, the problem would be an internal error,
// because validated previous to this.
// Todo: Type - specific error message
if ( SLQ_COUNTER_LOG == rdwLogType ) { } else if ( SLQ_TRACE_LOG == rdwLogType ) { // Attemp to load kernel trace flags
hr = cPropertyUtils.BagToRegistry ( IdTraceFlagsProp ); if ( FAILED ( hr ) ) { //Todo: Check for kernel flag. Need either Kernel flag OR provider GUIDs
} } else if ( SLQ_ALERT == rdwLogType ) { // Todo: Special case to write action properties. Only write correct ones?
// Or stop processing if any invalid?
} } else { if ( SLQ_TRACE_LOG == rdwLogType ) { hr = cPropertyUtils.BagToRegistry ( IdTraceBufferSizeProp ); hr = cPropertyUtils.BagToRegistry ( IdTraceBufferMinCountProp ); hr = cPropertyUtils.BagToRegistry ( IdTraceBufferMaxCountProp ); hr = cPropertyUtils.BagToRegistry ( IdTraceBufferFlushIntProp ); } else if ( SLQ_ALERT == rdwLogType ) {
hr = cPropertyUtils.BagToRegistry ( IdActionFlagsProp ); hr = cPropertyUtils.BagToRegistry ( IdCommandFileProp ); hr = cPropertyUtils.BagToRegistry ( IdNetworkNameProp ); hr = cPropertyUtils.BagToRegistry ( IdUserTextProp ); hr = cPropertyUtils.BagToRegistry ( IdPerfLogNameProp ); } hr = NOERROR; // Todo: ensure dwLogType is valid
// Properties common to counter and trace logs
if ( SLQ_COUNTER_LOG == rdwLogType || SLQ_TRACE_LOG == rdwLogType ) {
hr = cPropertyUtils.BagToRegistry ( IdLogFileMaxSizeProp ); hr = cPropertyUtils.BagToRegistry ( IdLogFileTypeProp ); hr = cPropertyUtils.BagToRegistry ( IdLogFileAutoFormatProp ); hr = cPropertyUtils.BagToRegistry ( IdLogFileSerialNumberProp ); hr = cPropertyUtils.BagToRegistry ( IdLogFileBaseNameProp ); hr = cPropertyUtils.BagToRegistry ( IdLogFileMaxSizeProp ); hr = cPropertyUtils.BagToRegistry ( IdLogFileFolderProp ); hr = cPropertyUtils.BagToRegistry ( IdEofCommandFileProp ); hr = NOERROR; } // Properties common to alerts and counter logs
if ( SLQ_COUNTER_LOG == rdwLogType || SLQ_ALERT == rdwLogType ) { // Time values default if error
hr = cPropertyUtils.BagToRegistry ( IdSampleProp ); hr = NOERROR; }
// Properties common to all query types
hr = cPropertyUtils.BagToRegistry ( IdCommentProp ); hr = cPropertyUtils.BagToRegistry ( IdRestartProp, rdwLogType );
hr = cPropertyUtils.BagToRegistry ( IdStartProp, rdwLogType ); hr = cPropertyUtils.BagToRegistry ( IdStopProp, rdwLogType ); hr = NOERROR; dwStatus = ERROR_SUCCESS; // Non-required fields
// Required fields, ending the creation process.
// Reset the log type from "new" to real type
dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegLogType, &rdwLogType ); if ( ERROR_SUCCESS == dwStatus ) { dwStatus = WriteRegistryLastModified ( hkeyQuery ); } if ( ERROR_SUCCESS == dwStatus ) { DisplayErrorMessage ( IDS_LOGMAN_QUERY_CONFIG_SUCCESS, szQueryName ); } /* else //Todo: Error message re: unable to complete query in the registry */ }
if ( FAILED ( hr ) || ( ERROR_SUCCESS != dwStatus ) ) { RegCloseKey ( hkeyQuery ); hkeyQuery = NULL; DeleteQuery ( hkeyLogQueries, szQueryName ); } }
if ( NULL != hkeyQuery ) { RegCloseKey ( hkeyQuery ); }
return dwStatus;}
DWORD _stdcallProcessSettingsObject ( HKEY hkeyLogQueries, CPropertyBag* pPropBag ){ DWORD dwStatus = ERROR_SUCCESS; DWORD dwLogType; WCHAR szQueryName [MAX_PATH]; // Todo: Remove length restriction
DWORD dwNameBufLen = MAX_PATH;
// Validate all properties
// Todo: Ensure that at least one provider, counter, or alert was added.
dwStatus = ValidateProperties ( hkeyLogQueries, pPropBag, &dwLogType, szQueryName, &dwNameBufLen ); // ValidateProperties() displays messages for all errors
if ( ERROR_SUCCESS == dwStatus ) {
// Write all properties to the registry.
// WriteToRegistry() displays messages for all errors
dwStatus = WriteToRegistry ( hkeyLogQueries, pPropBag, szQueryName, dwLogType ); }
return dwStatus;}
DWORD _stdcallProcessSettingsFile ( LPCTSTR szComputerName, LPCTSTR szFileName ){ DWORD dwStatus = ERROR_SUCCESS; LPTSTR szFirstObject = NULL;
// Open file
dwStatus = LoadSettingsFile ( szFileName, szFirstObject );
if ( ERROR_SUCCESS == dwStatus && NULL != szFirstObject ) { HKEY hkeyLogQueries = NULL; dwStatus = ConnectToRegistry ( szComputerName, hkeyLogQueries );
if ( ERROR_SUCCESS == dwStatus ) { LPTSTR szCurrentObject = NULL; LPTSTR szNextObject = NULL; BOOL bAtLeastOneSysmonObjectRead = FALSE;
assert ( NULL != hkeyLogQueries );
szCurrentObject = szFirstObject;
while ( ERROR_SUCCESS == dwStatus && NULL != szCurrentObject ) { CPropertyBag PropBag;
dwStatus = PropBag.LoadData ( szCurrentObject, szNextObject );
if ( ERROR_SUCCESS == dwStatus ) { dwStatus = ProcessSettingsObject ( hkeyLogQueries, &PropBag );
if ( ERROR_SUCCESS == dwStatus ) { bAtLeastOneSysmonObjectRead = TRUE; } else { if ( LOGMAN_NO_SYSMON_OBJECT != dwStatus ) { bAtLeastOneSysmonObjectRead = TRUE; } // Error messages handled (displayed) within
// ProcessSettingsObject(), so reset dwStatus
dwStatus = ERROR_SUCCESS; }
} else { // Handle (display) error message, then reset
// dwStatus to continue.
if ( LOGMAN_NO_SYSMON_OBJECT != dwStatus ) { DisplayErrorMessage ( dwStatus ); } dwStatus = ERROR_SUCCESS; } szCurrentObject = szNextObject; }
if ( !bAtLeastOneSysmonObjectRead ) { dwStatus = LOGMAN_NO_SYSMON_OBJECT; DisplayErrorMessage ( dwStatus ); }
RegCloseKey ( hkeyLogQueries ); } // else error message displayed by ConnectToRegistry()
} // else error message displayed by LoadSettingsFile()
// Delete data buffer allocated by LoadSettingsFile
if ( NULL != szFirstObject ) { delete szFirstObject; } return dwStatus;}
DWORD _stdcallConnectToQuery ( LPCTSTR szComputerName, LPCTSTR szQueryName, HKEY& rhkeyQuery ){ DWORD dwStatus = ERROR_SUCCESS; HKEY hkeyQuery = NULL; HKEY hkeyLogQueries = NULL; USES_CONVERSION;
dwStatus = ConnectToRegistry ( szComputerName, hkeyLogQueries );
if ( ERROR_SUCCESS == dwStatus ) { dwStatus = RegOpenKeyEx ( hkeyLogQueries, szQueryName, 0, KEY_ALL_ACCESS, &hkeyQuery );
if ( ERROR_SUCCESS != dwStatus ) { if ( ERROR_ACCESS_DENIED == dwStatus ) { dwStatus = LOGMAN_REG_ACCESS_DENIED; DisplayErrorMessage ( dwStatus ); } else if ( ERROR_FILE_NOT_FOUND == dwStatus ) { dwStatus = LOGMAN_NO_QUERY_CONNECT; DisplayErrorMessage ( dwStatus, T2W( szQueryName ) ); } } }
RegCloseKey ( hkeyLogQueries );
rhkeyQuery = hkeyQuery; return dwStatus;}
#pragma warning ( disable : 4706 )
DWORD _stdcallStartQuery ( LPCTSTR szComputerName, LPCTSTR szQueryName ){ DWORD dwStatus = ERROR_SUCCESS; HKEY hkeyQuery = NULL;
USES_CONVERSION;
// ConnectToQuery displays any errors
dwStatus = ConnectToQuery ( szComputerName, szQueryName, hkeyQuery );
if ( ERROR_SUCCESS == dwStatus ) { SLQ_TIME_INFO stiData; DWORD dwRegValue; BOOL bSetStopToMax; // Todo: Warn the user if start mode is not manual.
// Set start mode to manual, start time = MIN_TIME_VALUE
memset (&stiData, 0, sizeof(stiData)); stiData.wTimeType = SLQ_TT_TTYPE_START; stiData.wDataType = SLQ_TT_DTYPE_DATETIME; stiData.dwAutoMode = SLQ_AUTO_MODE_NONE; stiData.llDateTime = MIN_TIME_VALUE;
dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegStartTime, &stiData ); if ( ERROR_SUCCESS == dwStatus ) { // If stop time mode set to manual, or StopAt with time before Now,
// set the mode to Manual, value to MAX_TIME_VALUE
bSetStopToMax = FALSE; dwStatus = ReadRegistrySlqTime ( hkeyQuery, cwszRegStopTime, &stiData );
if ( ERROR_SUCCESS == dwStatus ) { if ( SLQ_AUTO_MODE_NONE == stiData.dwAutoMode ) { bSetStopToMax = TRUE; } else if ( SLQ_AUTO_MODE_AT == stiData.dwAutoMode ) { SYSTEMTIME stLocalTime; FILETIME ftLocalTime; LONGLONG llLocalTime;
// get local time
GetLocalTime (&stLocalTime); SystemTimeToFileTime (&stLocalTime, &ftLocalTime); llLocalTime = *(LONGLONG*)&ftLocalTime;
if ( llLocalTime >= stiData.llDateTime ) { bSetStopToMax = TRUE; } } }
if ( ERROR_SUCCESS == dwStatus && bSetStopToMax ) { assert( SLQ_TT_DTYPE_DATETIME == stiData.wDataType ); stiData.dwAutoMode = SLQ_AUTO_MODE_NONE; stiData.llDateTime = MAX_TIME_VALUE; dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegStopTime, &stiData ); } } // Service needs to distinguish between Running and Start Pending
// at service startup, so always set state to start pending.
// Todo: Check to see if running, before executing this.
if ( ERROR_SUCCESS == dwStatus ) { dwRegValue = SLQ_QUERY_START_PENDING; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegCurrentState, &dwRegValue ); }
// Set LastModified
if ( ERROR_SUCCESS == dwStatus ) { dwStatus = WriteRegistryLastModified ( hkeyQuery ); } // Start the service on the target machine
if ( ERROR_SUCCESS == dwStatus ) { DWORD dwTimeout = 3; DWORD dwState = 0;
dwStatus = Synchronize ( szComputerName );
while (--dwTimeout && ERROR_SUCCESS == dwStatus ) { dwStatus = GetState ( szComputerName, dwState );
if ( SERVICE_RUNNING == dwState ) { break; }
} if ( ERROR_SUCCESS == dwStatus && SERVICE_RUNNING != dwState ) { dwStatus = LOGMAN_START_TIMED_OUT; } }
if ( ERROR_SUCCESS != dwStatus ) { if ( LOGMAN_START_TIMED_OUT == dwStatus ) { DisplayErrorMessage ( dwStatus, T2W(szQueryName) ); } else { DisplayErrorMessage ( LOGMAN_START_FAILED, T2W(szQueryName) ); DisplayErrorMessage ( dwStatus ); } } }
if ( NULL != hkeyQuery ) { RegCloseKey ( hkeyQuery ); }
if ( ERROR_SUCCESS == dwStatus ) { DisplayErrorMessage ( LOGMAN_QUERY_START_SUCCESS, T2W(szQueryName) ); }
return dwStatus;}#pragma warning ( default: 4706 )
#pragma warning ( disable: 4706 )
DWORD _stdcallStopQuery ( LPCTSTR szComputerName, LPCTSTR szQueryName ){ DWORD dwStatus = ERROR_SUCCESS; HKEY hkeyQuery = NULL;
USES_CONVERSION;
// ConnectToQuery displays any errors
dwStatus = ConnectToQuery ( szComputerName, szQueryName, hkeyQuery );
if ( ERROR_SUCCESS == dwStatus ) { SLQ_TIME_INFO stiData; DWORD dwRestartMode = 0; // If query is set to restart on end, clear the restart flag.
dwStatus = ReadRegistryDwordValue ( hkeyQuery, cwszRegRestart, &dwRestartMode );
// Todo: Warn user
if ( ERROR_SUCCESS == dwStatus && SLQ_AUTO_MODE_NONE != dwRestartMode ) { dwRestartMode = SLQ_AUTO_MODE_NONE; dwStatus = WriteRegistryDwordValue ( hkeyQuery, cwszRegRestart, &dwRestartMode, REG_BINARY ); }
// Set stop mode to manual, stop time to MIN_TIME_VALUE
if ( ERROR_SUCCESS == dwStatus ) { memset (&stiData, 0, sizeof(stiData)); stiData.wTimeType = SLQ_TT_TTYPE_STOP; stiData.wDataType = SLQ_TT_DTYPE_DATETIME; stiData.dwAutoMode = SLQ_AUTO_MODE_NONE; stiData.llDateTime = MIN_TIME_VALUE;
dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegStopTime, &stiData ); }
// If start time mode set to manual, set the value to MAX_TIME_VALUE
if ( ERROR_SUCCESS == dwStatus ) { dwStatus = ReadRegistrySlqTime ( hkeyQuery, cwszRegStartTime, &stiData );
if ( ERROR_SUCCESS == dwStatus && SLQ_AUTO_MODE_NONE == stiData.dwAutoMode ) { assert( SLQ_TT_DTYPE_DATETIME == stiData.wDataType ); stiData.llDateTime = MAX_TIME_VALUE; dwStatus = WriteRegistrySlqTime ( hkeyQuery, cwszRegStartTime, &stiData ); } }
// Set LastModified
if ( ERROR_SUCCESS == dwStatus ) { dwStatus = WriteRegistryLastModified ( hkeyQuery ); } // Start the service on the target machine
if ( ERROR_SUCCESS == dwStatus ) { DWORD dwTimeout = 3; DWORD dwState = 0;
dwStatus = Synchronize ( szComputerName );
while (--dwTimeout && ERROR_SUCCESS == dwStatus ) { dwStatus = GetState ( szComputerName, dwState );
if ( SERVICE_STOPPED == dwState ) { break; }
} if ( ERROR_SUCCESS == dwStatus && SERVICE_STOPPED != dwState ) { dwStatus = LOGMAN_STOP_TIMED_OUT; } } if ( ERROR_SUCCESS != dwStatus ) { if ( LOGMAN_STOP_TIMED_OUT == dwStatus ) { DisplayErrorMessage ( dwStatus, T2W(szQueryName) ); } else { DisplayErrorMessage ( LOGMAN_STOP_FAILED, T2W(szQueryName) ); DisplayErrorMessage ( dwStatus ); } } } if ( NULL != hkeyQuery ) { RegCloseKey ( hkeyQuery ); }
if ( ERROR_SUCCESS == dwStatus ) { DisplayErrorMessage ( LOGMAN_QUERY_STOP_SUCCESS, T2W(szQueryName) ); }
return dwStatus;}#pragma warning ( default: 4706 )
DWORD _stdcallGetState ( LPCTSTR szComputerName, DWORD& rdwState ){ DWORD dwStatus = ERROR_SUCCESS; SERVICE_STATUS ssData; SC_HANDLE hSC; SC_HANDLE hLogService; rdwState = 0; // Error by default.
// open SC database
hSC = OpenSCManager ( szComputerName, NULL, SC_MANAGER_CONNECT);
if (hSC != NULL) { // open service
hLogService = OpenServiceW ( hSC, cwszLogService, SERVICE_INTERROGATE ); if (hLogService != NULL) { if ( ControlService ( hLogService, SERVICE_CONTROL_INTERROGATE, &ssData)) {
rdwState = ssData.dwCurrentState; } else { dwStatus = GetLastError(); rdwState = SERVICE_STOPPED; // *** error message
assert (dwStatus != 0); }
CloseServiceHandle (hLogService); } else { // *** error message
dwStatus = GetLastError(); assert (dwStatus != 0); }
CloseServiceHandle (hSC); } else { // *** error message
dwStatus = GetLastError(); assert (dwStatus != 0); } // OpenSCManager
if ( ERROR_SERVICE_NOT_ACTIVE == dwStatus || ERROR_SERVICE_REQUEST_TIMEOUT == dwStatus ) { rdwState = SERVICE_STOPPED; dwStatus = ERROR_SUCCESS; }
return dwStatus;}
#pragma warning ( disable: 4706 )
DWORD _stdcallSynchronize ( LPCTSTR szComputerName ){ // If the service is running, tell it to synchronize itself,
// Check the state afterwards to see if it got the message.
// If stop pending or stopped, wait until the service is
// stopped and then attempt to start it. The service
// synchronizes itself from the registry when it is started.
// Return ERROR_SUCCESS for success, other for failure.
SC_HANDLE hSC = NULL; SC_HANDLE hLogService = NULL; SERVICE_STATUS ssData; DWORD dwCurrentState; DWORD dwTimeout = 25; LONG dwStatus = ERROR_SUCCESS;
dwStatus = GetState ( szComputerName, dwCurrentState );
if ( ERROR_SUCCESS == dwStatus && 0 != dwCurrentState ) { // open SC database
hSC = OpenSCManager ( szComputerName, NULL, SC_MANAGER_CONNECT);
if ( NULL != hSC ) { // open service
hLogService = OpenServiceW ( hSC, cwszLogService, SERVICE_USER_DEFINED_CONTROL | SERVICE_START ); if ( NULL != hLogService ) {
if ( ( SERVICE_STOPPED != dwCurrentState ) && ( SERVICE_STOP_PENDING != dwCurrentState ) ) {
// Wait 100 milliseconds before synchronizing service,
// to ensure that registry values are written.
Sleep ( 100 );
ControlService ( hLogService, SERVICE_CONTROL_SYNCHRONIZE, &ssData); dwCurrentState = ssData.dwCurrentState; }
// Make sure that the ControlService call reached the service
// while it was in run state.
if ( ( SERVICE_STOPPED == dwCurrentState ) || ( SERVICE_STOP_PENDING == dwCurrentState ) ) {
if ( SERVICE_STOP_PENDING == dwCurrentState ) { // wait for the service to stop before starting it.
while ( --dwTimeout && ERROR_SUCCESS == dwStatus ) { dwStatus = GetState ( szComputerName, dwCurrentState ); if ( SERVICE_STOP_PENDING == dwCurrentState ) { Sleep(200); } else { break; } } } dwTimeout = 25; if ( SERVICE_STOPPED == dwCurrentState ) { if ( StartService (hLogService, 0, NULL) ) { // wait for the service to start or stop
// before returning
while ( --dwTimeout && ERROR_SUCCESS == dwStatus ) { dwStatus = GetState ( szComputerName, dwCurrentState ); if ( SERVICE_START_PENDING == dwCurrentState ) { Sleep(200); } else { break; } } } else { dwStatus = GetLastError(); } } else { // *** error message
} // *** ensure that dwCurrentState is not stopped?
} } CloseServiceHandle ( hLogService );
} else { dwStatus = GetLastError(); }
CloseServiceHandle (hSC);
} else { dwStatus = GetLastError(); }
// Todo: Update Auto Start service config
return dwStatus;}#pragma warning ( default : 4706 )
int __cdecl_tmain ( INT argc, LPTSTR argv[] ){ DWORD dwStatus = 0;
// Accept user input.
// The command line arguments are the objects to sample.
// If no user input, then display help.
ParseCmd( argc, argv );
if (Commands[eSettings].bDefined) { dwStatus = ProcessSettingsFile ( Commands[eComputer].strValue, Commands[eSettings].strValue ); // Error messages displayed within ProcessSettingsFile method
} if ( Commands[eStart].bDefined ) { dwStatus = StartQuery ( Commands[eComputer].strValue, Commands[eName].strValue ); // Error messages displayed within StartQuery method
} if ( Commands[eStop].bDefined ) { dwStatus = StopQuery ( Commands[eComputer].strValue, Commands[eName].strValue ); // Error messages displayed within StopQuery method
}
// Error messages displayed within submethods, so reset dwStatus.
dwStatus = 0; FreeCmd(); return dwStatus;}
|
