Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

393 lines
10 KiB

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1999-2001.
//
// File: GetSREvent.cxx
//
// Contents: Gets SR related system events
//
// Classes: n/a
//
// Coupling:
//
// Notes:
//
// History: 20-04-2001 weiyouc Created
//
//----------------------------------------------------------------------------
//--------------------------------------------------------------------------
// Headers
//--------------------------------------------------------------------------
#include "SrHeader.hxx"
//--------------------------------------------------------------------------
// Defines
//--------------------------------------------------------------------------
#define MAX_BUF_SIZE 1000
#define SR_SERVICE_SRC TEXT("SrService")
#define SR_FILTER_SRC TEXT("sr")
#define SR_SERVICE_EVENTID_BASE 0x00000067
#define SR_FILTER_EVENTID_BASE 0x00000001
//--------------------------------------------------------------------------
// Function prototypes
//--------------------------------------------------------------------------
HRESULT DumpSREvent(LPTSTR ptszLog, EVENTLOGRECORD* pEvent);
HRESULT DumpSREventMsg(FILE* fpLog, EVENTLOGRECORD* pEvent);
LPCTSTR GetSrEventStr(WORD wEventType);
//--------------------------------------------------------------------------
// Some global variables
//--------------------------------------------------------------------------
LPCTSTR g_tszEventType[] =
{
TEXT("UNKNOWN_EVENT"),
TEXT("EVENTLOG_ERROR_TYPE"),
TEXT("EVENTLOG_WARNING_TYPE"),
TEXT("EVENTLOG_INFORMATION_TYPE"),
TEXT("EVENTLOG_AUDIT_SUCCESS"),
TEXT("EVENTLOG_AUDIT_FAILURE")
};
LPCSTR g_szSrServiceEventMsg[] =
{
"The System Restore control handler could not be installed.",
"The System Restore initialization process failed.",
"The System Restore service received an unsupported request.",
"The System Restore service was started.",
"The System Restore service has been suspended because there is not "
"enough disk space available on the drive %S. System Restore will "
"automatically resume service once at least %S MB of free disk space "
"is available on the system drive.",
"The System Restore service has resumed monitoring due to space freed "
"on the system drive.",
"The System Restore service was stopped.",
"A restoration to \"%S\" restore point occurred successfully.",
"A restoration to \"%S\" restore point failed. "
"No changes have been made to the system.",
"A restoration to \"%S\" restore point was incomplete due to an "
"improper shutdown.",
"System Restore monitoring was enabled on drive %S.",
"System Restore monitoring was disabled on drive %S.",
"System Restore monitoring was enabled on all drives.",
"System Restore monitoring was disabled on all drives.",
};
//+---------------------------------------------------------------------------
//
// Function: GetSREvents
//
// Synopsis: Get SR related event to a log file
//
// Arguments: ptszLogFile -- log file name
//
// Returns: HRESULT
//
// History: 20-04-2001 weiyouc Created
//
// Notes:
//
//----------------------------------------------------------------------------
HRESULT GetSREvents(LPTSTR ptszLogFile)
{
HRESULT hr = S_OK;
HANDLE hEventLog = NULL;
EVENTLOGRECORD* pelrEvent = NULL;
FILE* fpLog = NULL;
BOOL fOK = FALSE;
DWORD dwBytesRead = 0;
DWORD dwBytesNeeded = 0;
LPTSTR ptszSrcName = NULL;
BYTE bEventBuf[MAX_BUF_SIZE];
DH_VDATEPTRIN(ptszLogFile, TCHAR);
hEventLog = OpenEventLog(NULL, TEXT("System"));
DH_ABORTIF(NULL == hEventLog,
HRESULT_FROM_WIN32(GetLastError()),
TEXT("OpenEventLog"));
ZeroMemory(&bEventBuf, MAX_BUF_SIZE);
pelrEvent = (EVENTLOGRECORD *) &bEventBuf;
while (ReadEventLog(hEventLog,
EVENTLOG_BACKWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0,
pelrEvent,
MAX_BUF_SIZE,
&dwBytesRead,
&dwBytesNeeded))
{
//
// Since there might be multiple logs packed in the buffer,
// we need to unpack them.
//
while (dwBytesRead > 0)
{
//
// If the source name is what we are interested,
// we dump the event log
//
ptszSrcName = (LPTSTR)((LPBYTE) pelrEvent + sizeof(EVENTLOGRECORD));
if ((0 == _tcsicmp(ptszSrcName, SR_SERVICE_SRC)) ||
(0 == _tcsicmp(ptszSrcName, SR_FILTER_SRC)))
{
hr = DumpSREvent(ptszLogFile, pelrEvent);
DH_HRCHECK_ABORT(hr, TEXT("DumpSREvent"));
}
dwBytesRead -= pelrEvent->Length;
pelrEvent = (EVENTLOGRECORD*)((LPBYTE) pelrEvent + pelrEvent->Length);
}
ZeroMemory(&bEventBuf, MAX_BUF_SIZE);
pelrEvent = (EVENTLOGRECORD *) &bEventBuf;
}
ErrReturn:
if (NULL != hEventLog)
{
CloseEventLog(hEventLog);
}
if (NULL != fpLog)
{
fclose(fpLog);
}
return hr;
}
//+---------------------------------------------------------------------------
//
// Function: DumpSREvent
//
// Synopsis: Dump an SR-related event to the log file
//
// Arguments: ptszLogFile -- log file name
// pEvent -- pointer to a system event
//
// Returns: HRESULT
//
// History: 20-04-2001 weiyouc Created
//
// Notes:
//
//----------------------------------------------------------------------------
HRESULT DumpSREvent(LPTSTR ptszLog,
EVENTLOGRECORD* pEvent)
{
HRESULT hr = S_OK;
FILE* fpLog = NULL;
WORD wEventType = 0;
__int64 llTemp = 0;
__int64 llSecsTo1970 = 116444736000000000;
FILETIME FileTime;
FILETIME LocalFileTime;
SYSTEMTIME SysTime;
DH_VDATEPTRIN(ptszLog, TCHAR);
DH_VDATEPTRIN(pEvent, EVENTLOGRECORD);
fpLog = _tfopen(ptszLog, TEXT("a"));
DH_ABORTIF(NULL == fpLog,
E_FAIL,
TEXT("_tfopen"));
//
// Dump the event source
//
fprintf(fpLog,
"Event Source: %S \n",
(LPTSTR)((LPBYTE) pEvent + sizeof(EVENTLOGRECORD)));
//
// Dump the event number
//
fprintf(fpLog, "Event Number: %u \n", pEvent->RecordNumber);
//
// Dump the event ID
//
fprintf(fpLog, "Event ID: %x \n", (0xFFFF & pEvent->EventID));
//
// Dump the event
//
wEventType = pEvent->EventType;
if ((wEventType >= EVENTLOG_ERROR_TYPE) &&
(wEventType <= EVENTLOG_AUDIT_FAILURE))
{
fprintf(fpLog,
"Event Type: %S \n",
GetSrEventStr(wEventType));
}
//
// Now dump the event message
//
hr = DumpSREventMsg(fpLog, pEvent);
DH_HRCHECK_ABORT(hr, TEXT("DumpSREventMsg"));
//
// Dump the event time
//
llTemp = Int32x32To64(pEvent->TimeGenerated, 10000000) + llSecsTo1970;
FileTime.dwLowDateTime = (DWORD) llTemp;
FileTime.dwHighDateTime = (DWORD)(llTemp >> 32);
FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
FileTimeToSystemTime(&LocalFileTime, &SysTime);
fprintf(fpLog,
"Time Generated: %02d/%02d/%02d %02d:%02d:%02d\n",
SysTime.wMonth,
SysTime.wDay,
SysTime.wYear,
SysTime.wHour,
SysTime.wMinute,
SysTime.wSecond);
//
// Finally we put an extra line break
//
fprintf(fpLog, "\n");
ErrReturn:
if (NULL != fpLog)
{
fclose(fpLog);
}
return hr;
}
//+---------------------------------------------------------------------------
//
// Function: DumpSREventMsg
//
// Synopsis: Dump an SR-related event message to the log file
//
// Arguments: fpLog -- file pointer to the log file
// pEvent -- pointer to a system event
//
// Returns: HRESULT
//
// History: 20-04-2001 weiyouc Created
//
// Notes:
//
//----------------------------------------------------------------------------
HRESULT DumpSREventMsg(FILE* fpLog,
EVENTLOGRECORD* pEvent)
{
HRESULT hr = S_OK;
DWORD dwEventID = 0;
DH_VDATEPTRIN(fpLog, FILE);
DH_VDATEPTRIN(pEvent, EVENTLOGRECORD);
fprintf(fpLog, "Message: ");
//
// If this is a filter type event log
//
dwEventID = 0xFFFF & pEvent->EventID;
if (dwEventID == SR_FILTER_EVENTID_BASE)
{
fprintf(fpLog, "SR filter has encountered a volume error");
}
else
{
fprintf(fpLog,
g_szSrServiceEventMsg[dwEventID - SR_SERVICE_EVENTID_BASE],
(LPTSTR)(pEvent->StringOffset + (LPBYTE) pEvent));
}
fprintf(fpLog, "\n");
return hr;
}
//+---------------------------------------------------------------------------
//
// Function: GetSrEventStr
//
// Synopsis: Translate an event to an event string
//
// Arguments: wEventType -- event type
//
// Returns: HRESULT
//
// History: 20-04-2001 weiyouc Created
//
// Notes:
//
//----------------------------------------------------------------------------
LPCTSTR GetSrEventStr(WORD wEventType)
{
WORD wIndex = 0;
switch (wEventType)
{
case EVENTLOG_ERROR_TYPE:
wIndex = 1;
break;
case EVENTLOG_WARNING_TYPE:
wIndex = 2;
break;
case EVENTLOG_INFORMATION_TYPE:
wIndex = 3;
break;
case EVENTLOG_AUDIT_SUCCESS:
wIndex = 4;
break;
case EVENTLOG_AUDIT_FAILURE:
wIndex = 5;
break;
default:
break;
}
return g_tszEventType[wIndex];
}