mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
837 lines
26 KiB
837 lines
26 KiB
/*****************************************************************/
|
|
/** Microsoft Windows NT **/
|
|
/** Copyright(c) Microsoft Corp., 1991 **/
|
|
/*****************************************************************/
|
|
|
|
/*
|
|
* lognt.hxx
|
|
* This file contains class definitions of NT event log objects.
|
|
* NT_EVENT_LOG
|
|
*
|
|
* History:
|
|
* Yi-HsinS 10/15/91 Created
|
|
* terryk 12/20/91 Added WriteTextEntry
|
|
* Yi-HsinS 01/15/92 Added Backup, SeekOldestLogEntry,
|
|
* SeekNewestLogEntry and modified
|
|
* parameters to WriteTextEntry
|
|
* Yi-HsinS 02/25/92 Added helper methods to get log
|
|
* descriptions from the registry
|
|
* Yi-HsinS 04/25/92 Added caching for message dlls
|
|
* Yi-HsinS 10/13/92 Added support for parameter message file
|
|
* RaviR 02/28/95 Added support to get description &
|
|
* source name for Cairo Alerts
|
|
* JonN 6/22/00 WriteTextEntry no longer supported
|
|
*
|
|
*/
|
|
|
|
#ifndef _LOGNT_HXX_
|
|
#define _LOGNT_HXX_
|
|
|
|
#include "eventlog.hxx"
|
|
#include "uatom.hxx"
|
|
#include "regkey.hxx"
|
|
#include "array.hxx"
|
|
#include "uintlsa.hxx"
|
|
|
|
//
|
|
// The maximum number of libraries that are opened at any one time.
|
|
//
|
|
#define MAX_LIBRARY_OPENED 10
|
|
|
|
|
|
//
|
|
// The following is used to get the alert description and source name
|
|
// for Cairo alerts.
|
|
//
|
|
typedef long (*PASGETALERTDESCRIPTION)(ULONG, const BYTE*, LPWSTR *);
|
|
typedef long (*PASGETALERTSOURCENAME)(ULONG, const BYTE*, LPWSTR *);
|
|
|
|
|
|
/*************************************************************************
|
|
|
|
NAME: DLL_NAME_HANDLE_PAIR
|
|
|
|
SYNOPSIS: The class stores the name and opened handle
|
|
of a dll.
|
|
|
|
INTERFACE : DLL_HANDLE() - Constructor
|
|
Set() - Set the name and handle
|
|
QueryName() - Return the full path name of the dll
|
|
QueryHandle() - Return the handle of the dll
|
|
|
|
PARENT: BASE
|
|
|
|
USES:
|
|
|
|
CAVEATS:
|
|
|
|
NOTES:
|
|
|
|
HISTORY:
|
|
Yi-HsinS 4/25/92 Created
|
|
|
|
**************************************************************************/
|
|
|
|
DLL_CLASS DLL_NAME_HANDLE_PAIR: public BASE
|
|
{
|
|
private:
|
|
// Name of the dll
|
|
NLS_STR _nlsName;
|
|
|
|
// Opened handle of the above dll
|
|
HMODULE _handle;
|
|
|
|
public:
|
|
DLL_NAME_HANDLE_PAIR();
|
|
DLL_NAME_HANDLE_PAIR( const TCHAR *pszName, HMODULE handle = 0 );
|
|
|
|
APIERR Set( const TCHAR *pszName, HMODULE handle )
|
|
{ _nlsName = pszName; _handle = handle; return _nlsName.QueryError(); }
|
|
|
|
NLS_STR *QueryName( VOID )
|
|
{ return &_nlsName; }
|
|
|
|
HMODULE QueryHandle( VOID )
|
|
{ return _handle; }
|
|
|
|
};
|
|
|
|
//
|
|
// An array of DLL_NAME_HANDLE_PAIR
|
|
//
|
|
DECL_ARRAY_OF( DLL_NAME_HANDLE_PAIR, DLL_BASED )
|
|
|
|
/*************************************************************************
|
|
|
|
NAME: DLL_HANDLE_CACHE_ARRAY
|
|
|
|
SYNOPSIS: Wrapper class containing an array of DLL_NAME_HANDLE_PAIR.
|
|
This class contains all methods in dealing with caching
|
|
the opened handles of dlls.
|
|
|
|
INTERFACE : DLL_HANDLE_CACHE_ARRAY() - Constructor
|
|
QueryHandle() - Query the handle of the given dll
|
|
QuerySize() - Query the number of elements
|
|
that is allocated for the array.
|
|
QueryCount() - Query the actual number of elements
|
|
contained in the array.
|
|
operator[]() - Return the ith element in the array
|
|
Cache() - Store the dll and handle into the
|
|
array.
|
|
|
|
|
|
PARENT: BASE
|
|
|
|
USES: ARRAY_OF( DLL_NAME_HANDLE_PAIR )
|
|
|
|
CAVEATS:
|
|
|
|
NOTES:
|
|
|
|
HISTORY:
|
|
Yi-HsinS 4/25/92 Created
|
|
|
|
**************************************************************************/
|
|
|
|
DLL_CLASS DLL_HANDLE_CACHE_ARRAY: public BASE
|
|
{
|
|
private:
|
|
ARRAY_OF( DLL_NAME_HANDLE_PAIR ) _aDllNameHandle;
|
|
|
|
// The next slot to fill in the dll name/handle
|
|
UINT _cNext;
|
|
|
|
// Flag indicating whether the array is full or not
|
|
BOOL _fFull;
|
|
|
|
public:
|
|
DLL_HANDLE_CACHE_ARRAY( UINT cElem );
|
|
|
|
HMODULE QueryHandle( const NLS_STR &nls );
|
|
|
|
INT QuerySize() const
|
|
{ return _aDllNameHandle.QueryCount(); }
|
|
|
|
INT QueryCount() const
|
|
{ return ( _fFull? _aDllNameHandle.QueryCount() : _cNext ); }
|
|
|
|
DLL_NAME_HANDLE_PAIR &operator[]( INT iIndex ) const
|
|
{ return _aDllNameHandle[ iIndex ]; }
|
|
|
|
APIERR Cache( const NLS_STR &nls, HMODULE handle );
|
|
|
|
};
|
|
|
|
|
|
/*************************************************************************
|
|
|
|
NAME: SOURCE_INFO_ITEM
|
|
|
|
SYNOPSIS: The class for storing the information contained in the registry
|
|
of each source under the module.
|
|
|
|
INTERFACE : SOURCE_INFO_ITEM() - Constructor
|
|
~SOURCE_INFO_ITEM() - Destructor
|
|
|
|
Set() - Set the information contain in the item
|
|
|
|
IsInitialized() - See if the all the information
|
|
contained in this item is initialized
|
|
or not.
|
|
|
|
QuerySource() - Return the source name
|
|
QueryTypeMask() - Return the type mask
|
|
QueryCategoryDllName() - Return the full path name of
|
|
the category dll
|
|
QueryCategoryCount() - Return the number of categories used
|
|
in the source.
|
|
QueryCategoryList() - Return the list of categories supported
|
|
in this source.
|
|
SetCategoryList() - Set the category list.
|
|
QueryEventsDllList() - Return the list of full path names of
|
|
the events dll
|
|
|
|
QueryParameterMessageDllName() - Return the dll name containing
|
|
strings for language independent
|
|
insertion strings
|
|
|
|
PARENT: BASE
|
|
|
|
USES: NLS_STR, STRLIST
|
|
|
|
CAVEATS:
|
|
|
|
NOTES:
|
|
|
|
HISTORY:
|
|
Yi-HsinS 2/25/92 Created
|
|
|
|
**************************************************************************/
|
|
|
|
DLL_CLASS SOURCE_INFO_ITEM : public BASE
|
|
{
|
|
private:
|
|
// The name of the source
|
|
NLS_STR _nlsSource;
|
|
|
|
// Flag indicating whether the information in this item is initialized
|
|
// or not
|
|
BOOL _fInitialized;
|
|
|
|
// The type mask supported by the source
|
|
USHORT _usTypeMask;
|
|
|
|
// The category dll name supported by the source
|
|
NLS_STR _nlsCategoryDllName;
|
|
|
|
// The number of categories in the above dll
|
|
USHORT _cCategoryCount;
|
|
|
|
// Pointer to a list of categories names
|
|
STRLIST *_pstrlstCategory;
|
|
|
|
// Pointer to a list of dlls containing descriptions
|
|
STRLIST *_pstrlstEventsDll;
|
|
|
|
// The name of the parameter message dll supported by the source
|
|
NLS_STR _nlsParameterMessageDllName;
|
|
|
|
public:
|
|
SOURCE_INFO_ITEM();
|
|
|
|
SOURCE_INFO_ITEM( const TCHAR *pszSource,
|
|
USHORT usTypeMask = 0,
|
|
const TCHAR *pszCategoryDllName = NULL,
|
|
USHORT cCategoryCount = 0,
|
|
STRLIST *pstrlstEventsDll = NULL,
|
|
const TCHAR *pszParameterMessageDllName = NULL );
|
|
|
|
~SOURCE_INFO_ITEM();
|
|
|
|
|
|
APIERR Set( USHORT usTypeMask,
|
|
const TCHAR *pszCategoryDllName,
|
|
USHORT cCategoryCount,
|
|
STRLIST *pstrlstEventsDll,
|
|
const TCHAR *pszParameterMessageDllName );
|
|
|
|
BOOL IsInitialized( VOID ) const
|
|
{ return _fInitialized; }
|
|
|
|
const NLS_STR *QuerySource( VOID ) const
|
|
{ return &_nlsSource; }
|
|
|
|
USHORT QueryTypeMask( VOID ) const
|
|
{ UIASSERT( IsInitialized() ); return _usTypeMask; }
|
|
|
|
const NLS_STR *QueryCategoryDllName( VOID ) const
|
|
{ UIASSERT( IsInitialized() ); return &_nlsCategoryDllName; }
|
|
|
|
USHORT QueryCategoryCount( VOID ) const
|
|
{ UIASSERT( IsInitialized() ); return _cCategoryCount; }
|
|
|
|
STRLIST *QueryCategoryList( VOID )
|
|
{ UIASSERT( IsInitialized() ); return _pstrlstCategory; }
|
|
|
|
VOID SetCategoryList( STRLIST *pstrlstCategory )
|
|
{ _pstrlstCategory = pstrlstCategory; }
|
|
|
|
STRLIST *QueryEventDllList( VOID )
|
|
{ UIASSERT( IsInitialized() ); return _pstrlstEventsDll; }
|
|
|
|
const NLS_STR *QueryParameterMessageDllName( VOID ) const
|
|
{ UIASSERT( IsInitialized() ); return &_nlsParameterMessageDllName; }
|
|
};
|
|
|
|
/*************************************************************************
|
|
|
|
NAME: SOURCE_INFO_ITEM_PTR
|
|
|
|
SYNOPSIS: Item that contains a pointer to SOURCE_INFO_ITEM
|
|
|
|
INTERFACE: SOURCE_INFO_ITEM_PTR() - Constructor
|
|
~SOURCE_INFO_ITEM_PTR() - Destructor
|
|
|
|
operator=() - Assignment operator
|
|
operator->() - Return a pointer to SOURCE_INFO_ITEM
|
|
|
|
Compare() - Compare two SOURCE_INFO_ITEM_PTR to
|
|
see if they contain the same source.
|
|
|
|
QuerySourceItem() - Return the SOURCE_INFO_ITEM contained
|
|
in the object.
|
|
|
|
PARENT:
|
|
|
|
USES: SOURCE_INFO_ITEM
|
|
|
|
CAVEATS:
|
|
|
|
NOTES:
|
|
|
|
HISTORY:
|
|
Yi-HsinS 2/25/92 Created
|
|
|
|
**************************************************************************/
|
|
|
|
DLL_CLASS SOURCE_INFO_ITEM_PTR
|
|
{
|
|
private:
|
|
SOURCE_INFO_ITEM *_pSrcInfoItem;
|
|
|
|
// If _fDestroy is TRUE, we will destroy _pSrcInfoItem when this
|
|
// item gets destructed. Otherwise, we will leave it alone.
|
|
BOOL _fDestroy;
|
|
|
|
public:
|
|
SOURCE_INFO_ITEM_PTR()
|
|
: _pSrcInfoItem( NULL ),
|
|
_fDestroy( TRUE ) {}
|
|
|
|
SOURCE_INFO_ITEM_PTR( SOURCE_INFO_ITEM *pSrcInfoItem, BOOL fDestroy )
|
|
: _pSrcInfoItem( pSrcInfoItem ),
|
|
_fDestroy( fDestroy ) {}
|
|
|
|
~SOURCE_INFO_ITEM_PTR()
|
|
{ if ( _fDestroy )
|
|
delete _pSrcInfoItem;
|
|
_pSrcInfoItem = NULL;
|
|
}
|
|
|
|
SOURCE_INFO_ITEM_PTR &operator=( const SOURCE_INFO_ITEM_PTR &s )
|
|
{ _pSrcInfoItem = s._pSrcInfoItem; return *this; }
|
|
|
|
SOURCE_INFO_ITEM *operator->()
|
|
{ return _pSrcInfoItem; }
|
|
|
|
INT Compare( const SOURCE_INFO_ITEM_PTR *pSrcInfoItemPtr ) const ;
|
|
|
|
SOURCE_INFO_ITEM *QuerySourceItem() const
|
|
{ return _pSrcInfoItem; }
|
|
|
|
};
|
|
|
|
//
|
|
// An array of pointers to SOURCE_INFO_ITEM
|
|
//
|
|
DECL_ARRAY_LIST_OF( SOURCE_INFO_ITEM_PTR, DLL_BASED )
|
|
|
|
/*************************************************************************
|
|
|
|
NAME: SOURCE_INFO_ARRAY
|
|
|
|
SYNOPSIS: Wrapper class for the array of SOURCE_INFO_ITEM. Access
|
|
methods are added to get the information for the nth
|
|
item in the array.
|
|
|
|
INTERFACE : SOURCE_INFO_ARRAY() - Constructor
|
|
|
|
QuerySource() - Return the source name of the ith item
|
|
QueryTypeMask() - Return the type mask of the ith item
|
|
QueryCategoryDllName() - Return the full path name of
|
|
the category dll of the ith item
|
|
QueryCategoryCount() - Return the number of categories
|
|
of the ith item
|
|
QueryCategoryList() - Return the list of categories supported
|
|
by the ith source.
|
|
QueryEventsDllList() - Return the list of full path names of
|
|
the events dll of the ith item
|
|
|
|
QueryParameterMessageDllName() - Return the dll name containing
|
|
strings for language independent
|
|
insertion strings of the ith item
|
|
|
|
PARENT: ARRAY_LIST_OF( SOURCE_INFO_ITEM )
|
|
|
|
USES:
|
|
|
|
CAVEATS:
|
|
|
|
NOTES:
|
|
|
|
HISTORY:
|
|
Yi-HsinS 8/25/92 Created
|
|
|
|
**************************************************************************/
|
|
|
|
DLL_CLASS SOURCE_INFO_ARRAY : public ARRAY_LIST_OF( SOURCE_INFO_ITEM_PTR )
|
|
{
|
|
public:
|
|
SOURCE_INFO_ARRAY( UINT cElem )
|
|
: ARRAY_LIST_OF(SOURCE_INFO_ITEM_PTR )( cElem )
|
|
{ }
|
|
|
|
const NLS_STR *QuerySource( INT i ) const
|
|
{ return ((*this)[i])->QuerySource(); }
|
|
|
|
USHORT QueryTypeMask( INT i ) const
|
|
{ return ((*this)[i])->QueryTypeMask(); }
|
|
|
|
const NLS_STR *QueryCategoryDllName( INT i ) const
|
|
{ return ((*this)[i])->QueryCategoryDllName(); }
|
|
|
|
USHORT QueryCategoryCount( INT i ) const
|
|
{ return ((*this)[i])->QueryCategoryCount(); }
|
|
|
|
STRLIST *QueryCategoryList( INT i ) const
|
|
{ return ((*this)[i])->QueryCategoryList(); }
|
|
|
|
STRLIST *QueryEventDllList( INT i ) const
|
|
{ return ((*this)[i])->QueryEventDllList(); }
|
|
|
|
const NLS_STR *QueryParameterMessageDllName( INT i ) const
|
|
{ return ((*this)[i])->QueryParameterMessageDllName(); }
|
|
};
|
|
|
|
/*************************************************************************
|
|
|
|
NAME: LOG_REGISTRY_INFO
|
|
|
|
SYNOPSIS: The class for storing all the information contained in the
|
|
registry under the given module (system, security...).
|
|
|
|
INTERFACE: LOG_REGISTRY_INFO() - Constructor
|
|
~LOG_REGISTRY_INFO() - Destructor
|
|
|
|
Init() - 2nd stage constructor
|
|
|
|
SubstituteParameterID - Find all %%num in the given string
|
|
with appropriate strings.
|
|
|
|
MapEventIDToString() - Get the description associated with
|
|
the string
|
|
MapCategoryToString() - Get the string associated with
|
|
the string
|
|
|
|
GetSrcSupportedTypeMask() - Get the type mask supported by
|
|
the given source
|
|
GetSrcSupportedCategoryList() - Get all categories supported by
|
|
the given source
|
|
GetSourceList() - Get the sources supported under
|
|
the given module
|
|
|
|
|
|
PARENT: BASE
|
|
|
|
USES: NLS_STR, STRLIST, DLL_HANDLE_CACHE_ARRAY, REG_KEY,
|
|
SOURCE_INFO_ARRAY
|
|
|
|
CAVEATS:
|
|
|
|
NOTES:
|
|
|
|
HISTORY:
|
|
Yi-HsinS 2/25/92 Created
|
|
|
|
**************************************************************************/
|
|
|
|
DLL_CLASS LOG_REGISTRY_INFO : public BASE
|
|
{
|
|
private:
|
|
//
|
|
// The server that we are reading the registry from
|
|
//
|
|
NLS_STR _nlsServer;
|
|
|
|
//
|
|
// The module in the registry
|
|
//
|
|
NLS_STR _nlsModule;
|
|
|
|
//
|
|
// If the server points to a remote machine,
|
|
// then this will contain the path to %SystemRoot%.
|
|
// Else this will contain a NULL string which will not be used.
|
|
//
|
|
NLS_STR _nlsRemoteSystemRoot;
|
|
|
|
//
|
|
// The array to cache the handles used by the eventlog to get the
|
|
// description of each log entry.
|
|
//
|
|
DLL_HANDLE_CACHE_ARRAY _aDllHandleCache;
|
|
|
|
//
|
|
// Pointer to an array of SOURCE_INFO_ITEM
|
|
//
|
|
SOURCE_INFO_ARRAY *_paSourceInfo;
|
|
|
|
//
|
|
// The index of the primary module in the array pointed by _paSourceInfo
|
|
//
|
|
INT _iPrimarySource;
|
|
|
|
//
|
|
// Pointer to a strlst containing all sources under the module
|
|
//
|
|
STRLIST *_pstrlstSource;
|
|
|
|
//
|
|
// Pointer to the registry key of module
|
|
//
|
|
REG_KEY *_pRegKeyFocusModule;
|
|
|
|
//
|
|
// Get the registry key of module on the server
|
|
//
|
|
APIERR GetRegKeyModule( const TCHAR *pszServer,
|
|
REG_KEY **ppRegKeyModule );
|
|
|
|
//
|
|
// Get the handle of the given dll
|
|
//
|
|
APIERR GetLibHandle( const TCHAR *pszLibName, HMODULE *pHandle );
|
|
|
|
//
|
|
// Expand %SystemRoot% that is contained in pszPath
|
|
//
|
|
APIERR ExpandSystemRoot( const TCHAR *pszPath, NLS_STR *pnls );
|
|
|
|
//
|
|
// Get %SystemRoot% from the remote registry. This is used only
|
|
// if we are reading the registry from the remote machine.
|
|
//
|
|
APIERR GetRemoteSystemRoot( NLS_STR *pnls );
|
|
|
|
//
|
|
// Initialize the SOURCE_INFO_ITEM at (*_paSourceInfo)[index]
|
|
//
|
|
APIERR InitSource( INT index );
|
|
|
|
//
|
|
// Initialize the category list at (*_paSourceInfo)[index]
|
|
//
|
|
APIERR InitCategoryList( INT index );
|
|
|
|
//
|
|
// Get the source name at (*_paSourceInfo)[index]
|
|
//
|
|
INT QuerySourceIndex( const TCHAR *pszSource );
|
|
|
|
//
|
|
// Returns TRUE if the primary source exists in the registry
|
|
//
|
|
BOOL PrimarySourceExist( VOID )
|
|
{ return _iPrimarySource >= 0; }
|
|
|
|
//
|
|
// Returns TRUE if the index is the same as the primary source index
|
|
//
|
|
BOOL IsPrimarySource( INT index )
|
|
{ return index == _iPrimarySource; }
|
|
|
|
//
|
|
// Get the string associated with the id in the dll
|
|
//
|
|
APIERR RetrieveMessage( HMODULE handle,
|
|
ULONG nID,
|
|
NLS_STR *pnls );
|
|
|
|
//
|
|
// Get the string associated with nMessageID in the source
|
|
//
|
|
APIERR MapParameterToString( const TCHAR *pszSource,
|
|
ULONG nMessageID,
|
|
NLS_STR *pnls );
|
|
|
|
public:
|
|
LOG_REGISTRY_INFO( const NLS_STR &nlsServer,
|
|
const NLS_STR &nlsModule );
|
|
|
|
~LOG_REGISTRY_INFO();
|
|
|
|
APIERR Init( VOID );
|
|
|
|
APIERR SubstituteParameterID( const TCHAR *pszSource,
|
|
NLS_STR *pnls );
|
|
|
|
APIERR MapEventIDToString ( const TCHAR *pszSource,
|
|
ULONG ulEventID,
|
|
NLS_STR *pnls );
|
|
|
|
APIERR MapCategoryToString ( const TCHAR *pszSource,
|
|
USHORT usCategory,
|
|
NLS_STR *pnls );
|
|
|
|
|
|
APIERR GetSrcSupportedTypeMask( const TCHAR *pszSource,
|
|
USHORT *pusTypeMask );
|
|
|
|
APIERR GetSrcSupportedCategoryList( const TCHAR *pszSource,
|
|
STRLIST **ppstrlstCategory );
|
|
|
|
STRLIST *GetSourceList( VOID )
|
|
{ return _pstrlstSource; }
|
|
|
|
};
|
|
|
|
|
|
/*************************************************************************
|
|
|
|
NAME: NT_EVENT_LOG
|
|
|
|
SYNOPSIS: The class for NT Event Log
|
|
|
|
INTERFACE:
|
|
protected:
|
|
I_Next() - Helper method for reading the log file
|
|
I_Open() - Helper method for opening the handle
|
|
to the event log
|
|
I_Close()- Helper method for closing the handle
|
|
to the event log
|
|
|
|
CreateCurrentRawEntry() - Create a RAW_LOG_ENTRY for the current
|
|
log entry. This is used when filtering log files.
|
|
SetPos() - Set the position for the next read.
|
|
QueryCurrentEntryCategory() -
|
|
Get the category of the current log entry
|
|
QueryCurrentEntryTypeString() -
|
|
Retrieve the type of the current log entry
|
|
QueryCurrentEntryUser() -
|
|
Get the user of the current log entry
|
|
|
|
NextString() - Iterator for returning the strings in the
|
|
current log entry.
|
|
|
|
public:
|
|
NT_EVENT_LOG() - Constructor
|
|
~NT_EVENT_LOG() - Destructor
|
|
|
|
Clear() - Clear the event log
|
|
Backup() - Back up the event log without clearing the log file
|
|
Reset() - Reset to the beginning or end of log depending
|
|
on direction
|
|
|
|
QueryPos() - Get the position of the current event log entry
|
|
Direction is not important on NT.
|
|
|
|
SeekOldestLogEntry() - Get the oldest log entry in the log
|
|
SeekNewestLogEntry() - Get the newest log entry in the log
|
|
QueryNumberOfEntries() - Get the number of entries in the log
|
|
|
|
CreateCurrentFormatEntry() - Create a FORMATTED_LOG_ENTRY for
|
|
the current log entry.
|
|
|
|
WriteTextEntry() - Write the current log entry to a text file
|
|
JonN 6/22/00 WriteTextEntry no longer supported
|
|
|
|
QueryCurrentEntryData() -
|
|
Retrieve the raw data of the current log entry
|
|
QueryCurrentEntryDesc() -
|
|
Get the description of the current log entry
|
|
QueryCurrentEntryTime() -
|
|
Get the time of the current log entry
|
|
|
|
IsBackup() - True if we want to open a backup log file
|
|
|
|
QuerySourceList() - Return the sources supported by the module
|
|
|
|
QuerySrcSupportedTypeMask() - Query the type mask supported
|
|
by the given source
|
|
QuerySrcSupportedCategoryList() - Query the category list
|
|
supported by the given source
|
|
|
|
PARENT: EVENT_LOG
|
|
|
|
USES:
|
|
|
|
CAVEATS:
|
|
|
|
NOTES:
|
|
|
|
HISTORY:
|
|
Yi-HsinS 10/15/91 Created
|
|
|
|
**************************************************************************/
|
|
|
|
DLL_CLASS NT_EVENT_LOG : public EVENT_LOG
|
|
{
|
|
private:
|
|
//
|
|
// Handle to the NT event log
|
|
//
|
|
HANDLE _handle;
|
|
|
|
//
|
|
// Buffer containing a whole amount of event log entries returned
|
|
// by a net API call.
|
|
//
|
|
BUFFER _buf;
|
|
|
|
//
|
|
// Points to the current log entry inside the buffer _buf
|
|
//
|
|
EVENTLOGRECORD *_pEL;
|
|
|
|
//
|
|
// the offset(bytes) in the buffer in which the next log entry starts
|
|
//
|
|
ULONG _cbOffset;
|
|
|
|
//
|
|
// the number of bytes returned from the last read
|
|
//
|
|
ULONG _cbReturned;
|
|
|
|
//
|
|
// the minimum number of bytes needed for the next read
|
|
//
|
|
ULONG _cbMinBytesNeeded;
|
|
|
|
//
|
|
// The index of the next string to be retrieved by NextString()
|
|
//
|
|
UINT _iStrings;
|
|
|
|
//
|
|
// The log number to read in the case of seek read
|
|
//
|
|
ULONG _ulRecSeek;
|
|
|
|
//
|
|
// TRUE if we want to open a backup file
|
|
//
|
|
BOOL _fBackup;
|
|
|
|
//
|
|
// Registry Information needed to get the description of log entries
|
|
//
|
|
LOG_REGISTRY_INFO _logRegistryInfo;
|
|
|
|
//
|
|
// The following for translating SIDS to readable names
|
|
//
|
|
LSA_POLICY _lsaPolicy;
|
|
LSA_TRANSLATED_NAME_MEM _lsatnm;
|
|
LSA_REF_DOMAIN_MEM _lsardm;
|
|
NLS_STR _nlsAccountDomain;
|
|
UINT _cCountUsers;
|
|
|
|
//
|
|
// The following is used to get the alert description and source name
|
|
// for Cairo alerts.
|
|
//
|
|
HINSTANCE _hinstanceSysmgmt;
|
|
PASGETALERTDESCRIPTION _pAsGetAlertDescription;
|
|
PASGETALERTSOURCENAME _pAsGetAlertSourceName;
|
|
|
|
protected:
|
|
virtual APIERR I_Next( BOOL *pfContinue,
|
|
ULONG ulBufferSize = BIG_BUF_DEFAULT_SIZE );
|
|
virtual APIERR I_Open( VOID );
|
|
virtual APIERR I_Close( VOID );
|
|
|
|
virtual APIERR CreateCurrentRawEntry( RAW_LOG_ENTRY *pRawLogEntry );
|
|
virtual VOID SetPos( const LOG_ENTRY_NUMBER &logEntryNum, BOOL fForceRead );
|
|
|
|
APIERR QueryCurrentEntryCategory( NLS_STR *pnlsCategory );
|
|
APIERR QueryCurrentEntryTypeString( NLS_STR *pnlsType );
|
|
APIERR QueryCurrentEntryUser( NLS_STR *pnlsUser );
|
|
|
|
//
|
|
// Iterator to return the next string in the current log.
|
|
// Returns FALSE if some error occurs or if there are no more strings left.
|
|
// Need to QueryLastError() to distinguish between the two cases.
|
|
//
|
|
APIERR NextString( BOOL *pfContinue, NLS_STR **ppnlsString );
|
|
|
|
|
|
//
|
|
// The following method is used to get the proc address of alert functions
|
|
// AsGetAlertdescription and AsGetAlertSourceName
|
|
//
|
|
APIERR GetProcAddressOfAlertFuctions( VOID );
|
|
|
|
public:
|
|
//
|
|
// Constructor : takes a server name,
|
|
// an optional direction which defaults to EVLOG_FWD,
|
|
// a module name needed for NT Event Log,
|
|
// and a module name needed for reading the registry.
|
|
// If pszModule and pszRegistryModule don't point to the
|
|
// same place, then we are reading a backup event log.
|
|
//
|
|
NT_EVENT_LOG( const TCHAR *pszServer,
|
|
EVLOG_DIRECTION evdir = EVLOG_FWD,
|
|
const TCHAR *pszModule = NULL,
|
|
const TCHAR *pszRegistryModule = NULL );
|
|
|
|
virtual ~NT_EVENT_LOG();
|
|
|
|
//
|
|
// See comments in EVENT_LOG
|
|
//
|
|
virtual APIERR Clear( const TCHAR *pszBackupFile = NULL );
|
|
virtual APIERR Backup( const TCHAR *pszBackupFile );
|
|
virtual VOID Reset( VOID );
|
|
|
|
virtual APIERR QueryPos( LOG_ENTRY_NUMBER *plogEntryNum );
|
|
virtual APIERR SeekOldestLogEntry( VOID );
|
|
virtual APIERR SeekNewestLogEntry( VOID );
|
|
virtual APIERR QueryNumberOfEntries( ULONG *pcEntries );
|
|
|
|
virtual APIERR CreateCurrentFormatEntry( FORMATTED_LOG_ENTRY
|
|
**ppFmtLogEntry );
|
|
|
|
// JonN 6/22/00 WriteTextEntry no longer supported
|
|
virtual APIERR WriteTextEntry( ULONG ulFileHandle, INTL_PROFILE &intlprof,
|
|
TCHAR chSeparator );
|
|
|
|
virtual ULONG QueryCurrentEntryData( BYTE **ppbDataOut );
|
|
virtual APIERR QueryCurrentEntryDesc( NLS_STR *pnlsDesc );
|
|
virtual ULONG QueryCurrentEntryTime( VOID );
|
|
|
|
BOOL IsBackup( VOID )
|
|
{ return _fBackup; }
|
|
|
|
virtual STRLIST *QuerySourceList( VOID );
|
|
|
|
virtual APIERR QuerySrcSupportedTypeMask( const NLS_STR &nlsSource,
|
|
USHORT *pusTypeMask );
|
|
|
|
virtual APIERR QuerySrcSupportedCategoryList( const NLS_STR &nlsSource,
|
|
STRLIST **ppstrlstCategory );
|
|
};
|
|
|
|
#endif
|
|
|