archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
 
 
 
 
 
 
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/trace/evntrprv/maindll.cpp

229 lines
5.9 KiB
Raw Blame History

/*****************************************************************************\
Author: Corey Morgan (coreym)
Copyright (c) 1998-2000 Microsoft Corporation
\*****************************************************************************/
#include <FWcommon.h>
#include <objbase.h>
#include <initguid.h>
HMODULE ghModule;
WCHAR *EVENTTRACE_GUIDSTRING = L"{9a5dd473-d410-11d1-b829-00c04f94c7c3}";
WCHAR *SYSMONLOG_GUIDSTRING = L"{f95e1664-7979-44f2-a040-496e7f500043}";
CLSID CLSID_CIM_EVENTTRACE;
CLSID CLSID_CIM_SYSMONLOG;
long g_cLock=0;
EXTERN_C BOOL LibMain32(HINSTANCE hInstance, ULONG ulReason
, LPVOID pvReserved)
{
if (DLL_PROCESS_ATTACH==ulReason)
ghModule = hInstance;
return TRUE;
}
STDAPI DllGetClassObject(REFCLSID rclsid, REFIID riid, PPVOID ppv)
{
HRESULT hr;
CWbemGlueFactory *pObj;
CLSIDFromString(EVENTTRACE_GUIDSTRING, &CLSID_CIM_EVENTTRACE );
CLSIDFromString(SYSMONLOG_GUIDSTRING, &CLSID_CIM_SYSMONLOG );
if( CLSID_CIM_EVENTTRACE != rclsid && CLSID_CIM_SYSMONLOG != rclsid ){
return E_FAIL;
}
pObj= new CWbemGlueFactory();
if( NULL==pObj ){
return E_OUTOFMEMORY;
}
hr=pObj->QueryInterface(riid, ppv);
if( FAILED(hr) ){
delete pObj;
}
return hr;
}
STDAPI DllCanUnloadNow(void)
{
SCODE sc;
if( (0L==g_cLock) &&
CWbemProviderGlue::FrameworkLogoffDLL(L"EventTraceProv") &&
CWbemProviderGlue::FrameworkLogoffDLL(L"SmonLogProv")){
sc = S_OK;
}else{
sc = S_FALSE;
}
return sc;
}
BOOL Is4OrMore(void)
{
OSVERSIONINFO os;
os.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
if(!GetVersionEx(&os)){
return FALSE;
}
return os.dwMajorVersion >= 4;
}
STDAPI DllRegisterServer(void)
{
WCHAR szCLSID[512];
WCHAR szModule[MAX_PATH];
LPWSTR pName;
LPWSTR pModel = L"Both";
HKEY hKey1, hKey2;
// Compile Mof
/* HRESULT hr;
hr = CoInitialize(NULL);
if( SUCCEEDED(hr) ){
WCHAR drive[_MAX_DRIVE];
WCHAR dir[_MAX_DIR];
WCHAR fname[_MAX_FNAME];
WCHAR ext[_MAX_EXT];
WBEM_COMPILE_STATUS_INFO stat;
IMofCompiler *pMof = NULL;
hr = CoCreateInstance( CLSID_MofCompiler, NULL, CLSCTX_INPROC_SERVER, IID_IMofCompiler, (void **)&pMof );
GetModuleFileNameW( ghModule, szModule, MAX_PATH);
_wsplitpath( szModule, drive, dir, fname, ext );
_wmakepath( szModule, drive, dir, L"evntrprv.mof", L"" );
pMof->CompileFile( szModule, NULL,NULL,NULL,NULL, 0,0,0, &stat );
pMof->Release();
CoUninitialize();
}
*/
GetModuleFileNameW(ghModule, szModule, MAX_PATH);
// Event Trace Provider
pName = L"Event Trace Logger Provider";
wcscpy(szCLSID, L"SOFTWARE\\CLASSES\\CLSID\\" );
wcscat(szCLSID, EVENTTRACE_GUIDSTRING );
RegCreateKeyW(HKEY_LOCAL_MACHINE, szCLSID, &hKey1);
RegSetValueExW(hKey1, NULL, 0, REG_SZ, (BYTE *)pName, (wcslen(pName)+1)*sizeof(WCHAR));
RegCreateKeyW(hKey1, L"InprocServer32", &hKey2 );
RegSetValueExW(hKey2, NULL, 0, REG_SZ, (BYTE *)szModule, (wcslen(szModule)+1)*sizeof(WCHAR));
RegSetValueExW(hKey2, L"ThreadingModel", 0, REG_SZ, (BYTE *)pModel, (wcslen(pModel)+1)*sizeof(WCHAR));
CloseHandle(hKey1);
CloseHandle(hKey2);
// Sysmon Log Provider
pName = L"System Log Provider";
wcscpy(szCLSID, L"SOFTWARE\\CLASSES\\CLSID\\" );
wcscat(szCLSID, SYSMONLOG_GUIDSTRING );
RegCreateKeyW(HKEY_LOCAL_MACHINE, szCLSID, &hKey1);
RegSetValueExW(hKey1, NULL, 0, REG_SZ, (BYTE *)pName, (wcslen(pName)+1)*sizeof(WCHAR));
RegCreateKeyW(hKey1, L"InprocServer32", &hKey2 );
RegSetValueExW(hKey2, NULL, 0, REG_SZ, (BYTE *)szModule, (wcslen(szModule)+1)*sizeof(WCHAR));
RegSetValueExW(hKey2, L"ThreadingModel", 0, REG_SZ, (BYTE *)pModel, (wcslen(pModel)+1)*sizeof(WCHAR));
CloseHandle(hKey1);
CloseHandle(hKey2);
return NOERROR;
}
STDAPI DllUnregisterServer(void)
{
WCHAR wcID[128];
WCHAR szCLSID[128];
HKEY hKey;
// Event Trace Provider
CLSIDFromString(EVENTTRACE_GUIDSTRING, &CLSID_CIM_EVENTTRACE);
StringFromGUID2(CLSID_CIM_EVENTTRACE, wcID, 128);
wcscpy( szCLSID, L"SOFTWARE\\CLASSES\\CLSID\\");
wcscpy( szCLSID, wcID);
DWORD dwRet = RegOpenKeyW(HKEY_LOCAL_MACHINE, szCLSID, &hKey);
if( dwRet == NO_ERROR ){
RegDeleteKeyW(hKey, L"InProcServer32" );
CloseHandle(hKey);
}
dwRet = RegOpenKeyW(HKEY_LOCAL_MACHINE, L"SOFTWARE\\CLASSES\\CLSID\\", &hKey);
if(dwRet == NO_ERROR){
RegDeleteKeyW(hKey,wcID);
CloseHandle(hKey);
}
// System Log Provider
CLSIDFromString(SYSMONLOG_GUIDSTRING, &CLSID_CIM_SYSMONLOG);
StringFromGUID2(CLSID_CIM_SYSMONLOG, wcID, 128);
wcscpy( szCLSID, L"SOFTWARE\\CLASSES\\CLSID\\");
wcscpy( szCLSID, wcID);
dwRet = RegOpenKeyW(HKEY_LOCAL_MACHINE, szCLSID, &hKey);
if( dwRet == NO_ERROR ){
RegDeleteKeyW(hKey, L"InProcServer32" );
CloseHandle(hKey);
}
dwRet = RegOpenKeyW(HKEY_LOCAL_MACHINE, L"SOFTWARE\\CLASSES\\CLSID\\", &hKey);
if(dwRet == NO_ERROR){
RegDeleteKeyW(hKey,wcID);
CloseHandle(hKey);
}
return NOERROR;
}
BOOL APIENTRY DllMain ( HINSTANCE hInstDLL,
DWORD fdwReason,
LPVOID lpReserved )
{
BOOL bRet = TRUE;
switch( fdwReason ){
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hInstDLL);
ghModule = hInstDLL;
bRet = CWbemProviderGlue::FrameworkLoginDLL(L"EventTraceProv");
break;
case DLL_THREAD_ATTACH:
// Do thread-specific initialization.
break;
case DLL_THREAD_DETACH:
// Do thread-specific cleanup.
break;
case DLL_PROCESS_DETACH:
// Perform any necessary cleanup.
break;
}
return bRet;
}