home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Softwarová Záchrana 3
/
Softwarova-zachrana-3.bin
/
pserv.cpl
/
pserv-2.4.exe
/
source
/
ceventlog.cpp
< prev
next >
Wrap
C/C++ Source or Header
|
2005-01-05
|
12KB
|
389 lines
#include "stdafx.h"
#include "resource.h"
#include "CEventLog.h"
#include "CConfiguration.h"
CEventSource::CEventSource( LPCTSTR name, LPCTSTR type )
: m_strName( name ),
m_hFile(0)
{
HKEY hKey;
LONG lResult = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
FormattedString(_T("SYSTEM\\CurrentControlSet\\Services\\Eventlog\\%s\\%s"), type, name),
0,
KEY_READ,
&hKey );
if( lResult == 0 )
{
BYTE bMaxData[1024*sizeof(TCHAR)];
DWORD dwData = sizeof(bMaxData), dwType;
if( RegQueryValueEx(hKey,_T("EventMessageFile"),0,&dwType,bMaxData,&dwData ) == 0 )
{
if( dwType == REG_SZ || dwType == REG_EXPAND_SZ )
{
TCHAR expanded[1024];
// BUG BUG BUG
VERIFY( ExpandEnvironmentStrings((LPCTSTR) bMaxData, expanded, sizeof(expanded)) );
m_strFile = expanded;
}
}
RegCloseKey(hKey);
}
if( !IsEmptyString(m_strFile) )
{
m_hFile = LoadLibraryEx(m_strFile, 0, LOAD_LIBRARY_AS_DATAFILE);
}
}
CEventSource::~CEventSource()
{
if(m_hFile)
FreeLibrary(HMODULE(m_hFile));
}
BOOL CEventSource::IsValid()
{
if( !this )
return FALSE;
if( IsEmptyString(m_strFile) )
return FALSE;
if( !m_hFile )
return FALSE;
return TRUE;
}
CString GetTimeAsString(DWORD dwSeconds)
{
FILETIME FileTime, LocalFileTime;
SYSTEMTIME SysTime;
__int64 lgTemp;
__int64 SecsTo1970 = 116444736000000000;
lgTemp = Int32x32To64(dwSeconds,10000000) + SecsTo1970;
FileTime.dwLowDateTime = (DWORD) lgTemp;
FileTime.dwHighDateTime = (DWORD)(lgTemp >> 32);
FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
FileTimeToSystemTime(&LocalFileTime, &SysTime);
TCHAR szDate[256], szTime[256];
VERIFY( GetDateFormat( LOCALE_USER_DEFAULT, DATE_SHORTDATE, &SysTime, NULL, szDate, sizeof(szDate)/sizeof(TCHAR) ) );
VERIFY( GetTimeFormat( LOCALE_USER_DEFAULT, 0, &SysTime, NULL, szTime, sizeof(szTime)/sizeof(TCHAR) ) );
return FormattedString(_T("%s %s"), szDate, szTime );
}
CString CEventEntry::GetDisplayString(DWORD dwIndex)
{
switch(dwIndex)
{
case 0: return m_strShortText;
case 1: return m_strSourceName;
case 2: return m_strEventType;
case 3: return m_strTimeWritten;
case 4: return m_strComputerName;
case 5: return m_strSourceDll;
case 6: return m_strEventCategory;
case 7: return m_strUsername;
case 8: return m_strTimeGenerated;
case 9: return m_strRecordNumber;
case 10: return m_strClosingRecordNumber;
}
return CString();
}
COLORREF CEventEntry::GetTextColor()
{
if( (m_Record.EventType == EVENTLOG_ERROR_TYPE) ||
(m_Record.EventType == EVENTLOG_AUDIT_FAILURE) )
{
return RGB(255, 0, 0);
}
else if(m_Record.EventType == EVENTLOG_WARNING_TYPE)
{
return RGB(140, 140, 0);
}
else if(m_Record.EventType == EVENTLOG_INFORMATION_TYPE)
{
return RGB(0, 0, 0);
}
else if(m_Record.EventType == EVENTLOG_INFORMATION_TYPE)
{
return RGB(0, 200, 0);
}
return RGB(0, 0, 0);
}
CString CEventEntry::GetInfoTip()
{
return m_strDescription;
}
CString CEventEntry::GetEventTypeAsString(DWORD dwEventType)
{
switch(dwEventType)
{
case EVENTLOG_SUCCESS:
return _T("Success");
case EVENTLOG_ERROR_TYPE:
return _T("Error");
case EVENTLOG_WARNING_TYPE:
return _T("Warning");
case EVENTLOG_INFORMATION_TYPE:
return _T("Information");
case EVENTLOG_AUDIT_SUCCESS:
return _T("Audit success");
case EVENTLOG_AUDIT_FAILURE:
return _T("Audit failure");
}
CString result;
result.Format(_T("<INVALID: 0x%08lx>"), dwEventType );
return result;
}
CEventEntry::CEventEntry( CEventLog* parent, PEVENTLOGRECORD entry )
{
m_strTimeWritten = GetTimeAsString( entry->TimeWritten );
m_strEventType = GetEventTypeAsString(entry->EventType);
m_strEventCategory.Format(_T("%hd"), entry->EventCategory );
m_Record = *entry;
LPCTSTR p = LPCTSTR((LPBYTE(&entry->DataOffset) + sizeof(DWORD)));
m_strSourceName = p;
p += lstrlen(p) +1;
m_strComputerName = p;
p += lstrlen(p) +1;
p = (LPCTSTR)( LPBYTE(entry) + entry->StringOffset);
LPCTSTR* Strings = new LPCTSTR[entry->NumStrings+1];
for( int i = 0; i < entry->NumStrings; i++ )
{
if( !IsEmptyString(p) && IsEmptyString(m_strDescription) )
m_strDescription = p;
m_strStrings.Add(p);
Strings[i] = m_strStrings.GetAt(i);
p += lstrlen(p)+1;
}
Strings[i] = NULL;
if( entry->UserSidLength )
{
m_strUsername = GetUsernameFromSid((PSID)( LPBYTE(entry) + entry->UserSidOffset));
}
m_strTimeGenerated = GetTimeAsString( entry->TimeGenerated );
m_strRecordNumber.Format(_T("%ld"), entry->RecordNumber );
m_strClosingRecordNumber.Format(_T("%ld"), entry->ClosingRecordNumber );
// SID UserSid
// BYTE Data[]
CEventSource* pest = parent->GetEventSource(m_strSourceName);
if( pest )
{
m_strSourceDll = pest->m_strFile;
LPTSTR lpszBuffer;
if( FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_HMODULE |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_ARGUMENT_ARRAY,
pest->m_hFile, entry->EventID, 0, (LPTSTR)&lpszBuffer, 0,
(va_list*) Strings
) )
{
m_strDescription = lpszBuffer;
LocalFree(HLOCAL(lpszBuffer));
}
}
delete Strings;
m_strShortText = m_strDescription;
m_strShortText.Replace(TEXT("\r\n"), TEXT(" "));
}
#define SORT_BY_STRING(NAME) \
int SortBy##NAME(const CEventEntry** ps1, const CEventEntry** ps2) \
{ \
return (*ps1)->m_str##NAME.CompareNoCase((*ps2)->m_str##NAME); \
}
SORT_BY_STRING(ShortText)
SORT_BY_STRING(SourceName)
SORT_BY_STRING(EventType)
SORT_BY_STRING(ComputerName)
SORT_BY_STRING(SourceDll)
SORT_BY_STRING(EventCategory)
SORT_BY_STRING(Username)
#define SORT_BY_INTEGER(NAME) \
int SortBy##NAME(const CEventEntry** ps1, const CEventEntry** ps2) \
{ \
return LONG((*ps1)->m_Record.NAME)-LONG((*ps2)->m_Record.NAME); \
}
SORT_BY_INTEGER(TimeGenerated)
SORT_BY_INTEGER(TimeWritten)
SORT_BY_INTEGER(RecordNumber)
SORT_BY_INTEGER(ClosingRecordNumber)
static GENERICCOMPAREFN SortMethods[] = {
GENERICCOMPAREFN(&SortByShortText),
GENERICCOMPAREFN(&SortBySourceName),
GENERICCOMPAREFN(&SortByEventType),
GENERICCOMPAREFN(&SortByTimeWritten),
GENERICCOMPAREFN(&SortByComputerName),
GENERICCOMPAREFN(&SortBySourceDll),
GENERICCOMPAREFN(&SortByEventCategory),
GENERICCOMPAREFN(&SortByUsername),
GENERICCOMPAREFN(&SortByTimeGenerated),
GENERICCOMPAREFN(&SortByRecordNumber),
GENERICCOMPAREFN(&SortByClosingRecordNumber),
};
CEventLog::CEventLog()
: CListViewEntries(SortMethods, _T("EventLog") ),
m_strLogName( _T("System") )
{
CreateColumns( _T("Event"), _T("Source"), _T("Type"), _T("Written"), _T("Machine"), _T("DLL"), _T("Category"),
_T("Username"), _T("Generated"), _T("Record Nr."), _T("Closing Nr."), NULL );
}
BOOL CEventLog::Refresh()
{
RefreshTitleString();
HANDLE hLog = OpenEventLog(m_strServiceMachine, m_strLogName);
if( !hLog )
return FALSE;
DeleteObjects(m_Entries);
#define BUFFER_SIZE 1024*64
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded /*, dwThisRecord*/;
PEVENTLOGRECORD pevlr = PEVENTLOGRECORD(bBuffer);
// Get the record number of the oldest event log record.
//VERIFY(GetOldestEventLogRecord(hLog, &dwThisRecord));
// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the event log records
// sequentially until the last record has been read.
while (ReadEventLog(hLog, // event log handle
EVENTLOG_BACKWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
m_Entries.Add(new CEventEntry(this, pevlr));
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *) ((LPBYTE) pevlr + pevlr->Length);
}
pevlr = (EVENTLOGRECORD *) &bBuffer;
}
VERIFY(CloseEventLog(hLog));
// needed only during enumeration
DeleteObjects(m_EventSources);
return TRUE;
}
void CEventLog::SetEnumType( LPCTSTR lpszType )
{
m_strLogName = lpszType;
}
CEventSource* CEventLog::GetEventSource(LPCTSTR name)
{
for( int nIndex = 0, nElements = m_EventSources.GetSize(); nIndex < nElements; nIndex++ )
{
CEventSource* source = (CEventSource*) m_EventSources.GetAt(nIndex);
if( source->m_strName.CompareNoCase(name) == 0 )
{
return source;
}
}
CEventSource* s = new CEventSource(name, m_strLogName);
if( s->IsValid() )
{
m_EventSources.Add(s);
return s;
}
delete s;
return NULL;
}
void CEventLog::ConnectTo( LPCTSTR lpszMachine )
{
m_strServiceMachine = lpszMachine;
RefreshTitleString();
}
void CEventLog::RefreshTitleString()
{
LPCTSTR lpszMachine = m_strServiceMachine;
if( !lpszMachine || !*lpszMachine )
{
m_strTitle.Format( TEXT("pserv ") CURRENT_VERSION TEXT(": %s events on local machine"), (LPCTSTR) m_strLogName );
}
else
{
m_strTitle.Format( TEXT("pserv ") CURRENT_VERSION TEXT(": %s events on \\\\%s"), (LPCTSTR) m_strLogName, (LPCTSTR)m_strServiceMachine );
}
}
UINT CEventLog::GetContextMenuID()
{
return IDR_CONTEXTMENU_EVENTS;
}
void CEventLog::ExportXmlToFile( CFile* pFile )
{
PrintToFile(pFile, _T("<?xml version=\"1.0\" encoding=\"ISO-8859-1\" standalone=\"yes\"?>\r\n")
_T("<%s>\r\n"), (LPCTSTR) m_strLogName );
for(int n = 0, nmax = m_Entries.GetSize(); n < nmax; n++ )
{
CEventEntry* p = (CEventEntry*)m_Entries.GetAt(n);
PrintToFile(pFile, _T("\t<entry id=\"%ld\">\r\n"), p->m_Record.RecordNumber );
PrintToFile(pFile, _T("\t\t<event>%s</event>\r\n"),(LPCTSTR) XmlEscape(p->m_strDescription) );
PrintToFile(pFile, _T("\t\t<timewritten>%s</timewritten>\r\n"), (LPCTSTR) XmlEscape(p->m_strTimeWritten) );
PrintToFile(pFile, _T("\t\t<source>%s</source>\r\n"),(LPCTSTR) XmlEscape(p->m_strSourceName) );
PrintToFile(pFile, _T("\t\t<eventtype>%s</eventtype>\r\n"),(LPCTSTR) XmlEscape(p->m_strEventType) );
PrintToFile(pFile, _T("\t\t<computername>%s</computername>\r\n"),(LPCTSTR) XmlEscape(p->m_strComputerName) );
PrintToFile(pFile, _T("\t\t<sourcedll>%s</sourcedll>\r\n"),(LPCTSTR) XmlEscape(p->m_strSourceDll) );
PrintToFile(pFile, _T("\t\t<category>%s</category>\r\n"),(LPCTSTR) XmlEscape(p->m_strEventCategory) );
PrintToFile(pFile, _T("\t</entry>\r\n") );
}
PrintToFile(pFile, _T("</%s>"), (LPCTSTR) m_strLogName);
}
