35 #include "XEventLog.h"
42 static char THIS_FILE[] = __FILE__;
46 #pragma warning(disable : 4127)
47 #endif // __AFXWIN_H__
65 CXEventLog::CXEventLog(LPCTSTR lpszApp ,
66 LPCTSTR lpszEventMessageDll )
69 if ((lpszApp == NULL) || (lpszApp[0] == _T(
'\0')))
71 TRACE(_T(
"=== No app specified in CXEventLog ctor. ")
72 _T(
"Be sure to call Init() before calling Write(). ===\n"));
82 if (lpszApp && (lpszApp[0] != _T(
'\0')))
83 bRet = Init(lpszApp, lpszEventMessageDll);
96 CXEventLog::~CXEventLog()
100 delete [] m_pszAppName;
114 void CXEventLog::Close()
117 ::DeregisterEventSource(m_hEventLog);
131 LPTSTR CXEventLog::GetAppName()
154 BOOL CXEventLog::Init(LPCTSTR lpszApp, LPCTSTR lpszEventMessageDll )
156 _ASSERTE((lpszApp != NULL) && (lpszApp[0] != _T(
'\0')));
157 if (!lpszApp || lpszApp[0] == _T(
'\0'))
164 BOOL bRet = RegisterSource(lpszApp, lpszEventMessageDll);
169 m_hEventLog = ::RegisterEventSource(NULL, lpszApp);
173 TRACE(_T(
"RegisterSource failed\n"));
176 _ASSERTE(m_hEventLog != NULL);
178 return (m_hEventLog != NULL);
192 BOOL CXEventLog::Write(WORD wType, LPCTSTR lpszMessage)
196 _ASSERTE(m_hEventLog != NULL);
203 _ASSERTE(lpszMessage != NULL);
207 _ASSERTE((wType == EVENTLOG_ERROR_TYPE) ||
208 (wType == EVENTLOG_WARNING_TYPE) ||
209 (wType == EVENTLOG_INFORMATION_TYPE) ||
210 (wType == EVENTLOG_AUDIT_SUCCESS) ||
211 (wType == EVENTLOG_AUDIT_FAILURE));
214 PSID pSid = GetUserSid();
216 LPCTSTR* lpStrings = &lpszMessage;
218 bRet = ::ReportEvent(m_hEventLog,
229 HeapFree(GetProcessHeap(), 0, pSid);
273 BOOL CXEventLog::RegisterSource(LPCTSTR lpszApp,
274 LPCTSTR lpszEventMessageDll)
276 _ASSERTE((lpszApp != NULL) && (lpszApp[0] != _T(
'\0')));
277 if (!lpszApp || lpszApp[0] == _T(
'\0'))
281 _T(
"SYSTEM\\CurrentControlSet\\Services\\Eventlog\\Application\\");
283 TCHAR szKey[_MAX_PATH*2];
284 memset(szKey, 0, _MAX_PATH*2*
sizeof(TCHAR));
285 _tcscpy(szKey, szRegPath);
286 _tcscat(szKey, lpszApp);
287 TRACE(_T(
"szKey=<%s>\n"), szKey);
292 LONG lRet = ::RegCreateKeyEx(HKEY_LOCAL_MACHINE, szKey, 0, NULL,
293 REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hKey, &dwResult);
295 if (lRet == ERROR_SUCCESS)
301 TCHAR szPathName[_MAX_PATH*2];
302 memset(szPathName, 0, _MAX_PATH*2*
sizeof(TCHAR));
304 if (lpszEventMessageDll)
308 _tcsncpy(szPathName, lpszEventMessageDll, _MAX_PATH*2-2);
313 ::GetModuleFileName(NULL, szPathName, MAX_PATH*2-2);
315 TCHAR *cp = _tcsrchr(szPathName, _T(
'\\'));
319 _tcscat(szPathName, _T(
"\\XEventMessage.dll"));
322 TRACE(_T(
"szPathName=<%s>\n"), szPathName);
324 ::RegSetValueEx(hKey, _T(
"EventMessageFile"), 0, REG_SZ,
325 (
const BYTE *) szPathName, (_tcslen(szPathName) + 1)*
sizeof(TCHAR));
330 DWORD dwSupportedTypes = EVENTLOG_ERROR_TYPE |
331 EVENTLOG_WARNING_TYPE |
332 EVENTLOG_INFORMATION_TYPE |
333 EVENTLOG_AUDIT_SUCCESS |
334 EVENTLOG_AUDIT_FAILURE;
336 ::RegSetValueEx(hKey, _T(
"TypesSupported"), 0, REG_DWORD,
337 (
const BYTE *) &dwSupportedTypes,
sizeof(DWORD));
358 PSID CXEventLog::GetUserSid()
360 HANDLE hToken = NULL;
361 PTOKEN_USER ptiUser = NULL;
365 if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
367 if (GetLastError() != ERROR_NO_TOKEN)
371 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
376 if (GetTokenInformation(hToken, TokenUser, NULL, 0, &cbti))
384 if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
389 ptiUser = (PTOKEN_USER) HeapAlloc(GetProcessHeap(), 0, cbti);
394 if (!GetTokenInformation(hToken, TokenUser, ptiUser, cbti, &cbti))
397 DWORD dwLen = ::GetLengthSid(ptiUser->User.Sid);
400 PSID psid = (PSID) HeapAlloc(GetProcessHeap(), 0, dwLen);
404 BOOL bRet = ::CopySid(dwLen, psid, ptiUser->User.Sid);
413 HeapFree(GetProcessHeap(), 0, ptiUser);
428 void CXEventLog::SetAppName(LPCTSTR lpszApp)
433 m_pszAppName =
new TCHAR [_MAX_PATH*2];
436 memset(m_pszAppName, 0, _MAX_PATH*2*
sizeof(TCHAR));
437 _tcsncpy(m_pszAppName, lpszApp, _MAX_PATH*2-2);