sdk/lib/evtlib/evtlib.h at master · huwcampbell.com/reactos

huwcampbell.com / reactos
fork atom
Reactos
fork atom
reactos / sdk / lib / evtlib / evtlib.h
at master 301 lines 6.8 kB view raw
wrap content
Hermès Bélusca-Maïto [EVTLIB] Make the header C++ compatible. 8y ago
32c87503
  1/*
  2 * PROJECT:         ReactOS EventLog File Library
  3 * LICENSE:         GPL - See COPYING in the top level directory
  4 * FILE:            sdk/lib/evtlib/evtlib.h
  5 * PURPOSE:         Provides functionality for reading and writing
  6 *                  EventLog files in the NT <= 5.2 (.evt) format.
  7 * PROGRAMMERS:     Copyright 2005 Saveliy Tretiakov
  8 *                  Michael Martin
  9 *                  Hermes Belusca-Maito
 10 */
 11
 12#ifndef __EVTLIB_H__
 13#define __EVTLIB_H__
 14
 15#pragma once
 16
 17#ifdef __cplusplus
 18extern "C" {
 19#endif
 20
 21/* PSDK/NDK Headers */
 22// #define WIN32_NO_STATUS
 23// #include <windef.h>
 24// #include <winbase.h>
 25// #include <winnt.h>
 26
 27#define NTOS_MODE_USER
 28#include <ndk/rtlfuncs.h>
 29
 30#ifndef ROUND_DOWN
 31#define ROUND_DOWN(n, align) (((ULONG)n) & ~((align) - 1l))
 32#endif
 33
 34#ifndef ROUND_UP
 35#define ROUND_UP(n, align) ROUND_DOWN(((ULONG)n) + (align) - 1, (align))
 36#endif
 37
 38/*
 39 * Our file format will be compatible with NT's
 40 */
 41#define MAJORVER    1
 42#define MINORVER    1
 43#define LOGFILE_SIGNATURE   0x654c664c  // "LfLe"
 44
 45/*
 46 * Flags used in the logfile header
 47 */
 48#define ELF_LOGFILE_HEADER_DIRTY    1
 49#define ELF_LOGFILE_HEADER_WRAP     2
 50#define ELF_LOGFILE_LOGFULL_WRITTEN 4
 51#define ELF_LOGFILE_ARCHIVE_SET     8
 52
 53/*
 54 * On-disk event log structures (log file header, event record and EOF record).
 55 * NOTE: Contrary to what MSDN claims, both the EVENTLOGHEADER and EVENTLOGEOF
 56 * structures are absent from winnt.h .
 57 */
 58
 59#include <pshpack4.h> // pshpack1
 60
 61// ELF_LOGFILE_HEADER
 62typedef struct _EVENTLOGHEADER
 63{
 64    ULONG HeaderSize;
 65    ULONG Signature;
 66    ULONG MajorVersion;
 67    ULONG MinorVersion;
 68    ULONG StartOffset;
 69    ULONG EndOffset;
 70    ULONG CurrentRecordNumber;
 71    ULONG OldestRecordNumber;
 72    ULONG MaxSize;
 73    ULONG Flags;
 74    ULONG Retention;
 75    ULONG EndHeaderSize;
 76} EVENTLOGHEADER, *PEVENTLOGHEADER;
 77
 78
 79/* Those flags and structure are defined in winnt.h */
 80#ifndef _WINNT_
 81
 82/* EventType flags */
 83#define EVENTLOG_SUCCESS            0
 84#define EVENTLOG_ERROR_TYPE         1
 85#define EVENTLOG_WARNING_TYPE       2
 86#define EVENTLOG_INFORMATION_TYPE   4
 87#define EVENTLOG_AUDIT_SUCCESS      8
 88#define EVENTLOG_AUDIT_FAILURE      16
 89
 90typedef struct _EVENTLOGRECORD
 91{
 92    ULONG  Length;              /* Length of full record, including the data portion */
 93    ULONG  Reserved;
 94    ULONG  RecordNumber;
 95    ULONG  TimeGenerated;
 96    ULONG  TimeWritten;
 97    ULONG  EventID;
 98    USHORT EventType;
 99    USHORT NumStrings;          /* Number of strings in the 'Strings' array */
100    USHORT EventCategory;
101    USHORT ReservedFlags;
102    ULONG  ClosingRecordNumber;
103    ULONG  StringOffset;
104    ULONG  UserSidLength;
105    ULONG  UserSidOffset;
106    ULONG  DataLength;          /* Length of the data portion */
107    ULONG  DataOffset;          /* Offset from beginning of record */
108/*
109 * Length-varying data:
110 *
111 *  WCHAR SourceName[];
112 *  WCHAR ComputerName[];
113 *  SID   UserSid;              // Must be aligned on a DWORD boundary
114 *  WCHAR Strings[];
115 *  BYTE  Data[];
116 *  CHAR  Pad[];                // Padding for DWORD boundary
117 *  ULONG Length;               // Same as the first 'Length' member at the beginning
118 */
119} EVENTLOGRECORD, *PEVENTLOGRECORD;
120
121#endif // _WINNT_
122
123
124// ELF_EOF_RECORD
125typedef struct _EVENTLOGEOF
126{
127    ULONG RecordSizeBeginning;
128    ULONG Ones;
129    ULONG Twos;
130    ULONG Threes;
131    ULONG Fours;
132    ULONG BeginRecord;
133    ULONG EndRecord;
134    ULONG CurrentRecordNumber;
135    ULONG OldestRecordNumber;
136    ULONG RecordSizeEnd;
137} EVENTLOGEOF, *PEVENTLOGEOF;
138
139#define EVENTLOGEOF_SIZE_FIXED  (5 * sizeof(ULONG))
140C_ASSERT(EVENTLOGEOF_SIZE_FIXED == FIELD_OFFSET(EVENTLOGEOF, BeginRecord));
141
142#include <poppack.h>
143
144
145typedef struct _EVENT_OFFSET_INFO
146{
147    ULONG EventNumber;
148    ULONG EventOffset;
149} EVENT_OFFSET_INFO, *PEVENT_OFFSET_INFO;
150
151#define TAG_ELF     ' flE'
152#define TAG_ELF_BUF 'BflE'
153
154struct _EVTLOGFILE;
155
156typedef PVOID
157(NTAPI *PELF_ALLOCATE_ROUTINE)(
158    IN SIZE_T Size,
159    IN ULONG Flags,
160    IN ULONG Tag
161);
162
163typedef VOID
164(NTAPI *PELF_FREE_ROUTINE)(
165    IN PVOID Ptr,
166    IN ULONG Flags,
167    IN ULONG Tag
168);
169
170typedef NTSTATUS
171(NTAPI *PELF_FILE_READ_ROUTINE)(
172    IN  struct _EVTLOGFILE* LogFile,
173    IN  PLARGE_INTEGER FileOffset,
174    OUT PVOID   Buffer,
175    IN  SIZE_T  Length,
176    OUT PSIZE_T ReadLength OPTIONAL
177);
178
179typedef NTSTATUS
180(NTAPI *PELF_FILE_WRITE_ROUTINE)(
181    IN  struct _EVTLOGFILE* LogFile,
182    IN  PLARGE_INTEGER FileOffset,
183    IN  PVOID   Buffer,
184    IN  SIZE_T  Length,
185    OUT PSIZE_T WrittenLength OPTIONAL
186);
187
188typedef NTSTATUS
189(NTAPI *PELF_FILE_SET_SIZE_ROUTINE)(
190    IN struct _EVTLOGFILE* LogFile,
191    IN ULONG FileSize,
192    IN ULONG OldFileSize
193);
194
195typedef NTSTATUS
196(NTAPI *PELF_FILE_FLUSH_ROUTINE)(
197    IN struct _EVTLOGFILE* LogFile,
198    IN PLARGE_INTEGER FileOffset,
199    IN ULONG Length
200);
201
202typedef struct _EVTLOGFILE
203{
204    PELF_ALLOCATE_ROUTINE   Allocate;
205    PELF_FREE_ROUTINE       Free;
206    PELF_FILE_SET_SIZE_ROUTINE FileSetSize;
207    PELF_FILE_WRITE_ROUTINE FileWrite;
208    PELF_FILE_READ_ROUTINE  FileRead;
209    PELF_FILE_FLUSH_ROUTINE FileFlush;
210
211    EVENTLOGHEADER Header;
212    ULONG CurrentSize;  /* Equivalent to the file size, is <= MaxSize and can be extended to MaxSize if needed */
213    UNICODE_STRING FileName;
214    PEVENT_OFFSET_INFO OffsetInfo;
215    ULONG OffsetInfoSize;
216    ULONG OffsetInfoNext;
217    BOOLEAN ReadOnly;
218} EVTLOGFILE, *PEVTLOGFILE;
219
220
221NTSTATUS
222NTAPI
223ElfCreateFile(
224    IN OUT PEVTLOGFILE LogFile,
225    IN PUNICODE_STRING FileName OPTIONAL,
226    IN ULONG    FileSize,
227    IN ULONG    MaxSize,
228    IN ULONG    Retention,
229    IN BOOLEAN  CreateNew,
230    IN BOOLEAN  ReadOnly,
231    IN PELF_ALLOCATE_ROUTINE   Allocate,
232    IN PELF_FREE_ROUTINE       Free,
233    IN PELF_FILE_SET_SIZE_ROUTINE FileSetSize,
234    IN PELF_FILE_WRITE_ROUTINE FileWrite,
235    IN PELF_FILE_READ_ROUTINE  FileRead,
236    IN PELF_FILE_FLUSH_ROUTINE FileFlush); // What about Seek ??
237
238NTSTATUS
239NTAPI
240ElfReCreateFile(
241    IN PEVTLOGFILE LogFile);
242
243// NTSTATUS
244// ElfClearFile(PEVTLOGFILE LogFile);
245
246NTSTATUS
247NTAPI
248ElfBackupFile(
249    IN PEVTLOGFILE LogFile,
250    IN PEVTLOGFILE BackupLogFile);
251
252NTSTATUS
253NTAPI
254ElfFlushFile(
255    IN PEVTLOGFILE LogFile);
256
257VOID
258NTAPI
259ElfCloseFile(  // ElfFree
260    IN PEVTLOGFILE LogFile);
261
262NTSTATUS
263NTAPI
264ElfReadRecord(
265    IN  PEVTLOGFILE LogFile,
266    IN  ULONG RecordNumber,
267    OUT PEVENTLOGRECORD Record,
268    IN  SIZE_T  BufSize, // Length
269    OUT PSIZE_T BytesRead OPTIONAL,
270    OUT PSIZE_T BytesNeeded OPTIONAL);
271
272NTSTATUS
273NTAPI
274ElfWriteRecord(
275    IN PEVTLOGFILE LogFile,
276    IN PEVENTLOGRECORD Record,
277    IN SIZE_T BufSize);
278
279ULONG
280NTAPI
281ElfGetOldestRecord(
282    IN PEVTLOGFILE LogFile);
283
284ULONG
285NTAPI
286ElfGetCurrentRecord(
287    IN PEVTLOGFILE LogFile);
288
289ULONG
290NTAPI
291ElfGetFlags(
292    IN PEVTLOGFILE LogFile);
293
294#if DBG
295VOID PRINT_HEADER(PEVENTLOGHEADER Header);
296#endif
297
298#ifdef __cplusplus
299}
300#endif
301#endif  /* __EVTLIB_H__ */