📄 eventlogthreads.c
字号:
HWND hDlg = (HWND)(pSortData->hDlg);
HWND hwndLV = (HWND)(GetDlgItem(hDlg, IDL_EVENTS));
int nSubItemColIdx = pSortData->nColIdx;
int nSortOrder = pSortData->nSortOrder;
int nSortType = pSortData->nSortType;
TCHAR lpsz1[_MAX_PATH + 1], lpsz2[_MAX_PATH + 1];
ListView_GetItemText(hwndLV, nIdx1, nSubItemColIdx, lpsz1, _MAX_PATH + 1);
ListView_GetItemText(hwndLV, nIdx2, nSubItemColIdx, lpsz2, _MAX_PATH + 1);
if(nSortOrder == ASCENDING)
{
if(nSortType == STRING)
nRetVal = _tcsicmp(lpsz1, lpsz2);
else if(nSortType == NUMERIC)
{
int n1 = atoi(lpsz1), n2 = atoi(lpsz2);
nRetVal = n1 < n2 ? -1 : n1 == n2 ? 0 : 1;
}
else
nRetVal = 0;
}
else if(nSortOrder == DESCENDING)
{
if(nSortType == STRING)
nRetVal = -1 * _tcsicmp(lpsz1, lpsz2);
else if(nSortType == NUMERIC)
{
int n1 = atoi(lpsz1), n2 = atoi(lpsz2);
nRetVal = (n1 < n2) ? 1 : ((n1 == n2) ? 0 : -1);
}
else
nRetVal = 0;
}
else
nRetVal = 0; // none
return nRetVal;
}
unsigned int __stdcall
ShowEventData(LPVOID lpParam)
{
LPEVENTID peid = (LPEVENTID)lpParam;
// if(pdt->pDlg->m_strSource.IsEmpty())
// {
// LocalFree(pdt);
// return 0L;
// }
int nRetVal = 0;
HWND hwndDlg = peid->hwndDlg;
HWND hwndEditStrings = GetDlgItem(hwndDlg, IDE_STRINGS);
HWND hwndEditData = GetDlgItem(hwndDlg, IDE_DATA);
DWORD dwRecId = peid->dwEventId;
TCHAR lpUNCServerName[_MAX_PATH + 1];
TCHAR lpSourceName[_MAX_PATH + 1];
HANDLE hEventLog = 0;
DWORD dwEventLogRecords = 0;
DWORD dwOldestEventLogRecord = 0;
DWORD dwEvLogCounter = 0;
LPVOID lpEventLogRecordBuffer = 0;
char chFakeBuffer = ' ';
DWORD dwNumberOfBytesToRead = 0;
DWORD dwBytesRead = 0;
DWORD dwMinNumberOfBytesNeeded = 0;
BOOL bRetVal = FALSE;
TCHAR lpszEventLogSourceName[_MAX_PATH + 1];
wsprintf(lpUNCServerName, _T("\\\\%s"), peid->lpszMachineName);
wsprintf(lpSourceName, _T("%s"), peid->lpszEventName);
if(g_fApplication)
_tcscpy(lpszEventLogSourceName, _T("Application"));
else if(g_fSystem)
_tcscpy(lpszEventLogSourceName, _T("System"));
else if(g_fSecurity)
_tcscpy(lpszEventLogSourceName, _T("Security"));
// else if(g_fCustom)
// _tcscpy(lpszEventLogSourceName, _T("Application"));
else
{
nRetVal = -1;
goto _cleanup_;
}
hEventLog = OpenEventLog((LPCTSTR)lpUNCServerName, (LPCTSTR)lpszEventLogSourceName);
if(hEventLog)
{
if(GetNumberOfEventLogRecords(hEventLog, &dwEventLogRecords) &&
GetOldestEventLogRecord(hEventLog, &dwOldestEventLogRecord))
{
for(dwEvLogCounter = dwOldestEventLogRecord;
dwEvLogCounter <= (dwOldestEventLogRecord + dwEventLogRecords);
dwEvLogCounter++)
{
if(dwEvLogCounter != dwRecId)
continue;
lpEventLogRecordBuffer = (LPVOID)&chFakeBuffer;
dwNumberOfBytesToRead = 1;
dwMinNumberOfBytesNeeded = 0;
_retry_:
bRetVal = ReadEventLog(hEventLog, EVENTLOG_SEEK_READ | EVENTLOG_FORWARDS_READ, dwEvLogCounter,
lpEventLogRecordBuffer, dwNumberOfBytesToRead, &dwBytesRead, &dwMinNumberOfBytesNeeded);
if(!bRetVal)
{
g_dwLastError = GetLastError();
if(g_dwLastError == ERROR_INSUFFICIENT_BUFFER)
{
lpEventLogRecordBuffer = (LPVOID)GlobalAlloc(GPTR, dwMinNumberOfBytesNeeded);
if(lpEventLogRecordBuffer == (void *)0)
goto _allocationfailure_;
dwNumberOfBytesToRead = dwMinNumberOfBytesNeeded;
goto _retry_;
}
else
goto _unknownerror_;
}
else
{
PEVENTLOGRECORD pELR = 0;
LPBYTE pData = 0;
HMODULE hModule = 0;
TCHAR szExeFile[_MAX_PATH + 1], szExeFilePath[_MAX_PATH + 1];
HKEY hk = (HKEY)0;
TCHAR szKeyName[_MAX_PATH + 1];
DWORD dwMaxPath;
DWORD dwType;
LPBYTE pStrings = 0;
UINT uStringOffset;
TCHAR *szExpandedString;
LPVOID lpszBuffer = 0;
pELR = (PEVENTLOGRECORD)lpEventLogRecordBuffer;
pData = (LPBYTE)GlobalAlloc(GPTR, pELR->DataLength * sizeof(BYTE));
memcpy(pData, (LPBYTE)((LPBYTE)pELR + pELR->DataOffset), pELR->DataLength);
{
UINT x, uStepOfString = 0;
pStrings = (LPBYTE)GlobalAlloc(GPTR, pELR->DataOffset - pELR->StringOffset * sizeof(BYTE));
memcpy(pStrings, (LPBYTE)pELR + pELR->StringOffset, pELR->DataOffset - pELR->StringOffset);
szExpandedString = (TCHAR *)GlobalAlloc(GPTR, (pELR->DataOffset - pELR->StringOffset + 1024) * sizeof(TCHAR));
for(x = 0; x < pELR->NumStrings; x++)
{
if(x == 0)
{
strcpy(szExpandedString, (TCHAR *)pStrings + uStepOfString);
if(x < (UINT)pELR->NumStrings - 1)
strcat(szExpandedString, ",");
}
else
strcat(szExpandedString, (TCHAR *)pStrings + uStepOfString);
uStepOfString = strlen((TCHAR *)pStrings + uStepOfString) + 1;
}
wsprintf(szKeyName, _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s"),
lpszEventLogSourceName, peid->lpszEventName);
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, szKeyName, 0L, KEY_READ, &hk) == NOERROR)
{
dwMaxPath = _MAX_PATH + 1;
if(RegQueryValueEx(hk, _T("EventMessageFile"), 0, &dwType, (LPBYTE)szExeFile, &dwMaxPath) == NOERROR)
{
if(ExpandEnvironmentStrings(szExeFile, szExeFilePath, _MAX_PATH + 1) == 0)
strcpy(szExeFilePath, szExeFile);
hModule = LoadLibraryEx(szExeFilePath, 0, DONT_RESOLVE_DLL_REFERENCES);
if(hModule)
{
TCHAR **_sz = (TCHAR**)GlobalAlloc(GPTR, (pELR->NumStrings) * sizeof(TCHAR *));
register UINT z;
uStringOffset = 0;
for(z = 0; z < pELR->NumStrings; z++)
{
_sz[z] = (TCHAR *)GlobalAlloc(GPTR,
(strlen((TCHAR *)pStrings + uStringOffset) + 1) * sizeof(TCHAR));
strcpy(_sz[z], (TCHAR *)pStrings + uStringOffset);
uStringOffset += strlen((TCHAR *)pStrings + uStringOffset) + 1;
}
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER |
FORMAT_MESSAGE_FROM_HMODULE |
FORMAT_MESSAGE_FROM_SYSTEM |
FORMAT_MESSAGE_ARGUMENT_ARRAY,
hModule, pELR->EventID, 0, (LPTSTR)&lpszBuffer, 1024,
_sz
);
for(z = 0; z < pELR->NumStrings; z++)
{
SafeDeletePointer(_sz[z], strlen(_sz[z]));
_sz[z] = 0;
}
SafeDeletePointer(_sz, (pELR->NumStrings) * sizeof(TCHAR *));
_sz = 0;
if(lpszBuffer)
{
strcpy(szExpandedString, (TCHAR *)lpszBuffer);
uStringOffset = strlen(szExpandedString);
}
if(lpszBuffer)
LocalFree(lpszBuffer);
FreeLibrary(hModule);
}
}
RegCloseKey(hk);
}
SendMessage(hwndEditStrings, WM_SETTEXT, 0, (LPARAM)(LPCTSTR)szExpandedString);
SafeDeletePointer(szExpandedString, strlen(szExpandedString));
}
{
TCHAR _str[1024];
_tcscpy(_str, _T(""));
if(pELR->DataLength > 0)
{
register UINT x;
for(x = 0; x < pELR->DataLength; x += 8)
{
TCHAR _strAux[1024];
register UINT y;
wsprintf(_strAux, "%.4x: ", x);
_tcscat(_str, _strAux);
for(y = x; y < x + 8; y++)
{
wsprintf(_strAux, "%.2x ", pData[y]);
_tcscat(_str, _strAux);
}
_tcscat(_str, _T(" "));
for(y = x; y < x + 8; y++)
{
if(!isprint((int)pData[y]))
_tcscat(_str, _T("."));
else
{
TCHAR s[2];
s[0] = (TCHAR)pData[y];
s[1] = '\0';
_tcscat(_str, s);
}
}
_tcscat(_str, _T("\r\n"));
}
}
else
_tcscat(_str, _T("No data available."));
SendMessage(hwndEditData, WM_SETTEXT, 0, (LPARAM)(LPCTSTR)_str);
}
}
}
goto _cleanup_;
}
else
ReportLastError(0, 0, TRUE);
_unknownerror_:
MessageBox(0, TEXT("Unknown error."), 0, MB_OK | MB_ICONSTOP);
goto _cleanup_;
_allocationfailure_:
MessageBox(0, TEXT("Allocation failure."), 0, MB_OK | MB_ICONSTOP);
goto _cleanup_;
_cleanup_:
CloseEventLog(hEventLog);
hEventLog = 0;
}
else
ReportLastError(0, 0, TRUE);
#pragma warning(disable:4127)
SafeDeletePointer(peid, sizeof(EVENTID));
return 0L;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -