file.c
来自「一个类似windows」· C语言 代码 · 共 705 行 · 第 1/2 页
C
705 行
{
while(Item->Next)
{
i++;
Item = (PLOGFILE) Item->Next;
}
return i;
}
else return 0;
}
VOID LogfListAddItem(PLOGFILE Item)
{
PLOGFILE List;
List = LogfListHead();
if(List)
{
while(List->Next)
List = (PLOGFILE)List->Next;
Item->Prev = (PVOID)List;
Item->Next = NULL;
InterlockedExchange((PLONG)&List->Next, (LONG)Item);
}
else {
Item->Next = NULL;
Item->Prev = NULL;
InterlockedExchange((PLONG)&_LogListHead, (LONG)Item);
}
}
VOID LogfListRemoveItem(PLOGFILE Item)
{
if(Item->Prev)
{
InterlockedExchange((PLONG)&((PLOGFILE)Item->Prev)->Next,
(LONG)Item->Next);
}
else {
InterlockedExchange((PLONG)&_LogListHead, (LONG)Item->Next);
}
}
BOOL LogfReadEvent(PLOGFILE LogFile,
DWORD Flags,
DWORD RecordNumber,
DWORD BufSize,
PBYTE Buffer,
DWORD *BytesRead,
DWORD *BytesNeeded)
{
DWORD dwOffset, dwRead, dwRecSize;
DWORD dwBufferUsage = 0, dwRecNum;
if(Flags & EVENTLOG_FORWARDS_READ &&
Flags & EVENTLOG_BACKWARDS_READ)
{
return FALSE;
}
if(!(Flags & EVENTLOG_FORWARDS_READ) &&
!(Flags & EVENTLOG_BACKWARDS_READ))
{
return FALSE;
}
if(!Buffer || !BytesRead || !BytesNeeded)
{
return FALSE;
}
dwRecNum = RecordNumber;
EnterCriticalSection(&LogFile->cs);
dwOffset = LogfOffsetByNumber(LogFile, dwRecNum);
if(!dwOffset)
{
LeaveCriticalSection(&LogFile->cs);
return FALSE;
}
SetFilePointer(LogFile->hFile, dwOffset, NULL, FILE_BEGIN);
ReadFile(LogFile->hFile, &dwRecSize, sizeof(DWORD), &dwRead, NULL);
if(dwRecSize > BufSize)
{
*BytesRead = 0;
*BytesNeeded = dwRecSize;
SetLastError(ERROR_INSUFFICIENT_BUFFER);
LeaveCriticalSection(&LogFile->cs);
return FALSE;
}
SetFilePointer(LogFile->hFile,
-((LONG)sizeof(DWORD)),
NULL,
FILE_CURRENT);
ReadFile(LogFile->hFile, Buffer, dwRecSize, &dwRead, NULL);
dwBufferUsage+=dwRead;
while(dwBufferUsage<BufSize)
{
if(Flags & EVENTLOG_FORWARDS_READ)
dwRecNum++;
else dwRecNum--;
dwOffset = LogfOffsetByNumber(LogFile, dwRecNum);
if(!dwOffset) break;
SetFilePointer(LogFile->hFile, dwOffset, NULL, FILE_BEGIN);
ReadFile(LogFile->hFile, &dwRecSize, sizeof(DWORD), &dwRead, NULL);
if(dwBufferUsage+dwRecSize>BufSize)break;
SetFilePointer(LogFile->hFile,
-((LONG)sizeof(DWORD)),
NULL,
FILE_CURRENT);
ReadFile(LogFile->hFile,
Buffer+dwBufferUsage,
dwRecSize,
&dwRead,
NULL);
dwBufferUsage+=dwRead;
}
*BytesRead = dwBufferUsage;
LeaveCriticalSection(&LogFile->cs);
return TRUE;
}
BOOL LogfWriteData(PLOGFILE LogFile,
DWORD BufSize,
PBYTE Buffer)
{
DWORD dwWritten;
SYSTEMTIME st;
EOF_RECORD EofRec;
BOOL bResult;
if(!Buffer)
{
return FALSE;
}
GetSystemTime(&st);
SystemTimeToEventTime(&st, &((PEVENTLOGRECORD)Buffer)->TimeWritten);
EnterCriticalSection(&LogFile->cs);
SetFilePointer(LogFile->hFile, LogFile->Header.EofOffset, NULL, FILE_BEGIN);
WriteFile(LogFile->hFile, Buffer, BufSize, &dwWritten, NULL);
if(BufSize != dwWritten)
{
LeaveCriticalSection(&LogFile->cs);
return FALSE;
}
if(!LogfAddOffsetInformation(LogFile,
LogFile->Header.NextRecord,
LogFile->Header.EofOffset))
{
LeaveCriticalSection(&LogFile->cs);
return FALSE;
}
LogFile->Header.NextRecord++;
LogFile->Header.EofOffset += dwWritten;
if(LogFile->Header.OldestRecord == 0)
LogFile->Header.OldestRecord = 1;
EofRec.Ones = 0x11111111;
EofRec.Twos = 0x22222222;
EofRec.Threes = 0x33333333;
EofRec.Fours = 0x44444444;
EofRec.Size1 = sizeof(EOF_RECORD);
EofRec.Size2 = sizeof(EOF_RECORD);
EofRec.NextRecordNumber = LogFile->Header.NextRecord;
EofRec.OldestRecordNumber = LogFile->Header.OldestRecord;
EofRec.StartOffset = LogFile->Header.FirstRecordOffset;
EofRec.EndOffset = LogFile->Header.EofOffset;
WriteFile(LogFile->hFile, &EofRec, sizeof(EOF_RECORD), &dwWritten, NULL);
SetFilePointer(LogFile->hFile, 0, NULL, FILE_BEGIN);
bResult = WriteFile(LogFile->hFile,
&LogFile->Header,
sizeof(FILE_HEADER),
&dwWritten,
NULL);
if(!bResult)
{
DPRINT("WriteFile failed! LastError = %d\n", GetLastError());
LeaveCriticalSection(&LogFile->cs);
return FALSE;
}
if(!FlushFileBuffers(LogFile->hFile))
DPRINT("FlushFileBuffers() failed!\n");
LeaveCriticalSection(&LogFile->cs);
return TRUE;
}
ULONG LogfOffsetByNumber(PLOGFILE LogFile,
DWORD RecordNumber)
/* Returns NULL if nothing found. */
{
DWORD i;
for(i = 0; i < LogFile->OffsetInfoNext; i++)
if(LogFile->OffsetInfo[i].EventNumber == RecordNumber)
return LogFile->OffsetInfo[i].EventOffset;
return 0;
}
DWORD LogfGetOldestRecord(PLOGFILE LogFile)
{
return LogFile->Header.OldestRecord;
}
BOOL LogfAddOffsetInformation(PLOGFILE LogFile,
ULONG ulNumber,
ULONG ulOffset)
{
LPVOID NewOffsetInfo;
if(LogFile->OffsetInfoNext == LogFile->OffsetInfoSize)
{
NewOffsetInfo = HeapReAlloc(MyHeap,
HEAP_ZERO_MEMORY,
LogFile->OffsetInfo,
(LogFile->OffsetInfoSize+64)*
sizeof(EVENT_OFFSET_INFO));
if(!NewOffsetInfo)
{
DbgPrint("EventLog: Can't reallocate heap.\n");
return FALSE;
}
LogFile->OffsetInfo = (PEVENT_OFFSET_INFO)NewOffsetInfo;
LogFile->OffsetInfoSize+=64;
}
LogFile->OffsetInfo[LogFile->OffsetInfoNext].EventNumber = ulNumber;
LogFile->OffsetInfo[LogFile->OffsetInfoNext].EventOffset = ulOffset;
LogFile->OffsetInfoNext++;
return TRUE;
}
DWORD LogfBuildNewRecord(PBYTE Buffer,
DWORD dwRecordNumber,
WORD wType,
WORD wCategory,
DWORD dwEventId,
LPCWSTR SourceName,
LPCWSTR ComputerName,
DWORD dwSidLength,
PSID lpUserSid,
WORD wNumStrings,
WCHAR *lpStrings,
DWORD dwDataSize,
LPVOID lpRawData)
{
DWORD dwRecSize;
PEVENTLOGRECORD pRec;
SYSTEMTIME SysTime;
WCHAR *str;
UINT i, pos, nStrings;
dwRecSize = sizeof(EVENTLOGRECORD) + (lstrlenW(ComputerName) +
lstrlenW(SourceName) + 2)*sizeof(WCHAR);
if(dwRecSize % 4 != 0) dwRecSize += 4 - (dwRecSize % 4);
dwRecSize += dwSidLength;
for(i = 0, str = lpStrings; i < wNumStrings; i++)
{
dwRecSize += (lstrlenW(str)+1)*sizeof(WCHAR);
str += lstrlenW(str)+1;
}
dwRecSize += dwDataSize;
if(dwRecSize % 4 != 0) dwRecSize += 4 - (dwRecSize % 4);
dwRecSize+=4;
if(!Buffer)
{
return dwRecSize;
}
ZeroMemory(Buffer, dwRecSize);
pRec = (PEVENTLOGRECORD)Buffer;
pRec->Length = dwRecSize;
pRec->Reserved = LOGFILE_SIGNATURE;
pRec->RecordNumber = dwRecordNumber;
GetSystemTime(&SysTime);
SystemTimeToEventTime(&SysTime, &pRec->TimeGenerated);
SystemTimeToEventTime(&SysTime, &pRec->TimeWritten);
pRec->EventID = dwEventId;
pRec->EventType = wType;
pRec->NumStrings = wNumStrings;
pRec->EventCategory = wCategory;
pos = sizeof(EVENTLOGRECORD);
lstrcpyW((WCHAR*)(Buffer+pos), SourceName);
pos+=(lstrlenW(SourceName)+1)*sizeof(WCHAR);
lstrcpyW((WCHAR*)(Buffer+pos), ComputerName);
pos+=(lstrlenW(ComputerName)+1)*sizeof(WCHAR);
pRec->UserSidOffset = pos;
if(dwSidLength)
{
if(pos % 4 != 0) pos += 4 - (pos % 4);
CopyMemory(Buffer+pos, lpUserSid, dwSidLength);
pRec->UserSidLength = dwSidLength;
pRec->UserSidOffset = pos;
pos+=dwSidLength;
}
pRec->StringOffset = pos;
for(i = 0, str = lpStrings, nStrings = 0; i < wNumStrings; i++)
{
lstrcpyW((WCHAR*)(Buffer+pos), str);
pos += (lstrlenW(str)+1)*sizeof(WCHAR);
str += lstrlenW(str)+1;
nStrings++;
}
pRec->NumStrings = nStrings;
pRec->DataOffset = pos;
if(dwDataSize)
{
pRec->DataLength = dwDataSize;
CopyMemory(Buffer+pos, lpRawData, dwDataSize);
pos += dwDataSize;
}
if(pos % 4 != 0) pos += 4 - (pos % 4);
*((PDWORD)(Buffer+pos)) = dwRecSize;
return TRUE;
}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?