//---------------------------------------------------------------------------- // // Copyright (C) Intel Corporation, 2006 - 2007. // // File: WindowsEventLog.cpp // // Contents: The class WindowsEventLog provide methods to access the Windows // Event Log (Application partition). // // Notes: //---------------------------------------------------------------------------- #include "WindowsEventLog.h" //***************************************************************************** // Construct with a specified event source name. //***************************************************************************** WindowsEventLog::WindowsEventLog( const char * pszLogName, const char * pszSrcName, unsigned long dwNum, const char * pszModuleName /*= NULL*/): _hEventLinker() { TCHAR szPath[1024]; /*if pszModuleName is NULL, GetModuleHandle() will return the handle of the current process*/ if( GetModuleFileName(GetModuleHandle(pszModuleName), szPath, 1023 ) == 0 ) { return; } // First add a source name to the registry. AddEventSource(pszLogName, pszSrcName, szPath, dwNum); // Returns a handle that links the source to the registry _hEventLinker = RegisterEventSource(NULL, pszSrcName); if (_hEventLinker == NULL) { printf("Could not register the event source.\n"); return; } } //***************************************************************************** // Destructor is used deregister the event source //***************************************************************************** WindowsEventLog::~WindowsEventLog() { // Releases the handle to the registry DeregisterEventSource(_hEventLinker); } //***************************************************************************** // Function: LogEvent. // Purpose : Log the event into the Windows Event Log. // Params : CategoryID is the events category classification // EventID is the events event classification //***************************************************************************** void WindowsEventLog::LogEvent( unsigned short CategoryID, unsigned long EventID, unsigned long EventType) { // Writes data to the event log LogEvent(CategoryID, EventID, EventType, NULL, 0, NULL, 0); } //***************************************************************************** // Function: ReportEvent. // Purpose : Log the event into the Windows Event Log. // Params : CategoryID - The events category classification // EventID - The events event classification // ArrayOfStrings - An array of pointers to strings that are // passed for additional information gathering // NumOfArrayStr - The number of strings in ArrayOfStrings // RawData - A void pointer to hold additional raw data for // event reporting // RawDataSize - The size of RawData in bytes //***************************************************************************** void WindowsEventLog::LogEvent( unsigned short CategoryID, unsigned long EventID, unsigned long EventType, const char * ArrayOfStrings[], unsigned int NumOfArrayStr, void * RawData /*= NULL*/ , unsigned long RawDataSize /*= 0*/) { // Writes data to the event log int retVal = ReportEvent(_hEventLinker, // Handle to the event log EventType, // Type of event to be logged CategoryID, // Event category EventID, // Event identifier NULL, // lpUserSid NumOfArrayStr, // wNumStrings RawDataSize, // dwDataSize ArrayOfStrings, // lpStrings RawData); // lpRawData if (retVal == 0) { printf("WindowsEventLog: Error reporting event\n"); } } ////////////////////////////////////////////////////////////////////// // Function : AddEventSource // Purpose : Add a new source name to the registry by opening a new // registry subkey under the Application key. // adds a message-file name and a bitmask of supported types. // // Input : pszLogName Application log or a custom log. // pszSrcName The event source name. // pszMsgDLL The path of the message dll file. // dwNum The number of categories id the message file. // ////////////////////////////////////////////////////////////////////// void WindowsEventLog::AddEventSource( const char * pszLogName, const char * pszSrcName, const char * pszMsgDLL , unsigned long dwNum) { TCHAR szBuf[MAX_PATH]; // Create the event source as a subkey of the log. int res = sprintf_s(szBuf, MAX_PATH, "SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s", pszLogName, pszSrcName); if (res == -1) { printf("WindowsEventLog: Failed to create the event source as a subkey\n"); return; } // creates or opens(if key already exists) the registry key if(_RegistryKey.Create(HKEY_LOCAL_MACHINE, szBuf) != ERROR_SUCCESS) { printf("WindowsEventLog: Failed to open registry key\n"); return; } // sets the default max size(512KB) of the event log file if(_RegistryKey.SetDWORDValue("maxSize",524288) != ERROR_SUCCESS) { printf("WindowsEventLog: Failed to set DWORD value to registry key\n"); return; } // sets the number of categories in the message DLL/EXE if(_RegistryKey.SetDWORDValue("CategoryCount", dwNum) != ERROR_SUCCESS) { printf("WindowsEventLog: Failed to set DWORD value to registry key\n"); return; } // sets the HD path to find the category message DLL/EXE if(_RegistryKey.SetStringValue("CategoryMessageFile", pszMsgDLL, REG_EXPAND_SZ) != ERROR_SUCCESS) { printf("WindowsEventLog: Failed to set String value to registry key\n"); return; } // sets the HD path to find the event message DLL/EXE if(_RegistryKey.SetStringValue("EventMessageFile", pszMsgDLL, REG_EXPAND_SZ ) != ERROR_SUCCESS) { printf("WindowsEventLog: Failed to set String value to registry key\n"); return; } // sets the type of event the log supports if(_RegistryKey.SetDWORDValue("TypesSupported",EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE | EVENTLOG_ERROR_TYPE) != ERROR_SUCCESS) { printf("WindowsEventLog: Failed to set DWORD value to registry key\n"); return; } // closes the registry key handle if(_RegistryKey.Close() != ERROR_SUCCESS) { printf("WindowsEventLog: Failed to close registry key\n"); return; } } // EOF