pcacc
/
myvtm


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207
							#ifndef _TWINKLE_EVENT_LOG_W_HELPER_H_
#define _TWINKLE_EVENT_LOG_W_HELPER_H_

#pragma once

#include <windows.h>
#include <stdio.h>
#include <strsafe.h>
#include <fstream>
#include <sstream>
#include <string>
#include <iomanip>

#define EXT_EVTLOG_NAME L".evtlog"

#define MAX_TIMESTAMP_LEN       23 + 1   // yyyy/mm/dd hh:mm:ss.mmm
#define MAX_RECORD_BUFFER_SIZE  0x10000  // 64K

#define APPLICATION_ERROR L"Application Error"

#define DURATION_NONE			0x0000
#define DURATION_HOUR_ONE		0x0001
#define DURATION_HOUR_TWELVE	0x0002
#define DURATION_DAY_ONE		0x0003
#define DURATION_DAY_SEVENT		0x0004
#define DURATION_MONTH_ONE		0x0005
#define DURAITON_CUSTOM			0x000F 

//------------------
// DEFINES
//------------------
#define APPLICATION_LOG     L"Application"
#define SYSTEM_LOG          L"System"
#define SECURITY_LOG        L"Security"

#define REG_APPLICATION_KEY L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\"
#define REG_SYSTEM_KEY      L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\"
#define REG_SECURITY_KEY    L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security\\"

#define REG_FULLFILL_KEY	L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\%s\\%s"
#define EVENT_MESSAGE_FILE	L"EventMessageFile"

static LPCWSTR pEventTypeNames[] = {
	L"错误", L"警告", L"信息", L"审计成功", L"审计失败"
};

static DWORD GetEventTypeNameW(DWORD EventType)
{
	DWORD index = 0;
	switch (EventType)
	{
	case EVENTLOG_ERROR_TYPE:
		index = 0;
		break;
	case EVENTLOG_WARNING_TYPE:
		index = 1;
		break;
	case EVENTLOG_INFORMATION_TYPE:
		index = 2;
		break;
	case EVENTLOG_AUDIT_SUCCESS:
		index = 3;
		break;
	case EVENTLOG_AUDIT_FAILURE:
		index = 4;
		break;
	}
	return index;
}

typedef struct _tagEVENTLOGFILTERPARAMW {
	BOOL	fApplication;
	BOOL	fSecurity;
	BOOL	fSystem;
	BOOL	fCustom;
	WCHAR	lpszCustomEventName[MAX_PATH + 1]; //Valid when fCustom is true.
	WCHAR	lpszSourceEventName[MAX_PATH + 1];
	DWORD	dwEventId;
	WORD	wEventType;
	// This time is measured in the number of seconds elapsed since
	// 00:00:00 January 1,1970, Universal Coordinated Time.
	DWORD	dwTimeBegin; //The begin time at which the record should be retrived.
	DWORD	dwTimeEnd;	 //The endline time at which the record should be retrived.
}EVENTLOGPARAM_W, *LPEVENTLOGPARAM_W;

class EvtLogFileW {
public:
	EvtLogFileW(const std::wstring& strFileName, BOOL bCreateIfNoExist) {
		_filestream.open(strFileName, std::fstream::binary | std::fstream::out | std::fstream::app);
		_filestream.imbue(std::locale("chs"));
	}
	~EvtLogFileW() {
		if(IsValid())
			_filestream.close();
	}
	static std::string to_utf8(const wchar_t* buffer, int len)
	{
		int nChars = ::WideCharToMultiByte(
			CP_UTF8,
			0,
			buffer,
			len,
			NULL,
			0,
			NULL,
			NULL);
		if (nChars == 0) return "";

		std::string newbuffer;
		newbuffer.resize(nChars);
		::WideCharToMultiByte(
			CP_UTF8,
			0,
			buffer,
			len,
			const_cast< char* >(newbuffer.c_str()),
			nChars,
			NULL,
			NULL);

		return newbuffer;
	}
	static std::string to_utf8(const std::wstring& str)
	{
		return to_utf8(str.c_str(), (int)str.size());
	}
	BOOL IsValid() const {
		return (_filestream.is_open() && !_filestream.fail());
	}
	void Close() {
		if(IsValid())
			_filestream.close();
	}
	std::size_t WriteEventLogEntry(const std::wstring& strEntry) {
		if(_filestream) {
			std::string outtext = to_utf8(strEntry);
			_filestream << outtext << std::endl;

			//_filestream << strEntry << std::endl;
		}
		return 0;
	}
private:
	std::fstream _filestream;

};

class CEventLogW
{
public:
	CEventLogW(void);
	CEventLogW(LPCWSTR lpSrcName, BOOL bCustom = FALSE); 
	~CEventLogW(void);

	bool IsInitialized(void) const { return NULL != m_hEventLog; }
	DWORD FilterEventLog(LPCWSTR lpszSourceName, WORD wEventType,
		DWORD dwEventID, DWORD dwStartTime, DWORD dwEndTime);

	BOOL InitializeLogFile(const std::wstring& strFileName) {
		if(!pOutFile) {
			pOutFile = new EvtLogFileW(strFileName, TRUE);
			std::wstring strTitle;
			strTitle.append(L"============================================================\r\n");
			strTitle.append(m_szSourceName);
			strTitle.append(L"\r\n============================================================\r\n");
			pOutFile->WriteEventLogEntry(strTitle);
		}
		return (pOutFile != NULL && pOutFile->IsValid());
	}
	BOOL ClearLogFile() {
		if(pOutFile) {
			delete pOutFile;
			pOutFile = NULL;
		}
		return (pOutFile == NULL);
	}
protected:
	HRESULT Initialize(LPCWSTR lpSrcName, BOOL bCustom);
	void GetTimestamp(const DWORD Time, PSYSTEMTIME stTime, WCHAR DisplayString[]);

	static HMODULE GetMessageResources(LPCWSTR lpszdllPath)
	{
		HMODULE hResources;
		hResources = LoadLibraryExW(lpszdllPath, NULL, 
			LOAD_LIBRARY_AS_IMAGE_RESOURCE | LOAD_LIBRARY_AS_DATAFILE);
		if (NULL == hResources)
		{
			//!!wprintf(L"LoadLibrary(%s) failed with %lu.\n", lpszdllPath, GetLastError());
		}
		return hResources;
	}
	LPWSTR GetMessageString(HMODULE hModule, DWORD MessageId, DWORD argc, LPWSTR argv);
	DWORD ApplyParameterStringsToMessage(HMODULE hModule, CONST LPCWSTR pMessage, LPWSTR& pFinalMessage);

private:
	DWORD SeekToLastRecord();
	DWORD GetLastRecordNumber(DWORD* pdwRecordNumber);
	DWORD ReadSingleRecord(PBYTE & pBuffer, DWORD dwRecordNumber, DWORD dwReadFlags);
private:
	HANDLE m_hEventLog;
	WCHAR m_szSourceName[MAX_PATH];

	EvtLogFileW* pOutFile;
};

#endif //_TWINKLE_EVENT_LOG_W_HELPER_H_