Attachment #87320 for bug #205274

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

View | Details | Raw Unified | Return to bug 205274
Collapse All | Expand All




const int MAX_MSG_STY = 21;

FILE *fpOut = NULL;
TCHAR szKeyName[128];

LPSTR GetDescriptionStringFromRegKey(EVENTLOGRECORD *pRecord,  LPSTR source);
LPSTR getSourceName(EVENTLOGRECORD *record);

void main(int argc , char * argv[] )
{
	const DWORD cBufferSize = 500;
	HANDLE hLog = NULL;
	EVENTLOGRECORD *pevlr = NULL;
	HKEY hKey;

	DWORD dwRead, dwNeeded;



	if(argc < 2)
	{
		error("Usage: EventLogReader.exe logName <outputFilename>");

		return;
	}

	/* search for event source registry key */
    lstrcpy( szKeyName, "System\\CurrentControlSet\\Services\\EventLog\\");
	lstrcat( szKeyName, argv[1] );

	if (RegOpenKeyEx( HKEY_LOCAL_MACHINE, szKeyName, 0, KEY_READ, &hKey )  == NOERROR )
	{
		// Open the Application event log.
		hLog = OpenEventLog( NULL,    // use local computer
             argv[1]);   // source name
	}	
	
	RegCloseKey(hKey);

	if (hLog == NULL)
	{

    BOOL bResult = FALSE;
    HKEY hKey;
    DWORD dwBytesReturned;
    TCHAR tmpSzKeyName[128];

    /* search for event source registry key */
    lstrcpy( tmpSzKeyName, szKeyName );
	lstrcat( tmpSzKeyName, "\\" );
    lstrcat( tmpSzKeyName, lpszESName );
    if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, tmpSzKeyName, 0, KEY_READ, &hKey ) != ERROR_SUCCESS )
    {
		/* The registry key of event source is not found, so message cannot be retrieved. 
		   Things like this are generally encountered when the application that wrote the event to 
		   windows events is uninstalled.
		*/
		RegCloseKey(hKey);
        return FALSE;
        {
            lstrcpy( szKeyName, "System\\CurrentControlSet\\Services\\EventLog\\application\\" );
            lstrcat( szKeyName, lpszESName );
			RegCloseKey(hKey);
            if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, szKeyName, 0, KEY_READ, &hKey ) != ERROR_SUCCESS )
            {
				/* The registry key of event source is not found, so message cannot be retrieved. 
				   Things like this are generally encountered when the application that wrote the event to 
				   windows events is uninstalled.
				*/
				RegCloseKey(hKey);
                return FALSE;
            }
        }
    }

    bResult = TRUE; /* Found the registered event source key */

Return to bug 205274

Lines 53-58 Link Here

(-)src.native/converters/Reader.cpp (-26 / +24 lines)
53	const int MAX_MSG_STY = 21;	53	const int MAX_MSG_STY = 21;
54		54
55	FILE *fpOut = NULL;	55	FILE *fpOut = NULL;
		56	TCHAR szKeyName[128];
56		57
57	LPSTR GetDescriptionStringFromRegKey(EVENTLOGRECORD *pRecord, LPSTR source);	58	LPSTR GetDescriptionStringFromRegKey(EVENTLOGRECORD *pRecord, LPSTR source);
58	LPSTR getSourceName(EVENTLOGRECORD *record);	59	LPSTR getSourceName(EVENTLOGRECORD *record);
Lines 304-316 Link Here
304	void main(int argc , char * argv[] )	305	void main(int argc , char * argv[] )
305	{	306	{
306	const DWORD cBufferSize = 500;	307	const DWORD cBufferSize = 500;
307	HANDLE hLog;	308	HANDLE hLog = NULL;
308	EVENTLOGRECORD *pevlr = NULL;	309	EVENTLOGRECORD *pevlr = NULL;
		310	HKEY hKey;
309		311
310	DWORD dwRead, dwNeeded;	312	DWORD dwRead, dwNeeded;
311		313
312
313
314	if(argc < 2)	314	if(argc < 2)
315	{	315	{
316	error("Usage: EventLogReader.exe logName <outputFilename>");	316	error("Usage: EventLogReader.exe logName <outputFilename>");
Lines 338-346 Link Here
338	return;	338	return;
339	}	339	}
340		340
341	// Open the Application event log.	341	/* search for event source registry key */
342	hLog = OpenEventLog( NULL, // use local computer	342	lstrcpy( szKeyName, "System\\CurrentControlSet\\Services\\EventLog\\");
		343	lstrcat( szKeyName, argv[1] );
		344
		345	if (RegOpenKeyEx( HKEY_LOCAL_MACHINE, szKeyName, 0, KEY_READ, &hKey ) == NOERROR )
		346	{
		347	// Open the Application event log.
		348	hLog = OpenEventLog( NULL, // use local computer
343	argv[1]); // source name	349	argv[1]); // source name
		350	}
		351
		352	RegCloseKey(hKey);
344		353
345	if (hLog == NULL)	354	if (hLog == NULL)
346	{	355	{
Lines 592-622 Link Here
592	BOOL bResult = FALSE;	601	BOOL bResult = FALSE;
593	HKEY hKey;	602	HKEY hKey;
594	DWORD dwBytesReturned;	603	DWORD dwBytesReturned;
595	TCHAR szKeyName[128];	604	TCHAR tmpSzKeyName[128];
596		605
597	/* search for event source registry key */	606	/* search for event source registry key */
598	lstrcpy( szKeyName, "System\\CurrentControlSet\\Services\\EventLog\\Security\\" );	607	lstrcpy( tmpSzKeyName, szKeyName );
599	lstrcat( szKeyName, lpszESName );	608	lstrcat( tmpSzKeyName, "\\" );
600	if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, szKeyName, 0, KEY_READ, &hKey ) != ERROR_SUCCESS )	609	lstrcat( tmpSzKeyName, lpszESName );
		610	if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, tmpSzKeyName, 0, KEY_READ, &hKey ) != ERROR_SUCCESS )
601	{	611	{
602	lstrcpy( szKeyName, "System\\CurrentControlSet\\Services\\EventLog\\System\\" );	612	/* The registry key of event source is not found, so message cannot be retrieved.
603	lstrcat( szKeyName, lpszESName );	613	Things like this are generally encountered when the application that wrote the event to
		614	windows events is uninstalled.
		615	*/
604	RegCloseKey(hKey);	616	RegCloseKey(hKey);
605	if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, szKeyName, 0, KEY_READ, &hKey ) != ERROR_SUCCESS )	617	return FALSE;
606	{
607	lstrcpy( szKeyName, "System\\CurrentControlSet\\Services\\EventLog\\application\\" );
608	lstrcat( szKeyName, lpszESName );
609	RegCloseKey(hKey);
610	if ( RegOpenKeyEx( HKEY_LOCAL_MACHINE, szKeyName, 0, KEY_READ, &hKey ) != ERROR_SUCCESS )
611	{
612	/* The registry key of event source is not found, so message cannot be retrieved.
613	Things like this are generally encountered when the application that wrote the event to
614	windows events is uninstalled.
615	*/
616	RegCloseKey(hKey);
617	return FALSE;
618	}
619	}
620	}	618	}
621		619
622	bResult = TRUE; /* Found the registered event source key */	620	bResult = TRUE; /* Found the registered event source key */