2010-11-15 Ramon Novoa <rnovoa@artica.es>
* modules/pandora_module_logevent.cc, modules/pandora_module_logevent.h: Search for event log descriptions in multiple DLLs if necessary. Improved event log error detection. git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3588 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
parent
96de9ef5b8
commit
81bb7cd037
|
@ -1,3 +1,9 @@
|
||||||
|
2010-11-15 Ramon Novoa <rnovoa@artica.es>
|
||||||
|
|
||||||
|
* modules/pandora_module_logevent.cc,
|
||||||
|
modules/pandora_module_logevent.h: Search for event log descriptions
|
||||||
|
in multiple DLLs if necessary. Improved event log error detection.
|
||||||
|
|
||||||
2010-11-14 Sancho Lerena <slerena@artica.es>
|
2010-11-14 Sancho Lerena <slerena@artica.es>
|
||||||
|
|
||||||
* bin/util/pandora_update.exe: This small binary (see the Unix
|
* bin/util/pandora_update.exe: This small binary (see the Unix
|
||||||
|
|
|
@ -64,6 +64,7 @@ Pandora_Module_Logevent::Pandora_Module_Logevent (string name, string source, st
|
||||||
this->pattern = pattern;
|
this->pattern = pattern;
|
||||||
this->application = application;
|
this->application = application;
|
||||||
this->log_event = NULL;
|
this->log_event = NULL;
|
||||||
|
this->first_run = 1;
|
||||||
this->setKind (module_logevent_str);
|
this->setKind (module_logevent_str);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -127,8 +128,11 @@ Pandora_Module_Logevent::openLogEvent () {
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Discard existing events
|
// Discard existing events the first time the module is executed
|
||||||
|
if (this->first_run == 1) {
|
||||||
this->getLogEvents (event_list, 1);
|
this->getLogEvents (event_list, 1);
|
||||||
|
this->first_run = 0;
|
||||||
|
}
|
||||||
|
|
||||||
return this->log_event;
|
return this->log_event;
|
||||||
}
|
}
|
||||||
|
@ -200,6 +204,11 @@ Pandora_Module_Logevent::getLogEvents (list<string> &event_list, unsigned char d
|
||||||
|
|
||||||
// Try to read the event again
|
// Try to read the event again
|
||||||
continue;
|
continue;
|
||||||
|
// File corrupted or cleared
|
||||||
|
} else if (last_error == ERROR_EVENTLOG_FILE_CORRUPT || last_error == ERROR_EVENTLOG_FILE_CHANGED) {
|
||||||
|
closeLogEvent ();
|
||||||
|
free ((void *) buffer);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
// Unknown error
|
// Unknown error
|
||||||
else {
|
else {
|
||||||
|
@ -289,6 +298,7 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
|
||||||
DWORD max_path, type;
|
DWORD max_path, type;
|
||||||
LPCSTR source_name;
|
LPCSTR source_name;
|
||||||
TCHAR **strings = NULL;
|
TCHAR **strings = NULL;
|
||||||
|
char *dll_start = NULL, *dll_end = NULL, *exe_file_path_end = NULL;
|
||||||
|
|
||||||
message[0] = 0;
|
message[0] = 0;
|
||||||
|
|
||||||
|
@ -309,14 +319,6 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
|
||||||
strncpy(exe_file_path, exe_file, _MAX_PATH + 1);
|
strncpy(exe_file_path, exe_file, _MAX_PATH + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Load the DLL
|
|
||||||
module = LoadLibraryEx (exe_file_path, 0, DONT_RESOLVE_DLL_REFERENCES);
|
|
||||||
if(module == NULL) {
|
|
||||||
RegCloseKey(hk);
|
|
||||||
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Get the event strings
|
// Get the event strings
|
||||||
strings = (TCHAR**)malloc (pevlr->NumStrings * sizeof(TCHAR *));
|
strings = (TCHAR**)malloc (pevlr->NumStrings * sizeof(TCHAR *));
|
||||||
if (strings == NULL) {
|
if (strings == NULL) {
|
||||||
|
@ -339,9 +341,35 @@ Pandora_Module_Logevent::getEventDescription (PEVENTLOGRECORD pevlr, char *messa
|
||||||
offset += len + 1;
|
offset += len + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Move to the first DLL
|
||||||
|
dll_start = (char *) exe_file_path;
|
||||||
|
dll_end = strchr (exe_file_path, ';');
|
||||||
|
if (dll_end != NULL) {
|
||||||
|
*dll_end = '\0';
|
||||||
|
}
|
||||||
|
exe_file_path_end = ((char *) exe_file_path) + _MAX_PATH * sizeof (TCHAR);
|
||||||
|
|
||||||
|
while (1) {
|
||||||
|
// Load the DLL
|
||||||
|
module = LoadLibraryEx (dll_start, 0, DONT_RESOLVE_DLL_REFERENCES);
|
||||||
|
if(module == NULL) {
|
||||||
|
pandoraDebug("LoadLibraryEx error %d. Exe file path %s.", GetLastError(), exe_file_path);
|
||||||
|
} else {
|
||||||
// Get the description
|
// Get the description
|
||||||
if (FormatMessage (FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, module, pevlr->EventID, 0, (LPTSTR)message, BUFFER_SIZE, strings) == 0) {
|
FormatMessage (FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_ARGUMENT_ARRAY, module, pevlr->EventID, 0, (LPTSTR)message, BUFFER_SIZE, strings);
|
||||||
message[0] = 0;
|
}
|
||||||
|
|
||||||
|
// No more DLLs
|
||||||
|
if (dll_end == NULL || dll_end >= exe_file_path_end) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Move to the next DLL
|
||||||
|
dll_start = dll_end + sizeof (TCHAR);
|
||||||
|
dll_end = strchr (dll_start, ';');
|
||||||
|
if (dll_end != NULL) {
|
||||||
|
*dll_end = '\0';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Clean up
|
// Clean up
|
||||||
|
|
|
@ -41,6 +41,7 @@ namespace Pandora_Modules {
|
||||||
private:
|
private:
|
||||||
unsigned long id;
|
unsigned long id;
|
||||||
int type;
|
int type;
|
||||||
|
unsigned char first_run;
|
||||||
string source;
|
string source;
|
||||||
string application;
|
string application;
|
||||||
string pattern;
|
string pattern;
|
||||||
|
|
Loading…
Reference in New Issue