internal object GetProviderListProperty(EventLogHandle providerHandle, UnsafeNativeMethods.EvtPublisherMetadataPropertyId metadataProperty)
{
EventLogHandle elHandle = EventLogHandle.Zero;
EventLogPermissionHolder.GetEventLogPermission().Demand();
try
{
UnsafeNativeMethods.EvtPublisherMetadataPropertyId propName;
UnsafeNativeMethods.EvtPublisherMetadataPropertyId propValue;
UnsafeNativeMethods.EvtPublisherMetadataPropertyId propMessageId;
ObjectTypeName objectTypeName;
List <EventLevel> levelList = null;
List <EventOpcode> opcodeList = null;
List <EventKeyword> keywordList = null;
List <EventTask> taskList = null;
elHandle = NativeWrapper.EvtGetPublisherMetadataPropertyHandle(providerHandle, metadataProperty);
int arraySize = NativeWrapper.EvtGetObjectArraySize(elHandle);
switch (metadataProperty)
{
case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevels:
propName = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelName;
propValue = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelValue;
propMessageId = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelMessageID;
objectTypeName = ObjectTypeName.Level;
levelList = new List <EventLevel>(arraySize);
break;
case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodes:
propName = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeName;
propValue = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeValue;
propMessageId = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeMessageID;
objectTypeName = ObjectTypeName.Opcode;
opcodeList = new List <EventOpcode>(arraySize);
break;
case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywords:
propName = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordName;
propValue = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordValue;
propMessageId = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordMessageID;
objectTypeName = ObjectTypeName.Keyword;
keywordList = new List <EventKeyword>(arraySize);
break;
case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTasks:
propName = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskName;
propValue = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskValue;
propMessageId = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskMessageID;
objectTypeName = ObjectTypeName.Task;
taskList = new List <EventTask>(arraySize);
break;
default:
return(null);
}
for (int index = 0; index < arraySize; index++)
{
string generalName = (string)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propName);
uint generalValue = 0;
long generalValueKeyword = 0;
if (objectTypeName != ObjectTypeName.Keyword)
{
generalValue = (uint)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propValue);
}
else
{
generalValueKeyword = (long)((ulong)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propValue));
}
int generalMessageId = (int)((uint)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propMessageId));
string generalDisplayName = null;
if (generalMessageId == -1)
{
if (providerHandle != this.defaultProviderHandle)
{
if (this.defaultProviderHandle.IsInvalid)
{
this.defaultProviderHandle = NativeWrapper.EvtOpenProviderMetadata(this.session.Handle, null, null, this.cultureInfo.LCID, 0);
}
switch (objectTypeName)
{
case ObjectTypeName.Level:
generalDisplayName = FindStandardLevelDisplayName(generalName, generalValue);
break;
case ObjectTypeName.Opcode:
generalDisplayName = FindStandardOpcodeDisplayName(generalName, generalValue >> 16);
break;
case ObjectTypeName.Keyword:
generalDisplayName = FindStandardKeywordDisplayName(generalName, generalValueKeyword);
break;
case ObjectTypeName.Task:
generalDisplayName = FindStandardTaskDisplayName(generalName, generalValue);
break;
default:
generalDisplayName = null;
break;
}
}
}
else
{
generalDisplayName = NativeWrapper.EvtFormatMessage(providerHandle, (uint)generalMessageId);
}
switch (objectTypeName)
{
case ObjectTypeName.Level:
levelList.Add(new EventLevel(generalName, (int)generalValue, generalDisplayName));
break;
case ObjectTypeName.Opcode:
opcodeList.Add(new EventOpcode(generalName, (int)(generalValue >> 16), generalDisplayName));
break;
case ObjectTypeName.Keyword:
keywordList.Add(new EventKeyword(generalName, (long)generalValueKeyword, generalDisplayName));
break;
case ObjectTypeName.Task:
Guid taskGuid = (Guid)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskEventGuid);
taskList.Add(new EventTask(generalName, (int)generalValue, generalDisplayName, taskGuid));
break;
default:
return(null);
}
}
switch (objectTypeName)
{
case ObjectTypeName.Level:
return(levelList);
case ObjectTypeName.Opcode:
return(opcodeList);
case ObjectTypeName.Keyword:
return(keywordList);
case ObjectTypeName.Task:
return(taskList);
}
return(null);
}
finally
{
elHandle.Close();
}
}
internal object GetProviderListProperty(EventLogHandle providerHandle, Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId metadataProperty)
{
object obj2;
EventLogHandle zero = EventLogHandle.Zero;
EventLogPermissionHolder.GetEventLogPermission().Demand();
try
{
Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeName;
Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeValue;
Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeMessageID;
ObjectTypeName opcode;
List <EventLevel> list = null;
List <EventOpcode> list2 = null;
List <EventKeyword> list3 = null;
List <EventTask> list4 = null;
zero = NativeWrapper.EvtGetPublisherMetadataPropertyHandle(providerHandle, metadataProperty);
int capacity = NativeWrapper.EvtGetObjectArraySize(zero);
switch (metadataProperty)
{
case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodes:
evtPublisherMetadataOpcodeName = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeName;
evtPublisherMetadataOpcodeValue = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeValue;
evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeMessageID;
opcode = ObjectTypeName.Opcode;
list2 = new List <EventOpcode>(capacity);
break;
case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywords:
evtPublisherMetadataOpcodeName = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordName;
evtPublisherMetadataOpcodeValue = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordValue;
evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordMessageID;
opcode = ObjectTypeName.Keyword;
list3 = new List <EventKeyword>(capacity);
break;
case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevels:
evtPublisherMetadataOpcodeName = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelName;
evtPublisherMetadataOpcodeValue = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelValue;
evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelMessageID;
opcode = ObjectTypeName.Level;
list = new List <EventLevel>(capacity);
break;
case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTasks:
evtPublisherMetadataOpcodeName = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskName;
evtPublisherMetadataOpcodeValue = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskValue;
evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskMessageID;
opcode = ObjectTypeName.Task;
list4 = new List <EventTask>(capacity);
break;
default:
return(null);
}
for (int i = 0; i < capacity; i++)
{
string name = (string)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeName);
uint num3 = 0;
long num4 = 0L;
if (opcode != ObjectTypeName.Keyword)
{
num3 = (uint)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeValue);
}
else
{
num4 = (long)((ulong)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeValue));
}
int num5 = (int)((uint)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeMessageID));
string displayName = null;
if (num5 == -1)
{
if (providerHandle != this.defaultProviderHandle)
{
if (this.defaultProviderHandle.IsInvalid)
{
this.defaultProviderHandle = NativeWrapper.EvtOpenProviderMetadata(this.session.Handle, null, null, this.cultureInfo.LCID, 0);
}
switch (opcode)
{
case ObjectTypeName.Level:
displayName = this.FindStandardLevelDisplayName(name, num3);
goto Label_01BA;
case ObjectTypeName.Opcode:
displayName = this.FindStandardOpcodeDisplayName(name, num3 >> 0x10);
goto Label_01BA;
case ObjectTypeName.Task:
displayName = this.FindStandardTaskDisplayName(name, num3);
goto Label_01BA;
case ObjectTypeName.Keyword:
displayName = this.FindStandardKeywordDisplayName(name, num4);
goto Label_01BA;
}
displayName = null;
}
}
else
{
displayName = NativeWrapper.EvtFormatMessage(providerHandle, (uint)num5);
}
Label_01BA:
switch (opcode)
{
case ObjectTypeName.Level:
list.Add(new EventLevel(name, (int)num3, displayName));
break;
case ObjectTypeName.Opcode:
list2.Add(new EventOpcode(name, (int)(num3 >> 0x10), displayName));
break;
case ObjectTypeName.Task:
{
Guid guid = (Guid)NativeWrapper.EvtGetObjectArrayProperty(zero, i, 0x12);
list4.Add(new EventTask(name, (int)num3, displayName, guid));
break;
}
case ObjectTypeName.Keyword:
list3.Add(new EventKeyword(name, num4, displayName));
break;
default:
return(null);
}
}
switch (opcode)
{
case ObjectTypeName.Level:
return(list);
case ObjectTypeName.Opcode:
return(list2);
case ObjectTypeName.Task:
return(list4);
case ObjectTypeName.Keyword:
return(list3);
}
obj2 = null;
}
finally
{
zero.Close();
}
return(obj2);
}
