internal EventLogRecord(EventLogHandle handle, EventLogSession session, ProviderMetadataCachedInformation cachedMetadataInfo) {
     this.cachedMetadataInformation = cachedMetadataInfo;
     this.handle = handle;
     this.session = session;
     systemProperties = new NativeWrapper.SystemProperties();
     syncObject = new object();
 }
示例#2
0
 public EventLogSession(string server, string domain, string user, SecureString password, SessionAuthentication logOnType)
 {
     this.renderContextHandleSystem = EventLogHandle.Zero;
     this.renderContextHandleUser = EventLogHandle.Zero;
     this.handle = EventLogHandle.Zero;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     if (server == null)
     {
         server = "localhost";
     }
     this.syncObject = new object();
     this.server = server;
     this.domain = domain;
     this.user = user;
     this.logOnType = logOnType;
     Microsoft.Win32.UnsafeNativeMethods.EvtRpcLogin login = new Microsoft.Win32.UnsafeNativeMethods.EvtRpcLogin {
         Server = this.server,
         User = this.user,
         Domain = this.domain,
         Flags = (int) this.logOnType,
         Password = CoTaskMemUnicodeSafeHandle.Zero
     };
     try
     {
         if (password != null)
         {
             login.Password.SetMemory(Marshal.SecureStringToCoTaskMemUnicode(password));
         }
         this.handle = NativeWrapper.EvtOpenSession(Microsoft.Win32.UnsafeNativeMethods.EvtLoginClass.EvtRpcLogin, ref login, 0, 0);
     }
     finally
     {
         login.Password.Close();
     }
 }
示例#3
0
 public EventLogSession()
 {
     this.renderContextHandleSystem = EventLogHandle.Zero;
     this.renderContextHandleUser = EventLogHandle.Zero;
     this.handle = EventLogHandle.Zero;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     this.syncObject = new object();
 }
示例#4
0
        public EventLogConfiguration(string logName, EventLogSession session)
        {
            if (session == null)
                session = EventLogSession.GlobalSession;

            _session = session;
            _channelName = logName;

            _handle = NativeWrapper.EvtOpenChannelConfig(_session.Handle, _channelName, 0);
        }
 public static void EvtSeek(
                     EventLogHandle resultSet,
                     long position,
                     EventLogHandle bookmark,
                     int timeout,
                     UnsafeNativeMethods.EvtSeekFlags flags) {
     bool status = UnsafeNativeMethods.EvtSeek(resultSet, position, bookmark, timeout, flags);
     int win32Error = Marshal.GetLastWin32Error();
     if (!status)
         EventLogException.Throw(win32Error);
 }
 public EventLogConfiguration(string logName, EventLogSession session)
 {
     this.handle = EventLogHandle.Zero;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     if (session == null)
     {
         session = EventLogSession.GlobalSession;
     }
     this.session = session;
     this.channelName = logName;
     this.handle = NativeWrapper.EvtOpenChannelConfig(this.session.Handle, this.channelName, 0);
 }
        internal void SetupSystemContext() {
            EventLogPermissionHolder.GetEventLogPermission().Demand();

            if (!this.renderContextHandleSystem.IsInvalid)
                return;
            lock (this.syncObject) {
                if (this.renderContextHandleSystem.IsInvalid) {
                    //create the SYSTEM render context
                    //call the EvtCreateRenderContext to get the renderContextHandleSystem, so that we can get the system/values/user properties.
                    this.renderContextHandleSystem = NativeWrapper.EvtCreateRenderContext(0, null, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextSystem);
                }
            }
        }
 public static EventLogHandle EvtQuery(
                     EventLogHandle session,
                     string path,
                     string query,
                     int flags) {
     if (s_platformNotSupported)
         throw new System.PlatformNotSupportedException();
     EventLogHandle handle = UnsafeNativeMethods.EvtQuery(session, path, query, flags);
     int win32Error = Marshal.GetLastWin32Error();
     if (handle.IsInvalid)
         EventLogException.Throw(win32Error);
     return handle;
 }
示例#9
0
        internal EventLogInformation(EventLogSession session, string channelName, PathType pathType)
        {
            EventLogHandle logHandle = NativeWrapper.EvtOpenLog(session.Handle, channelName, pathType);

            using (logHandle)
            {
                CreationTime       = (DateTime?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogCreationTime);
                LastAccessTime     = (DateTime?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogLastAccessTime);
                LastWriteTime      = (DateTime?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogLastWriteTime);
                FileSize           = (long?)((ulong?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogFileSize));
                Attributes         = (int?)((uint?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogAttributes));
                RecordCount        = (long?)((ulong?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogNumberOfLogRecords));
                OldestRecordNumber = (long?)((ulong?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogOldestRecordNumber));
                IsLogFull          = (bool?)NativeWrapper.EvtGetLogInfo(logHandle, UnsafeNativeMethods.EvtLogPropertyId.EvtLogFull);
            }
        }
 public string GetFormatDescription(string ProviderName, EventLogHandle eventHandle, string[] values)
 {
     lock (this)
     {
         ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture);
         ProviderMetadata   pm  = GetProviderMetadata(key);
         try
         {
             return(NativeWrapper.EvtFormatMessageFormatDescription(pm.Handle, eventHandle, values));
         }
         catch (EventLogNotFoundException)
         {
             return(null);
         }
     }
 }
示例#11
0
 // Setup the System Context, once for all the EventRecords.
 internal void SetupSystemContext()
 {
     if (!this.renderContextHandleSystem.IsInvalid)
     {
         return;
     }
     lock (_syncObject)
     {
         if (this.renderContextHandleSystem.IsInvalid)
         {
             // Create the SYSTEM render context
             // Call the EvtCreateRenderContext to get the renderContextHandleSystem, so that we can get the system/values/user properties.
             this.renderContextHandleSystem = NativeWrapper.EvtCreateRenderContext(0, null, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextSystem);
         }
     }
 }
        public string GetFormatDescription(string ProviderName, EventLogHandle eventHandle)
        {
            lock (this)
            {
                ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture);

                try
                {
                    ProviderMetadata pm = GetProviderMetadata(key);
                    return(NativeWrapper.EvtFormatMessageRenderName(pm.Handle, eventHandle, UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageEvent));
                }
                catch (EventLogNotFoundException)
                {
                    return(null);
                }
            }
        }
 public string GetFormatDescription(string ProviderName, EventLogHandle eventHandle)
 {
     string str;
     lock (this)
     {
         ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture);
         try
         {
             str = NativeWrapper.EvtFormatMessageRenderName(this.GetProviderMetadata(key).Handle, eventHandle, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageEvent);
         }
         catch (EventLogNotFoundException)
         {
             str = null;
         }
     }
     return str;
 }
        public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark)
        {
            if (eventQuery == null)
            {
                throw new ArgumentNullException("eventQuery");
            }
            string logfile = null;

            if (eventQuery.ThePathType == PathType.FilePath)
            {
                logfile = eventQuery.Path;
            }
            this.cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, logfile, 50);
            this.eventQuery   = eventQuery;
            this.batchSize    = 0x40;
            this.eventsBuffer = new IntPtr[this.batchSize];
            int flags = 0;

            if (this.eventQuery.ThePathType == PathType.LogName)
            {
                flags |= 1;
            }
            else
            {
                flags |= 2;
            }
            if (this.eventQuery.ReverseDirection)
            {
                flags |= 0x200;
            }
            if (this.eventQuery.TolerateQueryErrors)
            {
                flags |= 0x1000;
            }
            EventLogPermissionHolder.GetEventLogPermission().Demand();
            this.handle = NativeWrapper.EvtQuery(this.eventQuery.Session.Handle, this.eventQuery.Path, this.eventQuery.Query, flags);
            EventLogHandle bookmarkHandleFromBookmark = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark);

            if (!bookmarkHandleFromBookmark.IsInvalid)
            {
                using (bookmarkHandleFromBookmark)
                {
                    NativeWrapper.EvtSeek(this.handle, 1L, bookmarkHandleFromBookmark, 0, Microsoft.Win32.UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToBookmark);
                }
            }
        }
示例#15
0
        internal ProviderMetadata(string providerName, EventLogSession session, CultureInfo targetCultureInfo, string logFilePath)
        {
            if (targetCultureInfo == null)
                targetCultureInfo = CultureInfo.CurrentCulture;

            if (session == null)
                session = EventLogSession.GlobalSession;

            _session = session;
            _providerName = providerName;
            _cultureInfo = targetCultureInfo;
            _logFilePath = logFilePath;

            _handle = NativeWrapper.EvtOpenProviderMetadata(_session.Handle, _providerName, _logFilePath, 0, 0);

            _syncObject = new object();
        }
 public string GetFormatDescription(string ProviderName, EventLogHandle eventHandle, string[] values)
 {
     string str;
     lock (this)
     {
         ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture);
         ProviderMetadata providerMetadata = this.GetProviderMetadata(key);
         try
         {
             str = NativeWrapper.EvtFormatMessageFormatDescription(providerMetadata.Handle, eventHandle, values);
         }
         catch (EventLogNotFoundException)
         {
             str = null;
         }
     }
     return str;
 }
        public string GetFormatDescription(string ProviderName, EventLogHandle eventHandle)
        {
            string str;

            lock (this)
            {
                ProviderMetadataId key = new ProviderMetadataId(ProviderName, CultureInfo.CurrentCulture);
                try
                {
                    str = NativeWrapper.EvtFormatMessageRenderName(this.GetProviderMetadata(key).Handle, eventHandle, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageEvent);
                }
                catch (EventLogNotFoundException)
                {
                    str = null;
                }
            }
            return(str);
        }
示例#18
0
 public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark)
 {
     if (eventQuery == null)
     {
         throw new ArgumentNullException("eventQuery");
     }
     string logfile = null;
     if (eventQuery.ThePathType == PathType.FilePath)
     {
         logfile = eventQuery.Path;
     }
     this.cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, logfile, 50);
     this.eventQuery = eventQuery;
     this.batchSize = 0x40;
     this.eventsBuffer = new IntPtr[this.batchSize];
     int flags = 0;
     if (this.eventQuery.ThePathType == PathType.LogName)
     {
         flags |= 1;
     }
     else
     {
         flags |= 2;
     }
     if (this.eventQuery.ReverseDirection)
     {
         flags |= 0x200;
     }
     if (this.eventQuery.TolerateQueryErrors)
     {
         flags |= 0x1000;
     }
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     this.handle = NativeWrapper.EvtQuery(this.eventQuery.Session.Handle, this.eventQuery.Path, this.eventQuery.Query, flags);
     EventLogHandle bookmarkHandleFromBookmark = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark);
     if (!bookmarkHandleFromBookmark.IsInvalid)
     {
         using (bookmarkHandleFromBookmark)
         {
             NativeWrapper.EvtSeek(this.handle, 1L, bookmarkHandleFromBookmark, 0, Microsoft.Win32.UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToBookmark);
         }
     }
 }
示例#19
0
        public IEnumerable <string> GetProviderNames()
        {
            EventLogPermissionHolder.GetEventLogPermission().Demand();
            List <string> list = new List <string>(100);

            using (EventLogHandle handle = NativeWrapper.EvtOpenProviderEnum(this.Handle, 0))
            {
                bool finish = false;
                do
                {
                    string item = NativeWrapper.EvtNextPublisherId(handle, ref finish);
                    if (!finish)
                    {
                        list.Add(item);
                    }
                }while (!finish);
                return(list);
            }
        }
 internal ProviderMetadata(string providerName, EventLogSession session, CultureInfo targetCultureInfo, string logFilePath)
 {
     this.handle = EventLogHandle.Zero;
     this.defaultProviderHandle = EventLogHandle.Zero;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     if (targetCultureInfo == null)
     {
         targetCultureInfo = CultureInfo.CurrentCulture;
     }
     if (session == null)
     {
         session = EventLogSession.GlobalSession;
     }
     this.session = session;
     this.providerName = providerName;
     this.cultureInfo = targetCultureInfo;
     this.logFilePath = logFilePath;
     this.handle = NativeWrapper.EvtOpenProviderMetadata(this.session.Handle, this.providerName, this.logFilePath, this.cultureInfo.LCID, 0);
     this.syncObject = new object();
 }
示例#21
0
 internal ProviderMetadata(string providerName, EventLogSession session, CultureInfo targetCultureInfo, string logFilePath)
 {
     this.handle = EventLogHandle.Zero;
     this.defaultProviderHandle = EventLogHandle.Zero;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     if (targetCultureInfo == null)
     {
         targetCultureInfo = CultureInfo.CurrentCulture;
     }
     if (session == null)
     {
         session = EventLogSession.GlobalSession;
     }
     this.session      = session;
     this.providerName = providerName;
     this.cultureInfo  = targetCultureInfo;
     this.logFilePath  = logFilePath;
     this.handle       = NativeWrapper.EvtOpenProviderMetadata(this.session.Handle, this.providerName, this.logFilePath, this.cultureInfo.LCID, 0);
     this.syncObject   = new object();
 }
示例#22
0
        public IEnumerable <string> GetLogNames()
        {
            List <string> namesList = new List <string>(100);

            using (EventLogHandle channelEnum = NativeWrapper.EvtOpenChannelEnum(this.Handle, 0))
            {
                bool finish = false;

                do
                {
                    string s = NativeWrapper.EvtNextChannelPath(channelEnum, ref finish);
                    if (finish == false)
                    {
                        namesList.Add(s);
                    }
                }while (finish == false);

                return(namesList);
            }
        }
示例#23
0
        public IEnumerable <string> GetProviderNames()
        {
            List <string> namesList = new List <string>(100);

            using (EventLogHandle ProviderEnum = NativeWrapper.EvtOpenProviderEnum(this.Handle, 0))
            {
                bool finish = false;

                do
                {
                    string s = NativeWrapper.EvtNextPublisherId(ProviderEnum, ref finish);
                    if (finish == false)
                    {
                        namesList.Add(s);
                    }
                }while (finish == false);

                return(namesList);
            }
        }
 public EventLogPropertySelector(IEnumerable<string> propertyQueries)
 {
     string[] strArray;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     if (propertyQueries == null)
     {
         throw new ArgumentNullException("propertyQueries");
     }
     ICollection<string> is2 = propertyQueries as ICollection<string>;
     if (is2 != null)
     {
         strArray = new string[is2.Count];
         is2.CopyTo(strArray, 0);
     }
     else
     {
         strArray = new List<string>(propertyQueries).ToArray();
     }
     this.renderContextHandleValues = NativeWrapper.EvtCreateRenderContext(strArray.Length, strArray, Microsoft.Win32.UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextValues);
 }
        public EventLogPropertySelector(IEnumerable <string> propertyQueries)
        {
            string[] strArray;
            EventLogPermissionHolder.GetEventLogPermission().Demand();
            if (propertyQueries == null)
            {
                throw new ArgumentNullException("propertyQueries");
            }
            ICollection <string> is2 = propertyQueries as ICollection <string>;

            if (is2 != null)
            {
                strArray = new string[is2.Count];
                is2.CopyTo(strArray, 0);
            }
            else
            {
                strArray = new List <string>(propertyQueries).ToArray();
            }
            this.renderContextHandleValues = NativeWrapper.EvtCreateRenderContext(strArray.Length, strArray, Microsoft.Win32.UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextValues);
        }
示例#26
0
        internal ProviderMetadata(string providerName, EventLogSession session, CultureInfo targetCultureInfo, string logFilePath)
        {
            if (targetCultureInfo == null)
            {
                targetCultureInfo = CultureInfo.CurrentCulture;
            }

            if (session == null)
            {
                session = EventLogSession.GlobalSession;
            }

            _session      = session;
            _providerName = providerName;
            _cultureInfo  = targetCultureInfo;
            _logFilePath  = logFilePath;

            _handle = NativeWrapper.EvtOpenProviderMetadata(_session.Handle, _providerName, _logFilePath, 0, 0);

            _syncObject = new object();
        }
示例#27
0
        internal EventLogInformation(EventLogSession session, string channelName, PathType pathType)
        {
            EventLogPermissionHolder.GetEventLogPermission().Demand();
            EventLogHandle handle = NativeWrapper.EvtOpenLog(session.Handle, channelName, pathType);

            using (handle)
            {
                this.creationTime   = (DateTime?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogCreationTime);
                this.lastAccessTime = (DateTime?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogLastAccessTime);
                this.lastWriteTime  = (DateTime?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogLastWriteTime);
                long?nullable = (long?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogFileSize);
                this.fileSize = nullable.HasValue ? new long?(nullable.GetValueOrDefault()) : null;
                int?nullable3 = (int?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogAttributes);
                this.fileAttributes = nullable3.HasValue ? new int?(nullable3.GetValueOrDefault()) : null;
                long?nullable5 = (long?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogNumberOfLogRecords);
                this.recordCount = nullable5.HasValue ? new long?(nullable5.GetValueOrDefault()) : null;
                long?nullable7 = (long?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogOldestRecordNumber);
                this.oldestRecordNumber = nullable7.HasValue ? new long?(nullable7.GetValueOrDefault()) : null;
                this.isLogFull          = (bool?)NativeWrapper.EvtGetLogInfo(handle, Microsoft.Win32.UnsafeNativeMethods.EvtLogPropertyId.EvtLogFull);
            }
        }
        public EventLogPropertySelector(IEnumerable<string> propertyQueries)
        {
            if (propertyQueries == null)
                throw new ArgumentNullException("propertyQueries");

            string[] paths;

            ICollection<string> coll = propertyQueries as ICollection<string>;
            if (coll != null)
            {
                paths = new string[coll.Count];
                coll.CopyTo(paths, 0);
            }
            else
            {
                List<string> queries;
                queries = new List<string>(propertyQueries);
                paths = queries.ToArray();
            }

            _renderContextHandleValues = NativeWrapper.EvtCreateRenderContext(paths.Length, paths, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextValues);
        }
        public EventLogPropertySelector(IEnumerable<string> propertyQueries) {

            EventLogPermissionHolder.GetEventLogPermission().Demand();

            if (propertyQueries == null)
                throw new ArgumentNullException("propertyQueries");

            string[] paths;

            ICollection<string> coll = propertyQueries as ICollection<string>;
            if (coll != null) {
                paths = new string[coll.Count];
                coll.CopyTo(paths, 0);
            }
            else {
                List<string> queries;
                queries = new List<string>(propertyQueries);
                paths = queries.ToArray();
            }

            renderContextHandleValues = NativeWrapper.EvtCreateRenderContext(paths.Length, paths, UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextValues);
        }
示例#30
0
        public EventLogSession(string server, string domain, string user, SecureString password, SessionAuthentication logOnType)
        {
            EventLogPermissionHolder.GetEventLogPermission().Demand();

            if (server == null)
            {
                server = "localhost";
            }

            syncObject = new object();

            this.server    = server;
            this.domain    = domain;
            this.user      = user;
            this.logOnType = logOnType;

            UnsafeNativeMethods.EvtRpcLogin erLogin = new UnsafeNativeMethods.EvtRpcLogin
            {
                Server   = this.server,
                User     = this.user,
                Domain   = this.domain,
                Flags    = (int)this.logOnType,
                Password = CoTaskMemUnicodeSafeHandle.Zero
            };

            try
            {
                if (password != null)
                {
                    erLogin.Password.SetMemory(Marshal.SecureStringToCoTaskMemUnicode(password));
                }
                //open a session using the erLogin structure.
                handle = NativeWrapper.EvtOpenSession(UnsafeNativeMethods.EvtLoginClass.EvtRpcLogin, ref erLogin, 0, 0);
            }
            finally
            {
                erLogin.Password.Close();
            }
        }
示例#31
0
        internal void StartSubscribing()
        {
            if (this.isSubscribing)
            {
                throw new InvalidOperationException();
            }
            int flags = 0;

            if (this.bookmark != null)
            {
                flags |= 3;
            }
            else if (this.readExistingEvents)
            {
                flags |= 2;
            }
            else
            {
                flags |= 1;
            }
            if (this.eventQuery.TolerateQueryErrors)
            {
                flags |= 0x1000;
            }
            EventLogPermissionHolder.GetEventLogPermission().Demand();
            this.callbackThreadId       = -1;
            this.unregisterDoneHandle   = new AutoResetEvent(false);
            this.subscriptionWaitHandle = new AutoResetEvent(false);
            EventLogHandle bookmarkHandleFromBookmark = EventLogRecord.GetBookmarkHandleFromBookmark(this.bookmark);

            using (bookmarkHandleFromBookmark)
            {
                this.handle = NativeWrapper.EvtSubscribe(this.eventQuery.Session.Handle, this.subscriptionWaitHandle.SafeWaitHandle, this.eventQuery.Path, this.eventQuery.Query, bookmarkHandleFromBookmark, IntPtr.Zero, IntPtr.Zero, flags);
            }
            this.isSubscribing = true;
            this.RequestEvents();
            this.registeredWaitHandle = ThreadPool.RegisterWaitForSingleObject(this.subscriptionWaitHandle, new WaitOrTimerCallback(this.SubscribedEventsAvailableCallback), null, -1, false);
        }
示例#32
0
        internal object GetProviderListProperty(EventLogHandle providerHandle, UnsafeNativeMethods.EvtPublisherMetadataPropertyId metadataProperty)
        {
            EventLogHandle elHandle = EventLogHandle.Zero;

            try
            {
                UnsafeNativeMethods.EvtPublisherMetadataPropertyId propName;
                UnsafeNativeMethods.EvtPublisherMetadataPropertyId propValue;
                UnsafeNativeMethods.EvtPublisherMetadataPropertyId propMessageId;
                ObjectTypeName objectTypeName;

                List <EventLevel>   levelList   = null;
                List <EventOpcode>  opcodeList  = null;
                List <EventKeyword> keywordList = null;
                List <EventTask>    taskList    = null;

                elHandle = NativeWrapper.EvtGetPublisherMetadataPropertyHandle(providerHandle, metadataProperty);

                int arraySize = NativeWrapper.EvtGetObjectArraySize(elHandle);

                switch (metadataProperty)
                {
                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevels:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelMessageID;
                    objectTypeName = ObjectTypeName.Level;
                    levelList      = new List <EventLevel>(arraySize);
                    break;

                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodes:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeMessageID;
                    objectTypeName = ObjectTypeName.Opcode;
                    opcodeList     = new List <EventOpcode>(arraySize);
                    break;

                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywords:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordMessageID;
                    objectTypeName = ObjectTypeName.Keyword;
                    keywordList    = new List <EventKeyword>(arraySize);
                    break;

                case UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTasks:
                    propName       = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskName;
                    propValue      = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskValue;
                    propMessageId  = UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskMessageID;
                    objectTypeName = ObjectTypeName.Task;
                    taskList       = new List <EventTask>(arraySize);
                    break;

                default:
                    return(null);
                }
                for (int index = 0; index < arraySize; index++)
                {
                    string generalName = (string)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propName);

                    uint generalValue        = 0;
                    long generalValueKeyword = 0;
                    if (objectTypeName != ObjectTypeName.Keyword)
                    {
                        generalValue = (uint)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propValue);
                    }
                    else
                    {
                        generalValueKeyword = unchecked ((long)((ulong)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propValue)));
                    }

                    int generalMessageId = unchecked ((int)((uint)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)propMessageId)));

                    string generalDisplayName = null;

                    if (generalMessageId == -1)
                    {
                        if (providerHandle != _defaultProviderHandle)
                        {
                            if (_defaultProviderHandle.IsInvalid)
                            {
                                _defaultProviderHandle = NativeWrapper.EvtOpenProviderMetadata(_session.Handle, null, null, 0, 0);
                            }

                            switch (objectTypeName)
                            {
                            case ObjectTypeName.Level:
                                generalDisplayName = FindStandardLevelDisplayName(generalName, generalValue);
                                break;

                            case ObjectTypeName.Opcode:
                                generalDisplayName = FindStandardOpcodeDisplayName(generalName, generalValue >> 16);
                                break;

                            case ObjectTypeName.Keyword:
                                generalDisplayName = FindStandardKeywordDisplayName(generalName, generalValueKeyword);
                                break;

                            case ObjectTypeName.Task:
                                generalDisplayName = FindStandardTaskDisplayName(generalName, generalValue);
                                break;

                            default:
                                generalDisplayName = null;
                                break;
                            }
                        }
                    }
                    else
                    {
                        generalDisplayName = NativeWrapper.EvtFormatMessage(providerHandle, unchecked ((uint)generalMessageId));
                    }

                    switch (objectTypeName)
                    {
                    case ObjectTypeName.Level:
                        levelList.Add(new EventLevel(generalName, (int)generalValue, generalDisplayName));
                        break;

                    case ObjectTypeName.Opcode:
                        opcodeList.Add(new EventOpcode(generalName, (int)(generalValue >> 16), generalDisplayName));
                        break;

                    case ObjectTypeName.Keyword:
                        keywordList.Add(new EventKeyword(generalName, (long)generalValueKeyword, generalDisplayName));
                        break;

                    case ObjectTypeName.Task:
                        Guid taskGuid = (Guid)NativeWrapper.EvtGetObjectArrayProperty(elHandle, index, (int)UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskEventGuid);
                        taskList.Add(new EventTask(generalName, (int)generalValue, generalDisplayName, taskGuid));
                        break;

                    default:
                        return(null);
                    }
                }

                switch (objectTypeName)
                {
                case ObjectTypeName.Level:
                    return(levelList);

                case ObjectTypeName.Opcode:
                    return(opcodeList);

                case ObjectTypeName.Keyword:
                    return(keywordList);

                case ObjectTypeName.Task:
                    return(taskList);
                }
                return(null);
            }
            finally
            {
                elHandle.Dispose();
            }
        }
        internal void StartSubscribing() {

            if (this.isSubscribing)
                throw new InvalidOperationException();

            int flag = 0;
            if (bookmark != null)
                flag |= (int)UnsafeNativeMethods.EvtSubscribeFlags.EvtSubscribeStartAfterBookmark;
            else if (this.readExistingEvents)
                flag |= (int)UnsafeNativeMethods.EvtSubscribeFlags.EvtSubscribeStartAtOldestRecord;
            else
                flag |= (int)UnsafeNativeMethods.EvtSubscribeFlags.EvtSubscribeToFutureEvents;

            if (this.eventQuery.TolerateQueryErrors)
                flag |= (int)UnsafeNativeMethods.EvtSubscribeFlags.EvtSubscribeTolerateQueryErrors;

            EventLogPermissionHolder.GetEventLogPermission().Demand();

            this.callbackThreadId = -1;
            this.unregisterDoneHandle = new AutoResetEvent(false);
            this.subscriptionWaitHandle = new AutoResetEvent(false);

            EventLogHandle bookmarkHandle = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark);

            using (bookmarkHandle) {

                handle = NativeWrapper.EvtSubscribe(this.eventQuery.Session.Handle,
                    this.subscriptionWaitHandle.SafeWaitHandle,
                    this.eventQuery.Path,
                    this.eventQuery.Query,
                    bookmarkHandle,
                    IntPtr.Zero,
                    IntPtr.Zero,
                    flag);
            }

            this.isSubscribing = true;

            RequestEvents();

            this.registeredWaitHandle = ThreadPool.RegisterWaitForSingleObject(
                this.subscriptionWaitHandle,
                new WaitOrTimerCallback(SubscribedEventsAvailableCallback),
                null,
                -1,
                false);          
        }
示例#34
0
 internal void StartSubscribing()
 {
     if (this.isSubscribing)
     {
         throw new InvalidOperationException();
     }
     int flags = 0;
     if (this.bookmark != null)
     {
         flags |= 3;
     }
     else if (this.readExistingEvents)
     {
         flags |= 2;
     }
     else
     {
         flags |= 1;
     }
     if (this.eventQuery.TolerateQueryErrors)
     {
         flags |= 0x1000;
     }
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     this.callbackThreadId = -1;
     this.unregisterDoneHandle = new AutoResetEvent(false);
     this.subscriptionWaitHandle = new AutoResetEvent(false);
     EventLogHandle bookmarkHandleFromBookmark = EventLogRecord.GetBookmarkHandleFromBookmark(this.bookmark);
     using (bookmarkHandleFromBookmark)
     {
         this.handle = NativeWrapper.EvtSubscribe(this.eventQuery.Session.Handle, this.subscriptionWaitHandle.SafeWaitHandle, this.eventQuery.Path, this.eventQuery.Query, bookmarkHandleFromBookmark, IntPtr.Zero, IntPtr.Zero, flags);
     }
     this.isSubscribing = true;
     this.RequestEvents();
     this.registeredWaitHandle = ThreadPool.RegisterWaitForSingleObject(this.subscriptionWaitHandle, new WaitOrTimerCallback(this.SubscribedEventsAvailableCallback), null, -1, false);
 }
示例#35
0
        public EventLogReader(EventLogQuery eventQuery, EventBookmark bookmark)
        {
            if (eventQuery == null)
            {
                throw new ArgumentNullException("eventQuery");
            }

            string logfile = null;

            if (eventQuery.ThePathType == PathType.FilePath)
            {
                logfile = eventQuery.Path;
            }

            _cachedMetadataInformation = new ProviderMetadataCachedInformation(eventQuery.Session, logfile, 50);

            //explicit data
            _eventQuery = eventQuery;

            //implicit
            _batchSize    = 64;
            _eventsBuffer = new IntPtr[_batchSize];

            //
            // compute the flag.
            //
            int flag = 0;

            if (_eventQuery.ThePathType == PathType.LogName)
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryChannelPath;
            }
            else
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryFilePath;
            }

            if (_eventQuery.ReverseDirection)
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryReverseDirection;
            }

            if (_eventQuery.TolerateQueryErrors)
            {
                flag |= (int)UnsafeNativeMethods.EvtQueryFlags.EvtQueryTolerateQueryErrors;
            }

            _handle = NativeWrapper.EvtQuery(_eventQuery.Session.Handle,
                                             _eventQuery.Path, _eventQuery.Query,
                                             flag);

            EventLogHandle bookmarkHandle = EventLogRecord.GetBookmarkHandleFromBookmark(bookmark);

            if (!bookmarkHandle.IsInvalid)
            {
                using (bookmarkHandle)
                {
                    NativeWrapper.EvtSeek(_handle, 1, bookmarkHandle, 0, UnsafeNativeMethods.EvtSeekFlags.EvtSeekRelativeToBookmark);
                }
            }
        }
示例#36
0
 public static string EvtNextPublisherId(EventLogHandle handle, ref bool finish)
 {
     int num;
     StringBuilder publisherIdBuffer = new StringBuilder(null);
     bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtNextPublisherId(handle, 0, publisherIdBuffer, out num);
     int errorCode = Marshal.GetLastWin32Error();
     if (!flag)
     {
         if (errorCode == 0x103)
         {
             finish = true;
             return null;
         }
         if (errorCode != 0x7a)
         {
             EventLogException.Throw(errorCode);
         }
     }
     publisherIdBuffer.EnsureCapacity(num);
     flag = Microsoft.Win32.UnsafeNativeMethods.EvtNextPublisherId(handle, num, publisherIdBuffer, out num);
     errorCode = Marshal.GetLastWin32Error();
     if (!flag)
     {
         EventLogException.Throw(errorCode);
     }
     return publisherIdBuffer.ToString();
 }
示例#37
0
        public static IEnumerable<string> EvtFormatMessageRenderKeywords(EventLogHandle pmHandle, EventLogHandle eventHandle, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags flag)
        {
            IEnumerable<string> enumerable;
            EventLogPermissionHolder.GetEventLogPermission().Demand();
            IntPtr zero = IntPtr.Zero;
            try
            {
                int num;
                List<string> list = new List<string>();
                bool flag2 = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageBuffer(pmHandle, eventHandle, 0, 0, IntPtr.Zero, flag, 0, IntPtr.Zero, out num);
                int errorCode = Marshal.GetLastWin32Error();
                if (!flag2)
                {
                    switch (errorCode)
                    {
                        case 0x3ab9:
                        case 0x3afc:
                        case 0x3ab3:
                        case 0x3ab4:
                        case 0x717:
                            return list.AsReadOnly();
                    }
                    if (errorCode != 0x7a)
                    {
                        EventLogException.Throw(errorCode);
                    }
                }
                zero = Marshal.AllocHGlobal((int) (num * 2));
                flag2 = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageBuffer(pmHandle, eventHandle, 0, 0, IntPtr.Zero, flag, num, zero, out num);
                errorCode = Marshal.GetLastWin32Error();
                if (!flag2)
                {
                    switch (errorCode)
                    {
                        case 0x3ab9:
                        case 0x3afc:
                            return list;

                        case 0x3ab3:
                        case 0x3ab4:
                            return list;

                        case 0x717:
                            return list;
                    }
                    EventLogException.Throw(errorCode);
                }
                IntPtr ptr = zero;
                while (true)
                {
                    string str = Marshal.PtrToStringAuto(ptr);
                    if (string.IsNullOrEmpty(str))
                    {
                        break;
                    }
                    list.Add(str);
                    ptr = new IntPtr((((long) ptr) + (str.Length * 2)) + 2L);
                }
                enumerable = list.AsReadOnly();
            }
            finally
            {
                if (zero != IntPtr.Zero)
                {
                    Marshal.FreeHGlobal(zero);
                }
            }
            return enumerable;
        }
示例#38
0
 internal void SetupUserContext()
 {
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     lock (this.syncObject)
     {
         if (this.renderContextHandleUser.IsInvalid)
         {
             this.renderContextHandleUser = NativeWrapper.EvtCreateRenderContext(0, null, Microsoft.Win32.UnsafeNativeMethods.EvtRenderContextFlags.EvtRenderContextUser);
         }
     }
 }
示例#39
0
 public static object EvtGetQueryInfo(EventLogHandle handle, Microsoft.Win32.UnsafeNativeMethods.EvtQueryPropertyId enumType)
 {
     object obj2;
     IntPtr zero = IntPtr.Zero;
     int bufferRequired = 0;
     try
     {
         bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetQueryInfo(handle, enumType, 0, IntPtr.Zero, ref bufferRequired);
         int errorCode = Marshal.GetLastWin32Error();
         if (!flag && (errorCode != 0x7a))
         {
             EventLogException.Throw(errorCode);
         }
         zero = Marshal.AllocHGlobal(bufferRequired);
         flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetQueryInfo(handle, enumType, bufferRequired, zero, ref bufferRequired);
         errorCode = Marshal.GetLastWin32Error();
         if (!flag)
         {
             EventLogException.Throw(errorCode);
         }
         Microsoft.Win32.UnsafeNativeMethods.EvtVariant val = (Microsoft.Win32.UnsafeNativeMethods.EvtVariant) Marshal.PtrToStructure(zero, typeof(Microsoft.Win32.UnsafeNativeMethods.EvtVariant));
         obj2 = ConvertToObject(val);
     }
     finally
     {
         if (zero != IntPtr.Zero)
         {
             Marshal.FreeHGlobal(zero);
         }
     }
     return obj2;
 }
示例#40
0
 internal static EventLogHandle EvtGetPublisherMetadataPropertyHandle(EventLogHandle pmHandle, Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId thePropertyId)
 {
     EventLogHandle handle;
     IntPtr zero = IntPtr.Zero;
     try
     {
         int num;
         bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, 0, IntPtr.Zero, out num);
         int errorCode = Marshal.GetLastWin32Error();
         if (!flag && (errorCode != 0x7a))
         {
             EventLogException.Throw(errorCode);
         }
         zero = Marshal.AllocHGlobal(num);
         flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, num, zero, out num);
         errorCode = Marshal.GetLastWin32Error();
         if (!flag)
         {
             EventLogException.Throw(errorCode);
         }
         Microsoft.Win32.UnsafeNativeMethods.EvtVariant val = (Microsoft.Win32.UnsafeNativeMethods.EvtVariant) Marshal.PtrToStructure(zero, typeof(Microsoft.Win32.UnsafeNativeMethods.EvtVariant));
         handle = ConvertToSafeHandle(val);
     }
     finally
     {
         if (zero != IntPtr.Zero)
         {
             Marshal.FreeHGlobal(zero);
         }
     }
     return handle;
 }
示例#41
0
        public static string EvtFormatMessage(EventLogHandle handle, uint msgId)
        {
            int num;
            if (s_platformNotSupported)
            {
                throw new PlatformNotSupportedException();
            }
            StringBuilder buffer = new StringBuilder(null);
            bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessage(handle, EventLogHandle.Zero, msgId, 0, null, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageId, 0, buffer, out num);
            int errorCode = Marshal.GetLastWin32Error();
            if ((!flag && (errorCode != 0x3ab5)) && ((errorCode != 0x3ab6) && (errorCode != 0x3ab7)))
            {
                switch (errorCode)
                {
                    case 0x3ab9:
                    case 0x3afc:
                    case 0x3ab3:
                    case 0x3ab4:
                    case 0x717:
                        return null;
                }
                if (errorCode != 0x7a)
                {
                    EventLogException.Throw(errorCode);
                }
            }
            buffer.EnsureCapacity(num);
            flag = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessage(handle, EventLogHandle.Zero, msgId, 0, null, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageId, num, buffer, out num);
            errorCode = Marshal.GetLastWin32Error();
            if ((!flag && (errorCode != 0x3ab5)) && ((errorCode != 0x3ab6) && (errorCode != 0x3ab7)))
            {
                switch (errorCode)
                {
                    case 0x3ab9:
                    case 0x3afc:
                    case 0x3ab3:
                    case 0x3ab4:
                    case 0x717:
                        return null;

                    case 0x3ab5:
                        return null;
                }
                EventLogException.Throw(errorCode);
            }
            return buffer.ToString();
        }
示例#42
0
 public static int EvtGetObjectArraySize(EventLogHandle objectArray)
 {
     int num;
     bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetObjectArraySize(objectArray, out num);
     int errorCode = Marshal.GetLastWin32Error();
     if (!flag)
     {
         EventLogException.Throw(errorCode);
     }
     return num;
 }
示例#43
0
 public static object EvtGetObjectArrayProperty(EventLogHandle objArrayHandle, int index, int thePropertyId)
 {
     object obj2;
     IntPtr zero = IntPtr.Zero;
     try
     {
         int num;
         bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetObjectArrayProperty(objArrayHandle, thePropertyId, index, 0, 0, IntPtr.Zero, out num);
         int errorCode = Marshal.GetLastWin32Error();
         if (!flag && (errorCode != 0x7a))
         {
             EventLogException.Throw(errorCode);
         }
         zero = Marshal.AllocHGlobal(num);
         flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetObjectArrayProperty(objArrayHandle, thePropertyId, index, 0, num, zero, out num);
         errorCode = Marshal.GetLastWin32Error();
         if (!flag)
         {
             EventLogException.Throw(errorCode);
         }
         Microsoft.Win32.UnsafeNativeMethods.EvtVariant val = (Microsoft.Win32.UnsafeNativeMethods.EvtVariant) Marshal.PtrToStructure(zero, typeof(Microsoft.Win32.UnsafeNativeMethods.EvtVariant));
         obj2 = ConvertToObject(val);
     }
     finally
     {
         if (zero != IntPtr.Zero)
         {
             Marshal.FreeHGlobal(zero);
         }
     }
     return obj2;
 }
示例#44
0
 public static string EvtFormatMessageRenderName(EventLogHandle pmHandle, EventLogHandle eventHandle, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags flag)
 {
     int num;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     StringBuilder buffer = new StringBuilder(null);
     bool flag2 = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessage(pmHandle, eventHandle, 0, 0, null, flag, 0, buffer, out num);
     int errorCode = Marshal.GetLastWin32Error();
     if (!flag2 && (errorCode != 0x3ab5))
     {
         switch (errorCode)
         {
             case 0x3ab9:
             case 0x3afc:
             case 0x3ab3:
             case 0x3ab4:
             case 0x717:
                 return null;
         }
         if (errorCode != 0x7a)
         {
             EventLogException.Throw(errorCode);
         }
     }
     buffer.EnsureCapacity(num);
     flag2 = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessage(pmHandle, eventHandle, 0, 0, null, flag, num, buffer, out num);
     errorCode = Marshal.GetLastWin32Error();
     if (!flag2 && (errorCode != 0x3ab5))
     {
         switch (errorCode)
         {
             case 0x3ab9:
             case 0x3afc:
             case 0x3ab3:
             case 0x3ab4:
             case 0x717:
                 return null;
         }
         EventLogException.Throw(errorCode);
     }
     return buffer.ToString();
 }
示例#45
0
        internal object GetProviderListProperty(EventLogHandle providerHandle, Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId metadataProperty)
        {
            object         obj2;
            EventLogHandle zero = EventLogHandle.Zero;

            EventLogPermissionHolder.GetEventLogPermission().Demand();
            try
            {
                Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeName;
                Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeValue;
                Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId evtPublisherMetadataOpcodeMessageID;
                ObjectTypeName      opcode;
                List <EventLevel>   list  = null;
                List <EventOpcode>  list2 = null;
                List <EventKeyword> list3 = null;
                List <EventTask>    list4 = null;
                zero = NativeWrapper.EvtGetPublisherMetadataPropertyHandle(providerHandle, metadataProperty);
                int capacity = NativeWrapper.EvtGetObjectArraySize(zero);
                switch (metadataProperty)
                {
                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodes:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataOpcodeMessageID;
                    opcode = ObjectTypeName.Opcode;
                    list2  = new List <EventOpcode>(capacity);
                    break;

                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywords:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataKeywordMessageID;
                    opcode = ObjectTypeName.Keyword;
                    list3  = new List <EventKeyword>(capacity);
                    break;

                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevels:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataLevelMessageID;
                    opcode = ObjectTypeName.Level;
                    list   = new List <EventLevel>(capacity);
                    break;

                case Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTasks:
                    evtPublisherMetadataOpcodeName      = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskName;
                    evtPublisherMetadataOpcodeValue     = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskValue;
                    evtPublisherMetadataOpcodeMessageID = Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId.EvtPublisherMetadataTaskMessageID;
                    opcode = ObjectTypeName.Task;
                    list4  = new List <EventTask>(capacity);
                    break;

                default:
                    return(null);
                }
                for (int i = 0; i < capacity; i++)
                {
                    string name = (string)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeName);
                    uint   num3 = 0;
                    long   num4 = 0L;
                    if (opcode != ObjectTypeName.Keyword)
                    {
                        num3 = (uint)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeValue);
                    }
                    else
                    {
                        num4 = (long)((ulong)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeValue));
                    }
                    int    num5        = (int)((uint)NativeWrapper.EvtGetObjectArrayProperty(zero, i, (int)evtPublisherMetadataOpcodeMessageID));
                    string displayName = null;
                    if (num5 == -1)
                    {
                        if (providerHandle != this.defaultProviderHandle)
                        {
                            if (this.defaultProviderHandle.IsInvalid)
                            {
                                this.defaultProviderHandle = NativeWrapper.EvtOpenProviderMetadata(this.session.Handle, null, null, this.cultureInfo.LCID, 0);
                            }
                            switch (opcode)
                            {
                            case ObjectTypeName.Level:
                                displayName = this.FindStandardLevelDisplayName(name, num3);
                                goto Label_01BA;

                            case ObjectTypeName.Opcode:
                                displayName = this.FindStandardOpcodeDisplayName(name, num3 >> 0x10);
                                goto Label_01BA;

                            case ObjectTypeName.Task:
                                displayName = this.FindStandardTaskDisplayName(name, num3);
                                goto Label_01BA;

                            case ObjectTypeName.Keyword:
                                displayName = this.FindStandardKeywordDisplayName(name, num4);
                                goto Label_01BA;
                            }
                            displayName = null;
                        }
                    }
                    else
                    {
                        displayName = NativeWrapper.EvtFormatMessage(providerHandle, (uint)num5);
                    }
Label_01BA:
                    switch (opcode)
                    {
                    case ObjectTypeName.Level:
                        list.Add(new EventLevel(name, (int)num3, displayName));
                        break;

                    case ObjectTypeName.Opcode:
                        list2.Add(new EventOpcode(name, (int)(num3 >> 0x10), displayName));
                        break;

                    case ObjectTypeName.Task:
                    {
                        Guid guid = (Guid)NativeWrapper.EvtGetObjectArrayProperty(zero, i, 0x12);
                        list4.Add(new EventTask(name, (int)num3, displayName, guid));
                        break;
                    }

                    case ObjectTypeName.Keyword:
                        list3.Add(new EventKeyword(name, num4, displayName));
                        break;

                    default:
                        return(null);
                    }
                }
                switch (opcode)
                {
                case ObjectTypeName.Level:
                    return(list);

                case ObjectTypeName.Opcode:
                    return(list2);

                case ObjectTypeName.Task:
                    return(list4);

                case ObjectTypeName.Keyword:
                    return(list3);
                }
                obj2 = null;
            }
            finally
            {
                zero.Close();
            }
            return(obj2);
        }
示例#46
0
 public static bool EvtNext(EventLogHandle queryHandle, int eventSize, IntPtr[] events, int timeout, int flags, ref int returned)
 {
     bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtNext(queryHandle, eventSize, events, timeout, flags, ref returned);
     int errorCode = Marshal.GetLastWin32Error();
     if (!flag && (errorCode != 0x103))
     {
         EventLogException.Throw(errorCode);
     }
     return (errorCode == 0);
 }
示例#47
0
 public static EventLogHandle EvtNextEventMetadata(EventLogHandle eventMetadataEnum, int flags)
 {
     EventLogHandle handle = Microsoft.Win32.UnsafeNativeMethods.EvtNextEventMetadata(eventMetadataEnum, flags);
     int errorCode = Marshal.GetLastWin32Error();
     if (!handle.IsInvalid)
     {
         return handle;
     }
     if (errorCode != 0x103)
     {
         EventLogException.Throw(errorCode);
     }
     return null;
 }
示例#48
0
 public static object EvtGetPublisherMetadataProperty(EventLogHandle pmHandle, Microsoft.Win32.UnsafeNativeMethods.EvtPublisherMetadataPropertyId thePropertyId)
 {
     object obj2;
     IntPtr zero = IntPtr.Zero;
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     try
     {
         int num;
         bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, 0, IntPtr.Zero, out num);
         int errorCode = Marshal.GetLastWin32Error();
         if (!flag && (errorCode != 0x7a))
         {
             EventLogException.Throw(errorCode);
         }
         zero = Marshal.AllocHGlobal(num);
         flag = Microsoft.Win32.UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, num, zero, out num);
         errorCode = Marshal.GetLastWin32Error();
         if (!flag)
         {
             EventLogException.Throw(errorCode);
         }
         Microsoft.Win32.UnsafeNativeMethods.EvtVariant val = (Microsoft.Win32.UnsafeNativeMethods.EvtVariant) Marshal.PtrToStructure(zero, typeof(Microsoft.Win32.UnsafeNativeMethods.EvtVariant));
         obj2 = ConvertToObject(val);
     }
     finally
     {
         if (zero != IntPtr.Zero)
         {
             Marshal.FreeHGlobal(zero);
         }
     }
     return obj2;
 }
示例#49
0
 public static string EvtFormatMessageFormatDescription(EventLogHandle handle, EventLogHandle eventHandle, string[] values)
 {
     int num;
     if (s_platformNotSupported)
     {
         throw new PlatformNotSupportedException();
     }
     EventLogPermissionHolder.GetEventLogPermission().Demand();
     Microsoft.Win32.UnsafeNativeMethods.EvtStringVariant[] variantArray = new Microsoft.Win32.UnsafeNativeMethods.EvtStringVariant[values.Length];
     for (int i = 0; i < values.Length; i++)
     {
         variantArray[i].Type = 1;
         variantArray[i].StringVal = values[i];
     }
     StringBuilder buffer = new StringBuilder(null);
     bool flag = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessage(handle, eventHandle, uint.MaxValue, values.Length, variantArray, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageEvent, 0, buffer, out num);
     int errorCode = Marshal.GetLastWin32Error();
     if (!flag && (errorCode != 0x3ab5))
     {
         switch (errorCode)
         {
             case 0x3ab9:
             case 0x3afc:
             case 0x3ab3:
             case 0x3ab4:
             case 0x717:
                 return null;
         }
         if (errorCode != 0x7a)
         {
             EventLogException.Throw(errorCode);
         }
     }
     buffer.EnsureCapacity(num);
     flag = Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessage(handle, eventHandle, uint.MaxValue, values.Length, variantArray, Microsoft.Win32.UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageEvent, num, buffer, out num);
     errorCode = Marshal.GetLastWin32Error();
     if (!flag && (errorCode != 0x3ab5))
     {
         switch (errorCode)
         {
             case 0x3ab9:
             case 0x3afc:
             case 0x3ab3:
             case 0x3ab4:
             case 0x717:
                 return null;
         }
         EventLogException.Throw(errorCode);
     }
     return buffer.ToString();
 }