/mcs/class/referencesource/System.Core/System/Diagnostics/Eventing/Reader/NativeWrapper.cs
C# | 997 lines | 812 code | 130 blank | 55 comment | 169 complexity | 050df31eaf93f8c0bf3c969f9f39b184 MD5 | raw file
Possible License(s): LGPL-2.0, MPL-2.0-no-copyleft-exception, CC-BY-SA-3.0, GPL-2.0
- // ==++==
- //
- // Copyright (c) Microsoft Corporation. All rights reserved.
- //
- // ==--==
- /*============================================================
- **
- ** Class: NativeWrapper
- **
- ** Purpose:
- ** This internal class contains wrapper methods over the Native
- ** Methods of the Eventlog API. Unlike the raw Native Methods,
- ** these methods throw EventLogExceptions, check platform
- ** availablity and perform additional helper functionality
- ** specific to function. Also, all methods of this class expose
- ** the Link Demand for Unmanaged Permission to callers.
- **
- ============================================================*/
- using System;
- using System.Collections;
- using System.Collections.Generic;
- using System.Runtime.InteropServices;
- using System.Text;
- using System.Security.Principal;
- using System.Security.Permissions;
- using Microsoft.Win32.SafeHandles;
- using Microsoft.Win32;
- namespace System.Diagnostics.Eventing.Reader {
- internal class NativeWrapper {
- private static bool s_platformNotSupported = (Environment.OSVersion.Version.Major < 6);
- [System.Security.Permissions.HostProtection(MayLeakOnAbort = true)]
- public class SystemProperties {
- //indicates if the SystemProperties values were already computed (for this event Instance, surely).
- public bool filled = false;
- public ushort? Id = null;
- public byte? Version = null;
- public ushort? Qualifiers = null;
- public byte? Level = null;
- public ushort? Task = null;
- public byte? Opcode = null;
- public ulong? Keywords = null;
- public ulong? RecordId = null;
- public string ProviderName = null;
- public Guid? ProviderId = null;
- public string ChannelName = null;
- public uint? ProcessId = null;
- public uint? ThreadId = null;
- public string ComputerName = null;
- public System.Security.Principal.SecurityIdentifier UserId = null;
- public DateTime? TimeCreated = null;
- public Guid? ActivityId = null;
- public Guid? RelatedActivityId = null;
- public SystemProperties() {
- }
- }
-
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtQuery(
- EventLogHandle session,
- string path,
- string query,
- int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle handle = UnsafeNativeMethods.EvtQuery(session, path, query, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (handle.IsInvalid)
- EventLogException.Throw(win32Error);
- return handle;
- }
-
- [System.Security.SecurityCritical]
- public static void EvtSeek(
- EventLogHandle resultSet,
- long position,
- EventLogHandle bookmark,
- int timeout,
- UnsafeNativeMethods.EvtSeekFlags flags) {
- bool status = UnsafeNativeMethods.EvtSeek(resultSet, position, bookmark, timeout, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtSubscribe(
- EventLogHandle session,
- SafeWaitHandle signalEvent,
- string path,
- string query,
- EventLogHandle bookmark,
- IntPtr context,
- IntPtr callback,
- int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle handle = UnsafeNativeMethods.EvtSubscribe(
- session,
- signalEvent,
- path,
- query,
- bookmark,
- context,
- callback,
- flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (handle.IsInvalid)
- EventLogException.Throw(win32Error);
- return handle;
- }
- [System.Security.SecurityCritical]
- public static bool EvtNext(
- EventLogHandle queryHandle,
- int eventSize,
- IntPtr[] events,
- int timeout,
- int flags,
- ref int returned) {
- bool status = UnsafeNativeMethods.EvtNext(queryHandle, eventSize, events, timeout, flags, ref returned);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status && win32Error != UnsafeNativeMethods.ERROR_NO_MORE_ITEMS)
- EventLogException.Throw(win32Error);
- return win32Error == 0;
- }
- [System.Security.SecuritySafeCritical]
- public static void EvtCancel(EventLogHandle handle) {
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- if (!UnsafeNativeMethods.EvtCancel(handle)) {
- int win32Error = Marshal.GetLastWin32Error();
- EventLogException.Throw(win32Error);
- }
- }
- [System.Security.SecurityCritical]
- public static void EvtClose(IntPtr handle) {
- //
- // purposely don't check and throw - this is
- // always called in cleanup / finalize / etc..
- //
- UnsafeNativeMethods.EvtClose(handle);
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtOpenProviderMetadata(
- EventLogHandle session,
- string ProviderId,
- string logFilePath,
- int locale,
- int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- //
- // ignore locale and pass 0 instead: that way, the thread locale will be retrieved in the API layer
- // and the "strict rendering" flag will NOT be set. Otherwise, the fall back logic is broken and the descriptions
- // are not returned if the exact locale is not present on the server.
- //
- EventLogHandle handle = UnsafeNativeMethods.EvtOpenPublisherMetadata(session, ProviderId, logFilePath, 0, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (handle.IsInvalid)
- EventLogException.Throw(win32Error);
- return handle;
- }
- [System.Security.SecurityCritical]
- public static int EvtGetObjectArraySize(EventLogHandle objectArray) {
- int arraySize;
- bool status = UnsafeNativeMethods.EvtGetObjectArraySize(objectArray, out arraySize);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- return arraySize;
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtOpenEventMetadataEnum(EventLogHandle ProviderMetadata, int flags) {
- EventLogHandle emEnumHandle = UnsafeNativeMethods.EvtOpenEventMetadataEnum(ProviderMetadata, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (emEnumHandle.IsInvalid)
- EventLogException.Throw(win32Error);
- return emEnumHandle;
- }
- // returns null if EOF
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtNextEventMetadata(EventLogHandle eventMetadataEnum, int flags) {
- EventLogHandle emHandle = UnsafeNativeMethods.EvtNextEventMetadata(eventMetadataEnum, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (emHandle.IsInvalid) {
- if (win32Error != UnsafeNativeMethods.ERROR_NO_MORE_ITEMS)
- EventLogException.Throw(win32Error);
- return null;
- }
- return emHandle;
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtOpenChannelEnum(EventLogHandle session, int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle channelEnum = UnsafeNativeMethods.EvtOpenChannelEnum(session, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (channelEnum.IsInvalid)
- EventLogException.Throw(win32Error);
- return channelEnum;
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtOpenProviderEnum(EventLogHandle session, int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle pubEnum = UnsafeNativeMethods.EvtOpenPublisherEnum(session, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (pubEnum.IsInvalid)
- EventLogException.Throw(win32Error);
- return pubEnum;
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtOpenChannelConfig(EventLogHandle session, String channelPath, int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle handle = UnsafeNativeMethods.EvtOpenChannelConfig(session, channelPath, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (handle.IsInvalid)
- EventLogException.Throw(win32Error);
- return handle;
- }
- [System.Security.SecuritySafeCritical]
- public static void EvtSaveChannelConfig(EventLogHandle channelConfig, int flags) {
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- bool status = UnsafeNativeMethods.EvtSaveChannelConfig(channelConfig, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtOpenLog(EventLogHandle session, string path, PathType flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle logHandle = UnsafeNativeMethods.EvtOpenLog(session, path, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (logHandle.IsInvalid)
- EventLogException.Throw(win32Error);
- return logHandle;
- }
- [System.Security.SecuritySafeCritical]
- public static void EvtExportLog(
- EventLogHandle session,
- string channelPath,
- string query,
- string targetFilePath,
- int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- bool status;
- status = UnsafeNativeMethods.EvtExportLog(session, channelPath, query, targetFilePath, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- }
- [System.Security.SecuritySafeCritical]
- public static void EvtArchiveExportedLog(
- EventLogHandle session,
- string logFilePath,
- int locale,
- int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- bool status;
- status = UnsafeNativeMethods.EvtArchiveExportedLog(session, logFilePath, locale, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- }
- [System.Security.SecuritySafeCritical]
- public static void EvtClearLog(
- EventLogHandle session,
- string channelPath,
- string targetFilePath,
- int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- bool status;
- status = UnsafeNativeMethods.EvtClearLog(session, channelPath, targetFilePath, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtCreateRenderContext(
- Int32 valuePathsCount,
- String[] valuePaths,
- UnsafeNativeMethods.EvtRenderContextFlags flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle renderContextHandleValues = UnsafeNativeMethods.EvtCreateRenderContext(valuePathsCount, valuePaths, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (renderContextHandleValues.IsInvalid)
- EventLogException.Throw(win32Error);
- return renderContextHandleValues;
- }
- [System.Security.SecurityCritical]
- public static void EvtRender(
- EventLogHandle context,
- EventLogHandle eventHandle,
- UnsafeNativeMethods.EvtRenderFlags flags,
- StringBuilder buffer) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- int buffUsed;
- int propCount;
- bool status = UnsafeNativeMethods.EvtRender(context, eventHandle, flags, buffer.Capacity, buffer, out buffUsed, out propCount);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status) {
- if (win32Error == UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER) {
- //reallocate the new RenderBuffer with the right size.
- buffer.Capacity = buffUsed;
- status = UnsafeNativeMethods.EvtRender(context, eventHandle, flags, buffer.Capacity, buffer, out buffUsed, out propCount);
- win32Error = Marshal.GetLastWin32Error();
- }
- if (!status) {
- EventLogException.Throw(win32Error);
- }
- }
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtOpenSession(UnsafeNativeMethods.EvtLoginClass loginClass, ref UnsafeNativeMethods.EvtRpcLogin login, int timeout, int flags) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle handle = UnsafeNativeMethods.EvtOpenSession(loginClass, ref login, timeout, flags);
- int win32Error = Marshal.GetLastWin32Error();
- if (handle.IsInvalid)
- EventLogException.Throw(win32Error);
- return handle;
- }
- [System.Security.SecurityCritical]
- public static EventLogHandle EvtCreateBookmark(string bookmarkXml) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- EventLogHandle handle = UnsafeNativeMethods.EvtCreateBookmark(bookmarkXml);
- int win32Error = Marshal.GetLastWin32Error();
- if (handle.IsInvalid)
- EventLogException.Throw(win32Error);
- return handle;
- }
- [System.Security.SecurityCritical]
- public static void EvtUpdateBookmark(EventLogHandle bookmark, EventLogHandle eventHandle) {
- bool status = UnsafeNativeMethods.EvtUpdateBookmark(bookmark, eventHandle);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- }
- [System.Security.SecuritySafeCritical]
- public static object EvtGetEventInfo(EventLogHandle handle, UnsafeNativeMethods.EvtEventPropertyId enumType) {
- IntPtr buffer = IntPtr.Zero;
- int bufferNeeded;
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- try {
- bool status = UnsafeNativeMethods.EvtGetEventInfo(handle, enumType, 0, IntPtr.Zero, out bufferNeeded);
- int error = Marshal.GetLastWin32Error();
- if (!status) {
- if (error == UnsafeNativeMethods.ERROR_SUCCESS) { }
- else
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetEventInfo(handle, enumType, bufferNeeded, buffer, out bufferNeeded);
- error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(error);
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToObject(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero)
- Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecurityCritical]
- public static object EvtGetQueryInfo(EventLogHandle handle, UnsafeNativeMethods.EvtQueryPropertyId enumType) {
- IntPtr buffer = IntPtr.Zero;
- int bufferNeeded = 0;
- try {
- bool status = UnsafeNativeMethods.EvtGetQueryInfo(handle, enumType, 0, IntPtr.Zero, ref bufferNeeded);
- int error = Marshal.GetLastWin32Error();
- if (!status) {
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetQueryInfo(handle, enumType, bufferNeeded, buffer, ref bufferNeeded);
- error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(error);
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToObject(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero) Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecuritySafeCritical]
- public static object EvtGetPublisherMetadataProperty(EventLogHandle pmHandle, UnsafeNativeMethods.EvtPublisherMetadataPropertyId thePropertyId) {
- IntPtr buffer = IntPtr.Zero;
- int bufferNeeded;
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- try {
- bool status = UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, 0, IntPtr.Zero, out bufferNeeded);
- int error = Marshal.GetLastWin32Error();
- if (!status) {
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, bufferNeeded, buffer, out bufferNeeded);
- error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(error);
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToObject(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero) Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecurityCritical]
- internal static EventLogHandle EvtGetPublisherMetadataPropertyHandle(EventLogHandle pmHandle, UnsafeNativeMethods.EvtPublisherMetadataPropertyId thePropertyId) {
- IntPtr buffer = IntPtr.Zero;
- try {
- int bufferNeeded;
- bool status = UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, 0, IntPtr.Zero, out bufferNeeded);
- int error = Marshal.GetLastWin32Error();
- if (!status) {
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetPublisherMetadataProperty(pmHandle, thePropertyId, 0, bufferNeeded, buffer, out bufferNeeded);
- error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(error);
- //
- // note: there is a case where returned variant does have allocated native resources
- // associated with (e.g. ConfigArrayHandle). If PtrToStructure throws, then we would
- // leak that resource - fortunately PtrToStructure only throws InvalidArgument which
- // is a logic error - not a possible runtime condition here. Other System exceptions
- // shouldn't be handled anyhow and the application will terminate.
- //
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToSafeHandle(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero) Marshal.FreeHGlobal(buffer);
- }
- }
- // implies UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageId flag.
- [System.Security.SecurityCritical]
- public static string EvtFormatMessage(EventLogHandle handle, uint msgId) {
- if (s_platformNotSupported)
- throw new System.PlatformNotSupportedException();
- int bufferNeeded;
- StringBuilder sb = new StringBuilder(null);
- bool status = UnsafeNativeMethods.EvtFormatMessage(handle, EventLogHandle.Zero, msgId, 0, null, UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageId, 0, sb, out bufferNeeded);
- int error = Marshal.GetLastWin32Error();
- // ERROR_EVT_UNRESOLVED_VALUE_INSERT and its cousins are commonly returned for raw message text.
- if (!status && error != UnsafeNativeMethods.ERROR_EVT_UNRESOLVED_VALUE_INSERT
- && error != UnsafeNativeMethods.ERROR_EVT_UNRESOLVED_PARAMETER_INSERT
- && error != UnsafeNativeMethods.ERROR_EVT_MAX_INSERTS_REACHED ) {
- switch (error) {
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_ID_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_RESOURCE_LANG_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_MUI_FILE_NOT_FOUND:
- return null;
- }
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- sb.EnsureCapacity(bufferNeeded);
- status = UnsafeNativeMethods.EvtFormatMessage(handle, EventLogHandle.Zero, msgId, 0, null, UnsafeNativeMethods.EvtFormatMessageFlags.EvtFormatMessageId, bufferNeeded, sb, out bufferNeeded);
- error = Marshal.GetLastWin32Error();
- if (!status && error != UnsafeNativeMethods.ERROR_EVT_UNRESOLVED_VALUE_INSERT
- && error != UnsafeNativeMethods.ERROR_EVT_UNRESOLVED_PARAMETER_INSERT
- && error != UnsafeNativeMethods.ERROR_EVT_MAX_INSERTS_REACHED ) {
- switch (error) {
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_ID_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_RESOURCE_LANG_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_MUI_FILE_NOT_FOUND:
- return null;
- }
- if (error == UnsafeNativeMethods.ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
- return null;
- }
- EventLogException.Throw(error);
- }
- return sb.ToString();
- }
- [System.Security.SecurityCritical]
- public static object EvtGetObjectArrayProperty(EventLogHandle objArrayHandle, int index, int thePropertyId) {
- IntPtr buffer = IntPtr.Zero;
- int bufferNeeded;
- try {
- bool status = UnsafeNativeMethods.EvtGetObjectArrayProperty(objArrayHandle, thePropertyId, index, 0, 0, IntPtr.Zero, out bufferNeeded);
- int error = Marshal.GetLastWin32Error();
- if (!status) {
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetObjectArrayProperty(objArrayHandle, thePropertyId, index, 0, bufferNeeded, buffer, out bufferNeeded);
- error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(error);
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToObject(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero) Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecurityCritical]
- public static object EvtGetEventMetadataProperty(EventLogHandle handle, UnsafeNativeMethods.EvtEventMetadataPropertyId enumType) {
- IntPtr buffer = IntPtr.Zero;
- int bufferNeeded;
- try {
- bool status = UnsafeNativeMethods.EvtGetEventMetadataProperty(handle, enumType, 0, 0, IntPtr.Zero, out bufferNeeded);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status) {
- if (win32Error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(win32Error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetEventMetadataProperty(handle, enumType, 0, bufferNeeded, buffer, out bufferNeeded);
- win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToObject(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero)
- Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecuritySafeCritical]
- public static object EvtGetChannelConfigProperty(EventLogHandle handle, UnsafeNativeMethods.EvtChannelConfigPropertyId enumType) {
- IntPtr buffer = IntPtr.Zero;
- int bufferNeeded;
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- try {
- bool status = UnsafeNativeMethods.EvtGetChannelConfigProperty(handle, enumType, 0, 0, IntPtr.Zero, out bufferNeeded);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status) {
- if (win32Error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(win32Error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetChannelConfigProperty(handle, enumType, 0, bufferNeeded, buffer, out bufferNeeded);
- win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- //
- // note: there is a case where returned variant does have allocated native resources
- // associated with (e.g. ConfigArrayHandle). If PtrToStructure throws, then we would
- // leak that resource - fortunately PtrToStructure only throws InvalidArgument which
- // is a logic error - not a possible runtime condition here. Other System exceptions
- // shouldn't be handled anyhow and the application will terminate.
- //
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToObject(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero)
- Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecuritySafeCritical]
- public static void EvtSetChannelConfigProperty(EventLogHandle handle, UnsafeNativeMethods.EvtChannelConfigPropertyId enumType, object val) {
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- UnsafeNativeMethods.EvtVariant varVal = new UnsafeNativeMethods.EvtVariant();
- CoTaskMemSafeHandle taskMem = new CoTaskMemSafeHandle();
- using (taskMem) {
- if (val != null) {
- switch (enumType) {
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelConfigEnabled: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeBoolean;
- if ((bool)val == true) varVal.Bool = 1;
- else varVal.Bool = 0;
- }
- break;
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelConfigAccess: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeString;
- taskMem.SetMemory(Marshal.StringToCoTaskMemAuto((string)val));
- varVal.StringVal = taskMem.GetMemory();
- }
- break;
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelLoggingConfigLogFilePath: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeString;
- taskMem.SetMemory(Marshal.StringToCoTaskMemAuto((string)val));
- varVal.StringVal = taskMem.GetMemory();
- }
- break;
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelLoggingConfigMaxSize: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt64;
- varVal.ULong = (ulong)((long)val);
- }
- break;
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelPublishingConfigLevel: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt32;
- varVal.UInteger = (uint)((int)val);
- }
- break;
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelPublishingConfigKeywords: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt64;
- varVal.ULong = (ulong)((long)val);
- }
- break;
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelLoggingConfigRetention: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeBoolean;
- if ((bool)val == true) varVal.Bool = 1;
- else varVal.Bool = 0;
- }
- break;
- case UnsafeNativeMethods.EvtChannelConfigPropertyId.EvtChannelLoggingConfigAutoBackup: {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeBoolean;
- if ((bool)val == true) varVal.Bool = 1;
- else varVal.Bool = 0;
- }
- break;
- default:
- throw new InvalidOperationException();
- }
- }
- else {
- varVal.Type = (uint)UnsafeNativeMethods.EvtVariantType.EvtVarTypeNull;
- }
- bool status = UnsafeNativeMethods.EvtSetChannelConfigProperty(handle, enumType, 0, ref varVal);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- }
- }
- [System.Security.SecurityCritical]
- public static string EvtNextChannelPath(EventLogHandle handle, ref bool finish) {
- StringBuilder sb = new StringBuilder(null);
- int channelNameNeeded;
- bool status = UnsafeNativeMethods.EvtNextChannelPath(handle, 0, sb, out channelNameNeeded);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status) {
- if (win32Error == UnsafeNativeMethods.ERROR_NO_MORE_ITEMS) {
- finish = true;
- return null;
- }
- if (win32Error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(win32Error);
- }
- sb.EnsureCapacity(channelNameNeeded);
- status = UnsafeNativeMethods.EvtNextChannelPath(handle, channelNameNeeded, sb, out channelNameNeeded);
- win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- return sb.ToString();
- }
- [System.Security.SecurityCritical]
- public static string EvtNextPublisherId(EventLogHandle handle, ref bool finish) {
- StringBuilder sb = new StringBuilder(null);
- int ProviderIdNeeded;
- bool status = UnsafeNativeMethods.EvtNextPublisherId(handle, 0, sb, out ProviderIdNeeded);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status) {
- if (win32Error == UnsafeNativeMethods.ERROR_NO_MORE_ITEMS) {
- finish = true;
- return null;
- }
- if (win32Error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(win32Error);
- }
- sb.EnsureCapacity(ProviderIdNeeded);
- status = UnsafeNativeMethods.EvtNextPublisherId(handle, ProviderIdNeeded, sb, out ProviderIdNeeded);
- win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- return sb.ToString();
- }
- [System.Security.SecurityCritical]
- public static object EvtGetLogInfo(EventLogHandle handle, UnsafeNativeMethods.EvtLogPropertyId enumType) {
- IntPtr buffer = IntPtr.Zero;
- int bufferNeeded;
- try {
- bool status = UnsafeNativeMethods.EvtGetLogInfo(handle, enumType, 0, IntPtr.Zero, out bufferNeeded);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status) {
- if (win32Error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(win32Error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtGetLogInfo(handle, enumType, bufferNeeded, buffer, out bufferNeeded);
- win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(buffer, typeof(UnsafeNativeMethods.EvtVariant));
- return ConvertToObject(varVal);
- }
- finally {
- if (buffer != IntPtr.Zero)
- Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecuritySafeCritical]
- public static void EvtRenderBufferWithContextSystem(EventLogHandle contextHandle, EventLogHandle eventHandle, UnsafeNativeMethods.EvtRenderFlags flag, SystemProperties systemProperties, int SYSTEM_PROPERTY_COUNT) {
- IntPtr buffer = IntPtr.Zero;
- IntPtr pointer = IntPtr.Zero;
- int bufferNeeded;
- int propCount;
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- try {
- bool status = UnsafeNativeMethods.EvtRender(contextHandle, eventHandle, flag, 0, IntPtr.Zero, out bufferNeeded, out propCount);
- if (!status) {
- int error = Marshal.GetLastWin32Error();
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtRender(contextHandle, eventHandle, flag, bufferNeeded, buffer, out bufferNeeded, out propCount);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- if (propCount != SYSTEM_PROPERTY_COUNT)
- throw new InvalidOperationException("We do not have " + SYSTEM_PROPERTY_COUNT + " variants given for the UnsafeNativeMethods.EvtRenderFlags.EvtRenderEventValues flag. (System Properties)");
- pointer = buffer;
- //read each Variant structure
- for (int i = 0; i < propCount; i++) {
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(pointer, typeof(UnsafeNativeMethods.EvtVariant));
- switch (i) {
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemProviderName:
- systemProperties.ProviderName = (string)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeString);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemProviderGuid:
- systemProperties.ProviderId = (Guid?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeGuid);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemEventID:
- systemProperties.Id = (ushort?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt16);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemQualifiers:
- systemProperties.Qualifiers = (ushort?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt16);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemLevel:
- systemProperties.Level = (byte?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeByte);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemTask:
- systemProperties.Task = (ushort?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt16);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemOpcode:
- systemProperties.Opcode = (byte?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeByte);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemKeywords:
- systemProperties.Keywords = (ulong?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeHexInt64);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemTimeCreated:
- systemProperties.TimeCreated = (DateTime?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeFileTime);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemEventRecordId:
- systemProperties.RecordId = (ulong?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt64);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemActivityID:
- systemProperties.ActivityId = (Guid?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeGuid);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemRelatedActivityID:
- systemProperties.RelatedActivityId = (Guid?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeGuid);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemProcessID:
- systemProperties.ProcessId = (uint?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt32);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemThreadID:
- systemProperties.ThreadId = (uint?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeUInt32);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemChannel:
- systemProperties.ChannelName = (string)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeString);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemComputer:
- systemProperties.ComputerName = (string)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeString);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemUserID:
- systemProperties.UserId = (SecurityIdentifier)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeSid);
- break;
- case (int) UnsafeNativeMethods.EvtSystemPropertyId.EvtSystemVersion:
- systemProperties.Version = (byte?)ConvertToObject(varVal, UnsafeNativeMethods.EvtVariantType.EvtVarTypeByte);
- break;
- }
- pointer = new IntPtr(((Int64)pointer + Marshal.SizeOf(varVal)));
- }
- }
- finally {
- if (buffer != IntPtr.Zero)
- Marshal.FreeHGlobal(buffer);
- }
- }
- //EvtRenderContextFlags can be both: EvtRenderContextFlags.EvtRenderContextUser and EvtRenderContextFlags.EvtRenderContextValues
- //Render with Context = ContextUser or ContextValues (with user defined Xpath query strings)
- [System.Security.SecuritySafeCritical]
- public static IList<object> EvtRenderBufferWithContextUserOrValues(EventLogHandle contextHandle, EventLogHandle eventHandle) {
- IntPtr buffer = IntPtr.Zero;
- IntPtr pointer = IntPtr.Zero;
- int bufferNeeded;
- int propCount;
- UnsafeNativeMethods.EvtRenderFlags flag = UnsafeNativeMethods.EvtRenderFlags.EvtRenderEventValues;
- EventLogPermissionHolder.GetEventLogPermission().Demand();
- try {
- bool status = UnsafeNativeMethods.EvtRender(contextHandle, eventHandle, flag, 0, IntPtr.Zero, out bufferNeeded, out propCount);
- if (!status) {
- int error = Marshal.GetLastWin32Error();
- if (error != UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- buffer = Marshal.AllocHGlobal((int)bufferNeeded);
- status = UnsafeNativeMethods.EvtRender(contextHandle, eventHandle, flag, bufferNeeded, buffer, out bufferNeeded, out propCount);
- int win32Error = Marshal.GetLastWin32Error();
- if (!status)
- EventLogException.Throw(win32Error);
- List<object> valuesList = new List<object>(propCount);
- if (propCount > 0) {
- pointer = buffer;
- for (int i = 0; i < propCount; i++) {
- UnsafeNativeMethods.EvtVariant varVal = (UnsafeNativeMethods.EvtVariant)Marshal.PtrToStructure(pointer, typeof(UnsafeNativeMethods.EvtVariant));
- valuesList.Add(ConvertToObject(varVal));
- pointer = new IntPtr(((Int64)pointer + Marshal.SizeOf(varVal)));
- }
- }
- return valuesList;
- }
- finally {
- if (buffer != IntPtr.Zero)
- Marshal.FreeHGlobal(buffer);
- }
- }
- [System.Security.SecuritySafeCritical]
- public static string EvtFormatMessageRenderName(EventLogHandle pmHandle, EventLogHandle eventHandle, UnsafeNativeMethods.EvtFormatMessageFlags flag) {
- EventLogPermissionHolder.GetEventLogPermission().Demand();
-
- int bufferNeeded;
- StringBuilder sb = new StringBuilder(null);
- bool status = UnsafeNativeMethods.EvtFormatMessage(pmHandle, eventHandle, 0, 0, null, flag, 0, sb, out bufferNeeded);
- int error = Marshal.GetLastWin32Error();
- if (!status && error != UnsafeNativeMethods.ERROR_EVT_UNRESOLVED_VALUE_INSERT) {
- //
- // ERROR_EVT_UNRESOLVED_VALUE_INSERT can be returned. It means
- // message may have one or more unsubstitued strings. This is
- // not an exception, but we have no way to convey the partial
- // success out to enduser.
- //
- switch (error) {
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_ID_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_RESOURCE_LANG_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_MUI_FILE_NOT_FOUND:
- return null;
- }
- if (error != (int)UnsafeNativeMethods.ERROR_INSUFFICIENT_BUFFER)
- EventLogException.Throw(error);
- }
- sb.EnsureCapacity(bufferNeeded);
- status = UnsafeNativeMethods.EvtFormatMessage(pmHandle, eventHandle, 0, 0, null, flag, bufferNeeded, sb, out bufferNeeded);
- error = Marshal.GetLastWin32Error();
- if (!status && error != UnsafeNativeMethods.ERROR_EVT_UNRESOLVED_VALUE_INSERT)
- {
- switch (error) {
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_ID_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_EVT_MESSAGE_LOCALE_NOT_FOUND:
- case UnsafeNativeMethods.ERROR_RESOURCE_LANG_NOT_FOUND:
- case UnsafeNativeMetho