// Read_EventDlg.cpp : implementation file
//
#include "stdafx.h"
#include "Read_Event.h"
#include "Read_EventDlg.h"
#include "DescriptionDiaLog.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////
//int event_auditsucceed_num; //记录审核成功记录的个数
//int event_info_num; //记录信息记录的个数
//int event_error_num; //记录错误记录的个数
//int event_warn_num; //记录警告记录的个数
//int event_auditdefeat_num; //记录审核失败的个数
//char *event_category; //事件类
//char *event_sourcename=NULL; //事件来源
//char *event_computername=NULL; //事件计算机名
//char *event_descriptive_msg=NULL; //事件描述
//char event_el_user[257]; //事件用户
//char event_el_domain[257]; //事件域
//char host_final_out_msg[1024]; //最后输出的信息
FILE *fp; //保存的文件
int hh=0; //记录类型的标志,用于位图的选择
int event_record=0; //事件记录的个数
os_el el[1];
int nItem=0; //对于索引记录的当前标志
int istype=0; //用于事件类型的标志
BOOL issub; //一个开关项
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
class CAboutDlg : public CDialog
{
public:
CAboutDlg();
// Dialog Data
//{{AFX_DATA(CAboutDlg)
enum { IDD = IDD_ABOUTBOX };
//}}AFX_DATA
// ClassWizard generated virtual function overrides
//{{AFX_VIRTUAL(CAboutDlg)
protected:
virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support
//}}AFX_VIRTUAL
// Implementation
protected:
//{{AFX_MSG(CAboutDlg)
//}}AFX_MSG
DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
//{{AFX_DATA_INIT(CAboutDlg)
//}}AFX_DATA_INIT
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CAboutDlg)
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
//{{AFX_MSG_MAP(CAboutDlg)
// No message handlers
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CRead_EventDlg dialog
CRead_EventDlg::CRead_EventDlg(CWnd* pParent /*=NULL*/)
: CDialog(CRead_EventDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CRead_EventDlg)
m_mm_host_state = _T("");
//}}AFX_DATA_INIT
// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CRead_EventDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CRead_EventDlg)
DDX_Control(pDX, IDC_LIST, m_mm_host_ListCtrl);
DDX_Text(pDX, IDC_STATE, m_mm_host_state);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CRead_EventDlg, CDialog)
//{{AFX_MSG_MAP(CRead_EventDlg)
ON_WM_SYSCOMMAND()
ON_WM_PAINT()
ON_WM_QUERYDRAGICON()
ON_BN_CLICKED(IDC_SECURE, OnSecure)
ON_BN_CLICKED(IDC_SYSTEM, OnSystem)
ON_BN_CLICKED(IDC_APPLICATION, OnApplication)
ON_NOTIFY(NM_CLICK, IDC_LIST, OnClickList)
ON_BN_CLICKED(IDC_DELETE, OnDelete)
ON_BN_CLICKED(IDC_DETAIL, OnDetail)
ON_BN_CLICKED(IDC_SAVE, OnSave)
ON_BN_CLICKED(IDC_SAVEHARD, OnSave_Hard)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CRead_EventDlg message handlers
BOOL CRead_EventDlg::OnInitDialog()
{
CDialog::OnInitDialog();
// Add "About..." menu item to system menu.
// IDM_ABOUTBOX must be in the system command range.
ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
ASSERT(IDM_ABOUTBOX < 0xF000);
CMenu* pSysMenu = GetSystemMenu(FALSE);
if (pSysMenu != NULL)
{
CString strAboutMenu;
strAboutMenu.LoadString(IDS_ABOUTBOX);
if (!strAboutMenu.IsEmpty())
{
pSysMenu->AppendMenu(MF_SEPARATOR);
pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
}
}
// Set the icon for this dialog. The framework does this automatically
// when the application's main window is not a dialog
SetIcon(m_hIcon, TRUE); // Set big icon
SetIcon(m_hIcon, FALSE); // Set small icon
// TODO: Add extra initialization here
//////////////////////////我加的///////////////////////
issub=false;
//给各项事件数目初始化
Set_EventNum();
m_mm_host_ListCtrl.SetRedraw(FALSE);
//更新内容
m_mm_host_ListCtrl.SetRedraw(TRUE);
m_mm_host_ListCtrl.Invalidate();
m_mm_host_ListCtrl.UpdateWindow();
//删除所有的列
m_mm_host_ListCtrl.DeleteAllItems();
//给图表初始化
Init_ImageList();
//设置m_mm_host_ListCtrl风格
LONG lStyle;
lStyle = GetWindowLong(m_mm_host_ListCtrl.m_hWnd, GWL_STYLE);//获取当前窗口style
lStyle &= ~LVS_TYPEMASK; //清除显示方式位
lStyle |= LVS_REPORT; //设置style
SetWindowLong(m_mm_host_ListCtrl.m_hWnd, GWL_STYLE, lStyle);//设置style
DWORD dwStyle = m_mm_host_ListCtrl.GetExtendedStyle();
dwStyle |= LVS_EX_FULLROWSELECT;//选中某行使整行高亮(只适用与report风格的listctrl)
dwStyle |= LVS_EX_GRIDLINES;//网格线(只适用与report风格的listctrl)
dwStyle |= LVS_EX_CHECKBOXES;//item前生成checkbox控件
dwStyle |=LVS_EX_HEADERDRAGDROP;
dwStyle |=LVS_EX_SUBITEMIMAGES;
m_mm_host_ListCtrl.SetExtendedStyle(dwStyle); //设置扩展风格
//插入列
m_mm_host_ListCtrl.InsertColumn(0,"日志序号",LVCFMT_CENTER,60,0);
m_mm_host_ListCtrl.InsertColumn(1,"分类",LVCFMT_CENTER,80,4);
m_mm_host_ListCtrl.InsertColumn(2,"来源",LVCFMT_CENTER,80,1);
m_mm_host_ListCtrl.InsertColumn(3,"日期",LVCFMT_CENTER,80,2);
m_mm_host_ListCtrl.InsertColumn(4,"时间",LVCFMT_CENTER,80,3);
m_mm_host_ListCtrl.InsertColumn(5,"ID",LVCFMT_CENTER,50,5);
m_mm_host_ListCtrl.InsertColumn(6,"用户",LVCFMT_CENTER,120,6);
m_mm_host_ListCtrl.InsertColumn(7,"计算机",LVCFMT_CENTER,120,7);
m_mm_host_ListCtrl.InsertColumn(8,"描述",LVCFMT_CENTER,250,7);
//////////////////////////我加的///////////////////////
return TRUE; // return TRUE unless you set the focus to a control
}
void CRead_EventDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
if ((nID & 0xFFF0) == IDM_ABOUTBOX)
{
CAboutDlg dlgAbout;
dlgAbout.DoModal();
}
else
{
CDialog::OnSysCommand(nID, lParam);
}
}
// If you add a minimize button to your dialog, you will need the code below
// to draw the icon. For MFC applications using the document/view model,
// this is automatically done for you by the framework.
void CRead_EventDlg::OnPaint()
{
if (IsIconic())
{
CPaintDC dc(this); // device context for painting
SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
// Center icon in client rectangle
int cxIcon = GetSystemMetrics(SM_CXICON);
int cyIcon = GetSystemMetrics(SM_CYICON);
CRect rect;
GetClientRect(&rect);
int x = (rect.Width() - cxIcon + 1) / 2;
int y = (rect.Height() - cyIcon + 1) / 2;
// Draw the icon
dc.DrawIcon(x, y, m_hIcon);
}
else
{
CDialog::OnPaint();
}
}
// The system calls this to obtain the cursor to display while the user drags
// the minimized window.
HCURSOR CRead_EventDlg::OnQueryDragIcon()
{
return (HCURSOR) m_hIcon;
}
///////////////////////////////////////////////////////////
void CRead_EventDlg::OnSecure()
{
// TODO: Add your control notification handler code here
UpdateData(TRUE);
Set_EventNum();
m_mm_host_state=_T("安全日志列表");
Win_startel("Security");
istype=1;
UpdateData(FALSE);
}
////////////////////////////////////////////////////////////
void CRead_EventDlg::OnSystem()
{
// TODO: Add your control notification handler code here
UpdateData(TRUE);
Set_EventNum();
m_mm_host_state=_T("系统日志列表");
Win_startel("System");
istype=2;
UpdateData(FALSE);
}
///////////////////////////////////////////////////////////
void CRead_EventDlg::OnApplication()
{
// TODO: Add your control notification handler code here
UpdateData(TRUE);
Set_EventNum();
m_mm_host_state=_T("应用日志列表");
Win_startel("Application");
istype=3;
UpdateData(FALSE);
}
////////////////////////////////////////////////////////////
char* CRead_EventDlg::El_GetCategory(int category_id)
{
//得到事件记录的类型并且返回
char *cat;
if(!issub)
{
switch(category_id)
{
case EVENTLOG_AUDIT_SUCCESS:
cat = "审核成功";
event_auditsucceed_num++;
hh=1;
break;
case EVENTLOG_INFORMATION_TYPE:
cat = "信息";
event_info_num++;
hh=2;
break;
case EVENTLOG_ERROR_TYPE:
cat = "错误";
event_error_num++;
hh=3;
break;
case EVENTLOG_WARNING_TYPE:
cat = "警告";
event_warn_num++;
hh=4;
break;
case EVENTLOG_AUDIT_FAILURE:
cat = "审核失败";
event_auditdefeat_num++;
hh=5;
break;
default:
cat = "Unknown";
break;
}
}
else
{
switch(category_id)
{
case EVENTLOG_AUDIT_SUCCESS:
cat = "审核成功";
hh=1;
break;
case EVENTLOG_INFORMATION_TYPE:
cat = "信息";
hh=2;
break;
case EVENTLOG_ERROR_TYPE:
cat = "错误";
hh=3;
break;
case EVENTLOG_WARNING_TYPE:
cat = "警告";
hh=4;
break;
case EVENTLOG_AUDIT_FAILURE:
cat = "审核失败";
hh=5;
break;
default:
cat = "Unknown";
break;
}
}
return(cat);
}
////////////////////////////////////////////////////////////////
int CRead_EventDlg::El_getEventDLL(char *evt_name, char *event_sourcename1, char *event)
{
HKEY key;
DWORD ret;
char keyname[256];
keyname[255] = '\0';
_snprintf(keyname, 254,
"System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
evt_name,
event_sourcename1);
// 打开注册表Opening registry
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_ALL_ACCESS, &key)
!= ERROR_SUCCESS)
{
return(0);
}
ret = MAX_PATH -1;
if (RegQueryValueEx(key, "EventMessageFile", NULL,
NULL, (LPBYTE)event, &ret) != ERROR_SUCCESS)
{
event[0] = '\0';
return(0);
}
RegCloseKey(key);
return(1);
}
////////////////////////////////////////////////////////////////
char* CRead_EventDlg::El_GetMessage(EVENTLOGRECORD *er, char *event_name, char *event_sourcename2, LPTSTR *el_sstring)
{
DWORD fm_flags = 0;
char tmp_str[257];
char event[MAX_PATH +1];
char *curr_str;
char *next_str;
LPSTR message = NULL;
HMODULE hevt;
// Initializing variables
event[MAX_PATH] = '\0';
tmp_str[256] = '\0';
//Flags for format event
fm_flags |= FORMAT_MESSAGE_FROM_HMODULE;
fm_flags |= FORMAT_MESSAGE_ALLOCATE_BUFFER;
fm_flags |= FORMAT_MESSAGE_ARGUMENT_ARRAY;
//Get the file name from the registry (stored on event)
if(!El_getEventDLL(event_name, event_sourcename2, event))
{
return(NULL);
}
curr_str = event;
// If our event has multiple libraries, try each one of them
while((next_str = strchr(curr_str, ';')))
{
*next_str = '\0';
next_str++;
ExpandEnvironmentStrings(curr_str, tmp_str, 255);
hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
if(hevt)
{
if(!FormatMessage(fm_flags, hevt, er->EventID,
0,
(LPTSTR) &message, 0, el_sstring))
{
message = NULL;
}
FreeLibrary(hevt);
/* If we have a message, we can return it */
if(message)
return(message);
}
curr_str = next_str;
}
ExpandEnvironmentStrings(curr_str, tmp_str, 255);
hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
if(hevt)
{
int hr;
if(!(hr = FormatMessage(fm_flags, hevt, er->EventID,
0,
(LPTSTR) &message, 0, el_sstring)))
{
message = NULL;
}
FreeLibrary(hevt);
/* If we have a message, we can return it */
if(message)
return(message);
}
return(NULL);
}
/////////////////////////////////////////////////////////////////
BOOL CRead_EventDlg::Init_ImageList()
{
//给图表初始化设置
HIMAGELIST hList = ImageList_Create(32,32, ILC_COLOR8 |ILC_MASK , 6, 1);
m_cImageListNormal.Attach(hList);
hList = ImageList_Create(16, 16, ILC_COLOR8 | ILC_MASK, 6, 1);
m_cImageListSmall.Attach(hList);
// Load the large icons
CBitmap cBmp;
cBmp.LoadBitmap(IDB_BITMAP1);
m_cImageListNormal.Add(&cBmp, RGB(255,0, 255));
cBmp.DeleteObject();
// Load the small icons
cBmp.LoadBitmap(IDB_BITMAP2);
m_cImageListSmall.Add(&cBmp, RGB(255,0, 255));
// Attach them
m_mm_host_ListCtrl.SetImageList(&m_cImageListNormal, LVSIL_NORMAL);
m_mm_host_ListCtrl.SetImageList(&m_cImageListSmall, LVSIL_SMALL);
return TRUE;
}
///////////////////////////////////////////////////////////////
void CRead_EventDlg::Insert_Record()
{
//在列表中插入列表项
CString str;
LVITEM lvi;
lvi.mask = LVIF_TEXT;
lvi.iItem = event_record;
str.Format(_T("%d"),event_record+1);
lvi.iSubItem = 0;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.InsertItem(&lvi);
str.Format(_T("%s"), event_category);
lvi.iSubItem = 1;
lvi.mask = LVIF_IMAGE | LVIF_TEXT;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
//选择位图
switch(hh)
{
case 0:
lvi.iImage = 0;
break;
case 1:
lvi.iImage = 1;
break;
case 2:
lvi.iImage = 2;
break;
case 3:
lvi.iImage = 3;
break;
case 4:
lvi.iImage = 4;
break;
default:
lvi.iImage = 5;
break;
}
m_mm_host_ListCtrl.SetItem(&lvi);
//输出来源
str.Format(_T("%s"),event_sourcename);
lvi.iSubItem = 2;
lvi.mask = LVIF_TEXT;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.SetItem(&lvi);
//输出日期
tm *event_time = localtime((const long *)&el->er->TimeWritten);
str.Format(_T("%4hd-%2hd-%2hd"),event_time->tm_year + 1900,event_time->tm_mon + 1,event_time->tm_mday);
lvi.iSubItem = 3;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.SetItem(&lvi);
//输出时间
str.Format(_T("%.2hd:%.2hd:%.2hd"),event_time->tm_hour,event_time->tm_min,event_time->tm_sec);
lvi.iSubItem = 4;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.SetItem(&lvi);
//输出ID
str.Format(_T("%d"),(WORD)el->er->EventID);
lvi.iSubItem = 5;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.SetItem(&lvi);
//输出用户
str.Format(_T("%s/%s"),event_el_domain,event_el_user);
lvi.iSubItem = 6;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.SetItem(&lvi);
//输出计算机
str.Format(_T("%s"),event_computername);
lvi.iSubItem = 7;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.SetItem(&lvi);
//输出描述
str.Format(_T("%s"),event_descriptive_msg);
lvi.iSubItem = 8;
lvi.pszText = (LPTSTR)(LPCTSTR)(str);
m_mm_host_ListCtrl.SetItem(&lvi);
}
///////////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnClickList(NMHDR* pNMHDR, LRESULT* pResult)
{
//当鼠标在类别中点击时,返回被点中的记录号
// TODO: Add your control notification handler code here
nItem = -1;
LPNMITEMACTIVATE lpNMItemActivate = (LPNMITEMACTIVATE)pNMHDR;
if(lpNMItemActivate != NULL)
{
nItem = lpNMItemActivate->iItem+1;
}
*pResult = 0;
}
//////////////////////////////////////////////////////////////
void CRead_EventDlg::OnDelete()
{
//删除被选中的记录
// TODO: Add your control notification handler code here
//判断是否选择了日志类型,如果没有退出
if ((istype!=1)&&(istype!=2)&&(istype!=3))
{
MessageBox("请选择日志类型!","警告!",MB_OK|MB_ICONEXCLAMATION);
return ;
}
//判断是否选中了记录,如果没有退出
if (nItem==0)
{
MessageBox("请选择日志记录!","警告!",MB_OK|MB_ICONEXCLAMATION);
return ;
}
int i,iState;
int nItemSelected=m_mm_host_ListCtrl.GetSelectedCount();//得到所选表项数
int nItemCount=m_mm_host_ListCtrl.GetItemCount();//得到表项总数
//如果没有选中,退出
if(nItemSelected<1)
{
MessageBox("请选择日志记录!","警告!",MB_OK|MB_ICONEXCLAMATION);
return;
}
//对选中的记录进行删除
for(i=nItemCount-1;i>=0;i--)
{
iState=m_mm_host_ListCtrl.GetItemState(i,LVIS_SELECTED);
if(iState!=0)
{
m_mm_host_ListCtrl.DeleteItem(i);
nItem=0;
}
}
if (((istype!=1)&&(istype!=2)&&(istype!=3)))
{
MessageBox("请选择日志类型!","警告!",MB_OK|MB_ICONEXCLAMATION);
return ;
}
}
//////////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnDetail()
{
//按钮响应函数
//判断是否选中类型,没有就退出
if ((istype!=1)&&(istype!=2)&&(istype!=3))
{
MessageBox("请选择日志类型!","警告!",MB_OK|MB_ICONEXCLAMATION);
return ;
}
//判断选中记录,没有就退出
if (nItem==0)
{
MessageBox("请选择日志记录!","警告!",MB_OK|MB_ICONEXCLAMATION);
return ;
}
//如果选中类型就调用DescriptionDiaLog对话框
if ((istype==1)||(istype==2)||(istype==3))
{
DescriptionDiaLog DescriptionDlg;
DescriptionDlg.DoModal();
}
else
{
MessageBox("请选择日志类型!","警告!",MB_OK|MB_ICONINFORMATION);
return ;
}
// TODO: Add your control notification handler code here
}
/////////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnSave()
{
// TODO: Add your control notification handler code here
//对日志进行列表保存
//判断列表是否有记录
switch(istype)
{
case 1:
break;
case 2:
break;
case 3:
break;
default:
MessageBox("请选择日志类型","警告!",MB_OK|MB_ICONEXCLAMATION);
return;
}
//得到列表中记录的总数
event_record=m_mm_host_ListCtrl.GetItemCount();
//对日志进行保存
//保存单个记录
CString sFileName;
sFileName.Format("");
CFileDialog dlg(FALSE, "txt", sFileName,
OFN_OVERWRITEPROMPT|OFN_HIDEREADONLY,
"文本文件(*.txt)|*.txt|文本文件(*.doc)|*.doc||", this);
if (nItem!=0)
{
if(IDCANCEL == (MessageBox("您确定要保存一个日志记录?","提示!",MB_OKCANCEL|MB_ICONQUESTION)))
{
nItem=0;
return;
}
if (dlg.DoModal() == IDOK)
{
dlg.m_ofn.lpstrTitle = _T("保存日志记录");
CString fileName = dlg.GetPathName();
fp = fopen(fileName,"w");
Save_Single_Record(nItem);
}
nItem=0;
return ;
}
///////////////////////////////////
//保存整个列表记录
if(IDCANCEL==(MessageBox("您确定要保存日志文件?","提示!",MB_OKCANCEL|MB_ICONQUESTION)))
{
nItem=0;
return;
}
if (dlg.DoModal() == IDOK)
{
dlg.m_ofn.lpstrTitle = _T("保存日志文件");
CString fileName = dlg.GetPathName();
fp = fopen(fileName,"w");
switch(istype)
{
case 1:
Save_Security();
break;
case 2:
Save_System();
break;
case 3:
Save_Application();
break;
default:
MessageBox("请选择日志类型","警告!",MB_OK|MB_ICONEXCLAMATION);
return;
}
}
}
//////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Read_event(os_el *el, int printit)
{
//读取日志
DWORD nstr;
DWORD user_size;
DWORD domain_size;
DWORD read, needed;
int size_left;
int str_size;
char *mbuffer[BUFFER_SIZE];
LPSTR sstr = NULL;
//int i=0;
char *tmp_str = NULL;
char el_string[1025];
LPSTR el_sstring[57];
//Er must point to the mbuffer
el->er = (EVENTLOGRECORD *) &mbuffer;
/* Zeroing the last values */
el_string[1024] = '\0';
event_el_user[256] = '\0';
event_el_domain[256] = '\0';
host_final_out_msg[1023] = '\0';
el_sstring[56] = NULL;
//判断是否有记录
if( my_host_IsListCtrl == true)
{
my_host_IsListCtrl = false;
m_mm_host_ListCtrl.DeleteAllItems();
}
//读日志记录
while(ReadEventLog(el->h,
EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0,
el->er, BUFFER_SIZE -1, &read, &needed))
{
while(read > 0)
{
//得到事件的类型
event_category = El_GetCategory(el->er->EventType);
//得到事件来源
event_sourcename = (LPSTR) ((LPBYTE) el->er + sizeof(EVENTLOGRECORD));
//得到计算机名
event_computername = event_sourcename + strlen(event_sourcename) + 1;
//给描述信息初始化
event_descriptive_msg = NULL;
// 初始化domain/user尺寸
user_size = 255; domain_size = 255;
event_el_domain[0] = '\0';
event_el_user[0] = '\0';
// 设置事件的一些描述
if(el->er->NumStrings)
{
size_left = 1020;
sstr = (LPSTR)((LPBYTE)el->er + el->er->StringOffset);
el_string[0] = '\0';
for (nstr = 0;nstr < el->er->NumStrings;nstr++)
{
str_size = strlen(sstr);
strncat(el_string, sstr, size_left);
tmp_str= strchr(el_string, '\0');
if(tmp_str)
{
*tmp_str = ' ';
tmp_str++; *tmp_str = '\0';
}
size_left-=str_size + 1;
if(nstr <= 54)
el_sstring[nstr] = (LPSTR)sstr;
sstr = strchr( (LPSTR)sstr, '\0');
sstr++;
}
// 得到事件描述
event_descriptive_msg = El_GetMessage(el->er, el->event_name, event_sourcename, el_sstring);
if(event_descriptive_msg != NULL)
{
tmp_str = event_descriptive_msg;
while((tmp_str = strchr(tmp_str, '\n')))
{
*tmp_str = ' ';
tmp_str++;
}
tmp_str = event_descriptive_msg;
while((tmp_str = strchr(tmp_str, '\r')))
{
*tmp_str = ' ';
tmp_str++;
//strchr(tmp_str, '\n');
}
}
}
else
{
strncpy(el_string, "(no message)", 1020);
}
// 得到username
if (el->er->UserSidLength)
{
SID_NAME_USE account_type;
if(!LookupAccountSid(NULL, (SID *)((LPSTR)el->er + el->er->UserSidOffset),
event_el_user, &user_size, event_el_domain, &domain_size, &account_type))
{
strncpy(event_el_user, "(no user)", 255);
strncpy(event_el_domain, "no domain", 255);
}
}
else
{
strncpy(event_el_user, "A", 255);
strncpy(event_el_domain, "N", 255);
}
/////////////////////////////////////
//插入列表
Insert_Record();
////////////////////////////////////
if(event_descriptive_msg != NULL)
LocalFree(event_descriptive_msg);
// Changing the point to the er
//i++;
event_record++;
read -= el->er->Length;
el->er = (EVENTLOGRECORD *)((LPBYTE) el->er + el->er->Length);
}
my_host_IsListCtrl = true;
CString strlove;
//输出事件个数
strlove.Format("%d",event_record);
GetDlgItem(IDC_EVENTNUM)->SetWindowText(strlove);
//输出事件错误个数
strlove.Format("%d",event_error_num);
GetDlgItem(IDC_ERRORNUM)->SetWindowText(strlove);
//输出事件信息个数
strlove.Format("%d",event_info_num);
GetDlgItem(IDC_INFONUM)->SetWindowText(strlove);
//输出事件警告个数
strlove.Format("%d",event_warn_num);
GetDlgItem(IDC_WARNNUM)->SetWindowText(strlove);
//输出事件审核成功个数
strlove.Format("%d",event_auditsucceed_num);
GetDlgItem(IDC_AUDITSUCCEEDNUM)->SetWindowText(strlove);
//输出事件审核失败个数
strlove.Format("%d",event_auditdefeat_num);
GetDlgItem(IDC_AUDITDEFEATNUM)->SetWindowText(strlove);
// Setting er to the beginning of the buffer
el->er = (EVENTLOGRECORD *)&mbuffer;
}
event_record=0;
}
///////////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Set_EventNum()
{
//给记录数字初始化
event_record=0;
event_auditsucceed_num=0;
event_info_num=0;
event_error_num=0;
event_warn_num=0;
event_auditdefeat_num=0;
}
///////////////////////////////////////////////////////////////////
int CRead_EventDlg::Start_EL(char *app, os_el *el)
{
el->h = OpenEventLog(NULL, app);
if(!el->h)
{
return(0);
}
el->event_name = app;
GetOldestEventLogRecord(el->h, &el->record);
return(1);
}
////////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Win_startel(char *eventlog)
{
Start_EL(eventlog,el);
Read_event(el,1);
}
////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_event(os_el *el, int printit)
{
event_record=0;
DWORD nstr;
DWORD user_size;
DWORD domain_size;
DWORD read, needed;
int size_left;
int str_size;
char *mbuffer[BUFFER_SIZE];
LPSTR sstr = NULL;
//int i=0;
char *tmp_str = NULL;
char el_string[1025];
char final_out_msg[1024]; //最后输出的信息
LPSTR el_sstring[57];
/* Er must point to the mbuffer */
el->er = (EVENTLOGRECORD *) &mbuffer;
// Zeroing the last values
el_string[1024] = '\0';
event_el_user[256] = '\0';
event_el_domain[256] = '\0';
final_out_msg[1023] = '\0';
el_sstring[56] = NULL;
// Reading the event log
while(ReadEventLog(el->h,
EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
0,
el->er, BUFFER_SIZE -1, &read, &needed))
{
while(read > 0)
{
//得到事件的类型
event_category = El_GetCategory(el->er->EventType);
//得到事件来源
event_sourcename = (LPSTR) ((LPBYTE) el->er + sizeof(EVENTLOGRECORD));
//得到计算机名
event_computername = event_sourcename + strlen(event_sourcename) + 1;
//给描述信息初始化
event_descriptive_msg = NULL;
//初始化domain/user尺寸
user_size = 255; domain_size = 255;
event_el_domain[0] = '\0';
event_el_user[0] = '\0';
// 设置事件的一些描述
if(el->er->NumStrings)
{
size_left = 1020;
sstr = (LPSTR)((LPBYTE)el->er + el->er->StringOffset);
el_string[0] = '\0';
for (nstr = 0;nstr < el->er->NumStrings;nstr++)
{
str_size = strlen(sstr);
strncat(el_string, sstr, size_left);
tmp_str= strchr(el_string, '\0');
if(tmp_str)
{
*tmp_str = ' ';
tmp_str++; *tmp_str = '\0';
}
size_left-=str_size + 1;
if(nstr <= 54)
el_sstring[nstr] = (LPSTR)sstr;
sstr = strchr( (LPSTR)sstr, '\0');
sstr++;
}
//Get a more descriptive message (if available)
event_descriptive_msg = El_GetMessage(el->er, el->event_name, event_sourcename, el_sstring);
if(event_descriptive_msg != NULL)
{
// Remove any \n or \r
tmp_str = event_descriptive_msg;
while((tmp_str = strchr(tmp_str, '\n')))
{
*tmp_str = ' ';
tmp_str++;
}
tmp_str = event_descriptive_msg;
while((tmp_str = strchr(tmp_str, '\r')))
{
*tmp_str = ' ';
tmp_str++;
//strchr(tmp_str, '\n');
}
}
}
else
{
strncpy(el_string, "(no message)", 1020);
}
// 得到username
if (el->er->UserSidLength)
{
SID_NAME_USE account_type;
if(!LookupAccountSid(NULL, (SID *)((LPSTR)el->er + el->er->UserSidOffset),
event_el_user, &user_size, event_el_domain, &domain_size, &account_type))
{
strncpy(event_el_user, "(no user)", 255);
strncpy(event_el_domain, "no domain", 255);
}
}
else
{
strncpy(event_el_user, "A", 255);
strncpy(event_el_domain, "N", 255);
}
if(printit)
{
tm *event_time = localtime((const long *)&el->er->TimeWritten);
_snprintf(final_out_msg, 1022,
"事件记录序号:%d\n事件:%s\n日期:%.4hd-%2hd-%2hd\n时间:%.2hd:%.2hd:%.2hd\n事件类型:%s\n事件来源:%s\n事件ID:(%u)\n用户:%s/%s\n计算机:%s\n描述:\n%s\n\n\n",
event_record,
el->event_name,
event_time->tm_year + 1900,
event_time->tm_mon + 1,
event_time->tm_mday,
event_time->tm_hour,
event_time->tm_min,
event_time->tm_sec,
event_category,
event_sourcename,
(WORD)el->er->EventID,
event_el_domain,
event_el_user,
event_computername,
event_descriptive_msg != NULL?event_descriptive_msg:el_string);
fprintf(fp, "%s\n", final_out_msg);
}
if(event_descriptive_msg != NULL)
LocalFree(event_descriptive_msg);
// Changing the point to the er
read -= el->er->Length;
el->er = (EVENTLOGRECORD *)((LPBYTE) el->er + el->er->Length);
event_record++;
}
// Setting er to the beginning of the buffer
el->er = (EVENTLOGRECORD *)&mbuffer;
}
}
//////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Application()
{
//从列表中保存应用日志
if(!fp)
{
MessageBox("怎么没打开呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
exit(1);
}
else
{
MessageBox("应用日志文件打开了!","信息!",MB_OK|MB_ICONINFORMATION);
}
fprintf(fp, "\n\n***********应用日志列表***********\n\n\n");
Save_List(1,event_record);
fclose(fp);
if(fclose(fp))
{
MessageBox("应用日志文件关闭了!","信息!",MB_OK|MB_ICONINFORMATION);
}
else
{
MessageBox("还开着呢了,,抓紧关它吧!","错误!",MB_OK|MB_ICONSTOP);
}
}
//////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Security()
{
//从列表中保存安全日志
if(!fp)
{
MessageBox("怎么没打开呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
exit(1);
}
else
{
MessageBox("安全日志文件打开了!","信息!",MB_OK|MB_ICONINFORMATION);
}
fprintf(fp, "\n\n***********安全日志列表***********\n\n\n");
Save_List(1,event_record);
fclose(fp);
if(fclose(fp))
{
MessageBox("安全日志文件关闭了!","信息!",MB_OK|MB_ICONINFORMATION);
}
else
{
MessageBox("还开着呢了,,抓紧关它吧!","错误!",MB_OK|MB_ICONSTOP);
}
}
////////////////////////////////////////////////////
void CRead_EventDlg::Save_System()
{
//从列表中保存系统日志
if(!fp)
{
MessageBox("怎么没打开呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
exit(1);
}
else
{
MessageBox("系统日志文件打开了!","信息!",MB_OK|MB_ICONINFORMATION);
}
fprintf(fp, "\n\n***********系统日志列表***********\n\n\n");
Save_List(1,event_record);
fclose(fp);
if(fclose(fp))
{
MessageBox("系统日志文件关闭了!","信息!",MB_OK|MB_ICONINFORMATION);
}
else
{
MessageBox("还开着呢了,,抓紧关它吧!","错误!",MB_OK|MB_ICONSTOP);
}
}
/////////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Single_Record(int single_record)
{
//从列表中保存单个记录
if(!fp)
{
MessageBox("怎么没打开呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
exit(1);
}
else
{
MessageBox("一个记录正要保存了!","信息!",MB_OK|MB_ICONINFORMATION);
}
fprintf(fp, "\n\n***********第%d记录***********\n\n\n",nItem);
Save_List(single_record,single_record);
fclose(fp);
if(fclose(fp))
{
MessageBox("日志记录关闭了!","信息!",MB_OK|MB_ICONINFORMATION);
}
else
{
MessageBox("还有一个记录开着呢!","错误!",MB_OK|MB_ICONSTOP);
}
}
/////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_List(int record_initialize, int record_num)
{
//保存列表记录
CString save_event_record;
CString save_event_category;
CString save_event_sourcename;
CString save_event_date;
CString save_event_time;
CString save_event_id;
CString save_event_user;
CString save_event_computername;
CString save_event_descriptive_msg;
CString save_event_name;
switch(istype)
{
case 1:
save_event_name="Security";
break;
case 2:
save_event_name="System";
break;
case 3:
save_event_name="Application";
break;
default:
return;
}
for(int i=record_initialize-1;i<record_num;i++)
{
save_event_record=m_mm_host_ListCtrl.GetItemText(i,0);
save_event_category=m_mm_host_ListCtrl.GetItemText(i,1);
save_event_sourcename=m_mm_host_ListCtrl.GetItemText(i,2);
save_event_date=m_mm_host_ListCtrl.GetItemText(i,3);
save_event_time=m_mm_host_ListCtrl.GetItemText(i,4);
save_event_id=m_mm_host_ListCtrl.GetItemText(i,5);
save_event_user=m_mm_host_ListCtrl.GetItemText(i,6);
save_event_computername=m_mm_host_ListCtrl.GetItemText(i,7);
save_event_descriptive_msg=m_mm_host_ListCtrl.GetItemText(i,8);
fprintf(fp, "事件记录序号:%s\n事件:%s\n日期:%s\n时间:%s\n类型:%s\n事件来源:%s\n事件ID:%s\n用户:%s\n计算机:%s\n描述:\n%s\n\n\n\n",
save_event_record,
save_event_name,
save_event_date,
save_event_time,
save_event_category,
save_event_sourcename,
save_event_id,
save_event_user,
save_event_computername,
save_event_descriptive_msg);
}
}
////////////////////////////////////////////////////
void CRead_EventDlg::Save_Hard_Application()
{
//从系统中保存应用日志
if(!fp)
{
MessageBox("怎么没打开呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
exit(1);
}
else
{
MessageBox("应用日志文件打开了!","信息!",MB_OK|MB_ICONINFORMATION);
}
fprintf(fp, "\n\n***********应用日志列表***********\n\n\n");
Start_EL("application",el);
Save_event(el, 1);
fclose(fp);
if(fclose(fp))
{
MessageBox("应用日志文件关闭了!","信息!",MB_OK|MB_ICONINFORMATION);
}
else
{
MessageBox("还开着呢了,,抓紧关它吧!","错误!",MB_OK|MB_ICONSTOP);
}
}
////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Hard_Security()
{
//从系统中保存安全记录
if(!fp)
{
MessageBox("怎么没打开呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
exit(1);
}
else
{
MessageBox("安全日志文件打开了!","信息!",MB_OK|MB_ICONINFORMATION);
}
fprintf(fp, "\n\n***********安全日志列表***********\n\n\n");
Start_EL("Security",el);
Save_event(el, 1);
fclose(fp);
if(fclose(fp))
{
MessageBox("安全日志文件关闭了!","信息!",MB_OK|MB_ICONINFORMATION);
}
else
{
MessageBox("还开着呢了,,抓紧关它吧!","错误!",MB_OK|MB_ICONSTOP);
}
}
//////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Hard_System()
{
//从系统中保存系统日志
if(!fp)
{
MessageBox("怎么没打开呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
exit(1);
}
else
{
MessageBox("系统日志文件打开了!","信息!",MB_OK|MB_ICONINFORMATION);
}
fprintf(fp, "\n\n***********系统日志列表***********\n\n\n");
Start_EL("System",el);
Save_event(el, 1);
fclose(fp);
if(fclose(fp))
{
MessageBox("系统日志文件关闭了!","信息!",MB_OK|MB_ICONINFORMATION);
}
else
{
MessageBox("还开着呢了,,抓紧关它吧!","错误!",MB_OK|MB_ICONSTOP);
}
}
/////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnSave_Hard()
{
//从系统中保存记录的响应函数
// TODO: Add your control notification handler code here
switch(istype)
{
case 1:
break;
case 2:
break;
case 3:
break;
default:
MessageBox("请选择日志类型","警告!",MB_OK|MB_ICONEXCLAMATION);
return;
}
CString sFileName;
sFileName.Format("");
CFileDialog dlg(FALSE, "txt", sFileName,
OFN_OVERWRITEPROMPT|OFN_HIDEREADONLY,
"文本文件(*.txt)|*.txt|文本文件(*.doc)|*.doc||", this);
/////////////////////////////////////////
//从系统中保存整个日志
if(IDCANCEL==(MessageBox("您确定要从系统中保存日志文件?","提示!",MB_OKCANCEL|MB_ICONQUESTION)))
{
nItem=0;
return;
}
if (dlg.DoModal() == IDOK)
{
dlg.m_ofn.lpstrTitle = _T("从系统中保存日志文件");
CString fileName = dlg.GetPathName();
fp = fopen(fileName,"w");
switch(istype)
{
case 1:
Save_Hard_Security();
break;
case 2:
Save_Hard_System();
break;
case 3:
Save_Hard_Application();
break;
default:
MessageBox("请选择日志类型","警告!",MB_OK|MB_ICONEXCLAMATION);
return;
}
}
nItem=0;
}
/////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////
// DescriptionDiaLog.cpp : implementation file
//
#include "stdafx.h"
#include "Read_Event.h"
#include "DescriptionDiaLog.h"
#include "Read_EventDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
extern int istype;
extern int nItem;
extern int event_record;
extern CString m_mm_host_state;
extern os_el el[1];
extern BOOL issub;
BOOL isShow=FALSE;
/////////////////////////////////////////////////////////////////////////////
// DescriptionDiaLog dialog
DescriptionDiaLog::DescriptionDiaLog(CWnd* pParent /*=NULL*/)
: CDialog(DescriptionDiaLog::IDD, pParent)
{
//{{AFX_DATA_INIT(DescriptionDiaLog)
m_sub_event_computername = _T("");
//}}AFX_DATA_INIT
}
void DescriptionDiaLog::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(DescriptionDiaLog)
DDX_Text(pDX, IDC_SBUEVENTCOMPUTERNAME, m_sub_event_computername);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(DescriptionDiaLog, CDialog)
//{{AFX_MSG_MAP(DescriptionDiaLog)
ON_BN_CLICKED(IDC_SHOW, OnShow)
ON_BN_CLICKED(IDC_PRESHOW, OnPreshow)
ON_BN_CLICKED(IDC_NEXTSHOW, OnNextshow)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// DescriptionDiaLog message handlers
BOOL DescriptionDiaLog::OnInitDialog()
{
CDialog::OnInitDialog();
// TODO: Add extra initialization here
issub=true;
return TRUE; // return TRUE unless you set the focus to a control
// EXCEPTION: OCX Property Pages should return FALSE
}
//////////////////////////////////////////////////////////
void DescriptionDiaLog::Sub_Prepare()
{
char *m_sub_cTemp;
switch(istype)
{
case 1:
m_sub_cTemp ="Security";
break;
case 2:
m_sub_cTemp ="System";
break;
default:
m_sub_cTemp ="application";
}
Sub_Show(nItem);
}
///////////////////////////////////////////////////////
void DescriptionDiaLog::OnShow()
{
//显示记录内容
// TODO: Add your control notification handler code here
//判断是否有记录被选中
if (nItem==0)
{
MessageBox("错了!","错误!",MB_OK|MB_ICONSTOP);
CDialog::OnOK();
}
//如果是选中的是列表中第一条记录,向前观察按钮失效
if(nItem==1)
{
GetDlgItem(IDC_PRESHOW)->EnableWindow(FALSE);
GetDlgItem(IDC_NEXTSHOW)->EnableWindow(TRUE);
}
//如果是选中的是列表中最后一条记录,向后观察按钮失效
if(nItem==event_record)
{
GetDlgItem(IDC_PRESHOW)->EnableWindow(TRUE);
GetDlgItem(IDC_NEXTSHOW)->EnableWindow(FALSE);
}
Sub_Prepare();
isShow=TRUE;
}
///////////////////////////////////////////////////////////
void DescriptionDiaLog::OnPreshow()
{
//向前观察按钮响应函数
// TODO: Add your control notification handler code here
if (!isShow)
{
MessageBox("请回去选择记录!","警告!",MB_OK|MB_ICONEXCLAMATION);
CDialog::OnOK();
}
nItem--;
//如果是选中的是列表中第一条记录,向前观察按钮失效
if(nItem==1)
{
GetDlgItem(IDC_PRESHOW)->EnableWindow(FALSE);
}
GetDlgItem(IDC_NEXTSHOW)->EnableWindow(TRUE);
Sub_Prepare();
}
//////////////////////////////////////////////////////////////////
void DescriptionDiaLog::OnNextshow()
{
//向后观察按钮
// TODO: Add your control notification handler code here
nItem++;
//如果是选中的是列表中最后一条记录,向后观察按钮失效
if(nItem==event_record)
{
GetDlgItem(IDC_NEXTSHOW)->EnableWindow(FALSE);
}
GetDlgItem(IDC_PRESHOW)->EnableWindow(TRUE);
Sub_Prepare();
}
//////////////////////////////////////////////////////////////
void DescriptionDiaLog::OnOK()
{
// TODO: Add extra validation here
nItem=0;
CDialog::OnOK();
}
void DescriptionDiaLog::OnCancel()
{
// TODO: Add extra cleanup here
nItem=0;
CDialog::OnCancel();
}
////////////////////////////////////////////////////////////////
void DescriptionDiaLog::Sub_Show(int sub_nItem)
{
//显示详细记录按钮的响应函数
CRead_EventDlg* dlg = (CRead_EventDlg *)AfxGetMainWnd();
CString sub_event;
//事件序列
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,0);
GetDlgItem(IDC_SBUEVENTRECORD)->SetWindowText(sub_event);
//事件类型
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,1);
GetDlgItem(IDC_SBUEVENTCATEGORY)->SetWindowText(sub_event);
//事件来源
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,2);
GetDlgItem(IDC_SUBEVENTSOURCENAME)->SetWindowText(sub_event);
//事件日期
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,3);
GetDlgItem(IDC_SUBEVENTDATA)->SetWindowText(sub_event);
//事件时间
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,4);
GetDlgItem(IDC_SBUEVENTTIME)->SetWindowText(sub_event);
//事件ID
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,5);
GetDlgItem(IDC_SBUEVENTID)->SetWindowText(sub_event);
//用户
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,6);
GetDlgItem(IDC_SBUEVENTUSERNAME)->SetWindowText(sub_event);
//计算机
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,7);
GetDlgItem(IDC_SBUEVENTCOMPUTERNAME)->SetWindowText(sub_event);
//详细描述
sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,8);
GetDlgItem(IDC_EDIT_SBUEVENTMESSAGE)->SetWindowText(sub_event);
switch(istype)
{
case 1:
sub_event="Security";
break;
case 2:
sub_event="System";
break;
case 3:
sub_event="Application";
break;
default:
MessageBox("请选择日志类型!","警告!",MB_OK|MB_ICONEXCLAMATION);
return;
}
//事件
GetDlgItem(IDC_SUBEVENT)->SetWindowText(sub_event);
}
/////////////////////////////////////////////////////////////////