Delphi/MiTec
Delphi/MiTec
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
MiTec/Common/MiTeC_WinEvt.pas
Daso 9407845155
Init
2024-07-06 22:30:25 +02:00

877 lines
30 KiB
ObjectPascal
Raw Permalink Blame History

{*******************************************************}
{ MiTeC Common Routines }
{ Windows Event Log API }
{ }
{ }
{ Copyright (c) by 1997-2021 Michal Mutl }
{ }
{*******************************************************}
{$INCLUDE Compilers.inc}
unit MiTeC_WinEvt;
interface
{$ALIGN ON}
{$MINENUMSIZE 4}
uses
{$IFDEF RAD9PLUS}WinAPI.Windows{$ELSE}Windows{$ENDIF}, MiTeC_Windows;
type
PUInt64 = ^UInt64;
PULONGLONG = PUInt64;
PPSID = ^PSID;
PEvtHandle = ^TEvtHandle;
TEvtHandle = type THandle;
type
TEvtVariantType = type DWORD;
const
EvtVarTypeNull = TEvtVariantType(0);
EvtVarTypeString = TEvtVariantType(1);
EvtVarTypeAnsiString = TEvtVariantType(2);
EvtVarTypeSByte = TEvtVariantType(3);
EvtVarTypeByte = TEvtVariantType(4);
EvtVarTypeInt16 = TEvtVariantType(5);
EvtVarTypeUInt16 = TEvtVariantType(6);
EvtVarTypeInt32 = TEvtVariantType(7);
EvtVarTypeUInt32 = TEvtVariantType(8);
EvtVarTypeInt64 = TEvtVariantType(9);
EvtVarTypeUInt64 = TEvtVariantType(10);
EvtVarTypeSingle = TEvtVariantType(11);
EvtVarTypeDouble = TEvtVariantType(12);
EvtVarTypeBoolean = TEvtVariantType(13);
EvtVarTypeBinary = TEvtVariantType(14);
EvtVarTypeGuid = TEvtVariantType(15);
EvtVarTypeSizeT = TEvtVariantType(16);
EvtVarTypeFileTime = TEvtVariantType(17);
EvtVarTypeSysTime = TEvtVariantType(18);
EvtVarTypeSid = TEvtVariantType(19);
EvtVarTypeHexInt32 = TEvtVariantType(20);
EvtVarTypeHexInt64 = TEvtVariantType(21);
// these types used internally
EvtVarTypeEvtHandle = TEvtVariantType(32);
EvtVarTypeEvtXml = TEvtVariantType(35);
const
EvtVariantTypeMask = TEvtVariantType($7F);
EvtVariantTypeArray = TEvtVariantType($80);
type
PEvtVariant = ^TEvtVariant;
TEvtVariant = record
case TEvtVariantType of
EvtVarTypeString: (
StringVal: PWideChar);
EvtVarTypeAnsiString: (
AnsiStringVal: PAnsiChar);
EvtVarTypeSByte: (
SByteVal: ShortInt);
EvtVarTypeByte: (
ByteVal: Byte);
EvtVarTypeInt16: (
Int16Val: SmallInt);
EvtVarTypeUInt16: (
UInt16Val: Word);
EvtVarTypeInt32: (
Int32Val: LongInt);
EvtVarTypeUInt32: (
UInt32Val: LongWord);
EvtVarTypeInt64: (
Int64Val: Int64);
EvtVarTypeUInt64: (
UInt64Val: UInt64);
EvtVarTypeSingle: (
SingleVal: Single);
EvtVarTypeDouble: (
DoubleVal: Double);
EvtVarTypeBoolean: (
BooleanVal: LongBool);
EvtVarTypeBinary: (
BinaryVal: PByte);
EvtVarTypeGuid: (
GuidVal: PGUID);
EvtVarTypeSizeT: (
SizeTVal: {$IFDEF WIN64} UInt64 {$ELSE} LongWord {$ENDIF});
EvtVarTypeSysTime: (
SysTimeVal: PSystemTime);
EvtVarTypeSid: (
SidVal: PSID);
// array fields
EvtVariantTypeArray or EvtVarTypeString: (
StringArr: PPWideChar);
EvtVariantTypeArray or EvtVarTypeAnsiString: (
AnsiStringArr: PPAnsiChar);
EvtVariantTypeArray or EvtVarTypeSByte: (
SByteArr: PShortInt);
EvtVariantTypeArray or EvtVarTypeByte: (
ByteArr: PByte);
EvtVariantTypeArray or EvtVarTypeInt16: (
Int16Arr: PSmallInt);
EvtVariantTypeArray or EvtVarTypeUInt16: (
UInt16Arr: PWord);
EvtVariantTypeArray or EvtVarTypeInt32: (
Int32Arr: PLongInt);
EvtVariantTypeArray or EvtVarTypeUInt32: (
UInt32Arr: PLongWord);
EvtVariantTypeArray or EvtVarTypeInt64: (
Int64Arr: PInt64);
EvtVariantTypeArray or EvtVarTypeUInt64: (
UInt64Arr: PUInt64);
EvtVariantTypeArray or EvtVarTypeSingle: (
SingleArr: PSingle);
EvtVariantTypeArray or EvtVarTypeDouble: (
DoubleArr: PDouble);
EvtVariantTypeArray or EvtVarTypeBoolean: (
BooleanArr: PBOOL);
EvtVariantTypeArray or EvtVarTypeGuid: (
GuidArr: PGUID);
EvtVariantTypeArray or EvtVarTypeSizeT: (
SizeTArr: {$IFDEF WIN64} PUInt64 {$ELSE} PLongWord {$ENDIF});
EvtVariantTypeArray or EvtVarTypeFileTime: (
FileTimeArr: PULONGLONG);
EvtVariantTypeArray or EvtVarTypeSysTime: (
SysTimeArr: PSystemTime);
EvtVariantTypeArray or EvtVarTypeSid: (
SidArr: PPSID);
// internal fields
EvtVarTypeEvtHandle: (
EvtHandleVal: TEvtHandle);
EvtVarTypeEvtXml: (
XmlVal: PWideChar); // const
EvtVariantTypeArray or EvtVarTypeEvtXml: (
XmlValArr: PPWideChar); // const
//NOTE: Moved to the end to translate the unnamed union for Delphi
EvtVarTypeFileTime: (
FileTimeVal: ULONGLONG;
Count: LongWord; // number of elements (not length) in bytes.
Type_: TEvtVariantType);
end;
type
TEvtLoginClass = (
EvtRpcLogin = 1
);
type
TEvtRpcLoginFlags = (
EvtRpcLoginAuthDefault = 0,
EvtRpcLoginAuthNegotiate,
EvtRpcLoginAuthKerberos,
EvtRpcLoginAuthNTLM
);
type
TEvtRpcLogin = record
// all str params are optional
Server : PWideChar;
User : PWideChar;
Domain : PWideChar;
Password: PWideChar;
Flags : TEvtRpcLoginFlags;
end;
function EvtOpenSession(LoginClass: TEvtLoginClass; Login: Pointer; Timeout, Flags: DWORD): TEvtHandle; stdcall;
function EvtClose(Object_: TEvtHandle): BOOL; stdcall;
function EvtCancel(Object_: TEvtHandle): BOOL; stdcall;
function EvtGetExtendedStatus(BufferSize: DWORD; Buffer: PWideChar;out BufferUsed: DWORD): BOOL; stdcall;
type
TEvtQueryFlags = type DWORD;
const
EvtQueryChannelPath = TEvtQueryFlags($1);
EvtQueryFilePath = TEvtQueryFlags($2);
EvtQueryForwardDirection = TEvtQueryFlags($100);
EvtQueryReverseDirection = TEvtQueryFlags($200);
EvtQueryTolerateQueryErrors = TEvtQueryFlags($1000);
type
TEvtSeekFlags = type DWORD;
const
EvtSeekRelativeToFirst = TEvtSeekFlags(1);
EvtSeekRelativeToLast = TEvtSeekFlags(2);
EvtSeekRelativeToCurrent = TEvtSeekFlags(3);
EvtSeekRelativeToBookmark = TEvtSeekFlags(4);
EvtSeekOriginMask = TEvtSeekFlags(7);
EvtSeekStrict = TEvtSeekFlags($10000);
function EvtQuery(Session: TEvtHandle; const Path, Query: PWideChar; Flags: TEvtQueryFlags): TEvtHandle; stdcall;
function EvtNext(ResultSet: TEvtHandle; EventsSize: DWORD; Events: PEvtHandle; Timeout, Flags: DWORD; out Returned: DWORD): BOOL; stdcall;
function EvtSeek(ResultSet: TEvtHandle; Position: LONGLONG; Bookmark: TEvtHandle; Timeout: DWORD; Flags: TEvtSeekFlags): BOOL; stdcall;
type
TEvtSubscribeFlags = type DWORD;
const
EvtSubscribeToFutureEvents = TEvtSubscribeFlags(1);
EvtSubscribeStartAtOldestRecord = TEvtSubscribeFlags(2);
EvtSubscribeStartAfterBookmark = TEvtSubscribeFlags(3);
EvtSubscribeOriginMask = TEvtSubscribeFlags(3);
EvtSubscribeTolerateQueryErrors = TEvtSubscribeFlags($1000);
EvtSubscribeStrict = TEvtSubscribeFlags($10000);
type
TEvtSubscribeNotifyAction = (
EvtSubscribeActionError = 0,
EvtSubscribeActionDeliver
);
type
TEvtSubscribeCallback = function(Action: TEvtSubscribeNotifyAction; UserContext: Pointer; Event: TEvtHandle): DWORD; stdcall;
function EvtSubscribe(Session: TEvtHandle; SignalEvent: THandle; const ChannelPath, Query: PWideChar; Bookmark: TEvtHandle;
Context: Pointer; Callback: TEvtSubscribeCallback; Flags: TEvtSubscribeFlags): TEvtHandle; stdcall;
type
TEvtSystemPropertyID = (
EvtSystemProviderName = 0, // EvtVarTypeString
EvtSystemProviderGuid, // EvtVarTypeGuid
EvtSystemEventID, // EvtVarTypeUInt16
EvtSystemQualifiers, // EvtVarTypeUInt16
EvtSystemLevel, // EvtVarTypeUInt8
EvtSystemTask, // EvtVarTypeUInt16
EvtSystemOpcode, // EvtVarTypeUInt8
EvtSystemKeywords, // EvtVarTypeHexInt64
EvtSystemTimeCreated, // EvtVarTypeFileTime
EvtSystemEventRecordId, // EvtVarTypeUInt64
EvtSystemActivityID, // EvtVarTypeGuid
EvtSystemRelatedActivityID, // EvtVarTypeGuid
EvtSystemProcessID, // EvtVarTypeUInt32
EvtSystemThreadID, // EvtVarTypeUInt32
EvtSystemChannel, // EvtVarTypeString
EvtSystemComputer, // EvtVarTypeString
EvtSystemUserID, // EvtVarTypeSid
EvtSystemVersion, // EvtVarTypeUInt8
EvtSystemPropertyIdEND);
TEvtRenderContextFlags = (
EvtRenderContextValues = 0, // Render specific properties
EvtRenderContextSystem, // Render all system properties (System)
EvtRenderContextUser); // Render all user properties (User/EventData)
TEvtRenderFlags = (
EvtRenderEventValues = 0, // Variants
EvtRenderEventXml, // XML
EvtRenderBookmark); // Bookmark
function EvtCreateRenderContext(ValuePathsCount: DWORD; ValuePaths: LPCWSTR; Flags: TEvtRenderContextFlags): TEvtHandle; stdcall;
function EvtRender(Context: TEvtHandle; Fragment: TEvtHandle; Flags: TEvtRenderFlags; BufferSize: DWORD;
Buffer: PVOID; BufferUsed: PDWORD; PropertyCount: PDWORD): BOOL; stdcall;
type
TEvtFormatMessageFlags = (
EvtFormatMessageEvent = 1,
EvtFormatMessageLevel,
EvtFormatMessageTask,
EvtFormatMessageOpcode,
EvtFormatMessageKeyword,
EvtFormatMessageChannel,
EvtFormatMessageProvider,
EvtFormatMessageId,
EvtFormatMessageXml
);
function EvtFormatMessage(PublisherMetadata: TEvtHandle; // Except for forwarded events
Event: TEvtHandle; MessageId: DWORD; ValueCount: DWORD;
Values: PEvtVariant; Flags: TEvtFormatMessageFlags; BufferSize: DWORD;
Buffer: PWideChar; BufferUsed: PDWORD): BOOL; stdcall;
(*
////////////////////////////////////////////////////////////////////////////////
//
// Log Maintenace and Information
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_OPEN_LOG_FLAGS
{
EvtOpenChannelPath = 0x1,
EvtOpenFilePath = 0x2
} EVT_OPEN_LOG_FLAGS;
typedef enum _EVT_LOG_PROPERTY_ID
{
EvtLogCreationTime = 0, // EvtVarTypeFileTime
EvtLogLastAccessTime, // EvtVarTypeFileTime
EvtLogLastWriteTime, // EvtVarTypeFileTime
EvtLogFileSize, // EvtVarTypeUInt64
EvtLogAttributes, // EvtVarTypeUInt32
EvtLogNumberOfLogRecords, // EvtVarTypeUInt64
EvtLogOldestRecordNumber, // EvtVarTypeUInt64
EvtLogFull, // EvtVarTypeBoolean
} EVT_LOG_PROPERTY_ID;
EVT_HANDLE WINAPI EvtOpenLog(
EVT_HANDLE Session,
LPCWSTR Path,
DWORD Flags
);
BOOL WINAPI EvtGetLogInfo(
EVT_HANDLE Log,
EVT_LOG_PROPERTY_ID PropertyId,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
BOOL WINAPI EvtClearLog(
EVT_HANDLE Session,
LPCWSTR ChannelPath,
LPCWSTR TargetFilePath,
DWORD Flags
);
typedef enum _EVT_EXPORTLOG_FLAGS
{
EvtExportLogChannelPath = 0x1,
EvtExportLogFilePath = 0x2,
EvtExportLogTolerateQueryErrors = 0x1000
} EVT_EXPORTLOG_FLAGS;
BOOL WINAPI EvtExportLog(
EVT_HANDLE Session,
LPCWSTR Path,
LPCWSTR Query,
LPCWSTR TargetFilePath,
DWORD Flags
);
BOOL WINAPI EvtArchiveExportedLog(
EVT_HANDLE Session,
LPCWSTR LogFilePath,
LCID Locale,
DWORD Flags
);
*)
type
TEvtChannelConfigPropertyID = (
EvtChannelConfigEnabled = 0, // EvtVarTypeBoolean
EvtChannelConfigIsolation, // EvtVarTypeUInt32, EVT_CHANNEL_ISOLATION_TYPE
EvtChannelConfigType, // EvtVarTypeUInt32, EVT_CHANNEL_TYPE
EvtChannelConfigOwningPublisher, // EvtVarTypeString
EvtChannelConfigClassicEventlog, // EvtVarTypeBoolean
EvtChannelConfigAccess, // EvtVarTypeString
EvtChannelLoggingConfigRetention, // EvtVarTypeBoolean
EvtChannelLoggingConfigAutoBackup, // EvtVarTypeBoolean
EvtChannelLoggingConfigMaxSize, // EvtVarTypeUInt64
EvtChannelLoggingConfigLogFilePath, // EvtVarTypeString
EvtChannelPublishingConfigLevel, // EvtVarTypeUInt32
EvtChannelPublishingConfigKeywords, // EvtVarTypeUInt64
EvtChannelPublishingConfigControlGuid, // EvtVarTypeGuid
EvtChannelPublishingConfigBufferSize, // EvtVarTypeUInt32
EvtChannelPublishingConfigMinBuffers, // EvtVarTypeUInt32
EvtChannelPublishingConfigMaxBuffers, // EvtVarTypeUInt32
EvtChannelPublishingConfigLatency, // EvtVarTypeUInt32
EvtChannelPublishingConfigClockType, // EvtVarTypeUInt32, EVT_CHANNEL_CLOCK_TYPE
EvtChannelPublishingConfigSidType, // EvtVarTypeUInt32, EVT_CHANNEL_SID_TYPE
EvtChannelPublisherList, // EvtVarTypeString | EvtVariantTypeArray
EvtChannelConfigPropertyIdEND
);
TEvtChannelType = (
EvtChannelTypeAdmin = 0,
EvtChannelTypeOperational,
EvtChannelTypeAnalytic,
EvtChannelTypeDebug
);
TEvtChannelIsolationType = (
EvtChannelIsolationTypeApplication = 0,
EvtChannelIsolationTypeSystem,
EvtChannelIsolationTypeCustom
);
TEvtChannelClockType = (
EvtChannelClockTypeSystemTime = 0, // System time
EvtChannelClockTypeQPC // Query performance counter
);
TEvtChannelSidType = (
EvtChannelSidTypeNone = 0,
EvtChannelSidTypePublishing
);
function EvtOpenChannelEnum(Session: TEvtHandle; Flags: DWORD): TEvtHandle; stdcall;
function EvtNextChannelPath(ChannelEnum: TEvtHandle; ChannelPathBufferSize: DWORD; ChannelPathBuffer: PWideChar; ChannelPathBufferUsed: PDWORD): BOOL; stdcall;
(*
EVT_HANDLE WINAPI EvtOpenChannelConfig(
EVT_HANDLE Session,
LPCWSTR ChannelPath,
DWORD Flags
);
BOOL WINAPI EvtSaveChannelConfig(
EVT_HANDLE ChannelConfig,
DWORD Flags
);
BOOL WINAPI EvtSetChannelConfigProperty(
EVT_HANDLE ChannelConfig,
EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId,
DWORD Flags,
PEVT_VARIANT PropertyValue
);
BOOL WINAPI EvtGetChannelConfigProperty(
EVT_HANDLE ChannelConfig,
EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId,
DWORD Flags,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
*)
type
TEvtCChannelReferenceFlags = (
EvtChannelReferenceImported = $1
);
TEvtPPublisherMetadataPropertyID = (
EvtPublisherMetadataPublisherGuid = 0, // EvtVarTypeGuid
EvtPublisherMetadataResourceFilePath, // EvtVarTypeString
EvtPublisherMetadataParameterFilePath, // EvtVarTypeString
EvtPublisherMetadataMessageFilePath, // EvtVarTypeString
EvtPublisherMetadataHelpLink, // EvtVarTypeString
EvtPublisherMetadataPublisherMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferences, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataChannelReferencePath, // EvtVarTypeString
EvtPublisherMetadataChannelReferenceIndex, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferenceID, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferenceFlags, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferenceMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataLevels, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataLevelName, // EvtVarTypeString
EvtPublisherMetadataLevelValue, // EvtVarTypeUInt32
EvtPublisherMetadataLevelMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataTasks, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataTaskName, // EvtVarTypeString
EvtPublisherMetadataTaskEventGuid, // EvtVarTypeGuid
EvtPublisherMetadataTaskValue, // EvtVarTypeUInt32
EvtPublisherMetadataTaskMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataOpcodes, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataOpcodeName, // EvtVarTypeString
EvtPublisherMetadataOpcodeValue, // EvtVarTypeUInt32
EvtPublisherMetadataOpcodeMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataKeywords, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataKeywordName, // EvtVarTypeString
EvtPublisherMetadataKeywordValue, // EvtVarTypeUInt64
EvtPublisherMetadataKeywordMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataPropertyIdEND
);
function EvtOpenPublisherEnum(Session: TEvtHandle; Flags: DWORD): TEvtHandle; stdcall;
function EvtNextPublisherId(PublisherEnum: TEvtHandle; PublisherIdBufferSize: DWORD;
PublisherIdBuffer: PEvtVariant; PublisherIdBufferUsed: PDWORD): BOOL; stdcall;
function EvtOpenPublisherMetadata(Session: TEvtHandle; PublisherId: PWideChar; LogFilePath: PWideChar;
Locale: LCID; Flags: DWORD): TEvtHandle; stdcall;
function EvtGetPublisherMetadataProperty(PublisherMetadata: TEvtHandle; PropertyId: TEvtPPublisherMetadataPropertyID;
Flags: DWORD; PublisherMetadataPropertyBufferSize: DWORD; PublisherMetadataPropertyBuffer: PEvtVariant;
PublisherMetadataPropertyBufferUsed: PDWORD): BOOL; stdcall;
(*
////////////////////////////////////////////////////////////////////////////////
//
// Event Metadata Configuratin
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_EVENT_METADATA_PROPERTY_ID
{
EventMetadataEventID, // EvtVarTypeUInt32
EventMetadataEventVersion, // EvtVarTypeUInt32
EventMetadataEventChannel, // EvtVarTypeUInt32
EventMetadataEventLevel, // EvtVarTypeUInt32
EventMetadataEventOpcode, // EvtVarTypeUInt32
EventMetadataEventTask, // EvtVarTypeUInt32
EventMetadataEventKeyword, // EvtVarTypeUInt64
EventMetadataEventMessageID,// EvtVarTypeUInt32
EventMetadataEventTemplate, // EvtVarTypeString
EvtEventMetadataPropertyIdEND
} EVT_EVENT_METADATA_PROPERTY_ID;
EVT_HANDLE WINAPI EvtOpenEventMetadataEnum(
EVT_HANDLE PublisherMetadata,
DWORD Flags
);
EVT_HANDLE WINAPI EvtNextEventMetadata(
EVT_HANDLE EventMetadataEnum,
DWORD Flags
);
BOOL WINAPI EvtGetEventMetadataProperty(
EVT_HANDLE EventMetadata,
EVT_EVENT_METADATA_PROPERTY_ID PropertyId,
DWORD Flags,
DWORD EventMetadataPropertyBufferSize,
PEVT_VARIANT EventMetadataPropertyBuffer,
__out PDWORD EventMetadataPropertyBufferUsed
);
////////////////////////////////////////////////////////////////////////////////
//
// Array Access
//
////////////////////////////////////////////////////////////////////////////////
typedef HANDLE EVT_OBJECT_ARRAY_PROPERTY_HANDLE;
BOOL WINAPI EvtGetObjectArraySize(
EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray,
__out PDWORD ObjectArraySize
);
BOOL WINAPI EvtGetObjectArrayProperty(
EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray,
DWORD PropertyId,
DWORD ArrayIndex,
DWORD Flags,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
/////////////////////////////////////////////////////////////////////////////
//
// Misc Event Consumer Functions
//
////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_QUERY_PROPERTY_ID
{
//
// list of channels or logfiles indentified in the query. Variant will be
// array of EvtVarTypeString.
//
EvtQueryNames,
//
// Array of EvtVarTypeUInt32, indicating creation status ( Win32 error
// code ) for the list of names returned by the EvtQueryNames
// property.
//
EvtQueryStatuses,
EvtQueryPropertyIdEND
} EVT_QUERY_PROPERTY_ID;
typedef enum _EVT_EVENT_PROPERTY_ID
{
EvtEventQueryIDs = 0,
EvtEventPath,
EvtEventPropertyIdEND
} EVT_EVENT_PROPERTY_ID;
BOOL WINAPI EvtGetQueryInfo(
EVT_HANDLE QueryOrSubscription,
EVT_QUERY_PROPERTY_ID PropertyId,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
EVT_HANDLE WINAPI EvtCreateBookmark(
__in_opt LPCWSTR BookmarkXml
);
BOOL WINAPI EvtUpdateBookmark(
EVT_HANDLE Bookmark,
EVT_HANDLE Event
);
BOOL WINAPI EvtGetEventInfo(
EVT_HANDLE Event,
EVT_EVENT_PROPERTY_ID PropertyId,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
*)
const
EVT_READ_ACCESS = $1;
EVT_WRITE_ACCESS = $2;
EVT_CLEAR_ACCESS = $4;
EVT_ALL_ACCESS = $7;
const
WEvtApiLib = 'wevtapi.dll';
var
WinEvtAvailable: boolean = False;
implementation
function GetProcedureAddress(var P: Pointer; const ModuleName, ProcName: string): boolean;
var
ModuleHandle: HMODULE;
begin
if not Assigned(P) then begin
ModuleHandle:=GetModuleHandle(PChar(ModuleName));
if ModuleHandle=0 then
ModuleHandle:=LoadLibrary(PChar(ModuleName));
if ModuleHandle<>0 then
P:=GetProcAddress(ModuleHandle,PChar(ProcName));
end;
Result:=Assigned(P);
end;
{$IFDEF STATIC_LINK}
function EvtOpenSession; external WEvtApiLib;
function EvtClose; external WEvtApiLib;
function EvtCancel; external WEvtApiLib;
function EvtGetExtendedStatus; external WEvtApiLib;
function EvtQuery; external WEvtApiLib;
function EvtNext; external WEvtApiLib;
function EvtSeek; external WEvtApiLib;
function EvtSubscribe; external WEvtApiLib;
function EvtCreateRenderContext; external WEvtApiLib;
function EvtRender; external WEvtApiLib;
function EvtOpenPublisherEnum; external WEvtApiLib;
function EvtNextPublisherId; external WEvtApiLib;
function EvtOpenPublisherMetadata; external WEvtApiLib;
function EvtGetPublisherMetadataProperty; external WEvtApiLib;
function EvtFormatMessage; external WEvtApiLib;
{$ELSE}
type
TEvtOpenSession = function(LoginClass: TEvtLoginClass; Login: Pointer; Timeout, Flags: DWORD): TEvtHandle; stdcall;
TEvtClose = function(Object_: TEvtHandle): BOOL; stdcall;
TEvtCancel = function(Object_: TEvtHandle): BOOL; stdcall;
TEvtGetExtendedStatus = function(BufferSize: DWORD; Buffer: PWideChar;out BufferUsed: DWORD): BOOL; stdcall;
TEvtQuery = function(Session: TEvtHandle; const Path, Query: PWideChar; Flags: TEvtQueryFlags): TEvtHandle; stdcall;
TEvtNext = function(ResultSet: TEvtHandle; EventsSize: DWORD; Events: PEvtHandle; Timeout, Flags: DWORD; out Returned: DWORD): BOOL; stdcall;
TEvtSeek = function(ResultSet: TEvtHandle; Position: LONGLONG; Bookmark: TEvtHandle; Timeout: DWORD; Flags: TEvtSeekFlags): BOOL; stdcall;
TEvtSubscribe = function(Session: TEvtHandle; SignalEvent: THandle; const ChannelPath, Query: PWideChar; Bookmark: TEvtHandle;
Context: Pointer; Callback: TEvtSubscribeCallback; Flags: TEvtSubscribeFlags): TEvtHandle; stdcall;
TEvtCreateRenderContext = function(ValuePathsCount: DWORD; ValuePaths: LPCWSTR; Flags: TEvtRenderContextFlags): TEvtHandle; stdcall;
TEvtRender = function(Context: TEvtHandle; Fragment: TEvtHandle; Flags: TEvtRenderFlags; BufferSize: DWORD;
Buffer: PVOID; BufferUsed: PDWORD; PropertyCount: PDWORD): BOOL; stdcall;
TEvtOpenPublisherEnum = function(Session: TEvtHandle; Flags: DWORD): TEvtHandle; stdcall;
TEvtNextPublisherId = function(PublisherEnum: TEvtHandle; PublisherIdBufferSize: DWORD;
PublisherIdBuffer: PEvtVariant; PublisherIdBufferUsed: PDWORD): BOOL; stdcall;
TEvtOpenPublisherMetadata = function(Session: TEvtHandle; PublisherId: PWideChar; LogFilePath: PWideChar;
Locale: LCID; Flags: DWORD): TEvtHandle; stdcall;
TEvtGetPublisherMetadataProperty = function(PublisherMetadata: TEvtHandle; PropertyId: TEvtPPublisherMetadataPropertyID;
Flags: DWORD; PublisherMetadataPropertyBufferSize: DWORD; PublisherMetadataPropertyBuffer: PEvtVariant;
PublisherMetadataPropertyBufferUsed: PDWORD): BOOL; stdcall;
TEvtFormatMessage = function(PublisherMetadata: TEvtHandle;
Event: TEvtHandle; MessageId: DWORD; ValueCount: DWORD;
Values: PEvtVariant; Flags: TEvtFormatMessageFlags; BufferSize: DWORD;
Buffer: PWideChar; BufferUsed: PDWORD): BOOL; stdcall;
TEvtOpenChannelEnum = function(Session: TEvtHandle; Flags: DWORD): TEvtHandle; stdcall;
TEvtNextChannelPath = function(ChannelEnum: TEvtHandle; ChannelPathBufferSize: DWORD; ChannelPathBuffer: PWideChar; ChannelPathBufferUsed: PDWORD): BOOL; stdcall;
var
_EvtOpenSession: TEvtOpenSession = nil;
_EvtClose: TEvtClose = nil;
_EvtCancel: TEvtCancel = nil;
_EvtGetExtendedStatus: TEvtGetExtendedStatus = nil;
_EvtQuery: TEvtQuery = nil;
_EvtNext: TEvtNext = nil;
_EvtSeek: TEvtSeek = nil;
_EvtSubscribe: TEvtSubscribe = nil;
_EvtCreateRenderContext: TEvtCreateRenderContext = nil;
_EvtRender: TEvtRender = nil;
_EvtOpenPublisherEnum: TEvtOpenPublisherEnum = nil;
_EvtNextPublisherId: TEvtNextPublisherId = nil;
_EvtOpenPublisherMetadata: TEvtOpenPublisherMetadata = nil;
_EvtGetPublisherMetadataProperty: TEvtGetPublisherMetadataProperty = nil;
_EvtFormatMessage: TEvtFormatMessage = nil;
_EvtOpenChannelEnum: TEvtOpenChannelEnum = nil;
_EvtNextChannelPath: TEvtNextChannelPath = nil;
function EvtOpenSession;
begin
GetProcedureAddress(Pointer(@_EvtOpenSession), WEvtApiLib, 'EvtOpenSession');
if Assigned(_EvtOpenSession) then
Result:=_EvtOpenSession(LoginClass, Login, Timeout, Flags)
else
Result:=0;
end;
function EvtClose;
begin
GetProcedureAddress(Pointer(@_EvtClose), WEvtApiLib, 'EvtClose');
if Assigned(_EvtClose) then
Result:=_EvtClose(Object_)
else
Result:=False;
end;
function EvtCancel;
begin
GetProcedureAddress(Pointer(@_EvtCancel), WEvtApiLib, 'EvtCancel');
if Assigned(_EvtCancel) then
Result:=_EvtCancel(Object_)
else
Result:=False;
end;
function EvtGetExtendedStatus;
begin
GetProcedureAddress(Pointer(@_EvtGetExtendedStatus), WEvtApiLib, 'EvtGetExtendedStatus');
if Assigned(_EvtGetExtendedStatus) then
Result:=_EvtGetExtendedStatus(BufferSize, Buffer, BufferUsed)
else
Result:=False;
end;
function EvtQuery;
begin
GetProcedureAddress(Pointer(@_EvtQuery), WEvtApiLib, 'EvtQuery');
if Assigned(_EvtQuery) then
Result:=_EvtQuery(Session, Path, Query, Flags)
else
Result:=0;
end;
function EvtNext;
begin
GetProcedureAddress(Pointer(@_EvtNext), WEvtApiLib, 'EvtNext');
if Assigned(_EvtNext) then
Result:=_EvtNext(ResultSet, EventsSize, Events, Timeout, Flags, Returned)
else
Result:=False;
end;
function EvtSeek;
begin
GetProcedureAddress(Pointer(@_EvtSeek), WEvtApiLib, 'EvtSeek');
if Assigned(_EvtSeek) then
Result:=_EvtSeek(ResultSet, Position, Bookmark, Timeout, Flags)
else
Result:=False;
end;
function EvtSubscribe;
begin
GetProcedureAddress(Pointer(@_EvtSubscribe), WEvtApiLib, 'EvtSubscribe');
if Assigned(_EvtSubscribe) then
Result:=_EvtSubscribe(Session, SignalEvent, ChannelPath, Query, Bookmark, Context, Callback, Flags)
else
Result:=0;
end;
function EvtCreateRenderContext;
begin
GetProcedureAddress(Pointer(@_EvtCreateRenderContext), WEvtApiLib, 'EvtCreateRenderContext');
if Assigned(_EvtCreateRenderContext) then
Result:=_EvtCreateRenderContext(ValuePathsCount, ValuePaths, Flags)
else
Result:=0;
end;
function EvtRender;
begin
GetProcedureAddress(Pointer(@_EvtRender), WEvtApiLib, 'EvtRender');
if Assigned(_EvtRender) then
Result:=_EvtRender(Context, Fragment, Flags, BufferSize, Buffer, BufferUsed, PropertyCount)
else
Result:=False;
end;
function EvtOpenPublisherEnum;
begin
GetProcedureAddress(Pointer(@_EvtOpenPublisherEnum), WEvtApiLib, 'EvtOpenPublisherEnum');
if Assigned(_EvtOpenPublisherEnum) then
Result:=_EvtOpenPublisherEnum(Session, Flags)
else
Result:=0;
end;
function EvtNextPublisherId;
begin
GetProcedureAddress(Pointer(@_EvtNextPublisherId), WEvtApiLib, 'EvtNextPublisherId');
if Assigned(_EvtNextPublisherId) then
Result:=_EvtNextPublisherId(PublisherEnum, PublisherIdBufferSize, PublisherIdBuffer, PublisherIdBufferUsed)
else
Result:=False;
end;
function EvtOpenPublisherMetadata;
begin
GetProcedureAddress(Pointer(@_EvtOpenPublisherMetadata), WEvtApiLib, 'EvtOpenPublisherMetadata');
if Assigned(_EvtOpenPublisherMetadata) then
Result:=_EvtOpenPublisherMetadata(Session, PublisherId, LogFilePath, Locale, Flags)
else
Result:=0;
end;
function EvtGetPublisherMetadataProperty;
begin
GetProcedureAddress(Pointer(@_EvtGetPublisherMetadataProperty), WEvtApiLib, 'EvtGetPublisherMetadataProperty');
if Assigned(_EvtGetPublisherMetadataProperty) then
Result:=_EvtGetPublisherMetadataProperty(PublisherMetadata, PropertyId, Flags, PublisherMetadataPropertyBufferSize, PublisherMetadataPropertyBuffer, PublisherMetadataPropertyBufferUsed)
else
Result:=False;
end;
function EvtFormatMessage;
begin
GetProcedureAddress(Pointer(@_EvtFormatMessage), WEvtApiLib, 'EvtFormatMessage');
if Assigned(_EvtFormatMessage) then
Result:=_EvtFormatMessage(PublisherMetadata, Event, MessageId, ValueCount, Values, Flags, BufferSize, Buffer, BufferUsed)
else
Result:=False;
end;
function EvtOpenChannelEnum;
begin
GetProcedureAddress(Pointer(@_EvtOpenChannelEnum), WEvtApiLib, 'EvtOpenChannelEnum');
if Assigned(_EvtOpenChannelEnum) then
Result:=_EvtOpenChannelEnum(Session, Flags)
else
Result:=0;
end;
function EvtNextChannelPath;
begin
GetProcedureAddress(Pointer(@_EvtNextChannelPath), WEvtApiLib, 'EvtNextChannelPath');
if Assigned(_EvtNextChannelPath) then
Result:=_EvtNextChannelPath(ChannelEnum, ChannelPathBufferSize, ChannelPathBuffer, ChannelPathBufferUsed)
else
Result:=False;
end;
{$ENDIF}
initialization
WinEvtAvailable:=GetProcedureAddress(Pointer(@_EvtOpenSession), WEvtApiLib, 'EvtOpenSession');
end.
Reference in New Issue View Git Blame Copy Permalink