// Read_EventDlg.cpp : implementation file
//
#include "stdafx.h"
#include "Read_Event.h"
#include "Read_EventDlg.h"
#include "DescriptionDiaLog.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
/////////////////////////////////////////////////////////////////////
//int event_auditsucceed_num;??//記錄審核成功記錄的個數
//int event_info_num;????//記錄信息記錄的個數
//int event_error_num;????//記錄錯誤記錄的個數?
//int event_warn_num;????//記錄警告記錄的個數
//int event_auditdefeat_num;??//記錄審核失敗的個數
//char *event_category;?????//事件類
//char *event_sourcename=NULL;???//事件來源
//char *event_computername=NULL;??//事件計算機名
//char *event_descriptive_msg=NULL;??//事件描述
//char event_el_user[257];????//事件用戶
//char event_el_domain[257];???//事件域
//char host_final_out_msg[1024];??//最后輸出的信息
FILE *fp;????????//保存的文件
int hh=0;????????//記錄類型的標志�,用于位圖的選擇
int event_record=0;??????//事件記錄的個數
os_el el[1];
int nItem=0;???????//對于索引記錄的當前標志
int istype=0;???????//用于事件類型的標志
BOOL issub;????????//一個開關項
/////////////////////////////////////////////////////////////////////////////
// CAboutDlg dialog used for App About
class CAboutDlg : public CDialog
{
public:
?CAboutDlg();
// Dialog Data
?//{{AFX_DATA(CAboutDlg)
?enum { IDD = IDD_ABOUTBOX };
?//}}AFX_DATA
?// ClassWizard generated virtual function overrides
?//{{AFX_VIRTUAL(CAboutDlg)
?protected:
?virtual void DoDataExchange(CDataExchange* pDX);??? // DDX/DDV support
?//}}AFX_VIRTUAL
// Implementation
protected:
?//{{AFX_MSG(CAboutDlg)
?//}}AFX_MSG
?DECLARE_MESSAGE_MAP()
};
CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD)
{
?//{{AFX_DATA_INIT(CAboutDlg)
?//}}AFX_DATA_INIT
}
void CAboutDlg::DoDataExchange(CDataExchange* pDX)
{
?CDialog::DoDataExchange(pDX);
?//{{AFX_DATA_MAP(CAboutDlg)
?//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CAboutDlg, CDialog)
?//{{AFX_MSG_MAP(CAboutDlg)
??// No message handlers
?//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CRead_EventDlg dialog
CRead_EventDlg::CRead_EventDlg(CWnd* pParent /*=NULL*/)
?: CDialog(CRead_EventDlg::IDD, pParent)
{
?//{{AFX_DATA_INIT(CRead_EventDlg)
?m_mm_host_state = _T("");
?//}}AFX_DATA_INIT
?// Note that LoadIcon does not require a subsequent DestroyIcon in Win32
?m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME);
}
void CRead_EventDlg::DoDataExchange(CDataExchange* pDX)
{
?CDialog::DoDataExchange(pDX);
?//{{AFX_DATA_MAP(CRead_EventDlg)
?DDX_Control(pDX, IDC_LIST, m_mm_host_ListCtrl);
?DDX_Text(pDX, IDC_STATE, m_mm_host_state);
?//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CRead_EventDlg, CDialog)
?//{{AFX_MSG_MAP(CRead_EventDlg)
?ON_WM_SYSCOMMAND()
?ON_WM_PAINT()
?ON_WM_QUERYDRAGICON()
?ON_BN_CLICKED(IDC_SECURE, OnSecure)
?ON_BN_CLICKED(IDC_SYSTEM, OnSystem)
?ON_BN_CLICKED(IDC_APPLICATION, OnApplication)
?ON_NOTIFY(NM_CLICK, IDC_LIST, OnClickList)
?ON_BN_CLICKED(IDC_DELETE, OnDelete)
?ON_BN_CLICKED(IDC_DETAIL, OnDetail)
?ON_BN_CLICKED(IDC_SAVE, OnSave)
?ON_BN_CLICKED(IDC_SAVEHARD, OnSave_Hard)
?//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CRead_EventDlg message handlers
BOOL CRead_EventDlg::OnInitDialog()
{
?CDialog::OnInitDialog();
?// Add "About..." menu item to system menu.
?// IDM_ABOUTBOX must be in the system command range.
?ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX);
?ASSERT(IDM_ABOUTBOX < 0xF000);
?CMenu* pSysMenu = GetSystemMenu(FALSE);
?if (pSysMenu != NULL)
?{
??CString strAboutMenu;
??strAboutMenu.LoadString(IDS_ABOUTBOX);
??if (!strAboutMenu.IsEmpty())
??{
???pSysMenu->AppendMenu(MF_SEPARATOR);
???pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu);
??}
?}
?// Set the icon for this dialog.? The framework does this automatically
?//? when the application's main window is not a dialog
?SetIcon(m_hIcon, TRUE);???// Set big icon
?SetIcon(m_hIcon, FALSE);??// Set small icon
?
?// TODO: Add extra initialization here
?
//////////////////////////我加的///////////////////////
?issub=false;
?//給各項事件數目初始化
?Set_EventNum();???????
?m_mm_host_ListCtrl.SetRedraw(FALSE);
??? //更新內容
??? m_mm_host_ListCtrl.SetRedraw(TRUE);
??? m_mm_host_ListCtrl.Invalidate();
??? m_mm_host_ListCtrl.UpdateWindow();
?//刪除所有的列
?m_mm_host_ListCtrl.DeleteAllItems();
?//給圖表初始化
?Init_ImageList();
?//設置m_mm_host_ListCtrl風格
?LONG lStyle;
??? lStyle = GetWindowLong(m_mm_host_ListCtrl.m_hWnd, GWL_STYLE);//獲取當前窗口style
??? lStyle &= ~LVS_TYPEMASK; //清除顯示方式位
??? lStyle |= LVS_REPORT; //設置style
??? SetWindowLong(m_mm_host_ListCtrl.m_hWnd, GWL_STYLE, lStyle);//設置style
?
??? DWORD dwStyle = m_mm_host_ListCtrl.GetExtendedStyle();
??? dwStyle |= LVS_EX_FULLROWSELECT;//選中某行使整行高亮(只適用與report風格的listctrl)
??? dwStyle |= LVS_EX_GRIDLINES;//網格線(只適用與report風格的listctrl)
??? dwStyle |= LVS_EX_CHECKBOXES;//item前生成checkbox控件
?dwStyle |=LVS_EX_HEADERDRAGDROP;
?dwStyle |=LVS_EX_SUBITEMIMAGES;
??? m_mm_host_ListCtrl.SetExtendedStyle(dwStyle); //設置擴展風格
?//插入列
?m_mm_host_ListCtrl.InsertColumn(0,"日志序號",LVCFMT_CENTER,60,0);
?m_mm_host_ListCtrl.InsertColumn(1,"分類",LVCFMT_CENTER,80,4);
?m_mm_host_ListCtrl.InsertColumn(2,"來源",LVCFMT_CENTER,80,1);
?m_mm_host_ListCtrl.InsertColumn(3,"日期",LVCFMT_CENTER,80,2);
?m_mm_host_ListCtrl.InsertColumn(4,"時間",LVCFMT_CENTER,80,3);
?m_mm_host_ListCtrl.InsertColumn(5,"ID",LVCFMT_CENTER,50,5);
?m_mm_host_ListCtrl.InsertColumn(6,"用戶",LVCFMT_CENTER,120,6);
?m_mm_host_ListCtrl.InsertColumn(7,"計算機",LVCFMT_CENTER,120,7);
?m_mm_host_ListCtrl.InsertColumn(8,"描述",LVCFMT_CENTER,250,7);
//////////////////////////我加的///////////////////////
?return TRUE;? // return TRUE? unless you set the focus to a control
}
void CRead_EventDlg::OnSysCommand(UINT nID, LPARAM lParam)
{
?if ((nID & 0xFFF0) == IDM_ABOUTBOX)
?{
??CAboutDlg dlgAbout;
??dlgAbout.DoModal();
?}
?else
?{
??CDialog::OnSysCommand(nID, lParam);
?}
}
// If you add a minimize button to your dialog, you will need the code below
//? to draw the icon.? For MFC applications using the document/view model,
//? this is automatically done for you by the framework.
void CRead_EventDlg::OnPaint()
{
?if (IsIconic())
?{
??CPaintDC dc(this); // device context for painting
??SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0);
??// Center icon in client rectangle
??int cxIcon = GetSystemMetrics(SM_CXICON);
??int cyIcon = GetSystemMetrics(SM_CYICON);
??CRect rect;
??GetClientRect(&rect);
??int x = (rect.Width() - cxIcon + 1) / 2;
??int y = (rect.Height() - cyIcon + 1) / 2;
??// Draw the icon
??dc.DrawIcon(x, y, m_hIcon);
?}
?else
?{
??CDialog::OnPaint();
?}
}
// The system calls this to obtain the cursor to display while the user drags
//? the minimized window.
HCURSOR CRead_EventDlg::OnQueryDragIcon()
{
?return (HCURSOR) m_hIcon;
}
///////////////////////////////////////////////////////////
void CRead_EventDlg::OnSecure()
{
?// TODO: Add your control notification handler code here
?UpdateData(TRUE);
?Set_EventNum();
?m_mm_host_state=_T("安全日志列表");
?Win_startel("Security");
?istype=1;
?UpdateData(FALSE);
}
////////////////////////////////////////////////////////////
void CRead_EventDlg::OnSystem()
{
?// TODO: Add your control notification handler code here
?UpdateData(TRUE);
?Set_EventNum();
?m_mm_host_state=_T("系統日志列表");
?Win_startel("System");
?istype=2;
?UpdateData(FALSE);
}
///////////////////////////////////////////////////////////
void CRead_EventDlg::OnApplication()
{
?// TODO: Add your control notification handler code here
?UpdateData(TRUE);
?Set_EventNum();
?m_mm_host_state=_T("應用日志列表");
?Win_startel("Application");
?istype=3;
?UpdateData(FALSE);
}
////////////////////////////////////////////////////////////
char* CRead_EventDlg::El_GetCategory(int category_id)
{
?//得到事件記錄的類型并且返回
?char *cat;
?if(!issub)
?{
??switch(category_id)
??{
???case EVENTLOG_AUDIT_SUCCESS:
????cat = "審核成功";
????event_auditsucceed_num++;
????hh=1;
????break;
???case EVENTLOG_INFORMATION_TYPE:
????cat = "信息";
????event_info_num++;
????hh=2;
????break;
???case EVENTLOG_ERROR_TYPE:
????cat = "錯誤";
????event_error_num++;
????hh=3;
????break;
???case EVENTLOG_WARNING_TYPE:
????cat = "警告";
????event_warn_num++;
????hh=4;
????break;
???case EVENTLOG_AUDIT_FAILURE:
????cat = "審核失敗";
????event_auditdefeat_num++;
????hh=5;
????break;
???default:
????cat = "Unknown";
????break;
??}
?}
?else
?{
??switch(category_id)
??{
???case EVENTLOG_AUDIT_SUCCESS:
????cat = "審核成功";
????hh=1;
????break;
???case EVENTLOG_INFORMATION_TYPE:
????cat = "信息";
????hh=2;
????break;
???case EVENTLOG_ERROR_TYPE:
????cat = "錯誤";
????hh=3;
????break;
???case EVENTLOG_WARNING_TYPE:
????cat = "警告";
????hh=4;
????break;
???case EVENTLOG_AUDIT_FAILURE:
????cat = "審核失敗";
????hh=5;
????break;
???default:
????cat = "Unknown";
????break;
??}
?}
???
??? return(cat);
}
////////////////////////////////////////////////////////////////
int CRead_EventDlg::El_getEventDLL(char *evt_name, char *event_sourcename1, char *event)
{
?HKEY key;
??? DWORD ret;
??? char keyname[256];
??? keyname[255] = '\0';
??? _snprintf(keyname, 254,
??????????? "System\\CurrentControlSet\\Services\\EventLog\\%s\\%s",
??????????? evt_name,
??????????? event_sourcename1);
??? // 打開注冊表Opening registry ????
??? if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, keyname, 0, KEY_ALL_ACCESS, &key)
??????????? != ERROR_SUCCESS)
??? {
??????? return(0);???
??? }
??? ret = MAX_PATH -1;?
??? if (RegQueryValueEx(key, "EventMessageFile", NULL,
??????????????? NULL, (LPBYTE)event, &ret) != ERROR_SUCCESS)
??? {
??????? event[0] = '\0';?
??????? return(0);
??? }
??? RegCloseKey(key);
??? return(1);
}
////////////////////////////////////////////////////////////////
char* CRead_EventDlg::El_GetMessage(EVENTLOGRECORD *er, char *event_name, char *event_sourcename2, LPTSTR *el_sstring)
{
?DWORD fm_flags = 0;
??? char tmp_str[257];
??? char event[MAX_PATH +1];
??? char *curr_str;
??? char *next_str;
??? LPSTR message = NULL;
??? HMODULE hevt;
??? // Initializing variables
??? event[MAX_PATH] = '\0';
??? tmp_str[256] = '\0';
??? //Flags for format event
??? fm_flags |= FORMAT_MESSAGE_FROM_HMODULE;
??? fm_flags |= FORMAT_MESSAGE_ALLOCATE_BUFFER;
??? fm_flags |= FORMAT_MESSAGE_ARGUMENT_ARRAY;
??? //Get the file name from the registry (stored on event)
??? if(!El_getEventDLL(event_name, event_sourcename2, event))
??? {
??????? return(NULL);????
??? }????
??? curr_str = event;
??? // If our event has multiple libraries, try each one of them?
??? while((next_str = strchr(curr_str, ';')))
??? {
??????? *next_str = '\0';
??????? next_str++;
??????? ExpandEnvironmentStrings(curr_str, tmp_str, 255);
??????? hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
??????? if(hevt)
??????? {
??????????? if(!FormatMessage(fm_flags, hevt, er->EventID,
??????????????????????? 0,
??????????????????????? (LPTSTR) &message, 0, el_sstring))
??????????? {
??????????????? message = NULL;???
??????????? }
??????????? FreeLibrary(hevt);
??????????? /* If we have a message, we can return it */
??????????? if(message)
??????????????? return(message);
??????? }
??????? curr_str = next_str;??
??? }
??? ExpandEnvironmentStrings(curr_str, tmp_str, 255);
??? hevt = LoadLibraryEx(tmp_str, NULL, DONT_RESOLVE_DLL_REFERENCES);
??? if(hevt)
??? {
??????? int hr;???
??????? if(!(hr = FormatMessage(fm_flags, hevt, er->EventID,
??????????????????????? 0,
??????????????????????? (LPTSTR) &message, 0, el_sstring)))
??????? {
??????????? message = NULL;???
??????? }
??????? FreeLibrary(hevt);
??????? /* If we have a message, we can return it */
??????? if(message)
??????????? return(message);
??? }
??? return(NULL);
}
/////////////////////////////////////////////////////////////////
BOOL CRead_EventDlg::Init_ImageList()
{
?//給圖表初始化設置
??HIMAGELIST hList = ImageList_Create(32,32, ILC_COLOR8 |ILC_MASK , 6, 1);
??m_cImageListNormal.Attach(hList);
?
??hList = ImageList_Create(16, 16, ILC_COLOR8 | ILC_MASK, 6, 1);
??m_cImageListSmall.Attach(hList);
??// Load the large icons
??CBitmap cBmp;
?
??cBmp.LoadBitmap(IDB_BITMAP1);
??m_cImageListNormal.Add(&cBmp, RGB(255,0, 255));
??cBmp.DeleteObject();
?
??// Load the small icons
??cBmp.LoadBitmap(IDB_BITMAP2);
??m_cImageListSmall.Add(&cBmp, RGB(255,0, 255));
?
??// Attach them
??m_mm_host_ListCtrl.SetImageList(&m_cImageListNormal, LVSIL_NORMAL);
??m_mm_host_ListCtrl.SetImageList(&m_cImageListSmall, LVSIL_SMALL);
?
??return TRUE;
}
///////////////////////////////////////////////////////////////
void CRead_EventDlg::Insert_Record()
{
?//在列表中插入列表項
?CString str;?
?LVITEM lvi;
?lvi.mask =? LVIF_TEXT;
?lvi.iItem = event_record;
?str.Format(_T("%d"),event_record+1);
?lvi.iSubItem = 0;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.InsertItem(&lvi);
?str.Format(_T("%s"), event_category);
?lvi.iSubItem = 1;
?lvi.mask =? LVIF_IMAGE | LVIF_TEXT;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?//選擇位圖??
?switch(hh)
?{
?case 0:
??lvi.iImage = 0;?
??break;
?case 1:
??lvi.iImage = 1;
??break;
?case 2:
??lvi.iImage = 2;
??break;
?case 3:
??lvi.iImage = 3;
??break;
?case 4:
??lvi.iImage = 4;
??break;
?default:
??lvi.iImage = 5;
??break;
?}
?
?m_mm_host_ListCtrl.SetItem(&lvi);
?//輸出來源??
?str.Format(_T("%s"),event_sourcename);
?lvi.iSubItem = 2;
?lvi.mask = LVIF_TEXT;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.SetItem(&lvi);
?//輸出日期??
?tm? *event_time = localtime((const? long? *)&el->er->TimeWritten);
?str.Format(_T("%4hd-%2hd-%2hd"),event_time->tm_year + 1900,event_time->tm_mon + 1,event_time->tm_mday);
?lvi.iSubItem = 3;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.SetItem(&lvi);
?//輸出時間??
?str.Format(_T("%.2hd:%.2hd:%.2hd"),event_time->tm_hour,event_time->tm_min,event_time->tm_sec);
?lvi.iSubItem = 4;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.SetItem(&lvi);
?//輸出ID
?str.Format(_T("%d"),(WORD)el->er->EventID);
?lvi.iSubItem = 5;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.SetItem(&lvi);
?//輸出用戶??
?str.Format(_T("%s/%s"),event_el_domain,event_el_user);
?lvi.iSubItem = 6;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.SetItem(&lvi);
?//輸出計算機??
?str.Format(_T("%s"),event_computername);
?lvi.iSubItem = 7;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.SetItem(&lvi);
?//輸出描述
?str.Format(_T("%s"),event_descriptive_msg);
?lvi.iSubItem = 8;
?lvi.pszText = (LPTSTR)(LPCTSTR)(str);
?m_mm_host_ListCtrl.SetItem(&lvi);
}
///////////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnClickList(NMHDR* pNMHDR, LRESULT* pResult)
{
?//當鼠標在類別中點擊時,返回被點中的記錄號
?// TODO: Add your control notification handler code here
?nItem = -1;
?LPNMITEMACTIVATE lpNMItemActivate = (LPNMITEMACTIVATE)pNMHDR;
?if(lpNMItemActivate != NULL)
?{
??nItem = lpNMItemActivate->iItem+1;
?}
?
?*pResult = 0;
}
//////////////////////////////////////////////////////////////
void CRead_EventDlg::OnDelete()
{
?//刪除被選中的記錄
?// TODO: Add your control notification handler code here
?//判斷是否選擇了日志類型,如果沒有退出
?if ((istype!=1)&&(istype!=2)&&(istype!=3))
?{
??MessageBox("請選擇日志類型!","警告!",MB_OK|MB_ICONEXCLAMATION);
??return ;
?}
?//判斷是否選中了記錄�����,如果沒有退出
?if (nItem==0)
?{
??MessageBox("請選擇日志記錄!","警告!",MB_OK|MB_ICONEXCLAMATION);
??return ;
?}
?int i,iState;
?int nItemSelected=m_mm_host_ListCtrl.GetSelectedCount();//得到所選表項數
?int nItemCount=m_mm_host_ListCtrl.GetItemCount();//得到表項總數
?
?//如果沒有選中�,退出
?if(nItemSelected<1)
?{
??MessageBox("請選擇日志記錄!","警告!",MB_OK|MB_ICONEXCLAMATION);?
??return; ?
?}
?//對選中的記錄進行刪除
?for(i=nItemCount-1;i>=0;i--)
?{
??iState=m_mm_host_ListCtrl.GetItemState(i,LVIS_SELECTED);
??if(iState!=0)
??{
???m_mm_host_ListCtrl.DeleteItem(i);
???nItem=0;
??}??
?}
?
?if (((istype!=1)&&(istype!=2)&&(istype!=3)))
?{
??MessageBox("請選擇日志類型!","警告!",MB_OK|MB_ICONEXCLAMATION);
??return ;
?}
}
//////////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnDetail()
{
?//按鈕響應函數
?//判斷是否選中類型,沒有就退出
?if ((istype!=1)&&(istype!=2)&&(istype!=3))
?{
??MessageBox("請選擇日志類型!","警告!",MB_OK|MB_ICONEXCLAMATION);
??return ;
?}
?//判斷選中記錄,沒有就退出
?if (nItem==0)
?{
??MessageBox("請選擇日志記錄!","警告!",MB_OK|MB_ICONEXCLAMATION);
??return ;
?}
?//如果選中類型就調用DescriptionDiaLog對話框
?if ((istype==1)||(istype==2)||(istype==3))
?{
??DescriptionDiaLog DescriptionDlg;
??DescriptionDlg.DoModal();
?}
?
?else
?{
??MessageBox("請選擇日志類型!","警告!",MB_OK|MB_ICONINFORMATION);
??return ;
?}
?// TODO: Add your control notification handler code here
}
/////////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnSave()
{
?// TODO: Add your control notification handler code here
?//對日志進行列表保存
?//判斷列表是否有記錄
?switch(istype)
?{
?case 1:
??break;
?case 2:
??break;
?case 3:
??break;
?default:
??MessageBox("請選擇日志類型","警告!",MB_OK|MB_ICONEXCLAMATION);
??return;
? ?}
?//得到列表中記錄的總數
?event_record=m_mm_host_ListCtrl.GetItemCount();
?//對日志進行保存
?//保存單個記錄
?CString sFileName;
?sFileName.Format("");
?CFileDialog dlg(FALSE, "txt", sFileName,
?????OFN_OVERWRITEPROMPT|OFN_HIDEREADONLY,
?????"文本文件(*.txt)|*.txt|文本文件(*.doc)|*.doc||", this);?
?if (nItem!=0)
?{
??if(IDCANCEL == (MessageBox("您確定要保存一個日志記錄����?","提示!",MB_OKCANCEL|MB_ICONQUESTION)))
??{
???nItem=0;
???return;
??}
??if (dlg.DoModal() == IDOK)
??{
???dlg.m_ofn.lpstrTitle = _T("保存日志記錄");
???CString fileName = dlg.GetPathName();
???fp = fopen(fileName,"w");
???Save_Single_Record(nItem);
??}
??nItem=0;
??return ;
?}
?///////////////////////////////////
?//保存整個列表記錄
?if(IDCANCEL==(MessageBox("您確定要保存日志文件����?","提示!",MB_OKCANCEL|MB_ICONQUESTION)))
?{
??nItem=0;
??return;
?}
?if (dlg.DoModal() == IDOK)
?{
??dlg.m_ofn.lpstrTitle = _T("保存日志文件");
??CString fileName = dlg.GetPathName();
??fp = fopen(fileName,"w");
??switch(istype)
??{
??case 1:
???Save_Security();
???break;
??case 2:
???Save_System();
???break;
??case 3:
???Save_Application();
???break;
??default:
???MessageBox("請選擇日志類型","警告!",MB_OK|MB_ICONEXCLAMATION);
???return;
? ??}
?}
}
//////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Read_event(os_el *el, int printit)
{
?//讀取日志
?DWORD nstr;
??? DWORD user_size;
??? DWORD domain_size;
??? DWORD read, needed;
??? int size_left;
??? int str_size;
??? char *mbuffer[BUFFER_SIZE];
??? LPSTR sstr = NULL;
?//int i=0;
?char *tmp_str = NULL;
?char el_string[1025];
??? LPSTR el_sstring[57];
??? //Er must point to the mbuffer
??? el->er = (EVENTLOGRECORD *) &mbuffer;
??? /* Zeroing the last values */
??? el_string[1024] = '\0';
??? event_el_user[256] = '\0';
??? event_el_domain[256] = '\0';
??? host_final_out_msg[1023] = '\0';
??? el_sstring[56] = NULL;
?//判斷是否有記錄
?if( my_host_IsListCtrl == true)
?{
??my_host_IsListCtrl = false;
??m_mm_host_ListCtrl.DeleteAllItems();
?}
??? //讀日志記錄???
??? while(ReadEventLog(el->h,
??????????????? EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
??????????????? 0,
??????????????? el->er, BUFFER_SIZE -1, &read, &needed))
??? {
??????? while(read > 0)
??????? {
???//得到事件的類型
??????????? event_category = El_GetCategory(el->er->EventType);
???//得到事件來源
??????????? event_sourcename = (LPSTR) ((LPBYTE) el->er + sizeof(EVENTLOGRECORD));
???//得到計算機名
??????????? event_computername = event_sourcename + strlen(event_sourcename) + 1;
???//給描述信息初始化
??????????? event_descriptive_msg = NULL;
??????????? // 初始化domain/user尺寸
??????????? user_size = 255; domain_size = 255;
??????????? event_el_domain[0] = '\0';
??????????? event_el_user[0] = '\0';
???
??????????? // 設置事件的一些描述
??????????? if(el->er->NumStrings)
??????????? {?
??????????????? size_left = 1020;?
??????????????? sstr = (LPSTR)((LPBYTE)el->er + el->er->StringOffset);
??????????????? el_string[0] = '\0';
??????????????? for (nstr = 0;nstr < el->er->NumStrings;nstr++)
??????????????? {
??????????????????? str_size = strlen(sstr);?
??????????????????? strncat(el_string, sstr, size_left);
??????????????????? tmp_str= strchr(el_string, '\0');
??????????????????? if(tmp_str)
??????????????????? {
??????????????????????? *tmp_str = ' ';??
??????????????????????? tmp_str++; *tmp_str = '\0';
??????????????????? }
??????????????????? size_left-=str_size + 1;
??????????????????? if(nstr <= 54)
??????????????????????? el_sstring[nstr] = (LPSTR)sstr;
??????????????????? sstr = strchr( (LPSTR)sstr, '\0');
??????????????????? sstr++;
?????
??????????????? }
??????????????? // 得到事件描述
??????????????? event_descriptive_msg = El_GetMessage(el->er, el->event_name, event_sourcename, el_sstring);
??????????????? if(event_descriptive_msg != NULL)
??????????????? {
?????????????????
??????????????????? tmp_str = event_descriptive_msg;???
??????????????????? while((tmp_str = strchr(tmp_str, '\n')))
??????????????????? {
??????????????????????? *tmp_str = ' ';
??????????????????????? tmp_str++;?????????
??????????????????? }???
??????????????????? tmp_str = event_descriptive_msg;???
??????????????????? while((tmp_str = strchr(tmp_str, '\r')))
??????????????????? {
??????????????????????? *tmp_str = ' ';
??????????????????????? tmp_str++;
??????//strchr(tmp_str, '\n');
??????????????????? }???
??????????????? }
??????????? }
??????????? else
??????????? {
??????????????? strncpy(el_string, "(no message)", 1020);?
??????????? }
??????????? // 得到username
??????????? if (el->er->UserSidLength)
??????????? {
??????????????? SID_NAME_USE account_type;
??????????????? if(!LookupAccountSid(NULL, (SID *)((LPSTR)el->er + el->er->UserSidOffset),
??????????????????????????? event_el_user, &user_size, event_el_domain, &domain_size, &account_type))??
??????????????? {
??????????????????? strncpy(event_el_user, "(no user)", 255);
??????????????????? strncpy(event_el_domain, "no domain", 255);
??????????????? }
??????????? }
??????????? else
??????????? {
??????????????? strncpy(event_el_user, "A", 255);?
??????????????? strncpy(event_el_domain, "N", 255);?
??????????? }
???
???/////////////////////////////////////
???//插入列表
???Insert_Record();
???////////////////////////////////////
???
??????????? if(event_descriptive_msg != NULL)
??????????????? LocalFree(event_descriptive_msg);
??????????? // Changing the point to the er
???//i++;
???event_record++;
??????????? read -= el->er->Length;
??????????? el->er = (EVENTLOGRECORD *)((LPBYTE) el->er + el->er->Length);
???
??????? }?
??my_host_IsListCtrl = true;
??
??CString strlove;
??//輸出事件個數
??strlove.Format("%d",event_record);
??GetDlgItem(IDC_EVENTNUM)->SetWindowText(strlove);
??//輸出事件錯誤個數
??strlove.Format("%d",event_error_num);
??GetDlgItem(IDC_ERRORNUM)->SetWindowText(strlove);
??//輸出事件信息個數
??strlove.Format("%d",event_info_num);
??GetDlgItem(IDC_INFONUM)->SetWindowText(strlove);
??//輸出事件警告個數
??strlove.Format("%d",event_warn_num);
??GetDlgItem(IDC_WARNNUM)->SetWindowText(strlove);
??//輸出事件審核成功個數??
??strlove.Format("%d",event_auditsucceed_num);
??GetDlgItem(IDC_AUDITSUCCEEDNUM)->SetWindowText(strlove);
??//輸出事件審核失敗個數??
??strlove.Format("%d",event_auditdefeat_num);
??GetDlgItem(IDC_AUDITDEFEATNUM)->SetWindowText(strlove);
??????? // Setting er to the beginning of the buffer?
??????? el->er = (EVENTLOGRECORD *)&mbuffer;??
??? }
?event_record=0;
}
///////////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Set_EventNum()
{?
?//給記錄數字初始化
?event_record=0;
?event_auditsucceed_num=0;
?event_info_num=0;
?event_error_num=0;
?event_warn_num=0;
?event_auditdefeat_num=0;
}
///////////////////////////////////////////////////////////////////
int CRead_EventDlg::Start_EL(char *app, os_el *el)
{
?el->h = OpenEventLog(NULL, app);
??? if(!el->h)
??? {
??????? return(0);????
??? }
??? el->event_name = app;
??? GetOldestEventLogRecord(el->h, &el->record);
??? return(1);
}
////////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Win_startel(char *eventlog)
{
?Start_EL(eventlog,el);
??? Read_event(el,1);
}
////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_event(os_el *el, int printit)
{
?event_record=0;
?DWORD nstr;
??? DWORD user_size;
??? DWORD domain_size;
??? DWORD read, needed;
??? int size_left;
??? int str_size;
??? char *mbuffer[BUFFER_SIZE];
??? LPSTR sstr = NULL;
?//int i=0;
?char *tmp_str = NULL;
?
??? char el_string[1025];
??? char final_out_msg[1024];??//最后輸出的信息
??? LPSTR el_sstring[57];
??? /* Er must point to the mbuffer */
??? el->er = (EVENTLOGRECORD *) &mbuffer;
??? // Zeroing the last values
??? el_string[1024] = '\0';
??? event_el_user[256] = '\0';
??? event_el_domain[256] = '\0';
??? final_out_msg[1023] = '\0';
??? el_sstring[56] = NULL;
??? // Reading the event log ????
??? while(ReadEventLog(el->h,
??????????????? EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
??????????????? 0,
??????????????? el->er, BUFFER_SIZE -1, &read, &needed))
??? {
??????? while(read > 0)
??????? {
???//得到事件的類型
??????????? event_category = El_GetCategory(el->er->EventType);
???//得到事件來源
??????????? event_sourcename = (LPSTR) ((LPBYTE) el->er + sizeof(EVENTLOGRECORD));
???//得到計算機名
??????????? event_computername = event_sourcename + strlen(event_sourcename) + 1;
???//給描述信息初始化
??????????? event_descriptive_msg = NULL;
??????????? //初始化domain/user尺寸
??????????? user_size = 255; domain_size = 255;
??????????? event_el_domain[0] = '\0';
??????????? event_el_user[0] = '\0';
??????????? // 設置事件的一些描述
??????????? if(el->er->NumStrings)
??????????? {?
??????????????? size_left = 1020;?
??????????????? sstr = (LPSTR)((LPBYTE)el->er + el->er->StringOffset);
??????????????? el_string[0] = '\0';
??????????????? for (nstr = 0;nstr < el->er->NumStrings;nstr++)
??????????????? {
??????????????????? str_size = strlen(sstr);?
??????????????????? strncat(el_string, sstr, size_left);
??????????????????? tmp_str= strchr(el_string, '\0');
??????????????????? if(tmp_str)
??????????????????? {
??????????????????????? *tmp_str = ' ';??
??????????????????????? tmp_str++; *tmp_str = '\0';
??????????????????? }
??????????????????? size_left-=str_size + 1;
??????????????????? if(nstr <= 54)
??????????????????????? el_sstring[nstr] = (LPSTR)sstr;
??????????????????? sstr = strchr( (LPSTR)sstr, '\0');
??????????????????? sstr++;
?????
??????????????? }
??????????????? //Get a more descriptive message (if available)
??????????????? event_descriptive_msg = El_GetMessage(el->er, el->event_name, event_sourcename, el_sstring);
??????????????? if(event_descriptive_msg != NULL)
??????????????? {
??????????????????? // Remove any \n or \r
??????????????????? tmp_str = event_descriptive_msg;???
??????????????????? while((tmp_str = strchr(tmp_str, '\n')))
??????????????????? {
??????????????????????? *tmp_str = ' ';
??????????????????????? tmp_str++;
???????????
??????????????????? }???
??????????????????? tmp_str = event_descriptive_msg;???
??????????????????? while((tmp_str = strchr(tmp_str, '\r')))
??????????????????? {
??????????????????????? *tmp_str = ' ';
??????????????????????? tmp_str++;
??????//strchr(tmp_str, '\n');
??????????????????? }???
??????????????? }
??????????? }
??????????? else
??????????? {
??????????????? strncpy(el_string, "(no message)", 1020);?
??????????? }
??????????? // 得到username
??????????? if (el->er->UserSidLength)
??????????? {
??????????????? SID_NAME_USE account_type;
??????????????? if(!LookupAccountSid(NULL, (SID *)((LPSTR)el->er + el->er->UserSidOffset),
??????????????????????????? event_el_user, &user_size, event_el_domain, &domain_size, &account_type))??
??????????????? {
??????????????????? strncpy(event_el_user, "(no user)", 255);
??????????????????? strncpy(event_el_domain, "no domain", 255);
??????????????? }
??????????? }
??????????? else
??????????? {
??????????????? strncpy(event_el_user, "A", 255);?
??????????????? strncpy(event_el_domain, "N", 255);?
??????????? }
??????????? if(printit)
??????????? {
??????????????? tm?? *event_time?? =?? localtime((const?? long?? *)&el->er->TimeWritten);
??????????????? _snprintf(final_out_msg, 1022,
??????????????????????? "事件記錄序號:%d\n事件:%s\n日期:%.4hd-%2hd-%2hd\n時間:%.2hd:%.2hd:%.2hd\n事件類型:%s\n事件來源:%s\n事件ID:(%u)\n用戶:%s/%s\n計算機:%s\n描述:\n%s\n\n\n",
??????event_record,
??????el->event_name,
??????event_time->tm_year + 1900,
??????event_time->tm_mon + 1,
??????event_time->tm_mday,
??????event_time->tm_hour,
??????event_time->tm_min,
??????event_time->tm_sec,?
??????
??????????????????????? event_category,
??????event_sourcename,
???????????????????????
??????????????????????? (WORD)el->er->EventID,
??????????????????????? event_el_domain,
??????????????????????? event_el_user,
???????????????????????
??????event_computername,
??????????????????????? event_descriptive_msg != NULL?event_descriptive_msg:el_string);?
??????????????
??????? ?fprintf(fp, "%s\n", final_out_msg);?
??????????? }
??????????? if(event_descriptive_msg != NULL)
??????????????? LocalFree(event_descriptive_msg);
??????????? // Changing the point to the er
??????????? read -= el->er->Length;
??????????? el->er = (EVENTLOGRECORD *)((LPBYTE) el->er + el->er->Length);
???event_record++;
??????? }??
??????? // Setting er to the beginning of the buffer ?
??????? el->er = (EVENTLOGRECORD *)&mbuffer;
??
??? }
}
//////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Application()
{
?//從列表中保存應用日志
?if(!fp)
?{
??MessageBox("怎么沒打開呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
??exit(1);
?}
?else
?{
??MessageBox("應用日志文件打開了�!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?fprintf(fp, "\n\n***********應用日志列表***********\n\n\n");
?Save_List(1,event_record);
?fclose(fp);
?if(fclose(fp))
?{
??MessageBox("應用日志文件關閉了!","信息!",MB_OK|MB_ICONINFORMATION);?
?}
?else
?{
??MessageBox("還開著呢了���,,抓緊關它吧!","錯誤!",MB_OK|MB_ICONSTOP);??
?}
}
//////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Security()
{
?//從列表中保存安全日志
?if(!fp)
?{
??MessageBox("怎么沒打開呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
??exit(1);
?}
?else
?{
??
??MessageBox("安全日志文件打開了!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?fprintf(fp, "\n\n***********安全日志列表***********\n\n\n");?
?Save_List(1,event_record);
?fclose(fp);
?if(fclose(fp))
?{
??MessageBox("安全日志文件關閉了!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?else
?{
??MessageBox("還開著呢了���,����,抓緊關它吧!","錯誤!",MB_OK|MB_ICONSTOP);
?}
}
////////////////////////////////////////////////////
void CRead_EventDlg::Save_System()
{
?//從列表中保存系統日志
?if(!fp)
?{
??MessageBox("怎么沒打開呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
??exit(1);
?}
?else
?{
??MessageBox("系統日志文件打開了!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?fprintf(fp, "\n\n***********系統日志列表***********\n\n\n");?
?Save_List(1,event_record);
?fclose(fp);
?if(fclose(fp))
?{
??MessageBox("系統日志文件關閉了!","信息!",MB_OK|MB_ICONINFORMATION);??
?}
?else
?{
??MessageBox("還開著呢了,�,抓緊關它吧!","錯誤!",MB_OK|MB_ICONSTOP);
?}
}
/////////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Single_Record(int single_record)
{
?//從列表中保存單個記錄
?if(!fp)
?{
??MessageBox("怎么沒打開呢!","警告!",MB_OK|MB_ICONEXCLAMATION);??
??exit(1);
?}
?else
?{
??MessageBox("一個記錄正要保存了!","信息!",MB_OK|MB_ICONINFORMATION);??
?}
?fprintf(fp, "\n\n***********第%d記錄***********\n\n\n",nItem);
?
?Save_List(single_record,single_record);
?fclose(fp);
?if(fclose(fp))
?{
??MessageBox("日志記錄關閉了!","信息!",MB_OK|MB_ICONINFORMATION);?
?}
?else
?{
??MessageBox("還有一個記錄開著呢!","錯誤!",MB_OK|MB_ICONSTOP);??
?}
}
/////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_List(int record_initialize, int record_num)
{
?//保存列表記錄
?CString save_event_record;
?CString save_event_category;
?CString save_event_sourcename;
?CString save_event_date;
?CString save_event_time;
?CString save_event_id;
?CString save_event_user;
?CString save_event_computername;
?CString save_event_descriptive_msg;
?CString save_event_name;
?
?switch(istype)
?{
?case 1:
??save_event_name="Security";
??break;
?case 2:
??save_event_name="System";
??break;
?case 3:
??save_event_name="Application";
??break;
?default:
??return;
? ?}
?for(int i=record_initialize-1;i<record_num;i++)
?{
??save_event_record=m_mm_host_ListCtrl.GetItemText(i,0);
??save_event_category=m_mm_host_ListCtrl.GetItemText(i,1);
??save_event_sourcename=m_mm_host_ListCtrl.GetItemText(i,2);
??save_event_date=m_mm_host_ListCtrl.GetItemText(i,3);
??save_event_time=m_mm_host_ListCtrl.GetItemText(i,4);
??save_event_id=m_mm_host_ListCtrl.GetItemText(i,5);
??save_event_user=m_mm_host_ListCtrl.GetItemText(i,6);
??save_event_computername=m_mm_host_ListCtrl.GetItemText(i,7);
??save_event_descriptive_msg=m_mm_host_ListCtrl.GetItemText(i,8);
??fprintf(fp, "事件記錄序號:%s\n事件:%s\n日期:%s\n時間:%s\n類型:%s\n事件來源:%s\n事件ID:%s\n用戶:%s\n計算機:%s\n描述:\n%s\n\n\n\n",
????save_event_record,
????save_event_name,
????save_event_date,
????save_event_time,
????save_event_category,
????save_event_sourcename,
????save_event_id,
????save_event_user,
????save_event_computername,
????save_event_descriptive_msg);
?}
}
////////////////////////////////////////////////////
void CRead_EventDlg::Save_Hard_Application()
{
?//從系統中保存應用日志
?if(!fp)
?{
??MessageBox("怎么沒打開呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
??exit(1);
?}
?else
?{
??MessageBox("應用日志文件打開了�!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?fprintf(fp, "\n\n***********應用日志列表***********\n\n\n");
?
?Start_EL("application",el);
?Save_event(el, 1);
?
?fclose(fp);
?if(fclose(fp))
?{
??MessageBox("應用日志文件關閉了���!","信息!",MB_OK|MB_ICONINFORMATION);?
?}
?else
?{
??MessageBox("還開著呢了�,,抓緊關它吧!","錯誤!",MB_OK|MB_ICONSTOP);??
?}
}
////////////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Hard_Security()
{
?//從系統中保存安全記錄
?if(!fp)
?{
??MessageBox("怎么沒打開呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
??exit(1);
?}
?else
?{
??
??MessageBox("安全日志文件打開了!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?fprintf(fp, "\n\n***********安全日志列表***********\n\n\n");?
?Start_EL("Security",el);
?Save_event(el, 1);
?fclose(fp);
?if(fclose(fp))
?{
??MessageBox("安全日志文件關閉了!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?else
?{
??MessageBox("還開著呢了�,���,抓緊關它吧!","錯誤!",MB_OK|MB_ICONSTOP);
?}
}
//////////////////////////////////////////////////////////////
void CRead_EventDlg::Save_Hard_System()
{
?//從系統中保存系統日志
?if(!fp)
?{
??MessageBox("怎么沒打開呢!","警告!",MB_OK|MB_ICONEXCLAMATION);
??exit(1);
?}
?else
?{
??MessageBox("系統日志文件打開了!","信息!",MB_OK|MB_ICONINFORMATION);
?}
?fprintf(fp, "\n\n***********系統日志列表***********\n\n\n");?
?Start_EL("System",el);
?Save_event(el, 1);
?fclose(fp);
?if(fclose(fp))
?{
??MessageBox("系統日志文件關閉了!","信息!",MB_OK|MB_ICONINFORMATION);??
?}
?else
?{
??MessageBox("還開著呢了��,,抓緊關它吧!","錯誤!",MB_OK|MB_ICONSTOP);
?}
}
/////////////////////////////////////////////////////////////////
void CRead_EventDlg::OnSave_Hard()
{
?//從系統中保存記錄的響應函數
?// TODO: Add your control notification handler code here
?switch(istype)
?{
?case 1:
??break;
?case 2:
??break;
?case 3:
??break;
?default:
??MessageBox("請選擇日志類型","警告!",MB_OK|MB_ICONEXCLAMATION);
??return;
? ?}
?CString sFileName;
?sFileName.Format("");
?CFileDialog dlg(FALSE, "txt", sFileName,
?????OFN_OVERWRITEPROMPT|OFN_HIDEREADONLY,
?????"文本文件(*.txt)|*.txt|文本文件(*.doc)|*.doc||", this);?
?/////////////////////////////////////////
?//從系統中保存整個日志
?if(IDCANCEL==(MessageBox("您確定要從系統中保存日志文件�����?","提示!",MB_OKCANCEL|MB_ICONQUESTION)))
?{
??nItem=0;
??return;
?}
?if (dlg.DoModal() == IDOK)
?{
??dlg.m_ofn.lpstrTitle = _T("從系統中保存日志文件");
??CString fileName = dlg.GetPathName();
??fp = fopen(fileName,"w");
??switch(istype)
??{
??case 1:
???Save_Hard_Security();
???break;
??case 2:
???Save_Hard_System();
???break;
??case 3:
???Save_Hard_Application();
???break;
??default:
???MessageBox("請選擇日志類型","警告!",MB_OK|MB_ICONEXCLAMATION);
???return;
? ??}
?}
?nItem=0;
?
}
/////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////////////////////
// DescriptionDiaLog.cpp : implementation file
//
#include "stdafx.h"
#include "Read_Event.h"
#include "DescriptionDiaLog.h"
#include "Read_EventDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
extern int istype;
extern int nItem;
extern int event_record;
extern CString m_mm_host_state;
extern os_el el[1];
extern BOOL issub;
BOOL isShow=FALSE;
/////////////////////////////////////////////////////////////////////////////
// DescriptionDiaLog dialog
DescriptionDiaLog::DescriptionDiaLog(CWnd* pParent /*=NULL*/)
?: CDialog(DescriptionDiaLog::IDD, pParent)
{
?//{{AFX_DATA_INIT(DescriptionDiaLog)
?m_sub_event_computername = _T("");
?//}}AFX_DATA_INIT
}
void DescriptionDiaLog::DoDataExchange(CDataExchange* pDX)
{
?CDialog::DoDataExchange(pDX);
?//{{AFX_DATA_MAP(DescriptionDiaLog)
?DDX_Text(pDX, IDC_SBUEVENTCOMPUTERNAME, m_sub_event_computername);
?//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(DescriptionDiaLog, CDialog)
?//{{AFX_MSG_MAP(DescriptionDiaLog)
?ON_BN_CLICKED(IDC_SHOW, OnShow)
?ON_BN_CLICKED(IDC_PRESHOW, OnPreshow)
?ON_BN_CLICKED(IDC_NEXTSHOW, OnNextshow)
?//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// DescriptionDiaLog message handlers
BOOL DescriptionDiaLog::OnInitDialog()
{
?CDialog::OnInitDialog();
?
?// TODO: Add extra initialization here
?issub=true;
?return TRUE;? // return TRUE unless you set the focus to a control
?????????????? // EXCEPTION: OCX Property Pages should return FALSE
}
//////////////////////////////////////////////////////////
void DescriptionDiaLog::Sub_Prepare()
{
?char *m_sub_cTemp;
?switch(istype)
?{
?case 1:
??m_sub_cTemp ="Security";
??break;
?case 2:
??m_sub_cTemp ="System";
??break;
?default:
??m_sub_cTemp ="application";
?}
?Sub_Show(nItem);
}
///////////////////////////////////////////////////////
void DescriptionDiaLog::OnShow()
{
?//顯示記錄內容
?// TODO: Add your control notification handler code here
?//判斷是否有記錄被選中
?if (nItem==0)
?{
??MessageBox("錯了!","錯誤!",MB_OK|MB_ICONSTOP);
??CDialog::OnOK();
?}
?//如果是選中的是列表中第一條記錄,向前觀察按鈕失效
?if(nItem==1)
?{
??GetDlgItem(IDC_PRESHOW)->EnableWindow(FALSE);
??GetDlgItem(IDC_NEXTSHOW)->EnableWindow(TRUE);
?}
?//如果是選中的是列表中最后一條記錄����,向后觀察按鈕失效
?if(nItem==event_record)
?{
??GetDlgItem(IDC_PRESHOW)->EnableWindow(TRUE);
??GetDlgItem(IDC_NEXTSHOW)->EnableWindow(FALSE);
?}
?Sub_Prepare();
?isShow=TRUE;
}
///////////////////////////////////////////////////////////
void DescriptionDiaLog::OnPreshow()
{?
?//向前觀察按鈕響應函數
?// TODO: Add your control notification handler code here
?if (!isShow)
?{
??MessageBox("請回去選擇記錄!","警告!",MB_OK|MB_ICONEXCLAMATION);
??CDialog::OnOK();
?}
?nItem--;
?//如果是選中的是列表中第一條記錄���,向前觀察按鈕失效
?if(nItem==1)
?{
??GetDlgItem(IDC_PRESHOW)->EnableWindow(FALSE);
?}
?GetDlgItem(IDC_NEXTSHOW)->EnableWindow(TRUE);
?Sub_Prepare();
}
//////////////////////////////////////////////////////////////////
void DescriptionDiaLog::OnNextshow()
{?
?//向后觀察按鈕
?// TODO: Add your control notification handler code here
?nItem++;
?//如果是選中的是列表中最后一條記錄���,向后觀察按鈕失效
?if(nItem==event_record)
?{
??GetDlgItem(IDC_NEXTSHOW)->EnableWindow(FALSE);
?}
?GetDlgItem(IDC_PRESHOW)->EnableWindow(TRUE);
?Sub_Prepare();
}
//////////////////////////////////////////////////////////////
void DescriptionDiaLog::OnOK()
{
?// TODO: Add extra validation here
?nItem=0;
?CDialog::OnOK();
}
void DescriptionDiaLog::OnCancel()
{
?// TODO: Add extra cleanup here
?nItem=0;
?CDialog::OnCancel();
}
////////////////////////////////////////////////////////////////
void DescriptionDiaLog::Sub_Show(int sub_nItem)
{
?//顯示詳細記錄按鈕的響應函數
?CRead_EventDlg* dlg = (CRead_EventDlg *)AfxGetMainWnd();
?CString sub_event;
?//事件序列
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,0);
?GetDlgItem(IDC_SBUEVENTRECORD)->SetWindowText(sub_event);
?//事件類型
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,1);
?GetDlgItem(IDC_SBUEVENTCATEGORY)->SetWindowText(sub_event);
?//事件來源
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,2);
?GetDlgItem(IDC_SUBEVENTSOURCENAME)->SetWindowText(sub_event);
?//事件日期
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,3);
?GetDlgItem(IDC_SUBEVENTDATA)->SetWindowText(sub_event);
?//事件時間
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,4);
?GetDlgItem(IDC_SBUEVENTTIME)->SetWindowText(sub_event);
?//事件ID
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,5);
?GetDlgItem(IDC_SBUEVENTID)->SetWindowText(sub_event);
?//用戶
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,6);
?GetDlgItem(IDC_SBUEVENTUSERNAME)->SetWindowText(sub_event);
?//計算機
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,7);
?GetDlgItem(IDC_SBUEVENTCOMPUTERNAME)->SetWindowText(sub_event);
?//詳細描述
?sub_event=dlg->m_mm_host_ListCtrl.GetItemText(sub_nItem-1,8);
?GetDlgItem(IDC_EDIT_SBUEVENTMESSAGE)->SetWindowText(sub_event);
?
?switch(istype)
?{
?case 1:
??sub_event="Security";
??break;
?case 2:
??sub_event="System";
??break;
?case 3:
??sub_event="Application";
??break;
?default:
??MessageBox("請選擇日志類型!","警告!",MB_OK|MB_ICONEXCLAMATION);
??return;
? ?}
?//事件
?GetDlgItem(IDC_SUBEVENT)->SetWindowText(sub_event);
}
/////////////////////////////////////////////////////////////////