Jump to content
Sign in to follow this  
ChrisL

Can't write to NT4 event log

Recommended Posts

ChrisL

There seems to be an issue with writing to the NT4 event log.

In Securuty.au3 there is a function

Func _Security__SidToStringSid($pSID)
    
    Local $tPtr, $tBuffer, $sSID, $aResult

    If Not _Security__IsValidSid($pSID) Then Return SetError(-1, 0, "")

    $tPtr = DllStructCreate("ptr Buffer")
    $aResult = DllCall("AdvAPI32.dll", "int", "ConvertSidToStringSid", "ptr", $pSID, "ptr", DllStructGetPtr($tPtr))
    If $aResult[0] = 0 Then Return SetError(-2, 0, "")

    $tBuffer = DllStructCreate("char Text[256]", DllStructGetData($tPtr, "Buffer"))
    $sSID = DllStructGetData($tBuffer, "Text")
    _WinAPI_LocalFree(DllStructGetData($tPtr, "Buffer"))
    Return $sSID
EndFunc  ;==>_Security__SidToStringSid

But ConvertSidToStringSid does't exist in the NT4 AdvAPI32.dll

So if I specify NULL as the username for the event it generates an event but when you try and read it Event Viewer says "The system can not find the file specified"

Any ideas

Share this post


Link to post
Share on other sites
ChrisL

Nevermind I sussed it..

first you specify NULL as a username when using _Event__Report() and also you have to use a valid message file DLL otherwise EventVwr gives the error I specified earlier.

If I setup a message source using the EventVwr dll stuff in my signature it works fine.

I'd been scratching my head on this for ages and I think posting here was the inspiration I needed!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×