2 * Unit tests for Event Logging functions
4 * Copyright (c) 2009 Paul Vriens
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
30 #include "wine/test.h"
32 static BOOL (WINAPI
*pCreateWellKnownSid
)(WELL_KNOWN_SID_TYPE
,PSID
,PSID
,DWORD
*);
33 static BOOL (WINAPI
*pGetEventLogInformation
)(HANDLE
,DWORD
,LPVOID
,DWORD
,LPDWORD
);
35 static BOOL (WINAPI
*pGetComputerNameExA
)(COMPUTER_NAME_FORMAT
,LPSTR
,LPDWORD
);
36 static BOOL (WINAPI
*pWow64DisableWow64FsRedirection
)(PVOID
*);
37 static BOOL (WINAPI
*pWow64RevertWow64FsRedirection
)(PVOID
);
39 static void init_function_pointers(void)
41 HMODULE hadvapi32
= GetModuleHandleA("advapi32.dll");
42 HMODULE hkernel32
= GetModuleHandleA("kernel32.dll");
44 pCreateWellKnownSid
= (void*)GetProcAddress(hadvapi32
, "CreateWellKnownSid");
45 pGetEventLogInformation
= (void*)GetProcAddress(hadvapi32
, "GetEventLogInformation");
47 pGetComputerNameExA
= (void*)GetProcAddress(hkernel32
, "GetComputerNameExA");
48 pWow64DisableWow64FsRedirection
= (void*)GetProcAddress(hkernel32
, "Wow64DisableWow64FsRedirection");
49 pWow64RevertWow64FsRedirection
= (void*)GetProcAddress(hkernel32
, "Wow64RevertWow64FsRedirection");
52 static BOOL
create_backup(const char *filename
)
57 DeleteFileA(filename
);
58 handle
= OpenEventLogA(NULL
, "Application");
59 rc
= BackupEventLogA(handle
, filename
);
60 if (!rc
&& GetLastError() == ERROR_PRIVILEGE_NOT_HELD
)
62 skip("insufficient privileges to backup the eventlog\n");
63 CloseEventLog(handle
);
66 ok(rc
, "BackupEventLogA failed, le=%u\n", GetLastError());
67 CloseEventLog(handle
);
69 attribs
= GetFileAttributesA(filename
);
71 ok(attribs
!= INVALID_FILE_ATTRIBUTES
, "Expected a backup file attribs=%#x le=%u\n", attribs
, GetLastError());
75 static void test_open_close(void)
80 SetLastError(0xdeadbeef);
81 ret
= CloseEventLog(NULL
);
82 ok(!ret
, "Expected failure\n");
83 ok(GetLastError() == ERROR_INVALID_HANDLE
||
84 GetLastError() == ERROR_NOACCESS
, /* W2K */
85 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
87 SetLastError(0xdeadbeef);
88 handle
= OpenEventLogA(NULL
, NULL
);
89 ok(handle
== NULL
, "Didn't expect a handle\n");
90 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
92 SetLastError(0xdeadbeef);
93 handle
= OpenEventLogA("IDontExist", NULL
);
94 ok(handle
== NULL
, "Didn't expect a handle\n");
95 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
97 SetLastError(0xdeadbeef);
98 handle
= OpenEventLogA("IDontExist", "deadbeef");
99 ok(handle
== NULL
, "Didn't expect a handle\n");
100 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE
||
101 GetLastError() == RPC_S_INVALID_NET_ADDR
, /* Some Vista and Win7 */
102 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
104 /* This one opens the Application log */
105 handle
= OpenEventLogA(NULL
, "deadbeef");
106 ok(handle
!= NULL
, "Expected a handle\n");
107 ret
= CloseEventLog(handle
);
108 ok(ret
, "Expected success\n");
109 /* Close a second time */
110 SetLastError(0xdeadbeef);
111 ret
= CloseEventLog(handle
);
114 ok(!ret
, "Expected failure\n");
115 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
118 /* Empty servername should be read as local server */
119 handle
= OpenEventLogA("", "Application");
120 ok(handle
!= NULL
, "Expected a handle\n");
121 CloseEventLog(handle
);
123 handle
= OpenEventLogA(NULL
, "Application");
124 ok(handle
!= NULL
, "Expected a handle\n");
125 CloseEventLog(handle
);
128 static void test_info(void)
133 EVENTLOG_FULL_INFORMATION efi
;
135 if (!pGetEventLogInformation
)
138 win_skip("GetEventLogInformation is not available\n");
141 SetLastError(0xdeadbeef);
142 ret
= pGetEventLogInformation(NULL
, 1, NULL
, 0, NULL
);
143 ok(!ret
, "Expected failure\n");
144 ok(GetLastError() == ERROR_INVALID_LEVEL
, "Expected ERROR_INVALID_LEVEL, got %d\n", GetLastError());
146 SetLastError(0xdeadbeef);
147 ret
= pGetEventLogInformation(NULL
, EVENTLOG_FULL_INFO
, NULL
, 0, NULL
);
148 ok(!ret
, "Expected failure\n");
149 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
151 handle
= OpenEventLogA(NULL
, "Application");
153 SetLastError(0xdeadbeef);
154 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, NULL
, 0, NULL
);
155 ok(!ret
, "Expected failure\n");
156 ok(GetLastError() == RPC_X_NULL_REF_POINTER
, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
158 SetLastError(0xdeadbeef);
159 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, NULL
, 0, &needed
);
160 ok(!ret
, "Expected failure\n");
161 ok(GetLastError() == RPC_X_NULL_REF_POINTER
, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
163 SetLastError(0xdeadbeef);
164 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, (LPVOID
)&efi
, 0, NULL
);
165 ok(!ret
, "Expected failure\n");
166 ok(GetLastError() == RPC_X_NULL_REF_POINTER
, "Expected RPC_X_NULL_REF_POINTER, got %d\n", GetLastError());
168 SetLastError(0xdeadbeef);
170 efi
.dwFull
= 0xdeadbeef;
171 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, (LPVOID
)&efi
, 0, &needed
);
172 ok(!ret
, "Expected failure\n");
173 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER
, "Expected ERROR_INSUFFICIENT_BUFFER, got %d\n", GetLastError());
174 ok(needed
== sizeof(EVENTLOG_FULL_INFORMATION
), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed
);
175 ok(efi
.dwFull
== 0xdeadbeef, "Expected no change to the dwFull member\n");
177 /* Not that we care, but on success last error is set to ERROR_IO_PENDING */
178 efi
.dwFull
= 0xdeadbeef;
180 ret
= pGetEventLogInformation(handle
, EVENTLOG_FULL_INFO
, (LPVOID
)&efi
, needed
, &needed
);
181 ok(ret
, "Expected success\n");
182 ok(needed
== sizeof(EVENTLOG_FULL_INFORMATION
), "Expected sizeof(EVENTLOG_FULL_INFORMATION), got %d\n", needed
);
183 ok(efi
.dwFull
== 0 || efi
.dwFull
== 1, "Expected 0 (not full) or 1 (full), got %d\n", efi
.dwFull
);
185 CloseEventLog(handle
);
188 static void test_count(void)
193 const char backup
[] = "backup.evt";
195 SetLastError(0xdeadbeef);
196 ret
= GetNumberOfEventLogRecords(NULL
, NULL
);
197 ok(!ret
, "Expected failure\n");
198 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
200 SetLastError(0xdeadbeef);
202 ret
= GetNumberOfEventLogRecords(NULL
, &count
);
203 ok(!ret
, "Expected failure\n");
204 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
205 ok(count
== 0xdeadbeef, "Expected count to stay unchanged\n");
207 handle
= OpenEventLogA(NULL
, "Application");
209 SetLastError(0xdeadbeef);
210 ret
= GetNumberOfEventLogRecords(handle
, NULL
);
211 ok(!ret
, "Expected failure\n");
212 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
215 ret
= GetNumberOfEventLogRecords(handle
, &count
);
216 ok(ret
, "Expected success\n");
217 ok(count
!= 0xdeadbeef, "Expected the number of records\n");
219 CloseEventLog(handle
);
221 /* Make a backup eventlog to work with */
222 if (create_backup(backup
))
224 handle
= OpenBackupEventLogA(NULL
, backup
);
226 ok(handle
!= NULL
, "Expected a handle, le=%d\n", GetLastError());
228 /* Does GetNumberOfEventLogRecords work with backup eventlogs? */
230 ret
= GetNumberOfEventLogRecords(handle
, &count
);
233 ok(ret
, "Expected success\n");
234 ok(count
!= 0xdeadbeef, "Expected the number of records\n");
237 CloseEventLog(handle
);
242 static void test_oldest(void)
247 const char backup
[] = "backup.evt";
249 SetLastError(0xdeadbeef);
250 ret
= GetOldestEventLogRecord(NULL
, NULL
);
251 ok(!ret
, "Expected failure\n");
252 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
254 SetLastError(0xdeadbeef);
256 ret
= GetOldestEventLogRecord(NULL
, &oldest
);
257 ok(!ret
, "Expected failure\n");
258 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
259 ok(oldest
== 0xdeadbeef, "Expected oldest to stay unchanged\n");
261 handle
= OpenEventLogA(NULL
, "Application");
263 SetLastError(0xdeadbeef);
264 ret
= GetOldestEventLogRecord(handle
, NULL
);
265 ok(!ret
, "Expected failure\n");
266 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
269 ret
= GetOldestEventLogRecord(handle
, &oldest
);
270 ok(ret
, "Expected success\n");
271 ok(oldest
!= 0xdeadbeef, "Expected the number of the oldest record\n");
273 CloseEventLog(handle
);
275 /* Make a backup eventlog to work with */
276 if (create_backup(backup
))
278 handle
= OpenBackupEventLogA(NULL
, backup
);
280 ok(handle
!= NULL
, "Expected a handle\n");
282 /* Does GetOldestEventLogRecord work with backup eventlogs? */
284 ret
= GetOldestEventLogRecord(handle
, &oldest
);
287 ok(ret
, "Expected success\n");
288 ok(oldest
!= 0xdeadbeef, "Expected the number of the oldest record\n");
291 CloseEventLog(handle
);
296 static void test_backup(void)
300 const char backup
[] = "backup.evt";
301 const char backup2
[] = "backup2.evt";
303 SetLastError(0xdeadbeef);
304 ret
= BackupEventLogA(NULL
, NULL
);
305 ok(!ret
, "Expected failure\n");
306 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
308 SetLastError(0xdeadbeef);
309 ret
= BackupEventLogA(NULL
, backup
);
310 ok(!ret
, "Expected failure\n");
311 ok(GetFileAttributesA(backup
) == INVALID_FILE_ATTRIBUTES
, "Expected no backup file\n");
313 handle
= OpenEventLogA(NULL
, "Application");
315 SetLastError(0xdeadbeef);
316 ret
= BackupEventLogA(handle
, NULL
);
317 ok(!ret
, "Expected failure\n");
318 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
320 ret
= BackupEventLogA(handle
, backup
);
321 if (!ret
&& GetLastError() == ERROR_PRIVILEGE_NOT_HELD
)
323 skip("insufficient privileges for backup tests\n");
324 CloseEventLog(handle
);
327 ok(ret
, "Expected success\n");
329 ok(GetFileAttributesA(backup
) != INVALID_FILE_ATTRIBUTES
, "Expected a backup file\n");
331 /* Try to overwrite */
332 SetLastError(0xdeadbeef);
333 ret
= BackupEventLogA(handle
, backup
);
336 ok(!ret
, "Expected failure\n");
337 ok(GetLastError() == ERROR_ALREADY_EXISTS
, "Expected ERROR_ALREADY_EXISTS, got %d\n", GetLastError());
340 CloseEventLog(handle
);
342 /* Can we make a backup of a backup? */
343 handle
= OpenBackupEventLogA(NULL
, backup
);
345 ok(handle
!= NULL
, "Expected a handle\n");
347 ret
= BackupEventLogA(handle
, backup2
);
350 ok(ret
, "Expected success\n");
351 ok(GetFileAttributesA(backup2
) != INVALID_FILE_ATTRIBUTES
, "Expected a backup file\n");
354 CloseEventLog(handle
);
356 DeleteFileA(backup2
);
359 static void test_read(void)
363 DWORD count
, toread
, read
, needed
;
366 SetLastError(0xdeadbeef);
367 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, NULL
, NULL
);
368 ok(!ret
, "Expected failure\n");
370 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
373 SetLastError(0xdeadbeef);
374 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, &read
, NULL
);
375 ok(!ret
, "Expected failure\n");
376 ok(read
== 0xdeadbeef, "Expected 'read' parameter to remain unchanged\n");
378 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
381 SetLastError(0xdeadbeef);
382 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, NULL
, &needed
);
383 ok(!ret
, "Expected failure\n");
384 ok(needed
== 0xdeadbeef, "Expected 'needed' parameter to remain unchanged\n");
386 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
388 /* 'read' and 'needed' are only filled when the needed buffer size is passed back or when the call succeeds */
389 SetLastError(0xdeadbeef);
390 ret
= ReadEventLogA(NULL
, 0, 0, NULL
, 0, &read
, &needed
);
391 ok(!ret
, "Expected failure\n");
393 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
395 SetLastError(0xdeadbeef);
396 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
, 0, NULL
, 0, NULL
, NULL
);
397 ok(!ret
, "Expected failure\n");
399 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
401 SetLastError(0xdeadbeef);
402 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
, 0, NULL
, 0, &read
, &needed
);
403 ok(!ret
, "Expected failure\n");
405 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
408 SetLastError(0xdeadbeef);
409 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
410 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
411 ok(!ret
, "Expected failure\n");
413 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
415 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
416 SetLastError(0xdeadbeef);
417 ret
= ReadEventLogA(NULL
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
418 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
419 ok(!ret
, "Expected failure\n");
421 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
422 HeapFree(GetProcessHeap(), 0, buf
);
424 handle
= OpenEventLogA(NULL
, "Application");
426 /* Show that we need the proper dwFlags with a (for the rest) proper call */
427 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
429 SetLastError(0xdeadbeef);
430 ret
= ReadEventLogA(handle
, 0, 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
431 ok(!ret
, "Expected failure\n");
433 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
435 SetLastError(0xdeadbeef);
436 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
, 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
437 ok(!ret
, "Expected failure\n");
439 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
441 SetLastError(0xdeadbeef);
442 ret
= ReadEventLogA(handle
, EVENTLOG_SEEK_READ
, 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
443 ok(!ret
, "Expected failure\n");
445 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
447 SetLastError(0xdeadbeef);
448 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
,
449 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
450 ok(!ret
, "Expected failure\n");
452 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
454 SetLastError(0xdeadbeef);
455 ret
= ReadEventLogA(handle
, EVENTLOG_SEEK_READ
| EVENTLOG_FORWARDS_READ
| EVENTLOG_BACKWARDS_READ
,
456 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
457 ok(!ret
, "Expected failure\n");
459 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
461 SetLastError(0xdeadbeef);
462 ret
= ReadEventLogA(handle
, EVENTLOG_SEEK_READ
| EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
463 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
464 ok(!ret
, "Expected failure\n");
466 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
468 HeapFree(GetProcessHeap(), 0, buf
);
470 /* First check if there are any records (in practice only on Wine: FIXME) */
472 GetNumberOfEventLogRecords(handle
, &count
);
475 skip("No records in the 'Application' log\n");
476 CloseEventLog(handle
);
480 /* Get the buffer size for the first record */
481 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
482 read
= needed
= 0xdeadbeef;
483 SetLastError(0xdeadbeef);
484 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
485 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
486 ok(!ret
, "Expected failure\n");
487 ok(read
== 0, "Expected no bytes read\n");
488 ok(needed
> sizeof(EVENTLOGRECORD
), "Expected the needed buffersize to be bigger than sizeof(EVENTLOGRECORD)\n");
489 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
491 /* Read the first record */
493 buf
= HeapReAlloc(GetProcessHeap(), 0, buf
, toread
);
494 read
= needed
= 0xdeadbeef;
495 SetLastError(0xdeadbeef);
496 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
, 0, buf
, toread
, &read
, &needed
);
497 ok(ret
, "Expected success\n");
499 broken(read
< toread
), /* NT4 wants a buffer size way bigger than just 1 record */
500 "Expected the requested size to be read\n");
501 ok(needed
== 0, "Expected no extra bytes to be read\n");
502 HeapFree(GetProcessHeap(), 0, buf
);
504 CloseEventLog(handle
);
507 static void test_openbackup(void)
509 HANDLE handle
, handle2
, file
;
511 const char backup
[] = "backup.evt";
512 const char text
[] = "Just some text";
514 SetLastError(0xdeadbeef);
515 handle
= OpenBackupEventLogA(NULL
, NULL
);
516 ok(handle
== NULL
, "Didn't expect a handle\n");
517 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
519 SetLastError(0xdeadbeef);
520 handle
= OpenBackupEventLogA(NULL
, "idontexist.evt");
521 ok(handle
== NULL
, "Didn't expect a handle\n");
522 ok(GetLastError() == ERROR_FILE_NOT_FOUND
, "Expected ERROR_FILE_NOT_FOUND, got %d\n", GetLastError());
524 SetLastError(0xdeadbeef);
525 handle
= OpenBackupEventLogA("IDontExist", NULL
);
526 ok(handle
== NULL
, "Didn't expect a handle\n");
527 ok(GetLastError() == ERROR_INVALID_PARAMETER
, "Expected ERROR_INVALID_PARAMETER, got %d\n", GetLastError());
529 SetLastError(0xdeadbeef);
530 handle
= OpenBackupEventLogA("IDontExist", "idontexist.evt");
531 ok(handle
== NULL
, "Didn't expect a handle\n");
532 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE
||
533 GetLastError() == RPC_S_INVALID_NET_ADDR
, /* Some Vista and Win7 */
534 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
536 /* Make a backup eventlog to work with */
537 if (create_backup(backup
))
539 /* FIXME: Wine stops here */
540 if (GetFileAttributesA(backup
) == INVALID_FILE_ATTRIBUTES
)
542 skip("We don't have a backup eventlog to work with\n");
546 SetLastError(0xdeadbeef);
547 handle
= OpenBackupEventLogA("IDontExist", backup
);
548 ok(handle
== NULL
, "Didn't expect a handle\n");
549 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE
||
550 GetLastError() == RPC_S_INVALID_NET_ADDR
, /* Some Vista and Win7 */
551 "Expected RPC_S_SERVER_UNAVAILABLE, got %d\n", GetLastError());
553 /* Empty servername should be read as local server */
554 handle
= OpenBackupEventLogA("", backup
);
555 ok(handle
!= NULL
, "Expected a handle\n");
556 CloseEventLog(handle
);
558 handle
= OpenBackupEventLogA(NULL
, backup
);
559 ok(handle
!= NULL
, "Expected a handle\n");
561 /* Can we open that same backup eventlog more than once? */
562 handle2
= OpenBackupEventLogA(NULL
, backup
);
563 ok(handle2
!= NULL
, "Expected a handle\n");
564 ok(handle2
!= handle
, "Didn't expect the same handle\n");
565 CloseEventLog(handle2
);
567 CloseEventLog(handle
);
571 /* Is there any content checking done? */
572 file
= CreateFileA(backup
, GENERIC_WRITE
, 0, NULL
, CREATE_NEW
, 0, NULL
);
574 SetLastError(0xdeadbeef);
575 handle
= OpenBackupEventLogA(NULL
, backup
);
576 ok(handle
== NULL
, "Didn't expect a handle\n");
577 ok(GetLastError() == ERROR_NOT_ENOUGH_MEMORY
||
578 GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT
, /* Vista and Win7 */
579 "Expected ERROR_NOT_ENOUGH_MEMORY, got %d\n", GetLastError());
580 CloseEventLog(handle
);
583 file
= CreateFileA(backup
, GENERIC_WRITE
, 0, NULL
, CREATE_NEW
, 0, NULL
);
584 WriteFile(file
, text
, sizeof(text
), &written
, NULL
);
586 SetLastError(0xdeadbeef);
587 handle
= OpenBackupEventLogA(NULL
, backup
);
588 ok(handle
== NULL
, "Didn't expect a handle\n");
589 ok(GetLastError() == ERROR_EVENTLOG_FILE_CORRUPT
, "Expected ERROR_EVENTLOG_FILE_CORRUPT, got %d\n", GetLastError());
590 CloseEventLog(handle
);
594 static void test_clear(void)
598 const char backup
[] = "backup.evt";
599 const char backup2
[] = "backup2.evt";
601 SetLastError(0xdeadbeef);
602 ret
= ClearEventLogA(NULL
, NULL
);
603 ok(!ret
, "Expected failure\n");
604 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
606 /* Make a backup eventlog to work with */
607 if (!create_backup(backup
))
610 SetLastError(0xdeadbeef);
611 ret
= ClearEventLogA(NULL
, backup
);
612 ok(!ret
, "Expected failure\n");
613 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
615 handle
= OpenBackupEventLogA(NULL
, backup
);
617 ok(handle
!= NULL
, "Expected a handle\n");
619 /* A real eventlog would fail with ERROR_ALREADY_EXISTS */
620 SetLastError(0xdeadbeef);
621 ret
= ClearEventLogA(handle
, backup
);
622 ok(!ret
, "Expected failure\n");
623 /* The eventlog service runs under an account that doesn't have the necessary
624 * permissions on the users home directory on a default Vista+ system.
626 ok(GetLastError() == ERROR_INVALID_HANDLE
||
627 GetLastError() == ERROR_ACCESS_DENIED
, /* Vista+ */
628 "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
630 /* Show that ClearEventLog only works for real eventlogs. */
631 SetLastError(0xdeadbeef);
632 ret
= ClearEventLogA(handle
, backup2
);
633 ok(!ret
, "Expected failure\n");
634 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
635 ok(GetFileAttributesA(backup2
) == INVALID_FILE_ATTRIBUTES
, "Expected no backup file\n");
637 SetLastError(0xdeadbeef);
638 ret
= ClearEventLogA(handle
, NULL
);
639 ok(!ret
, "Expected failure\n");
640 ok(GetLastError() == ERROR_INVALID_HANDLE
, "Expected ERROR_INVALID_HANDLE, got %d\n", GetLastError());
642 CloseEventLog(handle
);
644 ok(DeleteFileA(backup
), "Could not delete the backup file\n");
647 static const char eventlogsvc
[] = "SYSTEM\\CurrentControlSet\\Services\\Eventlog";
648 static const char eventlogname
[] = "Wine";
649 static const char eventsources
[][11] = { "WineSrc", "WineSrc1", "WineSrc20", "WineSrc300" };
651 static BOOL
create_new_eventlog(void)
658 /* First create our eventlog */
659 lret
= RegOpenKeyA(HKEY_LOCAL_MACHINE
, eventlogsvc
, &key
);
660 if (lret
!= ERROR_SUCCESS
)
662 skip("Could not open the EventLog service registry key\n");
665 lret
= RegCreateKeyA(key
, eventlogname
, &eventkey
);
666 if (lret
!= ERROR_SUCCESS
)
668 skip("Could not create the eventlog '%s' registry key\n", eventlogname
);
672 /* Create some event sources, the registry value 'Sources' is updated automatically */
673 for (i
= 0; i
< sizeof(eventsources
)/sizeof(eventsources
[0]); i
++)
677 lret
= RegCreateKeyA(eventkey
, eventsources
[i
], &srckey
);
678 if (lret
!= ERROR_SUCCESS
)
680 skip("Could not create the eventsource '%s' registry key\n", eventsources
[i
]);
689 /* The flushing of the registry (here and above) gives us some assurance
690 * that we are not to quickly writing events as 'Sources' could still be
693 RegFlushKey(eventkey
);
695 RegCloseKey(eventkey
);
701 static const char *one_string
[] = { "First string" };
702 static const char *two_strings
[] = { "First string", "Second string" };
711 const char **evt_strings
;
714 { eventlogname
, EVENTLOG_INFORMATION_TYPE
, 1, 1, FALSE
, 1, one_string
},
715 { eventsources
[0], EVENTLOG_WARNING_TYPE
, 1, 2, FALSE
, 0, NULL
},
716 { eventsources
[1], EVENTLOG_AUDIT_FAILURE
, 1, 3, FALSE
, 2, two_strings
},
717 { eventsources
[2], EVENTLOG_ERROR_TYPE
, 1, 4, FALSE
, 0, NULL
},
718 { eventsources
[3], EVENTLOG_WARNING_TYPE
, 1, 5, FALSE
, 1, one_string
},
719 { eventlogname
, EVENTLOG_SUCCESS
, 2, 6, TRUE
, 2, two_strings
},
720 { eventsources
[0], EVENTLOG_AUDIT_FAILURE
, 2, 7, TRUE
, 0, NULL
},
721 { eventsources
[1], EVENTLOG_AUDIT_SUCCESS
, 2, 8, TRUE
, 2, two_strings
},
722 { eventsources
[2], EVENTLOG_WARNING_TYPE
, 2, 9, TRUE
, 0, NULL
},
723 { eventsources
[3], EVENTLOG_ERROR_TYPE
, 2, 10, TRUE
, 1, one_string
}
726 static void test_readwrite(void)
730 DWORD sidsize
, count
;
731 BOOL ret
, sidavailable
;
732 BOOL on_vista
= FALSE
; /* Used to indicate Vista, W2K8 or Win7 */
734 char *localcomputer
= NULL
;
737 if (pCreateWellKnownSid
)
739 sidsize
= SECURITY_MAX_SID_SIZE
;
740 user
= HeapAlloc(GetProcessHeap(), 0, sidsize
);
741 SetLastError(0xdeadbeef);
742 pCreateWellKnownSid(WinInteractiveSid
, NULL
, user
, &sidsize
);
747 win_skip("Skipping some SID related tests\n");
748 sidavailable
= FALSE
;
752 /* Write an event with an incorrect event type. This will fail on Windows 7
753 * but succeed on all others, hence it's not part of the struct.
755 handle
= OpenEventLogA(NULL
, eventlogname
);
758 /* Intermittently seen on NT4 when tests are run immediately after boot */
759 win_skip("Could not get a handle to the eventlog\n");
764 GetNumberOfEventLogRecords(handle
, &count
);
767 /* Needed for W2K3 without a service pack */
768 win_skip("We most likely opened the Application eventlog\n");
769 CloseEventLog(handle
);
772 handle
= OpenEventLogA(NULL
, eventlogname
);
774 GetNumberOfEventLogRecords(handle
, &count
);
777 win_skip("We didn't open our new eventlog\n");
778 CloseEventLog(handle
);
783 SetLastError(0xdeadbeef);
784 ret
= ReportEventA(handle
, 0x20, 0, 0, NULL
, 0, 0, NULL
, NULL
);
785 if (!ret
&& GetLastError() == ERROR_CRC
)
787 win_skip("Win7 fails when using incorrect event types\n");
788 ret
= ReportEventA(handle
, 0, 0, 0, NULL
, 0, 0, NULL
, NULL
);
789 ok(ret
, "Expected success : %d\n", GetLastError());
794 DWORD read
, needed
= 0;
795 EVENTLOGRECORD
*record
;
797 ok(ret
, "Expected success : %d\n", GetLastError());
799 /* Needed to catch earlier Vista (with no ServicePack for example) */
800 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
801 if (!(ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
802 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
)) &&
803 GetLastError() == ERROR_INSUFFICIENT_BUFFER
)
805 buf
= HeapReAlloc(GetProcessHeap(), 0, buf
, needed
);
806 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
807 0, buf
, needed
, &read
, &needed
);
811 record
= (EVENTLOGRECORD
*)buf
;
813 /* Vista and W2K8 return EVENTLOG_SUCCESS, Windows versions before return
814 * the written eventtype (0x20 in this case).
816 if (record
->EventType
== EVENTLOG_SUCCESS
)
819 HeapFree(GetProcessHeap(), 0, buf
);
822 /* This will clear the eventlog. The record numbering for new
823 * events however differs on Vista SP1+. Before Vista the first
824 * event would be numbered 1, on Vista SP1+ it's higher as we already
825 * had at least one event (more in case of multiple test runs without
828 ClearEventLogA(handle
, NULL
);
829 CloseEventLog(handle
);
831 /* Write a bunch of events while using different event sources */
832 for (i
= 0; i
< sizeof(read_write
)/sizeof(read_write
[0]); i
++)
835 BOOL run_sidtests
= read_write
[i
].evt_sid
& sidavailable
;
837 /* We don't need to use RegisterEventSource to report events */
839 handle
= OpenEventLogA(NULL
, read_write
[i
].evt_src
);
841 handle
= RegisterEventSourceA(NULL
, read_write
[i
].evt_src
);
842 ok(handle
!= NULL
, "Expected a handle\n");
844 SetLastError(0xdeadbeef);
845 ret
= ReportEventA(handle
, read_write
[i
].evt_type
, read_write
[i
].evt_cat
,
846 read_write
[i
].evt_id
, run_sidtests
? user
: NULL
,
847 read_write
[i
].evt_numstrings
, 0, read_write
[i
].evt_strings
, NULL
);
848 ok(ret
, "Expected ReportEvent success : %d\n", GetLastError());
851 SetLastError(0xdeadbeef);
852 ret
= GetNumberOfEventLogRecords(handle
, &count
);
853 ok(ret
, "Expected GetNumberOfEventLogRecords success : %d\n", GetLastError());
855 ok(count
== (i
+ 1), "Expected %d records, got %d\n", i
+ 1, count
);
858 ret
= GetOldestEventLogRecord(handle
, &oldest
);
859 ok(ret
, "Expected GetOldestEventLogRecord success : %d\n", GetLastError());
862 (oldest
> 1 && oldest
!= 0xdeadbeef), /* Vista SP1+, W2K8 and Win7 */
863 "Expected oldest to be 1 or higher, got %d\n", oldest
);
864 if (oldest
> 1 && oldest
!= 0xdeadbeef)
867 SetLastError(0xdeadbeef);
869 ret
= CloseEventLog(handle
);
871 ret
= DeregisterEventSource(handle
);
872 ok(ret
, "Expected success : %d\n", GetLastError());
875 handle
= OpenEventLogA(NULL
, eventlogname
);
877 ret
= GetNumberOfEventLogRecords(handle
, &count
);
878 ok(ret
, "Expected success\n");
880 ok(count
== i
, "Expected %d records, got %d\n", i
, count
);
881 CloseEventLog(handle
);
885 skip("No events were written to the eventlog\n");
889 /* Report only once */
891 skip("There is no DWORD alignment enforced for UserSid on Vista, W2K8 or Win7\n");
893 if (on_vista
&& pGetComputerNameExA
)
895 /* New Vista+ behavior */
897 SetLastError(0xdeadbeef);
898 pGetComputerNameExA(ComputerNameDnsFullyQualified
, NULL
, &size
);
899 localcomputer
= HeapAlloc(GetProcessHeap(), 0, size
);
900 pGetComputerNameExA(ComputerNameDnsFullyQualified
, localcomputer
, &size
);
904 size
= MAX_COMPUTERNAME_LENGTH
+ 1;
905 localcomputer
= HeapAlloc(GetProcessHeap(), 0, size
);
906 GetComputerNameA(localcomputer
, &size
);
909 /* Read all events from our created eventlog, one by one */
910 handle
= OpenEventLogA(NULL
, eventlogname
);
916 EVENTLOGRECORD
*record
;
917 char *sourcename
, *computername
;
920 BOOL run_sidtests
= read_write
[i
].evt_sid
& sidavailable
;
922 buf
= HeapAlloc(GetProcessHeap(), 0, sizeof(EVENTLOGRECORD
));
923 SetLastError(0xdeadbeef);
924 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
925 0, buf
, sizeof(EVENTLOGRECORD
), &read
, &needed
);
926 if (!ret
&& GetLastError() == ERROR_HANDLE_EOF
)
928 HeapFree(GetProcessHeap(), 0, buf
);
931 ok(!ret
, "Expected failure\n");
932 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER
,
933 "Expected ERROR_INVALID_PARAMETER, got %d\n",GetLastError());
935 buf
= HeapReAlloc(GetProcessHeap(), 0, buf
, needed
);
936 ret
= ReadEventLogA(handle
, EVENTLOG_SEQUENTIAL_READ
| EVENTLOG_FORWARDS_READ
,
937 0, buf
, needed
, &read
, &needed
);
938 ok(ret
, "Expected success: %d\n", GetLastError());
940 record
= (EVENTLOGRECORD
*)buf
;
942 ok(record
->Length
== read
,
943 "Expected %d, got %d\n", read
, record
->Length
);
944 ok(record
->Reserved
== 0x654c664c,
945 "Expected 0x654c664c, got %d\n", record
->Reserved
);
946 ok(record
->RecordNumber
== i
+ 1 ||
947 (on_vista
&& (record
->RecordNumber
> i
+ 1)),
948 "Expected %d or higher, got %d\n", i
+ 1, record
->RecordNumber
);
949 ok(record
->EventID
== read_write
[i
].evt_id
,
950 "Expected %d, got %d\n", read_write
[i
].evt_id
, record
->EventID
);
951 ok(record
->EventType
== read_write
[i
].evt_type
,
952 "Expected %d, got %d\n", read_write
[i
].evt_type
, record
->EventType
);
953 ok(record
->NumStrings
== read_write
[i
].evt_numstrings
,
954 "Expected %d, got %d\n", read_write
[i
].evt_numstrings
, record
->NumStrings
);
955 ok(record
->EventCategory
== read_write
[i
].evt_cat
,
956 "Expected %d, got %d\n", read_write
[i
].evt_cat
, record
->EventCategory
);
958 sourcename
= (char *)((BYTE
*)buf
+ sizeof(EVENTLOGRECORD
));
959 ok(!lstrcmpA(sourcename
, read_write
[i
].evt_src
), "Expected '%s', got '%s'\n",
960 read_write
[i
].evt_src
, sourcename
);
962 computername
= (char *)((BYTE
*)buf
+ sizeof(EVENTLOGRECORD
) + lstrlenA(sourcename
) + 1);
963 ok(!lstrcmpiA(computername
, localcomputer
), "Expected '%s', got '%s'\n",
964 localcomputer
, computername
);
966 /* Before Vista, UserSid was aligned on a DWORD boundary. Next to that if
967 * no padding was actually required a 0 DWORD was still used for padding. No
968 * application should be relying on the padding as we are working with offsets
974 DWORD calculated_sidoffset
= sizeof(EVENTLOGRECORD
) + lstrlenA(sourcename
) + 1 + lstrlenA(computername
) + 1;
976 /* We are already DWORD aligned, there should still be some padding */
977 if ((((UINT_PTR
)buf
+ calculated_sidoffset
) % sizeof(DWORD
)) == 0)
978 ok(*(DWORD
*)((BYTE
*)buf
+ calculated_sidoffset
) == 0, "Expected 0\n");
980 ok((((UINT_PTR
)buf
+ record
->UserSidOffset
) % sizeof(DWORD
)) == 0, "Expected DWORD alignment\n");
985 ok(record
->UserSidLength
== sidsize
, "Expected %d, got %d\n", sidsize
, record
->UserSidLength
);
989 ok(record
->StringOffset
== record
->UserSidOffset
, "Expected offsets to be the same\n");
990 ok(record
->UserSidLength
== 0, "Expected 0, got %d\n", record
->UserSidLength
);
993 ok(record
->DataLength
== 0, "Expected 0, got %d\n", record
->DataLength
);
995 ptr
= (char *)((BYTE
*)buf
+ record
->StringOffset
);
996 for (k
= 0; k
< record
->NumStrings
; k
++)
998 ok(!lstrcmpA(ptr
, two_strings
[k
]), "Expected '%s', got '%s'\n", two_strings
[k
], ptr
);
999 ptr
+= lstrlenA(ptr
) + 1;
1002 ok(record
->Length
== *(DWORD
*)((BYTE
*)buf
+ record
->Length
- sizeof(DWORD
)),
1003 "Expected the closing DWORD to contain the length of the record\n");
1005 HeapFree(GetProcessHeap(), 0, buf
);
1008 CloseEventLog(handle
);
1010 /* Test clearing a real eventlog */
1011 handle
= OpenEventLogA(NULL
, eventlogname
);
1013 SetLastError(0xdeadbeef);
1014 ret
= ClearEventLogA(handle
, NULL
);
1015 ok(ret
, "Expected success\n");
1018 ret
= GetNumberOfEventLogRecords(handle
, &count
);
1019 ok(ret
, "Expected success\n");
1020 ok(count
== 0, "Expected an empty eventlog, got %d records\n", count
);
1022 CloseEventLog(handle
);
1025 HeapFree(GetProcessHeap(), 0, localcomputer
);
1026 HeapFree(GetProcessHeap(), 0, user
);
1031 * Creating an eventlog on Windows (via the registry) automatically leads
1032 * to creation of a REG_MULTI_SZ named 'Sources'. This value lists all the
1033 * potential event sources for this eventlog. 'Sources' is automatically
1034 * updated when a new key (aka event source) is created.
1036 * Although the updating of registry keys is almost instantaneously, we
1037 * check it after some other tests to assure we are not querying the
1038 * registry or file system to quickly.
1042 * The eventlog file itself is also automatically created, even before we
1043 * start writing events.
1045 static char eventlogfile
[MAX_PATH
];
1046 static void test_autocreation(void)
1053 char sources
[sizeof(eventsources
)];
1054 char sysdir
[MAX_PATH
];
1057 RegOpenKeyA(HKEY_LOCAL_MACHINE
, eventlogsvc
, &key
);
1058 RegOpenKeyA(key
, eventlogname
, &eventkey
);
1060 size
= sizeof(sources
);
1062 ret
= RegQueryValueExA(eventkey
, "Sources", NULL
, &type
, (LPBYTE
)sources
, &size
);
1063 if (ret
== ERROR_SUCCESS
)
1065 char sources_verify
[sizeof(eventsources
)];
1067 ok(type
== REG_MULTI_SZ
, "Expected a REG_MULTI_SZ, got %d\n", type
);
1069 /* Build the expected string */
1070 memset(sources_verify
, 0, sizeof(sources_verify
));
1072 for (i
= sizeof(eventsources
)/sizeof(eventsources
[0]); i
> 0; i
--)
1074 lstrcpyA(p
, eventsources
[i
- 1]);
1075 p
+= (lstrlenA(eventsources
[i
- 1]) + 1);
1077 lstrcpyA(p
, eventlogname
);
1079 ok(!memcmp(sources
, sources_verify
, size
),
1080 "Expected a correct 'Sources' value (size : %d)\n", size
);
1083 RegCloseKey(eventkey
);
1086 /* The directory that holds the eventlog files could be redirected */
1087 if (pWow64DisableWow64FsRedirection
)
1088 pWow64DisableWow64FsRedirection(&redir
);
1090 /* On Windows we also automatically get an eventlog file */
1091 GetSystemDirectoryA(sysdir
, sizeof(sysdir
));
1094 lstrcpyA(eventlogfile
, sysdir
);
1095 lstrcatA(eventlogfile
, "\\config\\");
1096 lstrcatA(eventlogfile
, eventlogname
);
1097 lstrcatA(eventlogfile
, ".evt");
1099 if (GetFileAttributesA(eventlogfile
) == INVALID_FILE_ATTRIBUTES
)
1102 lstrcpyA(eventlogfile
, sysdir
);
1103 lstrcatA(eventlogfile
, "\\winevt\\Logs\\");
1104 lstrcatA(eventlogfile
, eventlogname
);
1105 lstrcatA(eventlogfile
, ".evtx");
1109 ok(GetFileAttributesA(eventlogfile
) != INVALID_FILE_ATTRIBUTES
,
1110 "Expected an eventlog file\n");
1112 if (pWow64RevertWow64FsRedirection
)
1113 pWow64RevertWow64FsRedirection(redir
);
1116 static void cleanup_eventlog(void)
1122 char winesvc
[MAX_PATH
];
1124 /* Delete the registry tree */
1125 lstrcpyA(winesvc
, eventlogsvc
);
1126 lstrcatA(winesvc
, "\\");
1127 lstrcatA(winesvc
, eventlogname
);
1129 RegOpenKeyA(HKEY_LOCAL_MACHINE
, winesvc
, &key
);
1130 for (i
= 0; i
< sizeof(eventsources
)/sizeof(eventsources
[0]); i
++)
1131 RegDeleteKeyA(key
, eventsources
[i
]);
1132 RegDeleteValueA(key
, "Sources");
1134 lret
= RegDeleteKeyA(HKEY_LOCAL_MACHINE
, winesvc
);
1135 ok(lret
== ERROR_SUCCESS
, "Could not delete the registry tree : %d\n", lret
);
1137 /* A handle to the eventlog is locked by services.exe. We can only
1138 * delete the eventlog file after reboot.
1140 bret
= MoveFileExA(eventlogfile
, NULL
, MOVEFILE_DELAY_UNTIL_REBOOT
);
1141 ok(bret
, "Expected MoveFileEx to succeed: %d\n", GetLastError());
1144 START_TEST(eventlog
)
1146 SetLastError(0xdeadbeef);
1147 CloseEventLog(NULL
);
1148 if (GetLastError() == ERROR_CALL_NOT_IMPLEMENTED
)
1150 win_skip("Event log functions are not implemented\n");
1154 init_function_pointers();
1156 /* Parameters only */
1166 /* Functional tests */
1167 if (create_new_eventlog())
1170 test_autocreation();