Platforms, Frameworks & Libraries »
Win32/64 SDK & OS »
General
Intermediate
Adding User Name to EventsBy maththaiosHow to add user names to the Event Viewer. |
VC6, C++Windows, WinXPVS6, Visual Studio, Dev
|
Advanced Search Sitemap |
|
|
This article will explain how to add a user name to the Events that are logged in to the Event Viewer.
I needed to add user names to events that were being logged, and I
could not find anything directly on target. Microsoft's website stated
to simply add the SID to the ReportEvent
function. It did
not tell how to get the SID. After much more investigation, I found
something written in another programming language that got the user
SID, so I translated it into C and combined it with what I was doing.
I wrote a standalone program first to test out what I wanted to do at work. I will provide all the relevant portions here so that you can simply paste into your project something that works.
HANDLE hToken; HANDLE g_eventHandle = NULL; int rc; DWORD dwLength = 0; PTOKEN_USER pTokenUser = NULL; TCHAR *params[1]; // in order to use ReportEvent we must first Register Event g_eventHandle = RegisterEventSource(NULL, _T("SID_TEST")); OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken); // Get required buffer size and allocate the PTOKEN_USER buffer. if (!GetTokenInformation( hToken, // handle to the access token TokenUser, // get information about the token's groups (LPVOID) pTokenUser, // pointer to TOKEN_USER buffer 0, // size of buffer &dwLength // receives required buffer size )) { if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) goto Cleanup; pTokenUser = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, dwLength); if (pTokenUser == NULL) goto Cleanup; } // Get the token group information from the access token. if (!GetTokenInformation( hToken, // handle to the access token TokenUser, // get information about the token's groups (LPVOID) pTokenUser, // pointer to TOKEN_USER buffer dwLength, // size of buffer &dwLength // receives required buffer size )) { goto Cleanup; } params[0] = const_cast<TCHAR*>("test string"); // the actual call that places the event into the Event Viewer rc = ReportEvent(g_eventHandle, EVENTLOG_INFORMATION_TYPE, 0, 0, pTokenUser->User.Sid,// the sid goes here <------- 1, 0, (LPCTSTR *)params, NULL); Cleanup: // Free the buffer for the token . if (pTokenUser != NULL) HeapFree(GetProcessHeap(), 0, (LPVOID)pTokenUser); // i am finished with the Event DeregisterEventSource(g_eventHandle);
That's all there is to it. The GetTokenInformation
function has to be called twice; if you have too much or too little allocated for your SID, the function will fail.
The Event View with our entry:
You must Sign In to use this message board. | ||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||
|
General News Question Answer Joke Rant Admin
PermaLink |
Privacy |
Terms of Use
Last Updated: 22 Feb 2006 Editor: Smitha Vijayan |
Copyright 2006 by maththaios Everything else Copyright © CodeProject, 1999-2009 Web20 | Advertise on the Code Project |