Einzelnen Beitrag anzeigen

QuickAndDirty

Registriert seit: 13. Jan 2004
Ort: Hamm(Westf)
1.929 Beiträge
 
Delphi 12 Athens
 
#11

Re: Log - File in eingeschränkten User-Account verstecken?!

  Alt 5. Jan 2009, 11:29
Ich würde es einfach in die Ereignisanzeige schreiben.
Da guckt nie einer Rein.

Die Funktion dazu heist Eventlog.

Hier ist eine Unit aus google Groups die das macht.
Ich habe leider den Autor nicht im Kopf oder notiert.
Delphi-Quellcode:
unit EventLog; //habe die unit aus google.

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms,
Dialogs;

type
  TEventLogRecord = record
    SourceName: AnsiString;
    ComputerName: AnsiString;
    Account: AnsiString;
    Domain: AnsiString;
    TimeGenerated: TDateTime;
    TimeWritten: TDateTime;
    EventID: DWORD;
    EventType: WORD;
    Catagory: WORD;
    Strings: array of AnsiString;
  end;

  TEventLog = class(TComponent)
  private
    { Private declarations }
    m_hEventLog: THandle;
  protected
    { Protected declarations }
    function UCTToDateTime(DateTime: DWORD): TDateTime;
  public
    { Public declarations }
    constructor Create(AOwner: TComponent); override;
    destructor Destroy; override;

    procedure Open(SourceName, UNCServerName: AnsiString); overload;
    procedure Open(SourceName: AnsiString); overload;
    procedure Close;

    // EVENTLOG_ERROR_TYPE, EVENTLOG_WARNING_TYPE,
    // EVENTLOG_INFORMATION_TYPE, EVENTLOG_AUDIT_SUCCESS,
    // EVENTLOG_AUDIT_FAILURE

    procedure Report(AType: WORD; Strings: TStringList; dwEventID: DWORD = 0;
                     ACatagory: WORD = 0; lpRawData: Pointer = nil;
                     dwDataSize:DWORD = 0); overload;
    procedure Report(AType: WORD; Strings: AnsiString; dwEventID: DWORD = 0;
                     ACatagory: WORD = 0; lpRawData: Pointer = nil;
                     dwDataSize: DWORD = 0); overload;
    procedure Clear; overload;
    procedure Clear(FileName: TFileName); overload;
    procedure Backup(FileName: TFileName);
    function Read(Index: Integer): TEventLogRecord;
    function Count: DWORD;
  published
    { Published declarations }
  end;

var
StandardEventLog:TEventLog;

Const
  EVENTLOG_SUCCESS = $0000; // habe ich aus der Unit Windows kopiert
  EVENTLOG_ERROR_TYPE = $0001;
  EVENTLOG_WARNING_TYPE = $0002;
  EVENTLOG_INFORMATION_TYPE = $0004;
  EVENTLOG_AUDIT_SUCCESS = $0008;
  EVENTLOG_AUDIT_FAILURE = $0010;
  
implementation


const
  EVENTLOG_SEEK_READ = 4;
  EVENTLOG_BACKWARDS_READ = 2;
  EVENTLOG_FORWARDS_READ = 2;
  EVENTLOG_SEQUENTIAL_READ = 0;

//------------------------------------------------------------------------------
constructor TEventLog.Create(AOwner: TComponent);
begin
  inherited Create(AOwner);
  m_hEventLog:= INVALID_HANDLE_VALUE;
end;
//------------------------------------------------------------------------------
destructor TEventLog.Destroy;
begin
  Close();
  inherited Destroy();
end;
//------------------------------------------------------------------------------
procedure TEventLog.Open(SourceName: AnsiString);
begin
  Self.Open(SourceName, '');
end;
//------------------------------------------------------------------------------
procedure TEventLog.Open(SourceName, UNCServerName: AnsiString);
var lpUNCServerName, lpSourceName: array[0..MAX_PATH] of char;
    AHandle: THandle;
begin
  if (m_hEventLog = INVALID_HANDLE_VALUE) then
  begin
    StrPCopy(lpUNCServerName, UNCServerName);
    StrPCopy(lpSourceName, SourceName);
    AHandle:= OpenEventLog(lpUNCServerName, lpSourceName);
    if (AHandle = 0) then
      raise Exception.Create(SysErrorMessage(GetLastError()));

    m_hEventLog:= AHandle;
  end;
end;
//------------------------------------------------------------------------------
procedure TEventLog.Close;
begin
  if (m_hEventLog <> INVALID_HANDLE_VALUE) then
  begin
    if (not CloseEventLog(m_hEventLog)) then
      raise Exception.Create(SysErrorMessage(GetLastError()));

    m_hEventLog:= INVALID_HANDLE_VALUE;
  end;
end;
//------------------------------------------------------------------------------
procedure TEventLog.Report(AType: WORD; Strings: TStringList;
dwEventID: DWORD = 0; ACatagory: WORD = 0; lpRawData: Pointer = nil;
dwDataSize: DWORD = 0);
var lpStrings: array of PChar;
    Result: Boolean;
    I: Integer;
begin
  SetLength(lpStrings, Strings.Count);
  for I:=0 to Strings.Count -1 do
  begin
    GetMem(lpStrings[I], Length(Strings[I]) +1);
    StrPCopy(lpStrings[I], Strings[I]);
  end;

  Result:= ReportEvent(m_hEventLog, AType, ACatagory, dwEventID, nil,
Strings.Count, dwDataSize, lpStrings, lpRawData);

  for I:=0 to Strings.Count -1 do
    FreeMem(lpStrings[I]);

  if (not Result) then
    raise Exception.Create(SysErrorMessage(GetLastError()));
end;
//------------------------------------------------------------------------------
procedure TEventLog.Report(AType: WORD; Strings: AnsiString; dwEventID:
DWORD = 0; ACatagory: WORD = 0; lpRawData: Pointer = nil; dwDataSize:
DWORD = 0);
var StringList: TStringList;
begin
  StringList:= TStringList.Create();
  try
    StringList.Add(Strings);
    Self.Report(AType, StringList, dwEventID, ACatagory, lpRawData,
dwDataSize);
  finally
    StringList.Free();
  end;
end;
//------------------------------------------------------------------------------
procedure TEventLog.Clear;
begin
  Self.Clear('');
end;
//------------------------------------------------------------------------------
procedure TEventLog.Clear(FileName: TFileName);
var lpFileName: PChar;
begin
  // if we need to backup the eventlog then copy the filename to a LPSTR
  lpFileName:= nil;

  if (Length(FileName) > 0) then
  begin
    GetMem(lpFileName, Length(FileName) +1);
    StrPCopy(lpFileName, FileName);
  end;

  try
    if (not ClearEventLog(m_hEventLog, lpFileName)) then
      raise Exception.Create(SysErrorMessage(GetLastError()));
  finally
    // free the memory
    FreeMem(lpFileName);
  end;
end;
//------------------------------------------------------------------------------
procedure TEventLog.Backup(FileName: TFileName);
var lpFileName: array[0..MAX_PATH] of char;
begin
  StrPCopy(lpFileName, FileName);

  // backup the current event log
  if (not BackupEventLog(m_hEventLog, lpFileName)) then
    raise Exception.Create(SysErrorMessage(GetLastError()));
end;
//------------------------------------------------------------------------------
function TEventLog.Read(Index: Integer): TEventLogRecord;
type
  PEVENTLOGRECORD = ^EVENTLOGRECORD;
  EVENTLOGRECORD = packed record
    Length: DWORD;
    Reserved: DWORD;
    RecordNumber: DWORD;
    TimeGenerated: DWORD;
    TimeWritted: DWORD;
    EventID: DWORD;
    EventType: WORD;
    NumStrings: WORD;
    EventCatagory: WORD;
    ReservedFlags: WORD;
    ClosingRecordNumber: DWORD;
    StringOffset: DWORD;
    UserSidLength: DWORD;
    UserSidOffset: DWORD;
    DataLength: DWORD;
    DataOffset: DWORD;
  end;

var lpEventLogRecord: PEVENTLOGRECORD;
    I, Offset, BufferSize, NumberOfBytesRead, NumberOfBytesNeeded:
Cardinal;
    lpStrings: PChar;
    lpSID: PSID;
    szAccount, szDomain: array[0..MAX_PATH] of Char;
    dwAccountSize, dwDomainSize: DWORD;
    peUse: Cardinal;
begin
  BufferSize:= SizeOf(EVENTLOGRECORD) + 8192;
  GetMem(lpEventLogRecord, BufferSize);

  try
    NumberOfBytesRead:= 0;
    NumberOfBytesNeeded:= 0;
    if (ReadEventLog(m_hEventLog, EVENTLOG_SEEK_READ or
        EVENTLOG_BACKWARDS_READ or EVENTLOG_FORWARDS_READ,
        Index +1, lpEventLogRecord, BufferSize, NumberOfBytesRead,
        NumberOfBytesNeeded)) then
    begin

      Offset:= SizeOf(EVENTLOGRECORD);
      Result.SourceName:= StrPas(@PChar(lpEventLogRecord)[Offset]);

      Inc(Offset, 1 + StrLen(@PChar(lpEventLogRecord)[Offset]));
      Result.ComputerName:= StrPas(@PChar(lpEventLogRecord)[Offset]);

      Result.TimeGenerated:= UCTToDateTime(lpEventLogRecord^.TimeGenerated);
      Result.TimeWritten:= UCTToDateTime(lpEventLogRecord^.TimeWritted);
      Result.EventID:= lpEventLogRecord^.EventID;
      Result.EventType:= lpEventLogRecord^.EventType;
      Result.Catagory:= lpEventLogRecord^.EventCatagory;

      SetLength(Result.Strings, lpEventLogRecord^.NumStrings);
      Offset:= lpEventLogRecord.StringOffset;
      if lpEventLogRecord^.NumStrings > 0 then
      begin
        for I:=0 to lpEventLogRecord^.NumStrings -1 do
        begin
          lpStrings:= @PChar(lpEventLogRecord)[Offset];
          Result.Strings[I]:= StrPas(lpStrings);
          Inc(Offset, 1 + StrLen(lpStrings));
        end;
      end;

      // get account information
      Offset:= lpEventLogRecord^.UserSidOffset;
      lpSID:= @(PChar(lpEventLogRecord)[Offset]);
      if (lpEventLogRecord^.UserSidLength > 0) then
      begin
        dwAccountSize:= MAX_PATH;
        dwDomainSize:= MAX_PATH;
        if (not LookupAccountSid(nil, lpSID, szAccount, dwAccountSize,
                                 szDomain, dwDomainSize, peUse)) then
          raise Exception.Create(SysErrorMessage(GetLastError()));

        Result.Domain:= StrPas(szDomain);
        Result.Account:= StrPas(szAccount);
      end;
    end else
      raise Exception.Create(SysErrorMessage(GetLastError()));
  finally
    FreeMem(lpEventLogRecord);
  end;
end;
//------------------------------------------------------------------------------
function TEventLog.Count: DWORD;
begin
  if (not GetNumberOfEventLogRecords(m_hEventLog, Result)) then
    raise Exception.Create(SysErrorMessage(GetLastError()));
end;
//------------------------------------------------------------------------------
function TEventLog.UCTToDateTime(DateTime: DWORD): TDateTime;
var Hour, Min, Sec: WORD;
    NumberOfDays: DWORD;
begin
  //
  // UTC: This time is measured in the number of seconds elapsed
  // since 00:00:00 January 1, 1970, Universal Coordinated Time.
  //

  NumberOfDays:= DateTime div (60*60*24);

  DateTime:= DateTime mod (60*60*24);
  Hour:= 1 + DateTime div (60*60);
  DateTime:= DateTime mod (60*60);
  Min:= DateTime div 60;
  DateTime:= DateTime mod (60);
  Sec:= DateTime;
  Result:= EncodeDate(1970, 1, 1) + NumberOfDays + EncodeTime(Hour,
Min, Sec, 0);
end;
//------------------------------------------------------------------------------

end.
Evtl. kannst du den Inhalt der Logs auch Base64 "verschlüsseln"... nur für den Fall das einer mal reinguckt.
Andreas
Monads? Wtf are Monads?
  Mit Zitat antworten Zitat