in src/Windows/dll/evtx_logging.cpp [26:96]
DWORD check_install_event_log_source()
{
const std::string key_path(DCAP_EVTX_KEY);
wil::unique_hkey key;
DWORD last_error = RegOpenKeyExA(
HKEY_LOCAL_MACHINE,
key_path.c_str(),
0,
KEY_READ,
key.addressof());
if (FAILED(last_error))
{
last_error = RegCreateKeyExA(
HKEY_LOCAL_MACHINE,
key_path.c_str(),
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_SET_VALUE,
NULL,
key.addressof(),
NULL);
if (SUCCEEDED(last_error))
{
std::string fullPath;
DWORD result = GetModuleFullName(fullPath);
if (SUCCEEDED(result))
{
const DWORD types_supported = EVENTLOG_ERROR_TYPE |
EVENTLOG_WARNING_TYPE |
EVENTLOG_INFORMATION_TYPE;
if (fullPath.length() <= MAXDWORD)
{
last_error = RegSetValueExA(
key.get(),
"EventMessageFile",
0,
REG_SZ,
(BYTE*)fullPath.c_str(),
(DWORD)fullPath.length());
if (last_error == ERROR_SUCCESS)
{
last_error = RegSetValueExA(
key.get(),
"TypesSupported",
0,
REG_DWORD,
(LPBYTE)&types_supported,
sizeof(types_supported));
}
}
else
{
return ERROR_BAD_LENGTH;
}
}
}
}
DWORD status = RegCloseKey(key.get());
if (SUCCEEDED(last_error))
{
return status;
}
return last_error;
}