|
|
|
|
Full Version: Clearlogs V1.0
Hi All,
i've just finished writing another new tool which might come in handy: ClearLogs v1.0. clearlogs is a simple tool which clears the Windows eventlogs with just one (double-)click. The logfiles aren't saved so they aren't retrievable after running this program. clearlogs is released under the GPL (open source) and it is written in ASM (masm32). you can get it here. I hope this tool might prove helpful to someone  regards, White Scorpion
Thanks for sharing your source code with us.
As i recall the c++ version will something like this: CODE void clearlogs() { HANDLE eventlog; eventlog = RegisterEventSource(NULL, "Application"); ClearEventLog(eventlog, NULL); DeregisterEventSource(eventlog); eventlog = RegisterEventSource(NULL, "Security"); ClearEventLog(eventlog, NULL); DeregisterEventSource(eventlog); eventlog = RegisterEventSource(NULL, "System"); ClearEventLog(eventlog, NULL); DeregisterEventSource(eventlog); } Correct me if i'm wrong.
i've tried your clearlogs out, and it worked fine, but when executing there pops up a box saying that the logs are cleared, aint it possible to turn that off?
And also wanna say nice coding  grtz
just edit the source and recompile... (i.e. remove the MessageBox call)
QUOTE(tibbar @ Feb 13 2005, 10:27 AM) just edit the source and recompile... (i.e. remove the MessageBox call)  oki thx mate
tibbar is right,
here's a version attached which has no output whatsoever. as for the C/C++ version. appearenlty it also works with RegisterEventSource() although i have used OpenEventLog() , they both return a handle to the eventlog.
I tried jead99 code but don't works very well (I only tested it on Windows 2003). It cleared all logs except Security logs .
CODE #include <windows.h> int main(void) { int i; HANDLE eventlog; char * evtlog [] = { "Application", "Security","System"}; for (i=0;i<3;++i) { eventlog = OpenEventLog(NULL, evtlog[i]); ClearEventLog(eventlog, NULL); CloseEventLog(eventlog); } return EXIT_SUCCESS; } edit: I also modified White Scorpion ClearLogs and packed with FSG. I obtained a 873 bytes executable CODE .386 .model flat,stdcall option casemap:none include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\advapi32.inc includelib \masm32\lib\kernel32.lib includelib \masm32\lib\advapi32.lib .DATA App db "Application",0,"Security",0,"System",0 .DATA hLog DWORD ? .CODE start: lea ebx,App mov ecx,3 run: push ecx invoke OpenEventLog,NULL,ebx .IF eax!=NULL mov hLog,eax invoke ClearEventLog,hLog,NULL invoke CloseEventLog,hLog .ENDIF pop ecx dec ecx cmp ecx,1 je two add ebx,12 jmp three two: add ebx,9 three: test ecx,ecx jnz run invoke ExitProcess,0 end start try this one with FSG, i think this one will be even smaller
very good work
always used arne's program never thought of actually making my own
but i figure what the hell might as well make one too .. heres a revision of your code for commandline use .. it allows you to choose which logs to clear
CODE .386 .model flat,stdcall option casemap:none include \masm32\include\windows.inc include \masm32\include\kernel32.inc include \masm32\include\shell32.inc include \masm32\include\advapi32.inc include \masm32\include\masm32.inc include \masm32\include\user32.inc includelib \masm32\lib\kernel32.lib includelib \masm32\lib\shell32.lib includelib \masm32\lib\advapi32.lib includelib \masm32\lib\masm32.lib includelib \masm32\lib\user32.lib .data commandLine dd 0 USAGE db '_______________________________________________________________',13,10 db '* ClearlogsCL 1.0 *',13,10 db '* by illwill - xillwillx@yahoo.com *',13,10 db '*_____________________________________________________________*',13,10 db '* USAGE: cl.exe [Log: 1/2/3] *',13,10 db '* 1 = Application *',13,10 db '* 2 = Security *',13,10 db '* 3 = System *',13,10 db '*_____________________________________________________________*',13,10 db ' Based on Code From WhiteScorpion ',13,10,0 fmt db '%s log has been cleared.',0 App db 'Application',0 Sec db 'Security',0 Syst db 'System',0 .data? szLog db 4 dup(?) hLog DWORD ? strbuf db 64 dup (?) .code start: invoke GetCommandLine mov commandLine, eax invoke GetCL, 1, addr szLog cmp al, 1 je @F invoke StdOut, addr USAGE jmp exit_rj @@: mov al, szLog cmp al, '1' jne @F lea ebx,App jmp do_it @@: cmp al, '2' jne @F lea ebx,Sec jmp do_it @@: cmp al, '3' lea ebx, Syst do_it: invoke OpenEventLog,NULL,ebx .IF eax!=NULL mov hLog,eax invoke ClearEventLog,hLog,NULL invoke CloseEventLog,hLog .ENDIF invoke wsprintf, addr strbuf, addr fmt,ebx invoke StdOut, addr strbuf exit_rj: invoke ExitProcess, eax end start
Nice code illwill
well, since we are writing all different ones, i've decided to write another one for the commandline but then in C (for people who don't understand ASM).: CODE #include <stdio.h> #include <stdlib.h> #include <strings.h> #include <windows.h> void Usage(char buffer[]); int main(int argc,char *argv[]) { if(argc!=2) { Usage(argv[0]); return EXIT_FAILURE; } HANDLE hLog; if(strcmp(argv[1],"-app")==0) { if((hLog=OpenEventLog(NULL,"Application"))!=NULL) { ClearEventLog(hLog,NULL); CloseEventLog(hLog); printf("Application log cleared successfully."); return EXIT_SUCCESS; } return EXIT_FAILURE; } else if(strcmp(argv[1],"-sec")==0) { if((hLog=OpenEventLog(NULL,"Security"))!=NULL) { ClearEventLog(hLog,NULL); CloseEventLog(hLog); printf("Security log cleared successfully."); return EXIT_SUCCESS; } return EXIT_FAILURE; } else if(strcmp(argv[1],"-sys")==0) { if((hLog=OpenEventLog(NULL,"System"))!=NULL) { ClearEventLog(hLog,NULL); CloseEventLog(hLog); printf("System log cleared successfully."); return EXIT_SUCCESS; } return EXIT_FAILURE; } Usage(argv[0]); return EXIT_FAILURE; } //the Usage Function void Usage(char buffer[]) { printf("ClearLogs v1.1 written by White Scorpion (C)2005\n"); printf("********* http://www.white-scorpion.nl *********\n\n"); printf(" Based on the idea from illwill\n\n\n"); printf("A program that can clear the Windows eventlogs.\n\n"); printf("Usage:\n"); printf("%s -app\t(clears application eventlog).\n",buffer); printf("%s -sec\t(clears security eventlog).\n",buffer); printf("%s -sys\t(clears system eventlog).\n",buffer); }
#include <strings.h>
#include <string.h> also added your website button to illmob
[quote]
#include <strings.h> #include <string.h> [/code] this is compiler dependant. i'm using dev-cpp and i need strings.h ... [edit]nice site illmob.org , do you have such a button as well? max size can be 88x31 pixels.[/edit].
[EDIT]
stupid IE, i got a blank screen, i press refresh and i have 2 posts.... so ingnore this one ;-)[/EDIT]
yea just get it from my site below your button
got it, added it
i've decided i wanted a forum as well, so i've added one yesterday. now all i need is members and posts http://www.white-scorpion.nl/forums/
once again White Scorpion real nice work.
thanks Tedob1.
are you the same as from AO? i've seen you've became a member on my forums as well ;-) nice to have you there! This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
|
|
