请问, windows ReportEvent在log文件满的情况下写在哪去了？ReadEventLog查看不到，而windows事件查看器中能查看到？

namespace

{

	struct Thread_NotifyChangeEventLog_Para

	{

		HANDLE  hlogFile;

		HANDLE he;

	};



	BOOL Thread_NotifyChangeEventLog_IsOn =FALSE;

	DWORD _stdcall Thread_NotifyChangeEventLog(LPVOID lp)

	{

		Thread_NotifyChangeEventLog_IsOn =true;

		Thread_NotifyChangeEventLog_Para* fa = (Thread_NotifyChangeEventLog_Para*)(lp);

		while(true)

		{

			NotifyChangeEventLog(fa->hlogFile, fa->he);

			WaitForSingleObject(fa->he, -1);

			OutputDebugStringA("Catched  Thread_NotifyChangeEventLog\n");

		}

		Thread_NotifyChangeEventLog_IsOn =FALSE;

	}

};



void CDriverTestDia2Dlg::OnBnClickedButton18()

{

	BOOL b;



	static const LPCWSTR MYEventLogName = L"MyTestEventLog";



	//	打开

	HANDLE  hlogFile = OpenEventLog( NULL,             // use local computer 

		MYEventLogName);   // source name			//MyTestEventLog	Application



	//	notity

	if (!Thread_NotifyChangeEventLog_IsOn)

	{

		HANDLE  he = ::CreateEvent(0, 0, 0, 0);

		static Thread_NotifyChangeEventLog_Para tncep;

		tncep.hlogFile =hlogFile;

		tncep.he = he;

		DWORD tid =0;

		::CreateThread(0, 0, Thread_NotifyChangeEventLog, &tncep, 0, &tid);

	}



	//	clear

	b = ClearEventLog(hlogFile, 0);	//	注意，此处如果不清空，那么在文件满的情况下，ReadEventLog并不能读到刚写入的



	//	注册

	{

		HKEY         hRegKey = NULL; 

		DWORD   dwError = 0;

		TCHAR     szPath[ MAX_PATH ];

		_stprintf( szPath, _T("SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\%s"), MYEventLogName );

		// Create the event source registry key

		dwError = RegCreateKey( HKEY_LOCAL_MACHINE, szPath, &hRegKey );

		if (dwError == 0)

		{

				// Name of the PE module that contains the message resource

			GetModuleFileName( NULL, szPath, MAX_PATH );

			// Register EventMessageFile

			dwError = RegSetValueEx( hRegKey, _T("EventMessageFile"), 0, REG_EXPAND_SZ, (PBYTE) szPath, (_tcslen( szPath) + 1) * sizeof TCHAR ); 

			if (dwError == 0)

			{

				// Register supported event types

				DWORD dwTypes = EVENTLOG_ERROR_TYPE | EVENTLOG_WARNING_TYPE | EVENTLOG_INFORMATION_TYPE; 

				dwError = RegSetValueEx( hRegKey, _T("TypesSupported"), 0, REG_DWORD, (LPBYTE) &dwTypes, sizeof dwTypes );

				// If we want to support event categories, we have also to register     the CategoryMessageFile.

				// and set CategoryCount. Note that categories need to have the message ids 1 to CategoryCount!

				if(dwError == 0 ) 

				{

					DWORD dwCategoryCount =0;

					dwError = RegSetValueEx( hRegKey, _T("CategoryMessageFile"), 0, REG_EXPAND_SZ, (PBYTE) szPath, (_tcslen( szPath) + 1) * sizeof TCHAR );

					if (dwError == 0)

					{

						dwError = RegSetValueEx( hRegKey, _T("CategoryCount"), 0, REG_DWORD, (PBYTE) &dwCategoryCount, sizeof dwCategoryCount );

						if (dwError == 0)

							OutputDebugStringA("suc: Reg event\n");

					}

				}

			}

		}

		RegCloseKey( hRegKey );

	}



	//	写入

	LPCTSTR ppszArgs[]={L"I make a trick!!!!!!!"};  // 要显示的信息

	HANDLE  hLog = ::RegisterEventSource( NULL, MYEventLogName); //之前注册的事件源

	BOOL bRet = ReportEvent(hLog, EVENTLOG_INFORMATION_TYPE, 

		0, 0x12345678, NULL, 1, 0, ppszArgs,         NULL);    // 显示记录

	if (!bRet)

		OutputDebugStringA("Err: ReportEvent\n");



	//	重打开

	HANDLE   hlogFileReOpen = OpenEventLog( NULL,             // use local computer 

		MYEventLogName);   // source name			//MyTestEventLog	Application

	//	读出

	int bBufferSize =0x1000;

	char bBuffer[0x1000] = {0}; 

	DWORD dwRead, dwNeeded;

	DWORD dwThisRecord =0;

	while (ReadEventLog(hlogFileReOpen,                // event log handle 

		EVENTLOG_FORWARDS_READ |  // reads forward 

		EVENTLOG_SEQUENTIAL_READ		, // sequential read 

		0,            // ignored for sequential reads 

		bBuffer,        // pointer to buffer 

		bBufferSize,  // size of buffer 

		&dwRead,      // number of bytes read 

		&dwNeeded))   // bytes in next record 

	{



		EVENTLOGRECORD*	pevlr = (EVENTLOGRECORD *) &bBuffer; 

		while (dwRead > 0) 

		{

			TRACE(_T("%02d  Event ID: 0x%08X \n"), 

				dwThisRecord++, pevlr->EventID); 

			TRACE(_T("EventType: %d Source: %ws\n"), 

				pevlr->EventType, (LPCTSTR)((LPBYTE) pevlr + sizeof(EVENTLOGRECORD))); 

			if(0 == wcscmp((LPCTSTR)((LPBYTE) pevlr + sizeof(EVENTLOGRECORD)), MYEventLogName))

				OutputDebugStringW(L"Catched MyTestEventLog\n");

			dwRead -= pevlr->Length; 

			pevlr = (EVENTLOGRECORD *) 

				((LPBYTE) pevlr + pevlr->Length);

			pevlr->TimeGenerated;

			

		}

	}





	//	清理

	//...



}