2,640
社区成员
发帖
与我相关
我的任务
分享
The following example reads all the records in the Application logfile and displays the event identifier, event type, and event source for each event log entry.
void DisplayEntries( )
{
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;
// Open the Application event log.
h = OpenEventLog( NULL, // use local computer
"Application "); // source name
if (h == NULL)
ErrorExit( "Could not open the Application event log. ");
pevlr = (EVENTLOGRECORD *) &bBuffer;
// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the records
// sequentially until there are no more.
while (ReadEventLog(h, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
// Print the event identifier, type, and source name.
// The source name is just past the end of the
// formal structure.
printf( "%02d Event ID: 0x%08X ",
dwThisRecord++, pevlr-> EventID);
printf( "EventType: %d Source: %s\n ",
pevlr-> EventType, (LPSTR) ((LPBYTE) pevlr +
sizeof(EVENTLOGRECORD)));
dwRead -= pevlr-> Length;
pevlr = (EVENTLOGRECORD *)
((LPBYTE) pevlr + pevlr-> Length);
}
pevlr = (EVENTLOGRECORD *) &bBuffer;
}
CloseEventLog(h);
}