1,221
社区成员
发帖
与我相关
我的任务
分享
for (i=0; i<nLogNum; i++ )
{
// Open the event log.
hEvent = OpenEventLog(pServerName, // use local computer
szLogName[i]); // source name
if (hEvent == NULL)
printf("Could not open the %s event log.\n", szLogName[i]);
pevlr = (EVENTLOGRECORD *) &szBuffer;
// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the records
// sequentially until there are no more.
while (ReadEventLog(hEvent, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
mRet = sizeof(EVENTLOGRECORD);
strcpy(lpszSourceName, (LPTSTR)((LPBYTE)pevlr +mRet));//事件源
//fprintf(fd,"%s", lpszSourceName);
mRet += strlen(lpszSourceName) + 1;
strcpy(lpszComputerName, (LPTSTR)((LPBYTE)pevlr + mRet));//机器名
mRet += strlen(lpszComputerName) + 1;
if(pevlr->UserSidLength>0)
{;}
mRet = pevlr->DataOffset - pevlr->StringOffset;
if(mRet>0)//事件描述
{
//pStrings = new char[mRet];
///////////////////////////////////////////////////////////
pStrings = (LPBYTE)GlobalAlloc(GPTR, mRet * sizeof(BYTE));
memcpy(pStrings,(LPBYTE)pevlr+pevlr->StringOffset,mRet);
uStepOfString=0;
szExpandedString = (TCHAR*)GlobalAlloc(GPTR, (mRet + 1024) * sizeof(TCHAR));
for(unsigned int x=0;x<pevlr->NumStrings;x++)
{
if(x == 0)
{
strcpy(szExpandedString, (TCHAR *)pStrings + uStepOfString);
if(x<(UINT)pevlr->NumStrings - 1)
strcat(szExpandedString, ",");
}
else
strcat(szExpandedString, (TCHAR*)pStrings + uStepOfString);
uStepOfString = strlen((TCHAR*)pStrings + uStepOfString) + 1;
}
//************************************************************************************