5,530
社区成员
发帖
与我相关
我的任务
分享求大神啊!!!C++如何使用EVENTLOGRECORD读取Windows系统日志解析后的详细信息啊!!!
怎么读取第一张图的详细内容啊
我一直读到的都是最后一张图那样
看了好多软件和文章,都没有这个定义啊
int main()
{
HANDLE Log;
EVENTLOGRECORD *ptr;
TCHAR Buffer[BUFFER_SIZE] = { 0 };
DWORD dwRead, dwNeeded;
string Type, Source, UserID, User, msg;
char *pchar, Data[4096];
int Time, ID;
if ((Log = OpenEventLog(NULL, "Security")) == NULL)
{
printf("OpenEventLog For Security Errr:%d \n", GetLastError());
system("pause");
return 0;
}
while (ReadEventLog(Log,
EVENTLOG_SEQUENTIAL_READ |
EVENTLOG_FORWARDS_READ,
0,
(EVENTLOGRECORD*)Data,
sizeof(Data),
&dwRead,
&dwNeeded))
{
for (short i = 0; i < dwRead;)
{
EVENTLOGRECORD *ptr = (EVENTLOGRECORD*)(Data + i);
//事件类型
switch (ptr->EventType)
{
case EVENTLOG_ERROR_TYPE: Type = "错误事件"; break;
case EVENTLOG_AUDIT_FAILURE: Type = "审核失败"; break;
case EVENTLOG_AUDIT_SUCCESS: Type = "审核成功"; break;
case EVENTLOG_INFORMATION_TYPE: Type = "信息事件"; break;
case EVENTLOG_WARNING_TYPE: Type = "警告事件"; break;
default:continue;
}
//日期和时间
Time = ptr->TimeWritten;
//源头
Source = (TCHAR *)ptr + sizeof(EVENTLOGRECORD);
//事件ID
ID = (short)ptr->EventID;
//计算机名
pchar = (TCHAR *)ptr + sizeof(EVENTLOGRECORD);
pchar += (strlen(pchar) + 1);
UserID = pchar;
//用户名
pchar += strlen(pchar) + 1;
if (ptr->UserSidLength>0)
{
char Name[64];
DWORD Length = sizeof(SID), Length1 = sizeof(Buffer);
SID_NAME_USE Type = SidTypeUser;
SID *sid = (SID *)(Data + ptr->UserSidOffset);
if (LookupAccountSid(NULL, sid, Name, &Length, Buffer, &Length1, &Type))
User = Name;
}
//获取事件描述
if (ptr->DataOffset > ptr->StringOffset)
{
printf("描述\t");
pchar = Data + i + ptr->StringOffset;
printf("%s ", pchar);
for (short j = 0; j < ptr->NumStrings; j++)
{
pchar += strlen(pchar) + 1;
printf("%s ", pchar);
}
}
cout << "\n" << endl;
i += ptr->Length;
}
}
CloseEventLog(Log);
system("pause");
return 0;
}
有更好的办法吗?不需要另类解析,直接是读取解析后的中文详细信息,就是图一的内容
...全文
请发表友善的回复…
发表回复
beijingbeerman 2022-01-28
- 打赏
- 举报
Harry_Yajie 2019-09-28
- 打赏
- 举报
你ID是怎么读取的啊
a513155803 2019-03-15
- 打赏
- 举报
用其他方法解决了
qq_43010024 2022-01-23
- 举报
怎么解决的,求代码
