16,465
社区成员
发帖
与我相关
我的任务
分享
#include <atlbase.h>
#include <atlstr.h>
#include <iostream>
#include <string>
using namespace std;
#define BUFFER_SIZE 512*2
int main()
{
HKEY hKey;
DWORD dwType;
char valueBuf[BUFFER_SIZE];
TCHAR dllName[BUFFER_SIZE];
DWORD dwSize;
// Name of the event log.
LPCTSTR logName = TEXT("system");
DWORD fm_flags = 0;
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded;
LPCTSTR lpSourceName;
/* Flags for format event */
fm_flags |= FORMAT_MESSAGE_FROM_HMODULE;
fm_flags |= FORMAT_MESSAGE_ALLOCATE_BUFFER;
fm_flags |= FORMAT_MESSAGE_FROM_SYSTEM;
// Step 1: ---------------------------------------------------------
// Open the event log. ---------------------------------------------
h = OpenEventLog(NULL, logName);
if (h == NULL)
{
std::wcout << L"Could not open the event log." << std::endl;
return 0;
}
// Step 2: ---------------------------------------------------------
// Initialize the event record buffer. -----------------------------
pevlr = (EVENTLOGRECORD *)&bBuffer;
// Step 3: ---------------------------------------------------------
// When the event log is opened, the position of the file pointer
// is at the beginning of the log. Read the event log records
// sequentially until the last record has been read.
if (ReadEventLog(h, // Event log handle
EVENTLOG_FORWARDS_READ | // Reads forward
EVENTLOG_SEQUENTIAL_READ, // Sequential read
0, // Ignored for sequential read
pevlr, // Pointer to buffer
BUFFER_SIZE, // Size of buffer
&dwRead, // Number of bytes read
&dwNeeded)) // Bytes in the next record
{
while (dwRead > 0)
{
// Get the event source name.
lpSourceName = (LPCTSTR)((LPBYTE)pevlr + sizeof(EVENTLOGRECORD));
CString strKey;
strKey.Format(TEXT("SYSTEM\\CURRENTCONTROLSET\\SERVICES\\EVENTLOG\\%s\\%s"), logName, lpSourceName);
if (RegOpenKey(HKEY_LOCAL_MACHINE, strKey, &hKey) == ERROR_SUCCESS) {
dwType = REG_EXPAND_SZ;
dwSize = sizeof(valueBuf);
if (RegQueryValueEx(hKey, "EventMessageFile", 0, &dwType, (unsigned char*)&valueBuf, &dwSize) != ERROR_SUCCESS) {
printf("Some error occurred!\n");
}
ExpandEnvironmentStrings(valueBuf, dllName, dwSize);
}
RegCloseKey(hKey);
// Step 4: ---------------------------------------------------------
// Load the message DLL file. --------------------------------------
HMODULE hResources = NULL;
hResources = LoadLibraryEx(dllName, NULL, LOAD_LIBRARY_AS_IMAGE_RESOURCE | LOAD_LIBRARY_AS_DATAFILE);
// Print the information if the event source and the message
// match the parameters
LPTSTR pMessage = NULL;
int num = 0;
// Step 5: ----------------------------------------------
// Retrieve the message string. -------------------------
num = FormatMessage(
fm_flags, // Format of message
hResources, // Handle to the DLL file
pevlr->EventID, // Event message identifier
MAKELCID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR)&pMessage,
0,
NULL); // Array of insert values
FreeLibrary(hResources);
if (pMessage)
{
std::wcout << L"Event message:" << pMessage << std::endl;
LocalFree(pMessage);
}
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)((LPBYTE)pevlr + pevlr->Length);
}
}
// Step 6: -------------------------------------------------------------
// Close the event log.
CloseEventLog(h);
return 0;
}