相当于读文件,并从中提取你想要的信息。The following example reads all the records in the Application logfile and displays the event identifier, event type, and event source for each event log entry. void DisplayEntries( ) { HANDLE h; EVENTLOGRECORD *pevlr; BYTE bBuffer[BUFFER_SIZE]; DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;
// Open the Application event log.
h = OpenEventLog( NULL, // use local computer "Application "); // source name if (h == NULL) ErrorExit( "Could not open the Application event log. ");
pevlr = (EVENTLOGRECORD *) &bBuffer;
// Opening the event log positions the file pointer for this // handle at the beginning of the log. Read the records // sequentially until there are no more.
while (ReadEventLog(h, // event log handle EVENTLOG_FORWARDS_READ | // reads forward EVENTLOG_SEQUENTIAL_READ, // sequential read 0, // ignored for sequential reads pevlr, // pointer to buffer BUFFER_SIZE, // size of buffer &dwRead, // number of bytes read &dwNeeded)) // bytes in next record { while (dwRead > 0) { // Print the event identifier, type, and source name. // The source name is just past the end of the // formal structure.
{
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;
// Open the Application event log.
h = OpenEventLog( NULL, // use local computer
"Application "); // source name
if (h == NULL)
ErrorExit( "Could not open the Application event log. ");
pevlr = (EVENTLOGRECORD *) &bBuffer;
// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the records
// sequentially until there are no more.
while (ReadEventLog(h, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
// Print the event identifier, type, and source name.
// The source name is just past the end of the
// formal structure.
printf( "%02d Event ID: 0x%08X ",
dwThisRecord++, pevlr-> EventID);
printf( "EventType: %d Source: %s\n ",
pevlr-> EventType, (LPSTR) ((LPBYTE) pevlr +
sizeof(EVENTLOGRECORD)));
dwRead -= pevlr-> Length;
pevlr = (EVENTLOGRECORD *)
((LPBYTE) pevlr + pevlr-> Length);
}
pevlr = (EVENTLOGRECORD *) &bBuffer;
}
CloseEventLog(h);
} 参考网址:
http://topic.csdn.net/t/20060223/16/4573374.html
你看看吧,希望对你有用