我的程序可以读到系统日志的详细内容,可是读到的描述总是不完全,比如“Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free。”就只能读到“5.01.2600.01.”,还有一些,应该是内存地址错误的事,但找来找去也找不到解决办法!下面是我的程序:#include <windows.h>
#include <stdio.h>
#include <time.h>
//#define BUFFER_SIZE 1024*128
#define BUFFER_SIZE 4096
void DisplayEntries()
{
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, dwThisRecord; // Open the Application event log. h = OpenEventLog( NULL, // use local computer
"System"); // source name
if (h == NULL)
{
printf("Could not open the Application event log.");
return;
}pevlr = (EVENTLOGRECORD *) &bBuffer; // Get the record number of the oldest event log record.GetOldestEventLogRecord(h, &dwThisRecord);// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the event log records
// sequentially until the last record has been read. while (ReadEventLog(h, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
1, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
// Print the record number, event identifier, type,
// and source name.
printf("记录:%03d \n事件ID: \t%u\n分类: ",
dwThisRecord++, pevlr->EventID); switch(pevlr->EventType)
{
case EVENTLOG_SUCCESS:
printf("成功\n");
break;
case EVENTLOG_ERROR_TYPE:
printf("错误\n");
break;
case EVENTLOG_WARNING_TYPE:
printf("警告\n");
break;
case EVENTLOG_INFORMATION_TYPE:
printf("信息\n");
break;
case EVENTLOG_AUDIT_SUCCESS:
printf("审计成功\n");
break;
case EVENTLOG_AUDIT_FAILURE:
printf("审计失败\n");
break;
default:
printf("Unknown\n");
break;
}
long mRet;
char lpszSourceName[255]={0};
char lpszComputerName[255]={0};
char szExpandedString[BUFFER_SIZE]={0};
char* pStrings;
unsigned uStepOfString;
mRet=sizeof(EVENTLOGRECORD);sprintf(lpszSourceName,"%s",(LPSTR) ((LPBYTE) pevlr + mRet)); //来源
printf("来源: %s\n",(LPSTR) ((LPBYTE) pevlr + mRet));
mRet += (long)strlen(lpszSourceName) + 1;sprintf(lpszComputerName,"%s",(LPSTR) ((LPBYTE) pevlr + mRet));
printf("计算机: %s\n",(LPSTR) ((LPBYTE) pevlr + mRet));
mRet+= (long)strlen(lpszComputerName) + 1;/*if(pevlr->UserSidLength>0)
{
mRet=pevlr->DataOffset-pevlr->StringOffset;
}*/
mRet=pevlr->DataOffset-pevlr->StringOffset;if(mRet > 0)
{
pStrings = new char[mRet];
memset(pStrings,0,mRet);
memcpy(pStrings,(LPBYTE)pevlr+pevlr->StringOffset,mRet);
uStepOfString=0;
for(int x=0;x<pevlr->NumStrings;x++)
{
if(x == 0)
{
strcpy(szExpandedString, (TCHAR *)pStrings + uStepOfString);
/*if(x < (UINT)pevlr->NumStrings - 1)
{
strcat(szExpandedString, ",");
}*/
}else
{
strcat(szExpandedString,(TCHAR *)pStrings + uStepOfString);
}
uStepOfString = (unsigned int)strlen(pStrings + uStepOfString) + 1;
}
delete [] pStrings;
}printf("描述: %s\n",szExpandedString);tm *wtm = localtime((const long *)&pevlr->TimeWritten);
printf("写入时间\t%.4hd-%.2hd-%.2hd %.2hd:%.2hd:%.2hd\n", wtm->tm_year + 1900, wtm->tm_mon + 1, wtm->tm_mday, wtm->tm_hour, wtm->tm_min, wtm->tm_sec);
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)
((LPBYTE) pevlr + pevlr->Length); printf("\n");
} pevlr = (EVENTLOGRECORD *) &bBuffer;
} CloseEventLog(h);
}
int _tmain()
{
DisplayEntries();
}
#include <stdio.h>
#include <time.h>
//#define BUFFER_SIZE 1024*128
#define BUFFER_SIZE 4096
void DisplayEntries()
{
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, dwThisRecord; // Open the Application event log. h = OpenEventLog( NULL, // use local computer
"System"); // source name
if (h == NULL)
{
printf("Could not open the Application event log.");
return;
}pevlr = (EVENTLOGRECORD *) &bBuffer; // Get the record number of the oldest event log record.GetOldestEventLogRecord(h, &dwThisRecord);// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the event log records
// sequentially until the last record has been read. while (ReadEventLog(h, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
1, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
// Print the record number, event identifier, type,
// and source name.
printf("记录:%03d \n事件ID: \t%u\n分类: ",
dwThisRecord++, pevlr->EventID); switch(pevlr->EventType)
{
case EVENTLOG_SUCCESS:
printf("成功\n");
break;
case EVENTLOG_ERROR_TYPE:
printf("错误\n");
break;
case EVENTLOG_WARNING_TYPE:
printf("警告\n");
break;
case EVENTLOG_INFORMATION_TYPE:
printf("信息\n");
break;
case EVENTLOG_AUDIT_SUCCESS:
printf("审计成功\n");
break;
case EVENTLOG_AUDIT_FAILURE:
printf("审计失败\n");
break;
default:
printf("Unknown\n");
break;
}
long mRet;
char lpszSourceName[255]={0};
char lpszComputerName[255]={0};
char szExpandedString[BUFFER_SIZE]={0};
char* pStrings;
unsigned uStepOfString;
mRet=sizeof(EVENTLOGRECORD);sprintf(lpszSourceName,"%s",(LPSTR) ((LPBYTE) pevlr + mRet)); //来源
printf("来源: %s\n",(LPSTR) ((LPBYTE) pevlr + mRet));
mRet += (long)strlen(lpszSourceName) + 1;sprintf(lpszComputerName,"%s",(LPSTR) ((LPBYTE) pevlr + mRet));
printf("计算机: %s\n",(LPSTR) ((LPBYTE) pevlr + mRet));
mRet+= (long)strlen(lpszComputerName) + 1;/*if(pevlr->UserSidLength>0)
{
mRet=pevlr->DataOffset-pevlr->StringOffset;
}*/
mRet=pevlr->DataOffset-pevlr->StringOffset;if(mRet > 0)
{
pStrings = new char[mRet];
memset(pStrings,0,mRet);
memcpy(pStrings,(LPBYTE)pevlr+pevlr->StringOffset,mRet);
uStepOfString=0;
for(int x=0;x<pevlr->NumStrings;x++)
{
if(x == 0)
{
strcpy(szExpandedString, (TCHAR *)pStrings + uStepOfString);
/*if(x < (UINT)pevlr->NumStrings - 1)
{
strcat(szExpandedString, ",");
}*/
}else
{
strcat(szExpandedString,(TCHAR *)pStrings + uStepOfString);
}
uStepOfString = (unsigned int)strlen(pStrings + uStepOfString) + 1;
}
delete [] pStrings;
}printf("描述: %s\n",szExpandedString);tm *wtm = localtime((const long *)&pevlr->TimeWritten);
printf("写入时间\t%.4hd-%.2hd-%.2hd %.2hd:%.2hd:%.2hd\n", wtm->tm_year + 1900, wtm->tm_mon + 1, wtm->tm_mday, wtm->tm_hour, wtm->tm_min, wtm->tm_sec);
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)
((LPBYTE) pevlr + pevlr->Length); printf("\n");
} pevlr = (EVENTLOGRECORD *) &bBuffer;
} CloseEventLog(h);
}
int _tmain()
{
DisplayEntries();
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货