//From MSDNReading the Event Log The following example reads all the records in the Application logfile and displays the event identifier, event type, and event source for each event log entry. void DisplayEntries( ) { HANDLE h; EVENTLOGRECORD *pevlr; BYTE bBuffer[BUFFER_SIZE]; DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;
// Open the Application event log.
h = OpenEventLog( NULL, // use local computer "Application"); // source name if (h == NULL) ErrorExit("Could not open the Application event log.");
pevlr = (EVENTLOGRECORD *) &bBuffer;
// Opening the event log positions the file pointer for this // handle at the beginning of the log. Read the records // sequentially until there are no more.
while (ReadEventLog(h, // event log handle EVENTLOG_FORWARDS_READ | // reads forward EVENTLOG_SEQUENTIAL_READ, // sequential read 0, // ignored for sequential reads pevlr, // pointer to buffer BUFFER_SIZE, // size of buffer &dwRead, // number of bytes read &dwNeeded)) // bytes in next record { while (dwRead > 0) { // Print the event identifier, type, and source name. // The source name is just past the end of the // formal structure.
呵呵 绝对是你要的 :)
http://expert.csdn.net/Expert/TopicView1.asp?id=2469771
帮我顶 谢谢
The following example reads all the records in the Application logfile and displays the event identifier, event type, and event source for each event log entry. void DisplayEntries( )
{
HANDLE h;
EVENTLOGRECORD *pevlr;
BYTE bBuffer[BUFFER_SIZE];
DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;
// Open the Application event log.
h = OpenEventLog( NULL, // use local computer
"Application"); // source name
if (h == NULL)
ErrorExit("Could not open the Application event log.");
pevlr = (EVENTLOGRECORD *) &bBuffer;
// Opening the event log positions the file pointer for this
// handle at the beginning of the log. Read the records
// sequentially until there are no more.
while (ReadEventLog(h, // event log handle
EVENTLOG_FORWARDS_READ | // reads forward
EVENTLOG_SEQUENTIAL_READ, // sequential read
0, // ignored for sequential reads
pevlr, // pointer to buffer
BUFFER_SIZE, // size of buffer
&dwRead, // number of bytes read
&dwNeeded)) // bytes in next record
{
while (dwRead > 0)
{
// Print the event identifier, type, and source name.
// The source name is just past the end of the
// formal structure.
printf("%02d Event ID: 0x%08X ",
dwThisRecord++, pevlr->EventID);
printf("EventType: %d Source: %s\n",
pevlr->EventType, (LPSTR) ((LPBYTE) pevlr +
sizeof(EVENTLOGRECORD)));
dwRead -= pevlr->Length;
pevlr = (EVENTLOGRECORD *)
((LPBYTE) pevlr + pevlr->Length);
}
pevlr = (EVENTLOGRECORD *) &bBuffer;
}
CloseEventLog(h);
}