★★★★★关于ReadEventLog函数的使用－－－在线等待(20分)

thygw · 2003-03-14

强烈要求给一个例子，如有答案，小弟不胜感激！[

]

thygw · 2003-03-14

？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？？

yyii_yyii · 2003-03-18

ReadEventLog The ReadEventLog function reads a whole number of entries from the specified event log. The function can be used to read log entries in chronological or reverse chronological order. BOOL ReadEventLog(   HANDLE hEventLog,                // handle to event log   DWORD dwReadFlags,               // how to read log   DWORD dwRecordOffset,            // initial record offset   LPVOID lpBuffer,                 // buffer for read data   DWORD nNumberOfBytesToRead,      // bytes to read   DWORD *pnBytesRead,              // number of bytes read   DWORD *pnMinNumberOfBytesNeeded  // bytes required ); Parameters hEventLog [in] Handle to the event log to read. This handle is returned by the OpenEventLog function. dwReadFlags [in] Specifies how the read operation is to proceed. This parameter must include one of the following values. Value Meaning EVENTLOG_SEEK_READ The read operation proceeds from the record specified by the dwRecordOffset parameter. This flag cannot be used with EVENTLOG_SEQUENTIAL_READ.   EVENTLOG_SEQUENTIAL_READ The read operation proceeds sequentially from the last call to the ReadEventLog function using this handle. This flag cannot be used with EVENTLOG_SEEK_READ. If the buffer is large enough, more than one record can be read at the specified seek position; you must specify one of the following flags to indicate the direction for successive read operations. Value Meaning EVENTLOG_FORWARDS_READ The log is read in chronological order. This flag cannot be used with EVENTLOG_BACKWARDS_READ.   EVENTLOG_BACKWARDS_READ The log is read in reverse chronological order. This flag cannot be used with EVENTLOG_FORWARDS_READ. dwRecordOffset [in] Specifies the log-entry record number at which the read operation should start. This parameter is ignored unless dwReadFlags includes the EVENTLOG_SEEK_READ flag. lpBuffer [out] Pointer to a buffer for the data read from the event log. This parameter cannot be NULL, even if the nNumberOfBytesToRead parameter is zero. The buffer will be filled with an EVENTLOGRECORD structure. nNumberOfBytesToRead [in] Specifies the size, in bytes, of the buffer. This function will read as many whole log entries as will fit in the buffer; the function will not return partial entries, even if there is room in the buffer. pnBytesRead [out] Pointer to a variable that receives the number of bytes read by the function. pnMinNumberOfBytesNeeded [out] Pointer to a variable that receives the number of bytes required for the next log entry. This count is valid only if ReadEventLog returns zero and GetLastError returns ERROR_INSUFFICIENT_BUFFER. Return Values If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. Remarks When this function returns successfully, the read position in the error log is adjusted by the number of records read. Only a whole number of event log records will be returned. Note  The configured filename for this source may also be the configured filename for other sources (several sources can exist as subkeys under a single logfile). Therefore, this function may return events that were logged by more than one source. Requirements   Windows NT/2000/XP: Included in Windows NT 3.1 and later.   Windows 95/98/Me: Unsupported.   Header: Declared in Winbase.h; include Windows.h.   Library: Use Advapi32.lib.   Unicode: Implemented as Unicode and ANSI versions.

yyii_yyii · 2003-03-18

例子： void DisplayEntries( ) {     HANDLE h;     EVENTLOGRECORD *pevlr;     BYTE bBuffer[BUFFER_SIZE];     DWORD dwRead, dwNeeded, cRecords, dwThisRecord;       // Open the Application event log.     h = OpenEventLog( NULL,    // use local computer              "Application");   // source name     if (h == NULL)         ErrorExit("Could not open the Application event log.");       pevlr = (EVENTLOGRECORD *) &bBuffer;       // Get the record number of the oldest event log record.     GetOldestEventLogRecord(h, &dwThisRecord);     // Opening the event log positions the file pointer for this     // handle at the beginning of the log. Read the event log records     // sequentially until the last record has been read.       while (ReadEventLog(h,                // event log handle                 EVENTLOG_FORWARDS_READ |  // reads forward                 EVENTLOG_SEQUENTIAL_READ, // sequential read                 0,            // ignored for sequential reads                 pevlr,        // pointer to buffer                 BUFFER_SIZE,  // size of buffer                 &dwRead,      // number of bytes read                 &dwNeeded))   // bytes in next record     {         while (dwRead > 0)         {             // Print the record number, event identifier, type,             // and source name.               printf("%02d  Event ID: 0x%08X ",                 dwThisRecord++, pevlr->EventID);             printf("EventType: %d Source: %s/n",                 pevlr->EventType, (LPSTR) ((LPBYTE) pevlr +                 sizeof(EVENTLOGRECORD)));               dwRead -= pevlr->Length;             pevlr = (EVENTLOGRECORD *)                 ((LPBYTE) pevlr + pevlr->Length);         }           pevlr = (EVENTLOGRECORD *) &bBuffer;     }       CloseEventLog(h); }

thygw · 2003-03-24

看不懂C 有没有Delphi的实例！？

yyii_yyii · 2003-03-25

对不起，没有pascal的例子，不过api的东西看c还是比较好的。

thygw · 2003-07-09

不好意思，由于小弟一直没有时间，故现在才结贴，万分歉意！

★★★★★关于ReadEventLog函数的使用－－－在线等待(20分)

thygw

Unregistered / Unconfirmed

thygw

Unregistered / Unconfirmed

yyii_yyii

Unregistered / Unconfirmed

yyii_yyii

Unregistered / Unconfirmed

thygw

Unregistered / Unconfirmed

yyii_yyii

Unregistered / Unconfirmed

thygw

Unregistered / Unconfirmed

Similar threads