Fatal编程技术网
  • cplusplus/
  • 在c+中获取事件日志+; 我试图通过使用下面的代码在C++中获取系统事件日志, .但对于我得到的某些条件,事件ID无效。事件ID的值为1073742727。这是错误的

在c+中获取事件日志+; 我试图通过使用下面的代码在C++中获取系统事件日志, .但对于我得到的某些条件,事件ID无效。事件ID的值为1073742727。这是错误的

c++ events

在c+中获取事件日志+; 我试图通过使用下面的代码在C++中获取系统事件日志, .但对于我得到的某些条件,事件ID无效。事件ID的值为1073742727。这是错误的,c++,events,event-log,win32gui,C++,Events,Event Log,Win32gui,我的代码如下所示 EVENTLOG_FULL_INFORMATION evntLogInfo; DWORD dwByteRequd,cbSize=0,dwBytesToRead=MAX_RECORD_BUFFER_SIZE,dwBytesRead,dwMinimumBytesNeeded,numRecord; PBYTE pBuffer,currentData,endRecord; HANDLE eventHandle=OpenEventLog(NULL,"Application"); if(e

我的代码如下所示

EVENTLOG_FULL_INFORMATION evntLogInfo;
DWORD dwByteRequd,cbSize=0,dwBytesToRead=MAX_RECORD_BUFFER_SIZE,dwBytesRead,dwMinimumBytesNeeded,numRecord;
PBYTE pBuffer,currentData,endRecord;
HANDLE eventHandle=OpenEventLog(NULL,"Application");
if(eventHandle==INVALID_HANDLE_VALUE)
    cout<<"\nError "<<GetLastError();
else
{
    pBuffer=(PBYTE)malloc(MAX_RECORD_BUFFER_SIZE);
    if(pBuffer==NULL)
    {
        cout<<"\nNot enough memory";
        CloseEventLog(eventHandle);
    }
    else
    {
        //GetEventLogInformation(eventHandle,EVENTLOG_FULL_INFO,&pBuffer,cbSize,&dwByteRequd);
        ReadEventLog(eventHandle,EVENTLOG_SEQUENTIAL_READ|EVENTLOG_FORWARDS_READ,0,pBuffer,dwBytesToRead,&dwBytesRead,&dwMinimumBytesNeeded);

        if(GetLastError()==ERROR_INSUFFICIENT_BUFFER )
        {
            pBuffer=(PBYTE)realloc(pBuffer,dwMinimumBytesNeeded);
            if(pBuffer==NULL)
            {
                    cout<<GetLastError();
                CloseEventLog(eventHandle);
            }
            else
            {
                     dwBytesToRead=dwMinimumBytesNeeded;
                     ReadEventLog(eventHandle,EVENTLOG_SEQUENTIAL_READ|EVENTLOG_FORWARDS_READ,0,pBuffer,dwBytesToRead,&dwBytesRead,&dwMinimumBytesNeeded);
            }
          }
        GetNumberOfEventLogRecords(eventHandle,&numRecord);
        cout<<numRecord<<"\n";
        endRecord=pBuffer+dwBytesToRead;
        while(pBuffer<endRecord)
        {

            currentData=pBuffer;    
            PEVENTLOGRECORD TempVar = (PEVENTLOGRECORD)currentData;
            cout<<((PEVENTLOGRECORD)currentData)->EventID<<"\t";

            cout<<((PEVENTLOGRECORD)currentData)->EventType<<"\t";
            cout<<((PEVENTLOGRECORD)currentData)->Length<<"\n";
            //  DWOR error=GetLastError();

        }
    }
}

EVENTLOG\u FULL\u信息evntLogInfo;
DWORD dwByteRequd,cbSize=0,dwBytesToRead=MAX_RECORD_BUFFER_SIZE,dwBytesRead,DWMINIMUMBYTESEED,numRecord;
PBYTE pBuffer,currentData,endRecord;
HANDLE eventHandle=OpenEventLog(NULL,“应用程序”);
if(eventHandle==无效的\u句柄\u值)

长话短说,但如果您希望看到与event viewr显示的相同的事件ID(eventvwr.msc),只需打印EventID的前2个字节。例如,1073742727的前2个字节是903

长话短说:现在EventID存储所谓的事件实例id,您可以从MSDN获得更多信息