-
-
[求助]读取事件很麻烦啊,下面这段是VC代码,我只关心其中取事件描述部分,谁能把那部分的原理给俺说说啊,实在是看不懂
-
发表于: 2008-1-25 14:15
-
|
|
|---|---|
|
|
|
|
|
ReadEventLog Function
Reads a whole number of entries from the specified event log. The function can be used to read log entries in chronological or reverse chronological order. BOOL ReadEventLog( __in HANDLE hEventLog, __in DWORD dwReadFlags, __in DWORD dwRecordOffset, __out LPVOID lpBuffer, __in DWORD nNumberOfBytesToRead, __out DWORD* pnBytesRead, __out DWORD* pnMinNumberOfBytesNeeded ); Parameters hEventLog A handle to the event log to be read. This handle is returned by the OpenEventLog function. dwReadFlags The options for how the read operation is to proceed. This parameter must include one of the following values. Value Meaning EVENTLOG_SEEK_READ 0x0002 The read operation proceeds from the record specified by the dwRecordOffset parameter. This flag cannot be used with EVENTLOG_SEQUENTIAL_READ. EVENTLOG_SEQUENTIAL_READ 0x0001 The read operation proceeds sequentially from the last call to the ReadEventLog function using this handle. This flag cannot be used with EVENTLOG_SEEK_READ. If the buffer is large enough, more than one record can be read at the specified seek position; you must specify one of the following flags to indicate the direction for successive read operations. Value Meaning EVENTLOG_FORWARDS_READ 0x0004 The log is read in chronological order. This flag cannot be used with EVENTLOG_BACKWARDS_READ. EVENTLOG_BACKWARDS_READ 0x0008 The log is read in reverse chronological order. This flag cannot be used with EVENTLOG_FORWARDS_READ. dwRecordOffset The number of the log-entry record at which the read operation should start. This parameter is ignored unless dwReadFlags includes the EVENTLOG_SEEK_READ flag. lpBuffer A pointer to a buffer for the data read from the event log. This parameter cannot be NULL, even if the nNumberOfBytesToRead parameter is zero. The buffer will be filled with an EVENTLOGRECORD structure. As of Windows Server 2003 and Windows XP SP2, the maximum size of this buffer is 0x7ffff bytes. nNumberOfBytesToRead The size of the buffer, in bytes. This function will read as many whole log entries as will fit in the buffer; the function will not return partial entries, even if there is room in the buffer. pnBytesRead A pointer to a variable that receives the number of bytes read by the function. pnMinNumberOfBytesNeeded A pointer to a variable that receives the number of bytes required for the next log entry. This count is valid only if ReadEventLog returns zero and GetLastError returns ERROR_INSUFFICIENT_BUFFER. Return Value If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. Remarks When this function returns successfully, the read position in the event log is adjusted by the number of records read. Only a whole number of event log records will be returned. Note The configured file name for this source may also be the configured file name for other sources (several sources can exist as subkeys under a single log). Therefore, this function may return events that were logged by more than one source. Example Code For an example, see Querying for Event Information. Requirements Client Requires Windows Vista, Windows XP, Windows 2000 Professional, or Windows NT Workstation. Server Requires Windows Server 2008, Windows Server 2003, Windows 2000 Server, or Windows NT Server. Header Declared in Winbase.h; include Windows.h. Library Use Advapi32.lib. DLL Requires Advapi32.dll. Unicode Implemented as ReadEventLogW (Unicode) and ReadEventLogA (ANSI). See Also Event Logging Functions ClearEventLog CloseEventLog EVENTLOGRECORD OpenEventLog ReportEvent Send comments about this topic to Microsoft 偶觉得搞文本操作 还是尽量用高级一点的语言吧比如 C# Java, VB 甚至Delphi都勉强. 用C. 的确有伤大脑. 
|
|
|
|
|
|
|
|
|
|
