No announcement yet.

What's wrong with this function?

  • Filter
  • Time
  • Show
Clear All
new posts

  • What's wrong with this function?

    This function seems to open the NT event log just fine, reads 481 records, shows #1 as the oldest record but does not bring back any data and pnbytesread is zero...

    I'm pretty sure it's the read event log function...????


    #Compile Exe
    #Register None
    #Dim All
    #Option Version5
    #Include "WIN32API.INC"
    Function WinMain (ByVal hCurInstance     As Long, _
                      ByVal hPrevInstance As Long, _
                      lpCmdLine           As Asciiz Ptr, _
                      ByVal iCmdShow      As Long) As Long
    Local lpSourceName      As Asciiz * 16
    Local lResult           As Long
    'Open Event log
    Local hEventLog         As Long
    Local lEventLogRecordCount  As Long
    Local lpOldestRecord    As Long
    'Read event log
    Local lpBuffer          As EVENTLOGRECORD
    Local dwRecordOffset    As Long '?
    Local pnBytesRead       As Long
    Local pnMinNumberOfBytesNeeded  As Long
    lpSourceName = "Application" ' 'Security, System
    pnMinNumberOfBytesNeeded = 1024 '?????? Huh?
    hEventLog = OpenEventLog("",lpSourceName)
    If IsFalse hEventLog Then
       MsgBox "Could not read the event log",%MB_ICONSTOP,"Error reading event log"
       Exit Function
    End If
    lResult = GetNumberOfEventLogRecords(hEventLog, lEventLogRecordCount)
    lResult = GetOldestEventLogRecord(ByVal hEventLog, lpOldestRecord)
    MsgBox "Number of event log events: " & Format$(lEventLogRecordCount) & $CRLF & "Oldest Record: " & Format$(lpOldestRecord)
    'Read the event log
    dwRecordOffset = 350
    lResult = ReadEventLog(ByVal hEventLog, _
                                ByVal %EVENTLOG_FORWARDS_READ, _
                                ByVal dwRecordOffset, _
                                lpBuffer, _
                                ByVal SizeOf(lpBuffer), _
                                pnBytesRead, _
    lResult = CloseEventLog(ByVal hEventLog)
    End Function
    Scott Turchin
    True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

  • #2
    Scott, try it with %EVENTLOG_SEEK_READ and your existing flag.
    Also, you might want to dimension an array of records as the buffer if reading more than one record.



    • #3
      Scott, you do realize you must deal with the variable length data which each eventlog record contains, correct?

      Just in case, check the structure lebgth after the call returns. The length then indicates the full length of the data and you can use the commented portion of the structure to make sense of the data following the fixed portion of the eventlogrecord.

      *** You have mail (tngbbs) ***

      [This message has been edited by Ron Pierce (edited June 18, 2001).]