Announcement

Collapse
No announcement yet.

Pointer question

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pointer question

    Eventlog issues still

    This works good, unfortunately I don't understand C++ well, suspecting a pointer to
    the TYPE EVENTLOGRECORD is going to be needed.
    All functions return correctly except "ReadEventLog"....

    Code:
    lpSourceName = "Application" ' 'Security, System
    
    hEventLog = OpenEventLog("",lpSourceName)
    If IsFalse hEventLog Then
       MsgBox "Could not read the event log",%MB_ICONSTOP,"Error reading event log"
       Exit Function
    End If
    
    lResult = GetNumberOfEventLogRecords(hEventLog, lEventLogRecordCount)
    lResult = GetOldestEventLogRecord(ByVal hEventLog, lpOldestRecord)
    
    '
    '
    '
    For lLoop = 1 To lEventLogRecordCount
        lResult = ReadEventLog(ByVal hEventLog, _
                               ByVal %EVENTLOG_SEEK_READ Or %EVENTLOG_SEQUENTIAL_READ, _
                               ByVal 0, _
                               lpBuffer,_
                               ByVal SizeOf(lpBuffer),_
                               pnBytesRead, _
                               pnMinNumberOfBytesNeeded)
    
         If lLoop = 1 Then MsgBox Format$(lpBuffer.eventid)
    Next
    lResult = CloseEventLog(ByVal hEventLog)
    
    
    '
    '
    '
    '
    '
    '
    '
    Now hte C++ portion of it......(Thanks Ron!!)
    
    
        pevlr = (EVENTLOGRECORD *) &bBuffer;
    
        // Opening the event Log positions the file pointer For this
        // Handle At the beginning of the log. Read the records
        // sequentially Until there are no more.
    
        While (ReadEventLog(h,                // event Log Handle
                    EVENTLOG_FORWARDS_READ |  // reads forward
                    EVENTLOG_SEQUENTIAL_READ, // sequential Read
                    0,            // ignored For sequential reads
                    pevlr,        // pointer To buffer
                    BUFFER_SIZE,  // Size of buffer
                    &dwRead,      // number of bytes Read
                    &dwNeeded))   // bytes In Next record
        {
            While (dwRead > 0)
            {
                // Print the event identifier, Type, And source name.
                // The source Name is just past the End of the
                // formal structure.
    
                printf("%02d  Event ID: 0x%08X ",
                    dwThisRecord++, pevlr->EventID);
                printf("EventType: %d Source: %s\n",
                    pevlr->EventType, (LPSTR) ((LPBYTE) pevlr +
                    SizeOf(EVENTLOGRECORD)));
    
                dwRead -= pevlr->Length;
                pevlr = (EVENTLOGRECORD *)
                    ((LPBYTE) pevlr + pevlr->Length);
            }
    
            pevlr = (EVENTLOGRECORD *) &bBuffer;
        }
    ------------------
    Scott
    Scott Turchin
    MCSE, MCP+I
    http://www.tngbbs.com
    ----------------------
    True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

  • #2
    Hard to debug without your variable declarations and the function declaration you're using for ReadEventLog - please post this even if it's in win32api.inc - I might have a diffent one than you have.

    --Don

    ------------------
    dickinson.basicguru.com
    Don Dickinson
    www.greatwebdivide.com

    Comment


    • #3
      Ah yes

      Code:
      DECLARE FUNCTION ReadEventLog LIB "ADVAPI32.DLL" ALIAS "ReadEventLogA" (BYVAL hEventLog AS LONG, BYVAL dwReadFlags AS LONG, BYVAL dwRecordOffset AS LONG, lpBuffer AS EVENTLOGRECORD, BYVAL nNumberOfBytesToRead AS LONG, pnBytesRead AS LONG, _
                       pnMinNumberOfBytesNeeded AS LONG) AS LONG
      
      '
      '
      '
      'Type EVENTLOGRECORD
      '  Length As Dword              ' Length of full record
      '  Reserved As Dword            ' Used by the service
      '  RecordNumber As Dword        ' Absolute record number
      '  TimeGenerated As Dword       ' Seconds since 1-1-1970
      '  TimeWritten As Dword         ' Seconds since 1-1-1970
      '  EventID As Dword
      '  EventType As Word
      '  NumStrings As Word
      '  EventCategory As Word
      '  ReservedFlags As Word        ' For use with paired events (auditing)
      '  ClosingRecordNumber As Dword ' For use with paired events (auditing)
      '  StringOffset As Dword        ' Offset from beginning of record
      '  UserSidLength As Dword
      '  UserSidOffset As Dword
      '  DataLength As Dword
      '  DataOffset As Dword          ' Offset from beginning of record
        '
        ' Then follow:
        '
      '  SourceName As Asciiz * 128
      '  Computername As Asciiz * 17
        ' SID   UserSid
        ' WCHAR Strings[]
        ' BYTE  Data[]
        ' CHAR  Pad[]
        ' DWORD Length;
      'End Type
      
      '
      '
      '
      '
      And my code to date:
      #Compile Exe
      #Register None
      #Dim All
      #Option Version5
      #Include "WIN32API.INC"
      
      Function WinMain (ByVal hCurInstance     As Long, _
                        ByVal hPrevInstance As Long, _
                        lpCmdLine           As Asciiz Ptr, _
                        ByVal iCmdShow      As Long) As Long
      
      Dim lpBuffer  As EVENTLOGRECORD
      Local lpSourceName      As Asciiz * 16
      Local lResult           As Long
      Local lLoop             As Long
      
      'Open Event log
      Local hEventLog         As Long
      Local lEventLogRecordCount  As Long
      Local lpOldestRecord    As Long
      
      'Read event log
      Local nNumberOfBytesToRead  As Long
      Local pnBytesRead       As Long
      Local pnMinNumberOfBytesNeeded  As Long
      
      lpSourceName = "Application" ' 'Security, System
      
      hEventLog = OpenEventLog("",lpSourceName)
      If IsFalse hEventLog Then
         MsgBox "Could not read the event log",%MB_ICONSTOP,"Error reading event log"
         Exit Function
      End If
      
      lResult = GetNumberOfEventLogRecords(hEventLog, lEventLogRecordCount)
      lResult = GetOldestEventLogRecord(ByVal hEventLog, lpOldestRecord)
      
      MsgBox "Number of event log events: " & Format$(lEventLogRecordCount) & $CRLF & "Oldest Record: " & Format$(lpOldestRecord)
      
      
      'Read the event log
      For lLoop = 1 To lEventLogRecordCount
          lResult = ReadEventLog(ByVal hEventLog, _
                                 ByVal %EVENTLOG_SEEK_READ Or %EVENTLOG_SEQUENTIAL_READ, _
                                 ByVal 0, _
                                 lpBuffer,_
                                 ByVal SizeOf(lpBuffer),_
                                 pnBytesRead, _
                                 pnMinNumberOfBytesNeeded)
      
           If lLoop = 1 Then MsgBox Format$(lpBuffer.eventid)
      Next
      lResult = CloseEventLog(ByVal hEventLog)
      End Function
      ------------------
      Scott
      Scott Turchin
      MCSE, MCP+I
      http://www.tngbbs.com
      ----------------------
      True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

      Comment


      • #4
        Do those declares help? THis topic was fading fast but I have not resolved this thing yet.

        I'm wondering if this may be requied:
        Local lpBuffer AS EVENTLOG Ptr


        ?


        Scott

        ------------------
        Scott
        Scott Turchin
        MCSE, MCP+I
        http://www.tngbbs.com
        ----------------------
        True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

        Comment


        • #5
          If you examine the C code, you'll find that you need %EVENTLOG_FORWARDS_READ
          rather than %EVENTLOG_SEEK_READ. If it still fails, checking the minimum length
          count will probably inform you that the buffer is too small. As you may have
          gathered by looking at EVENTLOGRECORD, this is not intended for use as a real
          type: it's one of Microsoft's pseudo-types, used basically for documentation.
          What you need to do is create something like a string buffer, pass that to the
          function, and parse out the results. Only the fixed-length part of the results
          are going to fit in the EVENTLOGRECORD structure. The rest "depends".

          ------------------
          Tom Hanlin
          PowerBASIC Staff

          Comment


          • #6
            Scott,
            I can verify that your declarations are correct
            No, you should not declare the structure as a structure pointer, the way you have it will match the declare.
            The explict ByVal's you're adding to each parameter are unnecessary as your declare already has byval in it.
            I haven't had time to review what's actually going wrong - at first look, everything appears to be correct.
            --Don

            ------------------
            dickinson.basicguru.com
            Don Dickinson
            www.greatwebdivide.com

            Comment


            • #7
              Scott, as Tom stated, do not pass the address of your eventlog record since it is a variable length (pseudo) structure. I use a Byte array.

              Here's a link to some vb code for reading the eventlog. http://www.mediadev.fr/articles/Administration_Web_distante/Administration_Web_dist ante.htm

              You'll need to copy the data from your (byte?) buffer into the READEVENTLOG structure and variables suitable for the data which is not part of the defined structure.

              [This message has been edited by Ron Pierce (edited June 20, 2001).]

              Comment


              • #8
                Here is the entire C source that a person sent me, (Unnamed in case he wants to remain private)...

                Code:
                Reading the Event Log
                The following example reads All the records In the Application Log file And displays the event identifier, event Type, And event source For each event Log entry.
                void DisplayEntries( )
                {
                    Handle h;
                    EVENTLOGRECORD *pevlr;
                    Byte bBuffer[BUFFER_SIZE];
                    Dword dwRead, dwNeeded, cRecords, dwThisRecord = 0;
                
                    // Open the Application event log.
                
                    h = OpenEventLog( Null,             // use Local computer
                             "Application");   // source Name
                    If (h == Null)
                        ErrorExit("Could not open the Application event log.");
                
                    pevlr = (EVENTLOGRECORD *) &bBuffer;
                
                    // Opening the event Log positions the file pointer For this
                    // Handle At the beginning of the log. Read the records
                    // sequentially Until there are no more.
                
                    While (ReadEventLog(h,                // event Log Handle
                                EVENTLOG_FORWARDS_READ |  // reads forward
                                EVENTLOG_SEQUENTIAL_READ, // sequential Read
                                0,            // ignored For sequential reads
                                pevlr,        // pointer To buffer
                                BUFFER_SIZE,  // Size of buffer
                                &dwRead,      // number of bytes Read
                                &dwNeeded))   // bytes In Next record
                    {
                        While (dwRead > 0)
                        {
                            // Print the event identifier, Type, And source name.
                            // The source Name is just past the End of the
                            // formal structure.
                
                            printf("%02d  Event ID: 0x%08X ",
                                dwThisRecord++, pevlr->EventID);
                            printf("EventType: %d Source: %s\n",
                                pevlr->EventType, (LPSTR) ((LPBYTE) pevlr +
                                SizeOf(EVENTLOGRECORD)));
                
                            dwRead -= pevlr->Length;
                            pevlr = (EVENTLOGRECORD *)
                                ((LPBYTE) pevlr + pevlr->Length);
                        }
                
                        pevlr = (EVENTLOGRECORD *) &bBuffer;
                    }
                
                    CloseEventLog(h);
                }
                =====================================================================================================================
                ------------------
                Scott
                Scott Turchin
                MCSE, MCP+I
                http://www.tngbbs.com
                ----------------------
                True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

                Comment

                Working...
                X