发表新帖
发表新帖

GetNumberOfEventLogRecords returns incorrect number of event logs

后端 未结
关注
2 1449
无人及你
无人及你 2020-12-22 12:42

I have this C++ code to read the event log records

DWORD GetLogRecords(LPCWSTR wsLogFile)
{
  HANDLE hEvt = OpenEventLog(NULL, wsLogFile);
  if (hEvt==NULL)
相关标签:
2条回答
  • 再見小時候
    2020-12-22 13:27

    You are not checking the result of GetNumberOfEventLogRecords() for an error. And you are leaking the log handle. Try this instead:

    DWORD GetLogRecords(LPCWSTR wsLogFile)
{
  HANDLE hEvt = OpenEventLog(NULL, wsLogFile);
  if (hEvt==NULL) return 0;

  DWORD dwTotalRecords;
  BOOL res = GetNumberOfEventLogRecords(hEvt, &dwTotalRecords);
  CloseEventLog(hEvt);

  return (res != 0) ? dwTotalRecords : 0;
}
    0 讨论(0)
  • 再見小時候
    2020-12-22 13:34

    For the benefit of others, the solution to this problem is that OpenEventLog doesn't accept a pathname. Instead you have to give it the source name of the event log (something like "HardwareEvents").

    If you call OpenEventLog with an invalid source name (which includes providing a pathname), then as documented it will open the Application log instead:

    If you specify a custom log and it cannot be found, the event logging service opens the Application log.

    0 讨论(0)
 看不清?
提交回复
热议问题