Chinaunix首页 | 论坛 | 博客
  • 博客访问: 216078
  • 博文数量: 64
  • 博客积分: 2010
  • 博客等级: 上尉
  • 技术积分: 720
  • 用 户 组: 普通用户
  • 注册时间: 2008-02-25 19:03
文章分类

全部博文(64)

文章存档

2013年(1)

2012年(9)

2011年(25)

2010年(7)

2009年(16)

2008年(6)

分类: WINDOWS

2011-09-21 22:18:21

  1. // readlog.cpp : Defines the entry point for the console application.
  2. //

  3. #include "stdafx.h"
  4. #include <windows.h>

  5. BOOL Event(char *szLog,DWORD dwType);

  6. int _tmain(int argc, _TCHAR* argv[])
  7. {
  8. //    Event( "Security ",EVENTLOG_WARNING_TYPE);
  9. //    Event( "Security ",EVENTLOG_INFORMATION_TYPE);
  10. //    Event( "Security ",EVENTLOG_ERROR_TYPE);
  11.     //Event( "Security ",0);
  12.     //Event( "App",0);
  13.     Event( "system",0);

  14.     return 0;
  15. }

  16. BOOL Event(char *szLog,DWORD dwType)
  17. {
  18.     HANDLE hEvent;
  19.     EVENTLOGRECORD             *pEventLogRecord;
  20.     BYTE bBuffer[1024*32];
  21.     DWORD dwRead;
  22.     DWORD dwNeeded;
  23.     DWORD dwThisRecord;
  24.     DWORD dwTotal;
  25.     PSID pSid;
  26.     SID_NAME_USE            SNU;
  27.     TCHAR szName[256];
  28.     TCHAR szDomain[256];
  29.     DWORD dwName;
  30.     DWORD dwDomain;
  31.     FILETIME FileTime;
  32.     FILETIME LocalFileTime;
  33.     SYSTEMTIME SysTime;
  34.     __int64 lgTemp;
  35.     __int64 SecsTo1970;

  36.     dwName = 256;
  37.     dwDomain = 256;
  38.     SecsTo1970 = 116444736000000000;

  39.     __try
  40.     {
  41.         hEvent = OpenEventLogA(NULL,szLog);
  42.         if(hEvent == NULL)
  43.         {
  44.             printf( "OpenEventLog for %s Error: %d\n ",szLog,GetLastError());
  45.             __leave;
  46.         }

  47.         printf( "\t\t=== Event Log ===\n\n ");
  48.         printf( "%s:\n ",szLog);

  49.         pEventLogRecord = (PEVENTLOGRECORD)bBuffer;
  50.         GetOldestEventLogRecord(hEvent,&dwThisRecord);

  51.         while(ReadEventLogA(hEvent,EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ,
  52.             0,pEventLogRecord,1024*32,&dwRead,&dwNeeded))
  53.         {
  54.             printf("%d %d\n",dwRead,dwNeeded);
  55.             while(dwRead > 0)
  56.             {
  57.                 //if(dwType == 0 || dwType == pEventLogRecord-> EventType)
  58.                 {
  59.                     printf( "\nRecord Number:\t%d\t ",pEventLogRecord-> RecordNumber);

  60.                     printf( "Type:\t ");
  61.                     switch(pEventLogRecord-> EventType)
  62.                     {
  63.                     case EVENTLOG_ERROR_TYPE:
  64.                         printf( "%s ", "Error\n ");
  65.                         break;
  66.                     case EVENTLOG_WARNING_TYPE:
  67.                         printf( "%s ", "Warning\n ");
  68.                         break;
  69.                     case EVENTLOG_INFORMATION_TYPE:
  70.                         printf( "%s ", "Information\n ");
  71.                         break;
  72.                     default:
  73.                         printf( "\n ");
  74.                         break;
  75.                     }
  76.                     printf( "Event ID:\t%d\t ",(short)pEventLogRecord-> EventID);
  77.                     printf( "Source:\t%s\n ",(TCHAR*)pEventLogRecord+sizeof(EVENTLOGRECORD));

  78.                     lgTemp = Int32x32To64(pEventLogRecord-> TimeGenerated,10000000) + SecsTo1970;
  79.                     FileTime.dwLowDateTime = (DWORD) lgTemp;
  80.                     FileTime.dwHighDateTime = (DWORD)(lgTemp>>32);
  81.                     FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
  82.                     FileTimeToSystemTime(&LocalFileTime, &SysTime);
  83.                     printf( "Time Generated: %02d-%02d-%02d %02d:%02d:%02d\n ",
  84.                         SysTime.wMonth,SysTime.wDay,SysTime.wYear,
  85.                         SysTime.wHour,SysTime.wMinute,SysTime.wSecond);

  86.                     lgTemp = Int32x32To64(pEventLogRecord-> TimeWritten,10000000) + SecsTo1970;
  87.                     FileTime.dwLowDateTime = (DWORD) lgTemp;
  88.                     FileTime.dwHighDateTime = (DWORD)(lgTemp>>32);
  89.                     FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
  90.                     FileTimeToSystemTime(&LocalFileTime, &SysTime);
  91.                     printf( "Time Written: %02d-%02d-%02d %02d:%02d:%02d\n ",
  92.                         SysTime.wMonth,SysTime.wDay,SysTime.wYear,
  93.                         SysTime.wHour,SysTime.wMinute,SysTime.wSecond);

  94.                     pSid = (PSID)((TCHAR*)pEventLogRecord + pEventLogRecord-> UserSidOffset);
  95.                     if(LookupAccountSid(NULL,pSid,szName,&dwName,szDomain,&dwDomain,&SNU) != 0)
  96.                     {
  97.                         printf( "User: %s\n ",szName);
  98.                     }
  99.                     else
  100.                     {
  101.                         printf( "User: (None)\n ");
  102.                     }
  103.                     printf( "Description:\t%s\n ",(TCHAR*)pEventLogRecord + pEventLogRecord-> StringOffset);
  104.                 }
  105.                 dwRead -= pEventLogRecord-> Length;
  106.                 pEventLogRecord = (PEVENTLOGRECORD)((TCHAR*)pEventLogRecord + pEventLogRecord-> Length);
  107.             }
  108.             pEventLogRecord = (PEVENTLOGRECORD)bBuffer;
  109.         }

  110.         if(dwType == 0)
  111.         {
  112.             if(GetNumberOfEventLogRecords(hEvent,&dwTotal) == 0)
  113.             {
  114.                 printf( "GetNumberOfEventLogRecords Error: %d\n ",GetLastError());
  115.             }
  116.             else
  117.             {
  118.                 printf( "\nTotal %s : %d\n ",szLog,dwTotal);
  119.             }
  120.         }
  121.     }
  122.     __finally
  123.     {
  124.         if(hEvent != NULL)
  125.         {
  126.             CloseEventLog(hEvent);
  127.         }
  128.     }
  129.     return TRUE;
  130. }
阅读(1379) | 评论(0) | 转发(0) |
0

上一篇:冰与火之歌 卷一

下一篇:ssl/tls 编程

给主人留下些什么吧!~~