Older Version
Newer Version
Alyce
Nov 16, 2011
Reading and Writing to Windows Event Log
-
StPendl
Read Event Log | Write Event Log
Read Event Log | Write Event Log
-
StPendl Read Event Log | Write Event Log
Read Event Log
struct EVENTLOGRECORD, _
Length as uLong, _
Reserved as uLong, _
RecordNumber as uLong, _
TimeGenerated as uLong, _
TimeWritten as uLong, _
EventID as uLong, _
EventType as word, _
NumStrings as word, _
EventCategory as word, _
ReservedFlags as word, _
ClosingRecordNumber as uLong, _
StringOffset as uLong, _
UserSidLength as uLong, _
UserSidOffset as uLong, _
DataLength as uLong, _
DataOffset as uLong
Open "advapi32.dll" for dll as #advapi32
lpSourceName$ = "Application"; chr$(0)
calldll #advapi32, "OpenEventLogA", _
lpUNCServerName as ulong, _
lpSourceName$ as ptr, _
hEventLog as ulong
print "Open Event Log Handle: "; hEventLog
if hEventLog = 0 then call DisplayError
struct OldestRecord, value as ulong
calldll #advapi32, "GetOldestEventLogRecord", _
hEventLog As uLong, _
OldestRecord as struct, _
result as long
print "Oldest Event Log result: "; result
print "Oldest Event Log Number: "; OldestRecord.value.struct
if result = 0 then call DisplayError
struct NumberOfRecords, value as ulong
calldll #advapi32, "GetNumberOfEventLogRecords", _
hEventLog As uLong, _
NumberOfRecords as struct, _
result as long
print "Number of Event Log Records result: "; result
print "Number of Event Logs: "; NumberOfRecords.value.struct
if result = 0 then call DisplayError
Struct pnBytesRead, value As uLong
Struct pnMinNumberOfBytesNeeded, value As uLong
dwReadFlags = _EVENTLOG_SEEK_READ or _EVENTLOG_FORWARDS_READ
dwRecordOffset = OldestRecord.value.struct + NumberOfRecords.value.struct - 1
nNumberOfBytesToRead = hexdec("7ffff")
lpBuffer$ = space$(nNumberOfBytesToRead); chr$(0)
calldll #advapi32, "ReadEventLogA", _
hEventLog As uLong, _
dwReadFlags As uLong, _
dwRecordOffset As uLong, _
lpBuffer$ As ptr , _
nNumberOfBytesToRead As uLong, _
pnBytesRead As Struct , _
pnMinNumberOfBytesNeeded As struct , _
result As long
'print something i can check
print "Results: "
print pnMinNumberOfBytesNeeded.value.struct, pnBytesRead.value.struct
print "Buffer: "
print left$(lpBuffer$, pnBytesRead.value.struct)
print "Read Event Log result: "; result
if result = 0 then call DisplayError
calldll #advapi32, "CloseEventLog", _
hEventLog as ulong, _
result as long
print "Close Event Log result: "; result
if result = 0 then call DisplayError
close #advapi32
end
sub DisplayError
calldll #kernel32, "GetLastError", _
ErrorCode as ulong
dwFlags = _FORMAT_MESSAGE_FROM_SYSTEM
nSize = 1024
lpBuffer$ = space$(nSize); chr$(0)
dwMessageID = ErrorCode
calldll #kernel32, "FormatMessageA", _
dwFlags as ulong, _
lpSource as ulong, _
dwMessageID as ulong, _
dwLanguageID as ulong, _
lpBuffer$ as ptr, _
nSize as ulong, _
Arguments as ulong, _
result as ulong
print "Error "; ErrorCode; ": "; left$(lpBuffer$, result)
end sub
Write Event Log
open "advapi32.dll" for dll as #advapi32
struct lpStrings, string$ as ptr
lpSourceName$ = "Application"; chr$(0)
wType = _EVENTLOG_INFORMATION_TYPE
' dwEventID = 8194
' wCategory = 5
wNumStrings = 1
lpStrings.string$.struct = "LB Event Log Test"; chr$(0)
calldll #advapi32, "RegisterEventSourceA", _
lpUNCServerName as ulong, _ 'local computer if 0
lpSourceName$ as ptr, _ 'source eg. application name
handle as ulong 'handle for ReportEvent
print "Register Event Source Handle: "; handle
if handle = 0 then call DisplayError
calldll #advapi32, "ReportEventA", _
handle as ulong, _ 'event log handle
wType as word, _ 'event type
wCategory as word, _ 'category zero
dwEventID as ulong, _ 'event identifier
lpUserSID as ulong, _ 'no user security identifier
wNumStrings as word, _ 'one substitution string
dwDataSize as ulong, _ 'no data
lpStrings as struct, _ 'address of string array
lpRawData as ulong, _ 'address of data
result as long
print "Report Event Result: "; result
if result = 0 then call DisplayError
calldll #advapi32, "DeregisterEventSource", _
handle as ulong, _
result as long
print "Deregister Event Source Result: "; result
if result = 0 then call DisplayError
print "Finished ..."
close #advapi32
end
sub DisplayError
calldll #kernel32, "GetLastError", _
ErrorCode as ulong
dwFlags = _FORMAT_MESSAGE_FROM_SYSTEM
nSize = 1024
lpBuffer$ = space$(nSize); chr$(0)
dwMessageID = ErrorCode
calldll #kernel32, "FormatMessageA", _
dwFlags as ulong, _
lpSource as ulong, _
dwMessageID as ulong, _
dwLanguageID as ulong, _
lpBuffer$ as ptr, _
nSize as ulong, _
Arguments as ulong, _
result as ulong
print "Error "; ErrorCode; ": "; left$(lpBuffer$, result)
end sub
Read Event Log | Write Event Log