I am trying to get system event log in c++ by using following code , Querying for Event Information.But for some condition i am getting ,Invalid event ID.Value of event ID is 1073742727.Which is wrong.
My code is look like following ,
EVENTLOG_FULL_INFORMATION evntLogInfo;
DWORD dwByteRequd,cbSize=0,dwBytesToRead=MAX_RECORD_BUFFER_SIZE,dwBytesRead,dwMinimumBytesNeeded,numRecord;
PBYTE pBuffer,currentData,endRecord;
HANDLE eventHandle=OpenEventLog(NULL,"Application");
if(eventHandle==INVALID_HANDLE_VALUE)
cout<<"\nError "<<GetLastError();
else
{
pBuffer=(PBYTE)malloc(MAX_RECORD_BUFFER_SIZE);
if(pBuffer==NULL)
{
cout<<"\nNot enough memory";
CloseEventLog(eventHandle);
}
else
{
//GetEventLogInformation(eventHandle,EVENTLOG_FULL_INFO,&pBuffer,cbSize,&dwByteRequd);
ReadEventLog(eventHandle,EVENTLOG_SEQUENTIAL_READ|EVENTLOG_FORWARDS_READ,0,pBuffer,dwBytesToRead,&dwBytesRead,&dwMinimumBytesNeeded);
if(GetLastError()==ERROR_INSUFFICIENT_BUFFER )
{
pBuffer=(PBYTE)realloc(pBuffer,dwMinimumBytesNeeded);
if(pBuffer==NULL)
{
cout<<GetLastError();
CloseEventLog(eventHandle);
}
else
{
dwBytesToRead=dwMinimumBytesNeeded;
ReadEventLog(eventHandle,EVENTLOG_SEQUENTIAL_READ|EVENTLOG_FORWARDS_READ,0,pBuffer,dwBytesToRead,&dwBytesRead,&dwMinimumBytesNeeded);
}
}
GetNumberOfEventLogRecords(eventHandle,&numRecord);
cout<<numRecord<<"\n";
endRecord=pBuffer+dwBytesToRead;
while(pBuffer<endRecord)
{
currentData=pBuffer;
PEVENTLOGRECORD TempVar = (PEVENTLOGRECORD)currentData;
cout<<((PEVENTLOGRECORD)currentData)->EventID<<"\t";
cout<<((PEVENTLOGRECORD)currentData)->EventType<<"\t";
cout<<((PEVENTLOGRECORD)currentData)->Length<<"\n";
// DWOR error=GetLastError();
}
}
}
Thanks.
