在Delphi程式中如何操作windows的事件查看器中的事件日誌? |
答題得分者是:william
|
h@visli
資深會員 發表:103 回覆:429 積分:431 註冊:2004-02-13 發送簡訊給我 |
|
william
版主 發表:66 回覆:2535 積分:3048 註冊:2002-07-11 發送簡訊給我 |
http://www.thedelphimagazine.com/samples/1655/1655.htm http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/event_logging_reference.asp?frame=true to read is easier:
const EVENTLOG_SEEK_READ = 2; EVENTLOG_FORWARDS_READ = 4; type PEventLogRecord = ^TEventLogRecord; TEventLogRecord = packed record Length: dword; Reserved: dword; RecordNumber: dword; TimeGenerated: dword; TimeWritten: dword; EventID: dword; EventType: word; NumStrings: word; EventCategory: word; ReservedFlags: word; ClosingRecordNumber: dword; StringOffset: dword; UserSidLength: dword; UserSidOffset: dword; DataLength: dword; DataOffset: dword; end; var Log: THandle; i: integer; EventCount,ByteRead,MinByteNeeded: cardinal; Buffer: pointer; begin Log := OpenEventLog('','System'); GetNumberOfEventLogRecords(Log,EventCount); GetMem(Buffer,1024); for i := EventCount downto 1 do begin if ReadEventLog(Log,EVENTLOG_SEEK_READ or EVENTLOG_FORWARDS_READ, i,Buffer,1024,ByteRead,MinByteNeeded) then with PEventLogRecord(Buffer)^ do Memo1.Lines.Add(Format('#%d ID: %d at UTC %s',[RecordNumber,EventID and $FFFF, DateTimeToStr(IncSecond(EncodeDate(1970,1,1),TimeGenerated))])); end; FreeMem(Buffer); CloseEventLog(Log); end; |
本站聲明 |
1. 本論壇為無營利行為之開放平台,所有文章都是由網友自行張貼,如牽涉到法律糾紛一切與本站無關。 2. 假如網友發表之內容涉及侵權,而損及您的利益,請立即通知版主刪除。 3. 請勿批評中華民國元首及政府或批評各政黨,是藍是綠本站無權干涉,但這裡不是政治性論壇! |