H
hoff nof
Guest
hi All,
i have a big problem trying to read any of the windows .evtx files.
for example setup.evtx, i'm opennig and start reading like this :
h = OpenEventLog( NULL, L"C:\\Windows\\System32\\winevt\\Logs\\System.evtx");
pevlr = (EVENTLOGRECORD*) &bBuffer; int i=0;
while(ReadEventLog(h, EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ, 0, pevlr, BUFFER_SIZE, &dwRead, &dwNeeded))
cout<<i++<<dwRead<<enld;
this very simple code produces the same result for all .evtx files - only 2 times in while loop and dwRead = 428 ans 192 and exits.
MSDN says nothing except useless example about this.
does anyone knows how to read .evtx file untill its end ?
Thanks
Continue reading...
i have a big problem trying to read any of the windows .evtx files.
for example setup.evtx, i'm opennig and start reading like this :
h = OpenEventLog( NULL, L"C:\\Windows\\System32\\winevt\\Logs\\System.evtx");
pevlr = (EVENTLOGRECORD*) &bBuffer; int i=0;
while(ReadEventLog(h, EVENTLOG_FORWARDS_READ | EVENTLOG_SEQUENTIAL_READ, 0, pevlr, BUFFER_SIZE, &dwRead, &dwNeeded))
cout<<i++<<dwRead<<enld;
this very simple code produces the same result for all .evtx files - only 2 times in while loop and dwRead = 428 ans 192 and exits.
MSDN says nothing except useless example about this.
does anyone knows how to read .evtx file untill its end ?
Thanks
Continue reading...