Event Enumeration

[motivatedlad]

It complies and links but shows no output.It is suppose to enlist the application log files.

Code:

#include <windows.h>
#include <stdio.h>


void DisplayEntries( )
{
    const int BUFFER_SIZE=1000;
	HANDLE h;
    EVENTLOGRECORD *pevlr; 
    BYTE bBuffer[BUFFER_SIZE]; 
    DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0; 
 
    // Open the Application event log. 
 
    h = OpenEventLog( NULL,             // use local computer 
             "Application");   // source name 
    if (h == NULL) { printf("yahooo1");}
      //  ErrorExit("Could not open the Application event log."); 
 
    pevlr = (EVENTLOGRECORD *) &bBuffer; 
 
    // Opening the event log positions the file pointer for this 
    // handle at the beginning of the log. Read the records 
    // sequentially until there are no more. 
 
    while (ReadEventLog(h,                // event log handle 
                EVENTLOG_FORWARDS_READ |  // reads forward 
                EVENTLOG_SEQUENTIAL_READ, // sequential read 
                0,            // ignored for sequential reads 
                pevlr,        // pointer to buffer 
                BUFFER_SIZE,  // size of buffer 
                &dwRead,      // number of bytes read 
                &dwNeeded))   // bytes in next record 
    {
        while (dwRead > 0) 
        { 
            // Print the event identifier, type, and source name. 
            // The source name is just past the end of the 
            // formal structure. 
 
            printf("%02d  Event ID: 0x%08X ", 
                dwThisRecord++, pevlr->EventID); 
            printf("EventType: %d Source: %s\n", 
                pevlr->EventType, (LPSTR) ((LPBYTE) pevlr + 
                sizeof(EVENTLOGRECORD))); 
 
            dwRead -= pevlr->Length; 
            pevlr = (EVENTLOGRECORD *) 
                ((LPBYTE) pevlr + pevlr->Length); 
        } 
 
        pevlr = (EVENTLOGRECORD *) &bBuffer; 
    } 
 
    CloseEventLog(h); 
} 

int WINAPI WinMain(HINSTANCE h,HINSTANCE p,LPSTR l,int n)
{
	DisplayEntries();


     return 0;

}

[motivatedlad]

Mick , where are thou?

[NigelQ]

motivatedlad, this works for me.

The only difference I made was the main function, due to my use of the console based Win32 application from the project wizard:

Code:

int _tmain(int argc, _TCHAR* argv[])
{

	DisplayEntries();

	return 0;

}

Have you tried single stepping into the DisplayEntries routine to see where the problem is? You can do this by setting a breakpoint somewhere in the routine.

What version of Windows are you running? This only works with NT, 2K, XP and 2K3

Hope this helps,

- Nigel

[motivatedlad]

Thanks a lot Nigel the program is now running but this was not which i was expecting i was expecting it to display all the applications that ran on that computer.

eg, Internet explorer,Word,Power point etc.

Do you know of any such api or function which enlists applications?

Also do you know of any api which enlists the the hardware devices like
mouse,keyboard,NIC etc

[NigelQ]

You should check out EnumProcesses here .

There are several ways to find information about devices. You can read the documentation for EnumDevices here for more information.

Also, doing a search of this forum should give you good results.

Hope this helps,

- Nigel

[Mick]

Mick , where are thou?

Around

From the list of recent questions you have asked it seems like you want to design an application to gather information in a managed environment.

The two common ways of doing this [rather than relying on OS specific APIs] is via SNMP or WMI [CIM:Common Information Model].

COM based WMI [Windows Manangement Instrumentation] is pretty straight forward and provides you with local and remote management apis which will return a large variety of system information.

SNMP [Simple Network Management Protocol] can seem a bit arcahic but it is also fairly straight foward and is standard across platforms.

[windows API]
WMI:
http://msdn.microsoft.com/library/de...start_page.asp
SNMP:
http://msdn.microsoft.com/library/de...start_page.asp

There are a ton of samples on how to use WMI on msdn and via google/developer articles. Same with SNMP.