Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / Interop / October 2005

Tip: Looking for answers? Try searching our database.

Reading EVENTLOGRECORD Structure from Pointer

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jeff  Reese - 28 Oct 2005 19:07 GMT
I'm attempting to make sense of all of the data from a pointer obtained
by calling ReadEventLog.  The pointer contains an EVENTLOGRECORD
structure, plus additional data tacked on to the end that can be of
variable length.

I'm able to successfully pull the EVENTLOGRECORD structure out of the
pointer using Marshal.PtrToStructure(ptr, typeof(EVENTLOGRECORD)) but
I'm unsure about how to pluck the additional, variable length strings
from rest of the pointer.

The definition of the EVENTLOGRECORD structure can be seen at:

http://msdn.microsoft.com/library/en-us/debug/base/eventlogrecord_str.asp

The variable length information that follows the structure is described
in the remarks section.

I'm aware of the event log management capabilities of the
System.Diagnostics and System.Management namespaces but figuring this
out is important to me.

Any help would be greatly appreciated.
Reply to this Message
Jeff  Reese - 28 Oct 2005 21:36 GMT
Just as a follow up to this, I've managed to successfully use
Marshal.ReadByte(IntPtr, Int32) to read the data past the end of the
EVENTLOGRECORD into a byte array, starting from
Marshal.SizeOf(typeof(EVENTLOGRECORD)) and ending at pnBytesRead -
Marshal.SizeOf(typeof(EVENTLOGRECORD)).

Once the "extra" data is read into a byte array I'm hoping to parse out
the category string, machine name, and the rest of the event
information.  Hopefully this information will be of some help to you if
you're working with ReadEventLog from managed code.
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.