Liberty BASIC Programmer's Encyc - EventLog

Reading and Writing to Windows Event Log 
[[user:StPendl]] 
<img id="wikitext@@toc@@flat" class="WikiMedia WikiMediaTocFlat" title="Table of Contents" src="/site/embedthumbnail/toc/flat?w=100&h=16"/><hr />
<h1>Read Event Log</h1>

<pre class="lb">struct EVENTLOGRECORD, _ Length as uLong, _ Reserved as uLong, _ RecordNumber as uLong, _ TimeGenerated as uLong, _ TimeWritten as uLong, _ EventID as uLong, _ EventType as word, _ NumStrings as word, _ EventCategory as word, _ ReservedFlags as word, _ ClosingRecordNumber as uLong, _ StringOffset as uLong, _ UserSidLength as uLong, _ UserSidOffset as uLong, _ DataLength as uLong, _ DataOffset as uLong Open &quot;advapi32.dll&quot; for dll as #advapi32 lpSourceName$ = &quot;Application&quot;; chr$(0) calldll #advapi32, &quot;OpenEventLogA&quot;, _ lpUNCServerName as ulong, _ lpSourceName$ as ptr, _ hEventLog as ulong print print &quot;Open Event Log Handle: &quot;; hEventLog if hEventLog = 0 then call DisplayError struct OldestRecord, value as ulong calldll #advapi32, &quot;GetOldestEventLogRecord&quot;, _ hEventLog As uLong, _ OldestRecord as struct, _ result as long print print &quot;Oldest Event Log result: &quot;; result print &quot;Oldest Event Log Number: &quot;; OldestRecord.value.struct if result = 0 then call DisplayError struct NumberOfRecords, value as ulong calldll #advapi32, &quot;GetNumberOfEventLogRecords&quot;, _ hEventLog As uLong, _ NumberOfRecords as struct, _ result as long print print &quot;Number of Event Log Records result: &quot;; result print &quot;Number of Event Logs: &quot;; NumberOfRecords.value.struct if result = 0 then call DisplayError Struct pnBytesRead, value As uLong Struct pnMinNumberOfBytesNeeded, value As uLong dwReadFlags = _EVENTLOG_SEEK_READ or _EVENTLOG_FORWARDS_READ dwRecordOffset = OldestRecord.value.struct + NumberOfRecords.value.struct - 1 nNumberOfBytesToRead = hexdec(&quot;7ffff&quot;) lpBuffer$ = space$(nNumberOfBytesToRead); chr$(0) calldll #advapi32, &quot;ReadEventLogA&quot;, _ hEventLog As uLong, _ dwReadFlags As uLong, _ dwRecordOffset As uLong, _ lpBuffer$ As ptr , _ nNumberOfBytesToRead As uLong, _ pnBytesRead As Struct , _ pnMinNumberOfBytesNeeded As struct , _ result As long 'print something i can check print print &quot;Results: &quot; print pnMinNumberOfBytesNeeded.value.struct, pnBytesRead.value.struct print &quot;Buffer: &quot; print left$(lpBuffer$, pnBytesRead.value.struct) print print &quot;Read Event Log result: &quot;; result if result = 0 then call DisplayError calldll #advapi32, &quot;CloseEventLog&quot;, _ hEventLog as ulong, _ result as long print print &quot;Close Event Log result: &quot;; result if result = 0 then call DisplayError close #advapi32 end sub DisplayError calldll #kernel32, &quot;GetLastError&quot;, _ ErrorCode as ulong dwFlags = _FORMAT_MESSAGE_FROM_SYSTEM nSize = 1024 lpBuffer$ = space$(nSize); chr$(0) dwMessageID = ErrorCode calldll #kernel32, &quot;FormatMessageA&quot;, _ dwFlags as ulong, _ lpSource as ulong, _ dwMessageID as ulong, _ dwLanguageID as ulong, _ lpBuffer$ as ptr, _ nSize as ulong, _ Arguments as ulong, _ result as ulong print &quot;Error &quot;; ErrorCode; &quot;: &quot;; left$(lpBuffer$, result) end sub </pre>
 
<h1>Write Event Log</h1>

<pre class="lb"> open &quot;advapi32.dll&quot; for dll as #advapi32 struct lpStrings, string$ as ptr lpSourceName$ = &quot;Application&quot;; chr$(0) wType = _EVENTLOG_INFORMATION_TYPE ' dwEventID = 8194 ' wCategory = 5 wNumStrings = 1 lpStrings.string$.struct = &quot;LB Event Log Test&quot;; chr$(0) calldll #advapi32, &quot;RegisterEventSourceA&quot;, _ lpUNCServerName as ulong, _ 'local computer if 0 lpSourceName$ as ptr, _ 'source eg. application name handle as ulong 'handle for ReportEvent print print &quot;Register Event Source Handle: &quot;; handle if handle = 0 then call DisplayError calldll #advapi32, &quot;ReportEventA&quot;, _ handle as ulong, _ 'event log handle wType as word, _ 'event type wCategory as word, _ 'category zero dwEventID as ulong, _ 'event identifier lpUserSID as ulong, _ 'no user security identifier wNumStrings as word, _ 'one substitution string dwDataSize as ulong, _ 'no data lpStrings as struct, _ 'address of string array lpRawData as ulong, _ 'address of data result as long print print &quot;Report Event Result: &quot;; result if result = 0 then call DisplayError calldll #advapi32, &quot;DeregisterEventSource&quot;, _ handle as ulong, _ result as long print print &quot;Deregister Event Source Result: &quot;; result if result = 0 then call DisplayError print print &quot;Finished ...&quot; close #advapi32 end sub DisplayError calldll #kernel32, &quot;GetLastError&quot;, _ ErrorCode as ulong dwFlags = _FORMAT_MESSAGE_FROM_SYSTEM nSize = 1024 lpBuffer$ = space$(nSize); chr$(0) dwMessageID = ErrorCode calldll #kernel32, &quot;FormatMessageA&quot;, _ dwFlags as ulong, _ lpSource as ulong, _ dwMessageID as ulong, _ dwLanguageID as ulong, _ lpBuffer$ as ptr, _ nSize as ulong, _ Arguments as ulong, _ result as ulong print &quot;Error &quot;; ErrorCode; &quot;: &quot;; left$(lpBuffer$, result) end sub </pre>
<hr />
<img id="wikitext@@toc@@flat" class="WikiMedia WikiMediaTocFlat" title="Table of Contents" src="/site/embedthumbnail/toc/flat?w=100&h=16"/>