Тема: Журнал событий Windows
Показать сообщение отдельно
  #10  
Старый 08.12.2015, 11:27
Аватар для NumLock
NumLock NumLock вне форума
Let Me Show You
  
Регистрация: 30.04.2010
Адрес: Северодвинск
Сообщения: 5,426
Версия Delphi: 7, XE5
Репутация: 59586
По умолчанию
Код:
unit Unit1;

interface

uses
  DateUtils,
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls;

type
  TForm1 = class(TForm)
    Memo1: TMemo;
    procedure FormCreate(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

type
  PEVENTLOGRECORD = ^EVENTLOGRECORD;
  EVENTLOGRECORD = record
    Length: DWORD;
    Reserved: DWORD;
    RecordNumber: DWORD;
    TimeGenerated: DWORD;
    TimeWritten: DWORD;
    EventID: DWORD;
    EventType: Word;
    NumStrings: Word;
    EventCategory: Word;
    ReservedFlags: Word;
    ClosingRecordNumber: DWORD;
    StringOffset: DWORD;
    UserSidLength: DWORD;
    UserSidOffset: DWORD;
    DataLength: DWORD;
    DataOffset: DWORD;
  end;

const
  EVENTLOG_SEQUENTIAL_READ = 1;
  EVENTLOG_SEEK_READ = 2;
  EVENTLOG_FORWARDS_READ = 4;
  EVENTLOG_BACKWARDS_READ = 8;

procedure TForm1.FormCreate(Sender: TObject);
var
  hEventLog: THandle;
  NumberOfRecords: DWORD;
  Buffer: PEVENTLOGRECORD;
  BytesRead, MinNumberOfBytesNeeded: DWORD;
begin
  Memo1.Lines.BeginUpdate;
  try
    hEventLog:=OpenEventLog(nil, 'SYSTEM');
    if hEventLog=0 then RaiseLastOSError;
    if GetNumberOfEventLogRecords(hEventLog, NumberOfRecords) then Memo1.Lines.Add('NumberOfRecords = '+IntToStr(NumberOfRecords));
    Buffer:=GetMemory($10000);
    while True do
    begin
      if not ReadEventLog(hEventLog, EVENTLOG_SEQUENTIAL_READ or EVENTLOG_BACKWARDS_READ, 0, Buffer, 0, BytesRead, MinNumberOfBytesNeeded) then
      begin
        if GetLastError<>ERROR_INSUFFICIENT_BUFFER then Break;
        if not ReadEventLog(hEventLog, EVENTLOG_SEQUENTIAL_READ or EVENTLOG_BACKWARDS_READ, 0, Buffer, MinNumberOfBytesNeeded, BytesRead, MinNumberOfBytesNeeded) then Break;
        Memo1.Lines.Add('RecordNumber = '+IntToStr(Buffer^.RecordNumber)+' '+PChar(Integer(Buffer)+SizeOf(EVENTLOGRECORD))+' TimeGenerated = '+DateTimeToStr(UnixToDateTime(Buffer^.TimeGenerated))+' EventID = '+IntToStr(Buffer^.EventID));
      end else Break;
    end;
    FreeMemory(Buffer);
    CloseEventLog(hEventLog);
  finally
    Memo1.Lines.EndUpdate;
  end;
end;

end.
__________________
Пишу программы за еду.
__________________
Ответить с цитированием