08.12.2015, 11:27
|
|
Let Me Show You
|
|
Регистрация: 30.04.2010
Адрес: Северодвинск
Сообщения: 5,426
Версия Delphi: 7, XE5
Репутация: 59586
|
|
Код:
unit Unit1;
interface
uses
DateUtils,
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Memo1: TMemo;
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
type
PEVENTLOGRECORD = ^EVENTLOGRECORD;
EVENTLOGRECORD = record
Length: DWORD;
Reserved: DWORD;
RecordNumber: DWORD;
TimeGenerated: DWORD;
TimeWritten: DWORD;
EventID: DWORD;
EventType: Word;
NumStrings: Word;
EventCategory: Word;
ReservedFlags: Word;
ClosingRecordNumber: DWORD;
StringOffset: DWORD;
UserSidLength: DWORD;
UserSidOffset: DWORD;
DataLength: DWORD;
DataOffset: DWORD;
end;
const
EVENTLOG_SEQUENTIAL_READ = 1;
EVENTLOG_SEEK_READ = 2;
EVENTLOG_FORWARDS_READ = 4;
EVENTLOG_BACKWARDS_READ = 8;
procedure TForm1.FormCreate(Sender: TObject);
var
hEventLog: THandle;
NumberOfRecords: DWORD;
Buffer: PEVENTLOGRECORD;
BytesRead, MinNumberOfBytesNeeded: DWORD;
begin
Memo1.Lines.BeginUpdate;
try
hEventLog:=OpenEventLog(nil, 'SYSTEM');
if hEventLog=0 then RaiseLastOSError;
if GetNumberOfEventLogRecords(hEventLog, NumberOfRecords) then Memo1.Lines.Add('NumberOfRecords = '+IntToStr(NumberOfRecords));
Buffer:=GetMemory($10000);
while True do
begin
if not ReadEventLog(hEventLog, EVENTLOG_SEQUENTIAL_READ or EVENTLOG_BACKWARDS_READ, 0, Buffer, 0, BytesRead, MinNumberOfBytesNeeded) then
begin
if GetLastError<>ERROR_INSUFFICIENT_BUFFER then Break;
if not ReadEventLog(hEventLog, EVENTLOG_SEQUENTIAL_READ or EVENTLOG_BACKWARDS_READ, 0, Buffer, MinNumberOfBytesNeeded, BytesRead, MinNumberOfBytesNeeded) then Break;
Memo1.Lines.Add('RecordNumber = '+IntToStr(Buffer^.RecordNumber)+' '+PChar(Integer(Buffer)+SizeOf(EVENTLOGRECORD))+' TimeGenerated = '+DateTimeToStr(UnixToDateTime(Buffer^.TimeGenerated))+' EventID = '+IntToStr(Buffer^.EventID));
end else Break;
end;
FreeMemory(Buffer);
CloseEventLog(hEventLog);
finally
Memo1.Lines.EndUpdate;
end;
end;
end.
__________________
Пишу программы за еду.
__________________
|