查看系统日志的执行程序:eventvwr.msc
方法一 用API读取
void DisplayEntries()
{
char *tempBuf=new char[100];
memset(tempBuf,0,100);
HANDLE h;
EVENTLOGRECORD *pevlr;
TCHAR bBuffer[4096] = {0};
DWORD dwRead, dwNeeded, cRecords, dwThisRecord = 0;
// Open the Application event log.
/*Windows 日志: 应用程序 对应于OpenEventLog(NULL,"Application") 安全 对应于OpenEventLog(NULL,"Security") setup 系统 对应于OpenEventLog(NULL,"System")*/ h = OpenEventLog( NULL, /*use local computer*/ _T("System")); // source name : System. if (h == NULL) { printf("Could not open the Application event log."); } pevlr = (EVENTLOGRECORD *) &bBuffer; //GetOldestEventLogRecord(h, &dwThisRecord); // Opening the event log positions the file pointer for this // handle at the beginning of the log. Read the records // sequentially until there are no more. while (ReadEventLog(h, // event log handle EVENTLOG_FORWARDS_READ | // reads forward EVENTLOG_SEQUENTIAL_READ, // sequential read 0, // ignored for sequential reads pevlr, // pointer to buffer 4096, // size of buffer &dwRead, // number of bytes read &dwNeeded)) // bytes in next record { while (dwRead > 0) { // Print the event identifier, type, and source name. // The source name is just past the end of the formal structure. //_tprintf(_T("%02d Event ID: 0x%08X "), dwThisRecord++, pevlr->EventID); _tprintf(_T("%02d Event ID: %08d "), dwThisRecord++, pevlr->EventID); _tprintf(_T("EventType: %d Source: %s\n"), pevlr->EventType, (LPCTSTR)((LPBYTE) pevlr + sizeof(EVENTLOGRECORD))); dwRead -= pevlr->Length; pevlr = (EVENTLOGRECORD *) ((LPBYTE) pevlr + pevlr->Length); } pevlr = (EVENTLOGRECORD *) &bBuffer; } CloseEventLog(h); }
这个方法读出来的记录有个问题,source是eventlog的记录,eventID的值都不对。比如6005,是2147477642.。而其它来源的记录不会有问题
方法二 .net 提供的类EventLog
msdn上 eventlog类的介绍:
https://msdn.microsoft.com/zh-cn/library/system.diagnostics.eventlog(v=vs.110).aspx
double DiffSec=0;
EventLog e = new EventLog();
e.Log = "System";
foreach (EventLogEntry l in e.Entries)
{
if (l.EventID == 6006) // shutdown
{
Console.WriteLine( "关机时间:"+ l.TimeGenerated );
year = l.TimeGenerated.Year;
month = l.TimeGenerated.Month;
day = l.TimeGenerated.Day;
hour = l.TimeGenerated.Hour;
min = l.TimeGenerated.Minute;
sec = l.TimeGenerated.Second;
}
if (l.EventID == 6005) // shutup
{
Console.WriteLine("开机时间:" + l.TimeGenerated);
year2= l.TimeGenerated.Year;
month2 = l.TimeGenerated.Month;
day2 = l.TimeGenerated.Day;
hour2 = l.TimeGenerated.Hour;
min2 = l.TimeGenerated.Minute;
sec2 = l.TimeGenerated.Second;
}
}
if ((year == 0) | (year2 == 0))
{
Console.WriteLine("error");
return 1;
}
else
{
System.DateTime ShutdownTime = new DateTime(year, month, day, hour, min, sec);
System.DateTime ShutupTime = new DateTime(year2, month2, day2, hour2, min2, sec2);
System.TimeSpan diff2 = ShutupTime - ShutdownTime;
DiffSec = diff2.TotalSeconds;
if (DiffSec >= int.Parse(args[0]))
{
Console.WriteLine("0");
return 0;
}
else
{
Console.WriteLine("1");
return 1;
}
}