Sign in to follow this  
Followers 0
djmunis

eventlog description

8 posts in this topic

Hi, I have a problem with eventlog.au3. when I use _eventlog_read() all components of array are ok except description. Sometimes the description do not show how in event viewer. This happens in XP and W7

image of error

Posted Image

The problem seem caused by _eventlog_read() inv include eventlog.au3 ->> $aEvent[13]=EventLog_DecodeDesc($tEventLog) ->> Local $aStrings = EventLog_DecodeStrings($tEventLog) ->> $sDesc = StringReplace($sDesc, "%" & $iI, $aStrings[$iI])

Func EventLog_DecodeStrings($tEventLog)

Local $pEventLog = DllStructGetPtr($tEventLog)

Local $iNumStrs = DllStructGetData($tEventLog, "NumStrings")

Local $iOffset = DllStructGetData($tEventLog, "StringOffset")

; The data offset is used to calculate buffer sizes.

Local $iDataOffset = DllStructGetData($tEventLog, "DataOffset")

Local $tBuffer = DllStructCreate("wchar Text& $iDataOffset - $iOffset &?", $pEventLog + $iOffset)

Local $aStrings[$iNumStrs + 1]

$aStrings[0] = $iNumStrs

For $iI = 1 To $iNumStrs

$aStrings[$iI] = DllStructGetData($tBuffer, "Text")

$iOffset += StringLen($aStrings[$iI]) + 1

$tBuffer = DllStructCreate("wchar Text& $iDataOffset - $iOffset &?", $pEventLog + $iOffset)

Next

Return $aStrings

EndFunc ;==>EventLog_DecodeStrings

Can you help me?

best regards

Notificator Plus v1.0.zip

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Never used the event logging UDF myself, so don't now mush about it and probably will not be able to help.

But. Are you only using it to do logging to/from a server ... Or are you also having this problem when doing some logging locally. (I don't have a server setup I could use to test with in case its only server-use related.)

Edited by iEvKI3gv9Wrkd41u

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Share this post


Link to post
Share on other sites

the querys were locally

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

Sometimes the description do not show how in event viewer. This happens in XP and W7

Seems more like some parts of the description don't make it when Reading then with _EventLog__Read(). (instead of no description at all)

Some part of the description field are probably linked items, that need some special handling.

Will see about updating your Report. But as I'm not at home with Win-DLL'ing thats the best I can do at the moment.

... Was reading the description the only thing, or was there also a problem with writing some description data? Yep

Sometimes the description do not show how in event viewer.

Seems similar, as in some parts don't make it. ... Edited by iEvKI3gv9Wrkd41u

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Share this post


Link to post
Share on other sites

Some part of the description field are probably linked items, that need some special handling.

you are rigth. If you do not replace with "$sDesc = StringReplace($sDesc, "%" & $iI, $aStrings[$iI])" in eventlog.au3, __EventLog_DecodeDesc($tEventLog)the Msbox show %1 instead name of service and %2 instead chinese characters.

I do not know work with dll functions that used to generate "$aStrings".

Thanks for your answer

Share this post


Link to post
Share on other sites

PS: Apply the following change. It should correct your reading problem. (although there might be some issues with it I'm not aware of.)

Func __EventLog_DecodeStrings($tEventLog)
<snip>
;~      $iOffset += StringLen($aStrings[$iI]) + 1 ;; disable this line.
        $iOffset += StringLen($aStrings[$iI])*2 + 2 ;; and add this line.
<snip>

"Straight_and_Crooked_Thinking" : A "classic guide to ferreting out untruths, half-truths, and other distortions of facts in political and social discussions."
"The Secrets of Quantum Physics" : New and excellent 2 part documentary on Quantum Physics by Jim Al-Khalili. (Dec 2014)

"Believing what you know ain't so" ...

Knock Knock ...
 

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

PS: Apply the following change. It should correct your reading problem. (although there might be some issues with it I'm not aware of.)

Func __EventLog_DecodeStrings($tEventLog)
<snip>
;~      $iOffset += StringLen($aStrings[$iI]) + 1 ;; disable this line.
        $iOffset += StringLen($aStrings[$iI])*2 + 2 ;; and add this line.
<snip>

This seems that works fine. I saw here also, and MVG suggested more changes

Func __EventLog_DecodeUserName($tEventLog)
<snip>
    If IsArray($aAcctInfo) Then ...
;~          Return $aAcctInfo[1] ;; org, contains computer name. need user type
        Return $aAcctInfo[0] ;; change: user type.
<snip>

Func __EventLog_DecodeComputer($tEventLog)
<snip>
    Local $tBuffer
;~  $iOffset += StringLen(__EventLog_DecodeSource($tBuffer)) + 1 ;; org, wrong count, + trigers a dllstruc error.
    $iOffset += StringLen(__EventLog_DecodeSource($tEventLog))*2 + 2 ;; changed, count + $tBuffer -> $tEventLog
<snip>

Thanks

Edited by djmunis

Share this post


Link to post
Share on other sites

Thanks to both of you a couple of problems on my end is solved.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0