Displaying the Local Time for an Event

  • Article

The following example displays the time information for an event. The function parameter is a pointer to the EVENTLOGRECORD structure. The function has no return value.

#include <stdafx.h>
#include <windows.h>
#include <iostream>

#define BUFFER_SIZE 512

void __cdecl wmain(int argc, LPWSTR *argv)
{
    // Name of the event log.
    wchar_t *logName = L"Application";  
   
    HANDLE h;
    EVENTLOGRECORD *pevlr;
    BYTE bBuffer[BUFFER_SIZE];
    DWORD dwRead, dwNeeded, dwThisRecord;
    LPCTSTR lpSourceName;

    // Open the event log.
    h = OpenEventLog( NULL,     // Use the local computer.
        logName);
    if (h == NULL)
    {
        std::wcout << L"Could not open the event log." << std::endl;;
        return;
    }
    
    // Initialize the event record buffer.
    pevlr = (EVENTLOGRECORD *) &bBuffer;

    // Get the record number of the oldest event log record. 
    GetOldestEventLogRecord(h, &dwThisRecord);

    // When the event log is opened, the position of the file pointer
    // is at the beginning of the log. Read the event log records
    // sequentially.
    ReadEventLog(h,                // Event log handle
        EVENTLOG_FORWARDS_READ |          // Reads forward
        EVENTLOG_SEQUENTIAL_READ,         // Sequential read
        0,                                // Ignored for sequential read
        pevlr,                            // Pointer to buffer
        BUFFER_SIZE,                      // Size of buffer
        &dwRead,                          // Number of bytes read
        &dwNeeded);                       // Bytes in the next record
    
    if (dwRead > 0)
    {
        // Get the event source name.
        lpSourceName = (LPCTSTR) ((LPBYTE) pevlr + sizeof(EVENTLOGRECORD));        

        // Print the event identifier and event source.
        std::wcout << L"Event ID: " << pevlr->EventID << std::endl;   
        std::wcout << L"Event Source: " <<
            lpSourceName << std::endl;

        // Display the local time for the event.
        FILETIME FileTime, LocalFileTime;
        SYSTEMTIME SysTime;
        __int64 lgTemp;
        __int64 SecsTo1970 = 116444736000000000;

        lgTemp = Int32x32To64(pevlr->TimeGenerated,10000000) + SecsTo1970;

        FileTime.dwLowDateTime = (DWORD) lgTemp;
        FileTime.dwHighDateTime = (DWORD)(lgTemp >> 32);

        FileTimeToLocalFileTime(&FileTime, &LocalFileTime);
        FileTimeToSystemTime(&LocalFileTime, &SysTime);

        printf("Time Generated: %02d/%02d/%02d   %02d:%02d:%02d\n",
            SysTime.wMonth,
            SysTime.wDay,
            SysTime.wYear,
            SysTime.wHour,
            SysTime.wMinute,
            SysTime.wSecond);

    }
     
    // Close the event log.
    CloseEventLog(h);
}

Send comments about this topic to Microsoft

Build date: 3/29/2009