Reputation: 5
EventLog functions returning ERROR_INVALID_PARAMETER
While trying to read and get number of events in an Event Log I am getting an error 87.
#include <windows.h>
#include <stdio.h>
#include <strsafe.h>
#define PROVIDER_NAME "System"
void wmain(void)
{
HANDLE hEventLog = NULL;
DWORD status = ERROR_SUCCESS;
PDWORD numEvents = 0;
hEventLog = OpenEventLog(NULL, PROVIDER_NAME);
printf("Last error: %lu\n", GetLastError());
if (!GetNumberOfEventLogRecords(hEventLog, numEvents))
{
printf("Failed GetNumberOfEventLogRecords: %lu\n", GetLastError());
}
Output:
Last error: 0
Failed GetNumberOfEventLogRecords: 87
I've tried with a few variants on the PROVIDER_NAME and I've based my example off this doc but once I do any kind of tweaking like my example I run into the ERROR_INVALID_PARAMETER
https://learn.microsoft.com/en-us/windows/win32/eventlog/querying-for-event-source-messages
I am not sure what the incorrect parameter is in reference to.
Upvotes: 0
Views: 327
Answers (2)
Reputation: 595711
Per the GetNumberOfEventLogRecords() documentation:
NumberOfRecords
A pointer to a variable that receives the number of records in the specified event log.
Your numEvents variable is a PDWORD (DWORD*) pointer that has a value of 0. So you are calling GetNumberOfEventLogRecords() with a NULL pointer in its NumberOfRecords parameter. That is what the ERROR_INVALID_PARAMETER error is complaining about - it has nowhere to write out the record count.
You need to pass in the address of an actual DWORD variable, not a NULL pointer.
Also, you should not be calling GetLastError() after OpenEventLog() unless it actually fails.
Try this:
#include <windows.h>
#include <stdio.h>
#include <strsafe.h>
#define PROVIDER_NAME "System"
void wmain(void)
{
HANDLE hEventLog = NULL;
DWORD numEvents = 0;
...
hEventLog = OpenEventLog(NULL, PROVIDER_NAME);
if (!hEventLog) {
printf("Failed OpenEventLog: %lu\n", GetLastError());
}
else {
if (!GetNumberOfEventLogRecords(hEventLog, &numEvents)) {
printf("Failed GetNumberOfEventLogRecords: %lu\n", GetLastError());
}
else {
...
}
CloseEventLog(hEventLog);
}
}
Upvotes: 1
Reputation: 7170
NumberOfRecords
A pointer to a variable that receives the number of records in the specified event log.
You need to pass the address of a DWORD value, to get the number
#include <windows.h>
#include <stdio.h>
#include <strsafe.h>
#define PROVIDER_NAME "System"
int wmain(void)
{
HANDLE hEventLog = NULL;
DWORD status = ERROR_SUCCESS;
DWORD numEvents = 0;
hEventLog = OpenEventLog(NULL, PROVIDER_NAME);
printf("Last error: %lu\n", GetLastError());
if (!GetNumberOfEventLogRecords(hEventLog, &numEvents))
{
printf("Failed GetNumberOfEventLogRecords: %lu\n", GetLastError());
}
}
Upvotes: 1
Related Questions
- Why I have empty windows logs after success EventWrite function call
- Why does the Windows API respond with error codes depending on my logging statements
- I need to add an event-log with type of Critical
- Problems with a window event callback function C++
- ETW not logging events to channel (event log)
- CreateEventW unexpectedly fails
- Writing to the Windows Security Log with C++
- Having trouble when trying to implement a Event Handler for Windows API wrapper
- Logging to windows event using Log4cxx
- Get event viewer logs with win api in c++