Trying to get strings from EVENTLOGRECORD
TheLongshot
struct. I'm able to read that fine. But, when I try to get the
strings (SourceName, ComputerName, etc), all I get is junk. I don't
know if I just don't know how to convert the byte array correctly into
a string. I tried converting the bytes into chars and used
StringBuilder to build a string and that didn't work. I then tried
UnicodeEncoding to convert the byte array to a string and that didn't
seem to work. BTW, I was able to get the user id from the UserSID
through LookupAccountSID, so it seems that I do have good data.
Any suggestions?
Jason
TheLongshot
Again, anyone have suggestions? I still can't figure out what is
going on here.
Jason
Adam Root
http://msdn2.microsoft.com/en-us/library/k6b9a7h8.aspx
TheLongshot
Security log and logs it into the database with other information.
I'm trying to move the application to Vista and I can't get the
information I need from the Framework classes (mainly the domain/user
that logged the event). I also don't seem to get all the events in
Vista either. I'm using the old API because I need backward
compatibility for the time being.
Anyways, I figured out the problem. Considering that the
documentation says that the extra strings are WCHAR pointers, I had
thought they were UTF-16. Apparently, tho, they are UTF-8. I hate it
when Microsoft's own documentation seems to be wrong.
![Willy Denoyette [MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjXfXiAXGhHYcXf-iOUYGXHMIHmtAw4w01ItpjRcuAnrUu-vVQ=s40-c)
Willy Denoyette [MVP]
news:bd30303b-48c6-401c...@56g2000hsm.googlegroups.com...
The documentation is correct, you need to declare your API as Unicode or
Auto for this.
[DllImport("advapi32", CharSet = CharSet.Unicode)]
static extern int ReadEventLog(
or,
[DllImport("advapi32", CharSet = CharSet.Auto)]
static extern int ReadEventLog(
by default the interop marshaller considers all strings as being ANSI.
Willy.
TheLongshot
Ok, that's good to know. I would have expected it to default to
Unicode.
Jason