我收到编译器错误_T标识符未找到..请帮我解决此错误?另外我想在C ??制作这个程序。 但首先解决错误,以便我可以调试和观察流量?在VS 2008上进行编译
#include <iostream>
#include <fstream>
using namespace std;
typedef unsigned long ULONG;
typedef struct _EVENTLOGHEADER {
ULONG HeaderSize;
ULONG Signature;
ULONG MajorVersion;
ULONG MinorVersion;
ULONG StartOffset;
ULONG EndOffset;
ULONG CurrentRecordNumber;
ULONG OldestRecordNumber;
ULONG MaxSize;
ULONG Flags;
ULONG Retention;
ULONG EndHeaderSize;
} EVENTLOGHEADER, *PEVENTLOGHEADER;
typedef unsigned long DWORD;
typedef unsigned short WORD;
typedef struct _EVENTLOGRECORD {
DWORD Length;
DWORD Reserved;
DWORD RecordNumber;
DWORD TimeGenerated;
DWORD TimeWritten;
DWORD EventID;
WORD EventType;
WORD NumStrings;
WORD EventCategory;
WORD ReservedFlags;
DWORD ClosingRecordNumber;
DWORD StringOffset;
DWORD UserSidLength;
DWORD UserSidOffset;
DWORD DataLength;
DWORD DataOffset;
} EVENTLOGRECORD, *PEVENTLOGRECORD;
void main()
{
ifstream file;
file.open("C:\Windows\System32\winevt\Logs\\Application.evtx",ios::in|ios::binary);
if(file.is_open()){
_EVENTLOGHEADER logheader;
_EVENTLOGRECORD logRecord;
//Reading the header
file.read((char*)&logheader,sizeof(_EVENTLOGHEADER));
int startOfLog;
//Loop on every record
for(unsigned int numberFile=0;numberFile < logheader.CurrentRecordNumber -1;numberFile++){
//Save the position
startOfLog = file.tellg();
//Read log record
file.read((char*)&logRecord,sizeof(_EVENTLOGRECORD));
/*******************************************************
Here are the other information (section 'Remarks' on the 'EVENTLOGRECORD structure' link
********************************************************/
//Reading sourcename
wchar_t buffData;
wstring SourceName;
file.read((char*)&buffData,sizeof(wchar_t));
while(buffData!=_T('\0')){
SourceName.push_back(buffData);
file.read((char*)&buffData,sizeof(wchar_t));
}
//Reading computer name
wstring ComputerName;
file.read((char*)&buffData,sizeof(wchar_t));
while(buffData!=_T('\0')){
ComputerName.push_back(buffData);
file.read((char*)&buffData,sizeof(wchar_t));
}
//Sets the position to the SID offset
int readCursor = startOfLog + logRecord.UserSidOffset;
file.seekg(readCursor);
char * userSid = NULL;
if(logRecord.UserSidLength != 0)
{
userSid = (PCHAR)malloc(logRecord.UserSidLength);
file.read(userSid,logRecord.UserSidLength); //Reading the sid
//Here you can work on the SiD (but you need win32 API).If you need it, I could show you how i deal with this sid
free(userSid);
}
//Sets the position to the Strings offset
readCursor = startOfLog + logRecord.StringOffset;
file.seekg(readCursor);
wstring buffString;
vector<wstring> allStrings;
//Reading all the strings
for(int i=0; i< logRecord.NumStrings; i++) {
file.read((char*)&buffData,sizeof(wchar_t));
while(buffData!=_T('\0')){
buffString.push_back(buffData);
file.read((char*)&buffData,sizeof(wchar_t));
}
allStrings.push_back(buffString);
buffString.clear();
}
//Sets the position to the Data offset
readCursor = startOfLog + logRecord.DataOffset;
file.seekg(readCursor);
unsigned char *Data = (unsigned char *)malloc(logRecord.DataLength*sizeof(unsigned char));
file.read((char*)Data,logRecord.DataLength); //Lecture des données
//Sets the position to the end of log offset
readCursor = startOfLog + logRecord.Length - sizeof(DWORD) ;
file.seekg(readCursor);
DWORD length;
file.read((char*)&length,sizeof(DWORD));
//Do what you want with the log record
//Clean before reading next log
ComputerName.clear();
SourceName.clear();
allStrings.clear();
free(Data);
}
}
}
答案 0 :(得分:4)
_T
是一种特定于Windows的方法,用于指定 窄字符常量/字符串文字,或宽字符常量/字符串文字,具体取决于项目设置。它需要在代码中不存在的适当#include
指令,它不是编译器定义的宏。
但是,你不需要它。您在while(buffData!=_T('\0'))
中使用它,但buffData
的类型为wchar_t
,与项目设置无关。在这种情况下,只需使用宽字符常量:L'\0'
。
答案 1 :(得分:1)
在_T
中定义了Tchar.h
宏,因此您似乎只需要包含该标头。
也就是说,您似乎没有编写可以作为ANSI和Unicode编译器的代码,因此停止使用TCHAR
并使用L
为宽字符添加前缀更有意义。所以,不要写_T('\0')
写L'\0'
,或者只写简单的0
。