我正在尝试读取事件日志文件,但每次尝试读取任何文件时都会发出异常“无法读取超出流的末尾。”#39; 我无法弄清楚如何修复调用异常的内容。
这是调用异常的特定行:uint length = br.ReadUInt32();
如果您需要更多信息,请询问
public unsafe void Parse(string filename)
{
try
{
// Open the file
using (FileStream fs = new FileStream(filename, FileMode.Open))
{
// Use BinaryReader to read the file
using (BinaryReader br = new BinaryReader(fs))
{
//Read the header of the file
byte[] header = new byte[sizeof(EventLogHeader)];
br.Read(header, 0, header.Length);
EventLogHeader _h = new EventLogHeader(header);
/*
// Validate the file
if (!Validate(_h))
{
this.OnAction("Invalid file format.");
return;
}
*/
int totalEvents = (int)(_h.NextIndex - 1);
this.OnAction(String.Format("Found {0} events", totalEvents));
// Read the items
EventLogEntry e;
int cnt = 0;
uint offset = _h.FooterOffset;
while (true)
{
byte[] buff = ReadEntry(br, ref offset);
e = ReadEntry(buff);
cnt++;
DateTime dt = GetTime(e.rec.TimeGenerated);
this.OnFoundRecord(
new object[] {
Enum.GetName(typeof(EventLogEntryType),e.rec.EventType),
dt.ToShortDateString(),
dt.ToShortTimeString(),
e.SourceName,
e.Strings,
e.rec.EventCategory,
e.rec.EventID,
e.UserSid,
e.Computername});
if (cnt % 200 == 0) this.OnProgress(cnt, totalEvents);
if (offset == 48)
break;
}
}
}
}
catch (Exception ex)
{
this.OnAction(String.Format("Error Occured! {0}", ex.Message));
}
return;
}
ReadEntry方法:
private byte[] ReadEntry(BinaryReader br, ref uint endPoint)
{
br.BaseStream.Seek(endPoint - 4, SeekOrigin.Begin);
uint length = br.ReadUInt32();
endPoint -= length;
br.BaseStream.Seek(endPoint, SeekOrigin.Begin);
byte[] buff = new byte[length];
br.Read(buff, 0, buff.Length);
return buff;
}
uint offset = _h.FooterOffset;