使用EvtSetChannelConfigProperty()函数时发生访问冲突错误

时间:2018-08-27 10:07:52

标签: c++ windows winapi event-log

我正在尝试使用来更新最大日志文件大小 EvtSetChannelConfigProperty()功能。运行程序时出现访问冲突。

我正在以管理员模式运行Visual Studio。仍然显示访问冲突。

我添加了<winevt.h>头文件:

PEVT_VARIANT value;
UINT64 val = 30000000;
value = PEVT_VARIANT(val);

EVT_HANDLE hlog = EvtOpenChannelConfig(NULL,L"Application",0);
BOOL check = EvtSetChannelConfigProperty(hlog,EvtChannelLoggingConfigMaxSize, 0, value);

为什么我在读取访问位置时出现错误,提示访问冲突?

错误:

'Windows_API.exe' (Win32): Loaded 
'C:\Users\Administrator\source\repos\Windows_API\x64\Debug\Windows_API.exe'. 
 Symbols loaded.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\ntdll.dll'. Cannot 
 find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\kernel32.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\KernelBase.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\apphelp.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\sechost.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\rpcrt4.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\msvcp140d.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\ucrtbased.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140d.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Unloaded 'C:\Windows\System32\vcruntime140d.dll'
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140d.dll'. 
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\wevtapi.dll'. Cannot 
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\bcrypt.dll'. Cannot 
find or open the PDB file.
Exception thrown at 0x00007FFBB52C6749 (wevtapi.dll) in Windows_API.exe: 
0xC0000005: Access violation reading location 0x0000000001C9C38C.

The program '[7672] Windows_API.exe' has exited with code 0 (0x0).

1 个答案:

答案 0 :(得分:2)

value是未指向任何地方的未初始化指针。因此,当EvtSetChannelConfigProperty尝试取消引用该指针时,程序将崩溃。

您可能想要这样的东西:

EVT_VARIANT value;
value.Count = 0;
value.Type = EvtVarTypeUInt64;
value.UInt64Val = 3000000;

EVT_HANDLE hlog = EvtOpenChannelConfig(NULL, L"Application", 0);
BOOL check = EvtSetChannelConfigProperty(hlog, EvtChannelLoggingConfigMaxSize, 0, &value);

顺便说一句,您无需为此处于管理员模式。