我正在尝试使用来更新最大日志文件大小
EvtSetChannelConfigProperty()
功能。运行程序时出现访问冲突。
我正在以管理员模式运行Visual Studio。仍然显示访问冲突。
我添加了<winevt.h>
头文件:
PEVT_VARIANT value;
UINT64 val = 30000000;
value = PEVT_VARIANT(val);
EVT_HANDLE hlog = EvtOpenChannelConfig(NULL,L"Application",0);
BOOL check = EvtSetChannelConfigProperty(hlog,EvtChannelLoggingConfigMaxSize, 0, value);
为什么我在读取访问位置时出现错误,提示访问冲突?
错误:
'Windows_API.exe' (Win32): Loaded
'C:\Users\Administrator\source\repos\Windows_API\x64\Debug\Windows_API.exe'.
Symbols loaded.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\ntdll.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\kernel32.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\KernelBase.dll'.
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\apphelp.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\advapi32.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\msvcrt.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\sechost.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\rpcrt4.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\msvcp140d.dll'.
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\ucrtbased.dll'.
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140d.dll'.
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Unloaded 'C:\Windows\System32\vcruntime140d.dll'
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\vcruntime140d.dll'.
Cannot find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\wevtapi.dll'. Cannot
find or open the PDB file.
'Windows_API.exe' (Win32): Loaded 'C:\Windows\System32\bcrypt.dll'. Cannot
find or open the PDB file.
Exception thrown at 0x00007FFBB52C6749 (wevtapi.dll) in Windows_API.exe:
0xC0000005: Access violation reading location 0x0000000001C9C38C.
The program '[7672] Windows_API.exe' has exited with code 0 (0x0).
答案 0 :(得分:2)
value
是未指向任何地方的未初始化指针。因此,当EvtSetChannelConfigProperty
尝试取消引用该指针时,程序将崩溃。
您可能想要这样的东西:
EVT_VARIANT value;
value.Count = 0;
value.Type = EvtVarTypeUInt64;
value.UInt64Val = 3000000;
EVT_HANDLE hlog = EvtOpenChannelConfig(NULL, L"Application", 0);
BOOL check = EvtSetChannelConfigProperty(hlog, EvtChannelLoggingConfigMaxSize, 0, &value);
顺便说一句,您无需为此处于管理员模式。