How to read boot events in Windows 7?

Question

How to read boot events in Windows 7?

I'm trying to use ETW functions without success to read the file C: \ Windows \ System32 \ winevt \ Logs \ Microsoft-Windows-Diagnostics-Performance% 4Operational.evtx to capture load time events. I tried various functions -

OpenTrace gives error 161
EvtQuery gives error 15000

Does anyone have an example of their own code reading system trace files?

+3

c ++ windows-7 event-log etw

Paul dolphin Nov 16 '10 at 13:35

source share

2 answers

, API . , , .

+1

Rohit J 23 . '10 11:04

Paul Dolphin · Accepted Answer · 2010-11-24T09:29:38+0000

I got this work as follows:

LPWSTR pwsPath = L"Microsoft-Windows-Diagnostics-Performance/Operational";
LPWSTR pwsQuery = L"Event/System[EventID=100]";

hResults = EvtQuery(NULL, pwsPath, pwsQuery,
                    EvtQueryChannelPath | EvtQueryReverseDirection);

The channel name can be found by going to "Properties" in the event log and using its Full name.

15000 , .

How to read boot events in Windows 7?

More articles: