AltCallingConvention, Library, StdCall, StdCallLibrary
wevtapi.dll Interface
Felder
boolean
Adds localized strings to the events in the specified log file.
boolean
Cancels all pending operations on a handle.
boolean
Removes all events from the specified channel and writes them to the target log file.
boolean
Creates a bookmark that identifies an event in a channel.
Creates a context that specifies the information in the event that you want to render.
boolean
Copies events from the specified channel or log file and writes them to the target log file.
boolean
Formats a message string.
boolean
Gets the specified channel configuration property.
boolean
Gets information that identifies the structured XML query that selected the event and the channel or log file that contained the event.
boolean
Gets the specified event metadata property.
int
Gets a text message that contains the extended error information for the current error.
boolean
Gets information about a channel or log file.
boolean
Gets a provider metadata property from the specified object in the array.
boolean
Gets the number of elements in the array of objects.
boolean
Gets the specified provider metadata property.
boolean
Gets information about a query that you ran that identifies the list of channels or log files that the query attempted to access.
boolean
Gets the next event from the query or subscription results.
boolean
Gets a channel name from the enumerator.
Gets an event definition from the enumerator.
boolean
Gets the identifier of a provider from the enumerator.
Gets a handle that you use to read or modify a channel's configuration property.
Gets a handle that you use to enumerate the list of channels that are registered on the computer.
Gets a handle that you use to enumerate the list of events that the provider defines.
Gets a handle to a channel or log file that you can then use to get information about the channel or log file.
Gets a handle that you use to enumerate the list of registered providers on the computer.
Gets a handle that you use to read the specified provider's metadata.
Establishes a connection to a remote computer that you can use when calling the other Windows Event Log functions.
Runs a query to retrieve events from a channel or log file that match the specified query criteria.
boolean
Renders an XML fragment based on the rendering context that you specify.
boolean
Saves the changes made to a channel's configuration.
boolean
Seeks to a specific event in a query result set.
boolean
Sets the specified configuration property of a channel.
Creates a subscription that will receive current and future events from a channel or log file that match the specified query criteria.
boolean
Updates the bookmark with information that identifies the specified event.
Establishes a connection to a remote computer that you can use when calling the other Windows Event Log functions. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385462(v=vs.85).aspx
LoginClass - [in] The connection method to use to connect to the remote computer. For possible values, see the Winevt.EVT_LOGIN_CLASS enumeration.
Login - [in] A EVT_RPC_LOGIN structure that identifies the remote computer that you want to connect to, the user's credentials, and the type of authentication to use when connecting.
Timeout - [in] Reserved. Must be zero.
Flags - [in]Reserved. Must be zero.
Kernel32.GetLastError() function to get the error code.
Closes an open handle. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385344(v=vs.85).aspx
Object - [in] An open event handle to close.
Kernel32.GetLastError() function.
Cancels all pending operations on a handle. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385335(v=vs.85).aspx
Object - The handle whose operation you want to cancel. You can cancel the following operations:
EvtClearLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)EvtExportLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, java.lang.String, int)EvtNext(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, com.sun.jna.platform.win32.Winevt.EVT_HANDLE[], int, int, com.sun.jna.ptr.IntByReference)EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int)EvtSeek(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, long, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int)EvtSubscribe(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.Pointer, com.sun.jna.Callback, int)EvtClearLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int), EvtExportLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, java.lang.String, int), EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int), and EvtSubscribe operations, you must pass the session handle. To specify the default session (local session), set this parameter to NULL.
Kernel32.GetLastError() function.
Gets a text message that contains the extended error information for the current error. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385380(v=vs.85).aspx
BufferSize - [in] The size of the Buffer buffer, in characters.
Buffer - [in] A caller-allocated string buffer that will receive the extended error information. You can set this parameter to NULL to determine the required buffer size.
BufferUsed - [out] The size, in characters, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Runs a query to retrieve events from a channel or log file that match the specified query criteria. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385466(v=vs.85).aspx
Session - [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL to query for events on the local computer.
Path - [in] The name of the channel or the full path to a log file that contains the events that you want to query. You can specify an .evt, .evtx, or.etl log file. The path is required if the Query parameter contains an XPath query; the path is ignored if the Query parameter contains a structured XML query and the query specifies the path.
Query - [in] A query that specifies the types of events that you want to retrieve. You can specify an XPath 1.0 query or structured XML query. If your XPath contains more than 20 expressions, use a structured XML query. To receive all events, set this parameter to NULL or "*".
Flags - [in] One or more flags that specify the order that you want to receive the events and whether you are querying against a channel or log file. For possible values, see the Winevt.EVT_QUERY_FLAGS enumeration.
Kernel32.GetLastError() function to get the error code.
Gets the next event from the query or subscription results. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385405(v=vs.85).aspx
ResultSet - [in] The handle to a query or subscription result set that the EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int) function or the EvtSubscribe(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.Pointer, com.sun.jna.Callback, int) function returns.
EventArraySize - [in] The number of elements in the EventArray array. The function will try to retrieve this number of elements from the result set.
EventArray - [in] A pointer to an array of handles that will be set to the handles to the events from the result set.
Timeout - [in] The number of milliseconds that you are willing to wait for a result. Set to INFINITE to indicate no time-out value. If the time-out expires, the last error is set to ERROR_TIMEOUT.
Flags - [in] Reserved. Must be zero.
Returned - [out] The number of handles in the array that are set.
Kernel32.GetLastError() function.
Seeks to a specific event in a query result set. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385481(v=vs.85).aspx
ResultSet - [in] The handle to a query result set that the EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int) function returns.
Position - [in] The zero-based offset to an event in the result set. The flag that you specify in the Flags parameter indicates the beginning relative position in the result set from which to seek. For example, you can seek from the beginning of the results or from the end of the results. Set to 0 to move to the relative position specified by the flag.
Bookmark - [in] A handle to a bookmark that the EvtCreateBookmark(java.lang.String)function returns. The bookmark identifies an event in the result set to which you want to seek. Set this parameter only if the Flags parameter has the EvtSeekRelativeToBookmark flag set.
Timeout - [in] Reserved. Must be zero.
Flags - [in] One or more flags that indicate the relative position in the result set from which to seek. For possible values, see the Winevt.EVT_SEEK_FLAGS enumeration.
Kernel32.GetLastError() function.
Creates a subscription that will receive current and future events from a channel or log file that match the specified query criteria. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385487(v=vs.85).aspx
Session - [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL to subscribe to events on the local computer.
SignalEvent - [in] The handle to an event object that the service will signal when new events are available that match your query criteria. This parameter must be NULL if the Callback parameter is not NULL.
ChannelPath - [in] The name of the Admin or Operational channel that contains the events that you want to subscribe to (you cannot subscribe to Analytic or Debug channels). The path is required if the Query parameter contains an XPath query; the path is ignored if the Query parameter contains a structured XML query.
Query - [in] A query that specifies the types of events that you want the subscription service to return. You can specify an XPath 1.0 query or structured XML query. If your XPath contains more than 20 expressions, use a structured XML query. To receive all events, set this parameter to NULL or "*".
Bookmark - [in] A handle to a bookmark that identifies the starting point for the subscription. To get a bookmark handle, call the EvtCreateBookmark(java.lang.String) function. You must set this parameter if the Flags parameter contains the EvtSubscribeStartAfterBookmark flag; otherwise, NULL.
Context - [in] A caller-defined context value that the subscription service will pass to the specified callback each time it delivers an event.
Callback - [in] Pointer to your EVT_SUBSCRIBE_CALLBACK callback function that will receive the subscription events. This parameter must be NULL if the SignalEvent parameter is not NULL.
Flags - [in] One or more flags that specify when to start subscribing to events. For example, if you specify Winevt.EVT_SUBSCRIBE_FLAGS.EvtSubscribeStartAtOldestRecord, the service will retrieve all current and future events that match your query criteria; however, if you specify Winevt.EVT_SUBSCRIBE_FLAGS.EvtSubscribeToFutureEvents, the service returns only future events that match your query criteria. For possible values,see the Winevt.EVT_SUBSCRIBE_FLAGS enumeration.
Kernel32.GetLastError() function to get the error code. You must call the EvtClose function with the subscription handle when done.
Creates a context that specifies the information in the event that you want to render. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385352(v=vs.85).aspx
ValuePathsCount - [in] The number of XPath expressions in the ValuePaths parameter.
ValuePaths - [in] An array of XPath expressions that uniquely identify a node or attribute in the event that you want to render. The expressions must not contain the OR or AND operator. Set to NULL if the Winevt.EVT_RENDER_CONTEXT_FLAGS.EvtRenderContextValues context flag is not set in the Flags parameter.
Flags - [in] One or more flags that identify the information in the event that you want to render. For example, the system information, user information, or specific values. For possible values, see the Winevt.EVT_RENDER_CONTEXT_FLAGS enumeration.
EvtRender(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference, com.sun.jna.ptr.IntByReference)function to render the contents of an event; otherwise, NULL. If NULL, call the Kernel32.GetLastError() function to get the error code.
Renders an XML fragment based on the rendering context that you specify. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385471(v=vs.85).aspx
Context - [in] A handle to the rendering context that the EvtCreateRenderContext(int, java.lang.String[], int) function returns. This parameter must be set to NULL if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml or Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark.
Fragment - [in] A handle to an event or to a bookmark. Set this parameter to a bookmark handle if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml; otherwise, set to an event handle.
Flags - [in] A flag that identifies what to render. For example, the entire event or specific properties of the event. For possible values,see the Winevt.EVT_RENDER_FLAGS enumeration.
BufferSize - [in] The size of the Buffer buffer, in bytes.
Buffer - [in] A caller-allocated buffer that will receive the rendered output. The contents is a null-terminated Unicode string if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventXml or Winevt.EVT_RENDER_FLAGS.EvtRenderBookmark. Otherwise, if Flags is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues, the buffer contains an array of EVT_VARIANT structures; one for each property specified by the rendering context. The PropertyCount parameter contains the number of elements in the array.
BufferUsed - [out] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
PropertyCount - [out] The number of the properties in the Buffer parameter if the Flags parameter is set to Winevt.EVT_RENDER_FLAGS.EvtRenderEventValues; otherwise, zero.
Kernel32.GetLastError() function.
Formats a message string. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385359(v=vs.85).aspx
PublisherMetadata - [in] A handle to the provider's metadata that the EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int) function returns. The handle acts as a formatting context for the event or message identifier.
You can set this parameter to NULL if the Windows Event Collector service forwarded the event. Forwarded events include a RenderingInfo section that contains the rendered message strings. You can also set this parameter to NULL if the event property that you are formatting is defined in the Winmeta.xml file (for example, if level is set to win:Error). In the latter case, the service uses the Winmeta provider as the formatting context and will format only those message strings that you reference in your event that are defined in the Winmeta.xml file.
Event - [in] A handle to an event. The Flags parameter specifies the message string in the event that you want to format. This parameter must be NULL if the Flags parameter is set to EvtFormatMessageId.
MessageId - [in] The resource identifier of the message string that you want to format. To get the resource identifier for a message string, call the EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference) function. Set this parameter only if the Flags parameter is set to EvtFormatMessageId.
ValueCount - [in] The number of values in the Values parameter.
Values - [in] An array of insertion values to use when formatting the event's message string. Typically, you set this parameter to NULL and the function gets the insertion values from the event data itself. You would use this parameter to override the default behavior and supply the insertion values to use. For example, you might use this parameter if you wanted to resolve a SID to a principal name before inserting the value.
To override the insertion values, the Flags parameter must be set to Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageEvent, Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageXml, or Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId, If Flags is set to Winevt.EVT_FORMAT_MESSAGE_FLAGS.EvtFormatMessageId, the resource identifier must identify the event's message string.
Flags - [in] A flag that specifies the message string in the event to format. For possible values, see the Winevt.EVT_FORMAT_MESSAGE_FLAGS enumeration.
BufferSize - [in] The size of the Buffer buffer, in characters.
Buffer - [in] A caller-allocated buffer that will receive the formatted message string. You can set this parameter to NULL to determine the required buffer size.
BufferUsed - [out] The size, in characters of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Gets a handle to a channel or log file that you can then use to get information about the channel or log file. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385447(v=vs.85).aspx
Session - [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL to open a channel or log on the local computer.
Path - [in] The name of the channel or the full path to the exported log file.
Flags - [in] A flag that determines whether the Path parameter points to a log file or channel. For possible values, see the Winevt.EVT_OPEN_LOG_FLAGS enumeration.
Kernel32.GetLastError() function to get the error code.
Gets information about a channel or log file. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385385(v=vs.85).aspx
Log - [in] A handle to the channel or log file that the EvtOpenLog(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int) function returns.
PropertyId - [in] The identifier of the property to retrieve. For a list of property identifiers, see the Winevt.EVT_LOG_PROPERTY_ID enumeration.
PropertyValueBufferSize - [in] The size of the PropertyValueBuffer buffer, in bytes.
PropertyValueBuffer - [in] A caller-allocated buffer that will receive the property value. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
PropertyValueBufferUsed - [out] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Removes all events from the specified channel and writes them to the target log file. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385340(v=vs.85).aspx
Session - [in, optional] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL for local channels.
ChannelPath - [in] The name of the channel to clear.
TargetFilePath - [in, optional] The full path to the target log file that will receive the events. Set to NULL to clear the log file and not save the events.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function.
Copies events from the specified channel or log file and writes them to the target log file. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385355(v=vs.85).aspx
Session - [in, optional] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL for local channels.
Path - [in] The name of the channel or the full path to a log file that contains the events that you want to export. If the Query parameter contains an XPath query, you must specify the channel or log file. If the Flags parameter contains Winevt.EVT_EXPORTLOG_FLAGS.EvtExportLogFilePath, you must specify the log file. If the Query parameter contains a structured XML query, the channel or path that you specify here must match the channel or path in the query. If the Flags parameter contains Winevt.EVT_EXPORTLOG_FLAGS.EvtExportLogChannelPath, this parameter can be NULL if the query is a structured XML query that specifies the channel.
Query - [in] A query that specifies the types of events that you want to export. You can specify an XPath 1.0 query or structured XML query. If your XPath contains more than 20 expressions, use a structured XML query. To export all events, set this parameter to NULL or "*".
TargetFilePath - [in] The full path to the target log file that will receive the events. The target log file must not exist.
Flags - [in] Flags that indicate whether the events come from a channel or log file. For possible values, see the Winevt.EVT_EXPORTLOG_FLAGS.EvtExportLogChannelPath enumeration.
Kernel32.GetLastError() function.
Adds localized strings to the events in the specified log file. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385232(v=vs.85).aspx
Session - [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL for local channels.
LogFilePath - [in] The full path to the exported log file that contains the events to localize.
Locale - [in] The locale to use to localize the strings that the service adds to the events in the log file. If zero, the function uses the calling thread's locale. If the provider's resources does not contain the locale, the string is empty.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function.
Gets a handle that you use to enumerate the list of channels that are registered on the computer. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385437(v=vs.85).aspx
Session - [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL to enumerate the channels on the local computer.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function to get the error code.
Gets a channel name from the enumerator. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385412(v=vs.85).aspx
ChannelEnum - [in] A handle to the enumerator that the EvtOpenChannelEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int) function returns.
ChannelPathBufferSize - [in] The size of the ChannelPathBuffer buffer, in characters.
ChannelPathBuffer - [in] A caller-allocated buffer that will receive the name of the channel. You can set this parameter to NULL to determine the required buffer size.
ChannelPathBufferUsed - [out] The size, in characters, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Gets a handle that you use to read or modify a channel's configuration property. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385430(v=vs.85).aspx
Session - [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL to access a channel on the local computer.
ChannelPath - [in] The name of the channel to access.
Flags - [in] Reserved. Must be zero.
Saves the changes made to a channel's configuration. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385477(v=vs.85).aspx
ChannelConfig - [in] A handle to the channel's configuration properties that the EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int) function returns.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function.
Sets the specified configuration property of a channel. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385484(v=vs.85).aspx
ChannelConfig - [in] A handle to the channel's configuration properties that the EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int) function returns.
PropertyId - [in] The identifier of the channel property to set. For a list of property identifiers, see the Winevt.EVT_CHANNEL_CONFIG_PROPERTY_ID enumeration.
Flags - [in] Reserved. Must be zero.
PropertyValue - [in] The property value to set. A caller-allocated buffer that contains the new configuration property value. The buffer contains an EVT_VARIANT object. Be sure to set the configuration value and variant type.
Kernel32.GetLastError() function.
Gets the specified channel configuration property. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385362(v=vs.85).aspx
ChannelConfig - [in] A handle to the channel's configuration properties that the EvtOpenChannelConfig(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, int) function returns.
PropertyId - [in] The identifier of the channel property to retrieve. For a list of property identifiers, see the Winevt.EVT_CHANNEL_CONFIG_PROPERTY_ID enumeration.
Flags - [in] Reserved. Must be zero.
PropertyValueBufferSize - [in] The size of the PropertyValueBuffer buffer, in bytes.
PropertyValueBuffer - [in] A caller-allocated buffer that will receive the configuration property. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
PropertyValueBufferUsed - [out] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Gets a handle that you use to enumerate the list of registered providers on the computer. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385451(v=vs.85).aspx
Session - [in] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL to enumerate the registered providers on the local computer.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function to get the error code.
Gets the identifier of a provider from the enumerator. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385425(v=vs.85).aspx
PublisherEnum - [in] A handle to the registered providers enumerator that the EvtOpenPublisherEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int) function returns.
PublisherIdBufferSize - [in] The size of the PublisherIdBuffer buffer, in characters.
PublisherIdBuffer - [in] A caller-allocated buffer that will receive the name of the registered provider. You can set this parameter to NULL to determine the required buffer size.
PublisherIdBufferUsed - [out] The size, in characters, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function to get the error code.
Gets a handle that you use to read the specified provider's metadata. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385458(v=vs.85).aspx
EvtHandleSession - [in, optional] A remote session handle that the EvtOpenSession(int, com.sun.jna.platform.win32.Winevt.EVT_RPC_LOGIN, int, int) function returns. Set to NULL to get the metadata for a provider on the local computer.
PublisherIdentity - [in] The name of the provider. To enumerate the names of the providers registered on the computer, call the EvtOpenPublisherEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int) function.
LogFilePath - [in, optional] The full path to an archived log file that contains the events that the provider logged. An archived log file also contains the provider's metadata. Use this parameter when the provider is not registered on the local computer. Set to NULL when reading the metadata from a registered provider..
Locale - [in] The locale identifier to use when accessing the localized metadata from the provider. To create the locale identifier, use the MAKELCID macro. Set to 0 to use the locale identifier of the calling thread.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function to get the error code.
Gets the specified provider metadata property. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385399(v=vs.85).aspx
PublisherMetadata - [in] A handle to the metadata that the EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int) function returns.
PropertyId - [in] The identifier of the metadata property to retrieve. For a list of property identifiers, see the Winevt.EVT_PUBLISHER_METADATA_PROPERTY_ID enumeration.
Flags - [in] Reserved. Must be zero.
PublisherMetadataPropertyBufferSize - [in] The size of the PublisherMetadataPropertyBuffer buffer, in bytes.
PublisherMetadataPropertyBuffer - [in] A caller-allocated buffer that will receive the metadata property. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
PublisherMetadataPropertyBufferUsed - [out] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Gets a handle that you use to enumerate the list of events that the provider defines. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385446(v=vs.85).aspx
PublisherMetadata - [in] A handle to the provider's metadata that the EvtOpenPublisherMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int, int) function returns.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function to get the error code.
Gets an event definition from the enumerator. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385419(v=vs.85).asp
EventMetadataEnum - [in] A handle to the event definition enumerator that the EvtOpenEventMetadataEnum(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int) function returns.
Flags - [in] Reserved. Must be zero.
Kernel32.GetLastError() function to get the error code.
Gets the specified event metadata property. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385376(v=vs.85).aspx
EventMetadata - [in] A handle to the event metadata that the EvtNextEventMetadata(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int) function returns.
PropertyId - [in] The identifier of the metadata property to retrieve. For a list of property identifiers, see the Winevt.EVT_EVENT_METADATA_PROPERTY_ID enumeration.
Flags - [in] Reserved. Must be zero.
EventMetadataPropertyBufferSize - [in] The size of the EventMetadataPropertyBuffer buffer, in bytes.
Buffer - [in] A caller-allocated buffer that will receive the metadata property. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
BufferUsed - [out] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Gets the number of elements in the array of objects. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385394(v=vs.85).aspx
ObjectArray - [in] A handle to an array of objects that the EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference) function returns.
ObjectArraySize - [out] The number of elements in the array.
Kernel32.GetLastError() function.
Gets a provider metadata property from the specified object in the array. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385389(v=vs.85).aspx
ObjectArray - [in] A handle to an array of objects that the EvtGetPublisherMetadataProperty(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, int, int, int, com.sun.jna.Pointer, com.sun.jna.ptr.IntByReference) function returns.
PropertyId - [in] The property identifier of the metadata property that you want to get from the specified object. For possible values, see the Remarks section of Winevt.EVT_PUBLISHER_METADATA_PROPERTY_ID.
ArrayIndex - [in] The zero-based index of the object in the array.
Flags - [in] Reserved. Must be zero.
PropertyValueBufferSize - [in] The size of the PropertyValueBuffer buffer, in bytes.
PropertyValueBuffer - [in] A caller-allocated buffer that will receive the metadata property. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
PropertyValueBufferUsed - [in] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Gets information about a query that you ran that identifies the list of channels or log files that the query attempted to access. The function also gets a list of return codes that indicates the success or failure of each access. https://msdn.microsoft.com/en-us/library/windows/desktop/aa820606(v=vs.85).aspx
QueryOrSubscription - [in] A handle to the query that the EvtQuery(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, int) or EvtSubscribe(com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, java.lang.String, java.lang.String, com.sun.jna.platform.win32.Winevt.EVT_HANDLE, com.sun.jna.Pointer, com.sun.jna.Callback, int) function returns.
PropertyId - [in] The identifier of the query information to retrieve. For a list of identifiers, see the Winevt.EVT_QUERY_PROPERTY_ID enumeration.
PropertyValueBufferSize - [in] The size of the PropertyValueBuffer buffer, in bytes.
PropertyValueBuffer - [in] A caller-allocated buffer that will receive the query information. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
PropertyValueBufferUsed - [out] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
Creates a bookmark that identifies an event in a channel. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385348(v=vs.85).aspx
BookmarkXml - [in, optional] An XML string that contains the bookmark or NULL if creating a bookmark.
Kernel32.GetLastError() function to get the error code.
Updates the bookmark with information that identifies the specified event. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385489(v=vs.85).aspx
Bookmark - [in] The handle to the bookmark to be updated. The EvtCreateBookmark(java.lang.String) function returns this handle.
Event - [in] The handle to the event to bookmark.
Kernel32.GetLastError() function.
Gets information that identifies the structured XML query that selected the event and the channel or log file that contained the event. https://msdn.microsoft.com/en-us/library/windows/desktop/aa385372(v=vs.85).aspx
Event - [in] A handle to an event for which you want to retrieve information.
PropertyId - [in] A flag that identifies the information to retrieve. For example, the query identifier or the path. For possible values, see the Winevt.EVT_EVENT_PROPERTY_ID enumeration.
PropertyValueBufferSize - [in] The size of the PropertyValueBuffer buffer, in bytes.
PropertyValueBuffer - [in] A caller-allocated buffer that will receive the information. The buffer contains an EVT_VARIANT object. You can set this parameter to NULL to determine the required buffer size.
PropertyValueBufferUsed - [in] The size, in bytes, of the caller-allocated buffer that the function used or the required buffer size if the function fails with ERROR_INSUFFICIENT_BUFFER.
Kernel32.GetLastError() function.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4