C++CLR编程读取Windows系统日志数组越界错误 80C

以下为我的程序

int main(array<System::String^>^ args)
{
    //后台运行
    HWND hwnd;
    hwnd = FindWindow("ConsoleWindowClass", NULL);
    if (hwnd) {
        ShowWindow(hwnd, SW_SHOWNORMAL);
    }

    EventLog^ log = gcnew EventLog();

    //绑定应用日志
    log->Log = ("Application");
    EventLogEntryCollection^ myApp = log->Entries;
    int AppNum = myApp->Count;

    //绑定安全日志
    log->Log = ("Security");
    EventLogEntryCollection^ mySec = log->Entries;
    int SecuNum = mySec->Count;

    //绑定系统日志
    log->Log = ("System");
    EventLogEntryCollection^ mySys = log->Entries;
    int SysNum = mySys->Count;

    while (1)
    {
        //获取当前应用日志
        log->Log = ("Application");
        EventLogEntryCollection^ myApplication = log->Entries;
        if (myApplication->Count > AppNum)
        {
            analysis1(myApplication, AppNum);
            AppNum++;
        }
        else if (myApplication->Count < AppNum)
        {
            for each (EventLogEntry^ var in myApplication)
            {
                analysis2(var);
            }
            AppNum = myApplication->Count;
        }

        //获取当前安全日志
        log->Log = ("Security");
        EventLogEntryCollection^ mySecurity = log->Entries;
        if (mySecurity->Count > SecuNum)
        {
            analysis1(mySecurity, SecuNum);
            SecuNum++;
        }
        else if (mySecurity->Count < SecuNum)
        {
            for each (EventLogEntry^ var in mySecurity)
            {
                analysis2(var);
            }
            SecuNum = mySecurity->Count;
        }

        //获取当前系统日志
        log->Log = ("System");
        EventLogEntryCollection^ mySystem = log->Entries;
        if (mySystem->Count > SysNum)  //如有新日志,则按序输出
        {
            analysis1(mySystem, SysNum);
            SysNum++;
        }
        else if (mySystem->Count < SysNum) //表示日志以重置
        {
            for each (EventLogEntry^ var in mySystem)
            {
                analysis2(var);
            }
            SysNum = mySystem->Count;
        }
    }
    return 0;
}

//解析相关的内容以及JSON封包
void analysis1(EventLogEntryCollection^ log, int n) {
    string type, time, sou, user, machine, cat, msg;
    int id;

    //判断查找的内容是否为空
    //判断级别是否为空
    if (!log[n]->EntryType.ToString()) {
        type = "";
    }
    else {
        const char* EntryType = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->EntryType.ToString())).ToPointer();
        type = EntryType;
    }

    //判断事件是否为空
    if (!log[n]->TimeWritten.ToString()) {
        time = "";
    }
    else {
        const char* TimeWritten = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->TimeWritten.ToString())).ToPointer();
        time = TimeWritten;
    }

    //判断来源是否为空
    if (!log[n]->Source) {
        sou = "";
    }
    else {
        const char* Source = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->Source)).ToPointer();
        sou = Source;
    }

    //判断用户是否为空
    if (!log[n]->UserName) {
        user = "";
    }
    else {
        const char* UserName = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->UserName)).ToPointer();
        user = UserName;
    }

    //判断计算机名是否为空
    if (!log[n]->MachineName) {
        machine = "";
    }
    else {
        const char* MachineName = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->MachineName)).ToPointer();
        machine = MachineName;
    }

    //判断任务类别是否为空
    if (!log[n]->CategoryNumber.ToString()) {
        cat = "";
    }
    else {
        const char* Category = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->CategoryNumber.ToString())).ToPointer();
        cat = Category;
    }

    //判断内容是否为空
    if (!log[n]->Message) {
        msg = "";
    }
    else {
        const char* Message = (const char*)(Marshal::StringToCoTaskMemAnsi(log[n]->Message)).ToPointer();
        msg = Message;
    }

    //判断事件ID是否为空
    if (!log[n]->EventID) {
        id = NULL;
    }
    else {
        id = log[n]->EventID;
    }

    StringBuffer buffer;
    Writer<StringBuffer> Log(buffer);
    Log.StartObject();
    Log.Key("EntryType");
    Log.String(type.c_str());
    Log.Key("TimeWritten");
    Log.String(time.c_str());
    Log.Key("Source");
    Log.String(sou.c_str());
    Log.Key("EventID");
    Log.Int(id);
    Log.String("Category");
    Log.Key(cat.c_str());
    Log.String("UserName");
    Log.Key(user.c_str());
    Log.String("MachineName");
    Log.Key(machine.c_str());
    Log.String("Message");
    Log.Key(msg.c_str());
    Log.EndObject();
    string LogData = buffer.GetString();
    client(LogData.c_str());
}

//日志重置后解析相关的内容以及JSON封包
void analysis2(EventLogEntry^ log) {
    string type, time, sou, user, machine, cat, msg;
    int id;

    //判断查找的内容是否为空
    //判断级别是否为空
    if (!log->EntryType.ToString()) {
        type = "";
    }
    else {
        const char* EntryType = (const char*)(Marshal::StringToCoTaskMemAnsi(log->EntryType.ToString())).ToPointer();
        type = EntryType;
    }

    //判断事件是否为空
    if (!log->TimeWritten.ToString()) {
        time = "";
    }
    else {
        const char* TimeWritten = (const char*)(Marshal::StringToCoTaskMemAnsi(log->TimeWritten.ToString())).ToPointer();
        time = TimeWritten;
    }

    //判断来源是否为空
    if (!log->Source) {
        sou = "";
    }
    else {
        const char* Source = (const char*)(Marshal::StringToCoTaskMemAnsi(log->Source)).ToPointer();
        sou = Source;
    }

    //判断用户是否为空
    if (!log->UserName) {
        user = "";
    }
    else {
        const char* UserName = (const char*)(Marshal::StringToCoTaskMemAnsi(log->UserName)).ToPointer();
        user = UserName;
    }

    //判断计算机名是否为空
    if (!log->MachineName) {
        machine = "";
    }
    else {
        const char* MachineName = (const char*)(Marshal::StringToCoTaskMemAnsi(log->MachineName)).ToPointer();
        machine = MachineName;
    }

    //判断任务类别是否为空
    if (!log->CategoryNumber.ToString()) {
        cat = "";
    }
    else {
        const char* Category = (const char*)(Marshal::StringToCoTaskMemAnsi(log->CategoryNumber.ToString())).ToPointer();
        cat = Category;
    }

    //判断内容是否为空
    if (!log->Message) {
        msg = "";
    }
    else {
        const char* Message = (const char*)(Marshal::StringToCoTaskMemAnsi(log->Message)).ToPointer();
        msg = Message;
    }

    //判断事件ID是否为空
    if (!log->EventID) {
        id = NULL;
    }
    else {
        id = log->EventID;
    }

    StringBuffer buffer;
    Writer<StringBuffer> Log(buffer);
    Log.StartObject();
    Log.Key("EntryType");
    Log.String(type.c_str());
    Log.Key("TimeWritten");
    Log.String(time.c_str());
    Log.Key("Source");
    Log.String(sou.c_str());
    Log.Key("EventID");
    Log.Int(id);
    Log.String("Category");
    Log.Key(cat.c_str());
    Log.String("UserName");
    Log.Key(user.c_str());
    Log.String("MachineName");
    Log.Key(machine.c_str());
    Log.String("Message");
    Log.Key(msg.c_str());
    Log.EndObject();
    string LogData = buffer.GetString();
    client(LogData.c_str());
}

在运行此程序时如果系统日志的属性设置为按需要覆盖事件(旧事件优先),如下图:
图片说明
一旦日志很多,在运行analysis1函数查找内容时,会出现数值越界的问题,如下图:
图片说明
原因是按需覆盖是删一条加一条,在执行analysis1函数查找内容的时候,日志突然发生覆盖事件,而且是一大片删除旧日志,导致这个时候的下标改变了(感觉运行速率太好了也不行),使得程序崩溃
有什么好的解决办法吗?崩溃重置程序的话也可以

c++

2个回答

c++ 和 c# 混编啊,有点麻烦, 你这种情况要么考虑加锁
或者你要不要参考下c++的读取?
也是以前有人问过读取日志我回答的
https://ask.csdn.net/questions/752009

d2262272d
潇潇-易水 回复a513155803: 还没弄好嗦,你要不先把日志文件copy到bak目录下 然后再去解析,或者监视日志文件是否被修改
7 个月之前 回复
a513155803
a513155803 嗯嗯,这样可以把内容全部读取出来,就改成混合模式了
7 个月之前 回复
d2262272d
潇潇-易水 回复a513155803: 嘿,还真是你,没注意看提问人呢,怎么?现在的要求又改成混合开发的方式了?
7 个月之前 回复
a513155803
a513155803 没错,上次问的也是我,然后那个项目就被封存了,现在才重新开发
8 个月之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问