[python-win32] win32evtlog - Event Log parsing issue

Mark Hammond skippy.hammond at gmail.com
Fri May 4 01:35:26 CEST 2012 

I'm afraid I'm not familiar with that API, but the crash is because 
EvtOpenLog is returning a handle with a value of 1 and ReadEventLog is 
crashing with that handle.  A quick google doesn't find anyone trying to 
use ReadEventLog with a handle returned by EvtOpenLog but instead uses 
EvtGetLogInfo.

Roger Upole added support for these functions so hopefully he is reading 
this and has more experience with the API (and the fact they aren't in 
the generated docs should indeed be treated as a bug!)

Mark

On 4/05/2012 1:42 AM, Tim Keeler wrote:
> Hello,
>
> I'm having a problem with win32evtlog and reading events from an event
> log channel on Windows Server 2008 R2. I'm using the following code and
> get the following error (python.exe APPCRASH no exceptions):
>
>     #!/usr/bin/python
>
>     # Windows Event Log Viewer
>     import win32evtlog # requires pywin32 pre-installed
>
>     hand = win32evtlog.EvtOpenLog('ForwardedEvents',1,None)
>     flags =
>     win32evtlog.EVENTLOG_BACKWARDS_READ|win32evtlog.EVENTLOG_SEQUENTIAL_READ
>
>     *events = win32evtlog.ReadEventLog(hand, flags, 0)*
>
>
> The last line calling ReadEventLog() is what causes the crash. I had to
> read through the source code to find the function EvtOpenLog() for
> channel support, this isn't in the latest documentation. So I'm not sure
> if this is still experimental or not.
>
> Any help or guidance would be greatly appreciated. I'm using Python 2.7.3
>
>     Problem signature:
>        Problem Event Name:APPCRASH
>        Application Name:python.exe
>        Application Version:0.0.0.0
>        Application Timestamp:4f84a6c8
>        Fault Module Name:ADVAPI32.dll
>        Fault Module Version:6.1.7600.16385
>        Fault Module Timestamp:4a5bd97e
>        Exception Code:c0000005
>        Exception Offset:00019347
>        OS Version:6.1.7600.2.0.0.274.10
>        Locale ID:1033
>        Additional Information 1:0a9e
>        Additional Information 2:0a9e372d3b4ad19135b953a78882e789
>        Additional Information 3:0a9e
>        Additional Information 4:0a9e372d3b4ad19135b953a78882e789
>
>     Read our privacy statement online:
>     http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
>
>     If the online privacy statement is not available, please read our
>     privacy statement offline:
>        C:\Windows\system32\en-US\erofflps.txt
>
>
>
>
> _______________________________________________
> python-win32 mailing list
> python-win32 at python.org
> http://mail.python.org/mailman/listinfo/python-win32
>

More information about the python-win32 mailing list